- Linux-stable-mirror - lists.linaro.org

[merged mm-hotfixes-stable] ocfs2-prevent-release-journal-inode-after-journal-shutdown.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: prevent release journal inode after journal shutdown has been removed from the -mm tree. Its filename was ocfs2-prevent-release-journal-inode-after-journal-shutdown.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Edward Adam Davis <eadavis(a)qq.com> Subject: ocfs2: prevent release journal inode after journal shutdown Date: Tue, 19 Aug 2025 21:41:02 +0800 Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. Therefore, the following calltrace will inevitably fail when it reaches jbd2_journal_release_jbd_inode(). ocfs2_dismount_volume()-> ocfs2_delete_osb()-> ocfs2_free_slot_info()-> __ocfs2_free_slot_info()-> evict()-> ocfs2_evict_inode()-> ocfs2_clear_inode()-> jbd2_journal_release_jbd_inode(osb->journal->j_journal, Adding osb->journal checks will prevent null-ptr-deref during the above execution path. Link: https://lkml.kernel.org/r/tencent_357489BEAEE4AED74CBD67D246DBD2C4C606@qq.c… Fixes: da5e7c87827e ("ocfs2: cleanup journal init and shutdown") Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Reported-by: syzbot+47d8cb2f2cc1517e515a(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=47d8cb2f2cc1517e515a Tested-by: syzbot+47d8cb2f2cc1517e515a(a)syzkaller.appspotmail.com Reviewed-by: Mark Tinguely <mark.tinguely(a)oracle.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/inode.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/ocfs2/inode.c~ocfs2-prevent-release-journal-inode-after-journal-shutdown +++ a/fs/ocfs2/inode.c @@ -1281,6 +1281,9 @@ static void ocfs2_clear_inode(struct ino * the journal is flushed before journal shutdown. Thus it is safe to * have inodes get cleaned up after journal shutdown. */ + if (!osb->journal) + return; + jbd2_journal_release_jbd_inode(osb->journal->j_journal, &oi->ip_jinode); } _ Patches currently in -mm which might be from eadavis(a)qq.com are

3 weeks, 2 days

1
0
0 0

[merged mm-hotfixes-stable] rust-mm-mark-vmanew-as-transparent.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: rust: mm: mark VmaNew as transparent has been removed from the -mm tree. Its filename was rust-mm-mark-vmanew-as-transparent.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baptiste Lepers <baptiste.lepers(a)gmail.com> Subject: rust: mm: mark VmaNew as transparent Date: Tue, 12 Aug 2025 15:26:56 +0200 Unsafe code in VmaNew's methods assumes that the type has the same layout as the inner `bindings::vm_area_struct`. This is not guaranteed by the default struct representation in Rust, but requires specifying the `transparent` representation. Link: https://lkml.kernel.org/r/20250812132712.61007-1-baptiste.lepers@gmail.com Fixes: dcb81aeab406 ("mm: rust: add VmaNew for f_ops->mmap()") Signed-off-by: Baptiste Lepers <baptiste.lepers(a)gmail.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Cc: Alex Gaynor <alex.gaynor(a)gmail.com> Cc: Andreas Hindborg <a.hindborg(a)kernel.org> Cc: Bj��rn Roy Baron <bjorn3_gh(a)protonmail.com> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Danilo Krummrich <dakr(a)kernel.org> Cc: Gary Guo <gary(a)garyguo.net> Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Miguel Ojeda <ojeda(a)kernel.org> Cc: Trevor Gross <tmgross(a)umich.edu> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- rust/kernel/mm/virt.rs | 1 + 1 file changed, 1 insertion(+) --- a/rust/kernel/mm/virt.rs~rust-mm-mark-vmanew-as-transparent +++ a/rust/kernel/mm/virt.rs @@ -209,6 +209,7 @@ impl VmaMixedMap { /// /// For the duration of 'a, the referenced vma must be undergoing initialization in an /// `f_ops->mmap()` hook. +#[repr(transparent)] pub struct VmaNew { vma: VmaRef, } _ Patches currently in -mm which might be from baptiste.lepers(a)gmail.com are

3 weeks, 2 days

1
0
0 0

[merged mm-hotfixes-stable] of_numa-fix-uninitialized-memory-nodes-causing-kernel-panic.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: of_numa: fix uninitialized memory nodes causing kernel panic has been removed from the -mm tree. Its filename was of_numa-fix-uninitialized-memory-nodes-causing-kernel-panic.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yin Tirui <yintirui(a)huawei.com> Subject: of_numa: fix uninitialized memory nodes causing kernel panic Date: Tue, 19 Aug 2025 15:55:10 +0800 When there are memory-only nodes (nodes without CPUs), these nodes are not properly initialized, causing kernel panic during boot. of_numa_init of_numa_parse_cpu_nodes node_set(nid, numa_nodes_parsed); of_numa_parse_memory_nodes In of_numa_parse_cpu_nodes, numa_nodes_parsed gets updated only for nodes containing CPUs. Memory-only nodes should have been updated in of_numa_parse_memory_nodes, but they weren't. Subsequently, when free_area_init() attempts to access NODE_DATA() for these uninitialized memory nodes, the kernel panics due to NULL pointer dereference. This can be reproduced on ARM64 QEMU with 1 CPU and 2 memory nodes: qemu-system-aarch64 \ -cpu host -nographic \ -m 4G -smp 1 \ -machine virt,accel=kvm,gic-version=3,iommu=smmuv3 \ -object memory-backend-ram,size=2G,id=mem0 \ -object memory-backend-ram,size=2G,id=mem1 \ -numa node,nodeid=0,memdev=mem0 \ -numa node,nodeid=1,memdev=mem1 \ -kernel $IMAGE \ -hda $DISK \ -append "console=ttyAMA0 root=/dev/vda rw earlycon" [ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x481fd010] [ 0.000000] Linux version 6.17.0-rc1-00001-gabb4b3daf18c-dirty (yintirui@local) (gcc (GCC) 12.3.1, GNU ld (GNU Binutils) 2.41) #52 SMP PREEMPT Mon Aug 18 09:49:40 CST 2025 [ 0.000000] KASLR enabled [ 0.000000] random: crng init done [ 0.000000] Machine model: linux,dummy-virt [ 0.000000] efi: UEFI not found. [ 0.000000] earlycon: pl11 at MMIO 0x0000000009000000 (options '') [ 0.000000] printk: legacy bootconsole [pl11] enabled [ 0.000000] OF: reserved mem: Reserved memory: No reserved-memory node in the DT [ 0.000000] NODE_DATA(0) allocated [mem 0xbfffd9c0-0xbfffffff] [ 0.000000] node 1 must be removed before remove section 23 [ 0.000000] Zone ranges: [ 0.000000] DMA [mem 0x0000000040000000-0x00000000ffffffff] [ 0.000000] DMA32 empty [ 0.000000] Normal [mem 0x0000000100000000-0x000000013fffffff] [ 0.000000] Movable zone start for each node [ 0.000000] Early memory node ranges [ 0.000000] node 0: [mem 0x0000000040000000-0x00000000bfffffff] [ 0.000000] node 1: [mem 0x00000000c0000000-0x000000013fffffff] [ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x00000000bfffffff] [ 0.000000] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [ 0.000000] Mem abort info: [ 0.000000] ESR = 0x0000000096000004 [ 0.000000] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.000000] SET = 0, FnV = 0 [ 0.000000] EA = 0, S1PTW = 0 [ 0.000000] FSC = 0x04: level 0 translation fault [ 0.000000] Data abort info: [ 0.000000] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 0.000000] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 0.000000] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 0.000000] [00000000000000a0] user address but active_mm is swapper [ 0.000000] Internal error: Oops: 0000000096000004 [#1] SMP [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc1-00001-g760c6dabf762-dirty #54 PREEMPT [ 0.000000] Hardware name: linux,dummy-virt (DT) [ 0.000000] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.000000] pc : free_area_init+0x50c/0xf9c [ 0.000000] lr : free_area_init+0x5c0/0xf9c [ 0.000000] sp : ffffa02ca0f33c00 [ 0.000000] x29: ffffa02ca0f33cb0 x28: 0000000000000000 x27: 0000000000000000 [ 0.000000] x26: 4ec4ec4ec4ec4ec5 x25: 00000000000c0000 x24: 00000000000c0000 [ 0.000000] x23: 0000000000040000 x22: 0000000000000000 x21: ffffa02ca0f3b368 [ 0.000000] x20: ffffa02ca14c7b98 x19: 0000000000000000 x18: 0000000000000002 [ 0.000000] x17: 000000000000cacc x16: 0000000000000001 x15: 0000000000000001 [ 0.000000] x14: 0000000080000000 x13: 0000000000000018 x12: 0000000000000002 [ 0.000000] x11: ffffa02ca0fd4f00 x10: ffffa02ca14bab20 x9 : ffffa02ca14bab38 [ 0.000000] x8 : 00000000000c0000 x7 : 0000000000000001 x6 : 0000000000000002 [ 0.000000] x5 : 0000000140000000 x4 : ffffa02ca0f33c90 x3 : ffffa02ca0f33ca0 [ 0.000000] x2 : ffffa02ca0f33c98 x1 : 0000000080000000 x0 : 0000000000000001 [ 0.000000] Call trace: [ 0.000000] free_area_init+0x50c/0xf9c (P) [ 0.000000] bootmem_init+0x110/0x1dc [ 0.000000] setup_arch+0x278/0x60c [ 0.000000] start_kernel+0x70/0x748 [ 0.000000] __primary_switched+0x88/0x90 [ 0.000000] Code: d503201f b98093e0 52800016 f8607a93 (f9405260) [ 0.000000] ---[ end trace 0000000000000000 ]--- [ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task! [ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- Link: https://lkml.kernel.org/r/20250819075510.2079961-1-yintirui@huawei.com Fixes: 767507654c22 ("arch_numa: switch over to numa_memblks") Signed-off-by: Yin Tirui <yintirui(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Reviewed-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Chen Jun <chenjun102(a)huawei.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Joanthan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Rob Herring <robh(a)kernel.org> Cc: Saravana Kannan <saravanak(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/of/of_numa.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/of/of_numa.c~of_numa-fix-uninitialized-memory-nodes-causing-kernel-panic +++ a/drivers/of/of_numa.c @@ -59,8 +59,11 @@ static int __init of_numa_parse_memory_n r = -EINVAL; } - for (i = 0; !r && !of_address_to_resource(np, i, &rsrc); i++) + for (i = 0; !r && !of_address_to_resource(np, i, &rsrc); i++) { r = numa_add_memblk(nid, rsrc.start, rsrc.end + 1); + if (!r) + node_set(nid, numa_nodes_parsed); + } if (!i || r) { of_node_put(np); _ Patches currently in -mm which might be from yintirui(a)huawei.com are

3 weeks, 2 days

1
0
0 0

[PATCH] scsi: lpfc: Fix buffer free/clear order in deferred receive path

by John Evans

Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double-free/UAF. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same. Fixes: 472e146d1cf3 ("scsi: lpfc: Correct upcalling nvmet_fc transport during io done downcall") Cc: stable(a)vger.kernel.org Signed-off-by: John Evans <evans1210144(a)gmail.com> --- drivers/scsi/lpfc/lpfc_nvmet.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c index fba2e62027b7..766319543680 100644 --- a/drivers/scsi/lpfc/lpfc_nvmet.c +++ b/drivers/scsi/lpfc/lpfc_nvmet.c @@ -1264,10 +1264,15 @@ lpfc_nvmet_defer_rcv(struct nvmet_fc_target_port *tgtport, atomic_inc(&tgtp->rcv_fcp_cmd_defer); /* Free the nvmebuf since a new buffer already replaced it */ - nvmebuf->hrq->rqbp->rqb_free_buffer(phba, nvmebuf); spin_lock_irqsave(&ctxp->ctxlock, iflag); - ctxp->rqb_buffer = NULL; - spin_unlock_irqrestore(&ctxp->ctxlock, iflag); + nvmebuf = ctxp->rqb_buffer; + if (nvmebuf) { + ctxp->rqb_buffer = NULL; + spin_unlock_irqrestore(&ctxp->ctxlock, iflag); + nvmebuf->hrq->rqbp->rqb_free_buffer(phba, nvmebuf); + } else { + spin_unlock_irqrestore(&ctxp->ctxlock, iflag); + } } /** -- 2.43.0

3 weeks, 2 days

2
4
0 0

[PATCH net-next] net: xilinx: axienet: Add error handling for RX metadata pointer retrieval

by Abin Joseph

Add proper error checking for dmaengine_desc_get_metadata_ptr() which can return an error pointer and lead to potential crashes or undefined behaviour if the pointer retrieval fails. Properly handle the error by unmapping DMA buffer, freeing the skb and returning early to prevent further processing with invalid data. Fixes: 6a91b846af85 ("net: axienet: Introduce dmaengine support") Signed-off-by: Abin Joseph <abin.joseph(a)amd.com> --- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c index 0d8a05fe541a..1729fd21d83b 100644 --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c @@ -1166,8 +1166,17 @@ static void axienet_dma_rx_cb(void *data, const struct dmaengine_result *result) skb = skbuf_dma->skb; app_metadata = dmaengine_desc_get_metadata_ptr(skbuf_dma->desc, &meta_len, &meta_max_len); - dma_unmap_single(lp->dev, skbuf_dma->dma_address, lp->max_frm_size, - DMA_FROM_DEVICE); + + dma_unmap_single(lp->dev, skbuf_dma->dma_address, lp->max_frm_size, DMA_FROM_DEVICE); + + if (IS_ERR(app_metadata)) { + if (net_ratelimit()) + netdev_err(lp->ndev, "Failed to get RX metadata pointer\n"); + dev_kfree_skb_any(skb); + lp->ndev->stats.rx_dropped++; + goto rx_submit; + } + /* TODO: Derive app word index programmatically */ rx_len = (app_metadata[LEN_APP] & 0xFFFF); skb_put(skb, rx_len); @@ -1180,6 +1189,7 @@ static void axienet_dma_rx_cb(void *data, const struct dmaengine_result *result) u64_stats_add(&lp->rx_bytes, rx_len); u64_stats_update_end(&lp->rx_stat_sync); +rx_submit: for (i = 0; i < CIRC_SPACE(lp->rx_ring_head, lp->rx_ring_tail, RX_BUF_NUM_DEFAULT); i++) axienet_rx_submit_desc(lp->ndev); -- 2.34.1

3 weeks, 3 days

3
2
0 0

[PATCH v3 1/3] xen/events: Cleanup find_virq() return codes

by Jason Andryuk

rc is overwritten by the evtchn_status hypercall in each iteration, so the return value will be whatever the last iteration is. This could incorrectly return success even if the event channel was not found. Change to an explicit -ENOENT for an un-found virq and return 0 on a successful match. Fixes: 62cc5fc7b2e0 ("xen/pv-on-hvm kexec: rebind virqs to existing eventchannel ports") Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> Reviewed-by: Jan Beulich <jbeulich(a)suse.com> Reviewed-by: Juergen Gross <jgross(a)suse.com> --- v3: Reduce rc's scope Add R-b: Jan Mention false success in commit message Add Fixes Cc: stable Add R-b: Juergen v2: New --- drivers/xen/events/events_base.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index 41309d38f78c..374231d84e4f 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -1318,10 +1318,11 @@ static int find_virq(unsigned int virq, unsigned int cpu, evtchn_port_t *evtchn) { struct evtchn_status status; evtchn_port_t port; - int rc = -ENOENT; memset(&status, 0, sizeof(status)); for (port = 0; port < xen_evtchn_max_channels(); port++) { + int rc; + status.dom = DOMID_SELF; status.port = port; rc = HYPERVISOR_event_channel_op(EVTCHNOP_status, &status); @@ -1331,10 +1332,10 @@ static int find_virq(unsigned int virq, unsigned int cpu, evtchn_port_t *evtchn) continue; if (status.u.virq == virq && status.vcpu == xen_vcpu_nr(cpu)) { *evtchn = port; - break; + return 0; } } - return rc; + return -ENOENT; } /** -- 2.34.1

3 weeks, 3 days

1
0
0 0

+ mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Quanmin Yan <yanquanmin1(a)huawei.com> Subject: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() Date: Wed, 27 Aug 2025 19:58:58 +0800 When creating a new scheme of DAMON_RECLAIM, the calculation of 'min_age_region' uses 'aggr_interval' as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Link: https://lkml.kernel.org/r/20250827115858.1186261-3-yanquanmin1@huawei.com Fixes: f5a79d7c0c87 ("mm/damon: introduce struct damos_access_pattern") Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: ze zuo <zuoze1(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.1+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/reclaim.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/mm/damon/reclaim.c~mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters +++ a/mm/damon/reclaim.c @@ -194,6 +194,11 @@ static int damon_reclaim_apply_parameter if (err) return err; + if (!damon_reclaim_mon_attrs.aggr_interval) { + err = -EINVAL; + goto out; + } + err = damon_set_attrs(param_ctx, &damon_reclaim_mon_attrs); if (err) goto out; _ Patches currently in -mm which might be from yanquanmin1(a)huawei.com are mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch

3 weeks, 3 days

1
0
0 0

+ mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Quanmin Yan <yanquanmin1(a)huawei.com> Subject: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Date: Wed, 27 Aug 2025 19:58:57 +0800 Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which may lead to division-by-zero errors. Avoid the divide-by-zero by adding validation checks when DAMON modules attempt to apply the parameters. This patch (of 2): During the calculation of 'hot_thres' and 'cold_thres', either 'sample_interval' or 'aggr_interval' is used as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Additionally, since 'aggr_interval' is already required to be set no smaller than 'sample_interval' in damon_set_attrs(), only the case where 'sample_interval' is zero needs to be checked. Link: https://lkml.kernel.org/r/20250827115858.1186261-2-yanquanmin1@huawei.com Fixes: 40e983cca927 ("mm/damon: introduce DAMON-based LRU-lists Sorting") Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: ze zuo <zuoze1(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.0+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/lru_sort.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/mm/damon/lru_sort.c~mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters +++ a/mm/damon/lru_sort.c @@ -198,6 +198,11 @@ static int damon_lru_sort_apply_paramete if (err) return err; + if (!damon_lru_sort_mon_attrs.sample_interval) { + err = -EINVAL; + goto out; + } + err = damon_set_attrs(ctx, &damon_lru_sort_mon_attrs); if (err) goto out; _ Patches currently in -mm which might be from yanquanmin1(a)huawei.com are mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch

3 weeks, 3 days

1
0
0 0

[PATCH 6.16 000/570] 6.16.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.16.2 release. There are 570 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Aug 2025 12:43:43 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.16.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.16.2-rc1 Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: don't leak pages on account failure Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix null ifq on area destruction Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> dm: split write BIOs on zone boundaries when zone append is not emulated Thomas Gleixner <tglx(a)linutronix.de> irqchip/mvebu-gicp: Use resource_size() for ioremap() Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix racy re-initialization of irq_work causing hangs Yu Kuai <yukuai3(a)huawei.com> md: fix create on open mddev lifetime regression Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Allow DCN301 to clear update flags Arnd Bergmann <arnd(a)arndb.de> firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Jens Axboe <axboe(a)kernel.dk> io_uring/rw: cast rw->flags assignment to rwf_t Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Add link_power_management_supported sysfs attribute Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Maxim Levitsky <mlevitsk(a)redhat.com> KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter Sean Christopherson <seanjc(a)google.com> KVM: VMX: Extract checking of guest's DEBUGCTL into helper Pedro Falcato <pfalcato(a)suse.de> RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Willy Tarreau <w(a)1wt.eu> tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe: Fix infinite recursion using preempt_*_notrace() Benjamin Mugnier <benjamin.mugnier(a)foss.st.com> media: i2c: vd55g1: Fix return code in vd55g1_enable_streams error path Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Turn on the camera if V4L2_EVENT_SUB_FL_SEND_INITIAL Marek Szyprowski <m.szyprowski(a)samsung.com> media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Fix OOB read due to missing payload bound check Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Kairui Song <kasong(a)tencent.com> mm/shmem, swap: improve cached mTHP handling and fix potential hang Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() David Hildenbrand <david(a)redhat.com> mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Vlastimil Babka <vbabka(a)suse.cz> mm, slab: restore NUMA policy support for large kmalloc Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Hans de Goede <hansg(a)kernel.org> i2c: core: Fix double-free of fwnode in i2c_unregister_device() Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: reset folio to NULL when get folio fails Randy Dunlap <rdunlap(a)infradead.org> fbdev: nvidiafb: add depends on HAS_IOPORT Sravan Kumar Gundu <sravankumarlpu(a)gmail.com> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Suren Baghdasaryan <surenb(a)google.com> userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Andrey Albershteyn <aalbersh(a)redhat.com> xfs: fix scrub trace with null pointer in quotacheck Qu Wenruo <wqu(a)suse.com> btrfs: do not allow relocation of partially dropped subvolumes Boris Burkov <boris(a)bur.io> btrfs: fix iteration bug in __qgroup_excl_accounting() Qu Wenruo <wqu(a)suse.com> btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not select metadata BG as finish target Filipe Manana <fdmanana(a)suse.com> btrfs: error on missing block group when unaccounting log tree extent buffers Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Filipe Manana <fdmanana(a)suse.com> btrfs: send: use fallocate for hole punching with send stream v2 Filipe Manana <fdmanana(a)suse.com> btrfs: clear dirty status from extent buffer on error at insert_new_root() Filipe Manana <fdmanana(a)suse.com> btrfs: don't skip remaining extrefs if dir not found during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled Caleb Sander Mateos <csander(a)purestorage.com> btrfs: don't skip accounting in early ENOTTY return in btrfs_uring_encoded_read() Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix race between quota disable and quota rescan ioctl Boris Burkov <boris(a)bur.io> btrfs: fix ssd_spread overallocation Filipe Manana <fdmanana(a)suse.com> btrfs: don't ignore inode missing when replaying log tree Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not remove unwritten non-data block group Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: requeue to unused block group list if zone finish failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: reserve data_reloc block group on mount Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction during log replay if walk_log_tree() failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use filesystem size not disk size for reclaim decision Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Zhang Yi <yi.zhang(a)huawei.com> ext4: initialize superblock fields in the kballoc-test.c kunit tests Baokun Li <libaokun1(a)huawei.com> ext4: fix largest free orders lists corruption on mb_optimize_scan switch Baokun Li <libaokun1(a)huawei.com> ext4: fix zombie groups in average fragment size lists Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Prevent ALIGN() overflow Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Alexey Klimov <alexey.klimov(a)linaro.org> iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Revert vmaster in the error path Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset iface weights when we cannot find a candidate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks Christian Marangi <ansuelsmth(a)gmail.com> clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Damien Le Moal <dlemoal(a)kernel.org> dm: Always split write BIOs to zoned device limits Damien Le Moal <dlemoal(a)kernel.org> block: Introduce bio_needs_zone_write_plugging() Bijan Tabatabai <bijantabatab(a)micron.com> mm/damon/core: commit damos->target_nid SeongJae Park <sj(a)kernel.org> samples/damon/mtier: support boot time enable setup SeongJae Park <sj(a)kernel.org> samples/damon/wsse: fix boot time enable handling Miguel Ojeda <ojeda(a)kernel.org> rust: workaround `rustdoc` target modifiers bug Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: clean output before running `rustdoc` Waiman Long <longman(a)redhat.com> futex: Use user_write_access_begin/_end() in futex_put_value() Tom Lendacky <thomas.lendacky(a)amd.com> x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero Fushuai Wang <wangfushuai(a)baidu.com> x86/fpu: Fix NULL dereference in avx512_status() Nikunj A Dadhania <nikunj(a)amd.com> x86/sev: Improve handling of writes to intercepted TSC MSRs Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo YiPeng Chai <YiPeng.Chai(a)amd.com> drm/amdgpu: fix vram reservation issue Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Add SW clamp for power limits writes Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: prevent potential UAF Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: don't overflow max copy size Matthew Auld <matthew.auld(a)intel.com> drm/xe/migrate: prevent infinite recursion Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush Vinod Govindapillai <vinod.govindapillai(a)intel.com> drm/i915/fbc: fix the implementation of wa_18038517565 David Howells <dhowells(a)redhat.com> cifs: Fix collect_sample() to handle any iterator type Zheng Qixing <zhengqixing(a)huawei.com> block: fix kobject double initialization in add_disk Caleb Sander Mateos <csander(a)purestorage.com> ublk: check for unprivileged daemon on each I/O fetch Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: core: Fix interrupt handling for MCQ Mode Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix uninitialized pointer error in probe() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Mark Brown <broonie(a)kernel.org> regmap: irq: Free the regmap-irq mutex Peter Jakubek <peterjakubek(a)gmail.com> ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU Thomas Croft <thomasmcft(a)gmail.com> ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Elad Nachman <enachman(a)marvell.com> irqchip/mvebu-gicp: Clear pending interrupts on init Yu Kuai <yukuai3(a)huawei.com> lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Stefan Metzmacher <metze(a)samba.org> smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Handle cap_get_proc() ENOSYS Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Fix build with musl Len Brown <len.brown(a)intel.com> tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings Artem Sadovnikov <a.sadovnikov(a)ispras.ru> vfio/mlx5: fix possible overflow in tracking max message size John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Generate correct identifiers for PR OUT transport IDs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Keith Busch <kbusch(a)kernel.org> vfio/type1: conditional rescheduling while pinning Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c John Ogness <john.ogness(a)linutronix.de> printk: nbcon: Allow reacquire during panic Chao Yu <chao(a)kernel.org> f2fs: handle nat.blkaddr corruption in f2fs_get_node_info() Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: check the generic conditions first Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add cluster chain loop check for dir fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz John Johansen <john.johansen(a)canonical.com> apparmor: fix x_table_lookup when stacking is not the first entry Mateusz Guzik <mjguzik(a)gmail.com> apparmor: use the condition in AA_BUG_FMT even with debug disabled Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: fix checking for rq stackable devices Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Jorge Marques <jorge.marques(a)analog.com> i3c: master: Initialize ret in i3c_i2c_notifier_call() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Gabriel Totev <gabriel.totev(a)zetier.com> apparmor: shift ouid when mediating hard links in userns Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Petr Pavlu <petr.pavlu(a)suse.com> module: Prevent silent truncation of module name in delete_module(2) Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: Move handle_nested_irq outside of sdw_dev_lock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: serialize amd manager resume sequence during pm_prepare Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Postpone updating priv->clks[] Mario Limonciello <mario.limonciello(a)amd.com> crypto: ccp - Add missing bootloader info reg for pspv6 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - add timeout for load_fvc completion poll chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for HP Webcam HD 2300 Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: raspberrypi: cfe: Fix min_reqbufs_allocation Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Wilfred Mallawa <wilfred.mallawa(a)wdc.com> PCI: dw-rockchip: Delay link training after hot reset in EP mode Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Correctly handle ATA device errors Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Free allocated tags after failure Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Li Chen <chenl311(a)chinatelecom.cn> HID: rate-limit hid_warn to prevent log flooding Abel Vesa <abel.vesa(a)linaro.org> power: supply: qcom_battmgr: Add lithium-polymer entry John Ernberg <john.ernberg(a)actia.se> crypto: caam - Support iMX8QXP and variants thereof Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Daniel Scally <dan.scally(a)ideasonboard.com> media: ipu-bridge: Add _HID for OV5670 Benjamin Mugnier <benjamin.mugnier(a)foss.st.com> media: i2c: vd55g1: Fix RATE macros not being expressed in bps Benjamin Mugnier <benjamin.mugnier(a)foss.st.com> media: i2c: vd55g1: Setup sensor external clock before patching Michal Wilczynski <m.wilczynski(a)samsung.com> clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Add handling for corrupt and drop frames Shiji Yang <yangshiji66(a)outlook.com> MIPS: lantiq: falcon: sysctrl: fix request memory check logic Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Markus Theil <theil.markus(a)gmail.com> crypto: jitter - fix intermediary handling Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Hans de Goede <hansg(a)kernel.org> media: hi556: Fix reset GPIO timings Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Zhang Yi <yi.zhang(a)huawei.com> ext4: limit the maximum folio order Ziyan Fu <fuzy5(a)lenovo.com> watchdog: iTCO_wdt: Report error if timeout configuration fails Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} George Moussalem <george.moussalem(a)outlook.com> clk: qcom: ipq5018: keep XO clock always on Florin Leotescu <florin.leotescu(a)nxp.com> hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Valmantas Paliksa <walmis(a)gmail.com> phy: rockchip-pcie: Enable all four lanes if required Geraldo Nascimento <geraldogabriel(a)gmail.com> phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Chen-Yu Tsai <wens(a)csie.org> mfd: axp20x: Set explicit ID for AXP313 regulator Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> sphinx: kernel_abi: fix performance regression with O=<dir> Pei Xiao <xiaopei01(a)kylinos.cn> clk: tegra: periph: Fix error handling and resolve unsigned compare warning Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - fix dma unmap sequence Yongzhen Zhang <zhangyongzhen(a)kylinos.cn> fbdev: fix potential buffer overflow in do_register_framebuffer() Paulo Alcantara <pc(a)manguebit.org> smb: client: fix session setup against servers that require SPN Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Aaron Plattner <aplattner(a)nvidia.com> watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Roman Li <Roman.Li(a)amd.com> drm/amd/display: Disable dsc_power_gate for dcn314 by default Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only finalize atomic_obj if it was initialized Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Will Deacon <will(a)kernel.org> vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Joel Fernandes <joelagnelf(a)nvidia.com> rcu: Fix rcu_read_unlock() deadloop due to IRQ work Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/ttm: Respect the shrinker core free target Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid trying AUX transactions on disconnected ports Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Update DMCUB loading sequence for DCN3.5 Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size Ihor Solodrai <isolodrai(a)meta.com> bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Kuan-Chung Chen <damon.chen(a)realtek.com> wifi: rtw89: 8852c: increase beacon loss to 6 seconds Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Make dma-fences compliant with the safe access rules Shannon Nelson <sln(a)onemain.com> ionic: clean dbpage in de-init Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: scan abort when assign/unassign_vif Breno Leitao <leitao(a)debian.org> ptp: Use ratelimite for freerun error message Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix JSON writer resource leak in version command Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent DIS_LEARNING access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: ensure BCM5325 PHYs are enabled Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gal Pressman <gal(a)nvidia.com> net: vlan: Make is_vlan_dev() a stub when VLAN is not configured ganglxie <ganglxie(a)amd.com> drm/amdgpu: clear pa and mca record counter when resetting eeprom Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Suspend IH during mode-2 reset Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Stop storing failures into adev->dm.cached_state Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use pointer type for typecheck() Heiner Kallweit <hkallweit1(a)gmail.com> dpaa_eth: don't use fixed_phy_change_carrier Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mark Rutland <mark.rutland(a)arm.com> arm64: stacktrace: Check kretprobe_find_ret_addr() return value Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> powerpc: floppy: Add missing checks after DMA map Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: Decrement TID on RX peer frag setup error handling Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Ching-Te Ku <ku920601(a)realtek.com> wifi: rtw89: coex: Not to set slot duration to zero to avoid firmware issue Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: mac80211: update radar_required in channel context after channel switch Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize mode_select to 0 Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Add more checks to PSP mailbox Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: pcie: reinit device properly during TOP reset Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mld: fix last_mlo_scan_time type Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mld: use the correct struct size for tracing Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: don't exit EMLSR when we shouldn't Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Nathan Lynch <nathan.lynch(a)amd.com> lib: packing: Include necessary headers Daniel Braunwarth <daniel.braunwarth(a)kuka.com> net: phy: realtek: add error handling to rtl8211f_get_wol Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: ath12k: Fix station association with MBSSID Non-TX BSS Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com> wifi: ath12k: Fix beacon reception for sta associated to Non-TX AP Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Add memset and update default rate value in wmi tx completion Jakub Kicinski <kuba(a)kernel.org> eth: bnxt: take page size into account for page pool recycling rings Andy Yan <andy.yan(a)rock-chips.com> drm/panel: raydium-rm67200: Move initialization from enable() to prepare stage Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath10k: shutdown driver when hardware is unreliable Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: add null check Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Xiang Liu <xiang.liu(a)amd.com> drm/amdgpu: Use correct severity for BP threshold exceed event Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing Wei Fang <wei.fang(a)nxp.com> net: enetc: separate 64-bit counters from enetc_port_counters RubenKelevra <rubenkelevra(a)gmail.com> net: ieee8021q: fix insufficient table-size assertion Li Chen <chenl311(a)chinatelecom.cn> ACPI: Suppress misleading SPCR console message when SPCR table is absent Eric Work <work.eric(a)gmail.com> net: atlantic: add set_power to fw_ops for atl2 to fix wol Lucien.Jheng <lucienzx159(a)gmail.com> net: phy: air_en8811h: Introduce resume/suspend and clk_restore_context to ensure correct CKO settings after network interface reinitialization. Aakash Kumar S <saakashkumar(a)marvell.com> xfrm: Duplicate SPI Handling zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Enable end-to-end flow control also in transmit Matt Roper <matthew.d.roper(a)intel.com> drm/xe/xe_query: Use separate iterator while filling GT list Mark Brown <broonie(a)kernel.org> kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: increase eeprom command timeout David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Disable deep power saving for USB/SDIO Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Fix rtw89_mac_power_switch() for USB Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Clear runtime PM errors while resetting the GPU Robin Murphy <robin.murphy(a)arm.com> perf/arm: Add missing .suppress_bind_attrs Yuan Chen <chenyuan(a)kylinos.cn> drm/msm: Add error handling for krealloc in metadata setup Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: use trylock for debugfs Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Update register xml Thierry Reding <treding(a)nvidia.com> drm/fbdev-client: Skip DRM clients if modesetting is absent Felix Fietkau <nbd(a)nbd.name> wifi: mt76: fix vif link allocation Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: fix rx link assignment for non-MLO stations Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access Kuniyuki Iwashima <kuniyu(a)google.com> ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Heiko Carstens <hca(a)linux.ibm.com> s390/early: Copy last breaking event address to pt_regs Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: avoid weird state in error path Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't complete management TX on SAE commit Chris Mason <clm(a)fb.com> sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Nam Cao <namcao(a)linutronix.de> rv: Add #undef TRACE_INCLUDE_FILE Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: PHY initialization Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Philipp Stanner <phasta(a)kernel.org> drm/sched: Avoid memory leaks with cancel_job() callback Philipp Stanner <phasta(a)kernel.org> drm/sched/tests: Add unit test for cancel_job() Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: handle non-overlapping API ranges Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> um: Re-evaluate thread flags repeatedly Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mld: fix scan request validation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: set gtk id also in older FWs Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Forget ranges when refining tnum after JSET Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix accounting after global limits change Alok Tiwari <alok.a.tiwari(a)oracle.com> perf/cxlpmu: Remove unintended newline from IRQ name format string Biju Das <biju.das.jz(a)bp.renesas.com> net: phy: micrel: Add ksz9131_resume() Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unreserve never reserved chanctx Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: handle WLAN_HT_ACTION_NOTIFY_CHANWIDTH async Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't use TPE data from assoc response Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Prevent duplicate binds Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: ti_hecc: fix -Woverflow compiler warning Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: limit clear_update_flags to dcn32 and above Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: fix null pointer access Breno Leitao <leitao(a)debian.org> arm64: Mark kernel as tainted on SAE and SError panic Jack Ping CHNG <jchng(a)maxlinear.com> net: pcs: xpcs: mask readl() return value to 16 bits Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Properly access RCU protected qdisc_sleeping variable Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB Chin-Yen Lee <timlee(a)realtek.com> wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Matteo Croce <teknoraver(a)meta.com> libbpf: Fix warning in calloc() usage Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: preserve coalescing settings across resets Eduard Zingerman <eddyz87(a)gmail.com> libbpf: Verify that arena map exists when adding arena relocations Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Sven Schnelle <svens(a)linux.ibm.com> s390/sclp: Use monotonic clock in sclp_sync_wait() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Correct tid cleanup when tid setup fails Oliver Neukum <oneukum(a)suse.com> net: usb: cdc-ncm: check for filtering capability Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mld: avoid outdated reorder buffer head_sn Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: use spec link id and not FW link id Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Uwe Kleine-König <ukleinek(a)debian.org> Bluetooth: btusb: Add support for variant of RTL8851BE (USB ID 13d3:3601) Zijun Hu <zijun.hu(a)oss.qualcomm.com> Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_event: Add support for handling LE BIG Sync Lost event En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Ben Hutchings <benh(a)debian.org> bootconfig: Fix unaligned access when building footer Nam Cao <namcao(a)linutronix.de> verification/dot2k: Make a separate dot2k_templates/Kconfig_container Steven Rostedt <rostedt(a)goodmis.org> powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Srinivas Kandagatla <srini(a)kernel.org> ASoC: qcom: use drvdata instead of component to keep id Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Actually use the e_phoff Krzysztof Hałasa <khalasa(a)piap.pl> imx8m-blk-ctrl: set ISI panic write hurry level Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> usb: dwc3: xilinx: add shutdown callback Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Joseph Tilahun <jtilahun(a)astranis.com> tty: serial: fix print format specifiers Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode Markus Stockhausen <markus.stockhausen(a)gmx.de> irqchip/mips-gic: Allow forced affinity Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk George Gaidarov <gdgaidarov+lkml(a)gmail.com> EDAC/ie31200: Enable support for Core i5-14600 and i7-14700 Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable jack polling at shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Handle the jack polling always via a work Gwendal Grignou <gwendal(a)chromium.org> platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Haibo Chen <haibo.chen(a)nxp.com> mmc: sdhci-esdhc-imx: Don't change pinctrl in suspend if wakeup source Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Hans de Goede <hansg(a)kernel.org> mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Fix improper and inaccurate error code returned by misc_init() Gerd Hoffmann <kraxel(a)redhat.com> x86/sev/vc: Fix EFI runtime instruction emulation Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: SDCA: Add flag for unused IRQs Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Eliav Farber <farbere(a)amazon.com> pps: clients: gpio: fix interrupt handling order in remove path Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: vDSO: vdso_test_getrandom: Always print TAP header Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() GalaxySnail <me(a)glxys.nl> ALSA: hda: add MODULE_FIRMWARE for cs35l41/cs35l56 Thierry Reding <treding(a)nvidia.com> firmware: tegra: Fix IVC dependency problems Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Zhu Qiyu <qiyuzhu2(a)amd.com> ACPI: PRM: Reduce unnecessary printing to avoid user confusion Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/build: Fix s390(x) cross-compilation with clang Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Michael Walle <mwalle(a)kernel.org> mfd: tps6594: Add TI TPS652G1 support Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: don't overallocate scan buffer Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: define time_t in terms of __kernel_old_time_t David Collins <david.collins(a)oss.qualcomm.com> thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Clear the ECC counters on init Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Li RongQing <lirongqing(a)baidu.com> cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Guillaume La Roque <glaroque(a)baylibre.com> pmdomain: ti: Select PM_GENERIC_DOMAINS André Draszik <andre.draszik(a)linaro.org> usb: typec: tcpm/tcpci_maxim: fix irq wake usage Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Add poll_cci operation to cros_ec_ucsi Binbin Zhou <zhoubinbin(a)loongson.cn> gpio: loongson-64bit: Extend GPIO irq support Tiffany Yang <ynaffit(a)google.com> binder: Fix selftest page indexing Hiago De Franco <hiago.franco(a)toradex.com> remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Maulik Shah <maulik.shah(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Add RSC version 4 support Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: initialize tzmem before marking SCM as available Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Vivek Pernamitta <quic_vpernami(a)quicinc.com> bus: mhi: host: pci_generic: Disable runtime PM for QDU100 Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN990B40 modem support Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list Moon Hee Lee <moonhee.lee.ca(a)gmail.com> selftests/kexec: fix test_kexec_jump build Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Add init response codes for new ni-usb-hs+ Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Steven Rostedt <rostedt(a)goodmis.org> tracefs: Add d_delete to remove negative dentries Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Al Viro <viro(a)zeniv.linux.org.uk> fix locking in efi_secret_unlink() Wei Gao <wegao(a)suse.com> ext2: Handle fiemap on empty files to prevent EINVAL Al Viro <viro(a)zeniv.linux.org.uk> landlock: opened file never has a negative dentry Christian Brauner <brauner(a)kernel.org> pidfs: raise SB_I_NODEV and SB_I_NOEXEC Xiao Ni <xni(a)redhat.com> md: Don't clear MD_CLOSING until mddev is freed Rong Zhang <ulin0208(a)gmail.com> fs/ntfs3: correctly create symlink for relative path Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add sanity check for file name Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disable DIPM if host lacks support Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disallow LPM policy control if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Jan Kara <jack(a)suse.cz> loop: Avoid updating block size under exclusive owner Xiao Ni <xni(a)redhat.com> md: call del_gendisk in control path Andrew Price <anprice(a)redhat.com> gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrew Price <anprice(a)redhat.com> gfs2: Validate i_depth for exhash directories Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: log TLS handshake failures at error level John Garry <john.g.garry(a)oracle.com> md/raid10: set chunk_sectors limit John Garry <john.g.garry(a)oracle.com> dm-stripe: limit chunk_sectors to the stripe size Keith Busch <kbusch(a)kernel.org> nvme-pci: try function level reset on init failure NeilBrown <neil(a)brown.name> smb/server: avoid deadlock when linking with ReplaceIfExists Filipe Manana <fdmanana(a)suse.com> btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents Yeoreum Yun <yeoreum.yun(a)arm.com> firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall Yeoreum Yun <yeoreum.yun(a)arm.com> tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Check for completion after timeout Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix general protection fault in hfs_find_init() Sven Stegemann <sven(a)stegemann.de> net: kcm: Fix race condition in kcm_unattach() David Wei <dw(a)davidwei.uk> bnxt: fill data page pool with frags if PAGE_SIZE > BNXT_RX_PAGE_SIZE Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Frederic Weisbecker <frederic(a)kernel.org> ipvs: Fix estimator kthreads preferred affinity Jakub Kicinski <kuba(a)kernel.org> tls: handle data disappearing from under the TLS ULP Jeongjun Park <aha310510(a)gmail.com> ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Yao Zi <ziyao(a)disroot.org> riscv: dts: thead: Add APB clocks for TH1520 GMACs Yao Zi <ziyao(a)disroot.org> net: stmmac: thead: Get and enable APB clock on initialization Buday Csaba <buday.csaba(a)prolan.hu> net: mdiobus: release reset_gpio in mdiobus_unregister_device() Clark Wang <xiaoning.wang(a)nxp.com> net: phy: nxp-c45-tja11xx: fix the PHY ID mismatch issue when using C45 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Len Brown <len.brown(a)intel.com> intel_idle: Allow loading ACPI tables for any family Gao Xiang <xiang(a)kernel.org> erofs: fix block count report when 48-bit layout is on Stanislav Fomichev <sdf(a)fomichev.me> hamradio: ignore ops-locked netdevs Stanislav Fomichev <sdf(a)fomichev.me> net: lapbether: ignore ops-locked netdevs Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ti: icss-iep: Fix incorrect type for return value in extts_enable() Jakub Kicinski <kuba(a)kernel.org> net: page_pool: allow enabling recycling late, fix false positive warning MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix emac link speed handling Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix the np_link_fail error reporting issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix the division by zero issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix rtnl deadlock issue Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: remove refcounting in expectation dumpers Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Sabrina Dubroca <sd(a)queasysnail.net> xfrm: bring back device check in validate_xmit_xfrm Sabrina Dubroca <sd(a)queasysnail.net> xfrm: restore GSO for SW crypto Sabrina Dubroca <sd(a)queasysnail.net> xfrm: flush all states in xfrm_state_fini Jinjiang Tu <tujinjiang(a)huawei.com> mm/smaps: fix race between smaps_hugetlb_range and migration Al Viro <viro(a)zeniv.linux.org.uk> habanalabs: fix UAF in export_dmabuf() Stefan Metzmacher <metze(a)samba.org> smb: client: don't wait for info->send_pending == 0 on error Stefan Metzmacher <metze(a)samba.org> smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() Thomas Weißschuh <linux(a)weissschuh.net> mfd: cros_ec: Separate charge-control probing from USB-PD Li Zhijian <lizhijian(a)fujitsu.com> mm/memory-tier: fix abstract distance calculation overflow Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Relax sanity check of the ECDT ID string Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/poly1305: Fix performance regression on short messages Eric Biggers <ebiggers(a)kernel.org> lib/crypto: x86/poly1305: Fix register corruption in no-SIMD contexts Eric Biggers <ebiggers(a)kernel.org> fscrypt: Don't use problematic non-inline crypto engines André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD André Draszik <andre.draszik(a)linaro.org> clk: samsung: exynos850: fix a comment Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Wentao Guan <guanwentao(a)uniontech.com> LoongArch: vDSO: Remove -nostdlib complier flag Yao Zi <ziyao(a)disroot.org> LoongArch: Avoid in-place string operation on FDT content Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Make relocate_new_kernel_size be a .quad value Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: Don't use %pK through printk() in unwinder Haoran Jiang <jianghaoran(a)kylinos.cn> LoongArch: BPF: Fix jump offset calculation in tailcall Huacai Chen <chenhuacai(a)kernel.org> PCI: Extend isolated function probing to LoongArch Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Christian Brauner <brauner(a)kernel.org> fhandle: raise FILEID_IS_DIR in handle_type Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition Xu Yang <xu.yang_2(a)nxp.com> net: usb: asix_devices: add phy_mask for ax88772 mdio bus Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: ti: icss-iep: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> net: mtk_eth_soc: fix device leak at probe Johan Hovold <johan(a)kernel.org> net: enetc: fix device and OF node leak at probe Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Heiner Kallweit <hkallweit1(a)gmail.com> net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect Florian Larysch <fl(a)n621.de> net: phy: micrel: fix KSZ8081/KSZ8091 cable test Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Daniel Golle <daniel(a)makrotopia.org> Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> leds: flash: leds-qcom-flash: Fix registry access after re-bind David Thompson <davthompson(a)nvidia.com> gpio: mlxbf3: use platform_get_irq_optional() David Thompson <davthompson(a)nvidia.com> Revert "gpio: mlxbf3: only get IRQ for device instance 0" Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Revert "gpio: pxa: Make irq_chip immutable" David Thompson <davthompson(a)nvidia.com> gpio: mlxbf2: use platform_get_irq_optional() Dongcheng Yan <dongcheng.yan(a)intel.com> media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Harald Mommer <harald.mommer(a)oss.qualcomm.com> gpio: virtio: Fix config space reading. Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: remove redundant lstrp update in negotiate protocol Steve French <stfrench(a)microsoft.com> smb3: fix for slab out of bounds on mount to ksmbd Christopher Eby <kreed(a)kreed.org> ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Jens Axboe <axboe(a)kernel.dk> io_uring/net: commit partial buffers on retry Jens Axboe <axboe(a)kernel.dk> io_uring/memmap: cast nr_pages to size_t before shifting Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: account area memory Pavel Begunkov <asml.silence(a)gmail.com> io_uring: export io_[un]account_mem Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI ------------- Diffstat: Documentation/filesystems/fscrypt.rst | 37 +- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Documentation/sphinx/kernel_abi.py | 6 +- Makefile | 4 +- arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +- arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/kernel/acpi.c | 10 +- arch/arm64/kernel/stacktrace.c | 2 + arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/arm64/mm/ptdump_debugfs.c | 3 - arch/loongarch/kernel/env.c | 13 +- arch/loongarch/kernel/relocate_kernel.S | 2 +- arch/loongarch/kernel/unwind_orc.c | 2 +- arch/loongarch/net/bpf_jit.c | 21 +- arch/loongarch/vdso/Makefile | 2 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/lantiq/falcon/sysctrl.c | 23 +- arch/parisc/Makefile | 2 +- arch/powerpc/include/asm/floppy.h | 5 +- arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/riscv/boot/dts/thead/th1520.dtsi | 10 +- arch/riscv/mm/ptdump.c | 3 - arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/early.c | 1 + arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/um/include/asm/thread_info.h | 4 + arch/um/kernel/process.c | 18 +- arch/x86/boot/startup/sev-shared.c | 1 + arch/x86/coco/sev/core.c | 2 + arch/x86/coco/sev/vc-handle.c | 42 +- arch/x86/include/asm/kvm_host.h | 7 + arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/fpu/xstate.c | 19 +- arch/x86/kvm/vmx/main.c | 2 + arch/x86/kvm/vmx/nested.c | 21 +- arch/x86/kvm/vmx/pmu_intel.c | 8 +- arch/x86/kvm/vmx/vmx.c | 41 +- arch/x86/kvm/vmx/vmx.h | 26 + arch/x86/kvm/x86.c | 14 +- arch/x86/lib/crypto/poly1305_glue.c | 48 +- block/bfq-iosched.c | 35 +- block/bfq-iosched.h | 3 +- block/blk-mq.c | 6 +- block/blk-settings.c | 2 +- block/blk-sysfs.c | 12 +- block/blk-zoned.c | 20 +- block/blk.h | 1 + block/genhd.c | 2 + block/kyber-iosched.c | 9 +- block/mq-deadline.c | 16 +- crypto/jitterentropy-kcapi.c | 9 +- drivers/accel/habanalabs/common/memory.c | 23 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 13 + drivers/acpi/ec.c | 10 +- drivers/acpi/prmt.c | 26 +- drivers/acpi/processor_perflib.c | 11 + drivers/android/binder_alloc_selftest.c | 2 +- drivers/ata/ahci.c | 12 +- drivers/ata/ata_piix.c | 1 + drivers/ata/libahci.c | 1 + drivers/ata/libata-sata.c | 52 +- drivers/base/power/runtime.c | 5 + drivers/base/regmap/regmap-irq.c | 19 +- drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/loop.c | 38 +- drivers/block/sunvdc.c | 4 +- drivers/block/ublk_drv.c | 16 +- drivers/bluetooth/btusb.c | 3 + drivers/bus/mhi/host/pci_generic.c | 20 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 +- drivers/char/misc.c | 4 +- drivers/char/tpm/tpm-interface.c | 17 +- drivers/char/tpm/tpm_crb_ffa.c | 19 +- drivers/clk/qcom/dispcc-sm8750.c | 10 +- drivers/clk/qcom/gcc-ipq5018.c | 2 +- drivers/clk/qcom/gcc-ipq8074.c | 6 +- drivers/clk/renesas/rzg2l-cpg.c | 8 +- drivers/clk/samsung/clk-exynos850.c | 2 +- drivers/clk/samsung/clk-gs101.c | 4 +- drivers/clk/tegra/clk-periph.c | 4 +- drivers/clk/thead/clk-th1520-ap.c | 5 +- drivers/comedi/comedi_fops.c | 33 +- drivers/comedi/comedi_internal.h | 1 + drivers/comedi/drivers.c | 13 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 8 +- drivers/cpufreq/intel_pstate.c | 2 + drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/caam/ctrl.c | 2 +- drivers/crypto/ccp/sp-pci.c | 1 + drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +- drivers/devfreq/governor_userspace.c | 6 +- drivers/dma/stm32/stm32-dma.c | 2 +- drivers/edac/ie31200_edac.c | 4 + drivers/edac/synopsys_edac.c | 93 +- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/scmi_power_control.c | 22 +- drivers/firmware/qcom/qcom_scm.c | 53 +- drivers/firmware/tegra/Kconfig | 5 +- drivers/gpio/gpio-loongson-64bit.c | 6 + drivers/gpio/gpio-mlxbf2.c | 2 +- drivers/gpio/gpio-mlxbf3.c | 52 +- drivers/gpio/gpio-pxa.c | 8 +- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-virtio.c | 9 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/aldebaran.c | 33 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 11 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +- drivers/gpu/drm/amd/amdgpu/psp_v10_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 31 +- drivers/gpu/drm/amd/amdgpu/psp_v11_0_8.c | 25 +- drivers/gpu/drm/amd/amdgpu/psp_v12_0.c | 18 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 25 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0_4.c | 25 +- drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 25 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 28 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +- .../display/dc/resource/dcn314/dcn314_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 41 +- drivers/gpu/drm/clients/drm_client_setup.c | 5 + drivers/gpu/drm/i915/display/intel_fbc.c | 8 +- drivers/gpu/drm/i915/display/intel_psr.c | 14 +- drivers/gpu/drm/imagination/pvr_power.c | 59 +- drivers/gpu/drm/msm/Makefile | 5 + drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 4 + drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.h | 2 +- drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 2 +- .../gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 4 +- drivers/gpu/drm/msm/msm_drv.c | 9 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/msm/msm_gem.h | 6 + drivers/gpu/drm/msm/registers/adreno/a6xx.xml | 3576 ++++---------------- .../drm/msm/registers/adreno/a6xx_descriptors.xml | 198 ++ .../gpu/drm/msm/registers/adreno/a6xx_enums.xml | 383 +++ .../drm/msm/registers/adreno/a6xx_perfcntrs.xml | 600 ++++ .../gpu/drm/msm/registers/adreno/a7xx_enums.xml | 223 ++ .../drm/msm/registers/adreno/a7xx_perfcntrs.xml | 1030 ++++++ .../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 302 +- drivers/gpu/drm/panel/panel-raydium-rm67200.c | 22 +- drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 + drivers/gpu/drm/scheduler/sched_main.c | 34 +- drivers/gpu/drm/scheduler/tests/tests_basic.c | 42 + drivers/gpu/drm/ttm/ttm_pool.c | 8 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 + drivers/gpu/drm/xe/xe_guc_submit.c | 7 +- drivers/gpu/drm/xe/xe_hw_fence.c | 3 + drivers/gpu/drm/xe/xe_hwmon.c | 29 + drivers/gpu/drm/xe/xe_migrate.c | 42 +- drivers/gpu/drm/xe/xe_query.c | 27 +- drivers/hid/hid-core.c | 4 +- drivers/hwmon/emc2305.c | 10 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i2c/i2c-core-base.c | 8 +- drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 4 +- drivers/idle/intel_idle.c | 2 +- drivers/iio/adc/ad7768-1.c | 23 +- drivers/iio/adc/ad_sigma_delta.c | 2 +- drivers/infiniband/core/nldev.c | 22 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +- drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 7 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 19 +- drivers/iommu/intel/iommu.h | 3 + drivers/iommu/iommufd/io_pagetable.c | 48 +- drivers/irqchip/irq-mips-gic.c | 8 +- drivers/irqchip/irq-mvebu-gicp.c | 10 + drivers/irqchip/irq-renesas-rzv2h.c | 4 +- drivers/leds/flash/leds-qcom-flash.c | 15 +- drivers/leds/leds-lp50xx.c | 11 +- drivers/leds/trigger/ledtrig-netdev.c | 16 +- drivers/md/dm-ps-historical-service-time.c | 4 +- drivers/md/dm-ps-queue-length.c | 4 +- drivers/md/dm-ps-round-robin.c | 4 +- drivers/md/dm-ps-service-time.c | 4 +- drivers/md/dm-stripe.c | 1 + drivers/md/dm-table.c | 10 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 37 +- drivers/md/md.c | 51 +- drivers/md/md.h | 26 +- drivers/md/raid10.c | 1 + drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/hi556.c | 7 +- drivers/media/i2c/lt6911uxe.c | 2 +- drivers/media/i2c/tc358743.c | 86 +- drivers/media/i2c/vd55g1.c | 11 +- drivers/media/pci/intel/ipu-bridge.c | 2 + drivers/media/platform/qcom/iris/iris_buffer.c | 11 +- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 2 + .../platform/qcom/iris/iris_hfi_gen1_response.c | 6 + drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +- drivers/media/platform/raspberrypi/rp1-cfe/cfe.c | 4 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/uvc/uvc_ctrl.c | 65 +- drivers/media/usb/uvc/uvc_driver.c | 12 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/usb/uvc/uvcvideo.h | 2 + drivers/media/v4l2-core/v4l2-common.c | 14 +- drivers/mfd/axp20x.c | 3 +- drivers/mfd/cros_ec_dev.c | 10 +- drivers/mfd/tps6594-core.c | 88 +- drivers/mfd/tps6594-i2c.c | 10 +- drivers/mfd/tps6594-spi.c | 10 +- drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/misc/mei/bus.c | 6 + drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-esdhc-imx.c | 16 +- drivers/mmc/host/sdhci-msm.c | 14 + drivers/net/can/ti_hecc.c | 2 +- drivers/net/dsa/b53/b53_common.c | 76 +- drivers/net/dsa/b53/b53_regs.h | 7 +- drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 + .../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 + drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 29 +- drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/faraday/ftgmac100.c | 7 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- .../net/ethernet/freescale/enetc/enetc_ethtool.c | 15 +- drivers/net/ethernet/freescale/enetc/enetc_hw.h | 1 + drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +- drivers/net/ethernet/freescale/fec_main.c | 34 +- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 14 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 15 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_txrx.h | 7 +- drivers/net/ethernet/intel/idpf/idpf.h | 19 + drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 +- drivers/net/ethernet/mediatek/mtk_wed.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +- drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 14 + drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 + drivers/net/hamradio/bpqether.c | 2 +- drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 +- drivers/net/pcs/pcs-xpcs-plat.c | 4 +- drivers/net/phy/air_en8811h.c | 45 +- drivers/net/phy/broadcom.c | 25 +- drivers/net/phy/mdio_bus.c | 1 + drivers/net/phy/mdio_bus_provider.c | 3 - drivers/net/phy/micrel.c | 12 +- drivers/net/phy/nxp-c45-tja11xx.c | 23 +- drivers/net/phy/realtek/realtek_main.c | 10 +- drivers/net/phy/smsc.c | 1 + drivers/net/thunderbolt/main.c | 21 +- drivers/net/usb/asix_devices.c | 1 + drivers/net/usb/cdc_ncm.c | 20 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wan/lapbether.c | 2 +- drivers/net/wireless/ath/ath10k/core.c | 48 +- drivers/net/wireless/ath/ath10k/core.h | 11 +- drivers/net/wireless/ath/ath10k/mac.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 6 + drivers/net/wireless/ath/ath12k/dp.c | 3 +- drivers/net/wireless/ath/ath12k/hw.c | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 57 +- drivers/net/wireless/ath/ath12k/wmi.c | 5 + drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/agg.c | 5 + drivers/net/wireless/intel/iwlwifi/mld/iface.h | 3 + drivers/net/wireless/intel/iwlwifi/mld/link.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 1 + drivers/net/wireless/intel/iwlwifi/mld/mld.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/mlo.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/scan.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/scan.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 1 + .../net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 5 + drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 2 +- drivers/net/wireless/mediatek/mt76/channel.c | 4 +- drivers/net/wireless/mediatek/mt76/mt76.h | 5 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 28 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +- drivers/net/wireless/realtek/rtw89/chan.c | 6 + drivers/net/wireless/realtek/rtw89/coex.c | 12 +- drivers/net/wireless/realtek/rtw89/core.c | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 10 +- drivers/net/wireless/realtek/rtw89/fw.h | 2 + drivers/net/wireless/realtek/rtw89/mac.c | 19 + drivers/net/wireless/realtek/rtw89/reg.h | 1 + drivers/net/wireless/realtek/rtw89/wow.c | 5 +- drivers/net/xen-netfront.c | 5 - drivers/nvme/host/pci.c | 24 +- drivers/nvme/host/tcp.c | 11 +- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 15 +- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 6 +- drivers/pci/probe.c | 2 +- drivers/perf/arm-cmn.c | 1 + drivers/perf/arm-ni.c | 1 + drivers/perf/cxl_pmu.c | 2 +- drivers/phy/rockchip/phy-rockchip-pcie.c | 15 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/platform/chrome/cros_ec_sensorhub.c | 23 +- drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 + drivers/pmdomain/ti/Kconfig | 2 +- drivers/power/supply/qcom_battmgr.c | 2 + drivers/pps/clients/pps-gpio.c | 5 +- drivers/ptp/ptp_clock.c | 2 +- drivers/ptp/ptp_private.h | 5 + drivers/ptp/ptp_vclock.c | 7 + drivers/remoteproc/imx_rproc.c | 4 +- drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 15 +- drivers/s390/char/sclp.c | 4 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 + drivers/scsi/pm8001/pm80xx_hwi.c | 12 +- drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 +- drivers/soc/qcom/mdt_loader.c | 10 +- drivers/soc/qcom/rpmh-rsc.c | 2 +- drivers/soundwire/amd_manager.c | 7 +- drivers/soundwire/bus.c | 6 +- drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 14 +- drivers/target/target_core_fabric_lib.c | 65 +- drivers/target/target_core_internal.h | 4 +- drivers/target/target_core_pr.c | 18 +- drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/serial_core.c | 44 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/usb/class/cdc-acm.c | 11 +- drivers/usb/core/config.c | 10 +- drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/dwc3-xilinx.c | 1 + drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 +- drivers/usb/typec/ucsi/cros_ec_ucsi.c | 1 + drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vfio/pci/mlx5/cmd.c | 4 +- drivers/vfio/vfio_iommu_type1.c | 7 + drivers/vhost/vhost.c | 3 + drivers/video/fbdev/Kconfig | 2 +- drivers/video/fbdev/core/fbcon.c | 9 +- drivers/video/fbdev/core/fbmem.c | 3 + drivers/virt/coco/efi_secret/efi_secret.c | 10 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/iTCO_wdt.c | 6 +- drivers/watchdog/sbsa_gwdt.c | 50 +- fs/btrfs/block-group.c | 31 +- fs/btrfs/ctree.c | 1 + fs/btrfs/disk-io.c | 1 + fs/btrfs/extent-tree.c | 33 +- fs/btrfs/file.c | 59 +- fs/btrfs/inode.c | 2 +- fs/btrfs/ioctl.c | 3 +- fs/btrfs/qgroup.c | 44 +- fs/btrfs/relocation.c | 19 + fs/btrfs/send.c | 33 + fs/btrfs/transaction.c | 6 +- fs/btrfs/tree-log.c | 107 +- fs/btrfs/zoned.c | 66 +- fs/btrfs/zoned.h | 3 + fs/crypto/fscrypt_private.h | 17 + fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 +- fs/crypto/keysetup_v1.c | 3 +- fs/erofs/super.c | 4 +- fs/exfat/dir.c | 12 + fs/exfat/fatent.c | 10 + fs/exfat/namei.c | 5 + fs/exfat/super.c | 32 +- fs/ext2/inode.c | 12 +- fs/ext4/ext4.h | 2 +- fs/ext4/ialloc.c | 3 +- fs/ext4/inline.c | 19 +- fs/ext4/inode.c | 22 +- fs/ext4/mballoc-test.c | 9 + fs/ext4/mballoc.c | 69 +- fs/f2fs/file.c | 24 +- fs/f2fs/node.c | 29 +- fs/fhandle.c | 2 +- fs/file.c | 15 + fs/gfs2/dir.c | 6 +- fs/gfs2/glops.c | 6 + fs/gfs2/meta_io.c | 2 + fs/hfs/bfind.c | 3 + fs/hfs/bnode.c | 93 + fs/hfs/btree.c | 57 +- fs/hfs/extent.c | 2 +- fs/hfs/hfs_fs.h | 1 + fs/hfsplus/bnode.c | 92 + fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 6 + fs/libfs.c | 4 +- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 44 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4client.c | 20 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/pnfs.c | 11 +- fs/nfsd/nfs4state.c | 34 +- fs/ntfs3/dir.c | 3 + fs/ntfs3/inode.c | 31 +- fs/ocfs2/aops.c | 1 + fs/orangefs/orangefs-debugfs.c | 2 +- fs/pidfs.c | 2 + fs/proc/task_mmu.c | 6 +- fs/smb/client/cifsencrypt.c | 79 +- fs/smb/client/cifssmb.c | 10 + fs/smb/client/compress.c | 61 +- fs/smb/client/connect.c | 1 - fs/smb/client/sess.c | 9 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smbdirect.c | 25 +- fs/smb/server/smb2pdu.c | 16 +- fs/tracefs/inode.c | 11 + fs/udf/super.c | 13 +- fs/xfs/scrub/trace.h | 2 +- include/drm/gpu_scheduler.h | 18 + include/linux/blk_types.h | 6 +- include/linux/blkdev.h | 55 + include/linux/hid.h | 2 + include/linux/hypervisor.h | 3 + include/linux/if_vlan.h | 21 +- include/linux/libata.h | 1 + include/linux/memory-tiers.h | 2 +- include/linux/mfd/tps6594.h | 1 + include/linux/packing.h | 6 +- include/linux/pci.h | 6 + include/linux/sbitmap.h | 6 +- include/linux/skbuff.h | 8 +- include/linux/usb/cdc_ncm.h | 1 + include/linux/virtio_vsock.h | 7 +- include/net/bluetooth/hci.h | 6 + include/net/bluetooth/hci_core.h | 5 +- include/net/cfg80211.h | 2 +- include/net/ip_vs.h | 13 + include/net/kcm.h | 1 - include/net/mac80211.h | 4 + include/net/page_pool/types.h | 2 + include/sound/sdca_function.h | 2 + include/trace/events/thp.h | 2 + include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- io_uring/memmap.c | 2 +- io_uring/net.c | 27 +- io_uring/rsrc.c | 4 +- io_uring/rsrc.h | 2 + io_uring/rw.c | 2 +- io_uring/zcrx.c | 34 +- io_uring/zcrx.h | 1 + kernel/.gitignore | 2 + kernel/Makefile | 47 +- kernel/bpf/verifier.c | 7 +- kernel/futex/futex.h | 6 +- kernel/gen_kheaders.sh | 88 +- kernel/kthread.c | 1 + kernel/module/main.c | 10 +- kernel/power/console.c | 7 +- kernel/printk/nbcon.c | 63 +- kernel/rcu/rcutorture.c | 9 +- kernel/rcu/tree.c | 2 + kernel/rcu/tree.h | 14 +- kernel/rcu/tree_nocb.h | 5 +- kernel/rcu/tree_plugin.h | 44 +- kernel/sched/deadline.c | 4 +- kernel/sched/fair.c | 19 +- kernel/sched/rt.c | 6 + kernel/trace/fprobe.c | 4 +- kernel/trace/rv/rv_trace.h | 3 +- lib/sbitmap.c | 56 +- mm/damon/core.c | 1 + mm/huge_memory.c | 7 +- mm/kmemleak.c | 10 +- mm/ptdump.c | 2 + mm/shmem.c | 39 +- mm/slub.c | 7 +- mm/userfaultfd.c | 15 +- net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_event.c | 39 +- net/bluetooth/hci_sock.c | 2 +- net/core/ieee8021q_helpers.c | 44 +- net/core/page_pool.c | 29 + net/ipv4/route.c | 1 - net/ipv4/udp_offload.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/mcast.c | 11 +- net/ipv6/xfrm6_tunnel.c | 2 +- net/kcm/kcmsock.c | 10 +- net/mac80211/chan.c | 1 + net/mac80211/ht.c | 40 +- net/mac80211/ieee80211_i.h | 6 + net/mac80211/iface.c | 29 + net/mac80211/link.c | 9 +- net/mac80211/mlme.c | 45 +- net/mac80211/rx.c | 47 +- net/mctp/af_mctp.c | 28 +- net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/ipvs/ip_vs_est.c | 3 +- net/netfilter/nf_conntrack_netlink.c | 65 +- net/netfilter/nf_tables_api.c | 30 + net/netfilter/nft_set_pipapo.c | 9 +- net/netlink/af_netlink.c | 2 +- net/sched/sch_ets.c | 11 +- net/sctp/input.c | 2 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 11 +- net/tls/tls_sw.c | 3 +- net/vmw_vsock/virtio_transport.c | 2 +- net/wireless/mlme.c | 3 +- net/xfrm/xfrm_device.c | 12 +- net/xfrm/xfrm_state.c | 76 +- rust/Makefile | 16 +- samples/damon/mtier.c | 10 + samples/damon/wsse.c | 12 +- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/apparmor/domain.c | 52 +- security/apparmor/file.c | 6 +- security/apparmor/include/lib.h | 6 +- security/inode.c | 2 - security/landlock/syscalls.c | 1 - sound/core/pcm_native.c | 19 +- sound/pci/hda/cs35l41_hda.c | 2 + sound/pci/hda/cs35l56_hda.c | 4 + sound/pci/hda/hda_codec.c | 44 +- sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 20 +- sound/soc/intel/avs/core.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 8 + sound/soc/qcom/lpass-platform.c | 27 +- sound/soc/sdca/sdca_functions.c | 2 + sound/soc/soc-core.c | 3 + sound/soc/soc-dapm.c | 4 + sound/soc/sof/topology.c | 15 +- sound/usb/mixer_quirks.c | 14 +- sound/usb/stream.c | 25 +- sound/usb/validate.c | 12 + tools/bootconfig/main.c | 24 +- tools/bpf/bpftool/main.c | 6 +- tools/include/nolibc/std.h | 4 +- tools/include/nolibc/types.h | 4 +- tools/lib/bpf/libbpf.c | 7 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/power/x86/turbostat/turbostat.c | 14 +- tools/scripts/Makefile.include | 4 +- tools/testing/ktest/ktest.pl | 5 +- tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +- tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +- .../selftests/bpf/prog_tests/user_ringbuf.c | 10 +- .../selftests/bpf/progs/test_ringbuf_write.c | 4 +- .../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/kexec/Makefile | 2 +- tools/testing/selftests/net/netfilter/config | 2 +- tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +- tools/verification/dot2/dot2k.py | 3 +- .../dot2/dot2k_templates/Kconfig_container | 5 + 622 files changed, 9008 insertions(+), 5340 deletions(-)

3 weeks, 3 days

13
585
0 0

[PATCH v3 3/3] PCI: Fix failure detection during resource resize

by Ilpo Järvinen

Since the commit 96336ec70264 ("PCI: Perform reset_resource() and build fail list in sync") the failed list is always built and returned to let the caller decide what to do with the failures. The caller may want to retry resource fitting and assignment and before that can happen, the resources should be restored to their original state (a reset effectively clears the struct resource), which requires returning them on the failed list so that the original state remains stored in the associated struct pci_dev_resource. Resource resizing is different from the ordinary resource fitting and assignment in that it only considers part of the resources. This means failures for other resource types are not relevant at all and should be ignored. As resize doesn't unassign such unrelated resources, those resource ending up into the failed list implies assignment of that resource must have failed before resize too. The check in pci_reassign_bridge_resources() to decide if the whole assignment is successful, however, is based on list emptiness which will cause false negatives when the failed list has resources with an unrelated type. If the failed list is not empty, call pci_required_resource_failed() and extend it to be able to filter on specific resource types too (if provided). Calling pci_required_resource_failed() at this point is slightly problematic because the resource itself is reset when the failed list is constructed in __assign_resources_sorted(). As a result, pci_resource_is_optional() does not have access to the original resource flags. This could be worked around by restoring and re-reseting the resource around the call to pci_resource_is_optional(), however, it shouldn't cause issue as resource resizing is meant for 64-bit prefetchable resources according to Christian König (see the Link which unfortunately doesn't point directly to Christian's reply because lore didn't store that email at all). Fixes: 96336ec70264 ("PCI: Perform reset_resource() and build fail list in sync") Link: https://lore.kernel.org/all/c5d1b5d8-8669-5572-75a7-0b480f581ac1@linux.inte… Reported-by: D Scott Phillips <scott(a)os.amperecomputing.com> Closes: https://lore.kernel.org/all/86plf0lgit.fsf@scott-ph-mail.amperecomputing.co… Tested-by: D Scott Phillips <scott(a)os.amperecomputing.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Reviewed-by: D Scott Phillips <scott(a)os.amperecomputing.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> --- drivers/pci/setup-bus.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index df5aec46c29d..def29506700e 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -28,6 +28,10 @@ #include <linux/acpi.h> #include "pci.h" +#define PCI_RES_TYPE_MASK \ + (IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH |\ + IORESOURCE_MEM_64) + unsigned int pci_flags; EXPORT_SYMBOL_GPL(pci_flags); @@ -384,13 +388,19 @@ static bool pci_need_to_release(unsigned long mask, struct resource *res) } /* Return: @true if assignment of a required resource failed. */ -static bool pci_required_resource_failed(struct list_head *fail_head) +static bool pci_required_resource_failed(struct list_head *fail_head, + unsigned long type) { struct pci_dev_resource *fail_res; + type &= PCI_RES_TYPE_MASK; + list_for_each_entry(fail_res, fail_head, list) { int idx = pci_resource_num(fail_res->dev, fail_res->res); + if (type && (fail_res->flags & PCI_RES_TYPE_MASK) != type) + continue; + if (!pci_resource_is_optional(fail_res->dev, idx)) return true; } @@ -504,7 +514,7 @@ static void __assign_resources_sorted(struct list_head *head, } /* Without realloc_head and only optional fails, nothing more to do. */ - if (!pci_required_resource_failed(&local_fail_head) && + if (!pci_required_resource_failed(&local_fail_head, 0) && list_empty(realloc_head)) { list_for_each_entry(save_res, &save_head, list) { struct resource *res = save_res->res; @@ -1708,10 +1718,6 @@ static void __pci_bridge_assign_resources(const struct pci_dev *bridge, } } -#define PCI_RES_TYPE_MASK \ - (IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH |\ - IORESOURCE_MEM_64) - static void pci_bridge_release_resources(struct pci_bus *bus, unsigned long type) { @@ -2450,8 +2456,12 @@ int pci_reassign_bridge_resources(struct pci_dev *bridge, unsigned long type) free_list(&added); if (!list_empty(&failed)) { - ret = -ENOSPC; - goto cleanup; + if (pci_required_resource_failed(&failed, type)) { + ret = -ENOSPC; + goto cleanup; + } + /* Only resources with unrelated types failed (again) */ + free_list(&failed); } list_for_each_entry(dev_res, &saved, list) { -- 2.39.5

3 weeks, 3 days

2
3
0 0

[GIT PULL] virtio,vhost: fixes

by Michael S. Tsirkin

The following changes since commit 1b237f190eb3d36f52dffe07a40b5eb210280e00: Linux 6.17-rc3 (2025-08-24 12:04:12 -0400) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git tags/for_linus for you to fetch changes up to 45d8ef6322b8a828d3b1e2cfb8893e2ff882cb23: virtio_net: adjust the execution order of function `virtnet_close` during freeze (2025-08-26 03:38:20 -0400) ---------------------------------------------------------------- virtio,vhost: fixes More small fixes. Most notably this fixes a messed up ioctl #, and a regression in shmem affecting drm users. Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> ---------------------------------------------------------------- Igor Torrente (1): Revert "virtio: reject shm region if length is zero" Junnan Wu (1): virtio_net: adjust the execution order of function `virtnet_close` during freeze Liming Wu (1): virtio_pci: Fix misleading comment for queue vector Namhyung Kim (1): vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER Nikolay Kuratov (1): vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Ying Gao (1): virtio_input: Improve freeze handling drivers/net/virtio_net.c | 7 ++++--- drivers/vhost/net.c | 9 +++++++-- drivers/virtio/virtio_input.c | 4 ++++ drivers/virtio/virtio_pci_legacy_dev.c | 4 ++-- drivers/virtio/virtio_pci_modern_dev.c | 4 ++-- include/linux/virtio_config.h | 2 -- include/uapi/linux/vhost.h | 4 ++-- 7 files changed, 21 insertions(+), 13 deletions(-)

3 weeks, 3 days

2
1
0 0

[PATCH] xfs: do not propagate ENODATA disk errors into xattr code

by Eric Sandeen

ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { xfs_trans_brelse(args->trans, bp); return error; } because an ENODATA/ENOATTR error from disk leaves us with a null bp, and the xfs_trans_brelse will then null-deref it. As discussed on the list, we really need to modify the lower level IO functions to trap all disk errors and ensure that we don't let unique errors like this leak up into higher xfs functions - many like this should be remapped to EIO. However, this patch directly addresses a reported bug in the xattr code, and should be safe to backport to stable kernels. A larger-scope patch to handle more unique errors at lower levels can follow later. (Note, prior to 07120f1abdff we did not oops, but we did return the wrong error code to userspace.) Signed-off-by: Eric Sandeen <sandeen(a)redhat.com> Fixes: 07120f1abdff ("xfs: Add xfs_has_attr and subroutines") Cc: <stable(a)vger.kernel.org> # v5.9+ --- (I get it that sprinkling this around to 3 places might have an ick factor but I think it's necessary to make a surgical strike on this bug before we address the general problem.) Thanks, -Eric diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index fddb55605e0c..9b54cfb0e13d 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c @@ -478,6 +478,12 @@ xfs_attr3_leaf_read( err = xfs_da_read_buf(tp, dp, bno, 0, bpp, XFS_ATTR_FORK, &xfs_attr3_leaf_buf_ops); + /* + * ENODATA from disk implies a disk medium failure; ENODATA for + * xattrs means attribute not found, so disambiguate that here. + */ + if (err == -ENODATA) + err = -EIO; if (err || !(*bpp)) return err; diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 4c44ce1c8a64..bff3dc226f81 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -435,6 +435,13 @@ xfs_attr_rmtval_get( 0, &bp, &xfs_attr3_rmt_buf_ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK); + /* + * ENODATA from disk implies a disk medium failure; + * ENODATA for xattrs means attribute not found, so + * disambiguate that here. + */ + if (error == -ENODATA) + error = -EIO; if (error) return error; diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c index 17d9e6154f19..723a0643b838 100644 --- a/fs/xfs/libxfs/xfs_da_btree.c +++ b/fs/xfs/libxfs/xfs_da_btree.c @@ -2833,6 +2833,12 @@ xfs_da_read_buf( &bp, ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(dp, whichfork); + /* + * ENODATA from disk implies a disk medium failure; ENODATA for + * xattrs means attribute not found, so disambiguate that here. + */ + if (error == -ENODATA && whichfork == XFS_ATTR_FORK) + error = -EIO; if (error) goto out_free;

3 weeks, 3 days

4
6
0 0

[PATCH v2 3/3] xen/events: Update virq_to_irq on migration

by Jason Andryuk

VIRQs come in 3 flavors, per-VPU, per-domain, and global, and the VIRQs are tracked in per-cpu virq_to_irq arrays. Per-domain and global VIRQs must be bound on CPU 0, and bind_virq_to_irq() sets the per_cpu virq_to_irq at registration time Later, the interrupt can migrate, and info->cpu is updated. When calling __unbind_from_irq(), the per-cpu virq_to_irq is cleared for a different cpu. If bind_virq_to_irq() is called again with CPU 0, the stale irq is returned. There won't be any irq_info for the irq, so things break. Make xen_rebind_evtchn_to_cpu() update the per_cpu virq_to_irq mappings to keep them update to date with the current cpu. This ensures the correct virq_to_irq is cleared in __unbind_from_irq(). Fixes: e46cdb66c8fc ("xen: event channels") Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- V2: Different approach changing virq_to_irq --- drivers/xen/events/events_base.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index a85bc43f4344..4e9db7b92dde 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -1772,6 +1772,7 @@ static int xen_rebind_evtchn_to_cpu(struct irq_info *info, unsigned int tcpu) { struct evtchn_bind_vcpu bind_vcpu; evtchn_port_t evtchn = info ? info->evtchn : 0; + int old_cpu = info ? info->cpu : tcpu; if (!VALID_EVTCHN(evtchn)) return -1; @@ -1795,8 +1796,18 @@ static int xen_rebind_evtchn_to_cpu(struct irq_info *info, unsigned int tcpu) * it, but don't do the xenlinux-level rebind in that case. */ if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_vcpu, &bind_vcpu) >= 0) + { bind_evtchn_to_cpu(info, tcpu, false); + if (info->type == IRQT_VIRQ) { + int virq = info->u.virq; + int irq = per_cpu(virq_to_irq, old_cpu)[virq]; + + per_cpu(virq_to_irq, old_cpu)[virq] = -1; + per_cpu(virq_to_irq, tcpu)[virq] = irq; + } + } + do_unmask(info, EVT_MASK_REASON_TEMPORARY); return 0; -- 2.50.1

3 weeks, 3 days

2
1
0 0

[PATCH v3 2/2] drm/amd/display: fix leak of probed modes

by Fedor Pchelkin

amdgpu_dm_connector_ddc_get_modes() reinitializes a connector's probed modes list without cleaning it up. First time it is called during the driver's initialization phase, then via drm_mode_getconnector() ioctl. The leaks observed with Kmemleak are as following: unreferenced object 0xffff88812f91b200 (size 128): comm "(udev-worker)", pid 388, jiffies 4294695475 hex dump (first 32 bytes): ac dd 07 00 80 02 70 0b 90 0b e0 0b 00 00 e0 01 ......p......... 0b 07 10 07 5c 07 00 00 0a 00 00 00 00 00 00 00 ....\........... backtrace (crc 89db554f): __kmalloc_cache_noprof+0x3a3/0x490 drm_mode_duplicate+0x8e/0x2b0 amdgpu_dm_create_common_mode+0x40/0x150 [amdgpu] amdgpu_dm_connector_add_common_modes+0x336/0x488 [amdgpu] amdgpu_dm_connector_get_modes+0x428/0x8a0 [amdgpu] amdgpu_dm_initialize_drm_device+0x1389/0x17b4 [amdgpu] amdgpu_dm_init.cold+0x157b/0x1a1e [amdgpu] dm_hw_init+0x3f/0x110 [amdgpu] amdgpu_device_ip_init+0xcf4/0x1180 [amdgpu] amdgpu_device_init.cold+0xb84/0x1863 [amdgpu] amdgpu_driver_load_kms+0x15/0x90 [amdgpu] amdgpu_pci_probe+0x391/0xce0 [amdgpu] local_pci_probe+0xd9/0x190 pci_call_probe+0x183/0x540 pci_device_probe+0x171/0x2c0 really_probe+0x1e1/0x890 Found by Linux Verification Center (linuxtesting.org). Fixes: acc96ae0d127 ("drm/amd/display: set panel orientation before drm_dev_register") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v3: drop INIT_LIST_HEAD and use drm_edid_connector_update() (Melissa Wen) v2: use exported drm_mode_remove() (Mario Limonciello) drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index a0ca3b2c6bd8..12685966186b 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -8230,10 +8230,14 @@ static void amdgpu_dm_connector_ddc_get_modes(struct drm_connector *connector, { struct amdgpu_dm_connector *amdgpu_dm_connector = to_amdgpu_dm_connector(connector); + struct drm_display_mode *mode, *t; if (drm_edid) { /* empty probed_modes */ - INIT_LIST_HEAD(&connector->probed_modes); + list_for_each_entry_safe(mode, t, &connector->probed_modes, head) + drm_mode_remove(connector, mode); + + drm_edid_connector_update(connector, drm_edid); amdgpu_dm_connector->num_modes = drm_edid_connector_add_modes(connector); -- 2.50.1

3 weeks, 3 days

1
0
0 0

FAILED: patch "[PATCH] NFS: Fix a race when updating an existing write" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 76d2e3890fb169168c73f2e4f8375c7cc24a765e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082224-payment-unworthy-d165@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76d2e3890fb169168c73f2e4f8375c7cc24a765e Mon Sep 17 00:00:00 2001 From: Trond Myklebust <trond.myklebust(a)hammerspace.com> Date: Sat, 16 Aug 2025 07:25:20 -0700 Subject: [PATCH] NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request(). Reported-by: Jeff Layton <jlayton(a)kernel.org> Tested-by: Joe Quanaim <jdq(a)meta.com> Tested-by: Andrew Steffen <aksteffen(a)meta.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Fixes: bd37d6fce184 ("NFSv4: Convert nfs_lock_and_join_requests() to use nfs_page_find_head_request()") Cc: stable(a)vger.kernel.org Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c index 11968dcb7243..6e69ce43a13f 100644 --- a/fs/nfs/pagelist.c +++ b/fs/nfs/pagelist.c @@ -253,13 +253,14 @@ nfs_page_group_unlock(struct nfs_page *req) nfs_page_clear_headlock(req); } -/* - * nfs_page_group_sync_on_bit_locked +/** + * nfs_page_group_sync_on_bit_locked - Test if all requests have @bit set + * @req: request in page group + * @bit: PG_* bit that is used to sync page group * * must be called with page group lock held */ -static bool -nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) +bool nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) { struct nfs_page *head = req->wb_head; struct nfs_page *tmp; diff --git a/fs/nfs/write.c b/fs/nfs/write.c index fa5c41d0989a..8b7c04737967 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -153,20 +153,10 @@ nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode) } } -static int -nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) +static void nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) { - int ret; - - if (!test_bit(PG_REMOVE, &req->wb_flags)) - return 0; - ret = nfs_page_group_lock(req); - if (ret) - return ret; if (test_and_clear_bit(PG_REMOVE, &req->wb_flags)) nfs_page_set_inode_ref(req, inode); - nfs_page_group_unlock(req); - return 0; } /** @@ -585,19 +575,18 @@ retry: } } + ret = nfs_page_group_lock(head); + if (ret < 0) + goto out_unlock; + /* Ensure that nobody removed the request before we locked it */ if (head != folio->private) { + nfs_page_group_unlock(head); nfs_unlock_and_release_request(head); goto retry; } - ret = nfs_cancel_remove_inode(head, inode); - if (ret < 0) - goto out_unlock; - - ret = nfs_page_group_lock(head); - if (ret < 0) - goto out_unlock; + nfs_cancel_remove_inode(head, inode); /* lock each request in the page group */ for (subreq = head->wb_this_page; @@ -786,7 +775,8 @@ static void nfs_inode_remove_request(struct nfs_page *req) { struct nfs_inode *nfsi = NFS_I(nfs_page_to_inode(req)); - if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) { + nfs_page_group_lock(req); + if (nfs_page_group_sync_on_bit_locked(req, PG_REMOVE)) { struct folio *folio = nfs_page_to_folio(req->wb_head); struct address_space *mapping = folio->mapping; @@ -798,6 +788,7 @@ static void nfs_inode_remove_request(struct nfs_page *req) } spin_unlock(&mapping->i_private_lock); } + nfs_page_group_unlock(req); if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) { atomic_long_dec(&nfsi->nrequests); diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h index 169b4ae30ff4..9aed39abc94b 100644 --- a/include/linux/nfs_page.h +++ b/include/linux/nfs_page.h @@ -160,6 +160,7 @@ extern void nfs_join_page_group(struct nfs_page *head, extern int nfs_page_group_lock(struct nfs_page *); extern void nfs_page_group_unlock(struct nfs_page *); extern bool nfs_page_group_sync_on_bit(struct nfs_page *, unsigned int); +extern bool nfs_page_group_sync_on_bit_locked(struct nfs_page *, unsigned int); extern int nfs_page_set_headlock(struct nfs_page *req); extern void nfs_page_clear_headlock(struct nfs_page *req); extern bool nfs_async_iocounter_wait(struct rpc_task *, struct nfs_lock_context *);

3 weeks, 3 days

2
3
0 0

FAILED: patch "[PATCH] NFS: Fix a race when updating an existing write" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 76d2e3890fb169168c73f2e4f8375c7cc24a765e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082224-submersed-commend-be4c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76d2e3890fb169168c73f2e4f8375c7cc24a765e Mon Sep 17 00:00:00 2001 From: Trond Myklebust <trond.myklebust(a)hammerspace.com> Date: Sat, 16 Aug 2025 07:25:20 -0700 Subject: [PATCH] NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request(). Reported-by: Jeff Layton <jlayton(a)kernel.org> Tested-by: Joe Quanaim <jdq(a)meta.com> Tested-by: Andrew Steffen <aksteffen(a)meta.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Fixes: bd37d6fce184 ("NFSv4: Convert nfs_lock_and_join_requests() to use nfs_page_find_head_request()") Cc: stable(a)vger.kernel.org Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c index 11968dcb7243..6e69ce43a13f 100644 --- a/fs/nfs/pagelist.c +++ b/fs/nfs/pagelist.c @@ -253,13 +253,14 @@ nfs_page_group_unlock(struct nfs_page *req) nfs_page_clear_headlock(req); } -/* - * nfs_page_group_sync_on_bit_locked +/** + * nfs_page_group_sync_on_bit_locked - Test if all requests have @bit set + * @req: request in page group + * @bit: PG_* bit that is used to sync page group * * must be called with page group lock held */ -static bool -nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) +bool nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) { struct nfs_page *head = req->wb_head; struct nfs_page *tmp; diff --git a/fs/nfs/write.c b/fs/nfs/write.c index fa5c41d0989a..8b7c04737967 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -153,20 +153,10 @@ nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode) } } -static int -nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) +static void nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) { - int ret; - - if (!test_bit(PG_REMOVE, &req->wb_flags)) - return 0; - ret = nfs_page_group_lock(req); - if (ret) - return ret; if (test_and_clear_bit(PG_REMOVE, &req->wb_flags)) nfs_page_set_inode_ref(req, inode); - nfs_page_group_unlock(req); - return 0; } /** @@ -585,19 +575,18 @@ retry: } } + ret = nfs_page_group_lock(head); + if (ret < 0) + goto out_unlock; + /* Ensure that nobody removed the request before we locked it */ if (head != folio->private) { + nfs_page_group_unlock(head); nfs_unlock_and_release_request(head); goto retry; } - ret = nfs_cancel_remove_inode(head, inode); - if (ret < 0) - goto out_unlock; - - ret = nfs_page_group_lock(head); - if (ret < 0) - goto out_unlock; + nfs_cancel_remove_inode(head, inode); /* lock each request in the page group */ for (subreq = head->wb_this_page; @@ -786,7 +775,8 @@ static void nfs_inode_remove_request(struct nfs_page *req) { struct nfs_inode *nfsi = NFS_I(nfs_page_to_inode(req)); - if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) { + nfs_page_group_lock(req); + if (nfs_page_group_sync_on_bit_locked(req, PG_REMOVE)) { struct folio *folio = nfs_page_to_folio(req->wb_head); struct address_space *mapping = folio->mapping; @@ -798,6 +788,7 @@ static void nfs_inode_remove_request(struct nfs_page *req) } spin_unlock(&mapping->i_private_lock); } + nfs_page_group_unlock(req); if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) { atomic_long_dec(&nfsi->nrequests); diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h index 169b4ae30ff4..9aed39abc94b 100644 --- a/include/linux/nfs_page.h +++ b/include/linux/nfs_page.h @@ -160,6 +160,7 @@ extern void nfs_join_page_group(struct nfs_page *head, extern int nfs_page_group_lock(struct nfs_page *); extern void nfs_page_group_unlock(struct nfs_page *); extern bool nfs_page_group_sync_on_bit(struct nfs_page *, unsigned int); +extern bool nfs_page_group_sync_on_bit_locked(struct nfs_page *, unsigned int); extern int nfs_page_set_headlock(struct nfs_page *req); extern void nfs_page_clear_headlock(struct nfs_page *req); extern bool nfs_async_iocounter_wait(struct rpc_task *, struct nfs_lock_context *);

3 weeks, 3 days

2
3
0 0

[PATCH rtw v2 2/4] wifi: rtw89: fix tx_wait initialization race

by Fedor Pchelkin

Now that nullfunc skbs are recycled in a separate work item in the driver, the following race during initialization and processing of those skbs might lead to noticeable bugs: Waiting thread Completing thread rtw89_core_send_nullfunc() rtw89_core_tx_write_link() ... rtw89_pci_txwd_submit() skb_data->wait = NULL /* add skb to the queue */ skb_queue_tail(&txwd->queue, skb) rtw89_pci_napi_poll() ... rtw89_pci_release_txwd_skb() /* get skb from the queue */ skb_unlink(skb, &txwd->queue) rtw89_pci_tx_status() rtw89_core_tx_wait_complete() /* use incorrect skb_data->wait */ rtw89_core_tx_kick_off_and_wait() /* assign skb_data->wait but too late */ The value of skb_data->wait indicates whether skb is passed on to the core ieee80211 stack or released by the driver itself. So assure that by the time skb is added to txwd queue and becomes visible to the completing side, it has already allocated tx_wait-related data (in case it's needed). Found by Linux Verification Center (linuxtesting.org). Fixes: 1ae5ca615285 ("wifi: rtw89: add function to wait for completion of TX skbs") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/net/wireless/realtek/rtw89/core.c | 31 +++++++++++++---------- drivers/net/wireless/realtek/rtw89/pci.c | 2 -- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c index 48aa02d6abd4..28bbc898b95e 100644 --- a/drivers/net/wireless/realtek/rtw89/core.c +++ b/drivers/net/wireless/realtek/rtw89/core.c @@ -1106,21 +1106,12 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk int qsel, unsigned int timeout) { struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); - struct rtw89_tx_wait_info *wait; + struct rtw89_tx_wait_info *wait = skb_data->wait; unsigned long time_left; int ret = 0; lockdep_assert_wiphy(rtwdev->hw->wiphy); - wait = kzalloc(sizeof(*wait), GFP_KERNEL); - if (!wait) { - rtw89_core_tx_kick_off(rtwdev, qsel); - return 0; - } - - init_completion(&wait->completion); - skb_data->wait = wait; - rtw89_core_tx_kick_off(rtwdev, qsel); time_left = wait_for_completion_timeout(&wait->completion, msecs_to_jiffies(timeout)); @@ -1184,10 +1175,12 @@ int rtw89_h2c_tx(struct rtw89_dev *rtwdev, static int rtw89_core_tx_write_link(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rtwvif_link, struct rtw89_sta_link *rtwsta_link, - struct sk_buff *skb, int *qsel, bool sw_mld) + struct sk_buff *skb, int *qsel, bool sw_mld, + struct rtw89_tx_wait_info *wait) { struct ieee80211_sta *sta = rtwsta_link_to_sta_safe(rtwsta_link); struct ieee80211_vif *vif = rtwvif_link_to_vif(rtwvif_link); + struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); struct rtw89_vif *rtwvif = rtwvif_link->rtwvif; struct rtw89_core_tx_request tx_req = {}; int ret; @@ -1204,6 +1197,8 @@ static int rtw89_core_tx_write_link(struct rtw89_dev *rtwdev, rtw89_core_tx_update_desc_info(rtwdev, &tx_req); rtw89_core_tx_wake(rtwdev, &tx_req); + skb_data->wait = wait; + ret = rtw89_hci_tx_write(rtwdev, &tx_req); if (ret) { rtw89_err(rtwdev, "failed to transmit skb to HCI\n"); @@ -1240,7 +1235,8 @@ int rtw89_core_tx_write(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif, } } - return rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, qsel, false); + return rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, qsel, false, + NULL); } static __le32 rtw89_build_txwd_body0(struct rtw89_tx_desc_info *desc_info) @@ -3438,6 +3434,7 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt struct ieee80211_vif *vif = rtwvif_link_to_vif(rtwvif_link); int link_id = ieee80211_vif_is_mld(vif) ? rtwvif_link->link_id : -1; struct rtw89_sta_link *rtwsta_link; + struct rtw89_tx_wait_info *wait; struct ieee80211_sta *sta; struct ieee80211_hdr *hdr; struct rtw89_sta *rtwsta; @@ -3447,6 +3444,12 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt if (vif->type != NL80211_IFTYPE_STATION || !vif->cfg.assoc) return 0; + wait = kzalloc(sizeof(*wait), GFP_KERNEL); + if (!wait) + return -ENOMEM; + + init_completion(&wait->completion); + rcu_read_lock(); sta = ieee80211_find_sta(vif, vif->cfg.ap_addr); if (!sta) { @@ -3471,7 +3474,8 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt goto out; } - ret = rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, &qsel, true); + ret = rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, &qsel, true, + wait); if (ret) { rtw89_warn(rtwdev, "nullfunc transmit failed: %d\n", ret); dev_kfree_skb_any(skb); @@ -3484,6 +3488,7 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt timeout); out: rcu_read_unlock(); + kfree(wait); return ret; } diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index 6356c2c224c5..8ad505743a8e 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -1372,7 +1372,6 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev, struct pci_dev *pdev = rtwpci->pdev; struct sk_buff *skb = tx_req->skb; struct rtw89_pci_tx_data *tx_data = RTW89_PCI_TX_SKB_CB(skb); - struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); bool en_wd_info = desc_info->en_wd_info; u32 txwd_len; u32 txwp_len; @@ -1388,7 +1387,6 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev, } tx_data->dma = dma; - skb_data->wait = NULL; txwp_len = sizeof(*txwp_info); txwd_len = chip->txwd_body_size; -- 2.50.1

3 weeks, 3 days

1
0
0 0

[PATCH v4 1/4] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON

by K Prateek Nayak

Prior to the topology parsing rewrite and the switchover to the new parsing logic for AMD processors in commit c749ce393b8f ("x86/cpu: Use common topology code for AMD"), the "initial_apicid" on these platforms was: - First initialized to the LocalApicId from CPUID leaf 0x1 EBX[31:24]. - Then overwritten by the ExtendedLocalApicId in CPUID leaf 0xb EDX[31:0] on processors that supported topoext. With the new parsing flow introduced in commit f7fb3b2dd92c ("x86/cpu: Provide an AMD/HYGON specific topology parser"), parse_8000_001e() now unconditionally overwrites the "initial_apicid" already parsed during cpu_parse_topology_ext(). Although this has not been a problem on baremetal platforms, on virtualized AMD guests that feature more than 255 cores, QEMU 0's out the CPUID leaf 0x8000001e on CPUs with "CoreID" > 255 to prevent collision of these IDs in EBX[7:0] which can only represent a maximum of 255 cores [1]. This results in the following FW_BUG being logged when booting a guest with more than 255 cores: [Firmware Bug]: CPU 512: APIC ID mismatch. CPUID: 0x0000 APIC: 0x0200 AMD64 Architecture Programmer's Manual Volume 2: System Programming Pub. 24593 Rev. 3.42 [2] Section 16.12 "x2APIC_ID" mentions the Extended Enumeration leaf 0x8000001e (which was later superseded by the extended leaf 0x80000026) provides the full x2APIC ID under all circumstances unlike the one reported by CPUID leaf 0x8000001e EAX which depends on the mode in which APIC is configured. Rely on the APIC ID parsed during cpu_parse_topology_ext() from CPUID leaf 0x80000026 or 0xb and only use the APIC ID from leaf 0x8000001e if cpu_parse_topology_ext() failed (has_topoext is false). On platforms that support the 0xb leaf (Zen2 or later, AMD guests on QEMU) or the extended leaf 0x80000026 (Zen4 or later), the "initial_apicid" is now set to the value parsed from EDX[31:0]. On older AMD/Hygon platforms that does not support the 0xb leaf but supports the TOPOEXT extension (Fam 0x15, 0x16, 0x17[Zen1], and Hygon), the current behavior is retained where "initial_apicid" is set using the 0x8000001e leaf. Cc: stable(a)vger.kernel.org Link: https://github.com/qemu/qemu/commit/35ac5dfbcaa4b [1] Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 [2] Debugged-by: Naveen N Rao (AMD) <naveen(a)kernel.org> Debugged-by: Sairaj Kodilkar <sarunkod(a)amd.com> Fixes: c749ce393b8f ("x86/cpu: Use common topology code for AMD") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Naveen N Rao (AMD) <naveen(a)kernel.org> Signed-off-by: K Prateek Nayak <kprateek.nayak(a)amd.com> --- Changelog v3..v4: o Refreshed the diff based on Thomas' suggestion. The tags have been retained since there are no functional changes - only comments around the code has changed. o Quoted relevant section of APM justifying the changes. o Moved this patch up ahead. o Cc'd stable. --- arch/x86/kernel/cpu/topology_amd.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/cpu/topology_amd.c b/arch/x86/kernel/cpu/topology_amd.c index 843b1655ab45..827dd0dbb6e9 100644 --- a/arch/x86/kernel/cpu/topology_amd.c +++ b/arch/x86/kernel/cpu/topology_amd.c @@ -81,20 +81,25 @@ static bool parse_8000_001e(struct topo_scan *tscan, bool has_topoext) cpuid_leaf(0x8000001e, &leaf); - tscan->c->topo.initial_apicid = leaf.ext_apic_id; - /* - * If leaf 0xb is available, then the domain shifts are set - * already and nothing to do here. Only valid for family >= 0x17. + * If leaf 0xb/0x26 is available, then the APIC ID and the domain + * shifts are set already. */ - if (!has_topoext && tscan->c->x86 >= 0x17) { + if (!has_topoext) { + tscan->c->topo.initial_apicid = leaf.ext_apic_id; + /* - * Leaf 0x80000008 set the CORE domain shift already. - * Update the SMT domain, but do not propagate it. + * Leaf 0x8000008 sets the CORE domain shift but not the + * SMT domain shift. On CPUs with family >= 0x17, there + * might be hyperthreads. */ - unsigned int nthreads = leaf.core_nthreads + 1; + if (tscan->c->x86 >= 0x17) { + /* Update the SMT domain, but do not propagate it. */ + unsigned int nthreads = leaf.core_nthreads + 1; - topology_update_dom(tscan, TOPO_SMT_DOMAIN, get_count_order(nthreads), nthreads); + topology_update_dom(tscan, TOPO_SMT_DOMAIN, + get_count_order(nthreads), nthreads); + } } store_node(tscan, leaf.nnodes_per_socket + 1, leaf.node_id); -- 2.34.1

3 weeks, 3 days

2
2
0 0

[PATCH v10] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail when BT_EN is pulled up by hw

by Shuai Zhang

When the host actively triggers SSR and collects coredump data, the Bluetooth stack sends a reset command to the controller. However, due to the inability to clear the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED bits, the reset command times out. To address this, this patch clears the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED flags and adds a 50ms delay after SSR, but only when HCI_QUIRK_NON_PERSISTENT_SETUP is not set. This ensures the controller completes the SSR process when BT_EN is always high due to hardware. For the purpose of HCI_QUIRK_NON_PERSISTENT_SETUP, please refer to the comment in `include/net/bluetooth/hci.h`. The HCI_QUIRK_NON_PERSISTENT_SETUP quirk is associated with BT_EN, and its presence can be used to determine whether BT_EN is defined in DTS. After SSR, host will not download the firmware, causing controller to remain in the IBS_WAKE state. Host needs to synchronize with the controller to maintain proper operation. Multiple triggers of SSR only first generate coredump file, due to memcoredump_flag no clear. add clear coredump flag when ssr completed. When the SSR duration exceeds 2 seconds, it triggers host tx_idle_timeout, which sets host TX state to sleep. due to the hardware pulling up bt_en, the firmware is not downloaded after the SSR. As a result, the controller does not enter sleep mode. Consequently, when the host sends a command afterward, it sends 0xFD to the controller, but the controller does not respond, leading to a command timeout. So reset tx_idle_timer after SSR to prevent host enter TX IBS_Sleep mode. --- Changs since v8-v9: -- Update base patch to latest patch. -- add Cc stable(a)vger.kernel.org on signed-of. Changes since v6-7: - Merge the changes into a single patch. - Update commit. Changes since v1-5: - Add an explanation for HCI_QUIRK_NON_PERSISTENT_SETUP. - Add commments for msleep(50). - Update format and commit. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 4cff4d9be..97aaf4985 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1653,6 +1653,39 @@ static void qca_hw_error(struct hci_dev *hdev, u8 code) skb_queue_purge(&qca->rx_memdump_q); } + /* + * If the BT chip's bt_en pin is connected to a 3.3V power supply via + * hardware and always stays high, driver cannot control the bt_en pin. + * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and + * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset + * command timeout. + * Add an msleep delay to ensure controller completes the SSR process. + * + * Host will not download the firmware after SSR, controller to remain + * in the IBS_WAKE state, and the host needs to synchronize with it + * + * Since the bluetooth chip has been reset, clear the memdump state. + */ + if (!test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) { + /* + * When the SSR (SubSystem Restart) duration exceeds 2 seconds, + * it triggers host tx_idle_delay, which sets host TX state + * to sleep. Reset tx_idle_timer after SSR to prevent + * host enter TX IBS_Sleep mode. + */ + mod_timer(&qca->tx_idle_timer, jiffies + + msecs_to_jiffies(qca->tx_idle_delay)); + + /* Controller reset completion time is 50ms */ + msleep(50); + + clear_bit(QCA_SSR_TRIGGERED, &qca->flags); + clear_bit(QCA_IBS_DISABLED, &qca->flags); + + qca->tx_ibs_state = HCI_IBS_TX_AWAKE; + qca->memdump_state = QCA_MEMDUMP_IDLE; + } + clear_bit(QCA_HW_ERROR_EVENT, &qca->flags); } -- 2.34.1

3 weeks, 3 days

2
2
0 0

[PATCH v3] mm: slub: avoid wake up kswapd in set_track_prepare

by yangshiguang1011＠163.com

From: yangshiguang <yangshiguang(a)xiaomi.com> From: yangshiguang <yangshiguang(a)xiaomi.com> set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when enabled CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare, and try to hold the per_cpu(hrtimer_bases)[n].lock. Avoid deadlock caused by implicitly waking up kswapd by passing in allocation flags. The oops looks something like: BUG: spinlock recursion on CPU#3, swapper/3/0 lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3 Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT) Call trace: spin_bug+0x0 _raw_spin_lock_irqsave+0x80 hrtimer_try_to_cancel+0x94 task_contending+0x10c enqueue_dl_entity+0x2a4 dl_server_start+0x74 enqueue_task_fair+0x568 enqueue_task+0xac do_activate_task+0x14c ttwu_do_activate+0xcc try_to_wake_up+0x6c8 default_wake_function+0x20 autoremove_wake_function+0x1c __wake_up+0xac wakeup_kswapd+0x19c wake_all_kswapds+0x78 __alloc_pages_slowpath+0x1ac __alloc_pages_noprof+0x298 stack_depot_save_flags+0x6b0 stack_depot_save+0x14 set_track_prepare+0x5c ___slab_alloc+0xccc __kmalloc_cache_noprof+0x470 __set_page_owner+0x2bc post_alloc_hook[jt]+0x1b8 prep_new_page+0x28 get_page_from_freelist+0x1edc __alloc_pages_noprof+0x13c alloc_slab_page+0x244 allocate_slab+0x7c ___slab_alloc+0x8e8 kmem_cache_alloc_noprof+0x450 debug_objects_fill_pool+0x22c debug_object_activate+0x40 enqueue_hrtimer[jt]+0xdc hrtimer_start_range_ns+0x5f8 ... Signed-off-by: yangshiguang <yangshiguang(a)xiaomi.com> Fixes: 5cf909c553e9 ("mm/slub: use stackdepot to save stack trace in objects") Cc: stable(a)vger.kernel.org --- v1 -> v2: propagate gfp flags to set_track_prepare() v2 -> v3: Remove the gfp restriction in set_track_prepare() [1]https://lore.kernel.org/all/20250801065121.876793-1-yangshiguang1011@163.… [2]https://lore.kernel.org/all/20250814111641.380629-2-yangshiguang1011@163.… --- mm/slub.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 30003763d224..443411713e2f 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -962,19 +962,21 @@ static struct track *get_track(struct kmem_cache *s, void *object, } #ifdef CONFIG_STACKDEPOT -static noinline depot_stack_handle_t set_track_prepare(void) +static noinline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { depot_stack_handle_t handle; unsigned long entries[TRACK_ADDRS_COUNT]; unsigned int nr_entries; + /* Preemption is disabled in ___slab_alloc() */ + gfp_flags &= ~(__GFP_DIRECT_RECLAIM); nr_entries = stack_trace_save(entries, ARRAY_SIZE(entries), 3); - handle = stack_depot_save(entries, nr_entries, GFP_NOWAIT); + handle = stack_depot_save(entries, nr_entries, gfp_flags); return handle; } #else -static inline depot_stack_handle_t set_track_prepare(void) +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } @@ -996,9 +998,9 @@ static void set_track_update(struct kmem_cache *s, void *object, } static __always_inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) { - depot_stack_handle_t handle = set_track_prepare(); + depot_stack_handle_t handle = set_track_prepare(gfp_flags); set_track_update(s, object, alloc, addr, handle); } @@ -1921,9 +1923,9 @@ static inline bool free_debug_processing(struct kmem_cache *s, static inline void slab_pad_check(struct kmem_cache *s, struct slab *slab) {} static inline int check_object(struct kmem_cache *s, struct slab *slab, void *object, u8 val) { return 1; } -static inline depot_stack_handle_t set_track_prepare(void) { return 0; } +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } static inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) {} + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) {} static inline void add_full(struct kmem_cache *s, struct kmem_cache_node *n, struct slab *slab) {} static inline void remove_full(struct kmem_cache *s, struct kmem_cache_node *n, @@ -3878,7 +3880,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, * tracking info and return the object. */ if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -3910,7 +3912,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, goto new_objects; if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -4422,7 +4424,7 @@ static noinline void free_to_partial_list( depot_stack_handle_t handle = 0; if (s->flags & SLAB_STORE_USER) - handle = set_track_prepare(); + handle = set_track_prepare(__GFP_NOWARN); spin_lock_irqsave(&n->list_lock, flags); -- 2.43.0

3 weeks, 3 days

5
7
0 0

[tip: x86/urgent] x86/cpu/intel: Fix the constant_tsc model check for Pentium 4

by tip-bot2 for Suchit Karunakaran

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 24963ae1b0b6596dc36e352c18593800056251d8 Gitweb: https://git.kernel.org/tip/24963ae1b0b6596dc36e352c18593800056251d8 Author: Suchit Karunakaran <suchitkarunakaran(a)gmail.com> AuthorDate: Sat, 16 Aug 2025 12:21:26 +05:30 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Mon, 25 Aug 2025 08:23:37 -07:00 x86/cpu/intel: Fix the constant_tsc model check for Pentium 4 Pentium 4's which are INTEL_P4_PRESCOTT (model 0x03) and later have a constant TSC. This was correctly captured until commit fadb6f569b10 ("x86/cpu/intel: Limit the non-architectural constant_tsc model checks"). In that commit, an error was introduced while selecting the last P4 model (0x06) as the upper bound. Model 0x06 was transposed to INTEL_P4_WILLAMETTE, which is just plain wrong. That was presumably a simple typo, probably just copying and pasting the wrong P4 model. Fix the constant TSC logic to cover all later P4 models. End at INTEL_P4_CEDARMILL which accurately corresponds to the last P4 model. Fixes: fadb6f569b10 ("x86/cpu/intel: Limit the non-architectural constant_tsc model checks") Signed-off-by: Suchit Karunakaran <suchitkarunakaran(a)gmail.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250816065126.5000-1-suchitkarunakaran%40gmail… --- arch/x86/kernel/cpu/intel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 076eaa4..98ae4c3 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -262,7 +262,7 @@ static void early_init_intel(struct cpuinfo_x86 *c) if (c->x86_power & (1 << 8)) { set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC); set_cpu_cap(c, X86_FEATURE_NONSTOP_TSC); - } else if ((c->x86_vfm >= INTEL_P4_PRESCOTT && c->x86_vfm <= INTEL_P4_WILLAMETTE) || + } else if ((c->x86_vfm >= INTEL_P4_PRESCOTT && c->x86_vfm <= INTEL_P4_CEDARMILL) || (c->x86_vfm >= INTEL_CORE_YONAH && c->x86_vfm <= INTEL_IVYBRIDGE)) { set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC); }

3 weeks, 3 days

1
0
0 0

[PATCH V5 mm-hotfixes 2/3] mm: introduce and use {pgd,p4d}_populate_kernel()

by Harry Yoo

Introduce and use {pgd,p4d}_populate_kernel() in core MM code when populating PGD and P4D entries for the kernel address space. These helpers ensure proper synchronization of page tables when updating the kernel portion of top-level page tables. Until now, the kernel has relied on each architecture to handle synchronization of top-level page tables in an ad-hoc manner. For example, see commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct mapping and vmemmap mapping changes"). However, this approach has proven fragile for following reasons: 1) It is easy to forget to perform the necessary page table synchronization when introducing new changes. For instance, commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") overlooked the need to synchronize page tables for the vmemmap area. 2) It is also easy to overlook that the vmemmap and direct mapping areas must not be accessed before explicit page table synchronization. For example, commit 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")) caused crashes by accessing the vmemmap area before calling sync_global_pgds(). To address this, as suggested by Dave Hansen, introduce _kernel() variants of the page table population helpers, which invoke architecture-specific hooks to properly synchronize page tables. These are introduced in a new header file, include/linux/pgalloc.h, so they can be called from common code. They reuse existing infrastructure for vmalloc and ioremap. Synchronization requirements are determined by ARCH_PAGE_TABLE_SYNC_MASK, and the actual synchronization is performed by arch_sync_kernel_mappings(). This change currently targets only x86_64, so only PGD and P4D level helpers are introduced. Currently, these helpers are no-ops since no architecture sets PGTBL_{PGD,P4D}_MODIFIED in ARCH_PAGE_TABLE_SYNC_MASK. In theory, PUD and PMD level helpers can be added later if needed by other architectures. For now, 32-bit architectures (x86-32 and arm) only handle PGTBL_PMD_MODIFIED, so p*d_populate_kernel() will never affect them unless we introduce a PMD level helper. Cc: <stable(a)vger.kernel.org> Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges") Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Kiryl Shutsemau <kas(a)kernel.org> Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- include/linux/pgalloc.h | 24 ++++++++++++++++++++++++ include/linux/pgtable.h | 13 +++++++------ mm/kasan/init.c | 12 ++++++------ mm/percpu.c | 6 +++--- mm/sparse-vmemmap.c | 6 +++--- 5 files changed, 43 insertions(+), 18 deletions(-) create mode 100644 include/linux/pgalloc.h diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h new file mode 100644 index 000000000000..290ab864320f --- /dev/null +++ b/include/linux/pgalloc.h @@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_PGALLOC_H +#define _LINUX_PGALLOC_H + +#include <linux/pgtable.h> +#include <asm/pgalloc.h> + +static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd, + p4d_t *p4d) +{ + pgd_populate(&init_mm, pgd, p4d); + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) + arch_sync_kernel_mappings(addr, addr); +} + +static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d, + pud_t *pud) +{ + p4d_populate(&init_mm, p4d, pud); + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) + arch_sync_kernel_mappings(addr, addr); +} + +#endif /* _LINUX_PGALLOC_H */ diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index ba699df6ef69..2b80fd456c8b 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1469,8 +1469,8 @@ static inline void modify_prot_commit_ptes(struct vm_area_struct *vma, unsigned /* * Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values - * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings() - * needs to be called. + * and let generic vmalloc, ioremap and page table update code know when + * arch_sync_kernel_mappings() needs to be called. */ #ifndef ARCH_PAGE_TABLE_SYNC_MASK #define ARCH_PAGE_TABLE_SYNC_MASK 0 @@ -1954,10 +1954,11 @@ static inline bool arch_has_pfn_modify_check(void) /* * Page Table Modification bits for pgtbl_mod_mask. * - * These are used by the p?d_alloc_track*() set of functions an in the generic - * vmalloc/ioremap code to track at which page-table levels entries have been - * modified. Based on that the code can better decide when vmalloc and ioremap - * mapping changes need to be synchronized to other page-tables in the system. + * These are used by the p?d_alloc_track*() and p*d_populate_kernel() + * functions in the generic vmalloc, ioremap and page table update code + * to track at which page-table levels entries have been modified. + * Based on that the code can better decide when page table changes need + * to be synchronized to other page-tables in the system. */ #define __PGTBL_PGD_MODIFIED 0 #define __PGTBL_P4D_MODIFIED 1 diff --git a/mm/kasan/init.c b/mm/kasan/init.c index ced6b29fcf76..8fce3370c84e 100644 --- a/mm/kasan/init.c +++ b/mm/kasan/init.c @@ -13,9 +13,9 @@ #include <linux/mm.h> #include <linux/pfn.h> #include <linux/slab.h> +#include <linux/pgalloc.h> #include <asm/page.h> -#include <asm/pgalloc.h> #include "kasan.h" @@ -191,7 +191,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr, pud_t *pud; pmd_t *pmd; - p4d_populate(&init_mm, p4d, + p4d_populate_kernel(addr, p4d, lm_alias(kasan_early_shadow_pud)); pud = pud_offset(p4d, addr); pud_populate(&init_mm, pud, @@ -212,7 +212,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr, } else { p = early_alloc(PAGE_SIZE, NUMA_NO_NODE); pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } } zero_pud_populate(p4d, addr, next); @@ -251,10 +251,10 @@ int __ref kasan_populate_early_shadow(const void *shadow_start, * puds,pmds, so pgd_populate(), pud_populate() * is noops. */ - pgd_populate(&init_mm, pgd, + pgd_populate_kernel(addr, pgd, lm_alias(kasan_early_shadow_p4d)); p4d = p4d_offset(pgd, addr); - p4d_populate(&init_mm, p4d, + p4d_populate_kernel(addr, p4d, lm_alias(kasan_early_shadow_pud)); pud = pud_offset(p4d, addr); pud_populate(&init_mm, pud, @@ -273,7 +273,7 @@ int __ref kasan_populate_early_shadow(const void *shadow_start, if (!p) return -ENOMEM; } else { - pgd_populate(&init_mm, pgd, + pgd_populate_kernel(addr, pgd, early_alloc(PAGE_SIZE, NUMA_NO_NODE)); } } diff --git a/mm/percpu.c b/mm/percpu.c index d9cbaee92b60..a56f35dcc417 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -3108,7 +3108,7 @@ int __init pcpu_embed_first_chunk(size_t reserved_size, size_t dyn_size, #endif /* BUILD_EMBED_FIRST_CHUNK */ #ifdef BUILD_PAGE_FIRST_CHUNK -#include <asm/pgalloc.h> +#include <linux/pgalloc.h> #ifndef P4D_TABLE_SIZE #define P4D_TABLE_SIZE PAGE_SIZE @@ -3134,13 +3134,13 @@ void __init __weak pcpu_populate_pte(unsigned long addr) if (pgd_none(*pgd)) { p4d = memblock_alloc_or_panic(P4D_TABLE_SIZE, P4D_TABLE_SIZE); - pgd_populate(&init_mm, pgd, p4d); + pgd_populate_kernel(addr, pgd, p4d); } p4d = p4d_offset(pgd, addr); if (p4d_none(*p4d)) { pud = memblock_alloc_or_panic(PUD_TABLE_SIZE, PUD_TABLE_SIZE); - p4d_populate(&init_mm, p4d, pud); + p4d_populate_kernel(addr, p4d, pud); } pud = pud_offset(p4d, addr); diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c index 41aa0493eb03..dbd8daccade2 100644 --- a/mm/sparse-vmemmap.c +++ b/mm/sparse-vmemmap.c @@ -27,9 +27,9 @@ #include <linux/spinlock.h> #include <linux/vmalloc.h> #include <linux/sched.h> +#include <linux/pgalloc.h> #include <asm/dma.h> -#include <asm/pgalloc.h> #include <asm/tlbflush.h> #include "hugetlb_vmemmap.h" @@ -229,7 +229,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) if (!p) return NULL; pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } return p4d; } @@ -241,7 +241,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); if (!p) return NULL; - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } return pgd; } -- 2.43.0

3 weeks, 3 days

6
15
0 0

Supplier of kinds of tools

by decii＠pachatool.com

3 weeks, 4 days

1
0
0 0

+ arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: arm64: kexec: Initialize kexec_buf struct in image_load() has been added to the -mm mm-hotfixes-unstable branch. Its filename is arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Breno Leitao <leitao(a)debian.org> Subject: arm64: kexec: Initialize kexec_buf struct in image_load() Date: Tue, 26 Aug 2025 05:08:51 -0700 The kexec_buf structure was previously declared without initialization in image_load(). This led to a UBSAN warning when the structure was expanded and uninitialized fields were accessed [1]. Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used. Fixes this UBSAN warning: [ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10 [ 32.362649] load of value 252 is not a valid value for type '_Bool' Andrew Morton suggested that this function is only called 3x a week[2], thus, the memset() cost is inexpensive. Link: https://lore.kernel.org/all/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnz… [1] Link: https://lore.kernel.org/all/20250825180531.94bfb86a26a43127c0a1296f@linux-f… [2] Link: https://lkml.kernel.org/r/20250826-akpm-v1-1-3c831f0e3799@debian.org Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly") Signed-off-by: Breno Leitao <leitao(a)debian.org> Suggested-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Coiby Xu <coxu(a)redhat.com> Cc: "Daniel P. Berrange" <berrange(a)redhat.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Kairui Song <ryncsn(a)gmail.com> Cc: Liu Pingfan <kernelfans(a)gmail.com> Cc: Milan Broz <gmazyland(a)gmail.com> Cc: Ondrej Kozina <okozina(a)redhat.com> Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/kernel/kexec_image.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm64/kernel/kexec_image.c~arm64-kexec-initialize-kexec_buf-struct-in-image_load +++ a/arch/arm64/kernel/kexec_image.c @@ -41,7 +41,7 @@ static void *image_load(struct kimage *i struct arm64_image_header *h; u64 flags, value; bool be_image, be_kernel; - struct kexec_buf kbuf; + struct kexec_buf kbuf = {}; unsigned long text_offset, kernel_segment_number; struct kexec_segment *kernel_segment; int ret; _ Patches currently in -mm which might be from leitao(a)debian.org are arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch

3 weeks, 4 days

1
0
0 0

[to-be-updated] kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kexec/arm64: initialize the random field of kbuf to zero in the image loader has been removed from the -mm tree. Its filename was kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Breno Leitao <leitao(a)debian.org> Subject: kexec/arm64: initialize the random field of kbuf to zero in the image loader Date: Thu Aug 21 04:11:21 2025 -0700 Add an explicit initialization for the random member of the kbuf structure within the image_load function in arch/arm64/kernel/kexec_image.c. Setting kbuf.random to zero ensures a deterministic and clean starting state for the buffer used during kernel image loading, avoiding this UBSAN issue later, when kbuf.random is read. [ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10 [ 32.362649] load of value 252 is not a valid value for type '_Bool' Link: https://lkml.kernel.org/r/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnzad… Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly") Signed-off-by: Breno Leitao <leitao(a)debian.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Coiby Xu <coxu(a)redhat.com> Cc: "Daniel P. Berrange" <berrange(a)redhat.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Kairui Song <ryncsn(a)gmail.com> Cc: Liu Pingfan <kernelfans(a)gmail.com> Cc: Milan Broz <gmazyland(a)gmail.com> Cc: Ondrej Kozina <okozina(a)redhat.com> Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/kernel/kexec_image.c | 1 + 1 file changed, 1 insertion(+) --- a/arch/arm64/kernel/kexec_image.c~kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader +++ a/arch/arm64/kernel/kexec_image.c @@ -76,6 +76,7 @@ static void *image_load(struct kimage *i kbuf.buf_min = 0; kbuf.buf_max = ULONG_MAX; kbuf.top_down = false; + kbuf.random = 0; kbuf.buffer = kernel; kbuf.bufsz = kernel_len; _ Patches currently in -mm which might be from leitao(a)debian.org are

3 weeks, 4 days

1
0
0 0

[PATCH] net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions

by Fabio Porcedda

From: Fabio Porcedda <fabio.porcedda(a)gmail.com> Add the following Telit Cinterion LE910C4-WWX new compositions: 0x1034: tty (AT) + tty (AT) + rmnet T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 8 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1034 Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x1037: tty (diag) + tty (Telit custom) + tty (AT) + tty (AT) + rmnet T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 15 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1037 Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x1038: tty (Telit custom) + tty (AT) + tty (AT) + rmnet T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 9 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1038 Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/net/usb/qmi_wwan.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index e56901bb6ebc..11352d85475a 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -1355,6 +1355,9 @@ static const struct usb_device_id products[] = { {QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */ {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1034, 2)}, /* Telit LE910C4-WWX */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1037, 4)}, /* Telit LE910C4-WWX */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1038, 3)}, /* Telit LE910C4-WWX */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x103a, 0)}, /* Telit LE910C4-WWX */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */ -- 2.51.0

3 weeks, 4 days

2
1
0 0

[PATCH] btrfs: fix corruption reading compressed range when block size is smaller than page size

by Qu Wenruo

[BUG] With 64K page size (aarch64 with 64K page size config) and 4K btrfs block size, the following workload can easily lead to a corrupted read: mkfs.btrfs -f -s 4k $dev > /dev/null mount -o compress $dev $mnt xfs_io -f -c "pwrite -S 0xff 0 64k" $mnt/base > /dev/null echo "correct result:" od -Ad -t x1 $mnt/base xfs_io -f -c "reflink $mnt/base 32k 0 32k" \ -c "reflink $mnt/base 0 32k 32k" \ -c "pwrite -S 0xff 60k 4k" $mnt/new > /dev/null echo "incorrect result:" od -Ad -t x1 $mnt/new umount $mnt This shows the following result: correct result: 0000000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff * 0065536 incorrect result: 0000000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff * 0032768 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 0061440 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff * 0065536 Notice the zero in the range [32K, 60K), which is incorrect. [CAUSE] With extra trace printk, it shows the following events during od: (some unrelated info removed like CPU and context) od-3457 btrfs_do_readpage: enter r/i=5/258 folio=0(65536) prev_em_start=0000000000000000 The "r/i" is indicating the root and inode number. In our case the file "new" is using ino 258 from fs tree (root 5). Here notice the @prev_em_start pointer is NULL. This means the btrfs_do_readpage() is called from btrfs_read_folio(), not from btrfs_readahead(). od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=0 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=4096 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=8192 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=12288 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=16384 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=20480 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=24576 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=28672 got em start=0 len=32768 These above 32K blocks will be read from the first half of the compressed data extent. od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=32768 got em start=32768 len=32768 Note here there is no btrfs_submit_compressed_read() call. Which is incorrect now. Although both extent maps at 0 and 32K are pointing to the same compressed data, their offsets are different thus can not be merged into the same read. So this means the compressed data read merge check is doing something wrong. od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=36864 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=40960 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=45056 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=49152 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=53248 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=57344 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=61440 skip uptodate od-3457 btrfs_submit_compressed_read: cb orig_bio: file off=0 len=61440 The function btrfs_submit_compressed_read() is only called at the end of folio read. The compressed bio will only have an extent map of range [0, 32K), but the original bio passed in is for the whole 64K folio. This will cause the decompression part to only fill the first 32K, leaving the rest untouched (aka, filled with zero). This incorrect compressed read merge leads to the above data corruption. There were similar problems that happened in the past, commit 808f80b46790 ("Btrfs: update fix for read corruption of compressed and shared extents") is doing pretty much the same fix for readahead. But that's back to 2015, where btrfs still only supports bs (block size) == ps (page size) cases. This means btrfs_do_readpage() only needs to handle a folio which contains exactly one block. Only btrfs_readahead() can lead to a read covering multiple blocks. Thus only btrfs_readahead() passes a non-NULL @prev_em_start pointer. With v5.15 kernel btrfs introduced bs < ps support. This breaks the above assumption that a folio can only contain one block. Now btrfs_read_folio() can also read multiple blocks in one go. But btrfs_read_folio() doesn't pass a @prev_em_start pointer, thus the existing bio force submission check will never be triggered. In theory, this can also happen for btrfs with large folios, but since large folio is still experimental, we don't need to bother it, thus only bs < ps support is affected for now. [FIX] Instead of passing @prev_em_start to do the proper compressed extent check, introduce one new member, btrfs_bio_ctrl::last_em_start, so that the existing bio force submission logic will always be triggered. CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- Changelog: v4: - Minor grammar fixes - Update the subject to reflect the bug better This is the merged version inside for-next branch. However for people who are not following our development branch but still want to verify the incoming fstests test case, we need this fix to be publicly avaiable. Newer minor changes will only be done inside the development branch. v3: - Use a single btrfs_bio_ctrl::last_em_start Since the existing prev_em_start is using U64_MAX as the initial value to indicate no em hit yet, we can use the same logic, which saves another 8 bytes from btrfs_bio_ctrl. - Update the reproducer Previously I failed to reproduce using a minimal workload. As regular read from od/md5sum always trigger readahead thus not hitting the @prev_em_start == NULL path. Will send out a fstest case for it using the minimal reproducer. But it will still need a 16K/64K page sized system to reproduce. Fix the problem by doing an block aligned write into the folio, so that the folio will be partially dirty and not go through the readahead path. - Update the analyze This includes the trace events of the minimal reproducer, and mentioning of previous similar fixes and why they do not work for subpage cases. - Update the CC tag Since it's only affecting bs < ps cases (for non-experimental builds), only need to fix kernels with subpage btrfs supports. v2: - Only save extent_map::start/len to save memory for btrfs_bio_ctrl It's using on-stack memory which is very limited inside the kernel. - Remove the commit message mentioning of clearing last saved em Since we're using em::start/len, there is no need to clear them. Either we hit the same em::start/len, meaning hitting the same extent map, or we hit a different em, which will have a different start/len. --- fs/btrfs/extent_io.c | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 426a6791a0b2..ca7174fa0240 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -131,6 +131,24 @@ struct btrfs_bio_ctrl { */ unsigned long submit_bitmap; struct readahead_control *ractl; + + /* + * The start offset of the last used extent map by a read operation. + * + * This is for proper compressed read merge. + * U64_MAX means we are starting the read and have made no progress yet. + * + * The current btrfs_bio_is_contig() only uses disk_bytenr as + * the condition to check if the read can be merged with previous + * bio, which is not correct. E.g. two file extents pointing to the + * same extent but with different offset. + * + * So here we need to do extra checks to only merge reads that are + * covered by the same extent map. + * Just extent_map::start will be enough, as they are unique + * inside the same inode. + */ + u64 last_em_start; }; /* @@ -965,7 +983,7 @@ static void btrfs_readahead_expand(struct readahead_control *ractl, * return 0 on success, otherwise return error */ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached, - struct btrfs_bio_ctrl *bio_ctrl, u64 *prev_em_start) + struct btrfs_bio_ctrl *bio_ctrl) { struct inode *inode = folio->mapping->host; struct btrfs_fs_info *fs_info = inode_to_fs_info(inode); @@ -1076,12 +1094,11 @@ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached, * non-optimal behavior (submitting 2 bios for the same extent). */ if (compress_type != BTRFS_COMPRESS_NONE && - prev_em_start && *prev_em_start != (u64)-1 && - *prev_em_start != em->start) + bio_ctrl->last_em_start != U64_MAX && + bio_ctrl->last_em_start != em->start) force_bio_submit = true; - if (prev_em_start) - *prev_em_start = em->start; + bio_ctrl->last_em_start = em->start; em_gen = em->generation; btrfs_free_extent_map(em); @@ -1296,12 +1313,15 @@ int btrfs_read_folio(struct file *file, struct folio *folio) const u64 start = folio_pos(folio); const u64 end = start + folio_size(folio) - 1; struct extent_state *cached_state = NULL; - struct btrfs_bio_ctrl bio_ctrl = { .opf = REQ_OP_READ }; + struct btrfs_bio_ctrl bio_ctrl = { + .opf = REQ_OP_READ, + .last_em_start = U64_MAX, + }; struct extent_map *em_cached = NULL; int ret; lock_extents_for_read(inode, start, end, &cached_state); - ret = btrfs_do_readpage(folio, &em_cached, &bio_ctrl, NULL); + ret = btrfs_do_readpage(folio, &em_cached, &bio_ctrl); btrfs_unlock_extent(&inode->io_tree, start, end, &cached_state); btrfs_free_extent_map(em_cached); @@ -2641,7 +2661,8 @@ void btrfs_readahead(struct readahead_control *rac) { struct btrfs_bio_ctrl bio_ctrl = { .opf = REQ_OP_READ | REQ_RAHEAD, - .ractl = rac + .ractl = rac, + .last_em_start = U64_MAX, }; struct folio *folio; struct btrfs_inode *inode = BTRFS_I(rac->mapping->host); @@ -2649,12 +2670,11 @@ void btrfs_readahead(struct readahead_control *rac) const u64 end = start + readahead_length(rac) - 1; struct extent_state *cached_state = NULL; struct extent_map *em_cached = NULL; - u64 prev_em_start = (u64)-1; lock_extents_for_read(inode, start, end, &cached_state); while ((folio = readahead_folio(rac)) != NULL) - btrfs_do_readpage(folio, &em_cached, &bio_ctrl, &prev_em_start); + btrfs_do_readpage(folio, &em_cached, &bio_ctrl); btrfs_unlock_extent(&inode->io_tree, start, end, &cached_state); -- 2.50.1

3 weeks, 4 days

1
0
0 0

[PATCH] arm64/boot: Zero-initialize idmap PGDs before use

by Sam Edwards

In early boot, Linux creates identity virtual->physical address mappings so that it can enable the MMU before full memory management is ready. To ensure some available physical memory to back these structures, vmlinux.lds reserves some space (and defines marker symbols) in the middle of the kernel image. However, because they are defined outside of PROGBITS sections, they aren't pre-initialized -- at least as far as ELF is concerned. In the typical case, this isn't actually a problem: the boot image is prepared with objcopy, which zero-fills the gaps, so these structures are incidentally zero-initialized (an all-zeroes entry is considered absent, so zero-initialization is appropriate). However, that is just a happy accident: the `vmlinux` ELF output authoritatively represents the state of memory at entry. If the ELF says a region of memory isn't initialized, we must treat it as uninitialized. Indeed, certain bootloaders (e.g. Broadcom CFE) ingest the ELF directly -- sidestepping the objcopy-produced image entirely -- and therefore do not initialize the gaps. This results in the early boot code crashing when it attempts to create identity mappings. Therefore, add boot-time zero-initialization for the following: - __pi_init_idmap_pg_dir..__pi_init_idmap_pg_end - idmap_pg_dir - reserved_pg_dir - tramp_pg_dir # Already done, but this patch corrects the size Note, swapper_pg_dir is already initialized (by copy from idmap_pg_dir) before use, so this patch does not need to address it. Cc: stable(a)vger.kernel.org Signed-off-by: Sam Edwards <CFSworks(a)gmail.com> --- arch/arm64/kernel/head.S | 12 ++++++++++++ arch/arm64/mm/mmu.c | 3 ++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index ca04b338cb0d..0c3be11d0006 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -86,6 +86,18 @@ SYM_CODE_START(primary_entry) bl record_mmu_state bl preserve_boot_args + adrp x0, reserved_pg_dir + add x1, x0, #PAGE_SIZE +0: str xzr, [x0], 8 + cmp x0, x1 + b.lo 0b + + adrp x0, __pi_init_idmap_pg_dir + adrp x1, __pi_init_idmap_pg_end +1: str xzr, [x0], 8 + cmp x0, x1 + b.lo 1b + adrp x1, early_init_stack mov sp, x1 mov x29, xzr diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 34e5d78af076..aaf823565a65 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -761,7 +761,7 @@ static int __init map_entry_trampoline(void) pgprot_val(prot) &= ~PTE_NG; /* Map only the text into the trampoline page table */ - memset(tramp_pg_dir, 0, PGD_SIZE); + memset(tramp_pg_dir, 0, PAGE_SIZE); __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, entry_tramp_text_size(), prot, pgd_pgtable_alloc_init_mm, NO_BLOCK_MAPPINGS); @@ -806,6 +806,7 @@ static void __init create_idmap(void) u64 end = __pa_symbol(__idmap_text_end); u64 ptep = __pa_symbol(idmap_ptes); + memset(idmap_pg_dir, 0, PAGE_SIZE); __pi_map_range(&ptep, start, end, start, PAGE_KERNEL_ROX, IDMAP_ROOT_LEVEL, (pte_t *)idmap_pg_dir, false, __phys_to_virt(ptep) - ptep); -- 2.49.1

3 weeks, 4 days

4
11
0 0

[PATCH net] ipv6: sr: fix destroy of seg6_hmac_info to prevent HMAC data leak

by Andrea Mayer

The seg6_hmac_info structure stores information related to SRv6 HMAC configurations, including the secret key, HMAC ID, and hashing algorithm used to authenticate and secure SRv6 packets. When a seg6_hmac_info object is no longer needed, it is destroyed via seg6_hmac_info_del(), which eventually calls seg6_hinfo_release(). This function uses kfree_rcu() to safely deallocate memory after an RCU grace period has elapsed. The kfree_rcu() releases memory without sanitization (e.g., zeroing out the memory). Consequently, sensitive information such as the HMAC secret and its length may remain in freed memory, potentially leading to data leaks. To address this risk, we replaced kfree_rcu() with a custom RCU callback, seg6_hinfo_free_callback_rcu(). Within this callback, we explicitly sanitize the seg6_hmac_info object before deallocating it safely using kfree_sensitive(). This approach ensures the memory is securely freed and prevents potential HMAC info leaks. Additionally, in the control path, we ensure proper cleanup of seg6_hmac_info objects when seg6_hmac_info_add() fails: such objects are freed using kfree_sensitive() instead of kfree(). Fixes: 4f4853dc1c9c ("ipv6: sr: implement API to control SR HMAC structure") Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support") Cc: stable(a)vger.kernel.org Signed-off-by: Andrea Mayer <andrea.mayer(a)uniroma2.it> --- net/ipv6/seg6.c | 2 +- net/ipv6/seg6_hmac.c | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c index 180da19c148c..88782bdab843 100644 --- a/net/ipv6/seg6.c +++ b/net/ipv6/seg6.c @@ -215,7 +215,7 @@ static int seg6_genl_sethmac(struct sk_buff *skb, struct genl_info *info) err = seg6_hmac_info_add(net, hmackeyid, hinfo); if (err) - kfree(hinfo); + kfree_sensitive(hinfo); out_unlock: mutex_unlock(&sdata->lock); diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c index fd58426f222b..19cdf3791ebf 100644 --- a/net/ipv6/seg6_hmac.c +++ b/net/ipv6/seg6_hmac.c @@ -57,9 +57,17 @@ static int seg6_hmac_cmpfn(struct rhashtable_compare_arg *arg, const void *obj) return (hinfo->hmackeyid != *(__u32 *)arg->key); } +static void seg6_hinfo_free_callback_rcu(struct rcu_head *head) +{ + struct seg6_hmac_info *hinfo; + + hinfo = container_of(head, struct seg6_hmac_info, rcu); + kfree_sensitive(hinfo); +} + static inline void seg6_hinfo_release(struct seg6_hmac_info *hinfo) { - kfree_rcu(hinfo, rcu); + call_rcu(&hinfo->rcu, seg6_hinfo_free_callback_rcu); } static void seg6_free_hi(void *ptr, void *arg) -- 2.20.1

3 weeks, 4 days

3
3
0 0

[PATCH 6.15 000/515] 6.15.11-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.11 release. There are 515 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Aug 2025 12:43:43 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.11-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.11-rc1 Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> dm: split write BIOs on zone boundaries when zone append is not emulated Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix racy re-initialization of irq_work causing hangs Yu Kuai <yukuai3(a)huawei.com> md: fix create on open mddev lifetime regression Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Allow DCN301 to clear update flags Arnd Bergmann <arnd(a)arndb.de> firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Jens Axboe <axboe(a)kernel.dk> io_uring/rw: cast rw->flags assignment to rwf_t Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Add link_power_management_supported sysfs attribute Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: install pairwise key first Aditya Garg <gargaditya08(a)live.com> HID: magicmouse: avoid setting up battery timer when not needed Sean Christopherson <seanjc(a)google.com> KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Maxim Levitsky <mlevitsk(a)redhat.com> KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter Sean Christopherson <seanjc(a)google.com> KVM: VMX: Extract checking of guest's DEBUGCTL into helper Pedro Falcato <pfalcato(a)suse.de> RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Willy Tarreau <w(a)1wt.eu> tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe: Fix infinite recursion using preempt_*_notrace() Marek Szyprowski <m.szyprowski(a)samsung.com> media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Fix OOB read due to missing payload bound check Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Kairui Song <kasong(a)tencent.com> mm/shmem, swap: improve cached mTHP handling and fix potential hang Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() David Hildenbrand <david(a)redhat.com> mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Vlastimil Babka <vbabka(a)suse.cz> mm, slab: restore NUMA policy support for large kmalloc Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Lizhi Xu <lizhi.xu(a)windriver.com> ocfs2: reset folio to NULL when get folio fails Randy Dunlap <rdunlap(a)infradead.org> fbdev: nvidiafb: add depends on HAS_IOPORT Sravan Kumar Gundu <sravankumarlpu(a)gmail.com> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Suren Baghdasaryan <surenb(a)google.com> userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Andrey Albershteyn <aalbersh(a)redhat.com> xfs: fix scrub trace with null pointer in quotacheck Qu Wenruo <wqu(a)suse.com> btrfs: do not allow relocation of partially dropped subvolumes Boris Burkov <boris(a)bur.io> btrfs: fix iteration bug in __qgroup_excl_accounting() Qu Wenruo <wqu(a)suse.com> btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not select metadata BG as finish target Filipe Manana <fdmanana(a)suse.com> btrfs: error on missing block group when unaccounting log tree extent buffers Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Filipe Manana <fdmanana(a)suse.com> btrfs: send: use fallocate for hole punching with send stream v2 Filipe Manana <fdmanana(a)suse.com> btrfs: clear dirty status from extent buffer on error at insert_new_root() Filipe Manana <fdmanana(a)suse.com> btrfs: don't skip remaining extrefs if dir not found during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled Caleb Sander Mateos <csander(a)purestorage.com> btrfs: don't skip accounting in early ENOTTY return in btrfs_uring_encoded_read() Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix race between quota disable and quota rescan ioctl Boris Burkov <boris(a)bur.io> btrfs: fix ssd_spread overallocation Filipe Manana <fdmanana(a)suse.com> btrfs: don't ignore inode missing when replaying log tree Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not remove unwritten non-data block group Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: requeue to unused block group list if zone finish failed Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction during log replay if walk_log_tree() failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use filesystem size not disk size for reclaim decision Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Zhang Yi <yi.zhang(a)huawei.com> ext4: initialize superblock fields in the kballoc-test.c kunit tests Baokun Li <libaokun1(a)huawei.com> ext4: fix largest free orders lists corruption on mb_optimize_scan switch Baokun Li <libaokun1(a)huawei.com> ext4: fix zombie groups in average fragment size lists Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Prevent ALIGN() overflow Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Alexey Klimov <alexey.klimov(a)linaro.org> iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset iface weights when we cannot find a candidate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks Christian Marangi <ansuelsmth(a)gmail.com> clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Damien Le Moal <dlemoal(a)kernel.org> dm: Always split write BIOs to zoned device limits Damien Le Moal <dlemoal(a)kernel.org> block: Introduce bio_needs_zone_write_plugging() Bijan Tabatabai <bijantabatab(a)micron.com> mm/damon/core: commit damos->target_nid SeongJae Park <sj(a)kernel.org> samples/damon/wsse: fix boot time enable handling Miguel Ojeda <ojeda(a)kernel.org> rust: workaround `rustdoc` target modifiers bug Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: clean output before running `rustdoc` Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo YiPeng Chai <YiPeng.Chai(a)amd.com> drm/amdgpu: fix vram reservation issue Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush David Howells <dhowells(a)redhat.com> cifs: Fix collect_sample() to handle any iterator type Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix uninitialized pointer error in probe() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Peter Jakubek <peterjakubek(a)gmail.com> ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU Thomas Croft <thomasmcft(a)gmail.com> ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Yu Kuai <yukuai3(a)huawei.com> lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Stefan Metzmacher <metze(a)samba.org> smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Handle cap_get_proc() ENOSYS Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Fix build with musl Len Brown <len.brown(a)intel.com> tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings Artem Sadovnikov <a.sadovnikov(a)ispras.ru> vfio/mlx5: fix possible overflow in tracking max message size John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Generate correct identifiers for PR OUT transport IDs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Keith Busch <kbusch(a)kernel.org> vfio/type1: conditional rescheduling while pinning Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c John Ogness <john.ogness(a)linutronix.de> printk: nbcon: Allow reacquire during panic Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: check the generic conditions first Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add cluster chain loop check for dir fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz John Johansen <john.johansen(a)canonical.com> apparmor: fix x_table_lookup when stacking is not the first entry Mateusz Guzik <mjguzik(a)gmail.com> apparmor: use the condition in AA_BUG_FMT even with debug disabled Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: fix checking for rq stackable devices Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Jorge Marques <jorge.marques(a)analog.com> i3c: master: Initialize ret in i3c_i2c_notifier_call() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Gabriel Totev <gabriel.totev(a)zetier.com> apparmor: shift ouid when mediating hard links in userns Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Petr Pavlu <petr.pavlu(a)suse.com> module: Prevent silent truncation of module name in delete_module(2) Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: Move handle_nested_irq outside of sdw_dev_lock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: serialize amd manager resume sequence during pm_prepare Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Postpone updating priv->clks[] Mario Limonciello <mario.limonciello(a)amd.com> crypto: ccp - Add missing bootloader info reg for pspv6 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - add timeout for load_fvc completion poll chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for HP Webcam HD 2300 Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: raspberrypi: cfe: Fix min_reqbufs_allocation Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Correctly handle ATA device errors Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Free allocated tags after failure Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Li Chen <chenl311(a)chinatelecom.cn> HID: rate-limit hid_warn to prevent log flooding Abel Vesa <abel.vesa(a)linaro.org> power: supply: qcom_battmgr: Add lithium-polymer entry Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Daniel Scally <dan.scally(a)ideasonboard.com> media: ipu-bridge: Add _HID for OV5670 Michal Wilczynski <m.wilczynski(a)samsung.com> clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Add handling for corrupt and drop frames Shiji Yang <yangshiji66(a)outlook.com> MIPS: lantiq: falcon: sysctrl: fix request memory check logic Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Markus Theil <theil.markus(a)gmail.com> crypto: jitter - fix intermediary handling Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Hans de Goede <hdegoede(a)redhat.com> media: hi556: Fix reset GPIO timings Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Ziyan Fu <fuzy5(a)lenovo.com> watchdog: iTCO_wdt: Report error if timeout configuration fails Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} George Moussalem <george.moussalem(a)outlook.com> clk: qcom: ipq5018: keep XO clock always on Florin Leotescu <florin.leotescu(a)nxp.com> hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Valmantas Paliksa <walmis(a)gmail.com> phy: rockchip-pcie: Enable all four lanes if required Geraldo Nascimento <geraldogabriel(a)gmail.com> phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Chen-Yu Tsai <wens(a)csie.org> mfd: axp20x: Set explicit ID for AXP313 regulator Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> sphinx: kernel_abi: fix performance regression with O=<dir> Pei Xiao <xiaopei01(a)kylinos.cn> clk: tegra: periph: Fix error handling and resolve unsigned compare warning Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - fix dma unmap sequence Yongzhen Zhang <zhangyongzhen(a)kylinos.cn> fbdev: fix potential buffer overflow in do_register_framebuffer() Paulo Alcantara <pc(a)manguebit.org> smb: client: fix session setup against servers that require SPN Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Aaron Plattner <aplattner(a)nvidia.com> watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Roman Li <Roman.Li(a)amd.com> drm/amd/display: Disable dsc_power_gate for dcn314 by default Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only finalize atomic_obj if it was initialized Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Will Deacon <will(a)kernel.org> vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Joel Fernandes <joelagnelf(a)nvidia.com> rcu: Fix rcu_read_unlock() deadloop due to IRQ work Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/ttm: Respect the shrinker core free target Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid trying AUX transactions on disconnected ports Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Update DMCUB loading sequence for DCN3.5 Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size Ihor Solodrai <isolodrai(a)meta.com> bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Make dma-fences compliant with the safe access rules Shannon Nelson <shannon.nelson(a)amd.com> ionic: clean dbpage in de-init Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: scan abort when assign/unassign_vif Breno Leitao <leitao(a)debian.org> ptp: Use ratelimite for freerun error message Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix JSON writer resource leak in version command Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent DIS_LEARNING access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: ensure BCM5325 PHYs are enabled Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gal Pressman <gal(a)nvidia.com> net: vlan: Make is_vlan_dev() a stub when VLAN is not configured ganglxie <ganglxie(a)amd.com> drm/amdgpu: clear pa and mca record counter when resetting eeprom Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Suspend IH during mode-2 reset Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Stop storing failures into adev->dm.cached_state Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual Heiner Kallweit <hkallweit1(a)gmail.com> dpaa_eth: don't use fixed_phy_change_carrier Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mark Rutland <mark.rutland(a)arm.com> arm64: stacktrace: Check kretprobe_find_ret_addr() return value Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> powerpc: floppy: Add missing checks after DMA map Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: Decrement TID on RX peer frag setup error handling Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Ching-Te Ku <ku920601(a)realtek.com> wifi: rtw89: coex: Not to set slot duration to zero to avoid firmware issue Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: mac80211: update radar_required in channel context after channel switch Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize mode_select to 0 Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Zqiang <qiang.zhang1211(a)gmail.com> rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mld: fix last_mlo_scan_time type Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: don't exit EMLSR when we shouldn't Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Nathan Lynch <nathan.lynch(a)amd.com> lib: packing: Include necessary headers Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: ath12k: Fix station association with MBSSID Non-TX BSS Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Add memset and update default rate value in wmi tx completion Andy Yan <andy.yan(a)rock-chips.com> drm/panel: raydium-rm67200: Move initialization from enable() to prepare stage Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath10k: shutdown driver when hardware is unreliable Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: add null check Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Xiang Liu <xiang.liu(a)amd.com> drm/amdgpu: Use correct severity for BP threshold exceed event Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing RubenKelevra <rubenkelevra(a)gmail.com> net: ieee8021q: fix insufficient table-size assertion Li Chen <chenl311(a)chinatelecom.cn> ACPI: Suppress misleading SPCR console message when SPCR table is absent Eric Work <work.eric(a)gmail.com> net: atlantic: add set_power to fw_ops for atl2 to fix wol Aakash Kumar S <saakashkumar(a)marvell.com> xfrm: Duplicate SPI Handling zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Enable end-to-end flow control also in transmit Matt Roper <matthew.d.roper(a)intel.com> drm/xe/xe_query: Use separate iterator while filling GT list Mark Brown <broonie(a)kernel.org> kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: increase eeprom command timeout David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Disable deep power saving for USB/SDIO Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Fix rtw89_mac_power_switch() for USB Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Clear runtime PM errors while resetting the GPU Robin Murphy <robin.murphy(a)arm.com> perf/arm: Add missing .suppress_bind_attrs Yuan Chen <chenyuan(a)kylinos.cn> drm/msm: Add error handling for krealloc in metadata setup Rob Clark <robdclark(a)chromium.org> drm/msm: use trylock for debugfs Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Update register xml Thierry Reding <treding(a)nvidia.com> drm/fbdev-client: Skip DRM clients if modesetting is absent Felix Fietkau <nbd(a)nbd.name> wifi: mt76: fix vif link allocation Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: fix rx link assignment for non-MLO stations Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access Kuniyuki Iwashima <kuniyu(a)google.com> ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Heiko Carstens <hca(a)linux.ibm.com> s390/early: Copy last breaking event address to pt_regs Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: avoid weird state in error path Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't complete management TX on SAE commit Chris Mason <clm(a)fb.com> sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Nam Cao <namcao(a)linutronix.de> rv: Add #undef TRACE_INCLUDE_FILE Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: PHY initialization Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Philipp Stanner <phasta(a)kernel.org> drm/sched: Avoid memory leaks with cancel_job() callback Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> um: Re-evaluate thread flags repeatedly Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mld: fix scan request validation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: set gtk id also in older FWs Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Forget ranges when refining tnum after JSET Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix accounting after global limits change Alok Tiwari <alok.a.tiwari(a)oracle.com> perf/cxlpmu: Remove unintended newline from IRQ name format string Biju Das <biju.das.jz(a)bp.renesas.com> net: phy: micrel: Add ksz9131_resume() Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unreserve never reserved chanctx Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: handle WLAN_HT_ACTION_NOTIFY_CHANWIDTH async Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't use TPE data from assoc response Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Prevent duplicate binds Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: ti_hecc: fix -Woverflow compiler warning Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: limit clear_update_flags to dcn32 and above Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: fix null pointer access Breno Leitao <leitao(a)debian.org> arm64: Mark kernel as tainted on SAE and SError panic Jack Ping CHNG <jchng(a)maxlinear.com> net: pcs: xpcs: mask readl() return value to 16 bits Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Properly access RCU protected qdisc_sleeping variable Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB Chin-Yen Lee <timlee(a)realtek.com> wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Matteo Croce <teknoraver(a)meta.com> libbpf: Fix warning in calloc() usage Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: preserve coalescing settings across resets Eduard Zingerman <eddyz87(a)gmail.com> libbpf: Verify that arena map exists when adding arena relocations Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Sven Schnelle <svens(a)linux.ibm.com> s390/sclp: Use monotonic clock in sclp_sync_wait() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Correct tid cleanup when tid setup fails Oliver Neukum <oneukum(a)suse.com> net: usb: cdc-ncm: check for filtering capability Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mld: avoid outdated reorder buffer head_sn Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mld: use spec link id and not FW link id Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Uwe Kleine-König <ukleinek(a)debian.org> Bluetooth: btusb: Add support for variant of RTL8851BE (USB ID 13d3:3601) Zijun Hu <zijun.hu(a)oss.qualcomm.com> Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_event: Add support for handling LE BIG Sync Lost event En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Ben Hutchings <benh(a)debian.org> bootconfig: Fix unaligned access when building footer Nam Cao <namcao(a)linutronix.de> verification/dot2k: Make a separate dot2k_templates/Kconfig_container Steven Rostedt <rostedt(a)goodmis.org> powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Srinivas Kandagatla <srini(a)kernel.org> ASoC: qcom: use drvdata instead of component to keep id Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Actually use the e_phoff Krzysztof Hałasa <khalasa(a)piap.pl> imx8m-blk-ctrl: set ISI panic write hurry level Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> usb: dwc3: xilinx: add shutdown callback Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Joseph Tilahun <jtilahun(a)astranis.com> tty: serial: fix print format specifiers Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode Markus Stockhausen <markus.stockhausen(a)gmx.de> irqchip/mips-gic: Allow forced affinity Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable jack polling at shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Handle the jack polling always via a work Gwendal Grignou <gwendal(a)chromium.org> platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Hans de Goede <hansg(a)kernel.org> mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Fix improper and inaccurate error code returned by misc_init() Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: SDCA: Add flag for unused IRQs Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Eliav Farber <farbere(a)amazon.com> pps: clients: gpio: fix interrupt handling order in remove path Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: vDSO: vdso_test_getrandom: Always print TAP header Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() GalaxySnail <me(a)glxys.nl> ALSA: hda: add MODULE_FIRMWARE for cs35l41/cs35l56 Thierry Reding <treding(a)nvidia.com> firmware: tegra: Fix IVC dependency problems Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Zhu Qiyu <qiyuzhu2(a)amd.com> ACPI: PRM: Reduce unnecessary printing to avoid user confusion Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/build: Fix s390(x) cross-compilation with clang Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Michael Walle <mwalle(a)kernel.org> mfd: tps6594: Add TI TPS652G1 support Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: don't overallocate scan buffer Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: define time_t in terms of __kernel_old_time_t David Collins <david.collins(a)oss.qualcomm.com> thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Clear the ECC counters on init Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Li RongQing <lirongqing(a)baidu.com> cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Guillaume La Roque <glaroque(a)baylibre.com> pmdomain: ti: Select PM_GENERIC_DOMAINS André Draszik <andre.draszik(a)linaro.org> usb: typec: tcpm/tcpci_maxim: fix irq wake usage Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Add poll_cci operation to cros_ec_ucsi Binbin Zhou <zhoubinbin(a)loongson.cn> gpio: loongson-64bit: Extend GPIO irq support Tiffany Yang <ynaffit(a)google.com> binder: Fix selftest page indexing Hiago De Franco <hiago.franco(a)toradex.com> remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Maulik Shah <maulik.shah(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Add RSC version 4 support Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: initialize tzmem before marking SCM as available Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Vivek Pernamitta <quic_vpernami(a)quicinc.com> bus: mhi: host: pci_generic: Disable runtime PM for QDU100 Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN990B40 modem support Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Add init response codes for new ni-usb-hs+ Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Steven Rostedt <rostedt(a)goodmis.org> tracefs: Add d_delete to remove negative dentries Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Al Viro <viro(a)zeniv.linux.org.uk> fix locking in efi_secret_unlink() Wei Gao <wegao(a)suse.com> ext2: Handle fiemap on empty files to prevent EINVAL Al Viro <viro(a)zeniv.linux.org.uk> landlock: opened file never has a negative dentry Christian Brauner <brauner(a)kernel.org> pidfs: raise SB_I_NODEV and SB_I_NOEXEC Xiao Ni <xni(a)redhat.com> md: Don't clear MD_CLOSING until mddev is freed Rong Zhang <ulin0208(a)gmail.com> fs/ntfs3: correctly create symlink for relative path Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add sanity check for file name Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disable DIPM if host lacks support Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disallow LPM policy control if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Jan Kara <jack(a)suse.cz> loop: Avoid updating block size under exclusive owner Xiao Ni <xni(a)redhat.com> md: call del_gendisk in control path Andrew Price <anprice(a)redhat.com> gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrew Price <anprice(a)redhat.com> gfs2: Validate i_depth for exhash directories Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: log TLS handshake failures at error level John Garry <john.g.garry(a)oracle.com> md/raid10: set chunk_sectors limit John Garry <john.g.garry(a)oracle.com> dm-stripe: limit chunk_sectors to the stripe size Keith Busch <kbusch(a)kernel.org> nvme-pci: try function level reset on init failure NeilBrown <neil(a)brown.name> smb/server: avoid deadlock when linking with ReplaceIfExists Yeoreum Yun <yeoreum.yun(a)arm.com> firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall Yeoreum Yun <yeoreum.yun(a)arm.com> tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Check for completion after timeout Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix general protection fault in hfs_find_init() Sven Stegemann <sven(a)stegemann.de> net: kcm: Fix race condition in kcm_unattach() Frederic Weisbecker <frederic(a)kernel.org> ipvs: Fix estimator kthreads preferred affinity Jakub Kicinski <kuba(a)kernel.org> tls: handle data disappearing from under the TLS ULP Jeongjun Park <aha310510(a)gmail.com> ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Yao Zi <ziyao(a)disroot.org> riscv: dts: thead: Add APB clocks for TH1520 GMACs Yao Zi <ziyao(a)disroot.org> net: stmmac: thead: Get and enable APB clock on initialization Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Len Brown <len.brown(a)intel.com> intel_idle: Allow loading ACPI tables for any family Gao Xiang <xiang(a)kernel.org> erofs: fix block count report when 48-bit layout is on Stanislav Fomichev <sdf(a)fomichev.me> hamradio: ignore ops-locked netdevs Stanislav Fomichev <sdf(a)fomichev.me> net: lapbether: ignore ops-locked netdevs Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ti: icss-iep: Fix incorrect type for return value in extts_enable() Jakub Kicinski <kuba(a)kernel.org> net: page_pool: allow enabling recycling late, fix false positive warning MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix emac link speed handling Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix the np_link_fail error reporting issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix the division by zero issue Jijie Shao <shaojijie(a)huawei.com> net: hibmcge: fix rtnl deadlock issue Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Sabrina Dubroca <sd(a)queasysnail.net> xfrm: restore GSO for SW crypto Jinjiang Tu <tujinjiang(a)huawei.com> mm/smaps: fix race between smaps_hugetlb_range and migration Al Viro <viro(a)zeniv.linux.org.uk> habanalabs: fix UAF in export_dmabuf() Stefan Metzmacher <metze(a)samba.org> smb: client: don't wait for info->send_pending == 0 on error Stefan Metzmacher <metze(a)samba.org> smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() Thomas Weißschuh <linux(a)weissschuh.net> mfd: cros_ec: Separate charge-control probing from USB-PD Li Zhijian <lizhijian(a)fujitsu.com> mm/memory-tier: fix abstract distance calculation overflow Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Jann Horn <jannh(a)google.com> eventpoll: Fix semi-unbounded recursion Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Eric Biggers <ebiggers(a)kernel.org> fscrypt: Don't use problematic non-inline crypto engines André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD André Draszik <andre.draszik(a)linaro.org> clk: samsung: exynos850: fix a comment Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Wentao Guan <guanwentao(a)uniontech.com> LoongArch: vDSO: Remove -nostdlib complier flag Yao Zi <ziyao(a)disroot.org> LoongArch: Avoid in-place string operation on FDT content Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Make relocate_new_kernel_size be a .quad value Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: Don't use %pK through printk() in unwinder Haoran Jiang <jianghaoran(a)kylinos.cn> LoongArch: BPF: Fix jump offset calculation in tailcall Huacai Chen <chenhuacai(a)kernel.org> PCI: Extend isolated function probing to LoongArch Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Christian Brauner <brauner(a)kernel.org> fhandle: raise FILEID_IS_DIR in handle_type Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition Xu Yang <xu.yang_2(a)nxp.com> net: usb: asix_devices: add phy_mask for ax88772 mdio bus Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: ti: icss-iep: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> net: mtk_eth_soc: fix device leak at probe Johan Hovold <johan(a)kernel.org> net: enetc: fix device and OF node leak at probe Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Heiner Kallweit <hkallweit1(a)gmail.com> net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect Florian Larysch <fl(a)n621.de> net: phy: micrel: fix KSZ8081/KSZ8091 cable test Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Daniel Golle <daniel(a)makrotopia.org> Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> leds: flash: leds-qcom-flash: Fix registry access after re-bind David Thompson <davthompson(a)nvidia.com> gpio: mlxbf3: use platform_get_irq_optional() David Thompson <davthompson(a)nvidia.com> Revert "gpio: mlxbf3: only get IRQ for device instance 0" David Thompson <davthompson(a)nvidia.com> gpio: mlxbf2: use platform_get_irq_optional() Dongcheng Yan <dongcheng.yan(a)intel.com> media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Harald Mommer <harald.mommer(a)oss.qualcomm.com> gpio: virtio: Fix config space reading. Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: remove redundant lstrp update in negotiate protocol Steve French <stfrench(a)microsoft.com> smb3: fix for slab out of bounds on mount to ksmbd Christopher Eby <kreed(a)kreed.org> ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Jens Axboe <axboe(a)kernel.dk> io_uring/net: commit partial buffers on retry Jens Axboe <axboe(a)kernel.dk> io_uring/memmap: cast nr_pages to size_t before shifting Pavel Begunkov <asml.silence(a)gmail.com> io_uring: export io_[un]account_mem Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI ------------- Diffstat: Documentation/filesystems/fscrypt.rst | 37 +- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Documentation/sphinx/kernel_abi.py | 6 +- Makefile | 4 +- arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +- arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/kernel/acpi.c | 10 +- arch/arm64/kernel/stacktrace.c | 2 + arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/arm64/mm/ptdump_debugfs.c | 3 - arch/loongarch/kernel/env.c | 13 +- arch/loongarch/kernel/relocate_kernel.S | 2 +- arch/loongarch/kernel/unwind_orc.c | 2 +- arch/loongarch/net/bpf_jit.c | 21 +- arch/loongarch/vdso/Makefile | 2 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/lantiq/falcon/sysctrl.c | 23 +- arch/parisc/Makefile | 2 +- arch/powerpc/include/asm/floppy.h | 5 +- arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/riscv/boot/dts/thead/th1520.dtsi | 10 +- arch/riscv/mm/ptdump.c | 3 - arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/early.c | 1 + arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/um/include/asm/thread_info.h | 4 + arch/um/kernel/process.c | 18 +- arch/x86/include/asm/kvm_host.h | 6 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kvm/svm/svm.c | 4 +- arch/x86/kvm/vmx/nested.c | 18 +- arch/x86/kvm/vmx/pmu_intel.c | 8 +- arch/x86/kvm/vmx/vmx.c | 41 +- arch/x86/kvm/vmx/vmx.h | 13 + arch/x86/kvm/vmx/x86_ops.h | 2 +- arch/x86/kvm/x86.c | 11 +- block/bfq-iosched.c | 35 +- block/bfq-iosched.h | 3 +- block/blk-mq.c | 6 +- block/blk-settings.c | 2 +- block/blk-zoned.c | 20 +- block/kyber-iosched.c | 9 +- block/mq-deadline.c | 16 +- crypto/jitterentropy-kcapi.c | 9 +- drivers/accel/habanalabs/common/memory.c | 23 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 13 + drivers/acpi/prmt.c | 26 +- drivers/acpi/processor_perflib.c | 11 + drivers/android/binder_alloc_selftest.c | 2 +- drivers/ata/ahci.c | 12 +- drivers/ata/ata_piix.c | 1 + drivers/ata/libahci.c | 1 + drivers/ata/libata-sata.c | 52 +- drivers/base/power/runtime.c | 5 + drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/loop.c | 38 +- drivers/block/sunvdc.c | 4 +- drivers/bluetooth/btusb.c | 3 + drivers/bus/mhi/host/pci_generic.c | 20 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 +- drivers/char/misc.c | 4 +- drivers/char/tpm/tpm-interface.c | 17 +- drivers/char/tpm/tpm_crb_ffa.c | 19 +- drivers/clk/qcom/dispcc-sm8750.c | 10 +- drivers/clk/qcom/gcc-ipq5018.c | 2 +- drivers/clk/qcom/gcc-ipq8074.c | 6 +- drivers/clk/renesas/rzg2l-cpg.c | 8 +- drivers/clk/samsung/clk-exynos850.c | 2 +- drivers/clk/samsung/clk-gs101.c | 4 +- drivers/clk/tegra/clk-periph.c | 4 +- drivers/clk/thead/clk-th1520-ap.c | 5 +- drivers/comedi/comedi_fops.c | 33 +- drivers/comedi/comedi_internal.h | 1 + drivers/comedi/drivers.c | 13 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 8 +- drivers/cpufreq/intel_pstate.c | 2 + drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/ccp/sp-pci.c | 1 + drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +- drivers/devfreq/governor_userspace.c | 6 +- drivers/dma/stm32/stm32-dma.c | 2 +- drivers/edac/synopsys_edac.c | 93 +- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/scmi_power_control.c | 22 +- drivers/firmware/qcom/qcom_scm.c | 53 +- drivers/firmware/tegra/Kconfig | 5 +- drivers/gpio/gpio-loongson-64bit.c | 6 + drivers/gpio/gpio-mlxbf2.c | 2 +- drivers/gpio/gpio-mlxbf3.c | 52 +- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-virtio.c | 9 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/aldebaran.c | 33 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 28 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +- .../display/dc/resource/dcn314/dcn314_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +- drivers/gpu/drm/clients/drm_client_setup.c | 5 + drivers/gpu/drm/i915/display/intel_psr.c | 14 +- drivers/gpu/drm/imagination/pvr_power.c | 59 +- drivers/gpu/drm/msm/Makefile | 5 + drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 4 + drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.h | 2 +- drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 2 +- .../gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 4 +- drivers/gpu/drm/msm/msm_drv.c | 9 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/msm/msm_gem.h | 6 + drivers/gpu/drm/msm/registers/adreno/a6xx.xml | 3576 ++++---------------- .../drm/msm/registers/adreno/a6xx_descriptors.xml | 198 ++ .../gpu/drm/msm/registers/adreno/a6xx_enums.xml | 383 +++ .../drm/msm/registers/adreno/a6xx_perfcntrs.xml | 600 ++++ .../gpu/drm/msm/registers/adreno/a7xx_enums.xml | 223 ++ .../drm/msm/registers/adreno/a7xx_perfcntrs.xml | 1030 ++++++ .../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 302 +- drivers/gpu/drm/panel/panel-raydium-rm67200.c | 22 +- drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 + drivers/gpu/drm/scheduler/sched_main.c | 34 +- drivers/gpu/drm/ttm/ttm_pool.c | 8 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 + drivers/gpu/drm/xe/xe_guc_submit.c | 7 +- drivers/gpu/drm/xe/xe_hw_fence.c | 3 + drivers/gpu/drm/xe/xe_query.c | 27 +- drivers/hid/hid-core.c | 4 +- drivers/hid/hid-magicmouse.c | 56 +- drivers/hwmon/emc2305.c | 10 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 4 +- drivers/idle/intel_idle.c | 2 +- drivers/iio/adc/ad7768-1.c | 23 +- drivers/iio/adc/ad_sigma_delta.c | 2 +- drivers/infiniband/core/nldev.c | 22 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +- drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 19 +- drivers/iommu/intel/iommu.h | 3 + drivers/iommu/iommufd/io_pagetable.c | 48 +- drivers/irqchip/irq-mips-gic.c | 8 +- drivers/irqchip/irq-renesas-rzv2h.c | 4 +- drivers/leds/flash/leds-qcom-flash.c | 15 +- drivers/leds/leds-lp50xx.c | 11 +- drivers/leds/trigger/ledtrig-netdev.c | 16 +- drivers/md/dm-ps-historical-service-time.c | 4 +- drivers/md/dm-ps-queue-length.c | 4 +- drivers/md/dm-ps-round-robin.c | 4 +- drivers/md/dm-ps-service-time.c | 4 +- drivers/md/dm-stripe.c | 1 + drivers/md/dm-table.c | 10 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 37 +- drivers/md/md.c | 51 +- drivers/md/md.h | 26 +- drivers/md/raid10.c | 1 + drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/hi556.c | 7 +- drivers/media/i2c/lt6911uxe.c | 2 +- drivers/media/i2c/tc358743.c | 86 +- drivers/media/pci/intel/ipu-bridge.c | 2 + drivers/media/platform/qcom/iris/iris_buffer.c | 11 +- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 2 + .../platform/qcom/iris/iris_hfi_gen1_response.c | 6 + drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +- drivers/media/platform/raspberrypi/rp1-cfe/cfe.c | 4 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/uvc/uvc_ctrl.c | 55 +- drivers/media/usb/uvc/uvc_driver.c | 12 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/usb/uvc/uvcvideo.h | 2 + drivers/media/v4l2-core/v4l2-common.c | 14 +- drivers/mfd/axp20x.c | 3 +- drivers/mfd/cros_ec_dev.c | 10 +- drivers/mfd/tps6594-core.c | 88 +- drivers/mfd/tps6594-i2c.c | 10 +- drivers/mfd/tps6594-spi.c | 10 +- drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/misc/mei/bus.c | 6 + drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-msm.c | 14 + drivers/net/can/ti_hecc.c | 2 +- drivers/net/dsa/b53/b53_common.c | 76 +- drivers/net/dsa/b53/b53_regs.h | 7 +- drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 + .../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 + drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 +- drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/faraday/ftgmac100.c | 7 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +- drivers/net/ethernet/freescale/fec_main.c | 34 +- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 14 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 15 +- drivers/net/ethernet/hisilicon/hibmcge/hbg_txrx.h | 7 +- drivers/net/ethernet/intel/idpf/idpf.h | 19 + drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 +- drivers/net/ethernet/mediatek/mtk_wed.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +- drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 14 + drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 + drivers/net/hamradio/bpqether.c | 2 +- drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 +- drivers/net/pcs/pcs-xpcs-plat.c | 4 +- drivers/net/phy/broadcom.c | 25 +- drivers/net/phy/micrel.c | 12 +- drivers/net/phy/smsc.c | 1 + drivers/net/thunderbolt/main.c | 21 +- drivers/net/usb/asix_devices.c | 1 + drivers/net/usb/cdc_ncm.c | 20 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wan/lapbether.c | 2 +- drivers/net/wireless/ath/ath10k/core.c | 48 +- drivers/net/wireless/ath/ath10k/core.h | 11 +- drivers/net/wireless/ath/ath10k/mac.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 6 + drivers/net/wireless/ath/ath12k/core.h | 4 + drivers/net/wireless/ath/ath12k/dp.c | 3 +- drivers/net/wireless/ath/ath12k/hw.c | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 79 +- drivers/net/wireless/ath/ath12k/wmi.c | 5 + drivers/net/wireless/ath/ath12k/wmi.h | 1 + drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mld/agg.c | 5 + drivers/net/wireless/intel/iwlwifi/mld/iface.h | 3 + drivers/net/wireless/intel/iwlwifi/mld/link.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 1 + drivers/net/wireless/intel/iwlwifi/mld/mlo.c | 8 +- drivers/net/wireless/intel/iwlwifi/mld/scan.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/scan.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/mediatek/mt76/channel.c | 4 +- drivers/net/wireless/mediatek/mt76/mt76.h | 5 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 28 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +- drivers/net/wireless/realtek/rtw89/chan.c | 6 + drivers/net/wireless/realtek/rtw89/coex.c | 12 +- drivers/net/wireless/realtek/rtw89/core.c | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 9 +- drivers/net/wireless/realtek/rtw89/fw.h | 2 + drivers/net/wireless/realtek/rtw89/mac.c | 19 + drivers/net/wireless/realtek/rtw89/reg.h | 1 + drivers/net/wireless/realtek/rtw89/wow.c | 5 +- drivers/net/xen-netfront.c | 5 - drivers/nvme/host/pci.c | 24 +- drivers/nvme/host/tcp.c | 11 +- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 6 +- drivers/pci/probe.c | 2 +- drivers/perf/arm-cmn.c | 1 + drivers/perf/arm-ni.c | 1 + drivers/perf/cxl_pmu.c | 2 +- drivers/phy/rockchip/phy-rockchip-pcie.c | 15 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/platform/chrome/cros_ec_sensorhub.c | 23 +- drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 + drivers/pmdomain/ti/Kconfig | 2 +- drivers/power/supply/qcom_battmgr.c | 2 + drivers/pps/clients/pps-gpio.c | 5 +- drivers/ptp/ptp_clock.c | 2 +- drivers/ptp/ptp_private.h | 5 + drivers/ptp/ptp_vclock.c | 7 + drivers/remoteproc/imx_rproc.c | 4 +- drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 15 +- drivers/s390/char/sclp.c | 4 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 + drivers/scsi/pm8001/pm80xx_hwi.c | 12 +- drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 +- drivers/soc/qcom/mdt_loader.c | 10 +- drivers/soc/qcom/rpmh-rsc.c | 2 +- drivers/soundwire/amd_manager.c | 7 +- drivers/soundwire/bus.c | 6 +- drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 14 +- drivers/target/target_core_fabric_lib.c | 65 +- drivers/target/target_core_internal.h | 4 +- drivers/target/target_core_pr.c | 18 +- drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/serial_core.c | 44 +- drivers/usb/class/cdc-acm.c | 11 +- drivers/usb/core/config.c | 10 +- drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/dwc3-xilinx.c | 1 + drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 +- drivers/usb/typec/ucsi/cros_ec_ucsi.c | 1 + drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vfio/pci/mlx5/cmd.c | 4 +- drivers/vfio/vfio_iommu_type1.c | 7 + drivers/vhost/vhost.c | 3 + drivers/video/fbdev/Kconfig | 2 +- drivers/video/fbdev/core/fbcon.c | 9 +- drivers/video/fbdev/core/fbmem.c | 3 + drivers/virt/coco/efi_secret/efi_secret.c | 10 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/iTCO_wdt.c | 6 +- drivers/watchdog/sbsa_gwdt.c | 50 +- fs/btrfs/block-group.c | 31 +- fs/btrfs/ctree.c | 1 + fs/btrfs/extent-tree.c | 33 +- fs/btrfs/inode.c | 2 +- fs/btrfs/ioctl.c | 3 +- fs/btrfs/qgroup.c | 44 +- fs/btrfs/relocation.c | 19 + fs/btrfs/send.c | 33 + fs/btrfs/transaction.c | 6 +- fs/btrfs/tree-log.c | 107 +- fs/btrfs/zoned.c | 5 +- fs/crypto/fscrypt_private.h | 17 + fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 +- fs/crypto/keysetup_v1.c | 3 +- fs/erofs/super.c | 4 +- fs/eventpoll.c | 60 +- fs/exfat/dir.c | 12 + fs/exfat/fatent.c | 10 + fs/exfat/namei.c | 5 + fs/exfat/super.c | 32 +- fs/ext2/inode.c | 12 +- fs/ext4/inline.c | 19 +- fs/ext4/mballoc-test.c | 9 + fs/ext4/mballoc.c | 69 +- fs/f2fs/file.c | 24 +- fs/fhandle.c | 2 +- fs/file.c | 15 + fs/gfs2/dir.c | 6 +- fs/gfs2/glops.c | 6 + fs/gfs2/meta_io.c | 2 + fs/hfs/bfind.c | 3 + fs/hfs/bnode.c | 93 + fs/hfs/btree.c | 57 +- fs/hfs/extent.c | 2 +- fs/hfs/hfs_fs.h | 1 + fs/hfsplus/bnode.c | 92 + fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 6 + fs/libfs.c | 4 +- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 44 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4client.c | 20 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/pnfs.c | 11 +- fs/nfsd/nfs4state.c | 34 +- fs/ntfs3/dir.c | 3 + fs/ntfs3/inode.c | 31 +- fs/ocfs2/aops.c | 1 + fs/orangefs/orangefs-debugfs.c | 2 +- fs/pidfs.c | 2 + fs/proc/task_mmu.c | 6 +- fs/smb/client/cifsencrypt.c | 79 +- fs/smb/client/cifssmb.c | 10 + fs/smb/client/compress.c | 61 +- fs/smb/client/connect.c | 1 - fs/smb/client/sess.c | 9 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smbdirect.c | 25 +- fs/smb/server/smb2pdu.c | 16 +- fs/tracefs/inode.c | 11 + fs/udf/super.c | 13 +- fs/xfs/scrub/trace.h | 2 +- include/drm/gpu_scheduler.h | 18 + include/linux/blk_types.h | 6 +- include/linux/blkdev.h | 55 + include/linux/hid.h | 2 + include/linux/hypervisor.h | 3 + include/linux/if_vlan.h | 21 +- include/linux/libata.h | 1 + include/linux/memory-tiers.h | 2 +- include/linux/mfd/tps6594.h | 1 + include/linux/packing.h | 6 +- include/linux/pci.h | 6 + include/linux/sbitmap.h | 6 +- include/linux/skbuff.h | 8 +- include/linux/usb/cdc_ncm.h | 1 + include/linux/virtio_vsock.h | 7 +- include/net/bluetooth/hci.h | 6 + include/net/bluetooth/hci_core.h | 5 +- include/net/cfg80211.h | 2 +- include/net/ip_vs.h | 13 + include/net/kcm.h | 1 - include/net/mac80211.h | 4 + include/net/page_pool/types.h | 2 + include/sound/sdca_function.h | 2 + include/trace/events/thp.h | 2 + include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- io_uring/memmap.c | 2 +- io_uring/net.c | 27 +- io_uring/rsrc.c | 4 +- io_uring/rsrc.h | 2 + io_uring/rw.c | 2 +- kernel/.gitignore | 2 + kernel/Makefile | 47 +- kernel/bpf/verifier.c | 7 +- kernel/gen_kheaders.sh | 88 +- kernel/kthread.c | 1 + kernel/module/main.c | 10 +- kernel/power/console.c | 7 +- kernel/printk/nbcon.c | 63 +- kernel/rcu/rcutorture.c | 9 +- kernel/rcu/tree.c | 2 + kernel/rcu/tree.h | 14 +- kernel/rcu/tree_nocb.h | 5 +- kernel/rcu/tree_plugin.h | 44 +- kernel/sched/deadline.c | 4 +- kernel/sched/fair.c | 19 +- kernel/sched/rt.c | 6 + kernel/trace/fprobe.c | 4 +- kernel/trace/rv/rv_trace.h | 3 +- lib/sbitmap.c | 56 +- mm/damon/core.c | 1 + mm/huge_memory.c | 7 +- mm/kmemleak.c | 10 +- mm/ptdump.c | 2 + mm/shmem.c | 39 +- mm/slub.c | 7 +- mm/userfaultfd.c | 15 +- net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_event.c | 39 +- net/bluetooth/hci_sock.c | 2 +- net/core/ieee8021q_helpers.c | 44 +- net/core/page_pool.c | 29 + net/ipv4/route.c | 1 - net/ipv4/udp_offload.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/mcast.c | 11 +- net/kcm/kcmsock.c | 10 +- net/mac80211/chan.c | 1 + net/mac80211/ht.c | 40 +- net/mac80211/ieee80211_i.h | 6 + net/mac80211/iface.c | 29 + net/mac80211/link.c | 9 +- net/mac80211/mlme.c | 45 +- net/mac80211/rx.c | 47 +- net/mctp/af_mctp.c | 28 +- net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/ipvs/ip_vs_est.c | 3 +- net/netfilter/nf_conntrack_netlink.c | 24 +- net/netfilter/nft_set_pipapo.c | 9 +- net/netlink/af_netlink.c | 2 +- net/sched/sch_ets.c | 11 +- net/sctp/input.c | 2 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 11 +- net/tls/tls_sw.c | 3 +- net/vmw_vsock/virtio_transport.c | 2 +- net/wireless/mlme.c | 3 +- net/xfrm/xfrm_device.c | 9 +- net/xfrm/xfrm_state.c | 74 +- rust/Makefile | 16 +- samples/damon/wsse.c | 12 +- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/apparmor/domain.c | 52 +- security/apparmor/file.c | 6 +- security/apparmor/include/lib.h | 6 +- security/inode.c | 2 - security/landlock/syscalls.c | 1 - sound/core/pcm_native.c | 19 +- sound/pci/hda/cs35l41_hda.c | 2 + sound/pci/hda/cs35l56_hda.c | 4 + sound/pci/hda/hda_codec.c | 44 +- sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 20 +- sound/soc/intel/avs/core.c | 3 +- sound/soc/intel/boards/sof_sdw.c | 8 + sound/soc/qcom/lpass-platform.c | 27 +- sound/soc/sdca/sdca_functions.c | 2 + sound/soc/soc-core.c | 3 + sound/soc/soc-dapm.c | 4 + sound/soc/sof/topology.c | 15 +- sound/usb/mixer_quirks.c | 14 +- sound/usb/stream.c | 25 +- sound/usb/validate.c | 12 + tools/bootconfig/main.c | 24 +- tools/bpf/bpftool/main.c | 6 +- tools/include/nolibc/std.h | 4 +- tools/include/nolibc/types.h | 4 +- tools/lib/bpf/libbpf.c | 7 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/power/x86/turbostat/turbostat.c | 14 +- tools/scripts/Makefile.include | 4 +- tools/testing/ktest/ktest.pl | 5 +- tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +- tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +- .../selftests/bpf/prog_tests/user_ringbuf.c | 10 +- .../selftests/bpf/progs/test_ringbuf_write.c | 4 +- .../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/net/netfilter/config | 2 +- tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +- tools/verification/dot2/dot2k.py | 3 +- .../dot2/dot2k_templates/Kconfig_container | 5 + 566 files changed, 8326 insertions(+), 5099 deletions(-)

3 weeks, 4 days

9
529
0 0

[PATCH] drm/amdgpu: drop hw access in non-DC audio fini

by Alex Deucher

We already disable the audio pins in hw_fini so there is no need to do it again in sw_fini. Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4481 Cc: stable(a)vger.kernel.org Cc: oushixiong <oushixiong1025(a)163.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> --- drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 5 ----- drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 5 ----- drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 5 ----- drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 5 ----- 4 files changed, 20 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c index bf7c22f81cda3..ba73518f5cdf3 100644 --- a/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c @@ -1462,17 +1462,12 @@ static int dce_v10_0_audio_init(struct amdgpu_device *adev) static void dce_v10_0_audio_fini(struct amdgpu_device *adev) { - int i; - if (!amdgpu_audio) return; if (!adev->mode_info.audio.enabled) return; - for (i = 0; i < adev->mode_info.audio.num_pins; i++) - dce_v10_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false); - adev->mode_info.audio.enabled = false; } diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c index 47e05783c4a0e..b01d88d078fa2 100644 --- a/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c @@ -1511,17 +1511,12 @@ static int dce_v11_0_audio_init(struct amdgpu_device *adev) static void dce_v11_0_audio_fini(struct amdgpu_device *adev) { - int i; - if (!amdgpu_audio) return; if (!adev->mode_info.audio.enabled) return; - for (i = 0; i < adev->mode_info.audio.num_pins; i++) - dce_v11_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false); - adev->mode_info.audio.enabled = false; } diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c index 276c025c4c03d..81760a26f2ffc 100644 --- a/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c @@ -1451,17 +1451,12 @@ static int dce_v6_0_audio_init(struct amdgpu_device *adev) static void dce_v6_0_audio_fini(struct amdgpu_device *adev) { - int i; - if (!amdgpu_audio) return; if (!adev->mode_info.audio.enabled) return; - for (i = 0; i < adev->mode_info.audio.num_pins; i++) - dce_v6_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false); - adev->mode_info.audio.enabled = false; } diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c index e62ccf9eb73de..19a265bd4d196 100644 --- a/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c +++ b/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c @@ -1443,17 +1443,12 @@ static int dce_v8_0_audio_init(struct amdgpu_device *adev) static void dce_v8_0_audio_fini(struct amdgpu_device *adev) { - int i; - if (!amdgpu_audio) return; if (!adev->mode_info.audio.enabled) return; - for (i = 0; i < adev->mode_info.audio.num_pins; i++) - dce_v8_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false); - adev->mode_info.audio.enabled = false; } -- 2.50.1

3 weeks, 4 days

2
3
0 0

[PATCH] mm/khugepaged: fix the address passed to notifier on testing young

by Wei Yang

Commit 8ee53820edfd ("thp: mmu_notifier_test_young") introduced mmu_notifier_test_young(), but we should pass the address need to test. In xxx_scan_pmd(), the actual iteration address is "_address" not "address". We seem to misuse the variable on the very beginning. Change it to the right one. Fixes: 8ee53820edfd ("thp: mmu_notifier_test_young") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Nico Pache <npache(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Barry Song <baohua(a)kernel.org> CC: <stable(a)vger.kernel.org> --- The original commit 8ee53820edfd is at 2011. Then the code is moved to khugepaged.c in commit b46e756f5e470 ("thp: extract khugepaged from mm/huge_memory.c") in 2022. --- mm/khugepaged.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 24e18a7f8a93..b000942250d1 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -1418,7 +1418,7 @@ static int hpage_collapse_scan_pmd(struct mm_struct *mm, if (cc->is_khugepaged && (pte_young(pteval) || folio_test_young(folio) || folio_test_referenced(folio) || mmu_notifier_test_young(vma->vm_mm, - address))) + _address))) referenced++; } if (!writable) { -- 2.34.1

3 weeks, 4 days

6
11
0 0

[PATCH v3] btrfs: do more strict compressed read merge check

by Qu Wenruo

[BUG] With 64K page size (aarch64 with 64K page size config) and 4K btrfs block size, the following workload can easily lead to a corrupted read: mkfs.btrfs -f -s 4k $dev > /dev/null mount -o compress=zstd $dev $mnt xfs_io -f -c "pwrite -S 0xff 0 64k" -c sync $mnt/base > /dev/null echo "correct result:" od -Ax -x $mnt/base xfs_io -f -c "reflink $mnt/base 32k 0 32k" \ -c "reflink $mnt/base 0 32k 32k" \ -c "pwrite -S 0xff 60k 4k" $mnt/new > /dev/null echo "incorrect result:" od -Ax -x $mnt/new umount $mnt This shows the following result: correct result: 000000 ffff ffff ffff ffff ffff ffff ffff ffff * 010000 incorrect result: 000000 ffff ffff ffff ffff ffff ffff ffff ffff * 008000 0000 0000 0000 0000 0000 0000 0000 0000 * 00f000 ffff ffff ffff ffff ffff ffff ffff ffff * 010000 Notice the zero in the range [0x8000, 0xf000), which is incorrect. [CAUSE] With extra trace printk, it shows the following events during od: (some unrelated info removed like CPU and context) od-3457 btrfs_do_readpage: enter r/i=5/258 folio=0(65536) prev_em_start=0000000000000000 The "r/i" is indicating the root and inode number. In our case the file "new" is using ino 258 from fs tree (root 5). Here notice the @prev_em_start pointer is NULL. This means the btrfs_do_readpage() is called from btrfs_read_folio(), not from btrfs_readahead(). od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=0 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=4096 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=8192 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=12288 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=16384 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=20480 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=24576 got em start=0 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=28672 got em start=0 len=32768 These above 32K blocks will be read from the the first half of the compressed data extent. od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=32768 got em start=32768 len=32768 Note here there is no btrfs_submit_compressed_read() call. Which is incorrect now. As both extent maps at 0 and 32K are pointing to the same compressed data, their offset are different thus can not be merged into the same read. So this means the compressed data read merge check is doing something wrong. od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=36864 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=40960 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=45056 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=49152 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=53248 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=57344 got em start=32768 len=32768 od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=61440 skip uptodate od-3457 btrfs_submit_compressed_read: cb orig_bio: file off=0 len=61440 The function btrfs_submit_compressed_read() is only called at the end of folio read. The compressed bio will only have a extent map of range [0, 32K), but the original bio passed in are for the whole 64K folio. This will cause the decompression part to only fill the first 32K, leaving the rest untouched (aka, filled with zero). This incorrect compressed read merge leads to the above data corruption. There are similar problems happened in the past, commit 808f80b46790 ("Btrfs: update fix for read corruption of compressed and shared extents") is doing pretty much the same fix for readahead. But that's back to 2015, where btrfs still only supports bs (block size) == ps (page size) cases. This means btrfs_do_readpage() only needs to handle a folio which contains exactly one block. Only btrfs_readahead() can lead to a read covering multiple blocks. Thus only btrfs_readahead() passes a non-NULL @prev_em_start pointer. With the v5.15 btrfs introduced bs < ps support. This breaks the above assumption that a folio can only contain one block. Now btrfs_read_folio() can also read multiple blocks in one go. But btrfs_read_folio() doesn't pass a @prev_em_start pointer, thus the existing bio force submission check will never be triggered. In theory, this can also happen for btrfs with large folios, but since large folio is still experimental, we don't need to bother it, thus only bs < ps support is affected for now. [FIX] Instead of passing @prev_em_start to do the proper compressed extent check, introduce one new member, btrfs_bio_ctrl::last_em_start, so that the existing bio force submission logic will always be triggered. CC: stable(a)vger.kernel.org #5.15+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- Changelog: v3: - Use a single btrfs_bio_ctrl::last_em_start Since the existing prev_em_start is using U64_MAX as the initial value to indicate no em hit yet, we can use the same logic, which saves another 8 bytes from btrfs_bio_ctrl. - Update the reproducer Previously I failed to reproduce using a minimal workload. As regular read from od/md5sum always trigger readahead thus not hitting the @prev_em_start == NULL path. Will send out a fstest case for it using the minimal reproducer. But it will still need a 16K/64K page sized system to reproduce. Fix the problem by doing an block aligned write into the folio, so that the folio will be partially dirty and not go through the readahead path. - Update the analyze This includes the trace events of the minimal reproducer, and mentioning of previous similar fixes and why they do not work for subpage cases. - Update the CC tag Since it's only affecting bs < ps cases (for non-experimental builds), only need to fix kernels with subpage btrfs supports. v2: - Only save extent_map::start/len to save memory for btrfs_bio_ctrl It's using on-stack memory which is very limited inside the kernel. - Remove the commit message mentioning of clearing last saved em Since we're using em::start/len, there is no need to clear them. Either we hit the same em::start/len, meaning hitting the same extent map, or we hit a different em, which will have a different start/len. --- fs/btrfs/extent_io.c | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 0c12fd64a1f3..b219dbaaedc8 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -131,6 +131,24 @@ struct btrfs_bio_ctrl { */ unsigned long submit_bitmap; struct readahead_control *ractl; + + /* + * The start file offset of the last hit extent map. + * + * This is for proper compressed read merge. + * U64_MAX means no extent map hit yet. + * + * The current btrfs_bio_is_contig() only uses disk_bytenr as + * the condition to check if the read can be merged with previous + * bio, which is not correct. E.g. two file extents pointing to the + * same extent but with different offset. + * + * So here we need to do extra check to only merge reads that are + * covered by the same extent map. + * Just extent_map::start will be enough, as they are unique + * inside the same inode. + */ + u64 last_em_start; }; /* @@ -965,7 +983,7 @@ static void btrfs_readahead_expand(struct readahead_control *ractl, * return 0 on success, otherwise return error */ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached, - struct btrfs_bio_ctrl *bio_ctrl, u64 *prev_em_start) + struct btrfs_bio_ctrl *bio_ctrl) { struct inode *inode = folio->mapping->host; struct btrfs_fs_info *fs_info = inode_to_fs_info(inode); @@ -1076,12 +1094,11 @@ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached, * non-optimal behavior (submitting 2 bios for the same extent). */ if (compress_type != BTRFS_COMPRESS_NONE && - prev_em_start && *prev_em_start != (u64)-1 && - *prev_em_start != em->start) + bio_ctrl->last_em_start != U64_MAX && + bio_ctrl->last_em_start != em->start) force_bio_submit = true; - if (prev_em_start) - *prev_em_start = em->start; + bio_ctrl->last_em_start = em->start; em_gen = em->generation; btrfs_free_extent_map(em); @@ -1296,12 +1313,15 @@ int btrfs_read_folio(struct file *file, struct folio *folio) const u64 start = folio_pos(folio); const u64 end = start + folio_size(folio) - 1; struct extent_state *cached_state = NULL; - struct btrfs_bio_ctrl bio_ctrl = { .opf = REQ_OP_READ }; + struct btrfs_bio_ctrl bio_ctrl = { + .opf = REQ_OP_READ, + .last_em_start = U64_MAX, + }; struct extent_map *em_cached = NULL; int ret; lock_extents_for_read(inode, start, end, &cached_state); - ret = btrfs_do_readpage(folio, &em_cached, &bio_ctrl, NULL); + ret = btrfs_do_readpage(folio, &em_cached, &bio_ctrl); btrfs_unlock_extent(&inode->io_tree, start, end, &cached_state); btrfs_free_extent_map(em_cached); @@ -2641,7 +2661,8 @@ void btrfs_readahead(struct readahead_control *rac) { struct btrfs_bio_ctrl bio_ctrl = { .opf = REQ_OP_READ | REQ_RAHEAD, - .ractl = rac + .ractl = rac, + .last_em_start = U64_MAX, }; struct folio *folio; struct btrfs_inode *inode = BTRFS_I(rac->mapping->host); @@ -2649,12 +2670,11 @@ void btrfs_readahead(struct readahead_control *rac) const u64 end = start + readahead_length(rac) - 1; struct extent_state *cached_state = NULL; struct extent_map *em_cached = NULL; - u64 prev_em_start = (u64)-1; lock_extents_for_read(inode, start, end, &cached_state); while ((folio = readahead_folio(rac)) != NULL) - btrfs_do_readpage(folio, &em_cached, &bio_ctrl, &prev_em_start); + btrfs_do_readpage(folio, &em_cached, &bio_ctrl); btrfs_unlock_extent(&inode->io_tree, start, end, &cached_state); -- 2.50.1

3 weeks, 4 days

2
2
0 0

[PATCH V2] xfs: do not propagate ENODATA disk errors into xattr code

by Eric Sandeen

ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { xfs_trans_brelse(args->trans, bp); return error; } because an ENODATA/ENOATTR error from disk leaves us with a null bp, and the xfs_trans_brelse will then null-deref it. As discussed on the list, we really need to modify the lower level IO functions to trap all disk errors and ensure that we don't let unique errors like this leak up into higher xfs functions - many like this should be remapped to EIO. However, this patch directly addresses a reported bug in the xattr code, and should be safe to backport to stable kernels. A larger-scope patch to handle more unique errors at lower levels can follow later. (Note, prior to 07120f1abdff we did not oops, but we did return the wrong error code to userspace.) Signed-off-by: Eric Sandeen <sandeen(a)redhat.com> Fixes: 07120f1abdff ("xfs: Add xfs_has_attr and subroutines") Cc: <stable(a)vger.kernel.org> # v5.9+ --- V2: Remove the extraneous trap point as pointed out by djwong, oops. (I get it that sprinkling this around in 2 places might have an ick factor but I think it's necessary to make a surgical strike on this bug before we address the general problem.) Thanks, -Eric diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 4c44ce1c8a64..bff3dc226f81 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -435,6 +435,13 @@ xfs_attr_rmtval_get( 0, &bp, &xfs_attr3_rmt_buf_ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK); + /* + * ENODATA from disk implies a disk medium failure; + * ENODATA for xattrs means attribute not found, so + * disambiguate that here. + */ + if (error == -ENODATA) + error = -EIO; if (error) return error; diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c index 17d9e6154f19..723a0643b838 100644 --- a/fs/xfs/libxfs/xfs_da_btree.c +++ b/fs/xfs/libxfs/xfs_da_btree.c @@ -2833,6 +2833,12 @@ xfs_da_read_buf( &bp, ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(dp, whichfork); + /* + * ENODATA from disk implies a disk medium failure; ENODATA for + * xattrs means attribute not found, so disambiguate that here. + */ + if (error == -ENODATA && whichfork == XFS_ATTR_FORK) + error = -EIO; if (error) goto out_free;

3 weeks, 4 days

3
2
0 0

[PATCH] USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions

by Fabio Porcedda

From: Fabio Porcedda <fabio.porcedda(a)gmail.com> Add the following Telit Cinterion LE910C4-WWX new compositions: 0x1034: tty (AT) + tty (AT) + rmnet T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 8 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1034 Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x1036: tty (AT) + tty (AT) T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 10 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1036 Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x1037: tty (diag) + tty (Telit custom) + tty (AT) + tty (AT) + rmnet T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 15 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1037 Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x1038: tty (Telit custom) + tty (AT) + tty (AT) + rmnet T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 9 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1038 Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x103b: tty (diag) + tty (Telit custom) + tty (AT) + tty (AT) T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 10 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=103b Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x103c: tty (Telit custom) + tty (AT) + tty (AT) T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 11 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=103c Rev=00.00 S: Manufacturer=Telit S: Product=LE910C4-WWX S: SerialNumber=93f617e7 C: #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 64 Ivl=2ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/usb/serial/option.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 1f4da8120111..fc869b7f803f 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1322,7 +1322,18 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(0) | RSVD(3) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1033, 0xff), /* Telit LE910C1-EUX (ECM) */ .driver_info = NCTRL(0) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1034, 0xff), /* Telit LE910C4-WWX (rmnet) */ + .driver_info = RSVD(2) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1035, 0xff) }, /* Telit LE910C4-WWX (ECM) */ + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1036, 0xff) }, /* Telit LE910C4-WWX */ + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1037, 0xff), /* Telit LE910C4-WWX (rmnet) */ + .driver_info = NCTRL(0) | NCTRL(1) | RSVD(4) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1038, 0xff), /* Telit LE910C4-WWX (rmnet) */ + .driver_info = NCTRL(0) | RSVD(3) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x103b, 0xff), /* Telit LE910C4-WWX */ + .driver_info = NCTRL(0) | NCTRL(1) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x103c, 0xff), /* Telit LE910C4-WWX */ + .driver_info = NCTRL(0) }, { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG0), .driver_info = RSVD(0) | RSVD(1) | NCTRL(2) | RSVD(3) }, { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG1), -- 2.51.0

3 weeks, 4 days

2
1
0 0

[PATCH] USB: serial: option: add Telit Cinterion FN990A w/audio compositions

by Fabio Porcedda

Add the following Telit Cinterion FN990A w/audio compositions: 0x1077: tty (diag) + adb + rmnet + audio + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=01 Dev#= 8 Spd=480 MxCh= 0 D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1077 Rev=05.04 S: Manufacturer=Telit Wireless Solutions S: Product=FN990 S: SerialNumber=67e04c35 C: #Ifs=10 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 8 Ivl=32ms E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 0 Cls=01(audio) Sub=01 Prot=20 Driver=snd-usb-audio I: If#= 4 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio E: Ad=03(O) Atr=0d(Isoc) MxPS= 68 Ivl=1ms I: If#= 5 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio E: Ad=84(I) Atr=0d(Isoc) MxPS= 68 Ivl=1ms I: If#= 6 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 7 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 9 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8c(I) Atr=03(Int.) MxPS= 10 Ivl=32ms 0x1078: tty (diag) + adb + MBIM + audio + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=01 Dev#= 21 Spd=480 MxCh= 0 D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1078 Rev=05.04 S: Manufacturer=Telit Wireless Solutions S: Product=FN990 S: SerialNumber=67e04c35 C: #Ifs=11 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#=10 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8c(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=32ms I: If#= 3 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 0 Cls=01(audio) Sub=01 Prot=20 Driver=snd-usb-audio I: If#= 5 Alt= 0 #EPs= 0 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio I: If#= 6 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio E: Ad=84(I) Atr=0d(Isoc) MxPS= 68 Ivl=1ms I: If#= 7 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 9 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms 0x1079: RNDIS + tty (diag) + adb + audio + tty (AT/NMEA) + tty (AT) + tty (AT) + tty (AT) T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=01 Dev#= 23 Spd=480 MxCh= 0 D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=1079 Rev=05.04 S: Manufacturer=Telit Wireless Solutions S: Product=FN990 S: SerialNumber=67e04c35 C: #Ifs=11 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=ef(misc ) Sub=04 Prot=01 Driver=rndis_host E: Ad=81(I) Atr=03(Int.) MxPS= 8 Ivl=32ms I: If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#=10 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8c(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 0 Cls=01(audio) Sub=01 Prot=20 Driver=snd-usb-audio I: If#= 5 Alt= 0 #EPs= 0 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio I: If#= 6 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio E: Ad=84(I) Atr=0d(Isoc) MxPS= 68 Ivl=1ms I: If#= 7 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 9 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/usb/serial/option.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index e5cd33093423..1f4da8120111 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1369,6 +1369,12 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(0) | RSVD(1) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1075, 0xff), /* Telit FN990A (PCIe) */ .driver_info = RSVD(0) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1077, 0xff), /* Telit FN990A (rmnet + audio) */ + .driver_info = NCTRL(0) | RSVD(1) | RSVD(2) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1078, 0xff), /* Telit FN990A (MBIM + audio) */ + .driver_info = NCTRL(0) | RSVD(1) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1079, 0xff), /* Telit FN990A (RNDIS + audio) */ + .driver_info = NCTRL(2) | RSVD(3) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1080, 0xff), /* Telit FE990A (rmnet) */ .driver_info = NCTRL(0) | RSVD(1) | RSVD(2) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1081, 0xff), /* Telit FE990A (MBIM) */ -- 2.50.1

3 weeks, 4 days

2
1
0 0

[PATCH v2] mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range()

by Jeongjun Park

When restoring a reservation for an anonymous page, we need to check to freeing a surplus. However, __unmap_hugepage_range() causes data race because it reads h->surplus_huge_pages without the protection of hugetlb_lock. And adjust_reservation is a boolean variable that indicates whether reservations for anonymous pages in each folio should be restored. Therefore, it should be initialized to false for each round of the loop. However, this variable is not initialized to false except when defining the current adjust_reservation variable. This means that once adjust_reservation is set to true even once within the loop, reservations for anonymous pages will be restored unconditionally in all subsequent rounds, regardless of the folio's state. To fix this, we need to add the missing hugetlb_lock, unlock the page_table_lock earlier so that we don't lock the hugetlb_lock inside the page_table_lock lock, and initialize adjust_reservation to false on each round within the loop. Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+417aeb05fd190f3a6da9(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=417aeb05fd190f3a6da9 Fixes: df7a6d1f6405 ("mm/hugetlb: restore the reservation if needed") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- v2: Fix issues with changing the page_table_lock unlock location and initializing adjust_reservation - Link to v1: https://lore.kernel.org/all/20250822055857.1142454-1-aha310510@gmail.com/ --- mm/hugetlb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 753f99b4c718..eed59cfb5d21 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5851,7 +5851,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, spinlock_t *ptl; struct hstate *h = hstate_vma(vma); unsigned long sz = huge_page_size(h); - bool adjust_reservation = false; + bool adjust_reservation; unsigned long last_addr_mask; bool force_flush = false; @@ -5944,6 +5944,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, sz); hugetlb_count_sub(pages_per_huge_page(h), mm); hugetlb_remove_rmap(folio); + spin_unlock(ptl); /* * Restore the reservation for anonymous page, otherwise the @@ -5951,14 +5952,16 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, * If there we are freeing a surplus, do not set the restore * reservation bit. */ + adjust_reservation = false; + + spin_lock_irq(&hugetlb_lock); if (!h->surplus_huge_pages && __vma_private_lock(vma) && folio_test_anon(folio)) { folio_set_hugetlb_restore_reserve(folio); /* Reservation to be adjusted after the spin lock */ adjust_reservation = true; } - - spin_unlock(ptl); + spin_unlock_irq(&hugetlb_lock); /* * Adjust the reservation for the region that will have the --

3 weeks, 4 days

1
1
0 0

[PATCH 1/1] hung_task: fix warnings by enforcing alignment on lock structures

by Lance Yang

From: Lance Yang <lance.yang(a)linux.dev> The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported by Geert Uytterhoeven, some architectures like m68k only guarantee 2-byte alignment of 32-bit values. This breaks the assumption and causes two related WARN_ON_ONCE checks to trigger. To fix this, enforce a minimum of 4-byte alignment on the core lock structures supported by the blocker tracking mechanism. This ensures the algorithm's alignment assumption now holds true on all architectures. This patch adds __aligned(4) to the definitions of "struct mutex", "struct semaphore", and "struct rw_semaphore", resolving the warnings. Thanks to Geert for bisecting! Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Closes: https://lore.kernel.org/lkml/CAMuHMdW7Ab13DdGs2acMQcix5ObJK0O2dG_Fxzr8_g58R… Fixes: e711faaafbe5 ("hung_task: replace blocker_mutex with encoded blocker") Cc: <stable(a)vger.kernel.org> Signed-off-by: Lance Yang <lance.yang(a)linux.dev> --- include/linux/mutex_types.h | 2 +- include/linux/rwsem.h | 2 +- include/linux/semaphore.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/mutex_types.h b/include/linux/mutex_types.h index fdf7f515fde8..de798bfbc4c7 100644 --- a/include/linux/mutex_types.h +++ b/include/linux/mutex_types.h @@ -51,7 +51,7 @@ struct mutex { #ifdef CONFIG_DEBUG_LOCK_ALLOC struct lockdep_map dep_map; #endif -}; +} __aligned(4); /* For hung_task blocker tracking, which encodes type in LSBs */ #else /* !CONFIG_PREEMPT_RT */ /* diff --git a/include/linux/rwsem.h b/include/linux/rwsem.h index f1aaf676a874..f6ecf4a4710d 100644 --- a/include/linux/rwsem.h +++ b/include/linux/rwsem.h @@ -64,7 +64,7 @@ struct rw_semaphore { #ifdef CONFIG_DEBUG_LOCK_ALLOC struct lockdep_map dep_map; #endif -}; +} __aligned(4); /* For hung_task blocker tracking, which encodes type in LSBs */ #define RWSEM_UNLOCKED_VALUE 0UL #define RWSEM_WRITER_LOCKED (1UL << 0) diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h index 89706157e622..ac9b9c87bfb7 100644 --- a/include/linux/semaphore.h +++ b/include/linux/semaphore.h @@ -20,7 +20,7 @@ struct semaphore { #ifdef CONFIG_DETECT_HUNG_TASK_BLOCKER unsigned long last_holder; #endif -}; +} __aligned(4); /* For hung_task blocker tracking, which encodes type in LSBs */ #ifdef CONFIG_DETECT_HUNG_TASK_BLOCKER #define __LAST_HOLDER_SEMAPHORE_INITIALIZER \ -- 2.49.0

3 weeks, 4 days

4
9
0 0

[PATCH 1/1] hung_task: fix warnings caused by unaligned lock pointers

by Lance Yang

From: Lance Yang <lance.yang(a)linux.dev> The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported by Geert Uytterhoeven, some architectures like m68k only guarantee 2-byte alignment of 32-bit values. This breaks the assumption and causes two related WARN_ON_ONCE checks to trigger. To fix this, the runtime checks are adjusted. The first WARN_ON_ONCE in hung_task_set_blocker() is changed to a simple 'if' that returns silently for unaligned pointers. The second, now-invalid WARN_ON_ONCE in hung_task_clear_blocker() is then removed. Thanks to Geert for bisecting! Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Closes: https://lore.kernel.org/lkml/CAMuHMdW7Ab13DdGs2acMQcix5ObJK0O2dG_Fxzr8_g58R… Fixes: e711faaafbe5 ("hung_task: replace blocker_mutex with encoded blocker") Cc: <stable(a)vger.kernel.org> Signed-off-by: Lance Yang <lance.yang(a)linux.dev> --- include/linux/hung_task.h | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/include/linux/hung_task.h b/include/linux/hung_task.h index 34e615c76ca5..69640f266a69 100644 --- a/include/linux/hung_task.h +++ b/include/linux/hung_task.h @@ -20,6 +20,10 @@ * always zero. So we can use these bits to encode the specific blocking * type. * + * Note that on architectures like m68k with only 2-byte alignment, the + * blocker tracking mechanism gracefully does nothing for any lock that is + * not 4-byte aligned. + * * Type encoding: * 00 - Blocked on mutex (BLOCKER_TYPE_MUTEX) * 01 - Blocked on semaphore (BLOCKER_TYPE_SEM) @@ -45,7 +49,7 @@ static inline void hung_task_set_blocker(void *lock, unsigned long type) * If the lock pointer matches the BLOCKER_TYPE_MASK, return * without writing anything. */ - if (WARN_ON_ONCE(lock_ptr & BLOCKER_TYPE_MASK)) + if (lock_ptr & BLOCKER_TYPE_MASK) return; WRITE_ONCE(current->blocker, lock_ptr | type); @@ -53,8 +57,6 @@ static inline void hung_task_set_blocker(void *lock, unsigned long type) static inline void hung_task_clear_blocker(void) { - WARN_ON_ONCE(!READ_ONCE(current->blocker)); - WRITE_ONCE(current->blocker, 0UL); } -- 2.49.0

3 weeks, 4 days

2
2
0 0

[PATCH v10 1/3] scsi: sd: Fix build warning in sd_revalidate_disk()

by Abinash Singh

A build warning was triggered due to excessive stack usage in sd_revalidate_disk(): drivers/scsi/sd.c: In function ‘sd_revalidate_disk.isra’: drivers/scsi/sd.c:3824:1: warning: the frame size of 1160 bytes is larger than 1024 bytes [-Wframe-larger-than=] This is caused by a large local struct queue_limits (~400B) allocated on the stack. Replacing it with a heap allocation using kmalloc() significantly reduces frame usage. Kernel stack is limited (~8 KB), and allocating large structs on the stack is discouraged. As the function already performs heap allocations (e.g. for buffer), this change fits well. Fixes: 804e498e0496 ("sd: convert to the atomic queue limits API") Cc: stable(a)vger.kernel.org Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Abinash Singh <abinashsinghlalotra(a)gmail.com> --- drivers/scsi/sd.c | 50 ++++++++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 5b8668accf8e..bf12e23f1212 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -3696,10 +3696,10 @@ static int sd_revalidate_disk(struct gendisk *disk) struct scsi_disk *sdkp = scsi_disk(disk); struct scsi_device *sdp = sdkp->device; sector_t old_capacity = sdkp->capacity; - struct queue_limits lim; - unsigned char *buffer; + struct queue_limits *lim = NULL; + unsigned char *buffer = NULL; unsigned int dev_max; - int err; + int err = 0; SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp, "sd_revalidate_disk\n")); @@ -3711,6 +3711,10 @@ static int sd_revalidate_disk(struct gendisk *disk) if (!scsi_device_online(sdp)) goto out; + lim = kmalloc(sizeof(*lim), GFP_KERNEL); + if (!lim) + goto out; + buffer = kmalloc(SD_BUF_SIZE, GFP_KERNEL); if (!buffer) { sd_printk(KERN_WARNING, sdkp, "sd_revalidate_disk: Memory " @@ -3720,14 +3724,14 @@ static int sd_revalidate_disk(struct gendisk *disk) sd_spinup_disk(sdkp); - lim = queue_limits_start_update(sdkp->disk->queue); + *lim = queue_limits_start_update(sdkp->disk->queue); /* * Without media there is no reason to ask; moreover, some devices * react badly if we do. */ if (sdkp->media_present) { - sd_read_capacity(sdkp, &lim, buffer); + sd_read_capacity(sdkp, lim, buffer); /* * Some USB/UAS devices return generic values for mode pages * until the media has been accessed. Trigger a READ operation @@ -3741,17 +3745,17 @@ static int sd_revalidate_disk(struct gendisk *disk) * cause this to be updated correctly and any device which * doesn't support it should be treated as rotational. */ - lim.features |= (BLK_FEAT_ROTATIONAL | BLK_FEAT_ADD_RANDOM); + lim->features |= (BLK_FEAT_ROTATIONAL | BLK_FEAT_ADD_RANDOM); if (scsi_device_supports_vpd(sdp)) { sd_read_block_provisioning(sdkp); - sd_read_block_limits(sdkp, &lim); + sd_read_block_limits(sdkp, lim); sd_read_block_limits_ext(sdkp); - sd_read_block_characteristics(sdkp, &lim); - sd_zbc_read_zones(sdkp, &lim, buffer); + sd_read_block_characteristics(sdkp, lim); + sd_zbc_read_zones(sdkp, lim, buffer); } - sd_config_discard(sdkp, &lim, sd_discard_mode(sdkp)); + sd_config_discard(sdkp, lim, sd_discard_mode(sdkp)); sd_print_capacity(sdkp, old_capacity); @@ -3761,47 +3765,46 @@ static int sd_revalidate_disk(struct gendisk *disk) sd_read_app_tag_own(sdkp, buffer); sd_read_write_same(sdkp, buffer); sd_read_security(sdkp, buffer); - sd_config_protection(sdkp, &lim); + sd_config_protection(sdkp, lim); } /* * We now have all cache related info, determine how we deal * with flush requests. */ - sd_set_flush_flag(sdkp, &lim); + sd_set_flush_flag(sdkp, lim); /* Initial block count limit based on CDB TRANSFER LENGTH field size. */ dev_max = sdp->use_16_for_rw ? SD_MAX_XFER_BLOCKS : SD_DEF_XFER_BLOCKS; /* Some devices report a maximum block count for READ/WRITE requests. */ dev_max = min_not_zero(dev_max, sdkp->max_xfer_blocks); - lim.max_dev_sectors = logical_to_sectors(sdp, dev_max); + lim->max_dev_sectors = logical_to_sectors(sdp, dev_max); if (sd_validate_min_xfer_size(sdkp)) - lim.io_min = logical_to_bytes(sdp, sdkp->min_xfer_blocks); + lim->io_min = logical_to_bytes(sdp, sdkp->min_xfer_blocks); else - lim.io_min = 0; + lim->io_min = 0; /* * Limit default to SCSI host optimal sector limit if set. There may be * an impact on performance for when the size of a request exceeds this * host limit. */ - lim.io_opt = sdp->host->opt_sectors << SECTOR_SHIFT; + lim->io_opt = sdp->host->opt_sectors << SECTOR_SHIFT; if (sd_validate_opt_xfer_size(sdkp, dev_max)) { - lim.io_opt = min_not_zero(lim.io_opt, + lim->io_opt = min_not_zero(lim->io_opt, logical_to_bytes(sdp, sdkp->opt_xfer_blocks)); } sdkp->first_scan = 0; set_capacity_and_notify(disk, logical_to_sectors(sdp, sdkp->capacity)); - sd_config_write_same(sdkp, &lim); - kfree(buffer); + sd_config_write_same(sdkp, lim); - err = queue_limits_commit_update_frozen(sdkp->disk->queue, &lim); + err = queue_limits_commit_update_frozen(sdkp->disk->queue, lim); if (err) - return err; + goto out; /* * Query concurrent positioning ranges after @@ -3820,7 +3823,10 @@ static int sd_revalidate_disk(struct gendisk *disk) set_capacity_and_notify(disk, 0); out: - return 0; + kfree(buffer); + kfree(lim); + + return err; } /** -- 2.43.0

3 weeks, 4 days

2
1
0 0

[PATCH net] net: mana: Remove redundant netdev_lock_ops_to_full() calls

by Saurabh Sengar

NET_SHAPER is always selected for MANA driver. When NET_SHAPER is enabled, netdev_lock_ops_to_full() reduces effectively to only an assert for lock, which is always held in the path when NET_SHAPER is enabled. Remove the redundant netdev_lock_ops_to_full() call. Fixes: d5c8f0e4e0cb ("net: mana: Fix potential deadlocks in mana napi ops") Cc: stable(a)vger.kernel.org Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> --- drivers/net/ethernet/microsoft/mana/mana_en.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 550843e2164b..f0dbf4e82e0b 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -2100,10 +2100,8 @@ static void mana_destroy_txq(struct mana_port_context *apc) napi = &apc->tx_qp[i].tx_cq.napi; if (apc->tx_qp[i].txq.napi_initialized) { napi_synchronize(napi); - netdev_lock_ops_to_full(napi->dev); napi_disable_locked(napi); netif_napi_del_locked(napi); - netdev_unlock_full_to_ops(napi->dev); apc->tx_qp[i].txq.napi_initialized = false; } mana_destroy_wq_obj(apc, GDMA_SQ, apc->tx_qp[i].tx_object); @@ -2256,10 +2254,8 @@ static int mana_create_txq(struct mana_port_context *apc, mana_create_txq_debugfs(apc, i); set_bit(NAPI_STATE_NO_BUSY_POLL, &cq->napi.state); - netdev_lock_ops_to_full(net); netif_napi_add_locked(net, &cq->napi, mana_poll); napi_enable_locked(&cq->napi); - netdev_unlock_full_to_ops(net); txq->napi_initialized = true; mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT); @@ -2295,10 +2291,8 @@ static void mana_destroy_rxq(struct mana_port_context *apc, if (napi_initialized) { napi_synchronize(napi); - netdev_lock_ops_to_full(napi->dev); napi_disable_locked(napi); netif_napi_del_locked(napi); - netdev_unlock_full_to_ops(napi->dev); } xdp_rxq_info_unreg(&rxq->xdp_rxq); @@ -2549,18 +2543,14 @@ static struct mana_rxq *mana_create_rxq(struct mana_port_context *apc, gc->cq_table[cq->gdma_id] = cq->gdma_cq; - netdev_lock_ops_to_full(ndev); netif_napi_add_weight_locked(ndev, &cq->napi, mana_poll, 1); - netdev_unlock_full_to_ops(ndev); WARN_ON(xdp_rxq_info_reg(&rxq->xdp_rxq, ndev, rxq_idx, cq->napi.napi_id)); WARN_ON(xdp_rxq_info_reg_mem_model(&rxq->xdp_rxq, MEM_TYPE_PAGE_POOL, rxq->page_pool)); - netdev_lock_ops_to_full(ndev); napi_enable_locked(&cq->napi); - netdev_unlock_full_to_ops(ndev); mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT); out: -- 2.43.0

3 weeks, 4 days

3
2
0 0

[PATCH 5.15.y] wifi: mac80211: check basic rates validity in sta_link_apply_parameters

by Hanne-Lotta Mäenpää

From: Mikhail Lobanov <m.lobanov(a)rosa.ru> [ Upstream commit 16ee3ea8faef8ff042acc15867a6c458c573de61 ] When userspace sets supported rates for a new station via NL80211_CMD_NEW_STATION, it might send a list that's empty or contains only invalid values. Currently, we process these values in sta_link_apply_parameters() without checking the result of ieee80211_parse_bitrates(), which can lead to an empty rates bitmap. A similar issue was addressed for NL80211_CMD_SET_BSS in commit ce04abc3fcc6 ("wifi: mac80211: check basic rates validity"). This patch applies the same approach in sta_link_apply_parameters() for NL80211_CMD_NEW_STATION, ensuring there is at least one valid rate by inspecting the result of ieee80211_parse_bitrates(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: b95eb7f0eee4 ("wifi: cfg80211/mac80211: separate link params from station params") Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru> Link: https://patch.msgid.link/20250317103139.17625-1-m.lobanov@rosa.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> [ Summary of conflict resolutions: - Function ieee80211_parse_bitrates() takes channel width as its first parameter in mainline kernel version. In v5.15 the function takes the whole chandef struct as its first parameter. - The same function takes link station parameters as its last parameter, and in v5.15 they are in a struct called sta, instead of a struct called link_sta. ] Signed-off-by: Hanne-Lotta Mäenpää <hannelotta(a)gmail.com> --- net/mac80211/cfg.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 2b77cb290788..706ff67f4254 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -1658,12 +1658,13 @@ static int sta_apply_parameters(struct ieee80211_local *local, return ret; } - if (params->supported_rates && params->supported_rates_len) { - ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef, - sband, params->supported_rates, - params->supported_rates_len, - &sta->sta.supp_rates[sband->band]); - } + if (params->supported_rates && + params->supported_rates_len && + !ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef, + sband, params->supported_rates, + params->supported_rates_len, + &sta->sta.supp_rates[sband->band])) + return -EINVAL; if (params->ht_capa) ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, -- 2.50.0

3 weeks, 4 days

1
0
0 0

+ mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/core: set quota->charged_from to jiffies at first charge window has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sang-Heon Jeon <ekffu200098(a)gmail.com> Subject: mm/damon/core: set quota->charged_from to jiffies at first charge window Date: Fri, 22 Aug 2025 11:50:57 +0900 Kernel initializes the "jiffies" timer as 5 minutes below zero, as shown in include/linux/jiffies.h /* * Have the 32 bit jiffies value wrap 5 minutes after boot * so jiffies wrap bugs show up earlier. */ #define INITIAL_JIFFIES ((unsigned long)(unsigned int) (-300*HZ)) And jiffies comparison help functions cast unsigned value to signed to cover wraparound #define time_after_eq(a,b) \ (typecheck(unsigned long, a) && \ typecheck(unsigned long, b) && \ ((long)((a) - (b)) >= 0)) When quota->charged_from is initialized to 0, time_after_eq() can incorrectly return FALSE even after reset_interval has elapsed. This occurs when (jiffies - reset_interval) produces a value with MSB=1, which is interpreted as negative in signed arithmetic. This issue primarily affects 32-bit systems because: On 64-bit systems: MSB=1 values occur after ~292 million years from boot (assuming HZ=1000), almost impossible. On 32-bit systems: MSB=1 values occur during the first 5 minutes after boot, and the second half of every jiffies wraparound cycle, starting from day 25 (assuming HZ=1000) When above unexpected FALSE return from time_after_eq() occurs, the charging window will not reset. The user impact depends on esz value at that time. If esz is 0, scheme ignores configured quotas and runs without any limits. If esz is not 0, scheme stops working once the quota is exhausted. It remains until the charging window finally resets. So, change quota->charged_from to jiffies at damos_adjust_quota() when it is considered as the first charge window. By this change, we can avoid unexpected FALSE return from time_after_eq() Link: https://lkml.kernel.org/r/20250822025057.1740854-1-ekffu200098@gmail.com Fixes: 2b8a248d5873 ("mm/damon/schemes: implement size quota for schemes application speed control") # 5.16 Signed-off-by: Sang-Heon Jeon <ekffu200098(a)gmail.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/damon/core.c~mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window +++ a/mm/damon/core.c @@ -2111,6 +2111,10 @@ static void damos_adjust_quota(struct da if (!quota->ms && !quota->sz && list_empty(&quota->goals)) return; + /* First charge window */ + if (!quota->total_charged_sz && !quota->charged_from) + quota->charged_from = jiffies; + /* New charge window starts */ if (time_after_eq(jiffies, quota->charged_from + msecs_to_jiffies(quota->reset_interval))) { _ Patches currently in -mm which might be from ekffu200098(a)gmail.com are mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch mm-damon-update-expired-description-of-damos_action.patch docs-mm-damon-design-fix-typo-s-sz_trtied-sz_tried.patch selftests-damon-test-no-op-commit-broke-damon-status.patch selftests-damon-test-no-op-commit-broke-damon-status-fix.patch mm-damon-tests-core-kunit-add-damos_commit_filter-test.patch

3 weeks, 4 days

1
0
0 0

+ mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jeongjun Park <aha310510(a)gmail.com> Subject: mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() Date: Sun, 24 Aug 2025 03:21:15 +0900 When restoring a reservation for an anonymous page, we need to check to freeing a surplus. However, __unmap_hugepage_range() causes data race because it reads h->surplus_huge_pages without the protection of hugetlb_lock. And adjust_reservation is a boolean variable that indicates whether reservations for anonymous pages in each folio should be restored. Therefore, it should be initialized to false for each round of the loop. However, this variable is not initialized to false except when defining the current adjust_reservation variable. This means that once adjust_reservation is set to true even once within the loop, reservations for anonymous pages will be restored unconditionally in all subsequent rounds, regardless of the folio's state. To fix this, we need to add the missing hugetlb_lock, unlock the page_table_lock earlier so that we don't lock the hugetlb_lock inside the page_table_lock lock, and initialize adjust_reservation to false on each round within the loop. Link: https://lkml.kernel.org/r/20250823182115.1193563-1-aha310510@gmail.com Fixes: df7a6d1f6405 ("mm/hugetlb: restore the reservation if needed") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Reported-by: syzbot+417aeb05fd190f3a6da9(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=417aeb05fd190f3a6da9 Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range +++ a/mm/hugetlb.c @@ -5851,7 +5851,7 @@ void __unmap_hugepage_range(struct mmu_g spinlock_t *ptl; struct hstate *h = hstate_vma(vma); unsigned long sz = huge_page_size(h); - bool adjust_reservation = false; + bool adjust_reservation; unsigned long last_addr_mask; bool force_flush = false; @@ -5944,6 +5944,7 @@ void __unmap_hugepage_range(struct mmu_g sz); hugetlb_count_sub(pages_per_huge_page(h), mm); hugetlb_remove_rmap(folio); + spin_unlock(ptl); /* * Restore the reservation for anonymous page, otherwise the @@ -5951,14 +5952,16 @@ void __unmap_hugepage_range(struct mmu_g * If there we are freeing a surplus, do not set the restore * reservation bit. */ + adjust_reservation = false; + + spin_lock_irq(&hugetlb_lock); if (!h->surplus_huge_pages && __vma_private_lock(vma) && folio_test_anon(folio)) { folio_set_hugetlb_restore_reserve(folio); /* Reservation to be adjusted after the spin lock */ adjust_reservation = true; } - - spin_unlock(ptl); + spin_unlock_irq(&hugetlb_lock); /* * Adjust the reservation for the region that will have the _ Patches currently in -mm which might be from aha310510(a)gmail.com are mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range.patch

3 weeks, 5 days

1
0
0 0

+ kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kexec/arm64: initialize the random field of kbuf to zero in the image loader has been added to the -mm mm-hotfixes-unstable branch. Its filename is kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Breno Leitao <leitao(a)debian.org> Subject: kexec/arm64: initialize the random field of kbuf to zero in the image loader Date: Thu Aug 21 04:11:21 2025 -0700 Add an explicit initialization for the random member of the kbuf structure within the image_load function in arch/arm64/kernel/kexec_image.c. Setting kbuf.random to zero ensures a deterministic and clean starting state for the buffer used during kernel image loading, avoiding this UBSAN issue later, when kbuf.random is read. [ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10 [ 32.362649] load of value 252 is not a valid value for type '_Bool' Link: https://lkml.kernel.org/r/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnzad… Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly Signed-off-by: Breno Leitao <leitao(a)debian.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Coiby Xu <coxu(a)redhat.com> Cc: "Daniel P. Berrange" <berrange(a)redhat.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Kairui Song <ryncsn(a)gmail.com> Cc: Liu Pingfan <kernelfans(a)gmail.com> Cc: Milan Broz <gmazyland(a)gmail.com> Cc: Ondrej Kozina <okozina(a)redhat.com> Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/kernel/kexec_image.c | 1 + 1 file changed, 1 insertion(+) --- a/arch/arm64/kernel/kexec_image.c~kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader +++ a/arch/arm64/kernel/kexec_image.c @@ -76,6 +76,7 @@ static void *image_load(struct kimage *i kbuf.buf_min = 0; kbuf.buf_max = ULONG_MAX; kbuf.top_down = false; + kbuf.random = 0; kbuf.buffer = kernel; kbuf.bufsz = kernel_len; _ Patches currently in -mm which might be from leitao(a)debian.org are kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch

3 weeks, 5 days

1
0
0 0

[PATCH] net/dccp: validate Reset/Close/CloseReq in DCCP_REQUESTING

by Yizhou Zhao

DCCP sockets in DCCP_REQUESTING state do not check the sequence number or acknowledgment number for incoming Reset, CloseReq, and Close packets. As a result, an attacker can send a spoofed Reset packet while the client is in the requesting state. The client will accept the packet without verification and immediately close the connection, causing a denial of service (DoS) attack. This patch moves the processing of Reset, Close, and CloseReq packets into dccp_rcv_request_sent_state_process() and validates the ack number before accepting them. This fix should apply to stable versions *only* in Linux 5.x and 6.x. Note that DCCP was removed in Linux 6.16, so this patch is only relevant for older versions. We tested it on Ubuntu 24.04 LTS (Linux 6.8) and it worked as expected. Signed-off-by: Yizhou Zhao <zhaoyz24(a)mails.tsinghua.edu.cn> Cc: stable(a)vger.kernel.org Signed-off-by: Yizhou Zhao <zhaoyz24(a)mails.tsinghua.edu.cn> --- net/dccp/input.c | 54 ++++++++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/net/dccp/input.c b/net/dccp/input.c index 2cbb757a8..0b1ffb044 100644 --- a/net/dccp/input.c +++ b/net/dccp/input.c @@ -397,21 +397,22 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk, * / * Response processing continues in Step 10; Reset * processing continues in Step 9 * / */ + struct dccp_sock *dp = dccp_sk(sk); + + if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, + dp->dccps_awl, dp->dccps_awh)) { + dccp_pr_debug("invalid ackno: S.AWL=%llu, " + "P.ackno=%llu, S.AWH=%llu\n", + (unsigned long long)dp->dccps_awl, + (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq, + (unsigned long long)dp->dccps_awh); + goto out_invalid_packet; + } + if (dh->dccph_type == DCCP_PKT_RESPONSE) { const struct inet_connection_sock *icsk = inet_csk(sk); - struct dccp_sock *dp = dccp_sk(sk); - long tstamp = dccp_timestamp(); - - if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, - dp->dccps_awl, dp->dccps_awh)) { - dccp_pr_debug("invalid ackno: S.AWL=%llu, " - "P.ackno=%llu, S.AWH=%llu\n", - (unsigned long long)dp->dccps_awl, - (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq, - (unsigned long long)dp->dccps_awh); - goto out_invalid_packet; - } + long tstamp = dccp_timestamp(); /* * If option processing (Step 8) failed, return 1 here so that * dccp_v4_do_rcv() sends a Reset. The Reset code depends on @@ -496,6 +497,13 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk, } dccp_send_ack(sk); return -1; + } else if (dh->dccph_type == DCCP_PKT_RESET) { + dccp_rcv_reset(sk, skb); + return 0; + } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { + return dccp_rcv_closereq(sk, skb); + } else if (dh->dccph_type == DCCP_PKT_CLOSE) { + return dccp_rcv_close(sk, skb); } out_invalid_packet: @@ -658,17 +666,19 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, * Set TIMEWAIT timer * Drop packet and return */ - if (dh->dccph_type == DCCP_PKT_RESET) { - dccp_rcv_reset(sk, skb); - return 0; - } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */ - if (dccp_rcv_closereq(sk, skb)) - return 0; - goto discard; - } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */ - if (dccp_rcv_close(sk, skb)) + if (sk->sk_state != DCCP_REQUESTING) { + if (dh->dccph_type == DCCP_PKT_RESET) { + dccp_rcv_reset(sk, skb); return 0; - goto discard; + } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */ + if (dccp_rcv_closereq(sk, skb)) + return 0; + goto discard; + } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */ + if (dccp_rcv_close(sk, skb)) + return 0; + goto discard; + } } switch (sk->sk_state) { -- 2.34.1

3 weeks, 5 days

1
0
0 0

[PATCH] net/dccp: validate Reset/Close/CloseReq in DCCP_REQUESTING

by Yizhou Zhao

DCCP sockets in DCCP_REQUESTING state do not check the sequence number or acknowledgment number for incoming Reset, CloseReq, and Close packets. As a result, an attacker can send a spoofed Reset packet while the client is in the requesting state. The client will accept the packet without verification and immediately close the connection, causing a denial of service (DoS) attack. This patch moves the processing of Reset, Close, and CloseReq packets into dccp_rcv_request_sent_state_process() and validates the ack number before accepting them. This fix should apply to Linux 5.x and 6.x, including stable versions. Note that DCCP was removed in Linux 6.16, so this patch is only relevant for older versions. We tested it on Ubuntu 24.04 LTS (Linux 6.8) and it worked as expected. Signed-off-by: Yizhou Zhao <zhaoyz24(a)mails.tsinghua.edu.cn> Cc: stable(a)vger.kernel.org --- net/dccp/input.c | 54 ++++++++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/net/dccp/input.c b/net/dccp/input.c index 2cbb757a8..0b1ffb044 100644 --- a/net/dccp/input.c +++ b/net/dccp/input.c @@ -397,21 +397,22 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk, * / * Response processing continues in Step 10; Reset * processing continues in Step 9 * / */ + struct dccp_sock *dp = dccp_sk(sk); + + if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, + dp->dccps_awl, dp->dccps_awh)) { + dccp_pr_debug("invalid ackno: S.AWL=%llu, " + "P.ackno=%llu, S.AWH=%llu\n", + (unsigned long long)dp->dccps_awl, + (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq, + (unsigned long long)dp->dccps_awh); + goto out_invalid_packet; + } + if (dh->dccph_type == DCCP_PKT_RESPONSE) { const struct inet_connection_sock *icsk = inet_csk(sk); - struct dccp_sock *dp = dccp_sk(sk); - long tstamp = dccp_timestamp(); - - if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, - dp->dccps_awl, dp->dccps_awh)) { - dccp_pr_debug("invalid ackno: S.AWL=%llu, " - "P.ackno=%llu, S.AWH=%llu\n", - (unsigned long long)dp->dccps_awl, - (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq, - (unsigned long long)dp->dccps_awh); - goto out_invalid_packet; - } + long tstamp = dccp_timestamp(); /* * If option processing (Step 8) failed, return 1 here so that * dccp_v4_do_rcv() sends a Reset. The Reset code depends on @@ -496,6 +497,13 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk, } dccp_send_ack(sk); return -1; + } else if (dh->dccph_type == DCCP_PKT_RESET) { + dccp_rcv_reset(sk, skb); + return 0; + } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { + return dccp_rcv_closereq(sk, skb); + } else if (dh->dccph_type == DCCP_PKT_CLOSE) { + return dccp_rcv_close(sk, skb); } out_invalid_packet: @@ -658,17 +666,19 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, * Set TIMEWAIT timer * Drop packet and return */ - if (dh->dccph_type == DCCP_PKT_RESET) { - dccp_rcv_reset(sk, skb); - return 0; - } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */ - if (dccp_rcv_closereq(sk, skb)) - return 0; - goto discard; - } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */ - if (dccp_rcv_close(sk, skb)) + if (sk->sk_state != DCCP_REQUESTING) { + if (dh->dccph_type == DCCP_PKT_RESET) { + dccp_rcv_reset(sk, skb); return 0; - goto discard; + } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */ + if (dccp_rcv_closereq(sk, skb)) + return 0; + goto discard; + } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */ + if (dccp_rcv_close(sk, skb)) + return 0; + goto discard; + } } switch (sk->sk_state) { -- 2.34.1

3 weeks, 5 days

2
1
0 0

[REGRESSION] IPv6 RA default router advertisement fails after kernel 6.12.42 updates

by 喵公子

Hi, While testing Linux kernel 6.12.42 on OpenWrt, we observed a regression in IPv6 Router Advertisement (RA) handling for the default router. Affected commits The following commits appear related and may have introduced the issue: ipv6: fix possible infinite loop in fib6_info_uses_dev()： https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… ipv6: prevent infinite loop in rt6_nlmsg_size()： https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… ipv6: annotate data-races around rt->fib6_nsiblings： https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… Problem description： In Linux kernel 6.12.42, IPv6 FIB multipath and concurrent access handling was made stricter (READ_ONCE / WRITE_ONCE + RCU retry). The RA “Automatic” mode relies on checking whether a local default route exists. With the stricter FIB handling, this check can fail in multipath scenarios. As a result, RA does not advertise a default route, and IPv6 clients on LAN fail to receive the default gateway. Steps to reproduce Run OpenWrt with kernel 6.12.42 (or 6.12.43) on a router with br-lan bridge. Configure IPv6 RA in Automatic default router mode. Observe that no default route is advertised to clients (though prefixes may still be delivered). Expected behavior Router Advertisement should continue to advertise the default route as in kernel 6.12.41 and earlier. Client IPv6 connectivity should not break. Actual behavior RA fails to advertise a default route in Automatic mode. Clients do not install a default IPv6 route → connectivity fails. Temporary workaround Change RA default router mode from Automatic → Always / Use available prefixes in OpenWrt. This bypasses the dependency on local default route check and restores correct RA behavior. Additional notes This appears to be an unintended side effect of the stricter FIB handling changes introduced in 6.12.42. Please advise if this has already been reported or if I should prepare a minimal reproducer outside OpenWrt. Thanks, [GitHub: mgz0227]

3 weeks, 5 days

2
1
0 0

[PATCH v2] btrfs: do more strict compressed read merge check

by Qu Wenruo

[BUG] When running test case generic/457, there is a chance to hit the following error, with 64K page size and 4K btrfs block size, and "compress=zstd" mount option: FSTYP -- btrfs PLATFORM -- Linux/aarch64 btrfs-aarch64 6.17.0-rc2-custom+ #129 SMP PREEMPT_DYNAMIC Wed Aug 20 18:52:51 ACST 2025 MKFS_OPTIONS -- -s 4k /dev/mapper/test-scratch1 MOUNT_OPTIONS -- -o compress=zstd /dev/mapper/test-scratch1 /mnt/scratch generic/457 2s ... [failed, exit status 1]- output mismatch (see /home/adam/xfstests-dev/results//generic/457.out.bad) --- tests/generic/457.out 2024-04-25 18:13:45.160550980 +0930 +++ /home/adam/xfstests-dev/results//generic/457.out.bad 2025-08-22 16:09:41.039352391 +0930 @@ -1,2 +1,3 @@ QA output created by 457 -Silence is golden +testfile6 end md5sum mismatched +(see /home/adam/xfstests-dev/results//generic/457.full for details) ... (Run 'diff -u /home/adam/xfstests-dev/tests/generic/457.out /home/adam/xfstests-dev/results//generic/457.out.bad' to see the entire diff) The root problem is, after certain fsx operations the file contents change just after a mount cycle. There is a much smaller reproducer based on that test case, which I mainly used to debug the bug: workload() { mkfs.btrfs -f $dev > /dev/null dmesg -C trace-cmd clear mount -o compress=zstd $dev $mnt xfs_io -f -c "pwrite -S 0xff 0 256K" -c "sync" $mnt/base > /dev/null cp --reflink=always -p -f $mnt/base $mnt/file $fsx -N 4 -d -k -S 3746842 $mnt/file if [ $? -ne 0 ]; then echo "!!! FSX FAILURE !!!" fail fi csum_before=$(_md5_checksum $mnt/file) stop_trace umount $mnt mount $dev $mnt csum_after=$(_md5_checksum $mnt/file) umount $mnt if [ "$csum_before" != "$csum_after" ]; then echo "!!! CSUM MISMATCH !!!" fail fi } This seed value will cause 100% reproducible csum mismatch after a mount cycle. The seed value results only 2 real operations: Seed set to 3746842 main: filesystem does not support fallocate mode FALLOC_FL_UNSHARE_RANGE, disabling! main: filesystem does not support fallocate mode FALLOC_FL_COLLAPSE_RANGE, disabling! main: filesystem does not support fallocate mode FALLOC_FL_INSERT_RANGE, disabling! main: filesystem does not support exchange range, disabling! main: filesystem does not support dontcache IO, disabling! 2 clone from 0x3b000 to 0x3f000, (0x4000 bytes) at 0x1f000 3 write 0x2975b thru 0x2ba20 (0x22c6 bytes) dontcache=0 All 4 operations completed A-OK! [CAUSE] With extra debug trace_printk(), the following sequence can explain the root cause: fsx-3900290 [002] ..... 161696.160966: btrfs_submit_compressed_read: r/i=5/258 file_off=131072 em start=126976 len=16384 The "r/i" is showing the root id and the ino number. In this case, my minimal reproducer is indeed using inode 258 of subvolume 5, and that's the inode with changing contents. The above trace is from the function btrfs_submit_compressed_read(), triggered by fsx to read the folio at file offset 128K. Notice that the extent map, it's at offset 124K, with a length of 16K. This means the extent map only covers the first 12K (3 blocks) of the folio 128K. fsx-3900290 [002] ..... 161696.160969: trace_dump_cb: btrfs_submit_compressed_read, r/i=5/258 file off start=131072 len=65536 bi_size=65536 This is the line I used to dump the basic info of a bbio, which shows the bi_size is 64K, aka covering the whole 64K folio at file offset 128K. But remember, the extent map only covers 3 blocks, definitely not enough to cover the whole 64K folio at 128K file offset. kworker/u19:1-3748349 [002] ..... 161696.161154: btrfs_decompress_buf2page: r/i=5/258 file_off=131072 copy_len=4096 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161155: btrfs_decompress_buf2page: r/i=5/258 file_off=135168 copy_len=4096 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161156: btrfs_decompress_buf2page: r/i=5/258 file_off=139264 copy_len=4096 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161157: btrfs_decompress_buf2page: r/i=5/258 file_off=143360 copy_len=4096 content=ffff The above lines show that btrfs_decompress_buf2page() called by zstd decompress code is copying the decompressed content into the filemap. But notice that, the last line is already beyond the extent map range. Furthermore, there are no more compressed content copy, as the compressed bio only has the extent map to cover the first 3 blocks (the 4th block copy is already incorrect). kworker/u19:1-3748349 [002] ..... 161696.161161: trace_dump_cb: r/i=5/258 file_pos=131072 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161161: trace_dump_cb: r/i=5/258 file_pos=135168 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=139264 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=143360 content=ffff kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=147456 content=0000 This is the extra dumpping of the compressed bio, after file offset 140K (143360), the content is all zero, which is incorrect. The zero is there because we didn't copy anything into the folio. The root cause of the corruption is, we are submitting a compressed read for a whole folio, but the extent map we get only covers the first 3 blocks, meaning the compressed read path is merging reads that shouldn't be merged. The involved file extents are: item 19 key (258 EXTENT_DATA 126976) itemoff 15143 itemsize 53 generation 9 type 1 (regular) extent data disk byte 13635584 nr 4096 extent data offset 110592 nr 16384 ram 131072 extent compression 3 (zstd) item 20 key (258 EXTENT_DATA 143360) itemoff 15090 itemsize 53 generation 9 type 1 (regular) extent data disk byte 13635584 nr 4096 extent data offset 12288 nr 24576 ram 131072 extent compression 3 (zstd) Note that, both extents at 124K and 140K are pointing to the same compressed extent, but with different offset. This means, we reads of range [124K, 140K) and [140K, 165K) should not be merged. But read merge check function, btrfs_bio_is_contig(), is only checking the disk_bytenr of two compressed reads, as there are not enough info like the involved extent maps to do more comprehensive checks, resulting the incorrect compressed read. Unfortunately this is a long existing bug, way before subpage block size support. But subpage block size support (and experimental large folio support) makes it much easier to detect. If block size equals page size, regular page read will only read one block each time, thus no extent map sharing nor merge. (This means for bs == ps cases, it's still possible to hit the bug with readahead, just we don't have test coverage with content verification for readahead) [FIX] Save the last hit compressed extent map start/len into btrfs_bio_ctrl, and check if the current extent map is the same as the saved one. Here we only save em::start/len to save memory for btrfs_bio_ctrl, as it's using the stack memory, which is a very limited resource inside the kernel. Since the compressed extent maps are never merged, their start/len are unique inside the same inode, thus just checking start/len will be enough to make sure they are the same extent map. If the extent maps do not match, force submitting the current bio, so that the read will never be merged. CC: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- v2: - Only save extent_map::start/len to save memory for btrfs_bio_ctrl It's using on-stack memory which is very limited inside the kernel. - Remove the commit message mentioning of clearing last saved em Since we're using em::start/len, there is no need to clear them. Either we hit the same em::start/len, meaning hitting the same extent map, or we hit a different em, which will have a different start/len. --- fs/btrfs/extent_io.c | 52 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 0c12fd64a1f3..418e3bf40f94 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -131,6 +131,22 @@ struct btrfs_bio_ctrl { */ unsigned long submit_bitmap; struct readahead_control *ractl; + + /* + * The start/len of the last hit compressed extent map. + * + * The current btrfs_bio_is_contig() only uses disk_bytenr as + * the condition to check if the read can be merged with previous + * bio, which is not correct. E.g. two file extents pointing to the + * same extent. + * + * So here we need to do extra check to merge reads that are + * covered by the same extent map. + * Just extent_map::start/len will be enough, as they are unique + * inside the same inode. + */ + u64 last_compress_em_start; + u64 last_compress_em_len; }; /* @@ -957,6 +973,32 @@ static void btrfs_readahead_expand(struct readahead_control *ractl, readahead_expand(ractl, ra_pos, em_end - ra_pos); } +static void save_compressed_em(struct btrfs_bio_ctrl *bio_ctrl, + const struct extent_map *em) +{ + if (btrfs_extent_map_compression(em) == BTRFS_COMPRESS_NONE) + return; + bio_ctrl->last_compress_em_start = em->start; + bio_ctrl->last_compress_em_len = em->len; +} + +static bool is_same_compressed_em(struct btrfs_bio_ctrl *bio_ctrl, + const struct extent_map *em) +{ + /* + * Only if the em is completely the same as the previous one we can merge + * the current folio in the read bio. + * + * Here we only need to compare the em->start/len against saved + * last_compress_em_start/len, as start/len inside an inode are unique, + * and compressed extent maps are never merged. + */ + if (em->start != bio_ctrl->last_compress_em_start || + em->len != bio_ctrl->last_compress_em_len) + return false; + return true; +} + /* * basic readpage implementation. Locked extent state structs are inserted * into the tree that are removed when the IO is done (by the end_io @@ -1080,9 +1122,19 @@ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached, *prev_em_start != em->start) force_bio_submit = true; + /* + * We must ensure we only merge compressed read when the current + * extent map matches the previous one exactly. + */ + if (compress_type != BTRFS_COMPRESS_NONE) { + if (!is_same_compressed_em(bio_ctrl, em)) + force_bio_submit = true; + } + if (prev_em_start) *prev_em_start = em->start; + save_compressed_em(bio_ctrl, em); em_gen = em->generation; btrfs_free_extent_map(em); em = NULL; -- 2.50.1

3 weeks, 5 days

2
2
0 0

September Quote - RFQ

by Sales

Hi, Please provide a quote for your products: Include: 1.Pricing (per unit) 2.Delivery cost & timeline 3.Quote expiry date Deadline: September Thanks! Kamal Prasad Albinayah Trading

3 weeks, 5 days

1
0
0 0

Backport of Patch CVE-2025-21751 to kernel 6.12.43

by Subramaniam, Sujana

Dear Kernel Developers, Hereby we attach patch backported from kernel 6.13 (as proposed by Greg k-h on the full disclosure mailing list) to 6.12 for CVE-2025-21751 vulnerability. This patch was tested on metal and virtual machines and rolled out in production. I hope patch is sufficient for cherry-pick. Please let us know if something has to be updated/modified. Regards, Sujana, Akendo

3 weeks, 5 days

3
2
0 0

[PATCH v3 1/3] drm/nouveau: fix error path in nvkm_gsp_fwsec_v2

by Timur Tabi

Function nvkm_gsp_fwsec_v2() sets 'ret' if the kmemdup() call fails, but it never uses or returns 'ret' after that point. We always need to release the firmware regardless, so do that and then check for error. Fixes: 176fdcbddfd2 ("drm/nouveau/gsp/r535: add support for booting GSP-RM") Cc: stable(a)vger.kernel.org # v6.7+ Signed-off-by: Timur Tabi <ttabi(a)nvidia.com> --- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c index 52412965fac1..5b721bd9d799 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c @@ -209,11 +209,12 @@ nvkm_gsp_fwsec_v2(struct nvkm_gsp *gsp, const char *name, fw->boot_addr = bld->start_tag << 8; fw->boot_size = bld->code_size; fw->boot = kmemdup(bl->data + hdr->data_offset + bld->code_off, fw->boot_size, GFP_KERNEL); - if (!fw->boot) - ret = -ENOMEM; nvkm_firmware_put(bl); + if (!fw->boot) + return -ENOMEM; + /* Patch in interface data. */ return nvkm_gsp_fwsec_patch(gsp, fw, desc->InterfaceOffset, init_cmd); } -- 2.43.0

3 weeks, 5 days

2
1
0 0

FAILED: patch "[PATCH] tls: fix handling of zero-length records on the rx_list" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 62708b9452f8eb77513115b17c4f8d1a22ebf843 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082443-caliber-swung-4d8f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 62708b9452f8eb77513115b17c4f8d1a22ebf843 Mon Sep 17 00:00:00 2001 From: Jakub Kicinski <kuba(a)kernel.org> Date: Tue, 19 Aug 2025 19:19:51 -0700 Subject: [PATCH] tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_list. Next recvmsg() will pick it up from there. Queuing the skb to rx_list after zero-copy decrypt is not possible, since in that case we decrypted directly to the user space buffer, and we don't have an skb to queue (darg.skb points to the ciphertext skb for access to metadata like length). Only data records are allowed zero-copy, and we break the processing loop after each non-data record. So we should never zero-copy and then find out that the record type has changed. The corner case we missed is when the initial record comes from rx_list, and it's zero length. Reported-by: Muhammad Alifa Ramdhan <ramdhan(a)starlabs.sg> Reported-by: Billy Jheng Bing-Jhong <billy(a)starlabs.sg> Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser") Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Link: https://patch.msgid.link/20250820021952.143068-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 51c98a007dda..bac65d0d4e3e 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1808,6 +1808,9 @@ int decrypt_skb(struct sock *sk, struct scatterlist *sgout) return tls_decrypt_sg(sk, NULL, sgout, &darg); } +/* All records returned from a recvmsg() call must have the same type. + * 0 is not a valid content type. Use it as "no type reported, yet". + */ static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm, u8 *control) { @@ -2051,8 +2054,10 @@ int tls_sw_recvmsg(struct sock *sk, if (err < 0) goto end; + /* process_rx_list() will set @control if it processed any records */ copied = err; - if (len <= copied || (copied && control != TLS_RECORD_TYPE_DATA) || rx_more) + if (len <= copied || rx_more || + (control && control != TLS_RECORD_TYPE_DATA)) goto end; target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);

3 weeks, 5 days

3
2
0 0

[REGRESSION] fs: ERR_PTR dereference in expand_files() on v6.12.43

by Nathan Gao

Hi, I noticed an ERR_PTR dereference issue in expand_files() on kernel 6.12.43 when allocating large file descriptor tables. The issue occurs when alloc_fdtable() returns ERR_PTR(-EMFILE) for large nr input, but expand_fdtable() is not properly checking these error returns. dup_fd() seems also have the issue, missing proper ERR_PTR handling. The ERR_PTR return was introduced by d4f9351243c1 ("fs: Prevent file descriptor table allocations exceeding INT_MAX") which adds INT_MAX limit check in alloc_fdtable(). I was able to trigger this with the unshare_test selftest: [ 40.283906] BUG: unable to handle page fault for address: ffffffffffffffe8 ... [ 40.287436] RIP: 0010:expand_files+0x7e/0x1c0 ... [ 40.366211] Kernel panic - not syncing: Fatal exception Looking at the upstream kernel, this can be addressed by Al Viro's fdtable series [1], which added the ERR_PTR handling in this code path. Perhaps backporting this series, especially 1d3b4be ("alloc_fdtable(): change calling conventions.") would help resolve the issue. Thanks for all the work on stable tree. Best, Nathan Gao [1] https://lore.kernel.org/all/20241007173912.GR4017910@ZenIV/ Signed-off-by: Nathan Gao <zcgao(a)amazon.com> -- 2.47.3

3 weeks, 5 days

2
1
0 0

[PATCH v2 4/4] openat2: don't trigger automounts with RESOLVE_NO_XDEV

by Askar Safin

openat2 had a bug: if we pass RESOLVE_NO_XDEV, then openat2 doesn't traverse through automounts, but may still trigger them. (See the link for full bug report with reproducer.) This commit fixes this bug. Link: https://lore.kernel.org/linux-fsdevel/20250817075252.4137628-1-safinaskar@z… Fixes: fddb5d430ad9fa91b49b1 ("open: introduce openat2(2) syscall") Reviewed-by: Aleksa Sarai <cyphar(a)cyphar.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Askar Safin <safinaskar(a)zohomail.com> --- fs/namei.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/namei.c b/fs/namei.c index c23e5a076ab3..bfa8232b94dc 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1449,6 +1449,10 @@ static int follow_automount(struct path *path, int *count, unsigned lookup_flags dentry->d_inode) return -EISDIR; + /* No need to trigger automounts if mountpoint crossing is disabled. */ + if (lookup_flags & LOOKUP_NO_XDEV) + return -EXDEV; + if (count && (*count)++ >= MAXSYMLINKS) return -ELOOP; @@ -1472,6 +1476,10 @@ static int __traverse_mounts(struct path *path, unsigned flags, bool *jumped, /* Allow the filesystem to manage the transit without i_rwsem * being held. */ if (flags & DCACHE_MANAGE_TRANSIT) { + if (lookup_flags & LOOKUP_NO_XDEV) { + ret = -EXDEV; + break; + } ret = path->dentry->d_op->d_manage(path, false); flags = smp_load_acquire(&path->dentry->d_flags); if (ret < 0) -- 2.47.2

3 weeks, 5 days

1
0
0 0

[PATCH V4 mm-hotfixes 2/3] mm: introduce and use {pgd,p4d}_populate_kernel()

by Harry Yoo

Introduce and use {pgd,p4d}_populate_kernel() in core MM code when populating PGD and P4D entries for the kernel address space. These helpers ensure proper synchronization of page tables when updating the kernel portion of top-level page tables. Until now, the kernel has relied on each architecture to handle synchronization of top-level page tables in an ad-hoc manner. For example, see commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct mapping and vmemmap mapping changes"). However, this approach has proven fragile for following reasons: 1) It is easy to forget to perform the necessary page table synchronization when introducing new changes. For instance, commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") overlooked the need to synchronize page tables for the vmemmap area. 2) It is also easy to overlook that the vmemmap and direct mapping areas must not be accessed before explicit page table synchronization. For example, commit 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")) caused crashes by accessing the vmemmap area before calling sync_global_pgds(). To address this, as suggested by Dave Hansen, introduce _kernel() variants of the page table population helpers, which invoke architecture-specific hooks to properly synchronize page tables. These are introduced in a new header file, include/linux/pgalloc.h, so they can be called from common code. They reuse existing infrastructure for vmalloc and ioremap. Synchronization requirements are determined by ARCH_PAGE_TABLE_SYNC_MASK, and the actual synchronization is performed by arch_sync_kernel_mappings(). This change currently targets only x86_64, so only PGD and P4D level helpers are introduced. In theory, PUD and PMD level helpers can be added later if needed by other architectures. Currently this is a no-op, since no architecture sets PGTBL_{PGD,P4D}_MODIFIED in ARCH_PAGE_TABLE_SYNC_MASK. Cc: <stable(a)vger.kernel.org> Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges") Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- include/linux/pgalloc.h | 24 ++++++++++++++++++++++++ include/linux/pgtable.h | 4 ++-- mm/kasan/init.c | 12 ++++++------ mm/percpu.c | 6 +++--- mm/sparse-vmemmap.c | 6 +++--- 5 files changed, 38 insertions(+), 14 deletions(-) create mode 100644 include/linux/pgalloc.h diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h new file mode 100644 index 000000000000..290ab864320f --- /dev/null +++ b/include/linux/pgalloc.h @@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_PGALLOC_H +#define _LINUX_PGALLOC_H + +#include <linux/pgtable.h> +#include <asm/pgalloc.h> + +static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd, + p4d_t *p4d) +{ + pgd_populate(&init_mm, pgd, p4d); + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) + arch_sync_kernel_mappings(addr, addr); +} + +static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d, + pud_t *pud) +{ + p4d_populate(&init_mm, p4d, pud); + if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) + arch_sync_kernel_mappings(addr, addr); +} + +#endif /* _LINUX_PGALLOC_H */ diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index ba699df6ef69..0cf5c6c3e483 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1469,8 +1469,8 @@ static inline void modify_prot_commit_ptes(struct vm_area_struct *vma, unsigned /* * Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values - * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings() - * needs to be called. + * and let generic vmalloc, ioremap and page table update code know when + * arch_sync_kernel_mappings() needs to be called. */ #ifndef ARCH_PAGE_TABLE_SYNC_MASK #define ARCH_PAGE_TABLE_SYNC_MASK 0 diff --git a/mm/kasan/init.c b/mm/kasan/init.c index ced6b29fcf76..8fce3370c84e 100644 --- a/mm/kasan/init.c +++ b/mm/kasan/init.c @@ -13,9 +13,9 @@ #include <linux/mm.h> #include <linux/pfn.h> #include <linux/slab.h> +#include <linux/pgalloc.h> #include <asm/page.h> -#include <asm/pgalloc.h> #include "kasan.h" @@ -191,7 +191,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr, pud_t *pud; pmd_t *pmd; - p4d_populate(&init_mm, p4d, + p4d_populate_kernel(addr, p4d, lm_alias(kasan_early_shadow_pud)); pud = pud_offset(p4d, addr); pud_populate(&init_mm, pud, @@ -212,7 +212,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr, } else { p = early_alloc(PAGE_SIZE, NUMA_NO_NODE); pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } } zero_pud_populate(p4d, addr, next); @@ -251,10 +251,10 @@ int __ref kasan_populate_early_shadow(const void *shadow_start, * puds,pmds, so pgd_populate(), pud_populate() * is noops. */ - pgd_populate(&init_mm, pgd, + pgd_populate_kernel(addr, pgd, lm_alias(kasan_early_shadow_p4d)); p4d = p4d_offset(pgd, addr); - p4d_populate(&init_mm, p4d, + p4d_populate_kernel(addr, p4d, lm_alias(kasan_early_shadow_pud)); pud = pud_offset(p4d, addr); pud_populate(&init_mm, pud, @@ -273,7 +273,7 @@ int __ref kasan_populate_early_shadow(const void *shadow_start, if (!p) return -ENOMEM; } else { - pgd_populate(&init_mm, pgd, + pgd_populate_kernel(addr, pgd, early_alloc(PAGE_SIZE, NUMA_NO_NODE)); } } diff --git a/mm/percpu.c b/mm/percpu.c index d9cbaee92b60..a56f35dcc417 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -3108,7 +3108,7 @@ int __init pcpu_embed_first_chunk(size_t reserved_size, size_t dyn_size, #endif /* BUILD_EMBED_FIRST_CHUNK */ #ifdef BUILD_PAGE_FIRST_CHUNK -#include <asm/pgalloc.h> +#include <linux/pgalloc.h> #ifndef P4D_TABLE_SIZE #define P4D_TABLE_SIZE PAGE_SIZE @@ -3134,13 +3134,13 @@ void __init __weak pcpu_populate_pte(unsigned long addr) if (pgd_none(*pgd)) { p4d = memblock_alloc_or_panic(P4D_TABLE_SIZE, P4D_TABLE_SIZE); - pgd_populate(&init_mm, pgd, p4d); + pgd_populate_kernel(addr, pgd, p4d); } p4d = p4d_offset(pgd, addr); if (p4d_none(*p4d)) { pud = memblock_alloc_or_panic(PUD_TABLE_SIZE, PUD_TABLE_SIZE); - p4d_populate(&init_mm, p4d, pud); + p4d_populate_kernel(addr, p4d, pud); } pud = pud_offset(p4d, addr); diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c index 41aa0493eb03..dbd8daccade2 100644 --- a/mm/sparse-vmemmap.c +++ b/mm/sparse-vmemmap.c @@ -27,9 +27,9 @@ #include <linux/spinlock.h> #include <linux/vmalloc.h> #include <linux/sched.h> +#include <linux/pgalloc.h> #include <asm/dma.h> -#include <asm/pgalloc.h> #include <asm/tlbflush.h> #include "hugetlb_vmemmap.h" @@ -229,7 +229,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node) if (!p) return NULL; pud_init(p); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } return p4d; } @@ -241,7 +241,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node); if (!p) return NULL; - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } return pgd; } -- 2.43.0

3 weeks, 5 days

4
11
0 0

[PATCH v6] mm/slub: avoid accessing metadata when pointer is invalid in object_err()

by Li Qiong

object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempting to access object metadata can lead to a crash since it does not point to a valid object. In case the pointer is NULL or check_valid_pointer() returns false for the pointer, only print the pointer value and skip accessing metadata. Fixes: 81819f0fc828 ("SLUB core") Cc: <stable(a)vger.kernel.org> Signed-off-by: Li Qiong <liqiong(a)nfschina.com> --- v2: - rephrase the commit message, add comment for object_err(). v3: - check object pointer in object_err(). v4: - restore changes in alloc_consistency_checks(). v5: - rephrase message, fix code style. v6: - add checking 'object' if NULL. --- mm/slub.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index 31e11ef256f9..972cf2bb2ee6 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1104,7 +1104,12 @@ static void object_err(struct kmem_cache *s, struct slab *slab, return; slab_bug(s, reason); - print_trailer(s, slab, object); + if (!object || !check_valid_pointer(s, slab, object)) { + print_slab_info(slab); + pr_err("Invalid pointer 0x%p\n", object); + } else { + print_trailer(s, slab, object); + } add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); WARN_ON(1); -- 2.30.2

3 weeks, 5 days

5
6
0 0

[PATCH v2] serial: uartps: do not deassert RS485 RTS GPIO prematurely

by Martin Kaistra

After all bytes to be transmitted have been written to the FIFO register, the hardware might still be busy actually sending them. Thus, wait for the TX FIFO to be empty before starting the timer for the RTS after send delay. Cc: stable(a)vger.kernel.org Fixes: fccc9d9233f9 ("tty: serial: uartps: Add rs485 support to uartps driver") Signed-off-by: Martin Kaistra <martin.kaistra(a)linutronix.de> --- Changes in v2: - Add cc stable - Add timeout drivers/tty/serial/xilinx_uartps.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c index fe457bf1e15bb..e1dd3843d563c 100644 --- a/drivers/tty/serial/xilinx_uartps.c +++ b/drivers/tty/serial/xilinx_uartps.c @@ -429,7 +429,7 @@ static void cdns_uart_handle_tx(void *dev_id) struct uart_port *port = (struct uart_port *)dev_id; struct cdns_uart *cdns_uart = port->private_data; struct tty_port *tport = &port->state->port; - unsigned int numbytes; + unsigned int numbytes, tmout; unsigned char ch; if (kfifo_is_empty(&tport->xmit_fifo) || uart_tx_stopped(port)) { @@ -454,6 +454,13 @@ static void cdns_uart_handle_tx(void *dev_id) if (cdns_uart->port->rs485.flags & SER_RS485_ENABLED && (kfifo_is_empty(&tport->xmit_fifo) || uart_tx_stopped(port))) { + /* Wait for the tx fifo to be actually empty */ + for (tmout = 1000000; tmout; tmout--) { + if (cdns_uart_tx_empty(port) == TIOCSER_TEMT) + break; + udelay(1); + } + hrtimer_update_function(&cdns_uart->tx_timer, cdns_rs485_rx_callback); hrtimer_start(&cdns_uart->tx_timer, ns_to_ktime(cdns_calc_after_tx_delay(cdns_uart)), HRTIMER_MODE_REL); -- 2.39.5

3 weeks, 5 days

2
4
0 0

[PATCH] ACPI: tables: FPDT: Fix memory leak in acpi_init_fpdt()

by Zhen Ni

acpi_put_table() is only called when kobject_create_and_add() or fpdt_process_subtable() fails, but not on the success path. This causes a memory leak if initialization succeeds. Ensure acpi_put_table() is called in all cases by adding a put_table label and routing both success and failure paths through it. Drop the err_subtable label since kobject_put() is only needed when fpdt_process_subtable() fails. Fixes: d1eb86e59be0 ("ACPI: tables: introduce support for FPDT table") Cc: stable(a)vger.kernel.org Signed-off-by: Zhen Ni <zhen.ni(a)easystack.cn> --- drivers/acpi/acpi_fpdt.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/drivers/acpi/acpi_fpdt.c b/drivers/acpi/acpi_fpdt.c index 271092f2700a..c8aea5bb187c 100644 --- a/drivers/acpi/acpi_fpdt.c +++ b/drivers/acpi/acpi_fpdt.c @@ -275,7 +275,7 @@ static int __init acpi_init_fpdt(void) struct acpi_table_header *header; struct fpdt_subtable_entry *subtable; u32 offset = sizeof(*header); - int result; + int result = 0; status = acpi_get_table(ACPI_SIG_FPDT, 0, &header); @@ -285,7 +285,7 @@ static int __init acpi_init_fpdt(void) fpdt_kobj = kobject_create_and_add("fpdt", acpi_kobj); if (!fpdt_kobj) { result = -ENOMEM; - goto err_nomem; + goto put_table; } while (offset < header->length) { @@ -295,8 +295,10 @@ static int __init acpi_init_fpdt(void) case SUBTABLE_S3PT: result = fpdt_process_subtable(subtable->address, subtable->type); - if (result) - goto err_subtable; + if (result) { + kobject_put(fpdt_kobj); + goto put_table; + } break; default: /* Other types are reserved in ACPI 6.4 spec. */ @@ -304,11 +306,8 @@ static int __init acpi_init_fpdt(void) } offset += sizeof(*subtable); } - return 0; -err_subtable: - kobject_put(fpdt_kobj); -err_nomem: +put_table: acpi_put_table(header); return result; } -- 2.20.1

3 weeks, 5 days

2
1
0 0

[PATCH 6.12 000/444] 6.12.43-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.43 release. There are 444 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 20 Aug 2025 12:43:43 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.43-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.43-rc1 Lukas Wunner <lukas(a)wunner.de> PCI: Honor Max Link Speed when determining supported speeds Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> dm: split write BIOs on zone boundaries when zone append is not emulated Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix racy re-initialization of irq_work causing hangs Yu Kuai <yukuai3(a)huawei.com> md: fix create on open mddev lifetime regression Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Allow DCN301 to clear update flags Arnd Bergmann <arnd(a)arndb.de> firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS Jens Axboe <axboe(a)kernel.dk> io_uring/rw: cast rw->flags assignment to rwf_t Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Add link_power_management_supported sysfs attribute Miguel Ojeda <ojeda(a)kernel.org> rust: workaround `rustdoc` target modifiers bug Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: clean output before running `rustdoc` Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C Hrushikesh Salunke <h-salunke(a)ti.com> arm64: dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: Allow PCI bridges to go to D3Hot on all non-x86 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Store all PCIe Supported Link Speeds Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix netns refcount leak after net_passive changes Eric Dumazet <edumazet(a)google.com> net: better track kernel sockets lifetime Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add net_passive_inc() and net_passive_dec(). Thomas Weißschuh <linux(a)weissschuh.net> mfd: cros_ec: Separate charge-control probing from USB-PD Aditya Garg <gargaditya08(a)live.com> HID: apple: avoid setting up battery timer for devices without battery Naman Jain <namjain(a)linux.microsoft.com> tools/hv: fcopy: Fix irregularities with size of ring buffer Mikhail Lobanov <m.lobanov(a)rosa.ru> wifi: mac80211: check basic rates validity in sta_link_apply_parameters Aditya Garg <gargaditya08(a)live.com> HID: magicmouse: avoid setting up battery timer when not needed Pedro Falcato <pfalcato(a)suse.de> RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Willy Tarreau <w(a)1wt.eu> tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Marek Szyprowski <m.szyprowski(a)samsung.com> media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Fix OOB read due to missing payload bound check Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Vlastimil Babka <vbabka(a)suse.cz> mm, slab: restore NUMA policy support for large kmalloc Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Sravan Kumar Gundu <sravankumarlpu(a)gmail.com> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Suren Baghdasaryan <surenb(a)google.com> userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry Andrey Albershteyn <aalbersh(a)redhat.com> xfs: fix scrub trace with null pointer in quotacheck Qu Wenruo <wqu(a)suse.com> btrfs: do not allow relocation of partially dropped subvolumes Boris Burkov <boris(a)bur.io> btrfs: fix iteration bug in __qgroup_excl_accounting() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not select metadata BG as finish target Filipe Manana <fdmanana(a)suse.com> btrfs: error on missing block group when unaccounting log tree extent buffers Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Filipe Manana <fdmanana(a)suse.com> btrfs: clear dirty status from extent buffer on error at insert_new_root() Filipe Manana <fdmanana(a)suse.com> btrfs: don't skip remaining extrefs if dir not found during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Boris Burkov <boris(a)bur.io> btrfs: fix ssd_spread overallocation Filipe Manana <fdmanana(a)suse.com> btrfs: don't ignore inode missing when replaying log tree Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not remove unwritten non-data block group Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction during log replay if walk_log_tree() failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use filesystem size not disk size for reclaim decision Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Zhang Yi <yi.zhang(a)huawei.com> ext4: initialize superblock fields in the kballoc-test.c kunit tests Baokun Li <libaokun1(a)huawei.com> ext4: fix largest free orders lists corruption on mb_optimize_scan switch Baokun Li <libaokun1(a)huawei.com> ext4: fix zombie groups in average fragment size lists Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Prevent ALIGN() overflow Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Alexey Klimov <alexey.klimov(a)linaro.org> iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset iface weights when we cannot find a candidate Christian Marangi <ansuelsmth(a)gmail.com> clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src Damien Le Moal <dlemoal(a)kernel.org> dm: Always split write BIOs to zoned device limits Damien Le Moal <dlemoal(a)kernel.org> block: Introduce bio_needs_zone_write_plugging() Bijan Tabatabai <bijantabatab(a)micron.com> mm/damon/core: commit damos->target_nid Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo YiPeng Chai <YiPeng.Chai(a)amd.com> drm/amdgpu: fix vram reservation issue David Howells <dhowells(a)redhat.com> cifs: Fix collect_sample() to handle any iterator type Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix uninitialized pointer error in probe() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Thomas Croft <thomasmcft(a)gmail.com> ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table Yu Kuai <yukuai3(a)huawei.com> lib/sbitmap: convert shallow_depth from one word to the whole sbitmap Stefan Metzmacher <metze(a)samba.org> smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Handle cap_get_proc() ENOSYS Calvin Owens <calvin(a)wbinvd.org> tools/power turbostat: Fix build with musl Len Brown <len.brown(a)intel.com> tools/power turbostat: Handle non-root legacy-uncore sysfs permissions Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings Artem Sadovnikov <a.sadovnikov(a)ispras.ru> vfio/mlx5: fix possible overflow in tracking max message size John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Generate correct identifiers for PR OUT transport IDs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Keith Busch <kbusch(a)kernel.org> vfio/type1: conditional rescheduling while pinning Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c John Ogness <john.ogness(a)linutronix.de> printk: nbcon: Allow reacquire during panic Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: check the generic conditions first Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add cluster chain loop check for dir fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz John Johansen <john.johansen(a)canonical.com> apparmor: fix x_table_lookup when stacking is not the first entry Mateusz Guzik <mjguzik(a)gmail.com> apparmor: use the condition in AA_BUG_FMT even with debug disabled Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: fix checking for rq stackable devices Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Jorge Marques <jorge.marques(a)analog.com> i3c: master: Initialize ret in i3c_i2c_notifier_call() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Gabriel Totev <gabriel.totev(a)zetier.com> apparmor: shift ouid when mediating hard links in userns Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Petr Pavlu <petr.pavlu(a)suse.com> module: Prevent silent truncation of module name in delete_module(2) Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: Move handle_nested_irq outside of sdw_dev_lock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: cancel pending slave status handling workqueue during remove sequence Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: serialize amd manager resume sequence during pm_prepare Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Postpone updating priv->clks[] Mario Limonciello <mario.limonciello(a)amd.com> crypto: ccp - Add missing bootloader info reg for pspv6 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - add timeout for load_fvc completion poll chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for HP Webcam HD 2300 Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Correctly handle ATA device errors Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Abel Vesa <abel.vesa(a)linaro.org> power: supply: qcom_battmgr: Add lithium-polymer entry Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Daniel Scally <dan.scally(a)ideasonboard.com> media: ipu-bridge: Add _HID for OV5670 Michal Wilczynski <m.wilczynski(a)samsung.com> clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED Shiji Yang <yangshiji66(a)outlook.com> MIPS: lantiq: falcon: sysctrl: fix request memory check logic Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Markus Theil <theil.markus(a)gmail.com> crypto: jitter - fix intermediary handling Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM Hans de Goede <hdegoede(a)redhat.com> media: hi556: Fix reset GPIO timings Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Ziyan Fu <fuzy5(a)lenovo.com> watchdog: iTCO_wdt: Report error if timeout configuration fails Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} George Moussalem <george.moussalem(a)outlook.com> clk: qcom: ipq5018: keep XO clock always on Florin Leotescu <florin.leotescu(a)nxp.com> hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Geraldo Nascimento <geraldogabriel(a)gmail.com> phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Chen-Yu Tsai <wens(a)csie.org> mfd: axp20x: Set explicit ID for AXP313 regulator Pei Xiao <xiaopei01(a)kylinos.cn> clk: tegra: periph: Fix error handling and resolve unsigned compare warning Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - fix dma unmap sequence Yongzhen Zhang <zhangyongzhen(a)kylinos.cn> fbdev: fix potential buffer overflow in do_register_framebuffer() Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Aaron Plattner <aplattner(a)nvidia.com> watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Roman Li <Roman.Li(a)amd.com> drm/amd/display: Disable dsc_power_gate for dcn314 by default Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only finalize atomic_obj if it was initialized Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Will Deacon <will(a)kernel.org> vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Joel Fernandes <joelagnelf(a)nvidia.com> rcu: Fix rcu_read_unlock() deadloop due to IRQ work Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/ttm: Respect the shrinker core free target Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid trying AUX transactions on disconnected ports Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Update DMCUB loading sequence for DCN3.5 Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size Ihor Solodrai <isolodrai(a)meta.com> bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Make dma-fences compliant with the safe access rules Shannon Nelson <shannon.nelson(a)amd.com> ionic: clean dbpage in de-init Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: scan abort when assign/unassign_vif Breno Leitao <leitao(a)debian.org> ptp: Use ratelimite for freerun error message Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix JSON writer resource leak in version command Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent DIS_LEARNING access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: ensure BCM5325 PHYs are enabled Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gal Pressman <gal(a)nvidia.com> net: vlan: Make is_vlan_dev() a stub when VLAN is not configured Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual Heiner Kallweit <hkallweit1(a)gmail.com> dpaa_eth: don't use fixed_phy_change_carrier Nicolas Escande <nico.escande(a)gmail.com> neighbour: add support for NUD_PERMANENT proxy entries Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mark Rutland <mark.rutland(a)arm.com> arm64: stacktrace: Check kretprobe_find_ret_addr() return value Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> powerpc: floppy: Add missing checks after DMA map Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: Decrement TID on RX peer frag setup error handling Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: mac80211: update radar_required in channel context after channel switch Alex Hung <alex.hung(a)amd.com> drm/amd/display: Initialize mode_select to 0 Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Nathan Lynch <nathan.lynch(a)amd.com> lib: packing: Include necessary headers Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: ath12k: Fix station association with MBSSID Non-TX BSS Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Add memset and update default rate value in wmi tx completion Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath10k: shutdown driver when hardware is unreliable Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing RubenKelevra <rubenkelevra(a)gmail.com> net: ieee8021q: fix insufficient table-size assertion Li Chen <chenl311(a)chinatelecom.cn> ACPI: Suppress misleading SPCR console message when SPCR table is absent Eric Work <work.eric(a)gmail.com> net: atlantic: add set_power to fw_ops for atl2 to fix wol Aakash Kumar S <saakashkumar(a)marvell.com> xfrm: Duplicate SPI Handling zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Enable end-to-end flow control also in transmit Matt Roper <matthew.d.roper(a)intel.com> drm/xe/xe_query: Use separate iterator while filling GT list Mark Brown <broonie(a)kernel.org> kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Fix rtw89_mac_power_switch() for USB Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Clear runtime PM errors while resetting the GPU Robin Murphy <robin.murphy(a)arm.com> perf/arm: Add missing .suppress_bind_attrs Yuan Chen <chenyuan(a)kylinos.cn> drm/msm: Add error handling for krealloc in metadata setup Rob Clark <robdclark(a)chromium.org> drm/msm: use trylock for debugfs Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: fix rx link assignment for non-MLO stations Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access Kuniyuki Iwashima <kuniyu(a)google.com> ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Heiko Carstens <hca(a)linux.ibm.com> s390/early: Copy last breaking event address to pt_regs Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: avoid weird state in error path Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't complete management TX on SAE commit Chris Mason <clm(a)fb.com> sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Kamil Horák - 2N <kamilh(a)axis.com> net: phy: bcm54811: PHY initialization Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> um: Re-evaluate thread flags repeatedly Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: set gtk id also in older FWs Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Forget ranges when refining tnum after JSET Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix accounting after global limits change Alok Tiwari <alok.a.tiwari(a)oracle.com> perf/cxlpmu: Remove unintended newline from IRQ name format string Biju Das <biju.das.jz(a)bp.renesas.com> net: phy: micrel: Add ksz9131_resume() Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unreserve never reserved chanctx Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Prevent duplicate binds Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: ti_hecc: fix -Woverflow compiler warning Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: limit clear_update_flags to dcn32 and above Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Umio Yasuno <coelacanth_dream(a)protonmail.com> drm/amd/pm: fix null pointer access Breno Leitao <leitao(a)debian.org> arm64: Mark kernel as tainted on SAE and SError panic Jack Ping CHNG <jchng(a)maxlinear.com> net: pcs: xpcs: mask readl() return value to 16 bits Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Properly access RCU protected qdisc_sleeping variable Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB Chin-Yen Lee <timlee(a)realtek.com> wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: preserve coalescing settings across resets Eduard Zingerman <eddyz87(a)gmail.com> libbpf: Verify that arena map exists when adding arena relocations Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Correct tid cleanup when tid setup fails Oliver Neukum <oneukum(a)suse.com> net: usb: cdc-ncm: check for filtering capability Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Zijun Hu <zijun.hu(a)oss.qualcomm.com> Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 Ben Hutchings <benh(a)debian.org> bootconfig: Fix unaligned access when building footer Steven Rostedt <rostedt(a)goodmis.org> powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps Srinivas Kandagatla <srini(a)kernel.org> ASoC: qcom: use drvdata instead of component to keep id Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Actually use the e_phoff Krzysztof Hałasa <khalasa(a)piap.pl> imx8m-blk-ctrl: set ISI panic write hurry level Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Joseph Tilahun <jtilahun(a)astranis.com> tty: serial: fix print format specifiers Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable jack polling at shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Handle the jack polling always via a work Gwendal Grignou <gwendal(a)chromium.org> platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Hans de Goede <hansg(a)kernel.org> mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Fix improper and inaccurate error code returned by misc_init() Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Eliav Farber <farbere(a)amazon.com> pps: clients: gpio: fix interrupt handling order in remove path Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> selftests: vDSO: vdso_test_getrandom: Always print TAP header Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Thierry Reding <treding(a)nvidia.com> firmware: tegra: Fix IVC dependency problems Peng Fan <peng.fan(a)nxp.com> firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume Zhu Qiyu <qiyuzhu2(a)amd.com> ACPI: PRM: Reduce unnecessary printing to avoid user confusion Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/build: Fix s390(x) cross-compilation with clang Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Michael Walle <mwalle(a)kernel.org> mfd: tps6594: Add TI TPS652G1 support Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: don't overallocate scan buffer Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: define time_t in terms of __kernel_old_time_t David Collins <david.collins(a)oss.qualcomm.com> thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Clear the ECC counters on init Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Li RongQing <lirongqing(a)baidu.com> cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Guillaume La Roque <glaroque(a)baylibre.com> pmdomain: ti: Select PM_GENERIC_DOMAINS André Draszik <andre.draszik(a)linaro.org> usb: typec: tcpm/tcpci_maxim: fix irq wake usage Hiago De Franco <hiago.franco(a)toradex.com> remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Maulik Shah <maulik.shah(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Add RSC version 4 support Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: initialize tzmem before marking SCM as available Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Steven Rostedt <rostedt(a)goodmis.org> tracefs: Add d_delete to remove negative dentries Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Al Viro <viro(a)zeniv.linux.org.uk> fix locking in efi_secret_unlink() Wei Gao <wegao(a)suse.com> ext2: Handle fiemap on empty files to prevent EINVAL Christian Brauner <brauner(a)kernel.org> pidfs: raise SB_I_NODEV and SB_I_NOEXEC Xiao Ni <xni(a)redhat.com> md: Don't clear MD_CLOSING until mddev is freed Rong Zhang <ulin0208(a)gmail.com> fs/ntfs3: correctly create symlink for relative path Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add sanity check for file name Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disable DIPM if host lacks support Damien Le Moal <dlemoal(a)kernel.org> ata: ahci: Disallow LPM policy control if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Jan Kara <jack(a)suse.cz> loop: Avoid updating block size under exclusive owner Xiao Ni <xni(a)redhat.com> md: call del_gendisk in control path Andrew Price <anprice(a)redhat.com> gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Andrew Price <anprice(a)redhat.com> gfs2: Validate i_depth for exhash directories Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: log TLS handshake failures at error level John Garry <john.g.garry(a)oracle.com> md/raid10: set chunk_sectors limit John Garry <john.g.garry(a)oracle.com> dm-stripe: limit chunk_sectors to the stripe size Keith Busch <kbusch(a)kernel.org> nvme-pci: try function level reset on init failure NeilBrown <neil(a)brown.name> smb/server: avoid deadlock when linking with ReplaceIfExists Yeoreum Yun <yeoreum.yun(a)arm.com> firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix general protection fault in hfs_find_init() Sven Stegemann <sven(a)stegemann.de> net: kcm: Fix race condition in kcm_unattach() Jakub Kicinski <kuba(a)kernel.org> tls: handle data disappearing from under the TLS ULP Jeongjun Park <aha310510(a)gmail.com> ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Len Brown <len.brown(a)intel.com> intel_idle: Allow loading ACPI tables for any family Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ti: icss-iep: Fix incorrect type for return value in extts_enable() MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix emac link speed handling Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Jinjiang Tu <tujinjiang(a)huawei.com> mm/smaps: fix race between smaps_hugetlb_range and migration Al Viro <viro(a)zeniv.linux.org.uk> habanalabs: fix UAF in export_dmabuf() Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Maxim Levitsky <mlevitsk(a)redhat.com> KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter Sean Christopherson <seanjc(a)google.com> KVM: VMX: Extract checking of guest's DEBUGCTL into helper Sean Christopherson <seanjc(a)google.com> KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported Sean Christopherson <seanjc(a)google.com> KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag Sean Christopherson <seanjc(a)google.com> KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap Stefan Metzmacher <metze(a)samba.org> smb: client: don't wait for info->send_pending == 0 on error Stefan Metzmacher <metze(a)samba.org> smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() Li Zhijian <lizhijian(a)fujitsu.com> mm/memory-tier: fix abstract distance calculation overflow Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Jann Horn <jannh(a)google.com> eventpoll: Fix semi-unbounded recursion Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Eric Biggers <ebiggers(a)kernel.org> fscrypt: Don't use problematic non-inline crypto engines André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock André Draszik <andre.draszik(a)linaro.org> clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD André Draszik <andre.draszik(a)linaro.org> clk: samsung: exynos850: fix a comment Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Yao Zi <ziyao(a)disroot.org> LoongArch: Avoid in-place string operation on FDT content Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Make relocate_new_kernel_size be a .quad value Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> LoongArch: Don't use %pK through printk() in unwinder Haoran Jiang <jianghaoran(a)kylinos.cn> LoongArch: BPF: Fix jump offset calculation in tailcall Huacai Chen <chenhuacai(a)kernel.org> PCI: Extend isolated function probing to LoongArch Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Xu Yang <xu.yang_2(a)nxp.com> net: usb: asix_devices: add phy_mask for ax88772 mdio bus Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: ti: icss-iep: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> net: mtk_eth_soc: fix device leak at probe Johan Hovold <johan(a)kernel.org> net: enetc: fix device and OF node leak at probe Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Heiner Kallweit <hkallweit1(a)gmail.com> net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect Florian Larysch <fl(a)n621.de> net: phy: micrel: fix KSZ8081/KSZ8091 cable test Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Daniel Golle <daniel(a)makrotopia.org> Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> leds: flash: leds-qcom-flash: Fix registry access after re-bind David Thompson <davthompson(a)nvidia.com> gpio: mlxbf3: use platform_get_irq_optional() David Thompson <davthompson(a)nvidia.com> Revert "gpio: mlxbf3: only get IRQ for device instance 0" David Thompson <davthompson(a)nvidia.com> gpio: mlxbf2: use platform_get_irq_optional() Harald Mommer <harald.mommer(a)oss.qualcomm.com> gpio: virtio: Fix config space reading. Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: remove redundant lstrp update in negotiate protocol Steve French <stfrench(a)microsoft.com> smb3: fix for slab out of bounds on mount to ksmbd Christopher Eby <kreed(a)kreed.org> ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI ------------- Diffstat: Documentation/filesystems/fscrypt.rst | 37 +++---- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Makefile | 4 +- arch/arm/mach-rockchip/platsmp.c | 15 +-- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 4 +- arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/kernel/acpi.c | 10 +- arch/arm64/kernel/stacktrace.c | 2 + arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/arm64/mm/ptdump_debugfs.c | 3 - arch/loongarch/kernel/env.c | 13 ++- arch/loongarch/kernel/relocate_kernel.S | 2 +- arch/loongarch/kernel/unwind_orc.c | 2 +- arch/loongarch/net/bpf_jit.c | 21 +--- arch/mips/include/asm/vpe.h | 8 ++ arch/mips/kernel/process.c | 16 +-- arch/mips/lantiq/falcon/sysctrl.c | 23 ++--- arch/parisc/Makefile | 2 +- arch/powerpc/include/asm/floppy.h | 5 +- arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/riscv/mm/ptdump.c | 3 - arch/s390/include/asm/timex.h | 13 ++- arch/s390/kernel/early.c | 1 + arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/um/include/asm/thread_info.h | 4 + arch/um/kernel/process.c | 18 ++-- arch/x86/include/asm/kvm-x86-ops.h | 1 - arch/x86/include/asm/kvm_host.h | 15 ++- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kvm/svm/svm.c | 14 +-- arch/x86/kvm/vmx/main.c | 3 +- arch/x86/kvm/vmx/nested.c | 21 +++- arch/x86/kvm/vmx/pmu_intel.c | 8 +- arch/x86/kvm/vmx/vmx.c | 57 ++++++----- arch/x86/kvm/vmx/vmx.h | 26 +++++ arch/x86/kvm/vmx/x86_ops.h | 2 +- arch/x86/kvm/x86.c | 25 ++++- block/bfq-iosched.c | 35 +++---- block/bfq-iosched.h | 3 +- block/blk-mq.c | 6 +- block/blk-settings.c | 2 +- block/blk-zoned.c | 20 +--- block/kyber-iosched.c | 9 +- block/mq-deadline.c | 16 +-- crypto/jitterentropy-kcapi.c | 9 +- drivers/accel/habanalabs/common/memory.c | 23 ++--- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 13 +++ drivers/acpi/prmt.c | 26 ++++- drivers/acpi/processor_perflib.c | 11 +++ drivers/ata/ahci.c | 12 ++- drivers/ata/ata_piix.c | 1 + drivers/ata/libahci.c | 1 + drivers/ata/libata-sata.c | 52 ++++++++-- drivers/base/power/runtime.c | 5 + drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/loop.c | 38 ++++++-- drivers/block/sunvdc.c | 4 +- drivers/bluetooth/btusb.c | 2 + drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 ++++++++---- drivers/char/misc.c | 4 +- drivers/clk/qcom/gcc-ipq5018.c | 2 +- drivers/clk/qcom/gcc-ipq8074.c | 6 +- drivers/clk/renesas/rzg2l-cpg.c | 8 +- drivers/clk/samsung/clk-exynos850.c | 2 +- drivers/clk/samsung/clk-gs101.c | 4 +- drivers/clk/tegra/clk-periph.c | 4 +- drivers/clk/thead/clk-th1520-ap.c | 5 +- drivers/comedi/comedi_fops.c | 33 +++++-- drivers/comedi/comedi_internal.h | 1 + drivers/comedi/drivers.c | 13 ++- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 8 +- drivers/cpufreq/intel_pstate.c | 2 + drivers/cpuidle/governors/menu.c | 21 +++- drivers/crypto/ccp/sp-pci.c | 1 + drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 ++- drivers/devfreq/governor_userspace.c | 6 +- drivers/dma/stm32/stm32-dma.c | 2 +- drivers/edac/synopsys_edac.c | 93 +++++++++--------- drivers/firmware/arm_ffa/driver.c | 2 +- drivers/firmware/arm_scmi/scmi_power_control.c | 22 ++++- drivers/firmware/qcom/qcom_scm.c | 53 +++++----- drivers/firmware/tegra/Kconfig | 5 +- drivers/gpio/gpio-mlxbf2.c | 2 +- drivers/gpio/gpio-mlxbf3.c | 52 ++++------ drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-virtio.c | 9 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 6 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +-- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +- .../display/dc/resource/dcn314/dcn314_resource.c | 1 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +-- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +++---- drivers/gpu/drm/imagination/pvr_power.c | 59 +++++++++++- drivers/gpu/drm/msm/msm_drv.c | 9 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/msm/msm_gem.h | 6 ++ drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 + drivers/gpu/drm/ttm/ttm_pool.c | 8 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 + drivers/gpu/drm/xe/xe_guc_submit.c | 7 +- drivers/gpu/drm/xe/xe_hw_fence.c | 3 + drivers/gpu/drm/xe/xe_query.c | 27 +++--- drivers/hid/hid-apple.c | 17 ++-- drivers/hid/hid-magicmouse.c | 56 +++++++---- drivers/hwmon/emc2305.c | 10 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 4 +- drivers/idle/intel_idle.c | 2 +- drivers/iio/adc/ad7768-1.c | 23 ++++- drivers/iio/adc/ad_sigma_delta.c | 2 +- drivers/infiniband/core/nldev.c | 22 +++-- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +++++---- drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/intel/iommu.c | 19 +++- drivers/iommu/intel/iommu.h | 3 + drivers/iommu/iommufd/io_pagetable.c | 48 +++++---- drivers/leds/flash/leds-qcom-flash.c | 15 ++- drivers/leds/leds-lp50xx.c | 11 ++- drivers/leds/trigger/ledtrig-netdev.c | 16 +-- drivers/md/dm-ps-historical-service-time.c | 4 +- drivers/md/dm-ps-queue-length.c | 4 +- drivers/md/dm-ps-round-robin.c | 4 +- drivers/md/dm-ps-service-time.c | 4 +- drivers/md/dm-stripe.c | 1 + drivers/md/dm-table.c | 10 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 37 ++++--- drivers/md/md.c | 51 ++++++---- drivers/md/md.h | 26 ++++- drivers/md/raid10.c | 1 + drivers/media/dvb-frontends/dib7000p.c | 8 ++ drivers/media/i2c/hi556.c | 7 +- drivers/media/i2c/tc358743.c | 86 ++++++++++------- drivers/media/pci/intel/ipu-bridge.c | 2 + drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +++++++++++----- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 ++ drivers/media/usb/uvc/uvc_driver.c | 12 +++ drivers/media/usb/uvc/uvc_video.c | 21 ++-- drivers/media/v4l2-core/v4l2-common.c | 14 ++- drivers/mfd/axp20x.c | 3 +- drivers/mfd/cros_ec_dev.c | 10 +- drivers/mfd/tps6594-core.c | 88 +++++++++++++++-- drivers/mfd/tps6594-i2c.c | 10 +- drivers/mfd/tps6594-spi.c | 10 +- drivers/misc/cardreader/rtsx_usb.c | 16 +-- drivers/misc/mei/bus.c | 6 ++ drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-msm.c | 14 +++ drivers/net/can/ti_hecc.c | 2 +- drivers/net/dsa/b53/b53_common.c | 76 ++++++++++++--- drivers/net/dsa/b53/b53_regs.h | 7 +- drivers/net/ethernet/agere/et131x.c | 36 +++++++ drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 + .../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 ++++++++ drivers/net/ethernet/atheros/ag71xx.c | 9 ++ drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/faraday/ftgmac100.c | 7 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 ++- drivers/net/ethernet/freescale/fec_main.c | 34 +++---- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/intel/idpf/idpf.h | 19 ++++ drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +++++-- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +++- drivers/net/ethernet/intel/idpf/idpf_main.c | 1 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 ++- drivers/net/ethernet/mediatek/mtk_wed.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +- drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +++-- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 ++ drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 +++++- drivers/net/pcs/pcs-xpcs-plat.c | 4 +- drivers/net/phy/broadcom.c | 25 ++++- drivers/net/phy/micrel.c | 12 ++- drivers/net/phy/smsc.c | 1 + drivers/net/thunderbolt/main.c | 21 ++-- drivers/net/usb/asix_devices.c | 1 + drivers/net/usb/cdc_ncm.c | 20 +++- drivers/net/wireless/ath/ath10k/core.c | 48 ++++++++- drivers/net/wireless/ath/ath10k/core.h | 11 ++- drivers/net/wireless/ath/ath10k/mac.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 6 ++ drivers/net/wireless/ath/ath12k/dp.c | 3 +- drivers/net/wireless/ath/ath12k/hw.c | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 1 + drivers/net/wireless/ath/ath12k/wmi.c | 5 + drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 25 +++-- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +++-- drivers/net/wireless/realtek/rtw89/chan.c | 6 ++ drivers/net/wireless/realtek/rtw89/fw.c | 9 +- drivers/net/wireless/realtek/rtw89/fw.h | 2 + drivers/net/wireless/realtek/rtw89/mac.c | 19 ++++ drivers/net/wireless/realtek/rtw89/reg.h | 1 + drivers/net/wireless/realtek/rtw89/wow.c | 5 +- drivers/net/xen-netfront.c | 5 - drivers/nvme/host/pci.c | 24 ++++- drivers/nvme/host/tcp.c | 11 ++- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 94 ++++++++++++------ drivers/pci/pci.h | 1 + drivers/pci/probe.c | 5 +- drivers/perf/arm-cmn.c | 1 + drivers/perf/arm-ni.c | 1 + drivers/perf/cxl_pmu.c | 2 +- drivers/phy/rockchip/phy-rockchip-pcie.c | 3 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/platform/chrome/cros_ec_sensorhub.c | 23 ++++- drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++ drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 ++ drivers/pmdomain/ti/Kconfig | 2 +- drivers/power/supply/qcom_battmgr.c | 2 + drivers/pps/clients/pps-gpio.c | 5 +- drivers/ptp/ptp_clock.c | 2 +- drivers/ptp/ptp_private.h | 5 + drivers/ptp/ptp_vclock.c | 7 ++ drivers/remoteproc/imx_rproc.c | 4 +- drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 15 ++- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +- drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +++- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++++ drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 +++++++++--- drivers/soc/qcom/mdt_loader.c | 10 +- drivers/soc/qcom/rpmh-rsc.c | 2 +- drivers/soundwire/amd_manager.c | 7 +- drivers/soundwire/bus.c | 6 +- drivers/target/target_core_fabric_lib.c | 65 ++++++++++--- drivers/target/target_core_internal.h | 4 +- drivers/target/target_core_pr.c | 18 ++-- drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +++++++-- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/serial_core.c | 44 ++++----- drivers/usb/class/cdc-acm.c | 11 ++- drivers/usb/core/config.c | 10 +- drivers/usb/core/urb.c | 2 +- drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-ring.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 ++++++--- drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vfio/pci/mlx5/cmd.c | 4 +- drivers/vfio/vfio_iommu_type1.c | 7 ++ drivers/vhost/vhost.c | 3 + drivers/video/fbdev/core/fbcon.c | 9 +- drivers/video/fbdev/core/fbmem.c | 3 + drivers/virt/coco/efi_secret/efi_secret.c | 10 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/iTCO_wdt.c | 6 +- drivers/watchdog/sbsa_gwdt.c | 50 +++++++++- fs/btrfs/block-group.c | 27 +++++- fs/btrfs/ctree.c | 1 + fs/btrfs/extent-tree.c | 33 ++++--- fs/btrfs/qgroup.c | 13 ++- fs/btrfs/relocation.c | 19 ++++ fs/btrfs/transaction.c | 6 +- fs/btrfs/tree-log.c | 107 ++++++++++++++------- fs/btrfs/zoned.c | 5 +- fs/crypto/fscrypt_private.h | 17 ++++ fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 +- fs/crypto/keysetup_v1.c | 3 +- fs/eventpoll.c | 60 +++++++++--- fs/exfat/dir.c | 12 +++ fs/exfat/fatent.c | 10 ++ fs/exfat/namei.c | 5 + fs/exfat/super.c | 32 +++--- fs/ext2/inode.c | 12 ++- fs/ext4/inline.c | 19 +++- fs/ext4/mballoc-test.c | 9 ++ fs/ext4/mballoc.c | 69 ++++++------- fs/f2fs/file.c | 24 ++--- fs/file.c | 15 +++ fs/gfs2/dir.c | 6 +- fs/gfs2/glops.c | 6 ++ fs/gfs2/meta_io.c | 2 + fs/hfs/bfind.c | 3 + fs/hfs/bnode.c | 93 ++++++++++++++++++ fs/hfs/btree.c | 57 ++++++++--- fs/hfs/extent.c | 2 +- fs/hfs/hfs_fs.h | 1 + fs/hfsplus/bnode.c | 92 ++++++++++++++++++ fs/hfsplus/unicode.c | 7 ++ fs/hfsplus/xattr.c | 6 +- fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 6 ++ fs/libfs.c | 4 +- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +++- fs/nfs/client.c | 44 ++++++++- fs/nfs/internal.h | 2 +- fs/nfs/nfs4client.c | 20 +--- fs/nfs/nfs4proc.c | 2 +- fs/nfs/pnfs.c | 11 ++- fs/nfsd/nfs4state.c | 34 ++++++- fs/ntfs3/dir.c | 3 + fs/ntfs3/inode.c | 31 +++--- fs/orangefs/orangefs-debugfs.c | 2 +- fs/pidfs.c | 2 + fs/proc/task_mmu.c | 6 +- fs/smb/client/cifssmb.c | 10 ++ fs/smb/client/compress.c | 61 +++--------- fs/smb/client/connect.c | 10 +- fs/smb/client/sess.c | 9 ++ fs/smb/client/smb2ops.c | 11 ++- fs/smb/client/smbdirect.c | 25 ++--- fs/smb/server/smb2pdu.c | 16 +-- fs/tracefs/inode.c | 11 +++ fs/udf/super.c | 13 ++- fs/xfs/scrub/trace.h | 2 +- include/linux/blk_types.h | 6 +- include/linux/blkdev.h | 55 +++++++++++ include/linux/hypervisor.h | 3 + include/linux/if_vlan.h | 21 ++-- include/linux/libata.h | 1 + include/linux/memory-tiers.h | 2 +- include/linux/mfd/tps6594.h | 1 + include/linux/packing.h | 6 +- include/linux/pci.h | 16 ++- include/linux/sbitmap.h | 6 +- include/linux/skbuff.h | 8 +- include/linux/usb/cdc_ncm.h | 1 + include/linux/virtio_vsock.h | 7 +- include/net/cfg80211.h | 2 +- include/net/kcm.h | 1 - include/net/mac80211.h | 4 + include/net/neighbour.h | 1 + include/net/net_namespace.h | 16 +++ include/net/sock.h | 1 + include/trace/events/thp.h | 2 + include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- include/uapi/linux/pci_regs.h | 1 + io_uring/rw.c | 2 +- kernel/bpf/verifier.c | 7 +- kernel/module/main.c | 10 +- kernel/power/console.c | 7 +- kernel/printk/nbcon.c | 63 +++++++----- kernel/rcu/tree.c | 2 + kernel/rcu/tree.h | 14 ++- kernel/rcu/tree_nocb.h | 5 +- kernel/rcu/tree_plugin.h | 44 ++++++--- kernel/sched/deadline.c | 4 +- kernel/sched/fair.c | 19 +++- kernel/sched/rt.c | 6 ++ lib/sbitmap.c | 56 +++++------ mm/damon/core.c | 1 + mm/kmemleak.c | 10 +- mm/ptdump.c | 2 + mm/slub.c | 7 +- mm/userfaultfd.c | 15 +-- net/bluetooth/hci_sock.c | 2 +- net/core/ieee8021q_helpers.c | 44 +++------ net/core/neighbour.c | 12 ++- net/core/net_namespace.c | 8 +- net/core/sock.c | 27 +++++- net/ipv4/route.c | 1 - net/ipv4/udp_offload.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/mcast.c | 11 +-- net/kcm/kcmsock.c | 10 +- net/mac80211/cfg.c | 12 +-- net/mac80211/chan.c | 1 + net/mac80211/link.c | 9 +- net/mac80211/mlme.c | 12 ++- net/mac80211/rx.c | 12 ++- net/mctp/af_mctp.c | 28 +++++- net/mptcp/subflow.c | 5 +- net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/nf_conntrack_netlink.c | 24 ++--- net/netfilter/nft_set_pipapo.c | 9 +- net/netlink/af_netlink.c | 12 +-- net/rds/tcp.c | 8 +- net/sched/sch_ets.c | 11 ++- net/sctp/input.c | 2 +- net/smc/af_smc.c | 5 +- net/sunrpc/svcsock.c | 5 +- net/sunrpc/xprtsock.c | 8 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 11 ++- net/tls/tls_sw.c | 3 +- net/vmw_vsock/virtio_transport.c | 2 +- net/wireless/mlme.c | 3 +- net/xfrm/xfrm_state.c | 74 ++++++++------ rust/Makefile | 13 ++- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/apparmor/domain.c | 52 +++++----- security/apparmor/file.c | 6 +- security/apparmor/include/lib.h | 6 +- security/inode.c | 2 - sound/core/pcm_native.c | 19 +++- sound/pci/hda/hda_codec.c | 44 +++------ sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_realtek.c | 3 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 20 ++-- sound/soc/intel/avs/core.c | 3 +- sound/soc/qcom/lpass-platform.c | 27 ++++-- sound/soc/soc-core.c | 3 + sound/soc/soc-dapm.c | 4 + sound/soc/sof/topology.c | 15 ++- sound/usb/mixer_quirks.c | 14 +-- sound/usb/stream.c | 25 ++++- sound/usb/validate.c | 12 +++ tools/bootconfig/main.c | 24 ++--- tools/bpf/bpftool/main.c | 6 +- tools/hv/hv_fcopy_uio_daemon.c | 91 ++++++++++++++++-- tools/include/nolibc/std.h | 4 +- tools/include/nolibc/types.h | 4 +- tools/lib/bpf/libbpf.c | 5 + .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/power/x86/turbostat/turbostat.c | 14 ++- tools/scripts/Makefile.include | 4 +- tools/testing/ktest/ktest.pl | 5 +- tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +- tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +- .../selftests/bpf/prog_tests/user_ringbuf.c | 10 +- .../selftests/bpf/progs/test_ringbuf_write.c | 4 +- .../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 +++ tools/testing/selftests/net/netfilter/config | 2 +- tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +- 473 files changed, 4331 insertions(+), 1862 deletions(-)

3 weeks, 5 days

14
459
0 0

[PATCH] firmware: exynos-acpm: fix PMIC returned errno

by Tudor Ambarus

ACPM PMIC command handlers returned a u8 value when they should have returned either zero or negative error codes. Translate the APM PMIC errno to linux errno. Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/linux-input/aElHlTApXj-W_o1r@stanley.mountain/ Fixes: a88927b534ba ("firmware: add Exynos ACPM protocol driver") Cc: stable(a)vger.kernel.org Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> --- drivers/firmware/samsung/exynos-acpm-pmic.c | 36 +++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/drivers/firmware/samsung/exynos-acpm-pmic.c b/drivers/firmware/samsung/exynos-acpm-pmic.c index 39b33a356ebd240506b6390163229a70a2d1fe68..a355ee194027c09431f275f0fd296f45652af536 100644 --- a/drivers/firmware/samsung/exynos-acpm-pmic.c +++ b/drivers/firmware/samsung/exynos-acpm-pmic.c @@ -5,6 +5,7 @@ * Copyright 2024 Linaro Ltd. */ #include <linux/bitfield.h> +#include <linux/errno.h> #include <linux/firmware/samsung/exynos-acpm-protocol.h> #include <linux/ktime.h> #include <linux/types.h> @@ -33,6 +34,26 @@ enum exynos_acpm_pmic_func { ACPM_PMIC_BULK_WRITE, }; +enum acpm_pmic_error_codes { + ACPM_PMIC_SUCCESS = 0, + ACPM_PMIC_ERR_READ = 1, + ACPM_PMIC_ERR_WRITE = 2, + ACPM_PMIC_ERR_MAX +}; + +static int acpm_pmic_linux_errmap[ACPM_PMIC_ERR_MAX] = { + 0, /* ACPM_PMIC_SUCCESS */ + -EACCES, /* Read register can't be accessed or issues to access it. */ + -EACCES, /* Write register can't be accessed or issues to access it. */ +}; + +static inline int acpm_pmic_to_linux_errno(int errno) +{ + if (errno >= ACPM_PMIC_SUCCESS && errno < ACPM_PMIC_ERR_MAX) + return acpm_pmic_linux_errmap[errno]; + return -EIO; +} + static inline u32 acpm_pmic_set_bulk(u32 data, unsigned int i) { return (data & ACPM_PMIC_BULK_MASK) << (ACPM_PMIC_BULK_SHIFT * i); @@ -79,7 +100,8 @@ int acpm_pmic_read_reg(const struct acpm_handle *handle, *buf = FIELD_GET(ACPM_PMIC_VALUE, xfer.rxd[1]); - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN, + xfer.rxd[1])); } static void acpm_pmic_init_bulk_read_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -110,7 +132,8 @@ int acpm_pmic_bulk_read(const struct acpm_handle *handle, if (ret) return ret; - ret = FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + ret = acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN, + xfer.rxd[1])); if (ret) return ret; @@ -150,7 +173,8 @@ int acpm_pmic_write_reg(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN, + xfer.rxd[1])); } static void acpm_pmic_init_bulk_write_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -190,7 +214,8 @@ int acpm_pmic_bulk_write(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN, + xfer.rxd[1])); } static void acpm_pmic_init_update_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -220,5 +245,6 @@ int acpm_pmic_update_reg(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN, + xfer.rxd[1])); } --- base-commit: c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9 change-id: 20250820-acpm-pmix-fix-errno-92b3e6e17d1b Best regards, -- Tudor Ambarus <tudor.ambarus(a)linaro.org>

3 weeks, 5 days

2
2
0 0

[PATCH AUTOSEL 6.16-5.15] fs: writeback: fix use-after-free in __mark_inode_dirty()

by Sasha Levin

From: Jiufei Xue <jiufei.xue(a)samsung.com> [ Upstream commit d02d2c98d25793902f65803ab853b592c7a96b29 ] An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1 ...... pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __mark_inode_dirty+0x124/0x418 lr : __mark_inode_dirty+0x118/0x418 sp : ffffffc08c9dbbc0 ........ Call trace: __mark_inode_dirty+0x124/0x418 generic_update_time+0x4c/0x60 file_modified+0xcc/0xd0 ext4_buffered_write_iter+0x58/0x124 ext4_file_write_iter+0x54/0x704 vfs_write+0x1c0/0x308 ksys_write+0x74/0x10c __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x114 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x40/0xe4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x194/0x198 Root cause is: systemd-random-seed kworker ---------------------------------------------------------------------- ___mark_inode_dirty inode_switch_wbs_work_fn spin_lock(&inode->i_lock); inode_attach_wb locked_inode_to_wb_and_lock_list get inode->i_wb spin_unlock(&inode->i_lock); spin_lock(&wb->list_lock) spin_lock(&inode->i_lock) inode_io_list_move_locked spin_unlock(&wb->list_lock) spin_unlock(&inode->i_lock) spin_lock(&old_wb->list_lock) inode_do_switch_wbs spin_lock(&inode->i_lock) inode->i_wb = new_wb spin_unlock(&inode->i_lock) spin_unlock(&old_wb->list_lock) wb_put_many(old_wb, nr_switched) cgwb_release old wb released wb_wakeup_delayed() accesses wb, then trigger the use-after-free issue Fix this race condition by holding inode spinlock until wb_wakeup_delayed() finished. Signed-off-by: Jiufei Xue <jiufei.xue(a)samsung.com> Link: https://lore.kernel.org/20250728100715.3863241-1-jiufei.xue@samsung.com Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: Based on my thorough analysis of the commit and the kernel code, here's my assessment: **Backport Status: YES** ## Extensive Explanation: This commit fixes a **critical use-after-free vulnerability** in the writeback subsystem that should definitely be backported to stable kernel trees. Here's why: ### 1. **Real Security Bug with Clear Impact** The commit fixes a genuine use-after-free vulnerability that occurs in `__mark_inode_dirty()`. The bug manifests as a kernel crash with a clear call trace showing memory corruption. This is not a theoretical issue - it has been observed in production (kernel 6.6.56). ### 2. **Race Condition Details** The race condition occurs between two concurrent operations: - **Thread A** (`__mark_inode_dirty`): Gets a reference to `inode->i_wb`, releases the inode lock, then calls `wb_wakeup_delayed(wb)` - **Thread B** (`inode_switch_wbs_work_fn`): Switches the inode's writeback context, releases the old wb via `wb_put_many()`, which can trigger `cgwb_release` and free the wb structure The vulnerability window exists because Thread A accesses the wb structure (`wb_wakeup_delayed(wb)`) after releasing the inode lock but before completing its operation, while Thread B can free that same wb structure in parallel. ### 3. **Minimal and Contained Fix** The fix is remarkably simple and surgical - it only reorders lock releases: ```c - spin_unlock(&wb->list_lock); - spin_unlock(&inode->i_lock); - trace_writeback_dirty_inode_enqueue(inode); - if (wakeup_bdi && (wb->bdi->capabilities & BDI_CAP_WRITEBACK)) wb_wakeup_delayed(wb); + + spin_unlock(&wb->list_lock); + spin_unlock(&inode->i_lock); + trace_writeback_dirty_inode_enqueue(inode); ``` The fix ensures that `wb_wakeup_delayed()` is called while still holding the locks, preventing the wb from being freed during the operation. This is a classic lock ordering fix with minimal code change (just moving 3 lines). ### 4. **Critical Subsystem** The writeback subsystem is fundamental to filesystem operations - it handles dirty page writeback, inode management, and I/O scheduling. A use-after-free here can lead to: - System crashes/panics - Data corruption - Security vulnerabilities (potential for exploitation) ### 5. **Matches Stable Criteria** This fix perfectly aligns with stable kernel rules: - **Fixes a real bug**: Documented use-after-free with crash trace - **Already upstream**: Has been reviewed by Jan Kara (filesystem maintainer) and merged by Christian Brauner - **Small change**: Only 6 lines moved, no new logic - **No new features**: Pure bug fix - **Low regression risk**: Simply extends existing lock protection slightly ### 6. **Similar Historical Fixes** The git history shows multiple similar use-after-free fixes in this subsystem have been backported: - `f87904c07551` - writeback: avoid use-after-free after removing device - `8e00c4e9dd85` - writeback: fix use-after-free in finish_writeback_work() - `614a4e377314` - writeback, cgroup: fix premature wb_put() ### 7. **CONFIG_CGROUP_WRITEBACK Dependency** While this bug primarily affects systems with `CONFIG_CGROUP_WRITEBACK` enabled (used for cgroup-aware writeback), this is a common configuration in modern distributions, especially those using cgroups v2 for container workloads. ### 8. **No Side Effects** The change has no functional side effects beyond fixing the race: - The trace event still fires at the same logical point - The wb_wakeup_delayed() still executes under the same conditions - Only the lock hold duration is slightly extended to cover the wb access This is a textbook example of a commit that should be backported to stable kernels - it fixes a serious bug with minimal, well-understood changes in a critical subsystem. fs/fs-writeback.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index cc57367fb641..a07b8cf73ae2 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -2608,10 +2608,6 @@ void __mark_inode_dirty(struct inode *inode, int flags) wakeup_bdi = inode_io_list_move_locked(inode, wb, dirty_list); - spin_unlock(&wb->list_lock); - spin_unlock(&inode->i_lock); - trace_writeback_dirty_inode_enqueue(inode); - /* * If this is the first dirty inode for this bdi, * we have to wake-up the corresponding bdi thread @@ -2621,6 +2617,11 @@ void __mark_inode_dirty(struct inode *inode, int flags) if (wakeup_bdi && (wb->bdi->capabilities & BDI_CAP_WRITEBACK)) wb_wakeup_delayed(wb); + + spin_unlock(&wb->list_lock); + spin_unlock(&inode->i_lock); + trace_writeback_dirty_inode_enqueue(inode); + return; } } -- 2.50.1

3 weeks, 5 days

1
10
0 0

FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082517-crazily-renewed-62e6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001 From: Tianxiang Peng <txpeng(a)tencent.com> Date: Mon, 23 Jun 2025 17:31:53 +0800 Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale. Add the missing resctrl_cpu_detect() in the Hygon BSP init helper. [ bp: Massage commit message. ] Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Hui Li <caelli(a)tencent.com> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c index 2154f12766fb..1fda6c3a2b65 100644 --- a/arch/x86/kernel/cpu/hygon.c +++ b/arch/x86/kernel/cpu/hygon.c @@ -16,6 +16,7 @@ #include <asm/spec-ctrl.h> #include <asm/delay.h> #include <asm/msr.h> +#include <asm/resctrl.h> #include "cpu.h" @@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c) x86_amd_ls_cfg_ssbd_mask = 1ULL << 10; } } + + resctrl_cpu_detect(c); } static void early_init_hygon(struct cpuinfo_x86 *c)

3 weeks, 5 days

2
1
0 0

[PATCH] EDAC: altera: Delete an inappropriate dma_free_coherent() call in altr_sdr_mc_err_inject_write()

by Salah Triki

`dma_free_coherent()` must only be called if the corresponding `dma_alloc_coherent()` call has succeeded. Calling it when the allocation fails leads to undefined behavior. Add a check to ensure that the memory is only freed when the allocation was successful. Signed-off-by: Salah Triki <salah.triki(a)gmail.com> Fixes: 71bcada88b0f3 ("edac: altera: Add Altera SDRAM EDAC support") Cc: Markus Elfring <Markus.Elfring(a)web.de> Cc: Dinh Nguyen <dinguyen(a)kernel.org> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Tony Luck <tony.luck(a)intel.com> Cc: James Morse <james.morse(a)arm.com> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: Robert Richter <rric(a)kernel.org> Cc: linux-edac(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- drivers/edac/altera_edac.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index cae52c654a15..7685a8550d4b 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -128,7 +128,6 @@ static ssize_t altr_sdr_mc_err_inject_write(struct file *file, ptemp = dma_alloc_coherent(mci->pdev, 16, &dma_handle, GFP_KERNEL); if (!ptemp) { - dma_free_coherent(mci->pdev, 16, ptemp, dma_handle); edac_printk(KERN_ERR, EDAC_MC, "Inject: Buffer Allocation error\n"); return -ENOMEM; -- 2.43.0

3 weeks, 5 days

4
3
0 0

FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082517-cramp-prissy-ebff@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001 From: Tianxiang Peng <txpeng(a)tencent.com> Date: Mon, 23 Jun 2025 17:31:53 +0800 Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale. Add the missing resctrl_cpu_detect() in the Hygon BSP init helper. [ bp: Massage commit message. ] Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Hui Li <caelli(a)tencent.com> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c index 2154f12766fb..1fda6c3a2b65 100644 --- a/arch/x86/kernel/cpu/hygon.c +++ b/arch/x86/kernel/cpu/hygon.c @@ -16,6 +16,7 @@ #include <asm/spec-ctrl.h> #include <asm/delay.h> #include <asm/msr.h> +#include <asm/resctrl.h> #include "cpu.h" @@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c) x86_amd_ls_cfg_ssbd_mask = 1ULL << 10; } } + + resctrl_cpu_detect(c); } static void early_init_hygon(struct cpuinfo_x86 *c)

3 weeks, 5 days

2
1
0 0

FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082516-wikipedia-entitle-8772@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001 From: Tianxiang Peng <txpeng(a)tencent.com> Date: Mon, 23 Jun 2025 17:31:53 +0800 Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale. Add the missing resctrl_cpu_detect() in the Hygon BSP init helper. [ bp: Massage commit message. ] Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Hui Li <caelli(a)tencent.com> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c index 2154f12766fb..1fda6c3a2b65 100644 --- a/arch/x86/kernel/cpu/hygon.c +++ b/arch/x86/kernel/cpu/hygon.c @@ -16,6 +16,7 @@ #include <asm/spec-ctrl.h> #include <asm/delay.h> #include <asm/msr.h> +#include <asm/resctrl.h> #include "cpu.h" @@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c) x86_amd_ls_cfg_ssbd_mask = 1ULL << 10; } } + + resctrl_cpu_detect(c); } static void early_init_hygon(struct cpuinfo_x86 *c)

3 weeks, 5 days

2
1
0 0

[PATCH v9] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail when BT_EN is pulled up by hw

by Shuai Zhang

When the host actively triggers SSR and collects coredump data, the Bluetooth stack sends a reset command to the controller. However, due to the inability to clear the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED bits, the reset command times out. To address this, this patch clears the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED flags and adds a 50ms delay after SSR, but only when HCI_QUIRK_NON_PERSISTENT_SETUP is not set. This ensures the controller completes the SSR process when BT_EN is always high due to hardware. For the purpose of HCI_QUIRK_NON_PERSISTENT_SETUP, please refer to the comment in `include/net/bluetooth/hci.h`. The HCI_QUIRK_NON_PERSISTENT_SETUP quirk is associated with BT_EN, and its presence can be used to determine whether BT_EN is defined in DTS. After SSR, host will not download the firmware, causing controller to remain in the IBS_WAKE state. Host needs to synchronize with the controller to maintain proper operation. Multiple triggers of SSR only first generate coredump file, due to memcoredump_flag no clear. add clear coredump flag when ssr completed. When the SSR duration exceeds 2 seconds, it triggers host tx_idle_timeout, which sets host TX state to sleep. due to the hardware pulling up bt_en, the firmware is not downloaded after the SSR. As a result, the controller does not enter sleep mode. Consequently, when the host sends a command afterward, it sends 0xFD to the controller, but the controller does not respond, leading to a command timeout. So reset tx_idle_timer after SSR to prevent host enter TX IBS_Sleep mode. --- Changes since v6-7: - Merge the changes into a single patch. - Update commit. Changes since v1-5: - Add an explanation for HCI_QUIRK_NON_PERSISTENT_SETUP. - Add commments for msleep(50). - Update format and commit. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> --- drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 4cff4d9be..97aaf4985 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1653,6 +1653,39 @@ static void qca_hw_error(struct hci_dev *hdev, u8 code) skb_queue_purge(&qca->rx_memdump_q); } + /* + * If the BT chip's bt_en pin is connected to a 3.3V power supply via + * hardware and always stays high, driver cannot control the bt_en pin. + * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and + * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset + * command timeout. + * Add an msleep delay to ensure controller completes the SSR process. + * + * Host will not download the firmware after SSR, controller to remain + * in the IBS_WAKE state, and the host needs to synchronize with it + * + * Since the bluetooth chip has been reset, clear the memdump state. + */ + if (!test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) { + /* + * When the SSR (SubSystem Restart) duration exceeds 2 seconds, + * it triggers host tx_idle_delay, which sets host TX state + * to sleep. Reset tx_idle_timer after SSR to prevent + * host enter TX IBS_Sleep mode. + */ + mod_timer(&qca->tx_idle_timer, jiffies + + msecs_to_jiffies(qca->tx_idle_delay)); + + /* Controller reset completion time is 50ms */ + msleep(50); + + clear_bit(QCA_SSR_TRIGGERED, &qca->flags); + clear_bit(QCA_IBS_DISABLED, &qca->flags); + + qca->tx_ibs_state = HCI_IBS_TX_AWAKE; + qca->memdump_state = QCA_MEMDUMP_IDLE; + } + clear_bit(QCA_HW_ERROR_EVENT, &qca->flags); } -- 2.34.1

3 weeks, 5 days

2
1
0 0

[PATCH] platform/x86/amd: hfi: Fix pcct_tbl leak in amd_hfi_metadata_parser()

by Zhen Ni

Fix a permanent ACPI table memory leak when amd_hfi_metadata_parser() fails due to invalid PCCT table length or memory allocation errors. Fixes: d4e95ea7a78e ("platform/x86: hfi: Parse CPU core ranking data from shared memory") Cc: stable(a)vger.kernel.org Signed-off-by: Zhen Ni <zhen.ni(a)easystack.cn> --- drivers/platform/x86/amd/hfi/hfi.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/platform/x86/amd/hfi/hfi.c b/drivers/platform/x86/amd/hfi/hfi.c index 4f56149b3774..a465ac6f607e 100644 --- a/drivers/platform/x86/amd/hfi/hfi.c +++ b/drivers/platform/x86/amd/hfi/hfi.c @@ -385,12 +385,16 @@ static int amd_hfi_metadata_parser(struct platform_device *pdev, amd_hfi_data->pcct_entry = pcct_entry; pcct_ext = (struct acpi_pcct_ext_pcc_slave *)pcct_entry; - if (pcct_ext->length <= 0) - return -EINVAL; + if (pcct_ext->length <= 0) { + ret = -EINVAL; + goto out; + } amd_hfi_data->shmem = devm_kzalloc(amd_hfi_data->dev, pcct_ext->length, GFP_KERNEL); - if (!amd_hfi_data->shmem) - return -ENOMEM; + if (!amd_hfi_data->shmem) { + ret = -ENOMEM; + goto out; + } pcc_chan->shmem_base_addr = pcct_ext->base_address; pcc_chan->shmem_size = pcct_ext->length; @@ -398,6 +402,8 @@ static int amd_hfi_metadata_parser(struct platform_device *pdev, /* parse the shared memory info from the PCCT table */ ret = amd_hfi_fill_metadata(amd_hfi_data); +out: + /* Don't leak any ACPI memory */ acpi_put_table(pcct_tbl); return ret; -- 2.20.1

3 weeks, 5 days

3
2
0 0

[PATCH 1/3] ASoC: qcom: audioreach: fix potential null pointer dereference

by Srinivas Kandagatla

It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL check so that we do not dereference it. Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Fixes: 36ad9bf1d93d ("ASoC: qdsp6: audioreach: add topology support") Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/qcom/qdsp6/topology.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/qcom/qdsp6/topology.c b/sound/soc/qcom/qdsp6/topology.c index ec51fabd98cb..c2226ed5164f 100644 --- a/sound/soc/qcom/qdsp6/topology.c +++ b/sound/soc/qcom/qdsp6/topology.c @@ -607,8 +607,8 @@ static int audioreach_widget_load_module_common(struct snd_soc_component *compon return PTR_ERR(cont); mod = audioreach_parse_common_tokens(apm, cont, &tplg_w->priv, w); - if (IS_ERR(mod)) - return PTR_ERR(mod); + if (IS_ERR_OR_NULL(mod)) + return mod ? PTR_ERR(mod) : -ENODEV; mod->data = audioreach_get_module_priv_data(&tplg_w->priv); -- 2.50.0

3 weeks, 5 days

1
0
0 0

[PATCH] intel_idle: fix ACPI _CST matching for newer Xeon platforms

by Weilin Tong

From: Artem Bityutskiy <artem.bityutskiy(a)linux.intel.com> ANBZ: #11599 commit 4c411cca33cf1c21946b710b2eb59aca9f646703 upstream. Background ~~~~~~~~~~ The driver uses 'use_acpi = true' in C-state custom table for all Xeon platforms. The meaning of this flag is as follows. 1. If a C-state from the custom table is defined in ACPI _CST (matched by the mwait hint), then enable this C-state. 2. Otherwise, disable this C-state, unless the C-sate definition in the custom table has the 'CPUIDLE_FLAG_ALWAYS_ENABLE' flag set, in which case enabled it. The goal is to honor BIOS C6 settings - If BIOS disables C6, disable it by default in the OS too (but it can be enabled via sysfs). This works well on Xeons that expose only one flavor of C6. This are all Xeons except for the newest Granite Rapids (GNR) and Sierra Forest (SRF). The problem ~~~~~~~~~~~ GNR and SRF have 2 flavors of C6: C6/C6P on GNR, C6S/C6SP on SRF. The the "P" flavor allows for the package C6, while the "non-P" flavor allows only for core/module C6. As far as this patch is concerned, both GNR and SRF platforms are handled the same way. Therefore, further discussion is focused on GNR, but it applies to SRF as well. On Intel Xeon platforms, BIOS exposes only 2 ACPI C-states: C1 and C2. Well, depending on BIOS settings, C2 may be named as C3. But there still will be only 2 states - C1 and C3. But this is a non-essential detail, so further discussion is focused on the ACPI C1 and C2 case. On pre-GNR/SRF Xeon platforms, ACPI C1 is mapped to C1 or C1E, and ACPI C2 is mapped to C6. The 'use_acpi' flag works just fine: * If ACPI C2 enabled, enable C6. * Otherwise, disable C6. However, on GNR there are 2 flavors of C6, so BIOS maps ACPI C2 to either C6 or C6P, depending on the user settings. As a result, due to the 'use_acpi' flag, 'intel_idle' disables least one of the C6 flavors. BIOS | OS | Verdict ----------------------------------------------------|--------- ACPI C2 disabled | C6 disabled, C6P disabled | OK ACPI C2 mapped to C6 | C6 enabled, C6P disabled | Not OK ACPI C2 mapped to C6P | C6 disabled, C6P enabled | Not OK The goal of 'use_acpi' is to honor BIOS ACPI C2 disabled case, which works fine. But if ACPI C2 is enabled, the goal is to enable all flavors of C6, not just one of the flavors. This was overlooked when enabling GNR/SRF platforms. In other words, before GNR/SRF, the ACPI C2 status was binary - enabled or disabled. But it is not binary on GNR/SRF, however the goal is to continue treat it as binary. The fix ~~~~~~~ Notice, that current algorithm matches ACPI and custom table C-states by the mwait hint. However, mwait hint consists of the 'state' and 'sub-state' parts, and all C6 flavors have the same state value of 0x20, but different sub-state values. Introduce new C-state table flag - CPUIDLE_FLAG_PARTIAL_HINT_MATCH and add it to both C6 flavors of the GNR/SRF platforms. When matching ACPI _CST and custom table C-states, match only the start part if the C-state has CPUIDLE_FLAG_PARTIAL_HINT_MATCH, other wise match both state and sub-state parts (as before). With this fix, GNR C-states enabled/disabled status looks like this. BIOS | OS ---------------------------------------------------- ACPI C2 disabled | C6 disabled, C6P disabled ACPI C2 mapped to C6 | C6 enabled, C6P enabled ACPI C2 mapped to C6P | C6 enabled, C6P enabled Possible alternative ~~~~~~~~~~~~~~~~~~~~ The alternative would be to remove 'use_acpi' flag for GNR and SRF. This would be a simpler solution, but it would violate the principle of least surprise - users of Xeon platforms are used to the fact that intel_idle honors C6 enabled/disabled flag. It is more consistent user experience if GNR/SRF continue doing so. How tested ~~~~~~~~~~ Tested on GNR and SRF platform with all the 3 BIOS configurations: ACPI C2 disabled, mapped to C6/C6S, mapped to C6P/C6SP. Tested on Ice lake Xeon and Sapphire Rapids Xeon platforms with ACPI C2 enabled and disabled, just to verify that the patch does not break older Xeons. Intel-SIG: Intel-SIG: commit 4c411cca33cf intel_idle: fix ACPI _CST matching for newer Xeon platforms. Backport intel_idle GNR and SRF fix Fixes: 92813fd5b156 ("intel_idle: add Sierra Forest SoC support") Fixes: 370406bf5738 ("intel_idle: add Granite Rapids Xeon support") Cc: 6.8+ <stable(a)vger.kernel.org> # 6.8+ Signed-off-by: Artem Bityutskiy <artem.bityutskiy(a)linux.intel.com> Link: https://patch.msgid.link/20240913165143.4140073-1-dedekind1@gmail.com [ rjw: Changelog edits ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> [ Yingbao Jia: amend commit log ] Signed-off-by: Yingbao Jia <yingbao.jia(a)intel.com> Reviewed-by: Artie Ding <artie.ding(a)linux.alibaba.com> Link: https://gitee.com/anolis/cloud-kernel/pulls/4057 --- drivers/idle/intel_idle.c | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c index 3f216160f19c..783545ff98af 100644 --- a/drivers/idle/intel_idle.c +++ b/drivers/idle/intel_idle.c @@ -120,6 +120,12 @@ static unsigned int mwait_substates __initdata; */ #define CPUIDLE_FLAG_INIT_XSTATE BIT(17) +/* + * Ignore the sub-state when matching mwait hints between the ACPI _CST and + * custom tables. + */ +#define CPUIDLE_FLAG_PARTIAL_HINT_MATCH BIT(18) + /* * MWAIT takes an 8-bit "hint" in EAX "suggesting" * the C-state (top nibble) and sub-state (bottom nibble) @@ -880,7 +886,8 @@ static struct cpuidle_state gnr_cstates[] __initdata = { .name = "C6", .desc = "MWAIT 0x20", .flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED | - CPUIDLE_FLAG_INIT_XSTATE, + CPUIDLE_FLAG_INIT_XSTATE | + CPUIDLE_FLAG_PARTIAL_HINT_MATCH, .exit_latency = 170, .target_residency = 650, .enter = &intel_idle, @@ -889,7 +896,8 @@ static struct cpuidle_state gnr_cstates[] __initdata = { .name = "C6P", .desc = "MWAIT 0x21", .flags = MWAIT2flg(0x21) | CPUIDLE_FLAG_TLB_FLUSHED | - CPUIDLE_FLAG_INIT_XSTATE, + CPUIDLE_FLAG_INIT_XSTATE | + CPUIDLE_FLAG_PARTIAL_HINT_MATCH, .exit_latency = 210, .target_residency = 1000, .enter = &intel_idle, @@ -1162,7 +1170,8 @@ static struct cpuidle_state srf_cstates[] __initdata = { { .name = "C6S", .desc = "MWAIT 0x22", - .flags = MWAIT2flg(0x22) | CPUIDLE_FLAG_TLB_FLUSHED, + .flags = MWAIT2flg(0x22) | CPUIDLE_FLAG_TLB_FLUSHED | + CPUIDLE_FLAG_PARTIAL_HINT_MATCH, .exit_latency = 270, .target_residency = 700, .enter = &intel_idle, @@ -1170,7 +1179,8 @@ static struct cpuidle_state srf_cstates[] __initdata = { { .name = "C6SP", .desc = "MWAIT 0x23", - .flags = MWAIT2flg(0x23) | CPUIDLE_FLAG_TLB_FLUSHED, + .flags = MWAIT2flg(0x23) | CPUIDLE_FLAG_TLB_FLUSHED | + CPUIDLE_FLAG_PARTIAL_HINT_MATCH, .exit_latency = 310, .target_residency = 900, .enter = &intel_idle, @@ -1519,7 +1529,7 @@ static void __init intel_idle_init_cstates_acpi(struct cpuidle_driver *drv) } } -static bool __init intel_idle_off_by_default(u32 mwait_hint) +static bool __init intel_idle_off_by_default(unsigned int flags, u32 mwait_hint) { int cstate, limit; @@ -1536,7 +1546,15 @@ static bool __init intel_idle_off_by_default(u32 mwait_hint) * the interesting states are ACPI_CSTATE_FFH. */ for (cstate = 1; cstate < limit; cstate++) { - if (acpi_state_table.states[cstate].address == mwait_hint) + u32 acpi_hint = acpi_state_table.states[cstate].address; + u32 table_hint = mwait_hint; + + if (flags & CPUIDLE_FLAG_PARTIAL_HINT_MATCH) { + acpi_hint &= ~MWAIT_SUBSTATE_MASK; + table_hint &= ~MWAIT_SUBSTATE_MASK; + } + + if (acpi_hint == table_hint) return false; } return true; @@ -1546,7 +1564,10 @@ static bool __init intel_idle_off_by_default(u32 mwait_hint) static inline bool intel_idle_acpi_cst_extract(void) { return false; } static inline void intel_idle_init_cstates_acpi(struct cpuidle_driver *drv) { } -static inline bool intel_idle_off_by_default(u32 mwait_hint) { return false; } +static inline bool intel_idle_off_by_default(unsigned int flags, u32 mwait_hint) +{ + return false; +} #endif /* !CONFIG_ACPI_PROCESSOR_CSTATE */ /** @@ -1833,7 +1854,7 @@ static void __init intel_idle_init_cstates_icpu(struct cpuidle_driver *drv) if ((disabled_states_mask & BIT(drv->state_count)) || ((icpu->use_acpi || force_use_acpi) && - intel_idle_off_by_default(mwait_hint) && + intel_idle_off_by_default(state->flags, mwait_hint) && !(state->flags & CPUIDLE_FLAG_ALWAYS_ENABLE))) state->flags |= CPUIDLE_FLAG_OFF; -- 2.43.5

3 weeks, 5 days

1
0
0 0

FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082518-attest-grit-8063@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001 From: Tianxiang Peng <txpeng(a)tencent.com> Date: Mon, 23 Jun 2025 17:31:53 +0800 Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale. Add the missing resctrl_cpu_detect() in the Hygon BSP init helper. [ bp: Massage commit message. ] Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Hui Li <caelli(a)tencent.com> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c index 2154f12766fb..1fda6c3a2b65 100644 --- a/arch/x86/kernel/cpu/hygon.c +++ b/arch/x86/kernel/cpu/hygon.c @@ -16,6 +16,7 @@ #include <asm/spec-ctrl.h> #include <asm/delay.h> #include <asm/msr.h> +#include <asm/resctrl.h> #include "cpu.h" @@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c) x86_amd_ls_cfg_ssbd_mask = 1ULL << 10; } } + + resctrl_cpu_detect(c); } static void early_init_hygon(struct cpuinfo_x86 *c)

3 weeks, 5 days

2
1
0 0

FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082516-casually-shaping-7c9a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001 From: Tianxiang Peng <txpeng(a)tencent.com> Date: Mon, 23 Jun 2025 17:31:53 +0800 Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU initialization code to the vendor-specific BSP init helper, while Hygon didn't put that call in their code. This triggers a division by zero fault during early booting stage on our machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale. Add the missing resctrl_cpu_detect() in the Hygon BSP init helper. [ bp: Massage commit message. ] Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Hui Li <caelli(a)tencent.com> Cc: <stable(a)kernel.org> Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c index 2154f12766fb..1fda6c3a2b65 100644 --- a/arch/x86/kernel/cpu/hygon.c +++ b/arch/x86/kernel/cpu/hygon.c @@ -16,6 +16,7 @@ #include <asm/spec-ctrl.h> #include <asm/delay.h> #include <asm/msr.h> +#include <asm/resctrl.h> #include "cpu.h" @@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c) x86_amd_ls_cfg_ssbd_mask = 1ULL << 10; } } + + resctrl_cpu_detect(c); } static void early_init_hygon(struct cpuinfo_x86 *c)

3 weeks, 5 days

2
1
0 0

[PATCH v2] wifi: mwifiex: use kcalloc to apply for chan_stats

by Qianfeng Rong

Use kcalloc to allocate 'adapter->chan_stats' memory (max 900 bytes) instead of vmalloc for efficiency and zero-initialize it for security per Dan Carpenter's suggestion. Cc: stable(a)vger.kernel.org Fixes: bf35443314ac ("mwifiex: channel statistics support for mwifiex") Suggested-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Qianfeng Rong <rongqianfeng(a)vivo.com> --- v2: Change vmalloc_array/vfree to kcalloc/kfree. --- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 5 +++-- drivers/net/wireless/marvell/mwifiex/main.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c index 3498743d5ec0..4c8c7a5fdf23 100644 --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c @@ -4673,8 +4673,9 @@ int mwifiex_init_channel_scan_gap(struct mwifiex_adapter *adapter) * additional active scan request for hidden SSIDs on passive channels. */ adapter->num_in_chan_stats = 2 * (n_channels_bg + n_channels_a); - adapter->chan_stats = vmalloc(array_size(sizeof(*adapter->chan_stats), - adapter->num_in_chan_stats)); + adapter->chan_stats = kcalloc(adapter->num_in_chan_stats, + sizeof(*adapter->chan_stats), + GFP_KERNEL); if (!adapter->chan_stats) return -ENOMEM; diff --git a/drivers/net/wireless/marvell/mwifiex/main.c b/drivers/net/wireless/marvell/mwifiex/main.c index 7b50a88a18e5..1ec069bc8ea1 100644 --- a/drivers/net/wireless/marvell/mwifiex/main.c +++ b/drivers/net/wireless/marvell/mwifiex/main.c @@ -642,7 +642,7 @@ static int _mwifiex_fw_dpc(const struct firmware *firmware, void *context) goto done; err_add_intf: - vfree(adapter->chan_stats); + kfree(adapter->chan_stats); err_init_chan_scan: wiphy_unregister(adapter->wiphy); wiphy_free(adapter->wiphy); @@ -1485,7 +1485,7 @@ static void mwifiex_uninit_sw(struct mwifiex_adapter *adapter) wiphy_free(adapter->wiphy); adapter->wiphy = NULL; - vfree(adapter->chan_stats); + kfree(adapter->chan_stats); mwifiex_free_cmd_buffers(adapter); } -- 2.34.1

3 weeks, 5 days

4
5
0 0

[REGRESSION][STABLE] ext4: too many credits wanted / file system issue in v6.16.1

by Christian Heusel

Hello everyone, the systemd CI has [recently noticed][0] an issue within the ext4 file system after the Arch Linux kernel was upgraded to 6.16.1. The issue is exclusive to the stable tree and does not occur on 6.16 and not on 6.17-rc2. I have also tested 6.16.2-rc1 and it still contains the bug. I was able to bisect the issue between 6.16 and 6.16.1 to the following commit: b9c561f3f29c2 ("ext4: fix insufficient credits calculation in ext4_meta_trans_blocks()") The issue can be reproduced by running the tests from [TEST-58-REPART.sh][1] by running the [systemd integration tests][2]. But if there are any suggestions I can also test myself as the initial setup for the integration tests is a bit involved. It is not yet clear to me whether this has real-world impact besides the test, but the systemd devs said that it's not a particularily demanding workflow, so I guess it is expected to work and could cause issues on other systems too. Also does anybody have an idea which backport could be missing? Cheers, Chris [0]: https://github.com/systemd/systemd/actions/runs/17053272497/job/48345703316… [1]: https://github.com/systemd/systemd/blob/main/test/units/TEST-58-REPART.sh [2]: https://github.com/systemd/systemd/blob/main/test/integration-tests/README.… --- #regzbot introduced: b9c561f3f29c2 #regzbot title: [STABLE] ext4: too many credits wanted / file system issue in v6.16.1 #regzbot link: https://github.com/systemd/systemd/actions/runs/17053272497/job/48345703316… --- git bisect start # status: waiting for both good and bad commits # good: [038d61fd642278bab63ee8ef722c50d10ab01e8f] Linux 6.16 git bisect good 038d61fd642278bab63ee8ef722c50d10ab01e8f # status: waiting for bad commit, 1 good commit known # bad: [3e0969c9a8c57ff3c6139c084673ebedfc1cf14f] Linux 6.16.1 git bisect bad 3e0969c9a8c57ff3c6139c084673ebedfc1cf14f # good: [288f1562e3f6af6d9b461eba49e75c84afa1b92c] media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check git bisect good 288f1562e3f6af6d9b461eba49e75c84afa1b92c # bad: [f427460a1586c2e0865f9326b71ed6e5a0f404f2] f2fs: turn off one_time when forcibly set to foreground GC git bisect bad f427460a1586c2e0865f9326b71ed6e5a0f404f2 # bad: [5f57327f41a5bbb85ea382bc389126dd7b8f2d7b] scsi: elx: efct: Fix dma_unmap_sg() nents value git bisect bad 5f57327f41a5bbb85ea382bc389126dd7b8f2d7b # good: [9143c604415328d5dcd4d37b8adab8417afcdd21] leds: pca955x: Avoid potential overflow when filling default_label (take 2) git bisect good 9143c604415328d5dcd4d37b8adab8417afcdd21 # good: [9c4f20b7ac700e4b4377f85e36165a4f6ca85995] RDMA/hns: Fix accessing uninitialized resources git bisect good 9c4f20b7ac700e4b4377f85e36165a4f6ca85995 # good: [0b21d1962bec2e660c22c4c4231430f97163dcf8] perf tests bp_account: Fix leaked file descriptor git bisect good 0b21d1962bec2e660c22c4c4231430f97163dcf8 # good: [3dbe96d5481acd40d6090f174d2be8433d88716d] clk: thead: th1520-ap: Correctly refer the parent of osc_12m git bisect good 3dbe96d5481acd40d6090f174d2be8433d88716d # bad: [c6714f30ef88096a8da9fcafb6034dc4e9aa467d] clk: sunxi-ng: v3s: Fix de clock definition git bisect bad c6714f30ef88096a8da9fcafb6034dc4e9aa467d # bad: [b9c561f3f29c2d6e1c1d3ffc202910bef250b7d8] ext4: fix insufficient credits calculation in ext4_meta_trans_blocks() git bisect bad b9c561f3f29c2d6e1c1d3ffc202910bef250b7d8 # first bad commit: [b9c561f3f29c2d6e1c1d3ffc202910bef250b7d8] ext4: fix insufficient credits calculation in ext4_meta_trans_blocks()

3 weeks, 5 days

3
3
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) ‘struct platform_driver’ has no member named ‘remove_new’; did you...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- ‘struct platform_driver’ has no member named ‘remove_new’; did you mean ‘remove’? in drivers/usb/musb/omap2430.o (drivers/usb/musb/omap2430.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:67bf95f2502a816345830c2bfb96f4a8950ce208 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 10b6e479487675365bd106d20fb7dbeec6fb4f60 Log excerpt: ===================================================== drivers/usb/musb/omap2430.c:514:10: error: ‘struct platform_driver’ has no member named ‘remove_new’; did you mean ‘remove’? 514 | .remove_new = omap2430_remove, | ^~~~~~~~~~ | remove drivers/usb/musb/omap2430.c:514:27: error: initialization of ‘int (*)(struct platform_device *)’ from incompatible pointer type ‘void (*)(struct platform_device *)’ [-Werror=incompatible-pointer-types] 514 | .remove_new = omap2430_remove, | ^~~~~~~~~~~~~~~ drivers/usb/musb/omap2430.c:514:27: note: (near initialization for ‘omap2430_driver.remove’) cc1: some warnings being treated as errors ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:68aadff1233e484a3fad599c #kernelci issue maestro:67bf95f2502a816345830c2bfb96f4a8950ce208 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 weeks, 5 days

2
1
0 0

Linux 6.16.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.16.3 kernel. All users of the 6.16 kernel series that use the ext4 filesystem should upgrade. The updated 6.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 fs/ext4/ext4.h | 2 fs/ext4/extents.c | 6 fs/ext4/inline.c | 6 fs/ext4/inode.c | 323 +++++++++++++++++++++++++++----------------- fs/ext4/move_extent.c | 3 fs/ext4/xattr.c | 2 include/trace/events/ext4.h | 47 +++++- 8 files changed, 250 insertions(+), 141 deletions(-) Greg Kroah-Hartman (1): Linux 6.16.3 Zhang Yi (9): ext4: process folios writeback in bytes ext4: move the calculation of wbc->nr_to_write to mpage_folio_done() ext4: fix stale data if it bail out of the extents mapping loop ext4: refactor the block allocation process of ext4_page_mkwrite() ext4: restart handle if credits are insufficient during allocating blocks ext4: enhance tracepoints during the folios writeback ext4: correct the reserved credits for extent conversion ext4: reserved credits for one extent during the folio writeback ext4: replace ext4_writepage_trans_blocks()

3 weeks, 5 days

4
8
0 0

Re: Patch "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" has been added to the 5.4-stable tree

by Imre Deak

Hi Sasha, Greg and stable team, please don't backport this patch and drop it from the queues for the 5.4, 5.10, 5.15, 6.1, 6.6, 6.12, 6.16 stable trees. It causes an issue which is described at https://lore.kernel.org/stable/aGaiASySvb3BVXlM@ideak-desk I initially asked not to apply the patch to stable trees - and then it was dropped as I requested - but as I understand now it still got selected/queued automatically. Sorry for the trouble it caused, let me know if there's a better way to avoid auto selecting such patches for stable in the future (for one I can CC Sasha on such requests). Thanks, Imre On Sun, Aug 24, 2025 at 10:49:17AM +0200, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS > > to the 5.4-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-dp-change-aux-dpcd-probe-address-from-dpcd_rev-to-lane0_1_status.patch > and it can be found in the queue-5.4 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > From stable+bounces-172609-greg=kroah.com(a)vger.kernel.org Sat Aug 23 16:46:09 2025 > From: Sasha Levin <sashal(a)kernel.org> > Date: Sat, 23 Aug 2025 10:44:36 -0400 > Subject: drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS > To: stable(a)vger.kernel.org > Cc: "Imre Deak" <imre.deak(a)intel.com>, "Ville Syrjälä" <ville.syrjala(a)linux.intel.com>, "Jani Nikula" <jani.nikula(a)linux.intel.com>, "Jani Nikula" <jani.nikula(a)intel.com>, "Sasha Levin" <sashal(a)kernel.org> > Message-ID: <20250823144436.2255063-1-sashal(a)kernel.org> > > From: Imre Deak <imre.deak(a)intel.com> > > [ Upstream commit a40c5d727b8111b5db424a1e43e14a1dcce1e77f ] > > Reading DPCD registers has side-effects in general. In particular > accessing registers outside of the link training register range > (0x102-0x106, 0x202-0x207, 0x200c-0x200f, 0x2216) is explicitly > forbidden by the DP v2.1 Standard, see > > 3.6.5.1 DPTX AUX Transaction Handling Mandates > 3.6.7.4 128b/132b DP Link Layer LTTPR Link Training Mandates > > Based on my tests, accessing the DPCD_REV register during the link > training of an UHBR TBT DP tunnel sink leads to link training failures. > > Solve the above by using the DP_LANE0_1_STATUS (0x202) register for the > DPCD register access quirk. > > Cc: <stable(a)vger.kernel.org> > Cc: Ville SyrjÃ¤lÃ¤ <ville.syrjala(a)linux.intel.com> > Cc: Jani Nikula <jani.nikula(a)linux.intel.com> > Acked-by: Jani Nikula <jani.nikula(a)intel.com> > Signed-off-by: Imre Deak <imre.deak(a)intel.com> > Link: https://lore.kernel.org/r/20250605082850.65136-2-imre.deak@intel.com > [ Call to drm_dp_dpcd_access() instead of drm_dp_dpcd_probe() ] > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/gpu/drm/drm_dp_helper.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- a/drivers/gpu/drm/drm_dp_helper.c > +++ b/drivers/gpu/drm/drm_dp_helper.c > @@ -280,7 +280,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_a > * We just have to do it before any DPCD access and hope that the > * monitor doesn't power down exactly after the throw away read. > */ > - ret = drm_dp_dpcd_access(aux, DP_AUX_NATIVE_READ, DP_DPCD_REV, buffer, > + ret = drm_dp_dpcd_access(aux, DP_AUX_NATIVE_READ, DP_LANE0_1_STATUS, buffer, > 1); > if (ret != 1) > goto out; > > > Patches currently in stable-queue which might be from sashal(a)kernel.org are > > queue-5.4/bluetooth-smp-fix-using-hci_error_remote_user_term-o.patch > queue-5.4/pinctrl-stm32-manage-irq-affinity-settings.patch > queue-5.4/scsi-bfa-double-free-fix.patch > queue-5.4/scsi-libiscsi-initialize-iscsi_conn-dd_data-only-if-.patch > queue-5.4/f2fs-fix-to-avoid-out-of-boundary-access-in-devs.pat.patch > queue-5.4/net-ncsi-fix-buffer-overflow-in-fetching-version-id.patch > queue-5.4/tcp-fix-tcp_ofo_queue-to-avoid-including-too-much-du.patch > queue-5.4/kbuild-add-clang_flags-to-as-instr.patch > queue-5.4/watchdog-dw_wdt-fix-default-timeout.patch > queue-5.4/dmaengine-mv_xor-fix-missing-check-after-dma-map-and.patch > queue-5.4/usb-chipidea-udc-fix-sleeping-function-called-from-i.patch > queue-5.4/net-sched-restrict-conditions-for-adding-duplicating.patch > queue-5.4/drm-amdgpu-fix-incorrect-vm-flags-to-map-bo.patch > queue-5.4/pwm-mediatek-fix-duty-and-period-setting.patch > queue-5.4/ethernet-intel-fix-building-with-large-nr_cpus.patch > queue-5.4/usb-chipidea-udc-add-new-api-ci_hdrc_gadget_connect.patch > queue-5.4/hfsplus-remove-mutex_lock-check-in-hfsplus_free_exte.patch > queue-5.4/mmc-rtsx_usb_sdmmc-fix-error-path-in-sd_set_power_mo.patch > queue-5.4/net-thunderx-fix-format-truncation-warning-in-bgx_ac.patch > queue-5.4/cifs-fix-calling-cifsfindfirst-for-root-path-without.patch > queue-5.4/net-appletalk-fix-kerneldoc-warnings.patch > queue-5.4/comedi-fail-comedi_insnlist-ioctl-if-n_insns-is-too-large.patch > queue-5.4/media-usb-hdpvr-disable-zero-length-read-messages.patch > queue-5.4/media-tc358743-return-an-appropriate-colorspace-from.patch > queue-5.4/net-appletalk-fix-use-after-free-in-aarp-proxy-probe.patch > queue-5.4/rtc-hym8563-fix-incorrect-maximum-clock-rate-handlin.patch > queue-5.4/smb-client-let-recv_done-cleanup-before-notifying-th.patch > queue-5.4/rtc-pcf8563-fix-incorrect-maximum-clock-rate-handlin.patch > queue-5.4/pwm-mediatek-implement-.apply-callback.patch > queue-5.4/net-phy-smsc-add-proper-reset-flags-for-lan8710a.patch > queue-5.4/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_uni2a.patch > queue-5.4/s390-stp-remove-udelay-from-stp_sync_clock.patch > queue-5.4/bluetooth-fix-null-ptr-deref-in-l2cap_sock_resume_cb.patch > queue-5.4/m68k-don-t-unregister-boot-console-needlessly.patch > queue-5.4/net-ipv4-fix-incorrect-mtu-in-broadcast-routes.patch > queue-5.4/cpufreq-cppc-mark-driver-with-need_update_limits-fla.patch > queue-5.4/virtio-net-ensure-the-received-length-does-not-exceed-allocated-size.patch > queue-5.4/netpoll-prevent-hanging-napi-when-netcons-gets-enabl.patch > queue-5.4/fs-buffer-fix-use-after-free-when-call-bh_read-helpe.patch > queue-5.4/media-dvb-frontends-dib7090p-fix-null-ptr-deref-in-d.patch > queue-5.4/usb-hub-don-t-try-to-recover-devices-lost-during-warm-reset.patch > queue-5.4/samples-mei-fix-building-on-musl-libc.patch > queue-5.4/asoc-hdac_hdmi-rate-limit-logging-on-connection-and-.patch > queue-5.4/staging-nvec-fix-incorrect-null-termination-of-batte.patch > queue-5.4/media-dvb-frontends-w7090p-fix-null-ptr-deref-in-w70.patch > queue-5.4/bluetooth-smp-if-an-unallowed-command-is-received-co.patch > queue-5.4/usb-chipidea-add-usb-phy-event.patch > queue-5.4/pnfs-fix-uninited-ptr-deref-in-block-scsi-layout.patch > queue-5.4/net-vlan-replace-bug-with-warn_on_once-in-vlan_dev_-.patch > queue-5.4/crypto-img-hash-fix-dma_unmap_sg-nents-value.patch > queue-5.4/uapi-in6-restore-visibility-of-most-ipv6-socket-opti.patch > queue-5.4/arm-dts-imx6ul-kontron-bl-common-fix-rts-polarity-fo.patch > queue-5.4/hwrng-mtk-handle-devm_pm_runtime_enable-errors.patch > queue-5.4/wifi-iwlwifi-fix-memory-leak-in-iwl_mvm_init.patch > queue-5.4/mtd-fix-possible-integer-overflow-in-erase_xfer.patch > queue-5.4/tracing-add-down_write-trace_event_sem-when-adding-trace-event.patch > queue-5.4/drbd-add-missing-kref_get-in-handle_write_conflicts.patch > queue-5.4/netfilter-xt_nfacct-don-t-assume-acct-name-is-null-t.patch > queue-5.4/mips-include-kbuild_cppflags-in-checkflags-invocation.patch > queue-5.4/wifi-iwlwifi-mvm-fix-scan-request-validation.patch > queue-5.4/x86-mce-amd-add-default-names-for-mca-banks-and-blocks.patch > queue-5.4/usb-xhci-avoid-showing-errors-during-surprise-remova.patch > queue-5.4/wifi-iwlwifi-dvm-fix-potential-overflow-in-rs_fill_l.patch > queue-5.4/benet-fix-bug-when-creating-vfs.patch > queue-5.4/crypto-marvell-cesa-fix-engine-load-inaccuracy.patch > queue-5.4/pci-hotplug-pnv-php-wrap-warnings-in-macro.patch > queue-5.4/soundwire-stream-restore-params-when-prepare-ports-f.patch > queue-5.4/move_mount-allow-to-add-a-mount-into-an-existing-gro.patch > queue-5.4/ice-fix-a-null-pointer-dereference-in-ice_copy_and_init_pkg.patch > queue-5.4/arm64-handle-kcov-__init-vs-inline-mismatches.patch > queue-5.4/pci-pnv_php-work-around-switches-with-broken-presenc.patch > queue-5.4/thermal-sysfs-return-enodata-instead-of-eagain-for-r.patch > queue-5.4/kconfig-lxdialog-replace-strcpy-with-strncpy-in-inpu.patch > queue-5.4/kconfig-lxdialog-fix-space-to-de-select-options.patch > queue-5.4/hfs-fix-slab-out-of-bounds-in-hfs_bnode_read.patch > queue-5.4/et131x-add-missing-check-after-dma-map.patch > queue-5.4/asoc-codecs-rt5640-retry-device_id-verification.patch > queue-5.4/comedi-comedi_test-fix-possible-deletion-of-uninitialized-timers.patch > queue-5.4/usb-typec-fusb302-cache-pd-rx-state.patch > queue-5.4/gpio-tps65912-check-the-return-value-of-regmap_updat.patch > queue-5.4/pptp-fix-pptp_xmit-error-path.patch > queue-5.4/rcu-protect-defer_qs_iw_pending-from-data-race.patch > queue-5.4/mips-don-t-crash-in-stack_top-for-tasks-without-abi-.patch > queue-5.4/net-drop-ufo-packets-in-udp_rcv_segment.patch > queue-5.4/scsi-aacraid-stop-using-pci_irq_affinity.patch > queue-5.4/usb-chipidea-introduce-ci_hdrc_controller_vbus_event.patch > queue-5.4/serial-8250-fix-panic-due-to-pslverr.patch > queue-5.4/power-supply-max14577-handle-null-pdata-when-config_.patch > queue-5.4/kbuild-add-clang_flags-to-kbuild_cppflags.patch > queue-5.4/mm-zsmalloc.c-convert-to-use-kmem_cache_zalloc-in-cache_alloc_zspage.patch > queue-5.4/kconfig-gconf-fix-potential-memory-leak-in-renderer_.patch > queue-5.4/pnfs-fix-stripe-mapping-in-block-scsi-layout.patch > queue-5.4/fbdev-imxfb-check-fb_add_videomode-to-prevent-null-p.patch > queue-5.4/net-fec-allow-disable-coalescing.patch > queue-5.4/mtd-rawnand-atmel-fix-dma_mapping_error-address.patch > queue-5.4/net-dsa-b53-fix-ip_multicast_ctrl-on-bcm5325.patch > queue-5.4/pm-runtime-clear-power.needs_force_resume-in-pm_runt.patch > queue-5.4/hfsplus-don-t-use-bug_on-in-hfsplus_create_attribute.patch > queue-5.4/powerpc-512-fix-possible-dma_unmap_single-on-uniniti.patch > queue-5.4/crypto-qat-fix-seq_file-position-update-in-adf_ring_.patch > queue-5.4/media-uvcvideo-fix-bandwidth-issue-for-alcor-camera.patch > queue-5.4/jfs-truncate-good-inode-pages-when-hard-link-is-0.patch > queue-5.4/selftests-futex-define-sys_futex-on-32-bit-architect.patch > queue-5.4/nfs-fix-up-handling-of-outstanding-layoutcommit-in-nfs_update_inode.patch > queue-5.4/alsa-usb-audio-avoid-precedence-issues-in-mixer_quir.patch > queue-5.4/ext4-do-not-bug-when-inline_data_fl-lacks-system.dat.patch > queue-5.4/clk-sunxi-ng-v3s-fix-de-clock-definition.patch > queue-5.4/usb-xhci-print-xhci-xhc_state-when-queue_command-fai.patch > queue-5.4/be2net-use-correct-byte-order-and-format-string-for-.patch > queue-5.4/net-sched-return-null-when-htb_lookup_leaf-encounter.patch > queue-5.4/scsi-fix-sas_user_scan-to-handle-wildcard-and-multi-.patch > queue-5.4/pnfs-handle-rpc-size-limit-for-layoutcommits.patch > queue-5.4/mtd-rawnand-atmel-set-pmecc-data-setup-time.patch > queue-5.4/pm-sleep-console-fix-the-black-screen-issue.patch > queue-5.4/dmaengine-nbpfaxi-add-missing-check-after-dma-map.patch > queue-5.4/vrf-drop-existing-dst-reference-in-vrf_ip6_input_dst.patch > queue-5.4/wifi-rtl818x-kill-urbs-before-clearing-tx-status-que.patch > queue-5.4/pinctrl-sunxi-fix-memory-leak-on-krealloc-failure.patch > queue-5.4/ipmi-use-dev_warn_ratelimited-for-incorrect-message-.patch > queue-5.4/can-kvaser_pciefd-store-device-channel-index.patch > queue-5.4/nfs-fix-filehandle-bounds-checking-in-nfs_fh_to_dent.patch > queue-5.4/usb-dwc3-qcom-don-t-leave-bcr-asserted.patch > queue-5.4/udp-also-consider-secpath-when-evaluating-ipsec-use-.patch > queue-5.4/net-usbnet-avoid-potential-rcu-stall-on-link_change-event.patch > queue-5.4/drm-dp-change-aux-dpcd-probe-address-from-dpcd_rev-to-lane0_1_status.patch > queue-5.4/alsa-hda-ca0132-fix-buffer-overflow-in-add_tuning_co.patch > queue-5.4/selftests-tracing-use-mutex_unlock-for-testing-glob-.patch > queue-5.4/clk-davinci-add-null-check-in-davinci_lpsc_clk_regis.patch > queue-5.4/mm-kmemleak-turn-kmemleak_lock-and-object-lock-to-raw_spinlock_t.patch > queue-5.4/wifi-rtlwifi-fix-possible-skb-memory-leak-in-_rtl_pc.patch > queue-5.4/caif-reduce-stack-size-again.patch > queue-5.4/bpf-check-flow_dissector-ctx-accesses-are-aligned.patch > queue-5.4/usb-core-usb_submit_urb-downgrade-type-check.patch > queue-5.4/wifi-iwlwifi-fw-fix-possible-memory-leak-in-iwl_fw_d.patch > queue-5.4/wifi-cfg80211-reject-htc-bit-for-management-frames.patch > queue-5.4/udf-verify-partition-map-count.patch > queue-5.4/kbuild-update-assembler-calls-to-use-proper-flags-and-language-target.patch > queue-5.4/usb-xhci-avoid-showing-warnings-for-dying-controller.patch > queue-5.4/usb-hub-fix-detection-of-high-tier-usb3-devices-behind-suspended-hubs.patch > queue-5.4/bpf-ktls-fix-data-corruption-when-using-bpf_msg_pop_.patch > queue-5.4/iio-hid-sensor-prox-fix-incorrect-offset-calculation.patch > queue-5.4/pptp-ensure-minimal-skb-length-in-pptp_xmit.patch > queue-5.4/xhci-disable-stream-for-xhc-controller-with-xhci_broken_streams.patch > queue-5.4/rtc-ds1307-handle-oscillator-stop-flag-osf-for-ds1341.patch > queue-5.4/net-vlan-fix-vlan-0-refcount-imbalance-of-toggling-f.patch > queue-5.4/media-v4l2-ctrls-always-copy-the-controls-on-completion.patch > queue-5.4/media-tc358743-check-i2c-succeeded-during-probe.patch > queue-5.4/i3c-add-missing-include-to-internal-header.patch > queue-5.4/usb-chipidea-udc-protect-usb-interrupt-enable.patch > queue-5.4/mm-kmemleak-avoid-deadlock-by-moving-pr_warn-outside-kmemleak_lock.patch > queue-5.4/scsi-lpfc-remove-redundant-assignment-to-avoid-memor.patch > queue-5.4/selftests-rtnetlink.sh-remove-esp4_offload-after-tes.patch > queue-5.4/f2fs-fix-to-avoid-uaf-in-f2fs_sync_inode_meta.patch > queue-5.4/usb-hub-avoid-warm-port-reset-during-usb3-disconnect.patch > queue-5.4/nfsd-handle-get_client_locked-failure-in-nfsd4_setclientid_confirm.patch > queue-5.4/cpufreq-exit-governor-when-failed-to-start-old-gover.patch > queue-5.4/vmci-prevent-the-dispatching-of-uninitialized-payloa.patch > queue-5.4/mips-vpe-mt-add-missing-prototypes-for-vpe_-alloc-st.patch > queue-5.4/wifi-brcmfmac-fix-p2p-discovery-failure-in-p2p-peer-.patch > queue-5.4/asoc-soc-dapm-set-bias_level-if-snd_soc_dapm_set_bia.patch > queue-5.4/staging-fbtft-fix-potential-memory-leak-in-fbtft_fra.patch > queue-5.4/usb-phy-mxs-disconnect-line-when-usb-charger-is-atta.patch > queue-5.4/pci-acpi-fix-runtime-pm-ref-imbalance-on-hot-plug-capable-ports.patch > queue-5.4/media-rainshadow-cec-fix-toctou-race-condition-in-rain_interrupt.patch > queue-5.4/module-restore-the-moduleparam-prefix-length-check.patch > queue-5.4/f2fs-fix-to-avoid-out-of-boundary-access-in-dnode-page.patch > queue-5.4/usb-musb-omap2430-convert-to-platform-remove-callback-returning-void.patch > queue-5.4/pci-rockchip-host-fix-unexpected-completion-log-mess.patch > queue-5.4/usb-xhci-set-avg_trb_len-8-for-ep0-during-address-de.patch > queue-5.4/usb-cdc-acm-do-not-log-successful-probe-on-later-errors.patch > queue-5.4/hfsplus-fix-slab-out-of-bounds-in-hfsplus_bnode_read.patch > queue-5.4/net-sched-sch_qfq-avoid-triggering-might_sleep-in-at.patch > queue-5.4/acpi-apei-ghes-add-taint_machine_check-on-ghes-panic.patch > queue-5.4/net-dsa-b53-prevent-switch_ctrl-access-on-bcm5325.patch > queue-5.4/net-sched-sch_qfq-fix-race-condition-on-qfq_aggregat.patch > queue-5.4/perf-tests-bp_account-fix-leaked-file-descriptor.patch > queue-5.4/netfilter-nf_tables-adjust-lockdep-assertions-handli.patch > queue-5.4/hfs-fix-not-erasing-deleted-b-tree-node-issue.patch > queue-5.4/rtc-ds1307-remove-clear-of-oscillator-stop-flag-osf-.patch > queue-5.4/can-kvaser_usb-assign-netdev.dev_port-based-on-devic.patch > queue-5.4/arm-tegra-use-i-o-memcpy-to-write-to-iram.patch > queue-5.4/scsi-ibmvscsi_tgt-fix-dma_unmap_sg-nents-value.patch > queue-5.4/rdma-hfi1-fix-possible-divide-by-zero-in-find_hw_thr.patch > queue-5.4/pwm-mediatek-handle-hardware-enable-and-clock-enable-separately.patch > queue-5.4/jfs-upper-bound-check-of-tree-index-in-dballocag.patch > queue-5.4/alsa-hda-add-missing-nvidia-hda-codec-ids.patch > queue-5.4/bpftool-fix-memory-leak-in-dump_xx_nlmsg-on-realloc-.patch > queue-5.4/x86-fpu-delay-instruction-pointer-fixup-until-after-warning.patch > queue-5.4/usb-net-sierra-check-for-no-status-endpoint.patch > queue-5.4/drm-sched-remove-optimization-that-causes-hang-when-killing-dependent-jobs.patch > queue-5.4/revert-vmci-prevent-the-dispatching-of-uninitialized.patch > queue-5.4/ata-fix-sata_mobile_lpm_policy-description-in-kconfig.patch > queue-5.4/crypto-ccp-fix-crash-when-rebind-ccp-device-for-ccp..patch > queue-5.4/netfilter-ctnetlink-fix-refcount-leak-on-table-dump.patch > queue-5.4/fs-orangefs-allow-2-more-characters-in-do_c_string.patch > queue-5.4/pci-hotplug-pnv-php-improve-error-msg-on-power-state.patch > queue-5.4/btrfs-populate-otime-when-logging-an-inode-item.patch > queue-5.4/drm-amd-pm-powerplay-hwmgr-smu_helper-fix-order-of-m.patch > queue-5.4/bluetooth-l2cap-fix-attempting-to-adjust-outgoing-mt.patch > queue-5.4/ktest.pl-prevent-recursion-of-default-variable-optio.patch > queue-5.4/fs-orangefs-use-snprintf-instead-of-sprintf.patch > queue-5.4/ipv6-reject-malicious-packets-in-ipv6_gso_segment.patch > queue-5.4/nfsv4-fix-nfs4_bitmap_copy_adjust.patch > queue-5.4/scsi-isci-fix-dma_unmap_sg-nents-value.patch > queue-5.4/arch-powerpc-defconfig-drop-obsolete-config_net_cls_.patch > queue-5.4/net-dsa-b53-fix-b53_imp_vlan_setup-for-bcm5325.patch > queue-5.4/s390-time-use-monotonic-clock-in-get_cycles.patch > queue-5.4/asoc-intel-fix-snd_soc_sof-dependencies.patch > queue-5.4/f2fs-fix-to-do-sanity-check-on-ino-and-xnid.patch > queue-5.4/arm-9448-1-use-an-absolute-path-to-unified.h-in-kbuild_aflags.patch > queue-5.4/scsi-mvsas-fix-dma_unmap_sg-nents-value.patch > queue-5.4/media-venus-vdec-clamp-param-smaller-than-1fps-and-bigger-than-240.patch > queue-5.4/kbuild-add-kbuild_cppflags-to-as-option-invocation.patch > queue-5.4/pnfs-fix-disk-addr-range-check-in-block-scsi-layout.patch > queue-5.4/wifi-iwlegacy-check-rate_idx-range-after-addition.patch > queue-5.4/jfs-regular-file-corruption-check.patch > queue-5.4/usb-musb-fix-gadget-state-on-disconnect.patch > queue-5.4/kconfig-gconf-avoid-hardcoding-model2-in-on_treeview.patch > queue-5.4/pps-fix-poll-support.patch > queue-5.4/media-venus-protect-against-spurious-interrupts-during-probe.patch > queue-5.4/alsa-intel8x0-fix-incorrect-codec-index-usage-in-mix.patch > queue-5.4/usb-early-xhci-dbc-fix-early_ioremap-leak.patch > queue-5.4/net-emaclite-fix-missing-pointer-increment-in-aligne.patch > queue-5.4/iwlwifi-add-missing-check-for-alloc_ordered_workqueu.patch > queue-5.4/nfs-fix-the-setting-of-capabilities-when-automounting-a-new-filesystem.patch > queue-5.4/mwl8k-add-missing-check-after-dma-map.patch > queue-5.4/usb-musb-omap2430-fix-device-leak-at-unbind.patch > queue-5.4/scsi-mpt3sas-correctly-handle-ata-device-errors.patch > queue-5.4/f2fs-fix-to-avoid-panic-in-f2fs_evict_inode.patch > queue-5.4/wifi-rtl8xxxu-fix-rx-skb-size-for-aggregation-disabl.patch > queue-5.4/net-ag71xx-add-missing-check-after-dma-map.patch > queue-5.4/pm-cpupower-fix-the-snapshot-order-of-tsc-mperf-cloc.patch > queue-5.4/ipmi-fix-strcpy-source-and-destination-the-same.patch > queue-5.4/wifi-cfg80211-fix-interface-type-validation.patch > queue-5.4/kconfig-nconf-ensure-null-termination-where-strncpy-.patch > queue-5.4/rdma-core-rate-limit-gid-cache-warning-messages.patch > queue-5.4/regulator-core-fix-null-dereference-on-unbind-due-to.patch > queue-5.4/alsa-scarlett2-add-retry-on-eproto-from-scarlett2_usb_tx.patch > queue-5.4/cdc-acm-fix-race-between-initial-clearing-halt-and-open.patch > queue-5.4/netmem-fix-skb_frag_address_safe-with-unreadable-skb.patch > queue-5.4/vhost-fail-early-when-__vhost_add_used-fails.patch > queue-5.4/i3c-don-t-fail-if-gethdrcap-is-unsupported.patch > queue-5.4/media-tc358743-increase-fifo-trigger-level-to-374.patch > queue-5.4/watchdog-ziirave_wdt-check-record-length-in-ziirave_.patch > queue-5.4/pmdomain-governor-consider-cpu-latency-tolerance-from-pm_domain_cpu_gov.patch > queue-5.4/fs-prevent-file-descriptor-table-allocations-exceeding-int_max.patch > queue-5.4/arm-dts-vfxxx-correctly-use-two-tuples-for-timer-add.patch > queue-5.4/rtc-ds1307-fix-incorrect-maximum-clock-rate-handling.patch > queue-5.4/mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction-n.patch > queue-5.4/platform-x86-thinkpad_acpi-handle-kcov-__init-vs-inl.patch > queue-5.4/scsi-lpfc-check-for-hdwq-null-ptr-when-cleaning-up-l.patch > queue-5.4/media-venus-hfi-explicitly-release-irq-during-teardown.patch > queue-5.4/reapply-wifi-mac80211-update-skb-s-control-block-key.patch > queue-5.4/securityfs-don-t-pin-dentries-twice-once-is-enough.patch > queue-5.4/soc-qcom-mdt_loader-ensure-we-don-t-read-past-the-elf-header.patch > queue-5.4/acpi-processor-fix-acpi_object-initialization.patch > queue-5.4/arm-rockchip-fix-kernel-hang-during-smp-initializati.patch > queue-5.4/jfs-fix-metapage-reference-count-leak-in-dballocctl.patch > queue-5.4/sctp-linearize-cloned-gso-packets-in-sctp_rcv.patch > queue-5.4/media-qcom-camss-cleanup-media-device-allocated-resource-on-error-path.patch > queue-5.4/comedi-fix-initialization-of-data-for-instructions-that-write-to-subdevice.patch > queue-5.4/media-v4l2-ctrls-don-t-reset-handler-s-error-in-v4l2_ctrl_handler_free.patch > queue-5.4/use-uniform-permission-checks-for-all-mount-propagat.patch > queue-5.4/cpufreq-init-policy-rwsem-before-it-may-be-possibly-.patch > queue-5.4/asoc-ops-dynamically-allocate-struct-snd_ctl_elem_va.patch > queue-5.4/mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery.patch

3 weeks, 5 days

1
0
0 0

Re: Patch "zynq_fpga: use sgtable-based scatterlist wrappers" has been added to the 6.16-stable tree

by Xu Yilun

On Thu, Aug 21, 2025 at 03:20:18PM +0200, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > zynq_fpga: use sgtable-based scatterlist wrappers > > to the 6.16-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > zynq_fpga-use-sgtable-based-scatterlist-wrappers.patch > and it can be found in the queue-6.16 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Hi Greg: This patch solves sgtable usage issue but causes AMD fpga driver fail, https://lore.kernel.org/linux-fpga/202508041548.22955.pisa@fel.cvut.cz/ The fix patch should be applied together with this patch: https://lore.kernel.org/linux-fpga/20250806070605.1920909-2-yilun.xu@linux.… Thanks, Yilun > > > From 37e00703228ab44d0aacc32a97809a4f6f58df1b Mon Sep 17 00:00:00 2001 > From: Marek Szyprowski <m.szyprowski(a)samsung.com> > Date: Mon, 16 Jun 2025 14:09:32 +0200 > Subject: zynq_fpga: use sgtable-based scatterlist wrappers > > From: Marek Szyprowski <m.szyprowski(a)samsung.com> > > commit 37e00703228ab44d0aacc32a97809a4f6f58df1b upstream. > > Use common wrappers operating directly on the struct sg_table objects to > fix incorrect use of statterlists related calls. dma_unmap_sg() function > has to be called with the number of elements originally passed to the > dma_map_sg() function, not the one returned in sgtable's nents. > > CC: stable(a)vger.kernel.org > Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface") > Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> > Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> > Reviewed-by: Xu Yilun <yilun.xu(a)intel.com> > Link: https://lore.kernel.org/r/20250616120932.1090614-1-m.szyprowski@samsung.com > Signed-off-by: Xu Yilun <yilun.xu(a)linux.intel.com> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/fpga/zynq-fpga.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > --- a/drivers/fpga/zynq-fpga.c > +++ b/drivers/fpga/zynq-fpga.c > @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fp > } > > priv->dma_nelms = > - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); > + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); > if (priv->dma_nelms == 0) { > dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n"); > return -ENOMEM; > @@ -478,7 +478,7 @@ out_clk: > clk_disable(priv->clk); > > out_free: > - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); > + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); > return err; > } > > > > Patches currently in stable-queue which might be from m.szyprowski(a)samsung.com are > > queue-6.16/zynq_fpga-use-sgtable-based-scatterlist-wrappers.patch

3 weeks, 5 days

2
3
0 0

[PATCH 6.16.y 1/2] devlink: let driver opt out of automatic phys_port_name generation

by Calvin Owens

From: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> [ Upstream commit c5ec7f49b480db0dfc83f395755b1c2a7c979920 ] Currently when adding devlink port, phys_port_name is automatically generated within devlink port initialization flow. As a result adding devlink port support to driver may result in forced changes of interface names, which breaks already existing network configs. This is an expected behavior but in some scenarios it would not be preferable to provide such limitation for legacy driver not being able to keep 'pre-devlink' interface name. Add flag no_phys_port_name to devlink_port_attrs struct which indicates if devlink should not alter name of interface. Suggested-by: Jiri Pirko <jiri(a)resnulli.us> Link: https://lore.kernel.org/all/nbwrfnjhvrcduqzjl4a2jafnvvud6qsbxlvxaxilnryglf4… Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Cc: stable(a)vger.kernel.org # 6.16 Tested-By: Calvin Owens <calvin(a)wbinvd.org> Signed-off-by: Calvin Owens <calvin(a)wbinvd.org> --- include/net/devlink.h | 6 +++++- net/devlink/port.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include/net/devlink.h b/include/net/devlink.h index 0091f23a40f7..af3fd45155dd 100644 --- a/include/net/devlink.h +++ b/include/net/devlink.h @@ -78,6 +78,9 @@ struct devlink_port_pci_sf_attrs { * @flavour: flavour of the port * @split: indicates if this is split port * @splittable: indicates if the port can be split. + * @no_phys_port_name: skip automatic phys_port_name generation; for + * compatibility only, newly added driver/port instance + * should never set this. * @lanes: maximum number of lanes the port supports. 0 value is not passed to netlink. * @switch_id: if the port is part of switch, this is buffer with ID, otherwise this is NULL * @phys: physical port attributes @@ -87,7 +90,8 @@ struct devlink_port_pci_sf_attrs { */ struct devlink_port_attrs { u8 split:1, - splittable:1; + splittable:1, + no_phys_port_name:1; u32 lanes; enum devlink_port_flavour flavour; struct netdev_phys_item_id switch_id; diff --git a/net/devlink/port.c b/net/devlink/port.c index 939081a0e615..cb8d4df61619 100644 --- a/net/devlink/port.c +++ b/net/devlink/port.c @@ -1519,7 +1519,7 @@ static int __devlink_port_phys_port_name_get(struct devlink_port *devlink_port, struct devlink_port_attrs *attrs = &devlink_port->attrs; int n = 0; - if (!devlink_port->attrs_set) + if (!devlink_port->attrs_set || devlink_port->attrs.no_phys_port_name) return -EOPNOTSUPP; switch (attrs->flavour) { -- 2.47.2

3 weeks, 5 days

1
1
0 0

FAILED: patch "[PATCH] usb: typec: maxim_contaminant: disable low power mode when" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cabb6c5f4d9e7f49bdf8c0a13c74bd93ee35f45a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082341-salami-darkroom-6913@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cabb6c5f4d9e7f49bdf8c0a13c74bd93ee35f45a Mon Sep 17 00:00:00 2001 From: Amit Sunil Dhamne <amitsd(a)google.com> Date: Fri, 15 Aug 2025 11:31:51 -0700 Subject: [PATCH] usb: typec: maxim_contaminant: disable low power mode when reading comparator values Low power mode is enabled when reading CC resistance as part of `max_contaminant_read_resistance_kohm()` and left in that state. However, it's supposed to work with 1uA current source. To read CC comparator values current source is changed to 80uA. This causes a storm of CC interrupts as it (falsely) detects a potential contaminant. To prevent this, disable low power mode current sourcing before reading comparator values. Fixes: 02b332a06397 ("usb: typec: maxim_contaminant: Implement check_contaminant callback") Cc: stable <stable(a)kernel.org> Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> Rule: add Link: https://lore.kernel.org/stable/20250814-fix-upstream-contaminant-v1-1-801ce… Link: https://lore.kernel.org/r/20250815-fix-upstream-contaminant-v2-1-6c8d6c3ada… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/maxim_contaminant.c b/drivers/usb/typec/tcpm/maxim_contaminant.c index 0cdda06592fd..818cfe226ac7 100644 --- a/drivers/usb/typec/tcpm/maxim_contaminant.c +++ b/drivers/usb/typec/tcpm/maxim_contaminant.c @@ -188,6 +188,11 @@ static int max_contaminant_read_comparators(struct max_tcpci_chip *chip, u8 *ven if (ret < 0) return ret; + /* Disable low power mode */ + ret = regmap_update_bits(regmap, TCPC_VENDOR_CC_CTRL2, CCLPMODESEL, + FIELD_PREP(CCLPMODESEL, + LOW_POWER_MODE_DISABLE)); + /* Sleep to allow comparators settle */ usleep_range(5000, 6000); ret = regmap_update_bits(regmap, TCPC_TCPC_CTRL, TCPC_TCPC_CTRL_ORIENTATION, PLUG_ORNT_CC1); diff --git a/drivers/usb/typec/tcpm/tcpci_maxim.h b/drivers/usb/typec/tcpm/tcpci_maxim.h index 76270d5c2838..b33540a42a95 100644 --- a/drivers/usb/typec/tcpm/tcpci_maxim.h +++ b/drivers/usb/typec/tcpm/tcpci_maxim.h @@ -21,6 +21,7 @@ #define CCOVPDIS BIT(6) #define SBURPCTRL BIT(5) #define CCLPMODESEL GENMASK(4, 3) +#define LOW_POWER_MODE_DISABLE 0 #define ULTRA_LOW_POWER_MODE 1 #define CCRPCTRL GENMASK(2, 0) #define UA_1_SRC 1

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8ea815399c3fcce1889bd951fec25b5b9a3979c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082220-surfboard-widget-ac5d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8ea815399c3fcce1889bd951fec25b5b9a3979c1 Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich(a)suse.com> Date: Mon, 14 Apr 2025 16:41:07 +0200 Subject: [PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again __ADDRESSABLE_ASM_STR() is where the necessary stringification happens. As long as "sym" doesn't contain any odd characters, no quoting is required for its use with .quad / .long. In fact the quotation gets in the way with gas 2.25; it's only from 2.26 onwards that quoted symbols are half-way properly supported. However, assembly being different from C anyway, drop __ADDRESSABLE_ASM_STR() and its helper macro altogether. A simple .global directive will suffice to get the symbol "declared", i.e. into the symbol table. While there also stop open-coding STATIC_CALL_TRAMP() and STATIC_CALL_KEY(). Fixes: 0ef8047b737d ("x86/static-call: provide a way to do very early static-call updates") Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Juergen Gross <jgross(a)suse.com> Message-ID: <609d2c74-de13-4fae-ab1a-1ec44afb948d(a)suse.com> diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h index 59a62c3780a2..a16d4631547c 100644 --- a/arch/x86/include/asm/xen/hypercall.h +++ b/arch/x86/include/asm/xen/hypercall.h @@ -94,12 +94,13 @@ DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func); #ifdef MODULE #define __ADDRESSABLE_xen_hypercall #else -#define __ADDRESSABLE_xen_hypercall __ADDRESSABLE_ASM_STR(__SCK__xen_hypercall) +#define __ADDRESSABLE_xen_hypercall \ + __stringify(.global STATIC_CALL_KEY(xen_hypercall);) #endif #define __HYPERCALL \ __ADDRESSABLE_xen_hypercall \ - "call __SCT__xen_hypercall" + __stringify(call STATIC_CALL_TRAMP(xen_hypercall)) #define __HYPERCALL_ENTRY(x) "a" (x) diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 6f04a1d8c720..64ff73c533e5 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -288,14 +288,6 @@ static inline void *offset_to_ptr(const int *off) #define __ADDRESSABLE(sym) \ ___ADDRESSABLE(sym, __section(".discard.addressable")) -#define __ADDRESSABLE_ASM(sym) \ - .pushsection .discard.addressable,"aw"; \ - .align ARCH_SEL(8,4); \ - ARCH_SEL(.quad, .long) __stringify(sym); \ - .popsection; - -#define __ADDRESSABLE_ASM_STR(sym) __stringify(__ADDRESSABLE_ASM(sym)) - /* * This returns a constant expression while determining if an argument is * a constant expression, most importantly without evaluating the argument.

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082308-crafty-citable-521f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001 From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Date: Tue, 19 Aug 2025 15:58:43 +0300 Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict xHC controller may immediately reuse a slot_id after it's disabled, giving it to a new enumerating device before the xhci driver freed all resources related to the disabled device. In such a scenario, device-A with slot_id equal to 1 is disconnecting while device-B is enumerating, device-B will fail to enumerate in the follow sequence. 1.[device-A] send disable slot command 2.[device-B] send enable slot command 3.[device-A] disable slot command completed and wakeup waiting thread 4.[device-B] enable slot command completed with slot_id equal to 1 and wakeup waiting thread 5.[device-B] driver checks that slot_id is still in use (by device-A) in xhci_alloc_virt_device, and fail to enumerate due to this conflict 6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context when disable slot command completes successfully. Simultaneously, adjust function xhci_free_virt_device to accurately handle device release. [minor smatch warning and commit message fix -Mathias] Cc: stable(a)vger.kernel.org Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend") Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 92bb84f8132a..b3a59ce1b3f4 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci, if (!xhci->devs[i]) continue; - retval = xhci_disable_slot(xhci, i); - xhci_free_virt_device(xhci, i); + retval = xhci_disable_and_free_slot(xhci, i); if (retval) xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n", i, retval); diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 07289333a1e8..81eaad87a3d9 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci, * will be manipulated by the configure endpoint, allocate device, or update * hub functions while this function is removing the TT entries from the list. */ -void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id) +void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, + int slot_id) { - struct xhci_virt_device *dev; int i; int old_active_eps = 0; /* Slot ID 0 is reserved */ - if (slot_id == 0 || !xhci->devs[slot_id]) + if (slot_id == 0 || !dev) return; - dev = xhci->devs[slot_id]; - - xhci->dcbaa->dev_context_ptrs[slot_id] = 0; - if (!dev) - return; + /* If device ctx array still points to _this_ device, clear it */ + if (dev->out_ctx && + xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma)) + xhci->dcbaa->dev_context_ptrs[slot_id] = 0; trace_xhci_free_virt_device(dev); @@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id) dev->udev->slot_id = 0; if (dev->rhub_port && dev->rhub_port->slot_id == slot_id) dev->rhub_port->slot_id = 0; - kfree(xhci->devs[slot_id]); - xhci->devs[slot_id] = NULL; + if (xhci->devs[slot_id] == dev) + xhci->devs[slot_id] = NULL; + kfree(dev); } /* @@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i out: /* we are now at a leaf device */ xhci_debugfs_remove_slot(xhci, slot_id); - xhci_free_virt_device(xhci, slot_id); + xhci_free_virt_device(xhci, vdev, slot_id); } int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index ecd757d482c5..4f8f5aab109d 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman command->slot_id = 0; } -static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id) +static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id, + u32 cmd_comp_code) { struct xhci_virt_device *virt_dev; struct xhci_slot_ctx *slot_ctx; @@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id) if (xhci->quirks & XHCI_EP_LIMIT_QUIRK) /* Delete default control endpoint resources */ xhci_free_device_endpoint_resources(xhci, virt_dev, true); + if (cmd_comp_code == COMP_SUCCESS) { + xhci->dcbaa->dev_context_ptrs[slot_id] = 0; + xhci->devs[slot_id] = NULL; + } } static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id) @@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci, xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code); break; case TRB_DISABLE_SLOT: - xhci_handle_cmd_disable_slot(xhci, slot_id); + xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code); break; case TRB_CONFIG_EP: if (!cmd->completion) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 47151ca527bf..0e03691f03bf 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd, * Obtaining a new device slot to inform the xHCI host that * the USB device has been reset. */ - ret = xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + ret = xhci_disable_and_free_slot(xhci, udev->slot_id); if (!ret) { ret = xhci_alloc_dev(hcd, udev); if (ret == 1) @@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) xhci_disable_slot(xhci, udev->slot_id); spin_lock_irqsave(&xhci->lock, flags); - xhci_free_virt_device(xhci, udev->slot_id); + xhci_free_virt_device(xhci, virt_dev, udev->slot_id); spin_unlock_irqrestore(&xhci->lock, flags); } @@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id) return 0; } +int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id) +{ + struct xhci_virt_device *vdev = xhci->devs[slot_id]; + int ret; + + ret = xhci_disable_slot(xhci, slot_id); + xhci_free_virt_device(xhci, vdev, slot_id); + return ret; +} + /* * Checks if we have enough host controller resources for the default control * endpoint. @@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) return 1; disable_slot: - xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + xhci_disable_and_free_slot(xhci, udev->slot_id); return 0; } @@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev, dev_warn(&udev->dev, "Device not responding to setup %s.\n", act); mutex_unlock(&xhci->mutex); - ret = xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + ret = xhci_disable_and_free_slot(xhci, udev->slot_id); if (!ret) { if (xhci_alloc_dev(hcd, udev) == 1) xhci_setup_addressable_virt_dev(xhci, udev); diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index a20f4e7cd43a..85d5b964bf1e 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *), /* xHCI memory management */ void xhci_mem_cleanup(struct xhci_hcd *xhci); int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags); -void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id); +void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id); int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags); int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev); void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci, @@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev); int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev, struct usb_tt *tt, gfp_t mem_flags); int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id); +int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id); int xhci_ext_cap_init(struct xhci_hcd *xhci); int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] usb: typec: maxim_contaminant: re-enable cc toggle if cc is" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a381c6d6f646226924809d0ad01a9465786da463 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082346-facedown-granddad-9758@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a381c6d6f646226924809d0ad01a9465786da463 Mon Sep 17 00:00:00 2001 From: Amit Sunil Dhamne <amitsd(a)google.com> Date: Fri, 15 Aug 2025 11:31:52 -0700 Subject: [PATCH] usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean Presently in `max_contaminant_is_contaminant()` if there's no contaminant detected previously, CC is open & stopped toggling and no contaminant is currently present, TCPC.RC would be programmed to do DRP toggling. However, it didn't actively look for a connection. This would lead to Type-C not detect *any* new connections. Hence, in the above situation, re-enable toggling & program TCPC to look for a new connection. Also, return early if TCPC was looking for connection as this indicates TCPC has neither detected a potential connection nor a change in contaminant state. In addition, once dry detection is complete (port is dry), restart toggling. Fixes: 02b332a06397e ("usb: typec: maxim_contaminant: Implement check_contaminant callback") Cc: stable <stable(a)kernel.org> Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> Link: https://lore.kernel.org/r/20250815-fix-upstream-contaminant-v2-2-6c8d6c3ada… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/maxim_contaminant.c b/drivers/usb/typec/tcpm/maxim_contaminant.c index 818cfe226ac7..af8da6dc60ae 100644 --- a/drivers/usb/typec/tcpm/maxim_contaminant.c +++ b/drivers/usb/typec/tcpm/maxim_contaminant.c @@ -329,6 +329,39 @@ static int max_contaminant_enable_dry_detection(struct max_tcpci_chip *chip) return 0; } +static int max_contaminant_enable_toggling(struct max_tcpci_chip *chip) +{ + struct regmap *regmap = chip->data.regmap; + int ret; + + /* Disable dry detection if enabled. */ + ret = regmap_update_bits(regmap, TCPC_VENDOR_CC_CTRL2, CCLPMODESEL, + FIELD_PREP(CCLPMODESEL, + LOW_POWER_MODE_DISABLE)); + if (ret) + return ret; + + ret = regmap_update_bits(regmap, TCPC_VENDOR_CC_CTRL1, CCCONNDRY, 0); + if (ret) + return ret; + + ret = max_tcpci_write8(chip, TCPC_ROLE_CTRL, TCPC_ROLE_CTRL_DRP | + FIELD_PREP(TCPC_ROLE_CTRL_CC1, + TCPC_ROLE_CTRL_CC_RD) | + FIELD_PREP(TCPC_ROLE_CTRL_CC2, + TCPC_ROLE_CTRL_CC_RD)); + if (ret) + return ret; + + ret = regmap_update_bits(regmap, TCPC_TCPC_CTRL, + TCPC_TCPC_CTRL_EN_LK4CONN_ALRT, + TCPC_TCPC_CTRL_EN_LK4CONN_ALRT); + if (ret) + return ret; + + return max_tcpci_write8(chip, TCPC_COMMAND, TCPC_CMD_LOOK4CONNECTION); +} + bool max_contaminant_is_contaminant(struct max_tcpci_chip *chip, bool disconnect_while_debounce, bool *cc_handled) { @@ -345,6 +378,12 @@ bool max_contaminant_is_contaminant(struct max_tcpci_chip *chip, bool disconnect if (ret < 0) return false; + if (cc_status & TCPC_CC_STATUS_TOGGLING) { + if (chip->contaminant_state == DETECTED) + return true; + return false; + } + if (chip->contaminant_state == NOT_DETECTED || chip->contaminant_state == SINK) { if (!disconnect_while_debounce) msleep(100); @@ -377,6 +416,12 @@ bool max_contaminant_is_contaminant(struct max_tcpci_chip *chip, bool disconnect max_contaminant_enable_dry_detection(chip); return true; } + + ret = max_contaminant_enable_toggling(chip); + if (ret) + dev_err(chip->dev, + "Failed to enable toggling, ret=%d", + ret); } } else if (chip->contaminant_state == DETECTED) { if (!(cc_status & TCPC_CC_STATUS_TOGGLING)) { @@ -384,6 +429,14 @@ bool max_contaminant_is_contaminant(struct max_tcpci_chip *chip, bool disconnect if (chip->contaminant_state == DETECTED) { max_contaminant_enable_dry_detection(chip); return true; + } else { + ret = max_contaminant_enable_toggling(chip); + if (ret) { + dev_err(chip->dev, + "Failed to enable toggling, ret=%d", + ret); + return true; + } } } }

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082307-civic-sleeve-30a6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001 From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Date: Tue, 19 Aug 2025 15:58:43 +0300 Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict xHC controller may immediately reuse a slot_id after it's disabled, giving it to a new enumerating device before the xhci driver freed all resources related to the disabled device. In such a scenario, device-A with slot_id equal to 1 is disconnecting while device-B is enumerating, device-B will fail to enumerate in the follow sequence. 1.[device-A] send disable slot command 2.[device-B] send enable slot command 3.[device-A] disable slot command completed and wakeup waiting thread 4.[device-B] enable slot command completed with slot_id equal to 1 and wakeup waiting thread 5.[device-B] driver checks that slot_id is still in use (by device-A) in xhci_alloc_virt_device, and fail to enumerate due to this conflict 6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context when disable slot command completes successfully. Simultaneously, adjust function xhci_free_virt_device to accurately handle device release. [minor smatch warning and commit message fix -Mathias] Cc: stable(a)vger.kernel.org Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend") Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 92bb84f8132a..b3a59ce1b3f4 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci, if (!xhci->devs[i]) continue; - retval = xhci_disable_slot(xhci, i); - xhci_free_virt_device(xhci, i); + retval = xhci_disable_and_free_slot(xhci, i); if (retval) xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n", i, retval); diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 07289333a1e8..81eaad87a3d9 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci, * will be manipulated by the configure endpoint, allocate device, or update * hub functions while this function is removing the TT entries from the list. */ -void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id) +void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, + int slot_id) { - struct xhci_virt_device *dev; int i; int old_active_eps = 0; /* Slot ID 0 is reserved */ - if (slot_id == 0 || !xhci->devs[slot_id]) + if (slot_id == 0 || !dev) return; - dev = xhci->devs[slot_id]; - - xhci->dcbaa->dev_context_ptrs[slot_id] = 0; - if (!dev) - return; + /* If device ctx array still points to _this_ device, clear it */ + if (dev->out_ctx && + xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma)) + xhci->dcbaa->dev_context_ptrs[slot_id] = 0; trace_xhci_free_virt_device(dev); @@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id) dev->udev->slot_id = 0; if (dev->rhub_port && dev->rhub_port->slot_id == slot_id) dev->rhub_port->slot_id = 0; - kfree(xhci->devs[slot_id]); - xhci->devs[slot_id] = NULL; + if (xhci->devs[slot_id] == dev) + xhci->devs[slot_id] = NULL; + kfree(dev); } /* @@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i out: /* we are now at a leaf device */ xhci_debugfs_remove_slot(xhci, slot_id); - xhci_free_virt_device(xhci, slot_id); + xhci_free_virt_device(xhci, vdev, slot_id); } int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index ecd757d482c5..4f8f5aab109d 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman command->slot_id = 0; } -static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id) +static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id, + u32 cmd_comp_code) { struct xhci_virt_device *virt_dev; struct xhci_slot_ctx *slot_ctx; @@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id) if (xhci->quirks & XHCI_EP_LIMIT_QUIRK) /* Delete default control endpoint resources */ xhci_free_device_endpoint_resources(xhci, virt_dev, true); + if (cmd_comp_code == COMP_SUCCESS) { + xhci->dcbaa->dev_context_ptrs[slot_id] = 0; + xhci->devs[slot_id] = NULL; + } } static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id) @@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci, xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code); break; case TRB_DISABLE_SLOT: - xhci_handle_cmd_disable_slot(xhci, slot_id); + xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code); break; case TRB_CONFIG_EP: if (!cmd->completion) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 47151ca527bf..0e03691f03bf 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd, * Obtaining a new device slot to inform the xHCI host that * the USB device has been reset. */ - ret = xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + ret = xhci_disable_and_free_slot(xhci, udev->slot_id); if (!ret) { ret = xhci_alloc_dev(hcd, udev); if (ret == 1) @@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) xhci_disable_slot(xhci, udev->slot_id); spin_lock_irqsave(&xhci->lock, flags); - xhci_free_virt_device(xhci, udev->slot_id); + xhci_free_virt_device(xhci, virt_dev, udev->slot_id); spin_unlock_irqrestore(&xhci->lock, flags); } @@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id) return 0; } +int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id) +{ + struct xhci_virt_device *vdev = xhci->devs[slot_id]; + int ret; + + ret = xhci_disable_slot(xhci, slot_id); + xhci_free_virt_device(xhci, vdev, slot_id); + return ret; +} + /* * Checks if we have enough host controller resources for the default control * endpoint. @@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) return 1; disable_slot: - xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + xhci_disable_and_free_slot(xhci, udev->slot_id); return 0; } @@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev, dev_warn(&udev->dev, "Device not responding to setup %s.\n", act); mutex_unlock(&xhci->mutex); - ret = xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + ret = xhci_disable_and_free_slot(xhci, udev->slot_id); if (!ret) { if (xhci_alloc_dev(hcd, udev) == 1) xhci_setup_addressable_virt_dev(xhci, udev); diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index a20f4e7cd43a..85d5b964bf1e 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *), /* xHCI memory management */ void xhci_mem_cleanup(struct xhci_hcd *xhci); int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags); -void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id); +void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id); int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags); int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev); void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci, @@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev); int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev, struct usb_tt *tt, gfp_t mem_flags); int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id); +int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id); int xhci_ext_cap_init(struct xhci_hcd *xhci); int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8ea815399c3fcce1889bd951fec25b5b9a3979c1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082219-mobile-riding-ffd1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8ea815399c3fcce1889bd951fec25b5b9a3979c1 Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich(a)suse.com> Date: Mon, 14 Apr 2025 16:41:07 +0200 Subject: [PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again __ADDRESSABLE_ASM_STR() is where the necessary stringification happens. As long as "sym" doesn't contain any odd characters, no quoting is required for its use with .quad / .long. In fact the quotation gets in the way with gas 2.25; it's only from 2.26 onwards that quoted symbols are half-way properly supported. However, assembly being different from C anyway, drop __ADDRESSABLE_ASM_STR() and its helper macro altogether. A simple .global directive will suffice to get the symbol "declared", i.e. into the symbol table. While there also stop open-coding STATIC_CALL_TRAMP() and STATIC_CALL_KEY(). Fixes: 0ef8047b737d ("x86/static-call: provide a way to do very early static-call updates") Signed-off-by: Jan Beulich <jbeulich(a)suse.com> Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Juergen Gross <jgross(a)suse.com> Message-ID: <609d2c74-de13-4fae-ab1a-1ec44afb948d(a)suse.com> diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h index 59a62c3780a2..a16d4631547c 100644 --- a/arch/x86/include/asm/xen/hypercall.h +++ b/arch/x86/include/asm/xen/hypercall.h @@ -94,12 +94,13 @@ DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func); #ifdef MODULE #define __ADDRESSABLE_xen_hypercall #else -#define __ADDRESSABLE_xen_hypercall __ADDRESSABLE_ASM_STR(__SCK__xen_hypercall) +#define __ADDRESSABLE_xen_hypercall \ + __stringify(.global STATIC_CALL_KEY(xen_hypercall);) #endif #define __HYPERCALL \ __ADDRESSABLE_xen_hypercall \ - "call __SCT__xen_hypercall" + __stringify(call STATIC_CALL_TRAMP(xen_hypercall)) #define __HYPERCALL_ENTRY(x) "a" (x) diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 6f04a1d8c720..64ff73c533e5 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -288,14 +288,6 @@ static inline void *offset_to_ptr(const int *off) #define __ADDRESSABLE(sym) \ ___ADDRESSABLE(sym, __section(".discard.addressable")) -#define __ADDRESSABLE_ASM(sym) \ - .pushsection .discard.addressable,"aw"; \ - .align ARCH_SEL(8,4); \ - ARCH_SEL(.quad, .long) __stringify(sym); \ - .popsection; - -#define __ADDRESSABLE_ASM_STR(sym) __stringify(__ADDRESSABLE_ASM(sym)) - /* * This returns a constant expression while determining if an argument is * a constant expression, most importantly without evaluating the argument.

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082306-rebalance-drainer-a7fd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001 From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Date: Tue, 19 Aug 2025 15:58:43 +0300 Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict xHC controller may immediately reuse a slot_id after it's disabled, giving it to a new enumerating device before the xhci driver freed all resources related to the disabled device. In such a scenario, device-A with slot_id equal to 1 is disconnecting while device-B is enumerating, device-B will fail to enumerate in the follow sequence. 1.[device-A] send disable slot command 2.[device-B] send enable slot command 3.[device-A] disable slot command completed and wakeup waiting thread 4.[device-B] enable slot command completed with slot_id equal to 1 and wakeup waiting thread 5.[device-B] driver checks that slot_id is still in use (by device-A) in xhci_alloc_virt_device, and fail to enumerate due to this conflict 6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context when disable slot command completes successfully. Simultaneously, adjust function xhci_free_virt_device to accurately handle device release. [minor smatch warning and commit message fix -Mathias] Cc: stable(a)vger.kernel.org Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend") Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 92bb84f8132a..b3a59ce1b3f4 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci, if (!xhci->devs[i]) continue; - retval = xhci_disable_slot(xhci, i); - xhci_free_virt_device(xhci, i); + retval = xhci_disable_and_free_slot(xhci, i); if (retval) xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n", i, retval); diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 07289333a1e8..81eaad87a3d9 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci, * will be manipulated by the configure endpoint, allocate device, or update * hub functions while this function is removing the TT entries from the list. */ -void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id) +void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, + int slot_id) { - struct xhci_virt_device *dev; int i; int old_active_eps = 0; /* Slot ID 0 is reserved */ - if (slot_id == 0 || !xhci->devs[slot_id]) + if (slot_id == 0 || !dev) return; - dev = xhci->devs[slot_id]; - - xhci->dcbaa->dev_context_ptrs[slot_id] = 0; - if (!dev) - return; + /* If device ctx array still points to _this_ device, clear it */ + if (dev->out_ctx && + xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma)) + xhci->dcbaa->dev_context_ptrs[slot_id] = 0; trace_xhci_free_virt_device(dev); @@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id) dev->udev->slot_id = 0; if (dev->rhub_port && dev->rhub_port->slot_id == slot_id) dev->rhub_port->slot_id = 0; - kfree(xhci->devs[slot_id]); - xhci->devs[slot_id] = NULL; + if (xhci->devs[slot_id] == dev) + xhci->devs[slot_id] = NULL; + kfree(dev); } /* @@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i out: /* we are now at a leaf device */ xhci_debugfs_remove_slot(xhci, slot_id); - xhci_free_virt_device(xhci, slot_id); + xhci_free_virt_device(xhci, vdev, slot_id); } int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index ecd757d482c5..4f8f5aab109d 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman command->slot_id = 0; } -static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id) +static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id, + u32 cmd_comp_code) { struct xhci_virt_device *virt_dev; struct xhci_slot_ctx *slot_ctx; @@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id) if (xhci->quirks & XHCI_EP_LIMIT_QUIRK) /* Delete default control endpoint resources */ xhci_free_device_endpoint_resources(xhci, virt_dev, true); + if (cmd_comp_code == COMP_SUCCESS) { + xhci->dcbaa->dev_context_ptrs[slot_id] = 0; + xhci->devs[slot_id] = NULL; + } } static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id) @@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci, xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code); break; case TRB_DISABLE_SLOT: - xhci_handle_cmd_disable_slot(xhci, slot_id); + xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code); break; case TRB_CONFIG_EP: if (!cmd->completion) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 47151ca527bf..0e03691f03bf 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd, * Obtaining a new device slot to inform the xHCI host that * the USB device has been reset. */ - ret = xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + ret = xhci_disable_and_free_slot(xhci, udev->slot_id); if (!ret) { ret = xhci_alloc_dev(hcd, udev); if (ret == 1) @@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) xhci_disable_slot(xhci, udev->slot_id); spin_lock_irqsave(&xhci->lock, flags); - xhci_free_virt_device(xhci, udev->slot_id); + xhci_free_virt_device(xhci, virt_dev, udev->slot_id); spin_unlock_irqrestore(&xhci->lock, flags); } @@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id) return 0; } +int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id) +{ + struct xhci_virt_device *vdev = xhci->devs[slot_id]; + int ret; + + ret = xhci_disable_slot(xhci, slot_id); + xhci_free_virt_device(xhci, vdev, slot_id); + return ret; +} + /* * Checks if we have enough host controller resources for the default control * endpoint. @@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) return 1; disable_slot: - xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + xhci_disable_and_free_slot(xhci, udev->slot_id); return 0; } @@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev, dev_warn(&udev->dev, "Device not responding to setup %s.\n", act); mutex_unlock(&xhci->mutex); - ret = xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + ret = xhci_disable_and_free_slot(xhci, udev->slot_id); if (!ret) { if (xhci_alloc_dev(hcd, udev) == 1) xhci_setup_addressable_virt_dev(xhci, udev); diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index a20f4e7cd43a..85d5b964bf1e 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *), /* xHCI memory management */ void xhci_mem_cleanup(struct xhci_hcd *xhci); int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags); -void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id); +void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id); int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags); int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev); void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci, @@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev); int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev, struct usb_tt *tt, gfp_t mem_flags); int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id); +int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id); int xhci_ext_cap_init(struct xhci_hcd *xhci); int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082315-delirious-sandy-654a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Fri, 8 Aug 2025 09:40:10 +0200 Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY Temperature sensor returns the temperature of the mechanical parts of the chip. If both accel and gyro are off, the temperature sensor is also automatically turned off and returns invalid data. In this case, returning -EBUSY error code is better then -EINVAL and indicates userspace that it needs to retry reading temperature in another context. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Cc: stable(a)vger.kernel.org Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Reviewed-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 8b15afca498c..271a4788604a 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp) goto exit; *temp = (s16)be16_to_cpup(raw); + /* + * Temperature data is invalid if both accel and gyro are off. + * Return -EBUSY in this case. + */ if (*temp == INV_ICM42600_DATA_INVALID) - ret = -EINVAL; + ret = -EBUSY; exit: mutex_unlock(&st->lock);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082305-paddle-refute-2bd7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001 From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Date: Tue, 19 Aug 2025 15:58:43 +0300 Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict xHC controller may immediately reuse a slot_id after it's disabled, giving it to a new enumerating device before the xhci driver freed all resources related to the disabled device. In such a scenario, device-A with slot_id equal to 1 is disconnecting while device-B is enumerating, device-B will fail to enumerate in the follow sequence. 1.[device-A] send disable slot command 2.[device-B] send enable slot command 3.[device-A] disable slot command completed and wakeup waiting thread 4.[device-B] enable slot command completed with slot_id equal to 1 and wakeup waiting thread 5.[device-B] driver checks that slot_id is still in use (by device-A) in xhci_alloc_virt_device, and fail to enumerate due to this conflict 6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context when disable slot command completes successfully. Simultaneously, adjust function xhci_free_virt_device to accurately handle device release. [minor smatch warning and commit message fix -Mathias] Cc: stable(a)vger.kernel.org Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend") Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c index 92bb84f8132a..b3a59ce1b3f4 100644 --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci, if (!xhci->devs[i]) continue; - retval = xhci_disable_slot(xhci, i); - xhci_free_virt_device(xhci, i); + retval = xhci_disable_and_free_slot(xhci, i); if (retval) xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n", i, retval); diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 07289333a1e8..81eaad87a3d9 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci, * will be manipulated by the configure endpoint, allocate device, or update * hub functions while this function is removing the TT entries from the list. */ -void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id) +void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, + int slot_id) { - struct xhci_virt_device *dev; int i; int old_active_eps = 0; /* Slot ID 0 is reserved */ - if (slot_id == 0 || !xhci->devs[slot_id]) + if (slot_id == 0 || !dev) return; - dev = xhci->devs[slot_id]; - - xhci->dcbaa->dev_context_ptrs[slot_id] = 0; - if (!dev) - return; + /* If device ctx array still points to _this_ device, clear it */ + if (dev->out_ctx && + xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma)) + xhci->dcbaa->dev_context_ptrs[slot_id] = 0; trace_xhci_free_virt_device(dev); @@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id) dev->udev->slot_id = 0; if (dev->rhub_port && dev->rhub_port->slot_id == slot_id) dev->rhub_port->slot_id = 0; - kfree(xhci->devs[slot_id]); - xhci->devs[slot_id] = NULL; + if (xhci->devs[slot_id] == dev) + xhci->devs[slot_id] = NULL; + kfree(dev); } /* @@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i out: /* we are now at a leaf device */ xhci_debugfs_remove_slot(xhci, slot_id); - xhci_free_virt_device(xhci, slot_id); + xhci_free_virt_device(xhci, vdev, slot_id); } int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index ecd757d482c5..4f8f5aab109d 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman command->slot_id = 0; } -static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id) +static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id, + u32 cmd_comp_code) { struct xhci_virt_device *virt_dev; struct xhci_slot_ctx *slot_ctx; @@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id) if (xhci->quirks & XHCI_EP_LIMIT_QUIRK) /* Delete default control endpoint resources */ xhci_free_device_endpoint_resources(xhci, virt_dev, true); + if (cmd_comp_code == COMP_SUCCESS) { + xhci->dcbaa->dev_context_ptrs[slot_id] = 0; + xhci->devs[slot_id] = NULL; + } } static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id) @@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci, xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code); break; case TRB_DISABLE_SLOT: - xhci_handle_cmd_disable_slot(xhci, slot_id); + xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code); break; case TRB_CONFIG_EP: if (!cmd->completion) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 47151ca527bf..0e03691f03bf 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd, * Obtaining a new device slot to inform the xHCI host that * the USB device has been reset. */ - ret = xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + ret = xhci_disable_and_free_slot(xhci, udev->slot_id); if (!ret) { ret = xhci_alloc_dev(hcd, udev); if (ret == 1) @@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) xhci_disable_slot(xhci, udev->slot_id); spin_lock_irqsave(&xhci->lock, flags); - xhci_free_virt_device(xhci, udev->slot_id); + xhci_free_virt_device(xhci, virt_dev, udev->slot_id); spin_unlock_irqrestore(&xhci->lock, flags); } @@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id) return 0; } +int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id) +{ + struct xhci_virt_device *vdev = xhci->devs[slot_id]; + int ret; + + ret = xhci_disable_slot(xhci, slot_id); + xhci_free_virt_device(xhci, vdev, slot_id); + return ret; +} + /* * Checks if we have enough host controller resources for the default control * endpoint. @@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) return 1; disable_slot: - xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + xhci_disable_and_free_slot(xhci, udev->slot_id); return 0; } @@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev, dev_warn(&udev->dev, "Device not responding to setup %s.\n", act); mutex_unlock(&xhci->mutex); - ret = xhci_disable_slot(xhci, udev->slot_id); - xhci_free_virt_device(xhci, udev->slot_id); + ret = xhci_disable_and_free_slot(xhci, udev->slot_id); if (!ret) { if (xhci_alloc_dev(hcd, udev) == 1) xhci_setup_addressable_virt_dev(xhci, udev); diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index a20f4e7cd43a..85d5b964bf1e 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *), /* xHCI memory management */ void xhci_mem_cleanup(struct xhci_hcd *xhci); int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags); -void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id); +void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id); int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags); int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev); void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci, @@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev); int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev, struct usb_tt *tt, gfp_t mem_flags); int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id); +int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id); int xhci_ext_cap_init(struct xhci_hcd *xhci); int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082315-repeater-prefix-b627@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Fri, 8 Aug 2025 09:40:10 +0200 Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY Temperature sensor returns the temperature of the mechanical parts of the chip. If both accel and gyro are off, the temperature sensor is also automatically turned off and returns invalid data. In this case, returning -EBUSY error code is better then -EINVAL and indicates userspace that it needs to retry reading temperature in another context. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Cc: stable(a)vger.kernel.org Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Reviewed-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 8b15afca498c..271a4788604a 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp) goto exit; *temp = (s16)be16_to_cpup(raw); + /* + * Temperature data is invalid if both accel and gyro are off. + * Return -EBUSY in this case. + */ if (*temp == INV_ICM42600_DATA_INVALID) - ret = -EINVAL; + ret = -EBUSY; exit: mutex_unlock(&st->lock);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082314-whoops-dandy-d7b1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Fri, 8 Aug 2025 09:40:10 +0200 Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY Temperature sensor returns the temperature of the mechanical parts of the chip. If both accel and gyro are off, the temperature sensor is also automatically turned off and returns invalid data. In this case, returning -EBUSY error code is better then -EINVAL and indicates userspace that it needs to retry reading temperature in another context. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Cc: stable(a)vger.kernel.org Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Reviewed-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 8b15afca498c..271a4788604a 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp) goto exit; *temp = (s16)be16_to_cpup(raw); + /* + * Temperature data is invalid if both accel and gyro are off. + * Return -EBUSY in this case. + */ if (*temp == INV_ICM42600_DATA_INVALID) - ret = -EINVAL; + ret = -EBUSY; exit: mutex_unlock(&st->lock);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082332-jubilance-impotency-10c3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001 From: Pu Lehui <pulehui(a)huawei.com> Date: Wed, 13 Aug 2025 04:02:32 +0000 Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0 __asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58 ____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0 The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file") Signed-off-by: Pu Lehui <pulehui(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 4283ed4e8f59..8d8935ed416d 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; @@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && isspace(ch)) { ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && !isspace(ch) && ch) { if (parser->idx < parser->size - 1) parser->buffer[parser->idx++] = ch; - else - return -EINVAL; + else { + ret = -EINVAL; + goto fail; + } ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, /* Make sure the parsed string always terminates with '\0'. */ parser->buffer[parser->idx] = 0; } else { - return -EINVAL; + ret = -EINVAL; + goto fail; } *ppos += read; return read; +fail: + trace_parser_fail(parser); + return ret; } /* TODO add a seq_buf_to_buffer() */ diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 1dbf1d3cf2f1..be6654899cae 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call); */ struct trace_parser { bool cont; + bool fail; char *buffer; unsigned idx; unsigned size; @@ -1299,7 +1300,7 @@ struct trace_parser { static inline bool trace_parser_loaded(struct trace_parser *parser) { - return (parser->idx != 0); + return !parser->fail && parser->idx != 0; } static inline bool trace_parser_cont(struct trace_parser *parser) @@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser) parser->idx = 0; } +static inline void trace_parser_fail(struct trace_parser *parser) +{ + parser->fail = true; +} + extern int trace_parser_get_init(struct trace_parser *parser, int size); extern void trace_parser_put(struct trace_parser *parser); extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,

3 weeks, 6 days

2
2
0 0

FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082331-pushing-surrender-b647@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001 From: Pu Lehui <pulehui(a)huawei.com> Date: Wed, 13 Aug 2025 04:02:32 +0000 Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0 __asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58 ____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0 The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file") Signed-off-by: Pu Lehui <pulehui(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 4283ed4e8f59..8d8935ed416d 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; @@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && isspace(ch)) { ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && !isspace(ch) && ch) { if (parser->idx < parser->size - 1) parser->buffer[parser->idx++] = ch; - else - return -EINVAL; + else { + ret = -EINVAL; + goto fail; + } ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, /* Make sure the parsed string always terminates with '\0'. */ parser->buffer[parser->idx] = 0; } else { - return -EINVAL; + ret = -EINVAL; + goto fail; } *ppos += read; return read; +fail: + trace_parser_fail(parser); + return ret; } /* TODO add a seq_buf_to_buffer() */ diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 1dbf1d3cf2f1..be6654899cae 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call); */ struct trace_parser { bool cont; + bool fail; char *buffer; unsigned idx; unsigned size; @@ -1299,7 +1300,7 @@ struct trace_parser { static inline bool trace_parser_loaded(struct trace_parser *parser) { - return (parser->idx != 0); + return !parser->fail && parser->idx != 0; } static inline bool trace_parser_cont(struct trace_parser *parser) @@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser) parser->idx = 0; } +static inline void trace_parser_fail(struct trace_parser *parser) +{ + parser->fail = true; +} + extern int trace_parser_get_init(struct trace_parser *parser, int size); extern void trace_parser_put(struct trace_parser *parser); extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,

3 weeks, 6 days

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082314-steed-eldercare-ccf9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Fri, 8 Aug 2025 09:40:10 +0200 Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY Temperature sensor returns the temperature of the mechanical parts of the chip. If both accel and gyro are off, the temperature sensor is also automatically turned off and returns invalid data. In this case, returning -EBUSY error code is better then -EINVAL and indicates userspace that it needs to retry reading temperature in another context. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Cc: stable(a)vger.kernel.org Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Reviewed-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 8b15afca498c..271a4788604a 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp) goto exit; *temp = (s16)be16_to_cpup(raw); + /* + * Temperature data is invalid if both accel and gyro are off. + * Return -EBUSY in this case. + */ if (*temp == INV_ICM42600_DATA_INVALID) - ret = -EINVAL; + ret = -EBUSY; exit: mutex_unlock(&st->lock);

3 weeks, 6 days

2
4
0 0

FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082331-axis-politely-d9d3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001 From: Pu Lehui <pulehui(a)huawei.com> Date: Wed, 13 Aug 2025 04:02:32 +0000 Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0 __asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58 ____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0 The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file") Signed-off-by: Pu Lehui <pulehui(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 4283ed4e8f59..8d8935ed416d 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; @@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && isspace(ch)) { ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && !isspace(ch) && ch) { if (parser->idx < parser->size - 1) parser->buffer[parser->idx++] = ch; - else - return -EINVAL; + else { + ret = -EINVAL; + goto fail; + } ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, /* Make sure the parsed string always terminates with '\0'. */ parser->buffer[parser->idx] = 0; } else { - return -EINVAL; + ret = -EINVAL; + goto fail; } *ppos += read; return read; +fail: + trace_parser_fail(parser); + return ret; } /* TODO add a seq_buf_to_buffer() */ diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 1dbf1d3cf2f1..be6654899cae 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call); */ struct trace_parser { bool cont; + bool fail; char *buffer; unsigned idx; unsigned size; @@ -1299,7 +1300,7 @@ struct trace_parser { static inline bool trace_parser_loaded(struct trace_parser *parser) { - return (parser->idx != 0); + return !parser->fail && parser->idx != 0; } static inline bool trace_parser_cont(struct trace_parser *parser) @@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser) parser->idx = 0; } +static inline void trace_parser_fail(struct trace_parser *parser) +{ + parser->fail = true; +} + extern int trace_parser_get_init(struct trace_parser *parser, int size); extern void trace_parser_put(struct trace_parser *parser); extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,

3 weeks, 6 days

2
2
0 0

FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082330-grimace-stellar-77f2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001 From: Pu Lehui <pulehui(a)huawei.com> Date: Wed, 13 Aug 2025 04:02:32 +0000 Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0 Read of size 1 at addr ffff0000d00bd5ba by task ash/165 CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty Hardware name: linux,dummy-virt (DT) Call trace: show_stack+0x34/0x50 (C) dump_stack_lvl+0xa0/0x158 print_address_description.constprop.0+0x88/0x398 print_report+0xb0/0x280 kasan_report+0xa4/0xf0 __asan_report_load1_noabort+0x20/0x30 strsep+0x18c/0x1b0 ftrace_process_regex.isra.0+0x100/0x2d8 ftrace_regex_release+0x484/0x618 __fput+0x364/0xa58 ____fput+0x28/0x40 task_work_run+0x154/0x278 do_notify_resume+0x1f0/0x220 el0_svc+0xec/0xf0 el0t_64_sync_handler+0xa0/0xe8 el0t_64_sync+0x1ac/0x1b0 The reason is that trace_get_user will fail when processing a string longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0. Then an OOB access will be triggered in ftrace_regex_release-> ftrace_process_regex->strsep->strpbrk. We can solve this problem by limiting access to parser->buffer when trace_get_user failed. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file") Signed-off-by: Pu Lehui <pulehui(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 4283ed4e8f59..8d8935ed416d 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; @@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && isspace(ch)) { ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, while (cnt && !isspace(ch) && ch) { if (parser->idx < parser->size - 1) parser->buffer[parser->idx++] = ch; - else - return -EINVAL; + else { + ret = -EINVAL; + goto fail; + } ret = get_user(ch, ubuf++); if (ret) - return ret; + goto fail; read++; cnt--; } @@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, /* Make sure the parsed string always terminates with '\0'. */ parser->buffer[parser->idx] = 0; } else { - return -EINVAL; + ret = -EINVAL; + goto fail; } *ppos += read; return read; +fail: + trace_parser_fail(parser); + return ret; } /* TODO add a seq_buf_to_buffer() */ diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 1dbf1d3cf2f1..be6654899cae 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call); */ struct trace_parser { bool cont; + bool fail; char *buffer; unsigned idx; unsigned size; @@ -1299,7 +1300,7 @@ struct trace_parser { static inline bool trace_parser_loaded(struct trace_parser *parser) { - return (parser->idx != 0); + return !parser->fail && parser->idx != 0; } static inline bool trace_parser_cont(struct trace_parser *parser) @@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser) parser->idx = 0; } +static inline void trace_parser_fail(struct trace_parser *parser) +{ + parser->fail = true; +} + extern int trace_parser_get_init(struct trace_parser *parser, int size); extern void trace_parser_put(struct trace_parser *parser); extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,

3 weeks, 6 days

2
2
0 0

FAILED: patch "[PATCH] iio: light: as73211: Ensure buffer holes are zeroed" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 433b99e922943efdfd62b9a8e3ad1604838181f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082318-value-headless-fcab@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 433b99e922943efdfd62b9a8e3ad1604838181f2 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sat, 2 Aug 2025 17:44:21 +0100 Subject: [PATCH] iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it. Fixes: 403e5586b52e ("iio: light: as73211: New driver") Reviewed-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Link: https://patch.msgid.link/20250802164436.515988-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c index 68f60dc3c79d..32719f584c47 100644 --- a/drivers/iio/light/as73211.c +++ b/drivers/iio/light/as73211.c @@ -639,7 +639,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) struct { __le16 chan[4]; aligned_s64 ts; - } scan; + } scan = { }; int data_result, ret; mutex_lock(&data->mutex);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082313-lubricant-traction-2a78@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Fri, 8 Aug 2025 09:40:10 +0200 Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY Temperature sensor returns the temperature of the mechanical parts of the chip. If both accel and gyro are off, the temperature sensor is also automatically turned off and returns invalid data. In this case, returning -EBUSY error code is better then -EINVAL and indicates userspace that it needs to retry reading temperature in another context. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Cc: stable(a)vger.kernel.org Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Reviewed-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 8b15afca498c..271a4788604a 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp) goto exit; *temp = (s16)be16_to_cpup(raw); + /* + * Temperature data is invalid if both accel and gyro are off. + * Return -EBUSY in this case. + */ if (*temp == INV_ICM42600_DATA_INVALID) - ret = -EINVAL; + ret = -EBUSY; exit: mutex_unlock(&st->lock);

3 weeks, 6 days

2
4
0 0

FAILED: patch "[PATCH] iio: light: as73211: Ensure buffer holes are zeroed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 433b99e922943efdfd62b9a8e3ad1604838181f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082317-bogged-placate-a67b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 433b99e922943efdfd62b9a8e3ad1604838181f2 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sat, 2 Aug 2025 17:44:21 +0100 Subject: [PATCH] iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it. Fixes: 403e5586b52e ("iio: light: as73211: New driver") Reviewed-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Link: https://patch.msgid.link/20250802164436.515988-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c index 68f60dc3c79d..32719f584c47 100644 --- a/drivers/iio/light/as73211.c +++ b/drivers/iio/light/as73211.c @@ -639,7 +639,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) struct { __le16 chan[4]; aligned_s64 ts; - } scan; + } scan = { }; int data_result, ret; mutex_lock(&data->mutex);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] iio: light: as73211: Ensure buffer holes are zeroed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 433b99e922943efdfd62b9a8e3ad1604838181f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082317-tattling-pending-3706@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 433b99e922943efdfd62b9a8e3ad1604838181f2 Mon Sep 17 00:00:00 2001 From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Date: Sat, 2 Aug 2025 17:44:21 +0100 Subject: [PATCH] iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it. Fixes: 403e5586b52e ("iio: light: as73211: New driver") Reviewed-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Link: https://patch.msgid.link/20250802164436.515988-2-jic23@kernel.org Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c index 68f60dc3c79d..32719f584c47 100644 --- a/drivers/iio/light/as73211.c +++ b/drivers/iio/light/as73211.c @@ -639,7 +639,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p) struct { __le16 chan[4]; aligned_s64 ts; - } scan; + } scan = { }; int data_result, ret; mutex_lock(&data->mutex);

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082300-collapse-wireless-5bdc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 21 Jul 2025 18:04:04 -0500 Subject: [PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace using stack-allocated buffers with a DMA-safe buffer for use with spi_read(). This allows the driver to be safely used with DMA-enabled SPI controllers. The buffer array is also converted to a struct with a union to make the usage of the memory in the buffer more clear and ensure proper alignment. Fixes: 1f25ca11d84a ("iio: temperature: add support for Maxim thermocouple chips") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250721-iio-use-more-iio_declare_buffer_with_ts-3… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/temperature/maxim_thermocouple.c b/drivers/iio/temperature/maxim_thermocouple.c index cae8e84821d7..205939680fd4 100644 --- a/drivers/iio/temperature/maxim_thermocouple.c +++ b/drivers/iio/temperature/maxim_thermocouple.c @@ -11,6 +11,7 @@ #include <linux/module.h> #include <linux/err.h> #include <linux/spi/spi.h> +#include <linux/types.h> #include <linux/iio/iio.h> #include <linux/iio/sysfs.h> #include <linux/iio/trigger.h> @@ -121,8 +122,15 @@ struct maxim_thermocouple_data { struct spi_device *spi; const struct maxim_thermocouple_chip *chip; char tc_type; - - u8 buffer[16] __aligned(IIO_DMA_MINALIGN); + /* Buffer for reading up to 2 hardware channels. */ + struct { + union { + __be16 raw16; + __be32 raw32; + __be16 raw[2]; + }; + aligned_s64 timestamp; + } buffer __aligned(IIO_DMA_MINALIGN); }; static int maxim_thermocouple_read(struct maxim_thermocouple_data *data, @@ -130,18 +138,16 @@ static int maxim_thermocouple_read(struct maxim_thermocouple_data *data, { unsigned int storage_bytes = data->chip->read_size; unsigned int shift = chan->scan_type.shift + (chan->address * 8); - __be16 buf16; - __be32 buf32; int ret; switch (storage_bytes) { case 2: - ret = spi_read(data->spi, (void *)&buf16, storage_bytes); - *val = be16_to_cpu(buf16); + ret = spi_read(data->spi, &data->buffer.raw16, storage_bytes); + *val = be16_to_cpu(data->buffer.raw16); break; case 4: - ret = spi_read(data->spi, (void *)&buf32, storage_bytes); - *val = be32_to_cpu(buf32); + ret = spi_read(data->spi, &data->buffer.raw32, storage_bytes); + *val = be32_to_cpu(data->buffer.raw32); break; default: ret = -EINVAL; @@ -166,9 +172,9 @@ static irqreturn_t maxim_thermocouple_trigger_handler(int irq, void *private) struct maxim_thermocouple_data *data = iio_priv(indio_dev); int ret; - ret = spi_read(data->spi, data->buffer, data->chip->read_size); + ret = spi_read(data->spi, data->buffer.raw, data->chip->read_size); if (!ret) { - iio_push_to_buffers_with_ts(indio_dev, data->buffer, + iio_push_to_buffers_with_ts(indio_dev, &data->buffer, sizeof(data->buffer), iio_get_time_ns(indio_dev)); }

3 weeks, 6 days

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror