August 2025 - Linux-stable-mirror

[PATCH 5.15.y] PCI: vmd: Assign VMD IRQ domain before enumeration

by Artur Piechocki

From: Nirmal Patel <nirmal.patel(a)linux.intel.com> [ Upstream commit 886e67100b904cb1b106ed1dfa8a60696aff519a ] During the boot process all the PCI devices are assigned default PCI-MSI IRQ domain including VMD endpoint devices. If interrupt-remapping is enabled by IOMMU, the PCI devices except VMD get new INTEL-IR-MSI IRQ domain. And VMD is supposed to create and assign a separate VMD-MSI IRQ domain for its child devices in order to support MSI-X remapping capabilities. Now when MSI-X remapping in VMD is disabled in order to improve performance, VMD skips VMD-MSI IRQ domain assignment process to its child devices. Thus the devices behind VMD get default PCI-MSI IRQ domain instead of INTEL-IR-MSI IRQ domain when VMD creates root bus and configures child devices. As a result host OS fails to boot and DMAR errors were observed when interrupt remapping was enabled on Intel Icelake CPUs. For instance: DMAR: DRHD: handling fault status reg 2 DMAR: [INTR-REMAP] Request device [0xe2:0x00.0] fault index 0xa00 [fault reason 0x25] Blocked a compatibility format interrupt request To fix this issue, dev_msi_info struct in dev struct maintains correct value of IRQ domain. VMD will use this information to assign proper IRQ domain to its child devices when it doesn't create a separate IRQ domain. Link: https://lore.kernel.org/r/20220511095707.25403-2-nirmal.patel@linux.intel.c… Signed-off-by: Nirmal Patel <nirmal.patel(a)linux.intel.com> Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> (cherry picked from commit 886e67100b904cb1b106ed1dfa8a60696aff519a) [ This patch has already been backported to the Ubuntu 5.15 kernel and fixes boot issues on Intel platforms with VMD rev 04, confirmed on version 5.15.189. ] Signed-off-by: Artur Piechocki <artur.piechocki(a)open-e.com> --- drivers/pci/controller/vmd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/controller/vmd.c b/drivers/pci/controller/vmd.c index 846590706a38..d0d18e9c6968 100644 --- a/drivers/pci/controller/vmd.c +++ b/drivers/pci/controller/vmd.c @@ -799,6 +799,9 @@ static int vmd_enable_domain(struct vmd_dev *vmd, unsigned long features) vmd_attach_resources(vmd); if (vmd->irq_domain) dev_set_msi_domain(&vmd->bus->dev, vmd->irq_domain); + else + dev_set_msi_domain(&vmd->bus->dev, + dev_get_msi_domain(&vmd->dev->dev)); WARN(sysfs_create_link(&vmd->dev->dev.kobj, &vmd->bus->dev.kobj, "domain"), "Can't create symlink to domain\n"); -- 2.50.1

1 day, 1 hour

1
0
0 0

[PATCH 6.12] Drivers: hv: Make the sysfs node size for the ring buffer dynamic

by Naman Jain

The ring buffer size varies across VMBus channels. The size of sysfs node for the ring buffer is currently hardcoded to 4 MB. Userspace clients either use fstat() or hardcode this size for doing mmap(). To address this, make the sysfs node size dynamic to reflect the actual ring buffer size for each channel. This will ensure that fstat() on ring sysfs node always returns the correct size of ring buffer. This is a backport of the upstream commit 65995e97a1ca ("Drivers: hv: Make the sysfs node size for the ring buffer dynamic") with modifications, as the original patch has missing dependencies on kernel v6.12.x. The structure "struct attribute_group" does not have bin_size field in v6.12.x kernel so the logic of configuring size of sysfs node for ring buffer has been moved to vmbus_chan_bin_attr_is_visible(). Original change was not a fix, but it needs to be backported to fix size related discrepancy caused by the commit mentioned in Fixes tag. Fixes: bf1299797c3c ("uio_hv_generic: Align ring size to system page") Cc: <stable(a)vger.kernel.org> # 6.12.x Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> --- This change won't apply on older kernels currently due to missing dependencies. I will take care of them after this goes in. I did not retain any Reviewed-by or Tested-by tags, since the code has changed completely, while the functionality remains same. Requesting Michael, Dexuan, Wei to please review again. --- drivers/hv/vmbus_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 1f519e925f06..616e63fb2f15 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1810,7 +1810,6 @@ static struct bin_attribute chan_attr_ring_buffer = { .name = "ring", .mode = 0600, }, - .size = 2 * SZ_2M, .mmap = hv_mmap_ring_buffer_wrapper, }; static struct attribute *vmbus_chan_attrs[] = { @@ -1866,6 +1865,7 @@ static umode_t vmbus_chan_bin_attr_is_visible(struct kobject *kobj, /* Hide ring attribute if channel's ring_sysfs_visible is set to false */ if (attr == &chan_attr_ring_buffer && !channel->ring_sysfs_visible) return 0; + attr->size = channel->ringbuffer_pagecount << PAGE_SHIFT; return attr->attr.mode; } -- 2.34.1

1 day, 1 hour

3
5
0 0

[PATCH] HID: asus: fix UAF via HID_CLAIMED_INPUT validation

by Qasim Ijaz

After hid_hw_start() is called hidinput_connect() will eventually be called to set up the device with the input layer since the HID_CONNECT_DEFAULT connect mask is used. During hidinput_connect() all input and output reports are processed and corresponding hid_inputs are allocated and configured via hidinput_configure_usages(). This process involves slot tagging report fields and configuring usages by setting relevant bits in the capability bitmaps. However it is possible that the capability bitmaps are not set at all leading to the subsequent hidinput_has_been_populated() check to fail leading to the freeing of the hid_input and the underlying input device. This becomes problematic because a malicious HID device like a ASUS ROG N-Key keyboard can trigger the above scenario via a specially crafted descriptor which then leads to a user-after-free when the name of the freed input device is written to later on after hid_hw_start(). Below, report 93 intentionally utilises the HID_UP_UNDEFINED Usage Page which is skipped during usage configuration, leading to the frees. 0x05, 0x0D, // Usage Page (Digitizer) 0x09, 0x05, // Usage (Touch Pad) 0xA1, 0x01, // Collection (Application) 0x85, 0x0D, // Report ID (13) 0x06, 0x00, 0xFF, // Usage Page (Vendor Defined 0xFF00) 0x09, 0xC5, // Usage (0xC5) 0x15, 0x00, // Logical Minimum (0) 0x26, 0xFF, 0x00, // Logical Maximum (255) 0x75, 0x08, // Report Size (8) 0x95, 0x04, // Report Count (4) 0xB1, 0x02, // Feature (Data,Var,Abs) 0x85, 0x5D, // Report ID (93) 0x06, 0x00, 0x00, // Usage Page (Undefined) 0x09, 0x01, // Usage (0x01) 0x15, 0x00, // Logical Minimum (0) 0x26, 0xFF, 0x00, // Logical Maximum (255) 0x75, 0x08, // Report Size (8) 0x95, 0x1B, // Report Count (27) 0x81, 0x02, // Input (Data,Var,Abs) 0xC0, // End Collection Below is the KASAN splat after triggering the UAF: [ 21.672709] ================================================================== [ 21.673700] BUG: KASAN: slab-use-after-free in asus_probe+0xeeb/0xf80 [ 21.673700] Write of size 8 at addr ffff88810a0ac000 by task kworker/1:2/54 [ 21.673700] [ 21.673700] CPU: 1 UID: 0 PID: 54 Comm: kworker/1:2 Not tainted 6.16.0-rc4-g9773391cf4dd-dirty #36 PREEMPT(voluntary) [ 21.673700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 21.673700] Call Trace: [ 21.673700] <TASK> [ 21.673700] dump_stack_lvl+0x5f/0x80 [ 21.673700] print_report+0xd1/0x660 [ 21.673700] kasan_report+0xe5/0x120 [ 21.673700] __asan_report_store8_noabort+0x1b/0x30 [ 21.673700] asus_probe+0xeeb/0xf80 [ 21.673700] hid_device_probe+0x2ee/0x700 [ 21.673700] really_probe+0x1c6/0x6b0 [ 21.673700] __driver_probe_device+0x24f/0x310 [ 21.673700] driver_probe_device+0x4e/0x220 [...] [ 21.673700] [ 21.673700] Allocated by task 54: [ 21.673700] kasan_save_stack+0x3d/0x60 [ 21.673700] kasan_save_track+0x18/0x40 [ 21.673700] kasan_save_alloc_info+0x3b/0x50 [ 21.673700] __kasan_kmalloc+0x9c/0xa0 [ 21.673700] __kmalloc_cache_noprof+0x139/0x340 [ 21.673700] input_allocate_device+0x44/0x370 [ 21.673700] hidinput_connect+0xcb6/0x2630 [ 21.673700] hid_connect+0xf74/0x1d60 [ 21.673700] hid_hw_start+0x8c/0x110 [ 21.673700] asus_probe+0x5a3/0xf80 [ 21.673700] hid_device_probe+0x2ee/0x700 [ 21.673700] really_probe+0x1c6/0x6b0 [ 21.673700] __driver_probe_device+0x24f/0x310 [ 21.673700] driver_probe_device+0x4e/0x220 [...] [ 21.673700] [ 21.673700] Freed by task 54: [ 21.673700] kasan_save_stack+0x3d/0x60 [ 21.673700] kasan_save_track+0x18/0x40 [ 21.673700] kasan_save_free_info+0x3f/0x60 [ 21.673700] __kasan_slab_free+0x3c/0x50 [ 21.673700] kfree+0xcf/0x350 [ 21.673700] input_dev_release+0xab/0xd0 [ 21.673700] device_release+0x9f/0x220 [ 21.673700] kobject_put+0x12b/0x220 [ 21.673700] put_device+0x12/0x20 [ 21.673700] input_free_device+0x4c/0xb0 [ 21.673700] hidinput_connect+0x1862/0x2630 [ 21.673700] hid_connect+0xf74/0x1d60 [ 21.673700] hid_hw_start+0x8c/0x110 [ 21.673700] asus_probe+0x5a3/0xf80 [ 21.673700] hid_device_probe+0x2ee/0x700 [ 21.673700] really_probe+0x1c6/0x6b0 [ 21.673700] __driver_probe_device+0x24f/0x310 [ 21.673700] driver_probe_device+0x4e/0x220 [...] Fixes: 9ce12d8be12c ("HID: asus: Add i2c touchpad support") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/hid/hid-asus.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c index 4b45e31f0bab..9bce9c84ab20 100644 --- a/drivers/hid/hid-asus.c +++ b/drivers/hid/hid-asus.c @@ -1212,8 +1212,14 @@ static int asus_probe(struct hid_device *hdev, const struct hid_device_id *id) hid_err(hdev, "Asus hw start failed: %d\n", ret); return ret; } - - if (!drvdata->input) { + + /* + * Check that input registration succeeded. Checking that + * HID_CLAIMED_INPUT is set prevents a UAF when all input devices + * were freed during registration due to no usages being mapped, + * leaving drvdata->input pointing to freed memory. + */ + if (!drvdata->input || !(hdev->claimed & HID_CLAIMED_INPUT)) { hid_err(hdev, "Asus input not registered\n"); ret = -ENOMEM; goto err_stop_hw; -- 2.39.5

1 day, 3 hours

1
0
0 0

[PATCH v2 RESEND] HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()

by Qasim Ijaz

A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_report_fixup() attempts to patch byte offset 607 of the descriptor with 0x25 by first checking if byte offset 607 is 0x15 however it lacks bounds checks to verify if the descriptor is big enough before conducting this check. Fix this bug by ensuring the descriptor size is at least 608 bytes before accessing it. Below is the KASAN splat after the out of bounds access happens: [ 13.671954] ================================================================== [ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110 [ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10 [ 13.673297] [ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3 [ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04 [ 13.673297] Call Trace: [ 13.673297] <TASK> [ 13.673297] dump_stack_lvl+0x5f/0x80 [ 13.673297] print_report+0xd1/0x660 [ 13.673297] kasan_report+0xe5/0x120 [ 13.673297] __asan_report_load1_noabort+0x18/0x20 [ 13.673297] mt_report_fixup+0x103/0x110 [ 13.673297] hid_open_report+0x1ef/0x810 [ 13.673297] mt_probe+0x422/0x960 [ 13.673297] hid_device_probe+0x2e2/0x6f0 [ 13.673297] really_probe+0x1c6/0x6b0 [ 13.673297] __driver_probe_device+0x24f/0x310 [ 13.673297] driver_probe_device+0x4e/0x220 [ 13.673297] __device_attach_driver+0x169/0x320 [ 13.673297] bus_for_each_drv+0x11d/0x1b0 [ 13.673297] __device_attach+0x1b8/0x3e0 [ 13.673297] device_initial_probe+0x12/0x20 [ 13.673297] bus_probe_device+0x13d/0x180 [ 13.673297] device_add+0xe3a/0x1670 [ 13.673297] hid_add_device+0x31d/0xa40 [...] Fixes: c8000deb6836 ("HID: multitouch: Add support for GT7868Q") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> Reviewed-by: Jiri Slaby <jirislaby(a)kernel.org> --- v2: - Simplify fix with a if-size check after discussion with Jiri Slaby - Change explanation of bug to reflect inclusion of a if-size check drivers/hid/hid-multitouch.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 294516a8f541..22c6314a8843 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -1503,6 +1503,14 @@ static const __u8 *mt_report_fixup(struct hid_device *hdev, __u8 *rdesc, if (hdev->vendor == I2C_VENDOR_ID_GOODIX && (hdev->product == I2C_DEVICE_ID_GOODIX_01E8 || hdev->product == I2C_DEVICE_ID_GOODIX_01E9)) { + if (*size < 608) { + dev_info( + &hdev->dev, + "GT7868Q fixup: report descriptor is only %u bytes, skipping\n", + *size); + return rdesc; + } + if (rdesc[607] == 0x15) { rdesc[607] = 0x25; dev_info( -- 2.39.5

1 day, 3 hours

1
0
0 0

Linux 6.15.9

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.9 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Kconfig | 2 arch/arm/Makefile | 2 arch/arm64/include/asm/assembler.h | 5 arch/arm64/kernel/entry.S | 6 arch/x86/hyperv/irqdomain.c | 4 arch/x86/include/asm/debugreg.h | 19 - arch/x86/include/asm/kvm_host.h | 2 arch/x86/kernel/cpu/common.c | 2 arch/x86/kernel/kgdb.c | 2 arch/x86/kernel/process_32.c | 2 arch/x86/kernel/process_64.c | 2 arch/x86/kvm/x86.c | 4 drivers/base/regmap/regmap.c | 2 drivers/bus/fsl-mc/fsl-mc-bus.c | 19 - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 44 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.h | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 17 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/drm_buddy.c | 43 ++ drivers/gpu/drm/drm_gem_dma_helper.c | 2 drivers/gpu/drm/drm_gem_framebuffer_helper.c | 8 drivers/gpu/drm/drm_gem_shmem_helper.c | 10 drivers/gpu/drm/drm_prime.c | 8 drivers/gpu/drm/i915/display/intel_dp.c | 6 drivers/gpu/drm/scheduler/sched_entity.c | 21 - drivers/gpu/drm/xe/xe_lrc.c | 37 +- drivers/gpu/drm/xe/xe_lrc_types.h | 3 drivers/i2c/busses/i2c-qup.c | 4 drivers/i2c/busses/i2c-tegra.c | 24 - drivers/i2c/busses/i2c-virtio.c | 15 drivers/iio/adc/ad7949.c | 7 drivers/iio/industrialio-core.c | 5 drivers/infiniband/core/cache.c | 4 drivers/interconnect/icc-clk.c | 2 drivers/interconnect/qcom/sc7280.c | 1 drivers/net/can/dev/dev.c | 12 drivers/net/can/dev/netlink.c | 12 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 15 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 15 drivers/net/ethernet/google/gve/gve_main.c | 67 ++-- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 31 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 36 +- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 6 drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 drivers/net/ethernet/intel/e1000e/nvm.c | 6 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 6 drivers/net/ethernet/intel/ice/ice_ddp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 108 +++--- drivers/net/ethernet/ti/icssg/icssg_config.c | 158 ++++++---- drivers/net/ethernet/ti/icssg/icssg_config.h | 80 ++++- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 20 - drivers/net/ethernet/ti/icssg/icssg_prueth.h | 2 drivers/net/ethernet/ti/icssg/icssg_switch_map.h | 3 drivers/net/virtio_net.c | 6 drivers/pci/probe.c | 7 drivers/platform/mellanox/mlxbf-pmc.c | 25 + drivers/platform/x86/Makefile | 3 drivers/platform/x86/asus-nb-wmi.c | 9 drivers/platform/x86/dell/alienware-wmi-wmax.c | 1 drivers/platform/x86/ideapad-laptop.c | 4 drivers/regulator/core.c | 1 drivers/s390/net/ism_drv.c | 3 drivers/spi/spi-cadence-quadspi.c | 5 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 3 drivers/usb/typec/tcpm/tcpm.c | 64 ++-- drivers/virtio/virtio_ring.c | 8 fs/nilfs2/inode.c | 9 include/drm/drm_buddy.h | 2 include/linux/ism.h | 1 include/linux/sprintf.h | 1 include/net/xfrm.h | 2 kernel/bpf/verifier.c | 7 kernel/resource.c | 5 kernel/time/timekeeping.c | 2 mm/kasan/report.c | 4 mm/ksm.c | 6 mm/memory-failure.c | 4 mm/vmscan.c | 8 mm/zsmalloc.c | 3 net/appletalk/aarp.c | 24 + net/ipv4/xfrm4_input.c | 3 net/ipv6/xfrm6_input.c | 3 net/sched/sch_qfq.c | 7 net/xfrm/xfrm_device.c | 1 net/xfrm/xfrm_interface_core.c | 7 net/xfrm/xfrm_ipcomp.c | 2 net/xfrm/xfrm_state.c | 29 - net/xfrm/xfrm_user.c | 1 sound/pci/hda/hda_tegra.c | 51 ++- sound/pci/hda/patch_hdmi.c | 20 + sound/pci/hda/patch_realtek.c | 4 sound/soc/mediatek/common/mtk-soundcard-driver.c | 4 sound/soc/mediatek/mt8365/mt8365-dai-i2s.c | 3 tools/hv/hv_fcopy_uio_daemon.c | 37 -- tools/testing/selftests/bpf/progs/verifier_precision.c | 53 +++ tools/testing/selftests/drivers/net/lib/py/load.py | 23 + tools/testing/selftests/mm/split_huge_page_test.c | 3 tools/testing/selftests/net/mptcp/Makefile | 3 tools/testing/selftests/net/mptcp/mptcp_connect_checksum.sh | 5 tools/testing/selftests/net/mptcp/mptcp_connect_mmap.sh | 5 tools/testing/selftests/net/mptcp/mptcp_connect_sendfile.sh | 5 109 files changed, 996 insertions(+), 450 deletions(-) Abdun Nihaal (1): regmap: fix potential memory leak of regmap_bus Ada Couprie Diaz (1): arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() Akhil R (1): i2c: tegra: Fix reset error handling with ACPI Akinobu Mita (1): resource: fix false warning in __request_region() Alessandro Carminati (1): regulator: core: fix NULL dereference on unbind due to stale coupling data Arunpravin Paneer Selvam (1): drm/amdgpu: Reset the clear flag in buddy during resume Chiara Meiohas (1): net/mlx5: Fix memory leak in cmd_exec() Daniel Dadap (1): ALSA: hda: Add missing NVIDIA HDA codec IDs David Lechner (1): iio: adc: ad7949: use spi_is_bpw_supported() Dawid Rezler (1): ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx Dennis Chen (1): i40e: report VF tx_dropped with tx_errors instead of tx_discards Dmitry Osipenko (1): drm/shmem-helper: Remove obsoleted is_iomem test Douglas Anderson (1): drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() Edip Hazuri (1): ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx Eyal Birger (1): xfrm: interface: fix use-after-free after changing collect_md xfrm interface Fernando Fernandez Mancera (1): xfrm: ipcomp: adjust transport header after decompressing Gabor Juhos (1): interconnect: icc-clk: destroy nodes in case of memory allocation failures Greg Kroah-Hartman (1): Linux 6.15.9 Guoqing Jiang (1): ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Halil Pasic (1): s390/ism: fix concurrency management in ism_cmd() Haoxiang Li (1): ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Harry Yoo (1): mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Himanshu Mittal (1): net: ti: icssg-prueth: Fix buffer allocation for ICSSG Jacek Kowalski (2): e1000e: disregard NVM checksum on tgp when valid checksum bit is not set e1000e: ignore uninitialized checksum word on tgp Jamie Bainbridge (1): i40e: When removing VF MAC filters, only check PF-set MAC Jesse Zhang (1): drm/amdgpu: Fix SDMA engine reset with logical instance ID Jesse.zhang(a)amd.com (2): drm/amdgpu: Add the new sdma function pointers for amdgpu_sdma.h drm/amdgpu: Implement SDMA soft reset directly for v5.x Jian Shen (2): net: hns3: fix concurrent setting vlan filter issue net: hns3: fixed vf get max channels bug Jijie Shao (1): net: hns3: default enable tx bounce buffer when smmu enabled Jinjiang Tu (1): mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list Johan Hovold (1): ASoC: mediatek: common: fix device and OF node leak Khairul Anuar Romli (1): spi: cadence-quadspi: fix cleanup of rx_chan on failure paths Kito Xu (veritas501) (1): net: appletalk: Fix use-after-free in AARP proxy probe Kurt Borja (1): platform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array Laurent Vivier (2): virtio_net: Enforce minimum TX ring size for reliability virtio_ring: Fix error reporting in virtqueue_resize Leon Romanovsky (1): xfrm: always initialize offload path Lin.Cao (1): drm/sched: Remove optimization that causes hang when killing dependent jobs Ma Ke (3): bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() dpaa2-eth: Fix device reference count leak in MAC endpoint handling dpaa2-switch: Fix device reference count leak in MAC endpoint handling Manivannan Sadhasivam (1): PCI/pwrctrl: Create pwrctrl devices only when CONFIG_PCI_PWRCTRL is enabled Maor Gottlieb (1): RDMA/core: Rate limit GID cache warning messages Marc Kleine-Budde (1): can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Marco Elver (1): kasan: use vmalloc_dump_obj() for vmalloc error reports Mario Limonciello (1): drm/amd/display: Don't allow OLED to go down to fully off Markus Blöchl (1): timekeeping: Zero initialize system_counterval when querying time from phc drivers Markus Burri (1): iio: fix potential out-of-bound write Matthew Brost (1): drm/xe: Make WA BB part of LRC BO Matthieu Baerts (NGI0) (2): selftests: mptcp: connect: also cover alt modes selftests: mptcp: connect: also cover checksum Michael Grzeschik (2): usb: typec: tcpm: allow to use sink in accessory mode usb: typec: tcpm: allow switching to mode accessory to mux properly Mohan Kumar D (1): ALSA: hda/tegra: Add Tegra264 support Nathan Chancellor (3): mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS ARM: 9450/1: Fix allowing linker DCE with binutils < 2.36 Nimrod Oren (1): selftests: drv-net: wait for iperf client to stop sending Nuno Das Neves (1): x86/hyperv: Fix usage of cpu_online_mask to get valid cpu Praveen Kaligineedi (1): gve: Fix stuck TX queue for DQ queue format RD Babiera (1): usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach Rahul Chandra (1): platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA Rong Zhang (2): platform/x86: ideapad-laptop: Fix FnLock not remembered among boots platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots Ryusuke Konishi (1): nilfs2: reject invalid file types when reading inodes SHARAN KUMAR M (1): ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop Sabrina Dubroca (2): xfrm: state: initialize state_ptrs earlier in xfrm_state_find xfrm: state: use a consistent pcpu_id in xfrm_state_find Shahar Shitrit (1): net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch Shravan Kumar Ramani (3): platform/mellanox: mlxbf-pmc: Remove newline char from event name input platform/mellanox: mlxbf-pmc: Validate event/enable input platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input Stefan Wahren (1): staging: vchiq_arm: Make vchiq_shutdown never fail Stephen Rothwell (1): sprintf.h requires stdarg.h Thomas Zimmermann (4): Revert "drm/prime: Use dma_buf from GEM object instance" Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" Revert "drm/gem-dma: Use dma_buf from GEM object instance" Revert "drm/gem-shmem: Use dma_buf from GEM object instance" Tobias Brunner (1): xfrm: Set transport header to fix UDP GRO handling Torsten Hilbrich (1): platform/x86: Fix initialization order for firmware_attributes_class Ville Syrjälä (1): drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x Viresh Kumar (1): i2c: virtio: Avoid hang by using interruptible completion wait Xiang Mei (1): net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xilin Wu (1): interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node Xin Li (Intel) (1): x86/traps: Initialize DR7 by writing its architectural reset value Yang Xiwen (1): i2c: qup: jump out of the loop in case of timeout Yasumasa Suenaga (1): tools/hv: fcopy: Fix incorrect file path conversion Yonghong Song (1): selftests/bpf: Add tests with stack ptr register in conditional jmp Yonglong Liu (1): net: hns3: disable interrupt when ptp init failed Zi Yan (1): selftests/mm: fix split_huge_page_test for folio_split() tests

1 day, 3 hours

1
1
0 0

Linux 6.12.41

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.41 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .clippy.toml | 2 Makefile | 2 arch/arm/Kconfig | 2 arch/arm/Makefile | 2 arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 2 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 4 arch/arm64/include/asm/assembler.h | 5 arch/arm64/kernel/entry.S | 6 arch/powerpc/crypto/Kconfig | 1 arch/x86/hyperv/hv_init.c | 33 arch/x86/hyperv/hv_vtl.c | 44 arch/x86/hyperv/irqdomain.c | 4 arch/x86/hyperv/ivm.c | 22 arch/x86/include/asm/debugreg.h | 19 arch/x86/include/asm/kvm_host.h | 2 arch/x86/include/asm/mshyperv.h | 6 arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/common.c | 2 arch/x86/kernel/kgdb.c | 2 arch/x86/kernel/process_32.c | 2 arch/x86/kernel/process_64.c | 2 arch/x86/kvm/cpuid.h | 1 arch/x86/kvm/emulate.c | 15 arch/x86/kvm/hyperv.c | 3 arch/x86/kvm/kvm_emulate.h | 5 arch/x86/kvm/mmu.h | 1 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/mtrr.c | 1 arch/x86/kvm/vmx/hyperv.c | 1 arch/x86/kvm/vmx/nested.c | 24 arch/x86/kvm/vmx/pmu_intel.c | 2 arch/x86/kvm/vmx/sgx.c | 5 arch/x86/kvm/vmx/vmx.c | 4 arch/x86/kvm/x86.c | 19 arch/x86/kvm/x86.h | 48 drivers/base/regmap/regmap.c | 2 drivers/bus/fsl-mc/fsl-mc-bus.c | 19 drivers/comedi/drivers/comedi_test.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 17 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/drm_buddy.c | 43 drivers/gpu/drm/i915/display/intel_dp.c | 6 drivers/gpu/drm/scheduler/sched_entity.c | 21 drivers/gpu/drm/xe/tests/xe_mocs.c | 21 drivers/gpu/drm/xe/xe_devcoredump.c | 14 drivers/gpu/drm/xe/xe_force_wake.h | 16 drivers/gpu/drm/xe/xe_gt.c | 105 -- drivers/hv/vmbus_drv.c | 2 drivers/i2c/busses/i2c-qup.c | 4 drivers/i2c/busses/i2c-tegra.c | 24 drivers/i2c/busses/i2c-virtio.c | 15 drivers/iio/adc/ad7949.c | 7 drivers/iio/light/hid-sensor-prox.c | 8 drivers/infiniband/core/cache.c | 4 drivers/input/keyboard/gpio_keys.c | 4 drivers/interconnect/qcom/sc7280.c | 1 drivers/mtd/nand/raw/qcom_nandc.c | 12 drivers/net/can/dev/dev.c | 12 drivers/net/can/dev/netlink.c | 12 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 15 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 15 drivers/net/ethernet/google/gve/gve_main.c | 67 - drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 31 drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 36 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 6 drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 drivers/net/ethernet/intel/e1000e/nvm.c | 6 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 6 drivers/net/ethernet/intel/ice/ice_ddp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 108 +- drivers/net/ethernet/ti/icssg/icssg_config.c | 158 ++- drivers/net/ethernet/ti/icssg/icssg_config.h | 80 + drivers/net/ethernet/ti/icssg/icssg_prueth.c | 20 drivers/net/ethernet/ti/icssg/icssg_prueth.h | 2 drivers/net/ethernet/ti/icssg/icssg_switch_map.h | 3 drivers/net/virtio_net.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/main.c | 76 - drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 106 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 2 drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 drivers/platform/mellanox/mlxbf-pmc.c | 25 drivers/platform/x86/Makefile | 3 drivers/platform/x86/asus-nb-wmi.c | 9 drivers/platform/x86/ideapad-laptop.c | 4 drivers/regulator/core.c | 1 drivers/s390/net/ism_drv.c | 3 drivers/spi/spi-cadence-quadspi.c | 5 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 3 drivers/usb/typec/tcpm/tcpm.c | 64 - drivers/virtio/virtio_ring.c | 8 fs/erofs/internal.h | 13 fs/erofs/zdata.c | 2 fs/erofs/zmap.c | 246 +--- fs/ext4/ext4.h | 2 fs/ext4/extents.c | 518 +++------- fs/ext4/inode.c | 140 +- fs/jfs/jfs_imap.c | 13 fs/nilfs2/inode.c | 9 include/drm/drm_buddy.h | 2 include/linux/ism.h | 1 include/linux/sprintf.h | 1 kernel/bpf/verifier.c | 7 kernel/resource.c | 5 kernel/time/timekeeping.c | 2 mm/kasan/report.c | 4 mm/khugepaged.c | 4 mm/ksm.c | 6 mm/memory-failure.c | 4 mm/vmscan.c | 8 mm/zsmalloc.c | 3 net/appletalk/aarp.c | 24 net/ipv4/xfrm4_input.c | 3 net/ipv6/xfrm6_input.c | 3 net/sched/sch_qfq.c | 7 net/xfrm/xfrm_interface_core.c | 7 net/xfrm/xfrm_state.c | 23 sound/pci/hda/hda_tegra.c | 51 sound/pci/hda/patch_hdmi.c | 20 sound/pci/hda/patch_realtek.c | 4 sound/soc/mediatek/mt8365/mt8365-dai-i2s.c | 3 tools/hv/hv_fcopy_uio_daemon.c | 37 tools/testing/selftests/bpf/progs/verifier_precision.c | 53 + tools/testing/selftests/drivers/net/lib/py/load.py | 23 tools/testing/selftests/net/mptcp/Makefile | 3 tools/testing/selftests/net/mptcp/mptcp_connect_checksum.sh | 5 tools/testing/selftests/net/mptcp/mptcp_connect_mmap.sh | 5 tools/testing/selftests/net/mptcp/mptcp_connect_sendfile.sh | 5 133 files changed, 1608 insertions(+), 1223 deletions(-) Abdun Nihaal (1): regmap: fix potential memory leak of regmap_bus Ada Couprie Diaz (1): arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() Akhil R (1): i2c: tegra: Fix reset error handling with ACPI Akinobu Mita (1): resource: fix false warning in __request_region() Alessandro Carminati (1): regulator: core: fix NULL dereference on unbind due to stale coupling data Arunpravin Paneer Selvam (1): drm/amdgpu: Reset the clear flag in buddy during resume Chiara Meiohas (1): net/mlx5: Fix memory leak in cmd_exec() Daniel Dadap (1): ALSA: hda: Add missing NVIDIA HDA codec IDs David Lechner (1): iio: adc: ad7949: use spi_is_bpw_supported() Dawid Rezler (1): ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx Dennis Chen (1): i40e: report VF tx_dropped with tx_errors instead of tx_discards Dmitry Antipov (1): jfs: reject on-disk inodes of an unsupported type Douglas Anderson (1): drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() Edip Hazuri (1): ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx Eric Biggers (1): crypto: powerpc/poly1305 - add depends on BROKEN for now Eyal Birger (1): xfrm: interface: fix use-after-free after changing collect_md xfrm interface Fabrice Gasnier (1): Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT Gao Xiang (5): erofs: simplify z_erofs_load_compact_lcluster() erofs: refine z_erofs_get_extent_compressedlen() erofs: simplify tail inline pcluster handling erofs: clean up header parsing for ztailpacking and fragments erofs: fix large fragment handling Greg Kroah-Hartman (1): Linux 6.12.41 Guoqing Jiang (1): ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Halil Pasic (1): s390/ism: fix concurrency management in ism_cmd() Haoxiang Li (1): ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Harry Yoo (1): mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Himanshu Mittal (1): net: ti: icssg-prueth: Fix buffer allocation for ICSSG Hongzhen Luo (1): erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches Ian Abbott (1): comedi: comedi_test: Fix possible deletion of uninitialized timers Jacek Kowalski (2): e1000e: disregard NVM checksum on tgp when valid checksum bit is not set e1000e: ignore uninitialized checksum word on tgp Jamie Bainbridge (1): i40e: When removing VF MAC filters, only check PF-set MAC Jian Shen (2): net: hns3: fix concurrent setting vlan filter issue net: hns3: fixed vf get max channels bug Jijie Shao (1): net: hns3: default enable tx bounce buffer when smmu enabled Jinjiang Tu (1): mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list Johan Hovold (1): arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on Khairul Anuar Romli (1): spi: cadence-quadspi: fix cleanup of rx_chan on failure paths Kito Xu (veritas501) (1): net: appletalk: Fix use-after-free in AARP proxy probe Laurent Vivier (2): virtio_net: Enforce minimum TX ring size for reliability virtio_ring: Fix error reporting in virtqueue_resize Lin.Cao (1): drm/sched: Remove optimization that causes hang when killing dependent jobs Liu Shixin (1): mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma Ma Ke (3): bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() dpaa2-eth: Fix device reference count leak in MAC endpoint handling dpaa2-switch: Fix device reference count leak in MAC endpoint handling Manuel Andreas (1): KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush Maor Gottlieb (1): RDMA/core: Rate limit GID cache warning messages Marc Kleine-Budde (1): can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Marco Elver (1): kasan: use vmalloc_dump_obj() for vmalloc error reports Markus Blöchl (1): timekeeping: Zero initialize system_counterval when querying time from phc drivers Matthieu Baerts (NGI0) (2): selftests: mptcp: connect: also cover alt modes selftests: mptcp: connect: also cover checksum Maxim Levitsky (4): KVM: x86: drop x86.h include from cpuid.h KVM: x86: Route non-canonical checks in emulator through emulate_ops KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks KVM: x86: model canonical checks more precisely Md Sadre Alam (1): mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() Michael Grzeschik (2): usb: typec: tcpm: allow to use sink in accessory mode usb: typec: tcpm: allow switching to mode accessory to mux properly Michael Zhivich (1): x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() Miguel Ojeda (1): rust: give Clippy the minimum supported Rust version Ming Yen Hsieh (1): wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure Mohan Kumar D (1): ALSA: hda/tegra: Add Tegra264 support Naman Jain (1): Drivers: hv: Make the sysfs node size for the ring buffer dynamic Nathan Chancellor (3): mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() ARM: 9450/1: Fix allowing linker DCE with binutils < 2.36 ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Nimrod Oren (1): selftests: drv-net: wait for iperf client to stop sending Nuno Das Neves (1): x86/hyperv: Fix usage of cpu_online_mask to get valid cpu Praveen Kaligineedi (1): gve: Fix stuck TX queue for DQ queue format RD Babiera (1): usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach Rahul Chandra (1): platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA Roman Kisel (1): x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() Rong Zhang (2): platform/x86: ideapad-laptop: Fix FnLock not remembered among boots platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots Ryusuke Konishi (1): nilfs2: reject invalid file types when reading inodes SHARAN KUMAR M (1): ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop Sabrina Dubroca (2): xfrm: state: initialize state_ptrs earlier in xfrm_state_find xfrm: state: use a consistent pcpu_id in xfrm_state_find Sean Christopherson (1): KVM: x86: Free vCPUs before freeing VM state Sean Wang (1): Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" Shahar Shitrit (1): net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch Shravan Kumar Ramani (3): platform/mellanox: mlxbf-pmc: Remove newline char from event name input platform/mellanox: mlxbf-pmc: Validate event/enable input platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input Stefan Wahren (1): staging: vchiq_arm: Make vchiq_shutdown never fail Stephan Gerhold (1): arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage Stephen Rothwell (1): sprintf.h requires stdarg.h Tobias Brunner (1): xfrm: Set transport header to fix UDP GRO handling Tomita Moeko (4): Revert "drm/xe/gt: Update handling of xe_force_wake_get return" Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" Torsten Hilbrich (1): platform/x86: Fix initialization order for firmware_attributes_class Ville Syrjälä (1): drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x Viresh Kumar (1): i2c: virtio: Avoid hang by using interruptible completion wait Xiang Mei (1): net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xilin Wu (1): interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node Xin Li (Intel) (1): x86/traps: Initialize DR7 by writing its architectural reset value Yang Xiwen (1): i2c: qup: jump out of the loop in case of timeout Yasumasa Suenaga (1): tools/hv: fcopy: Fix incorrect file path conversion Yonghong Song (1): selftests/bpf: Add tests with stack ptr register in conditional jmp Yonglong Liu (1): net: hns3: disable interrupt when ptp init failed Zhang Lixu (2): iio: hid-sensor-prox: Restore lost scale assignments iio: hid-sensor-prox: Fix incorrect OFFSET calculation Zhang Yi (11): ext4: don't explicit update times in ext4_fallocate() ext4: refactor ext4_punch_hole() ext4: refactor ext4_zero_range() ext4: refactor ext4_collapse_range() ext4: refactor ext4_insert_range() ext4: factor out ext4_do_fallocate() ext4: move out inode_lock into ext4_fallocate() ext4: move out common parts into ext4_fallocate() ext4: fix incorrect punch max_end ext4: correct the error handle in ext4_fallocate() ext4: fix out of bounds punch offset

1 day, 3 hours

1
1
0 0

Linux 6.6.101

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.101 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/Makefile | 2 arch/arm64/include/asm/assembler.h | 5 arch/arm64/kernel/cpufeature.c | 1 arch/arm64/kernel/entry.S | 6 arch/powerpc/crypto/Kconfig | 1 arch/x86/events/intel/core.c | 2 arch/x86/hyperv/irqdomain.c | 4 arch/x86/kernel/cpu/amd.c | 2 drivers/base/regmap/regmap.c | 2 drivers/bus/fsl-mc/fsl-mc-bus.c | 19 - drivers/comedi/drivers/comedi_test.c | 2 drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c | 9 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 47 ++-- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 drivers/gpu/drm/i915/display/intel_dp.c | 6 drivers/gpu/drm/scheduler/sched_entity.c | 25 -- drivers/i2c/busses/i2c-qup.c | 4 drivers/i2c/busses/i2c-tegra.c | 24 -- drivers/i2c/busses/i2c-virtio.c | 15 - drivers/iio/adc/ad7949.c | 7 drivers/iio/light/hid-sensor-prox.c | 8 drivers/infiniband/core/cache.c | 4 drivers/input/keyboard/gpio_keys.c | 4 drivers/interconnect/qcom/sc7280.c | 1 drivers/mtd/nand/raw/qcom_nandc.c | 12 - drivers/net/can/dev/dev.c | 31 +- drivers/net/can/dev/netlink.c | 12 + drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 15 + drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 15 + drivers/net/ethernet/google/gve/gve_main.c | 67 +++--- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 31 ++ drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 36 +-- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 6 drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 drivers/net/ethernet/intel/e1000e/nvm.c | 6 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 drivers/net/ethernet/intel/i40e/i40e_main.c | 18 - drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 8 drivers/net/ethernet/intel/ice/ice_ddp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 108 +++++----- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 drivers/platform/x86/Makefile | 3 drivers/platform/x86/ideapad-laptop.c | 2 drivers/regulator/core.c | 1 drivers/s390/net/ism_drv.c | 3 drivers/spi/spi-cadence-quadspi.c | 5 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 3 drivers/usb/typec/tcpm/tcpm.c | 64 +++-- drivers/virtio/virtio_ring.c | 8 fs/erofs/decompressor.c | 6 fs/erofs/zdata.c | 32 +- fs/jfs/jfs_imap.c | 13 + fs/nilfs2/inode.c | 9 fs/smb/server/connection.c | 4 fs/smb/server/connection.h | 1 fs/smb/server/transport_rdma.c | 10 fs/smb/server/transport_tcp.c | 15 - fs/smb/server/transport_tcp.h | 1 include/linux/ism.h | 1 include/linux/sprintf.h | 1 kernel/resource.c | 5 mm/kasan/report.c | 4 mm/khugepaged.c | 4 mm/zsmalloc.c | 3 net/appletalk/aarp.c | 24 +- net/mptcp/options.c | 3 net/mptcp/pm.c | 8 net/mptcp/protocol.c | 58 ++++- net/mptcp/protocol.h | 27 +- net/mptcp/subflow.c | 30 +- net/sched/sch_qfq.c | 7 net/xfrm/xfrm_interface_core.c | 7 sound/pci/hda/hda_tegra.c | 51 ++++ sound/pci/hda/patch_hdmi.c | 20 + sound/pci/hda/patch_realtek.c | 1 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c | 73 ------ tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c | 7 tools/testing/selftests/net/mptcp/Makefile | 3 tools/testing/selftests/net/mptcp/mptcp_connect_checksum.sh | 5 tools/testing/selftests/net/mptcp/mptcp_connect_mmap.sh | 5 tools/testing/selftests/net/mptcp/mptcp_connect_sendfile.sh | 5 86 files changed, 680 insertions(+), 449 deletions(-) Abdun Nihaal (1): regmap: fix potential memory leak of regmap_bus Ada Couprie Diaz (1): arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() Akhil R (1): i2c: tegra: Fix reset error handling with ACPI Akinobu Mita (1): resource: fix false warning in __request_region() Alessandro Carminati (1): regulator: core: fix NULL dereference on unbind due to stale coupling data Chiara Meiohas (1): net/mlx5: Fix memory leak in cmd_exec() Daniel Dadap (1): ALSA: hda: Add missing NVIDIA HDA codec IDs David Lechner (1): iio: adc: ad7949: use spi_is_bpw_supported() Dawid Rezler (1): ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx Dennis Chen (1): i40e: report VF tx_dropped with tx_errors instead of tx_discards Deren Wu (1): wifi: mt76: mt7921: prevent decap offload config before STA initialization Dmitry Antipov (1): jfs: reject on-disk inodes of an unsupported type Douglas Anderson (1): drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() Eric Biggers (1): crypto: powerpc/poly1305 - add depends on BROKEN for now Eyal Birger (1): xfrm: interface: fix use-after-free after changing collect_md xfrm interface Fabrice Gasnier (1): Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT Gao Xiang (1): erofs: address D-cache aliasing Giovanni Cabiddu (1): crypto: qat - add shutdown handler to qat_dh895xcc Greg Kroah-Hartman (1): Linux 6.6.101 Halil Pasic (1): s390/ism: fix concurrency management in ism_cmd() Haoxiang Li (1): ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Harry Yoo (1): mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Ian Abbott (1): comedi: comedi_test: Fix possible deletion of uninitialized timers Jacek Kowalski (2): e1000e: disregard NVM checksum on tgp when valid checksum bit is not set e1000e: ignore uninitialized checksum word on tgp Jamie Bainbridge (1): i40e: When removing VF MAC filters, only check PF-set MAC Jian Shen (2): net: hns3: fix concurrent setting vlan filter issue net: hns3: fixed vf get max channels bug Jijie Shao (1): net: hns3: default enable tx bounce buffer when smmu enabled Kan Liang (1): perf/x86/intel: Fix crash in icl_update_topdown_event() Khairul Anuar Romli (1): spi: cadence-quadspi: fix cleanup of rx_chan on failure paths Kito Xu (veritas501) (1): net: appletalk: Fix use-after-free in AARP proxy probe Laurent Vivier (1): virtio_ring: Fix error reporting in virtqueue_resize Lin.Cao (1): drm/sched: Remove optimization that causes hang when killing dependent jobs Liu Shixin (1): mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma Ma Ke (3): bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() dpaa2-eth: Fix device reference count leak in MAC endpoint handling dpaa2-switch: Fix device reference count leak in MAC endpoint handling Maor Gottlieb (1): RDMA/core: Rate limit GID cache warning messages Marc Kleine-Budde (3): can: dev: can_restart(): reverse logic to remove need for goto can: dev: can_restart(): move debug message and stats after successful restart can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Marco Elver (1): kasan: use vmalloc_dump_obj() for vmalloc error reports Matthieu Baerts (NGI0) (2): selftests: mptcp: connect: also cover alt modes selftests: mptcp: connect: also cover checksum Md Sadre Alam (1): mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() Michael Grzeschik (2): usb: typec: tcpm: allow to use sink in accessory mode usb: typec: tcpm: allow switching to mode accessory to mux properly Michael Zhivich (1): x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() Mohan Kumar D (1): ALSA: hda/tegra: Add Tegra264 support Namjae Jeon (2): ksmbd: fix use-after-free in __smb2_lease_break_noti() ksmbd: add free_transport ops in ksmbd connection Nathan Chancellor (1): ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Nianyao Tang (1): arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 register Nuno Das Neves (1): x86/hyperv: Fix usage of cpu_online_mask to get valid cpu Paolo Abeni (3): mptcp: make fallback action and fallback decision atomic mptcp: plug races between subflow fail and subflow creation mptcp: reset fallback status gracefully at disconnect() time Philip Yang (1): drm/amdkfd: Don't call mmput from MMU notifier callback Praveen Kaligineedi (1): gve: Fix stuck TX queue for DQ queue format RD Babiera (1): usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach Rong Zhang (1): platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots Ryusuke Konishi (1): nilfs2: reject invalid file types when reading inodes Shahar Shitrit (1): net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch Shung-Hsi Yu (1): Revert "selftests/bpf: Add a cgroup prog bpf_get_ns_current_pid_tgid() test" Stefan Wahren (1): staging: vchiq_arm: Make vchiq_shutdown never fail Stephen Rothwell (1): sprintf.h requires stdarg.h Torsten Hilbrich (1): platform/x86: Fix initialization order for firmware_attributes_class Ville Syrjälä (1): drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x Viresh Kumar (1): i2c: virtio: Avoid hang by using interruptible completion wait Xiang Mei (1): net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xilin Wu (1): interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node Yajun Deng (1): i40e: Add rx_missed_errors for buffer exhaustion Yang Xiwen (1): i2c: qup: jump out of the loop in case of timeout Yonglong Liu (1): net: hns3: disable interrupt when ptp init failed Zhang Lixu (2): iio: hid-sensor-prox: Fix incorrect OFFSET calculation iio: hid-sensor-prox: Restore lost scale assignments

1 day, 3 hours

1
1
0 0

[PATCH v2] RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages

by Pedro Falcato

Ever since commit c2ff29e99a76 ("siw: Inline do_tcp_sendpages()"), we have been doing this: static int siw_tcp_sendpages(struct socket *s, struct page **page, int offset, size_t size) [...] /* Calculate the number of bytes we need to push, for this page * specifically */ size_t bytes = min_t(size_t, PAGE_SIZE - offset, size); /* If we can't splice it, then copy it in, as normal */ if (!sendpage_ok(page[i])) msg.msg_flags &= ~MSG_SPLICE_PAGES; /* Set the bvec pointing to the page, with len $bytes */ bvec_set_page(&bvec, page[i], bytes, offset); /* Set the iter to $size, aka the size of the whole sendpages (!!!) */ iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size); try_page_again: lock_sock(sk); /* Sendmsg with $size size (!!!) */ rv = tcp_sendmsg_locked(sk, &msg, size); This means we've been sending oversized iov_iters and tcp_sendmsg calls for a while. This has a been a benign bug because sendpage_ok() always returned true. With the recent slab allocator changes being slowly introduced into next (that disallow sendpage on large kmalloc allocations), we have recently hit out-of-bounds crashes, due to slight differences in iov_iter behavior between the MSG_SPLICE_PAGES and "regular" copy paths: (MSG_SPLICE_PAGES) skb_splice_from_iter iov_iter_extract_pages iov_iter_extract_bvec_pages uses i->nr_segs to correctly stop in its tracks before OoB'ing everywhere skb_splice_from_iter gets a "short" read (!MSG_SPLICE_PAGES) skb_copy_to_page_nocache copy=iov_iter_count [...] copy_from_iter /* this doesn't help */ if (unlikely(iter->count < len)) len = iter->count; iterate_bvec ... and we run off the bvecs Fix this by properly setting the iov_iter's byte count, plus sending the correct byte count to tcp_sendmsg_locked. Cc: stable(a)vger.kernel.org Fixes: c2ff29e99a76 ("siw: Inline do_tcp_sendpages()") Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202507220801.50a7210-lkp@intel.com Reviewed-by: David Howells <dhowells(a)redhat.com> Signed-off-by: Pedro Falcato <pfalcato(a)suse.de> --- v2: - Add David Howells's Rb on the original patch - Remove the offset increment, since it's dead code drivers/infiniband/sw/siw/siw_qp_tx.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/infiniband/sw/siw/siw_qp_tx.c b/drivers/infiniband/sw/siw/siw_qp_tx.c index 3a08f57d2211..f7dd32c6e5ba 100644 --- a/drivers/infiniband/sw/siw/siw_qp_tx.c +++ b/drivers/infiniband/sw/siw/siw_qp_tx.c @@ -340,18 +340,17 @@ static int siw_tcp_sendpages(struct socket *s, struct page **page, int offset, if (!sendpage_ok(page[i])) msg.msg_flags &= ~MSG_SPLICE_PAGES; bvec_set_page(&bvec, page[i], bytes, offset); - iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, size); + iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, &bvec, 1, bytes); try_page_again: lock_sock(sk); - rv = tcp_sendmsg_locked(sk, &msg, size); + rv = tcp_sendmsg_locked(sk, &msg, bytes); release_sock(sk); if (rv > 0) { size -= rv; sent += rv; if (rv != bytes) { - offset += rv; bytes -= rv; goto try_page_again; } -- 2.50.1

1 day, 4 hours

3
4
0 0

[PATCH v4] mm: slub: avoid deref of invalid free pointer in object_err()

by Li Qiong

For debugging, object_err() prints free pointer of the object. However, if object is a invalid pointer, dereferncing `object + s->offset` can lead to a crash. Therefore, add check_valid_pointer() for the object. Fixes: 81819f0fc828 ("SLUB core") Cc: <stable(a)vger.kernel.org> Signed-off-by: Li Qiong <liqiong(a)nfschina.com> --- v2: - rephrase the commit message, add comment for object_err(). v3: - check object pointer in object_err(). v4: - restore changes in alloc_consistency_checks(). --- mm/slub.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index 31e11ef256f9..17b91e74f7d9 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1104,7 +1104,11 @@ static void object_err(struct kmem_cache *s, struct slab *slab, return; slab_bug(s, reason); - print_trailer(s, slab, object); + if (!check_valid_pointer(s, slab, object)) { + print_slab_info(slab); + pr_err("invalid object 0x%p\n", object); + } else + print_trailer(s, slab, object); add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); WARN_ON(1); -- 2.30.2

1 day, 6 hours

1
0
0 0

[PATCH 6.15 00/92] 6.15.9-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.9 release. There are 92 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 01 Aug 2025 09:32:07 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.9-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.9-rc1 Daniel Dadap <ddadap(a)nvidia.com> ALSA: hda: Add missing NVIDIA HDA codec IDs Mohan Kumar D <mkumard(a)nvidia.com> ALSA: hda/tegra: Add Tegra264 support Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> spi: cadence-quadspi: fix cleanup of rx_chan on failure paths RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: tcpm: allow switching to mode accessory to mux properly Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: tcpm: allow to use sink in accessory mode Thomas Zimmermann <tzimmermann(a)suse.de> Revert "drm/gem-shmem: Use dma_buf from GEM object instance" Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/shmem-helper: Remove obsoleted is_iomem test Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix SDMA engine reset with logical instance ID Jesse.zhang(a)amd.com <Jesse.zhang(a)amd.com> drm/amdgpu: Implement SDMA soft reset directly for v5.x Jesse.zhang(a)amd.com <Jesse.zhang(a)amd.com> drm/amdgpu: Add the new sdma function pointers for amdgpu_sdma.h Matthew Brost <matthew.brost(a)intel.com> drm/xe: Make WA BB part of LRC BO Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Add tests with stack ptr register in conditional jmp Harry Yoo <harry.yoo(a)oracle.com> mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Jinjiang Tu <tujinjiang(a)huawei.com> mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list Zi Yan <ziy(a)nvidia.com> selftests/mm: fix split_huge_page_test for folio_split() tests Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: also cover checksum Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: also cover alt modes Akinobu Mita <akinobu.mita(a)gmail.com> resource: fix false warning in __request_region() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI/pwrctrl: Create pwrctrl devices only when CONFIG_PCI_PWRCTRL is enabled Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: reject invalid file types when reading inodes Marco Elver <elver(a)google.com> kasan: use vmalloc_dump_obj() for vmalloc error reports Haoxiang Li <haoxiang_li2024(a)163.com> ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Praveen Kaligineedi <pkaligineedi(a)google.com> gve: Fix stuck TX queue for DQ queue format Jacek Kowalski <jacek(a)jacekk.info> e1000e: ignore uninitialized checksum word on tgp Jacek Kowalski <jacek(a)jacekk.info> e1000e: disregard NVM checksum on tgp when valid checksum bit is not set Ma Ke <make24(a)iscas.ac.cn> dpaa2-switch: Fix device reference count leak in MAC endpoint handling Ma Ke <make24(a)iscas.ac.cn> dpaa2-eth: Fix device reference count leak in MAC endpoint handling Johan Hovold <johan(a)kernel.org> ASoC: mediatek: common: fix device and OF node leak Ada Couprie Diaz <ada.coupriediaz(a)arm.com> arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() Edip Hazuri <edip(a)medip.dev> ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx Dawid Rezler <dawidrezler.patches(a)gmail.com> ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx Stephen Rothwell <sfr(a)canb.auug.org.au> sprintf.h requires stdarg.h Ma Ke <make24(a)iscas.ac.cn> bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() Viresh Kumar <viresh.kumar(a)linaro.org> i2c: virtio: Avoid hang by using interruptible completion wait Akhil R <akhilrajeev(a)nvidia.com> i2c: tegra: Fix reset error handling with ACPI Yang Xiwen <forbidden405(a)outlook.com> i2c: qup: jump out of the loop in case of timeout Markus Blöchl <markus(a)blochl.de> timekeeping: Zero initialize system_counterval when querying time from phc drivers Nathan Chancellor <nathan(a)kernel.org> ARM: 9450/1: Fix allowing linker DCE with binutils < 2.36 Nathan Chancellor <nathan(a)kernel.org> ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Nathan Chancellor <nathan(a)kernel.org> mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() Lin.Cao <lincao12(a)amd.com> drm/sched: Remove optimization that causes hang when killing dependent jobs Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/amdgpu: Reset the clear flag in buddy during resume Thomas Zimmermann <tzimmermann(a)suse.de> Revert "drm/gem-dma: Use dma_buf from GEM object instance" Thomas Zimmermann <tzimmermann(a)suse.de> Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" Thomas Zimmermann <tzimmermann(a)suse.de> Revert "drm/prime: Use dma_buf from GEM object instance" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: Fix FnLock not remembered among boots Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Fix `dmi_system_id` array Jijie Shao <shaojijie(a)huawei.com> net: hns3: default enable tx bounce buffer when smmu enabled Jian Shen <shenjian15(a)huawei.com> net: hns3: fixed vf get max channels bug Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: disable interrupt when ptp init failed Jian Shen <shenjian15(a)huawei.com> net: hns3: fix concurrent setting vlan filter issue Halil Pasic <pasic(a)linux.ibm.com> s390/ism: fix concurrency management in ism_cmd() Nimrod Oren <noren(a)nvidia.com> selftests: drv-net: wait for iperf client to stop sending SHARAN KUMAR M <sharweshraajan(a)gmail.com> ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop Douglas Anderson <dianders(a)chromium.org> drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() Marc Kleine-Budde <mkl(a)pengutronix.de> can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Kito Xu (veritas501) <hxzene(a)gmail.com> net: appletalk: Fix use-after-free in AARP proxy probe Jamie Bainbridge <jamie.bainbridge(a)gmail.com> i40e: When removing VF MAC filters, only check PF-set MAC Dennis Chen <dechen(a)redhat.com> i40e: report VF tx_dropped with tx_errors instead of tx_discards Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch Chiara Meiohas <cmeiohas(a)nvidia.com> net/mlx5: Fix memory leak in cmd_exec() Himanshu Mittal <h-mittal1(a)ti.com> net: ti: icssg-prueth: Fix buffer allocation for ICSSG Guoqing Jiang <guoqing.jiang(a)canonical.com> ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv Eyal Birger <eyal.birger(a)gmail.com> xfrm: interface: fix use-after-free after changing collect_md xfrm interface Fernando Fernandez Mancera <fmancera(a)suse.de> xfrm: ipcomp: adjust transport header after decompressing Tobias Brunner <tobias(a)strongswan.org> xfrm: Set transport header to fix UDP GRO handling Leon Romanovsky <leon(a)kernel.org> xfrm: always initialize offload path Sabrina Dubroca <sd(a)queasysnail.net> xfrm: state: use a consistent pcpu_id in xfrm_state_find Sabrina Dubroca <sd(a)queasysnail.net> xfrm: state: initialize state_ptrs earlier in xfrm_state_find Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Make vchiq_shutdown never fail Torsten Hilbrich <torsten.hilbrich(a)secunet.com> platform/x86: Fix initialization order for firmware_attributes_class Nuno Das Neves <nunodasneves(a)linux.microsoft.com> x86/hyperv: Fix usage of cpu_online_mask to get valid cpu Yasumasa Suenaga <yasuenag(a)gmail.com> tools/hv: fcopy: Fix incorrect file path conversion Shravan Kumar Ramani <shravankr(a)nvidia.com> platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input Shravan Kumar Ramani <shravankr(a)nvidia.com> platform/mellanox: mlxbf-pmc: Validate event/enable input Shravan Kumar Ramani <shravankr(a)nvidia.com> platform/mellanox: mlxbf-pmc: Remove newline char from event name input Abdun Nihaal <abdun.nihaal(a)gmail.com> regmap: fix potential memory leak of regmap_bus David Lechner <dlechner(a)baylibre.com> iio: adc: ad7949: use spi_is_bpw_supported() Gabor Juhos <j4g8y7(a)gmail.com> interconnect: icc-clk: destroy nodes in case of memory allocation failures Xilin Wu <sophon(a)radxa.com> interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node Markus Burri <markus.burri(a)mt.com> iio: fix potential out-of-bound write Maor Gottlieb <maorg(a)nvidia.com> RDMA/core: Rate limit GID cache warning messages Rahul Chandra <rahul(a)chandra.net> platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA Alessandro Carminati <acarmina(a)redhat.com> regulator: core: fix NULL dereference on unbind due to stale coupling data Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Don't allow OLED to go down to fully off Laurent Vivier <lvivier(a)redhat.com> virtio_ring: Fix error reporting in virtqueue_resize Laurent Vivier <lvivier(a)redhat.com> virtio_net: Enforce minimum TX ring size for reliability Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR7 by writing its architectural reset value ------------- Diffstat: Makefile | 4 +- arch/arm/Kconfig | 2 +- arch/arm/Makefile | 2 +- arch/arm64/include/asm/assembler.h | 5 + arch/arm64/kernel/entry.S | 6 + arch/x86/hyperv/irqdomain.c | 4 +- arch/x86/include/asm/debugreg.h | 19 ++- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/cpu/common.c | 2 +- arch/x86/kernel/kgdb.c | 2 +- arch/x86/kernel/process_32.c | 2 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kvm/x86.c | 4 +- drivers/base/regmap/regmap.c | 2 + drivers/bus/fsl-mc/fsl-mc-bus.c | 19 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 44 +++++- drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.h | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 17 +++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 +- drivers/gpu/drm/drm_buddy.c | 43 ++++++ drivers/gpu/drm/drm_gem_dma_helper.c | 2 +- drivers/gpu/drm/drm_gem_framebuffer_helper.c | 8 +- drivers/gpu/drm/drm_gem_shmem_helper.c | 10 +- drivers/gpu/drm/drm_prime.c | 8 +- drivers/gpu/drm/i915/display/intel_dp.c | 6 + drivers/gpu/drm/scheduler/sched_entity.c | 21 +-- drivers/gpu/drm/xe/xe_lrc.c | 37 ++--- drivers/gpu/drm/xe/xe_lrc_types.h | 3 - drivers/i2c/busses/i2c-qup.c | 4 +- drivers/i2c/busses/i2c-tegra.c | 24 +-- drivers/i2c/busses/i2c-virtio.c | 15 +- drivers/iio/adc/ad7949.c | 7 +- drivers/iio/industrialio-core.c | 5 +- drivers/infiniband/core/cache.c | 4 +- drivers/interconnect/icc-clk.c | 2 + drivers/interconnect/qcom/sc7280.c | 1 + drivers/net/can/dev/dev.c | 12 +- drivers/net/can/dev/netlink.c | 12 ++ drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 15 +- .../net/ethernet/freescale/dpaa2/dpaa2-switch.c | 15 +- drivers/net/ethernet/google/gve/gve_main.c | 67 +++++---- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 31 ++++ drivers/net/ethernet/hisilicon/hns3/hns3_enet.h | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 36 +++-- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 6 +- drivers/net/ethernet/intel/e1000e/defines.h | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 + drivers/net/ethernet/intel/e1000e/nvm.c | 6 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 6 +- drivers/net/ethernet/intel/ice/ice_ddp.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 4 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 108 +++++++------- drivers/net/ethernet/ti/icssg/icssg_config.c | 162 ++++++++++++++------- drivers/net/ethernet/ti/icssg/icssg_config.h | 78 ++++++++-- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 20 ++- drivers/net/ethernet/ti/icssg/icssg_prueth.h | 2 + drivers/net/ethernet/ti/icssg/icssg_switch_map.h | 3 + drivers/net/virtio_net.c | 6 + drivers/pci/probe.c | 7 + drivers/platform/mellanox/mlxbf-pmc.c | 25 +++- drivers/platform/x86/Makefile | 3 +- drivers/platform/x86/asus-nb-wmi.c | 9 ++ drivers/platform/x86/dell/alienware-wmi-wmax.c | 1 + drivers/platform/x86/ideapad-laptop.c | 4 +- drivers/regulator/core.c | 1 + drivers/s390/net/ism_drv.c | 3 + drivers/spi/spi-cadence-quadspi.c | 5 - .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 3 +- drivers/usb/typec/tcpm/tcpm.c | 64 ++++---- drivers/virtio/virtio_ring.c | 8 +- fs/nilfs2/inode.c | 9 +- include/drm/drm_buddy.h | 2 + include/linux/ism.h | 1 + include/linux/sprintf.h | 1 + include/net/xfrm.h | 2 +- kernel/bpf/verifier.c | 7 +- kernel/resource.c | 5 +- kernel/time/timekeeping.c | 2 +- mm/kasan/report.c | 4 +- mm/ksm.c | 6 +- mm/memory-failure.c | 4 + mm/vmscan.c | 8 + mm/zsmalloc.c | 3 + net/appletalk/aarp.c | 24 ++- net/ipv4/xfrm4_input.c | 3 + net/ipv6/xfrm6_input.c | 3 + net/sched/sch_qfq.c | 7 +- net/xfrm/xfrm_device.c | 1 - net/xfrm/xfrm_interface_core.c | 7 +- net/xfrm/xfrm_ipcomp.c | 2 +- net/xfrm/xfrm_state.c | 29 ++-- net/xfrm/xfrm_user.c | 1 + sound/pci/hda/hda_tegra.c | 51 ++++++- sound/pci/hda/patch_hdmi.c | 20 +++ sound/pci/hda/patch_realtek.c | 4 +- sound/soc/mediatek/common/mtk-soundcard-driver.c | 4 + sound/soc/mediatek/mt8365/mt8365-dai-i2s.c | 3 +- tools/hv/hv_fcopy_uio_daemon.c | 37 ++--- .../selftests/bpf/progs/verifier_precision.c | 53 +++++++ tools/testing/selftests/drivers/net/lib/py/load.py | 23 ++- tools/testing/selftests/mm/split_huge_page_test.c | 3 +- tools/testing/selftests/net/mptcp/Makefile | 3 +- .../selftests/net/mptcp/mptcp_connect_checksum.sh | 5 + .../selftests/net/mptcp/mptcp_connect_mmap.sh | 5 + .../selftests/net/mptcp/mptcp_connect_sendfile.sh | 5 + 109 files changed, 998 insertions(+), 452 deletions(-)

1 day, 11 hours

15
106
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2025