- Linux-stable-mirror - lists.linaro.org

[tip: x86/urgent] x86/mm/ident_map: Use gbpages only where full GB page should be mapped.

by tip-bot2 for Steve Wahl

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: d794734c9bbfe22f86686dc2909c25f5ffe1a572 Gitweb: https://git.kernel.org/tip/d794734c9bbfe22f86686dc2909c25f5ffe1a572 Author: Steve Wahl <steve.wahl(a)hpe.com> AuthorDate: Fri, 26 Jan 2024 10:48:41 -06:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Mon, 12 Feb 2024 14:53:42 -08:00 x86/mm/ident_map: Use gbpages only where full GB page should be mapped. When ident_pud_init() uses only gbpages to create identity maps, large ranges of addresses not actually requested can be included in the resulting table; a 4K request will map a full GB. On UV systems, this ends up including regions that will cause hardware to halt the system if accessed (these are marked "reserved" by BIOS). Even processor speculation into these regions is enough to trigger the system halt. Only use gbpages when map creation requests include the full GB page of space. Fall back to using smaller 2M pages when only portions of a GB page are included in the request. No attempt is made to coalesce mapping requests. If a request requires a map entry at the 2M (pmd) level, subsequent mapping requests within the same 1G region will also be at the pmd level, even if adjacent or overlapping such requests could have been combined to map a full gbpage. Existing usage starts with larger regions and then adds smaller regions, so this should not have any great consequence. [ dhansen: fix up comment formatting, simplifty changelog ] Signed-off-by: Steve Wahl <steve.wahl(a)hpe.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240126164841.170866-1-steve.wahl%40hpe.com --- arch/x86/mm/ident_map.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c index 968d700..f50cc21 100644 --- a/arch/x86/mm/ident_map.c +++ b/arch/x86/mm/ident_map.c @@ -26,18 +26,31 @@ static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page, for (; addr < end; addr = next) { pud_t *pud = pud_page + pud_index(addr); pmd_t *pmd; + bool use_gbpage; next = (addr & PUD_MASK) + PUD_SIZE; if (next > end) next = end; - if (info->direct_gbpages) { - pud_t pudval; + /* if this is already a gbpage, this portion is already mapped */ + if (pud_large(*pud)) + continue; + + /* Is using a gbpage allowed? */ + use_gbpage = info->direct_gbpages; - if (pud_present(*pud)) - continue; + /* Don't use gbpage if it maps more than the requested region. */ + /* at the begining: */ + use_gbpage &= ((addr & ~PUD_MASK) == 0); + /* ... or at the end: */ + use_gbpage &= ((next & ~PUD_MASK) == 0); + + /* Never overwrite existing mappings */ + use_gbpage &= !pud_present(*pud); + + if (use_gbpage) { + pud_t pudval; - addr &= PUD_MASK; pudval = __pud((addr - info->offset) | info->page_flag); set_pud(pud, pudval); continue;

1 year, 8 months

1
0
0 0

+ kasan-test-avoid-gcc-warning-for-intentional-overflow.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: kasan/test: avoid gcc warning for intentional overflow has been added to the -mm mm-unstable branch. Its filename is kasan-test-avoid-gcc-warning-for-intentional-overflow.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Arnd Bergmann <arnd(a)arndb.de> Subject: kasan/test: avoid gcc warning for intentional overflow Date: Mon, 12 Feb 2024 12:15:52 +0100 The out-of-bounds test allocates an object that is three bytes too short in order to validate the bounds checking. Starting with gcc-14, this causes a compile-time warning as gcc has grown smart enough to understand the sizeof() logic: mm/kasan/kasan_test.c: In function 'kmalloc_oob_16': mm/kasan/kasan_test.c:443:14: error: allocation of insufficient size '13' for type 'struct <anonymous>' with size '16' [-Werror=alloc-size] 443 | ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL); | ^ Hide the actual computation behind a RELOC_HIDE() that ensures the compiler misses the intentional bug. Link: https://lkml.kernel.org/r/20240212111609.869266-1-arnd@kernel.org Fixes: 3f15801cdc23 ("lib: add kasan test module") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/kasan_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/kasan/kasan_test.c~kasan-test-avoid-gcc-warning-for-intentional-overflow +++ a/mm/kasan/kasan_test.c @@ -440,7 +440,8 @@ static void kmalloc_oob_16(struct kunit /* This test is specifically crafted for the generic mode. */ KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC); - ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL); + /* RELOC_HIDE to prevent gcc from warning about short alloc */ + ptr1 = RELOC_HIDE(kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL), 0); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1); ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL); _ Patches currently in -mm which might be from arnd(a)arndb.de are mm-damon-dbgfs-implement-deprecation-notice-file-fix.patch kasan-test-avoid-gcc-warning-for-intentional-overflow.patch

1 year, 8 months

1
0
0 0

[PATCH] ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU

by Attila Tőkés

Like many other models, the Lenovo 82UU (Yoga Slim 7 Pro 14ARH7) needs a quirk entry for the internal microphone to function. Cc: stable(a)vger.kernel.org Signed-off-by: Attila Tőkés <attitokes(a)gmail.com> --- sound/soc/amd/yc/acp6x-mach.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c index 23d44a50d815..864976a81393 100644 --- a/sound/soc/amd/yc/acp6x-mach.c +++ b/sound/soc/amd/yc/acp6x-mach.c @@ -234,6 +234,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = { DMI_MATCH(DMI_PRODUCT_NAME, "82UG"), } }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "82UU"), + } + }, { .driver_data = &acp6x_card, .matches = { -- 2.34.1

1 year, 8 months

2
1
0 0

[PATCH 6.1.y] fs: dlm: don't put dlm_local_addrs on heap

by Jordan Rife

From: Alexander Aring <aahringo(a)redhat.com> commit c51c9cd8addcfbdc097dbefd59f022402183644b upstream This patch removes to allocate the dlm_local_addr[] pointers on the heap. Instead we directly store the type of "struct sockaddr_storage". This removes function deinit_local() because it was freeing memory only. Backport e11dea8 ("dlm: use kernel_connect() and kernel_bind()") to Linux stable 6.1 caused a regression. The original patch expected dlm_local_addrs[0] to be of type sockaddr_storage, because c51c9cd ("fs: dlm: don't put dlm_local_addrs on heap") changed its type from sockaddr_storage* to sockaddr_storage in Linux 6.5+ while in older Linux versions this is still the original sockaddr_storage*. Signed-off-by: Alexander Aring <aahringo(a)redhat.com> Signed-off-by: David Teigland <teigland(a)redhat.com> Signed-off-by: Jordan Rife <jrife(a)google.com> Tested-by: Valentin Kleibel <valentin(a)vrvis.at> Fixes: e11dea8f5033 ("dlm: use kernel_connect() and kernel_bind()") Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063338 Link: https://lore.kernel.org/stable/20240209162658.70763-2-jrife@google.com/T/#u Cc: <stable(a)vger.kernel.org> # 6.1.x --- fs/dlm/lowcomms.c | 36 +++++++++++------------------------- 1 file changed, 11 insertions(+), 25 deletions(-) diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c index 72f34f96d0155..e26af8c23aa80 100644 --- a/fs/dlm/lowcomms.c +++ b/fs/dlm/lowcomms.c @@ -174,7 +174,7 @@ static LIST_HEAD(dlm_node_addrs); static DEFINE_SPINLOCK(dlm_node_addrs_spin); static struct listen_connection listen_con; -static struct sockaddr_storage *dlm_local_addr[DLM_MAX_ADDR_COUNT]; +static struct sockaddr_storage dlm_local_addr[DLM_MAX_ADDR_COUNT]; static int dlm_local_count; int dlm_allow_conn; @@ -398,7 +398,7 @@ static int nodeid_to_addr(int nodeid, struct sockaddr_storage *sas_out, if (!sa_out) return 0; - if (dlm_local_addr[0]->ss_family == AF_INET) { + if (dlm_local_addr[0].ss_family == AF_INET) { struct sockaddr_in *in4 = (struct sockaddr_in *) &sas; struct sockaddr_in *ret4 = (struct sockaddr_in *) sa_out; ret4->sin_addr.s_addr = in4->sin_addr.s_addr; @@ -727,7 +727,7 @@ static void add_sock(struct socket *sock, struct connection *con) static void make_sockaddr(struct sockaddr_storage *saddr, uint16_t port, int *addr_len) { - saddr->ss_family = dlm_local_addr[0]->ss_family; + saddr->ss_family = dlm_local_addr[0].ss_family; if (saddr->ss_family == AF_INET) { struct sockaddr_in *in4_addr = (struct sockaddr_in *)saddr; in4_addr->sin_port = cpu_to_be16(port); @@ -1167,7 +1167,7 @@ static int sctp_bind_addrs(struct socket *sock, uint16_t port) int i, addr_len, result = 0; for (i = 0; i < dlm_local_count; i++) { - memcpy(&localaddr, dlm_local_addr[i], sizeof(localaddr)); + memcpy(&localaddr, &dlm_local_addr[i], sizeof(localaddr)); make_sockaddr(&localaddr, port, &addr_len); if (!i) @@ -1187,7 +1187,7 @@ static int sctp_bind_addrs(struct socket *sock, uint16_t port) /* Get local addresses */ static void init_local(void) { - struct sockaddr_storage sas, *addr; + struct sockaddr_storage sas; int i; dlm_local_count = 0; @@ -1195,21 +1195,10 @@ static void init_local(void) if (dlm_our_addr(&sas, i)) break; - addr = kmemdup(&sas, sizeof(*addr), GFP_NOFS); - if (!addr) - break; - dlm_local_addr[dlm_local_count++] = addr; + memcpy(&dlm_local_addr[dlm_local_count++], &sas, sizeof(sas)); } } -static void deinit_local(void) -{ - int i; - - for (i = 0; i < dlm_local_count; i++) - kfree(dlm_local_addr[i]); -} - static struct writequeue_entry *new_writequeue_entry(struct connection *con) { struct writequeue_entry *entry; @@ -1575,7 +1564,7 @@ static void dlm_connect(struct connection *con) } /* Create a socket to communicate with */ - result = sock_create_kern(&init_net, dlm_local_addr[0]->ss_family, + result = sock_create_kern(&init_net, dlm_local_addr[0].ss_family, SOCK_STREAM, dlm_proto_ops->proto, &sock); if (result < 0) goto socket_err; @@ -1786,7 +1775,6 @@ void dlm_lowcomms_stop(void) foreach_conn(free_conn); srcu_read_unlock(&connections_srcu, idx); work_stop(); - deinit_local(); dlm_proto_ops = NULL; } @@ -1803,7 +1791,7 @@ static int dlm_listen_for_all(void) if (result < 0) return result; - result = sock_create_kern(&init_net, dlm_local_addr[0]->ss_family, + result = sock_create_kern(&init_net, dlm_local_addr[0].ss_family, SOCK_STREAM, dlm_proto_ops->proto, &sock); if (result < 0) { log_print("Can't create comms socket: %d", result); @@ -1842,7 +1830,7 @@ static int dlm_tcp_bind(struct socket *sock) /* Bind to our cluster-known address connecting to avoid * routing problems. */ - memcpy(&src_addr, dlm_local_addr[0], sizeof(src_addr)); + memcpy(&src_addr, &dlm_local_addr[0], sizeof(src_addr)); make_sockaddr(&src_addr, 0, &addr_len); result = kernel_bind(sock, (struct sockaddr *)&src_addr, @@ -1899,7 +1887,7 @@ static int dlm_tcp_listen_bind(struct socket *sock) int addr_len; /* Bind to our port */ - make_sockaddr(dlm_local_addr[0], dlm_config.ci_tcp_port, &addr_len); + make_sockaddr(&dlm_local_addr[0], dlm_config.ci_tcp_port, &addr_len); return kernel_bind(sock, (struct sockaddr *)&dlm_local_addr[0], addr_len); } @@ -1992,7 +1980,7 @@ int dlm_lowcomms_start(void) error = work_start(); if (error) - goto fail_local; + goto fail; dlm_allow_conn = 1; @@ -2022,8 +2010,6 @@ int dlm_lowcomms_start(void) fail_proto_ops: dlm_allow_conn = 0; work_stop(); -fail_local: - deinit_local(); fail: return error; } -- 2.43.0.687.g38aa6559b0-goog

1 year, 8 months

1
0
0 0

[PATCH 05/10] arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed

by Johan Hovold

Limit the WiFi PCIe link speed to Gen2 speed (500 GB/s), which is the speed that the boot firmware has brought up the link at (and that Windows uses). This is specifically needed to avoid a large amount of link errors when restarting the link during boot (but which are currently not reported). This may potentially also help with intermittent failures to download the ath11k firmware during boot which can be seen when there is a longer delay between restarting the link and loading the WiFi driver (e.g. when using full disk encryption). Fixes: 123b30a75623 ("arm64: dts: qcom: sc8280xp-x13s: enable WiFi controller") Cc: stable(a)vger.kernel.org # 6.2 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index 511d53d9c5a1..ff4b896b1bbf 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -863,6 +863,8 @@ &pcie3a_phy { }; &pcie4 { + max-link-speed = <2>; + perst-gpios = <&tlmm 141 GPIO_ACTIVE_LOW>; wake-gpios = <&tlmm 139 GPIO_ACTIVE_LOW>; -- 2.43.0

1 year, 8 months

1
0
0 0

[PATCH 03/10] arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP

by Johan Hovold

Add the missing PCIe CX performance level votes to avoid relying on other drivers (e.g. USB or UFS) to maintain the nominal performance level required for Gen3 speeds. Fixes: 813e83157001 ("arm64: dts: qcom: sc8280xp/sa8540p: add PCIe2-4 nodes") Cc: stable(a)vger.kernel.org # 6.2 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi index ae41b3051819..36382b1bd965 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp.dtsi +++ b/arch/arm64/boot/dts/qcom/sc8280xp.dtsi @@ -1780,6 +1780,7 @@ pcie4: pcie@1c00000 { reset-names = "pci"; power-domains = <&gcc PCIE_4_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie4_phy>; phy-names = "pciephy"; @@ -1878,6 +1879,7 @@ pcie3b: pcie@1c08000 { reset-names = "pci"; power-domains = <&gcc PCIE_3B_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie3b_phy>; phy-names = "pciephy"; @@ -1976,6 +1978,7 @@ pcie3a: pcie@1c10000 { reset-names = "pci"; power-domains = <&gcc PCIE_3A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie3a_phy>; phy-names = "pciephy"; @@ -2077,6 +2080,7 @@ pcie2b: pcie@1c18000 { reset-names = "pci"; power-domains = <&gcc PCIE_2B_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie2b_phy>; phy-names = "pciephy"; @@ -2175,6 +2179,7 @@ pcie2a: pcie@1c20000 { reset-names = "pci"; power-domains = <&gcc PCIE_2A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie2a_phy>; phy-names = "pciephy"; -- 2.43.0

1 year, 8 months

1
0
0 0

Re: [syzbot] [ext4?] KASAN: out-of-bounds Read in ext4_ext_remove_space

by syzbot

syzbot suspects this issue was fixed by commit: commit 6f861765464f43a71462d52026fbddfc858239a5 Author: Jan Kara <jack(a)suse.cz> Date: Wed Nov 1 17:43:10 2023 +0000 fs: Block writes to mounted block devices bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1764f648180000 start commit: e6fda526d9db Merge tag 'arm64-fixes' of git://git.kernel.o.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=1e3d5175079af5a4 dashboard link: https://syzkaller.appspot.com/bug?extid=6e5f2db05775244c73b7 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a56679a80000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d76b5da80000 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: fs: Block writes to mounted block devices For information about bisection process see: https://goo.gl/tpsmEJ#bisection

1 year, 8 months

2
1
0 0

[PATCH 0/2] Bluetooth: SCO: possible deadlock in sco_conn_del

by oficerovas＠altlinux.org

From: Alexander Ofitserov <oficerovas(a)altlinux.org> Syzkaller hit 'possible deadlock in sco_conn_del' bug. This bug is not a vulnerability and is reproduced only when running with root privileges for stable 6.1 kernel. This series of patches is fix for this particular bug. Both of these patches were taken from upstream and applied clearly without any conflicts. First one is the fix for the problem and another one is for fix first patch. Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 ====================================================== WARNING: possible circular locking dependency detected 6.1.55-un-def-alt1 #1 Not tainted ------------------------------------------------------ syz-executor272/377 is trying to acquire lock: ffff888115b93130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_conn_del+0x121/0x2c0 [bluetooth] but task is already holding lock: ffffffffc12bce28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xcc/0x2a0 [bluetooth] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (hci_cb_list_lock){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x12f/0x18f0 kernel/locking/mutex.c:747 hci_remote_features_evt+0x45b/0x950 [bluetooth] hci_event_packet+0x91e/0xf60 [bluetooth] hci_rx_work+0xa68/0x10f0 [bluetooth] process_one_work+0xa18/0x1570 kernel/workqueue.c:2292 worker_thread+0x63a/0x1260 kernel/workqueue.c:2439 kthread+0x2ec/0x3b0 kernel/kthread.c:376 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:306 -> #1 (&hdev->lock){+.+.}-{3:3}: __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x12f/0x18f0 kernel/locking/mutex.c:747 sco_sock_connect+0x1e9/0xa60 [bluetooth] __sys_connect_file+0x15a/0x1a0 net/socket.c:1976 __sys_connect+0x16a/0x1a0 net/socket.c:1993 __do_sys_connect net/socket.c:2003 [inline] __se_sys_connect net/socket.c:2000 [inline] __x64_sys_connect+0x74/0xb0 net/socket.c:2000 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x5c/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x64/0xce -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3090 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3824 [inline] __lock_acquire+0x28c2/0x5350 kernel/locking/lockdep.c:5048 lock_acquire kernel/locking/lockdep.c:5661 [inline] lock_acquire+0x1fb/0x580 kernel/locking/lockdep.c:5626 lock_sock_nested+0x42/0x100 net/core/sock.c:3475 sco_conn_del+0x121/0x2c0 [bluetooth] sco_disconn_cfm+0x67/0x80 [bluetooth] hci_conn_hash_flush+0x11e/0x2a0 [bluetooth] hci_dev_close_sync+0x51d/0xf70 [bluetooth] hci_rfkill_set_block+0x17c/0x1c0 [bluetooth] rfkill_set_block+0x202/0x550 [rfkill] rfkill_fop_write+0x2b8/0x540 [rfkill] vfs_write+0x2d7/0xdd0 fs/read_write.c:582 ksys_write+0x1f5/0x260 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x5c/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x64/0xce other info that might help us debug this: Chain exists of: sk_lock-AF_BLUETOOTH-BTPROTO_SCO --> &hdev->lock --> hci_cb_list_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(hci_cb_list_lock); lock(&hdev->lock); lock(hci_cb_list_lock); lock(sk_lock-AF_BLUETOOTH-BTPROTO_SCO); *** DEADLOCK *** 4 locks held by syz-executor272/377: #0: ffffffffc0d83688 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x162/0x540 [rfkill] #1: ffff888100de90b8 (&hdev->req_lock){+.+.}-{3:3}, at: hci_rfkill_set_block+0x174/0x1c0 [bluetooth] #2: ffff888100de8078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x2e1/0xf70 [bluetooth] #3: ffffffffc12bce28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xcc/0x2a0 [bluetooth] stack backtrace: CPU: 1 PID: 377 Comm: syz-executor272 Not tainted 6.1.55-un-def-alt1 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-alt1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x14f/0x1be lib/dump_stack.c:106 check_noncircular+0x263/0x2e0 kernel/locking/lockdep.c:2170 check_prev_add kernel/locking/lockdep.c:3090 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3824 [inline] __lock_acquire+0x28c2/0x5350 kernel/locking/lockdep.c:5048 lock_acquire kernel/locking/lockdep.c:5661 [inline] lock_acquire+0x1fb/0x580 kernel/locking/lockdep.c:5626 lock_sock_nested+0x42/0x100 net/core/sock.c:3475 sco_conn_del+0x121/0x2c0 [bluetooth] sco_disconn_cfm+0x67/0x80 [bluetooth] hci_conn_hash_flush+0x11e/0x2a0 [bluetooth] hci_dev_close_sync+0x51d/0xf70 [bluetooth] hci_rfkill_set_block+0x17c/0x1c0 [bluetooth] rfkill_set_block+0x202/0x550 [rfkill] rfkill_fop_write+0x2b8/0x540 [rfkill] vfs_write+0x2d7/0xdd0 fs/read_write.c:582 ksys_write+0x1f5/0x260 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x5c/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7fa908ef7d49 Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ef 70 0d 00 f7 d8 64 89 01 48 RSP: 002b:00007fa9085f7e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000055a2e59de080 RCX: 00007fa908ef7d49 RDX: 0000000000000008 RSI: 0000000020000040 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb3f52d1e R13: 00007ffdb3f52d1f R14: 000055a2e59de088 R15: 00007fa9085f8640 // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include <dirent.h> #include <endian.h> #include <errno.h> #include <fcntl.h> #include <pthread.h> #include <sched.h> #include <signal.h> #include <stdarg.h> #include <stdbool.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/epoll.h> #include <sys/ioctl.h> #include <sys/mount.h> #include <sys/prctl.h> #include <sys/resource.h> #include <sys/socket.h> #include <sys/stat.h> #include <sys/syscall.h> #include <sys/time.h> #include <sys/types.h> #include <sys/uio.h> #include <sys/wait.h> #include <time.h> #include <unistd.h> #include <linux/capability.h> #include <linux/futex.h> #include <linux/rfkill.h> static unsigned long long procid; static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } static bool write_file(const char* file, const char* what, ...) { char buf[1024]; va_list args; va_start(args, what); vsnprintf(buf, sizeof(buf), what, args); va_end(args); buf[sizeof(buf) - 1] = 0; int len = strlen(buf); int fd = open(file, O_WRONLY | O_CLOEXEC); if (fd == -1) return false; if (write(fd, buf, len) != len) { int err = errno; close(fd); errno = err; return false; } close(fd); return true; } const int kInitNetNsFd = 201; #define MAX_FDS 30 static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto) { int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) return netns; if (setns(kInitNetNsFd, 0)) return -1; int sock = syscall(__NR_socket, domain, type, proto); int err = errno; if (setns(netns, 0)) exit(1); close(netns); errno = err; return sock; } #define BTPROTO_HCI 1 #define ACL_LINK 1 #define SCAN_PAGE 2 typedef struct { uint8_t b[6]; } __attribute__((packed)) bdaddr_t; #define HCI_COMMAND_PKT 1 #define HCI_EVENT_PKT 4 #define HCI_VENDOR_PKT 0xff struct hci_command_hdr { uint16_t opcode; uint8_t plen; } __attribute__((packed)); struct hci_event_hdr { uint8_t evt; uint8_t plen; } __attribute__((packed)); #define HCI_EV_CONN_COMPLETE 0x03 struct hci_ev_conn_complete { uint8_t status; uint16_t handle; bdaddr_t bdaddr; uint8_t link_type; uint8_t encr_mode; } __attribute__((packed)); #define HCI_EV_CONN_REQUEST 0x04 struct hci_ev_conn_request { bdaddr_t bdaddr; uint8_t dev_class[3]; uint8_t link_type; } __attribute__((packed)); #define HCI_EV_REMOTE_FEATURES 0x0b struct hci_ev_remote_features { uint8_t status; uint16_t handle; uint8_t features[8]; } __attribute__((packed)); #define HCI_EV_CMD_COMPLETE 0x0e struct hci_ev_cmd_complete { uint8_t ncmd; uint16_t opcode; } __attribute__((packed)); #define HCI_OP_WRITE_SCAN_ENABLE 0x0c1a #define HCI_OP_READ_BUFFER_SIZE 0x1005 struct hci_rp_read_buffer_size { uint8_t status; uint16_t acl_mtu; uint8_t sco_mtu; uint16_t acl_max_pkt; uint16_t sco_max_pkt; } __attribute__((packed)); #define HCI_OP_READ_BD_ADDR 0x1009 struct hci_rp_read_bd_addr { uint8_t status; bdaddr_t bdaddr; } __attribute__((packed)); #define HCI_EV_LE_META 0x3e struct hci_ev_le_meta { uint8_t subevent; } __attribute__((packed)); #define HCI_EV_LE_CONN_COMPLETE 0x01 struct hci_ev_le_conn_complete { uint8_t status; uint16_t handle; uint8_t role; uint8_t bdaddr_type; bdaddr_t bdaddr; uint16_t interval; uint16_t latency; uint16_t supervision_timeout; uint8_t clk_accurancy; } __attribute__((packed)); struct hci_dev_req { uint16_t dev_id; uint32_t dev_opt; }; struct vhci_vendor_pkt { uint8_t type; uint8_t opcode; uint16_t id; }; #define HCIDEVUP _IOW('H', 201, int) #define HCISETSCAN _IOW('H', 221, int) static int vhci_fd = -1; static void rfkill_unblock_all() { int fd = open("/dev/rfkill", O_WRONLY); if (fd < 0) exit(1); struct rfkill_event event = {0}; event.idx = 0; event.type = RFKILL_TYPE_ALL; event.op = RFKILL_OP_CHANGE_ALL; event.soft = 0; event.hard = 0; if (write(fd, &event, sizeof(event)) < 0) exit(1); close(fd); } static void hci_send_event_packet(int fd, uint8_t evt, void* data, size_t data_len) { struct iovec iv[3]; struct hci_event_hdr hdr; hdr.evt = evt; hdr.plen = data_len; uint8_t type = HCI_EVENT_PKT; iv[0].iov_base = &type; iv[0].iov_len = sizeof(type); iv[1].iov_base = &hdr; iv[1].iov_len = sizeof(hdr); iv[2].iov_base = data; iv[2].iov_len = data_len; if (writev(fd, iv, sizeof(iv) / sizeof(struct iovec)) < 0) exit(1); } static void hci_send_event_cmd_complete(int fd, uint16_t opcode, void* data, size_t data_len) { struct iovec iv[4]; struct hci_event_hdr hdr; hdr.evt = HCI_EV_CMD_COMPLETE; hdr.plen = sizeof(struct hci_ev_cmd_complete) + data_len; struct hci_ev_cmd_complete evt_hdr; evt_hdr.ncmd = 1; evt_hdr.opcode = opcode; uint8_t type = HCI_EVENT_PKT; iv[0].iov_base = &type; iv[0].iov_len = sizeof(type); iv[1].iov_base = &hdr; iv[1].iov_len = sizeof(hdr); iv[2].iov_base = &evt_hdr; iv[2].iov_len = sizeof(evt_hdr); iv[3].iov_base = data; iv[3].iov_len = data_len; if (writev(fd, iv, sizeof(iv) / sizeof(struct iovec)) < 0) exit(1); } static bool process_command_pkt(int fd, char* buf, ssize_t buf_size) { struct hci_command_hdr* hdr = (struct hci_command_hdr*)buf; if (buf_size < (ssize_t)sizeof(struct hci_command_hdr) || hdr->plen != buf_size - sizeof(struct hci_command_hdr)) exit(1); switch (hdr->opcode) { case HCI_OP_WRITE_SCAN_ENABLE: { uint8_t status = 0; hci_send_event_cmd_complete(fd, hdr->opcode, &status, sizeof(status)); return true; } case HCI_OP_READ_BD_ADDR: { struct hci_rp_read_bd_addr rp = {0}; rp.status = 0; memset(&rp.bdaddr, 0xaa, 6); hci_send_event_cmd_complete(fd, hdr->opcode, &rp, sizeof(rp)); return false; } case HCI_OP_READ_BUFFER_SIZE: { struct hci_rp_read_buffer_size rp = {0}; rp.status = 0; rp.acl_mtu = 1021; rp.sco_mtu = 96; rp.acl_max_pkt = 4; rp.sco_max_pkt = 6; hci_send_event_cmd_complete(fd, hdr->opcode, &rp, sizeof(rp)); return false; } } char dummy[0xf9] = {0}; hci_send_event_cmd_complete(fd, hdr->opcode, dummy, sizeof(dummy)); return false; } static void* event_thread(void* arg) { while (1) { char buf[1024] = {0}; ssize_t buf_size = read(vhci_fd, buf, sizeof(buf)); if (buf_size < 0) exit(1); if (buf_size > 0 && buf[0] == HCI_COMMAND_PKT) { if (process_command_pkt(vhci_fd, buf + 1, buf_size - 1)) break; } } return NULL; } #define HCI_HANDLE_1 200 #define HCI_HANDLE_2 201 static void initialize_vhci() { int hci_sock = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI); if (hci_sock < 0) exit(1); vhci_fd = open("/dev/vhci", O_RDWR); if (vhci_fd == -1) exit(1); const int kVhciFd = 202; if (dup2(vhci_fd, kVhciFd) < 0) exit(1); close(vhci_fd); vhci_fd = kVhciFd; struct vhci_vendor_pkt vendor_pkt; if (read(vhci_fd, &vendor_pkt, sizeof(vendor_pkt)) != sizeof(vendor_pkt)) exit(1); if (vendor_pkt.type != HCI_VENDOR_PKT) exit(1); pthread_t th; if (pthread_create(&th, NULL, event_thread, NULL)) exit(1); int ret = ioctl(hci_sock, HCIDEVUP, vendor_pkt.id); if (ret) { if (errno == ERFKILL) { rfkill_unblock_all(); ret = ioctl(hci_sock, HCIDEVUP, vendor_pkt.id); } if (ret && errno != EALREADY) exit(1); } struct hci_dev_req dr = {0}; dr.dev_id = vendor_pkt.id; dr.dev_opt = SCAN_PAGE; if (ioctl(hci_sock, HCISETSCAN, &dr)) exit(1); struct hci_ev_conn_request request; memset(&request, 0, sizeof(request)); memset(&request.bdaddr, 0xaa, 6); *(uint8_t*)&request.bdaddr.b[5] = 0x10; request.link_type = ACL_LINK; hci_send_event_packet(vhci_fd, HCI_EV_CONN_REQUEST, &request, sizeof(request)); struct hci_ev_conn_complete complete; memset(&complete, 0, sizeof(complete)); complete.status = 0; complete.handle = HCI_HANDLE_1; memset(&complete.bdaddr, 0xaa, 6); *(uint8_t*)&complete.bdaddr.b[5] = 0x10; complete.link_type = ACL_LINK; complete.encr_mode = 0; hci_send_event_packet(vhci_fd, HCI_EV_CONN_COMPLETE, &complete, sizeof(complete)); struct hci_ev_remote_features features; memset(&features, 0, sizeof(features)); features.status = 0; features.handle = HCI_HANDLE_1; hci_send_event_packet(vhci_fd, HCI_EV_REMOTE_FEATURES, &features, sizeof(features)); struct { struct hci_ev_le_meta le_meta; struct hci_ev_le_conn_complete le_conn; } le_conn; memset(&le_conn, 0, sizeof(le_conn)); le_conn.le_meta.subevent = HCI_EV_LE_CONN_COMPLETE; memset(&le_conn.le_conn.bdaddr, 0xaa, 6); *(uint8_t*)&le_conn.le_conn.bdaddr.b[5] = 0x11; le_conn.le_conn.role = 1; le_conn.le_conn.handle = HCI_HANDLE_2; hci_send_event_packet(vhci_fd, HCI_EV_LE_META, &le_conn, sizeof(le_conn)); pthread_join(th, NULL); close(hci_sock); } static void setup_common() { if (mount(0, "/sys/fs/fuse/connections", "fusectl", 0, 0)) { } } static void setup_binderfs() { if (mkdir("/dev/binderfs", 0777)) { } if (mount("binder", "/dev/binderfs", "binder", 0, NULL)) { } if (symlink("/dev/binderfs", "./binderfs")) { } } static void loop(); static void sandbox_common() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setsid(); int netns = open("/proc/self/ns/net", O_RDONLY); if (netns == -1) exit(1); if (dup2(netns, kInitNetNsFd) < 0) exit(1); close(netns); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = (200 << 20); setrlimit(RLIMIT_AS, &rlim); rlim.rlim_cur = rlim.rlim_max = 32 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 136 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); if (unshare(CLONE_NEWNS)) { } if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL)) { } if (unshare(CLONE_NEWIPC)) { } if (unshare(0x02000000)) { } if (unshare(CLONE_NEWUTS)) { } if (unshare(CLONE_SYSVSEM)) { } typedef struct { const char* name; const char* value; } sysctl_t; static const sysctl_t sysctls[] = { {"/proc/sys/kernel/shmmax", "16777216"}, {"/proc/sys/kernel/shmall", "536870912"}, {"/proc/sys/kernel/shmmni", "1024"}, {"/proc/sys/kernel/msgmax", "8192"}, {"/proc/sys/kernel/msgmni", "1024"}, {"/proc/sys/kernel/msgmnb", "1024"}, {"/proc/sys/kernel/sem", "1024 1048576 500 1024"}, }; unsigned i; for (i = 0; i < sizeof(sysctls) / sizeof(sysctls[0]); i++) write_file(sysctls[i].name, sysctls[i].value); } static int wait_for_loop(int pid) { if (pid < 0) exit(1); int status = 0; while (waitpid(-1, &status, __WALL) != pid) { } return WEXITSTATUS(status); } static void drop_caps(void) { struct __user_cap_header_struct cap_hdr = {}; struct __user_cap_data_struct cap_data[2] = {}; cap_hdr.version = _LINUX_CAPABILITY_VERSION_3; cap_hdr.pid = getpid(); if (syscall(SYS_capget, &cap_hdr, &cap_data)) exit(1); const int drop = (1 << CAP_SYS_PTRACE) | (1 << CAP_SYS_NICE); cap_data[0].effective &= ~drop; cap_data[0].permitted &= ~drop; cap_data[0].inheritable &= ~drop; if (syscall(SYS_capset, &cap_hdr, &cap_data)) exit(1); } static int do_sandbox_none(void) { if (unshare(CLONE_NEWPID)) { } int pid = fork(); if (pid != 0) return wait_for_loop(pid); setup_common(); initialize_vhci(); sandbox_common(); drop_caps(); if (unshare(CLONE_NEWNET)) { } setup_binderfs(); loop(); exit(1); } static void kill_and_wait(int pid, int* status) { kill(-pid, SIGKILL); kill(pid, SIGKILL); for (int i = 0; i < 100; i++) { if (waitpid(-1, status, WNOHANG | __WALL) == pid) return; usleep(1000); } DIR* dir = opendir("/sys/fs/fuse/connections"); if (dir) { for (;;) { struct dirent* ent = readdir(dir); if (!ent) break; if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0) continue; char abort[300]; snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort", ent->d_name); int fd = open(abort, O_WRONLY); if (fd == -1) { continue; } if (write(fd, abort, 1) < 0) { } close(fd); } closedir(dir); } else { } while (waitpid(-1, status, __WALL) != pid) { } } static void setup_test() { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); write_file("/proc/self/oom_score_adj", "1000"); } static void close_fds() { for (int fd = 3; fd < MAX_FDS; fd++) close(fd); } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 4; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); close_fds(); } static void execute_one(void); #define WAIT_FLAGS __WALL static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { setup_test(); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: memcpy((void*)0x20000000, "/dev/rfkill\000", 12); res = syscall(__NR_openat, 0xffffffffffffff9cul, 0x20000000ul, 0x100001ul, 0ul); if (res != -1) r[0] = res; break; case 1: *(uint32_t*)0x20000040 = 0; *(uint8_t*)0x20000044 = 0; *(uint8_t*)0x20000045 = 3; *(uint8_t*)0x20000046 = 1; *(uint8_t*)0x20000047 = 0; syscall(__NR_write, r[0], 0x20000040ul, 8ul); break; case 2: res = -1; res = syz_init_net_socket(0x1f, 5, 2); if (res != -1) r[1] = res; break; case 3: *(uint16_t*)0x20000040 = 0x1f; *(uint16_t*)0x20000042 = 0; memset((void*)0x20000044, 255, 6); *(uint16_t*)0x2000004a = 0; *(uint8_t*)0x2000004c = 0; syscall(__NR_connect, r[1], 0x20000040ul, 0xeul); break; } } int main(void) { syscall(__NR_mmap, 0x1ffff000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 7ul, 0x32ul, -1, 0ul); syscall(__NR_mmap, 0x21000000ul, 0x1000ul, 0ul, 0x32ul, -1, 0ul); for (procid = 0; procid < 4; procid++) { if (fork() == 0) { do_sandbox_none(); } } sleep(1000000); return 0; } [PATCH 1/2] Bluetooth: SCO: Fix possible circular locking dependency [PATCH 2/2] Bluetooth: SCO: fix sco_conn related locking and validity -- 2.42.1

1 year, 8 months

2
3
0 0

[PATCH v3] fs, USB gadget: Remove libaio I/O cancellation support

by Bart Van Assche

Originally io_cancel() only supported cancelling USB reads and writes. If I/O was cancelled successfully, information about the cancelled I/O operation was copied to the data structure the io_cancel() 'result' argument points at. Commit 63b05203af57 ("[PATCH] AIO: retry infrastructure fixes and enhancements") changed the io_cancel() behavior from reporting status information via the 'result' argument into reporting status information on the completion ring. Commit 41003a7bcfed ("aio: remove retry-based AIO") accidentally changed the behavior into not reporting a completion event on the completion ring for cancelled requests. This is a bug because successful cancellation leads to an iocb leak in user space. Since this bug was introduced more than ten years ago and since nobody has complained since then, remove support for I/O cancellation. Keep support for cancellation of IOCB_CMD_POLL requests. Calling kiocb_set_cancel_fn() without knowing whether the caller submitted a struct kiocb or a struct aio_kiocb is unsafe. The following call trace illustrates that without this patch an out-of-bounds write happens if I/O is submitted by io_uring (from a phone with an ARM CPU and kernel 6.1): WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+0x58/0x11c el0_svc_common+0xb4/0xf4 do_el0_svc+0x2c/0xb0 el0_svc+0x2c/0xa4 el0t_64_sync_handler+0x68/0xb4 el0t_64_sync+0x1a4/0x1a8 Cc: Christoph Hellwig <hch(a)lst.de> Cc: Avi Kivity <avi(a)scylladb.com> Cc: Sandeep Dhavale <dhavale(a)google.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Fixes: 63b05203af57 ("[PATCH] AIO: retry infrastructure fixes and enhancements") Cc: <stable(a)vger.kernel.org> Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/usb/gadget/function/f_fs.c | 25 ------------------- drivers/usb/gadget/legacy/inode.c | 20 --------------- fs/aio.c | 39 +++++------------------------- include/linux/aio.h | 9 ------- 4 files changed, 6 insertions(+), 87 deletions(-) diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index 6bff6cb93789..59789292f4f7 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -1157,25 +1157,6 @@ ffs_epfile_open(struct inode *inode, struct file *file) return stream_open(inode, file); } -static int ffs_aio_cancel(struct kiocb *kiocb) -{ - struct ffs_io_data *io_data = kiocb->private; - struct ffs_epfile *epfile = kiocb->ki_filp->private_data; - unsigned long flags; - int value; - - spin_lock_irqsave(&epfile->ffs->eps_lock, flags); - - if (io_data && io_data->ep && io_data->req) - value = usb_ep_dequeue(io_data->ep, io_data->req); - else - value = -EINVAL; - - spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags); - - return value; -} - static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from) { struct ffs_io_data io_data, *p = &io_data; @@ -1198,9 +1179,6 @@ static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from) kiocb->private = p; - if (p->aio) - kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); - res = ffs_epfile_io(kiocb->ki_filp, p); if (res == -EIOCBQUEUED) return res; @@ -1242,9 +1220,6 @@ static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to) kiocb->private = p; - if (p->aio) - kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); - res = ffs_epfile_io(kiocb->ki_filp, p); if (res == -EIOCBQUEUED) return res; diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c index 03179b1880fd..99b7366d77af 100644 --- a/drivers/usb/gadget/legacy/inode.c +++ b/drivers/usb/gadget/legacy/inode.c @@ -446,25 +446,6 @@ struct kiocb_priv { unsigned actual; }; -static int ep_aio_cancel(struct kiocb *iocb) -{ - struct kiocb_priv *priv = iocb->private; - struct ep_data *epdata; - int value; - - local_irq_disable(); - epdata = priv->epdata; - // spin_lock(&epdata->dev->lock); - if (likely(epdata && epdata->ep && priv->req)) - value = usb_ep_dequeue (epdata->ep, priv->req); - else - value = -EINVAL; - // spin_unlock(&epdata->dev->lock); - local_irq_enable(); - - return value; -} - static void ep_user_copy_worker(struct work_struct *work) { struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work); @@ -537,7 +518,6 @@ static ssize_t ep_aio(struct kiocb *iocb, iocb->private = priv; priv->iocb = iocb; - kiocb_set_cancel_fn(iocb, ep_aio_cancel); get_ep(epdata); priv->epdata = epdata; priv->actual = 0; diff --git a/fs/aio.c b/fs/aio.c index bb2ff48991f3..c20946d5fcf3 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -203,7 +203,7 @@ struct aio_kiocb { }; struct kioctx *ki_ctx; - kiocb_cancel_fn *ki_cancel; + int (*ki_cancel)(struct kiocb *); struct io_event ki_res; @@ -587,22 +587,6 @@ static int aio_setup_ring(struct kioctx *ctx, unsigned int nr_events) #define AIO_EVENTS_FIRST_PAGE ((PAGE_SIZE - sizeof(struct aio_ring)) / sizeof(struct io_event)) #define AIO_EVENTS_OFFSET (AIO_EVENTS_PER_PAGE - AIO_EVENTS_FIRST_PAGE) -void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel) -{ - struct aio_kiocb *req = container_of(iocb, struct aio_kiocb, rw); - struct kioctx *ctx = req->ki_ctx; - unsigned long flags; - - if (WARN_ON_ONCE(!list_empty(&req->ki_list))) - return; - - spin_lock_irqsave(&ctx->ctx_lock, flags); - list_add_tail(&req->ki_list, &ctx->active_reqs); - req->ki_cancel = cancel; - spin_unlock_irqrestore(&ctx->ctx_lock, flags); -} -EXPORT_SYMBOL(kiocb_set_cancel_fn); - /* * free_ioctx() should be RCU delayed to synchronize against the RCU * protected lookup_ioctx() and also needs process context to call @@ -2158,13 +2142,11 @@ COMPAT_SYSCALL_DEFINE3(io_submit, compat_aio_context_t, ctx_id, #endif /* sys_io_cancel: - * Attempts to cancel an iocb previously passed to io_submit. If - * the operation is successfully cancelled, the resulting event is - * copied into the memory pointed to by result without being placed - * into the completion queue and 0 is returned. May fail with - * -EFAULT if any of the data structures pointed to are invalid. - * May fail with -EINVAL if aio_context specified by ctx_id is - * invalid. May fail with -EAGAIN if the iocb specified was not + * Attempts to cancel an IOCB_CMD_POLL iocb previously passed to + * io_submit(). If the operation is successfully cancelled 0 is returned. + * May fail with -EFAULT if any of the data structures pointed to are + * invalid. May fail with -EINVAL if aio_context specified by ctx_id is + * invalid. May fail with -EINPROGRESS if the iocb specified was not * cancelled. Will fail with -ENOSYS if not implemented. */ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, @@ -2196,15 +2178,6 @@ SYSCALL_DEFINE3(io_cancel, aio_context_t, ctx_id, struct iocb __user *, iocb, } spin_unlock_irq(&ctx->ctx_lock); - if (!ret) { - /* - * The result argument is no longer used - the io_event is - * always delivered via the ring buffer. -EINPROGRESS indicates - * cancellation is progress: - */ - ret = -EINPROGRESS; - } - percpu_ref_put(&ctx->users); return ret; diff --git a/include/linux/aio.h b/include/linux/aio.h index 86892a4fe7c8..9aabca4a0eed 100644 --- a/include/linux/aio.h +++ b/include/linux/aio.h @@ -2,22 +2,13 @@ #ifndef __LINUX__AIO_H #define __LINUX__AIO_H -#include <linux/aio_abi.h> - -struct kioctx; -struct kiocb; struct mm_struct; -typedef int (kiocb_cancel_fn)(struct kiocb *); - /* prototypes */ #ifdef CONFIG_AIO extern void exit_aio(struct mm_struct *mm); -void kiocb_set_cancel_fn(struct kiocb *req, kiocb_cancel_fn *cancel); #else static inline void exit_aio(struct mm_struct *mm) { } -static inline void kiocb_set_cancel_fn(struct kiocb *req, - kiocb_cancel_fn *cancel) { } #endif /* CONFIG_AIO */ #endif /* __LINUX__AIO_H */

1 year, 8 months

4
5
0 0

[PATCH net 0/7] mptcp: locking cleanup & misc. fixes

by Matthieu Baerts (NGI0)

Patches 1-4 are fixes for issues found by Paolo while working on adding TCP_NOTSENT_LOWAT support. The latter will need to track more states under the msk data lock. Since the locking msk locking schema is already quite complex, do a long awaited clean-up step by moving several confusing lockless initialization under the relevant locks. Note that it is unlikely a real race could happen even prior to such patches as the MPTCP-level state machine implicitly ensures proper serialization of the write accesses, even lacking explicit lock. But still, simplification is welcome and this will help for the maintenance. This can be backported up to v5.6. Patch 5 is a fix for the userspace PM, not to add new local address entries if the address is already in the list. This behaviour can be seen since v5.19. Patch 6 fixes an issue when Fastopen is used. The issue can happen since v6.2. A previous fix has already been applied, but not taking care of all cases according to syzbot. Patch 7 updates Geliang's email address in the MAINTAINERS file. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Geliang Tang (2): mptcp: check addrs list in userspace_pm_get_local_id MAINTAINERS: update Geliang's email address Paolo Abeni (5): mptcp: drop the push_pending field mptcp: fix rcv space initialization mptcp: fix more tx path fields initialization mptcp: corner case locking for rx path fields initialization mptcp: really cope with fastopen race .mailmap | 9 +++--- MAINTAINERS | 2 +- net/mptcp/fastopen.c | 6 ++-- net/mptcp/options.c | 9 +++--- net/mptcp/pm_userspace.c | 13 ++++++++- net/mptcp/protocol.c | 31 +++++++++++---------- net/mptcp/protocol.h | 16 ++++++----- net/mptcp/subflow.c | 71 ++++++++++++++++++++++++++++++------------------ 8 files changed, 95 insertions(+), 62 deletions(-) --- base-commit: 335bac1daae3fd9070d0f9f34d7d7ba708729256 change-id: 20240202-upstream-net-20240202-locking-cleanup-misc-5f2ee79d8356 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 8 months

2
7
0 0

[PATCH] comedi: comedi_8255: Correct error in subdevice initialization

by Frej Drejhammar

The refactoring done in commit 5c57b1ccecc7 ("comedi: comedi_8255: Rework subdevice initialization functions") to the initialization of the io field of struct subdev_8255_private broke all cards using the drivers/comedi/drivers/comedi_8255.c module. Prior to 5c57b1ccecc7, __subdev_8255_init() initialized the io field in the newly allocated struct subdev_8255_private to the non-NULL callback given to the function, otherwise it used a flag parameter to select between subdev_8255_mmio and subdev_8255_io. The refactoring removed that logic and the flag, as subdev_8255_mm_init() and subdev_8255_io_init() now explicitly pass subdev_8255_mmio and subdev_8255_io respectively to __subdev_8255_init(), only __subdev_8255_init() never sets spriv->io to the supplied callback. That spriv->io is NULL leads to a later BUG: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0010 [#1] SMP PTI CPU: 1 PID: 1210 Comm: systemd-udevd Not tainted 6.7.3-x86_64 #1 Hardware name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00 RBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000 R13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8 FS: 00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0 Call Trace: <TASK> ? __die_body+0x15/0x57 ? page_fault_oops+0x2ef/0x33c ? insert_vmap_area.constprop.0+0xb6/0xd5 ? alloc_vmap_area+0x529/0x5ee ? exc_page_fault+0x15a/0x489 ? asm_exc_page_fault+0x22/0x30 __subdev_8255_init+0x79/0x8d [comedi_8255] pci_8255_auto_attach+0x11a/0x139 [8255_pci] comedi_auto_config+0xac/0x117 [comedi] ? __pfx___driver_attach+0x10/0x10 pci_device_probe+0x88/0xf9 really_probe+0x101/0x248 __driver_probe_device+0xbb/0xed driver_probe_device+0x1a/0x72 __driver_attach+0xd4/0xed bus_for_each_dev+0x76/0xb8 bus_add_driver+0xbe/0x1be driver_register+0x9a/0xd8 comedi_pci_driver_register+0x28/0x48 [comedi_pci] ? __pfx_pci_8255_driver_init+0x10/0x10 [8255_pci] do_one_initcall+0x72/0x183 do_init_module+0x5b/0x1e8 init_module_from_file+0x86/0xac __do_sys_finit_module+0x151/0x218 do_syscall_64+0x72/0xdb entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f72f50a0cb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 47 71 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffd47e512d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 0000562dd06ae070 RCX: 00007f72f50a0cb9 RDX: 0000000000000000 RSI: 00007f72f52d32df RDI: 000000000000000e RBP: 0000000000000000 R08: 00007f72f5168b20 R09: 0000000000000000 R10: 0000000000000050 R11: 0000000000000246 R12: 00007f72f52d32df R13: 0000000000020000 R14: 0000562dd06785c0 R15: 0000562dcfd0e9a8 </TASK> Modules linked in: 8255_pci(+) comedi_8255 comedi_pci comedi intel_gtt e100(+) acpi_cpufreq rtc_cmos usbhid CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffffa3f1c02d7b78 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff91f847aefd00 RCX: 000000000000009b RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff91f840f6fc00 RBP: ffff91f840f6fc00 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 000000000000005f R12: 0000000000000000 R13: 0000000000000000 R14: ffffffffc0102498 R15: ffff91f847ce6ba8 FS: 00007f72f4e8f500(0000) GS:ffff91f8d5c80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 000000010540e000 CR4: 00000000000406f0 This patch simply corrects the above mistake by initializing spriv->io to the given io callback. Fixes: 5c57b1ccecc7 ("comedi: comedi_8255: Rework subdevice initialization functions") Signed-off-by: Frej Drejhammar <frej.drejhammar(a)gmail.com> Cc: <stable(a)vger.kernel.org> --- drivers/comedi/drivers/comedi_8255.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/comedi/drivers/comedi_8255.c b/drivers/comedi/drivers/comedi_8255.c index e4974b508328..a933ef53845a 100644 --- a/drivers/comedi/drivers/comedi_8255.c +++ b/drivers/comedi/drivers/comedi_8255.c @@ -159,6 +159,7 @@ static int __subdev_8255_init(struct comedi_device *dev, return -ENOMEM; spriv->context = context; + spriv->io = io; s->type = COMEDI_SUBD_DIO; s->subdev_flags = SDF_READABLE | SDF_WRITABLE; -- 2.43.0

1 year, 8 months

2
1
0 0

[PATCH] scsi: elx: efct: adjust error handling inside efct_hw_setup_io

by Fedor Pchelkin

IO and WQE buffers are allocated once per HW and can be reused later. If WQE buffers allocation fails then the whole allocation is marked as failed but already created IO array internal objects are not freed. hw->io is freed but not nullified in that specific case - it may become a problem later as efct_hw_setup_io() is supposed to be reusable for the same HW. While at it, use kcalloc instead of kmalloc_array/memset-zero combination and get rid of some needless NULL assignments: nullifying hw->io[i] elements just before freeing hw->io is not really useful. Found by Linux Verification Center (linuxtesting.org). Fixes: 4df84e846624 ("scsi: elx: efct: Driver initialization routines") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/scsi/elx/efct/efct_hw.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/elx/efct/efct_hw.c b/drivers/scsi/elx/efct/efct_hw.c index 5a5525054d71..e5486e6949f9 100644 --- a/drivers/scsi/elx/efct/efct_hw.c +++ b/drivers/scsi/elx/efct/efct_hw.c @@ -487,12 +487,10 @@ efct_hw_setup_io(struct efct_hw *hw) struct efct *efct = hw->os; if (!hw->io) { - hw->io = kmalloc_array(hw->config.n_io, sizeof(io), GFP_KERNEL); + hw->io = kcalloc(hw->config.n_io, sizeof(io), GFP_KERNEL); if (!hw->io) return -ENOMEM; - memset(hw->io, 0, hw->config.n_io * sizeof(io)); - for (i = 0; i < hw->config.n_io; i++) { hw->io[i] = kzalloc(sizeof(*io), GFP_KERNEL); if (!hw->io[i]) @@ -502,10 +500,8 @@ efct_hw_setup_io(struct efct_hw *hw) /* Create WQE buffs for IO */ hw->wqe_buffs = kzalloc((hw->config.n_io * hw->sli.wqe_size), GFP_KERNEL); - if (!hw->wqe_buffs) { - kfree(hw->io); - return -ENOMEM; - } + if (!hw->wqe_buffs) + goto error; } else { /* re-use existing IOs, including SGLs */ @@ -586,10 +582,8 @@ efct_hw_setup_io(struct efct_hw *hw) return 0; error: - for (i = 0; i < hw->config.n_io && hw->io[i]; i++) { + for (i = 0; i < hw->config.n_io && hw->io[i]; i++) kfree(hw->io[i]); - hw->io[i] = NULL; - } kfree(hw->io); hw->io = NULL; -- 2.39.2

1 year, 8 months

2
3
0 0

[PATCH stable 5.4 v2] net: bcmgenet: Fix EEE implementation

by Florian Fainelli

commit a9f31047baca57d47440c879cf259b86f900260c upstream We had a number of short comings: - EEE must be re-evaluated whenever the state machine detects a link change as wight be switching from a link partner with EEE enabled/disabled - tx_lpi_enabled controls whether EEE should be enabled/disabled for the transmit path, which applies to the TBUF block - We do not need to forcibly enable EEE upon system resume, as the PHY state machine will trigger a link event that will do that, too Fixes: 6ef398ea60d9 ("net: bcmgenet: add EEE support") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> Link: https://lore.kernel.org/r/20230606214348.2408018-1-florian.fainelli@broadco… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> --- Changes in v2: - removed Changed-id .../net/ethernet/broadcom/genet/bcmgenet.c | 22 +++++++------------ .../net/ethernet/broadcom/genet/bcmgenet.h | 3 +++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +++++ 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index eeadeeec17ba..380bf7a328ba 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -1018,7 +1018,8 @@ static void bcmgenet_get_ethtool_stats(struct net_device *dev, } } -static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) +void bcmgenet_eee_enable_set(struct net_device *dev, bool enable, + bool tx_lpi_enabled) { struct bcmgenet_priv *priv = netdev_priv(dev); u32 off = priv->hw_params->tbuf_offset + TBUF_ENERGY_CTRL; @@ -1038,7 +1039,7 @@ static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) /* Enable EEE and switch to a 27Mhz clock automatically */ reg = bcmgenet_readl(priv->base + off); - if (enable) + if (tx_lpi_enabled) reg |= TBUF_EEE_EN | TBUF_PM_EN; else reg &= ~(TBUF_EEE_EN | TBUF_PM_EN); @@ -1059,6 +1060,7 @@ static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) priv->eee.eee_enabled = enable; priv->eee.eee_active = enable; + priv->eee.tx_lpi_enabled = tx_lpi_enabled; } static int bcmgenet_get_eee(struct net_device *dev, struct ethtool_eee *e) @@ -1074,6 +1076,7 @@ static int bcmgenet_get_eee(struct net_device *dev, struct ethtool_eee *e) e->eee_enabled = p->eee_enabled; e->eee_active = p->eee_active; + e->tx_lpi_enabled = p->tx_lpi_enabled; e->tx_lpi_timer = bcmgenet_umac_readl(priv, UMAC_EEE_LPI_TIMER); return phy_ethtool_get_eee(dev->phydev, e); @@ -1083,7 +1086,6 @@ static int bcmgenet_set_eee(struct net_device *dev, struct ethtool_eee *e) { struct bcmgenet_priv *priv = netdev_priv(dev); struct ethtool_eee *p = &priv->eee; - int ret = 0; if (GENET_IS_V1(priv)) return -EOPNOTSUPP; @@ -1094,16 +1096,11 @@ static int bcmgenet_set_eee(struct net_device *dev, struct ethtool_eee *e) p->eee_enabled = e->eee_enabled; if (!p->eee_enabled) { - bcmgenet_eee_enable_set(dev, false); + bcmgenet_eee_enable_set(dev, false, false); } else { - ret = phy_init_eee(dev->phydev, 0); - if (ret) { - netif_err(priv, hw, dev, "EEE initialization failed\n"); - return ret; - } - + p->eee_active = phy_init_eee(dev->phydev, false) >= 0; bcmgenet_umac_writel(priv, e->tx_lpi_timer, UMAC_EEE_LPI_TIMER); - bcmgenet_eee_enable_set(dev, true); + bcmgenet_eee_enable_set(dev, p->eee_active, e->tx_lpi_enabled); } return phy_ethtool_set_eee(dev->phydev, e); @@ -3688,9 +3685,6 @@ static int bcmgenet_resume(struct device *d) if (!device_may_wakeup(d)) phy_resume(dev->phydev); - if (priv->eee.eee_enabled) - bcmgenet_eee_enable_set(dev, true); - bcmgenet_netif_start(dev); netif_device_attach(dev); diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 5b7c2f9241d0..29bf256d13f6 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -736,4 +736,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, enum bcmgenet_power_mode mode); +void bcmgenet_eee_enable_set(struct net_device *dev, bool enable, + bool tx_lpi_enabled); + #endif /* __BCMGENET_H__ */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 2fbec2acb606..026f00ccaa0c 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -25,6 +25,7 @@ #include "bcmgenet.h" + /* setup netdev link state when PHY link status change and * update UMAC and RGMII block when link up */ @@ -96,6 +97,11 @@ void bcmgenet_mii_setup(struct net_device *dev) CMD_RX_PAUSE_IGNORE | CMD_TX_PAUSE_IGNORE); reg |= cmd_bits; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + + priv->eee.eee_active = phy_init_eee(phydev, 0) >= 0; + bcmgenet_eee_enable_set(dev, + priv->eee.eee_enabled && priv->eee.eee_active, + priv->eee.tx_lpi_enabled); } else { /* done if nothing has changed */ if (!status_changed) -- 2.34.1

1 year, 8 months

2
3
0 0

[PATCH] power: supply: mm8013: select REGMAP_I2C

by Thomas Weißschuh

The driver uses regmap APIs so it should make sure they are available. Fixes: c75f4bf6800b ("power: supply: Introduce MM8013 fuel gauge driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- drivers/power/supply/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/power/supply/Kconfig b/drivers/power/supply/Kconfig index f21cb05815ec..3e31375491d5 100644 --- a/drivers/power/supply/Kconfig +++ b/drivers/power/supply/Kconfig @@ -978,6 +978,7 @@ config CHARGER_QCOM_SMB2 config FUEL_GAUGE_MM8013 tristate "Mitsumi MM8013 fuel gauge driver" depends on I2C + select REGMAP_I2C help Say Y here to enable the Mitsumi MM8013 fuel gauge driver. It enables the monitoring of many battery parameters, including --- base-commit: 54be6c6c5ae8e0d93a6c4641cb7528eb0b6ba478 change-id: 20240204-mm8013-regmap-d8d18ada07c2 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 8 months

3
2
0 0

Please apply commit b4909252da9b ("drivers: lkdtm: fix clang -Wformat warning") to v5.15.y

by Guenter Roeck

Hi, please consider applying the following patch to v5.15.y to fix a build error seen with various test builds (m68k:allmodconfig, powerpc:allmodconfig, powerpc:ppc32_allmodconfig, and xtensa:allmodconfig). b4909252da9b ("drivers: lkdtm: fix clang -Wformat warning") Thanks, Guenter

1 year, 8 months

2
1
0 0

[PATCH v2 5.15.y 0/3] Backport Fixes to 5.15.y

by Guruswamy Basavaiah

Correction: The subject line in my previous message erroneously stated "5.10.y" in patch 2/3 and 3/3, instead of the correct "5.15.y." Sending again after correction. Here are the three backported patches aimed at addressing a potential crash and an actual crash. Patch 1 Fix potential OOB access in receive_encrypted_standard() if server returned a large shdr->NextCommand in cifs. Patch 2 fix validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). Patch 3 fix issue in patch 2. The original patches were authored by Paulo Alcantara <pc(a)manguebit.com>. Original Patches: 1. eec04ea11969 ("smb: client: fix OOB in receive_encrypted_standard()") 2. af1689a9b770 ("smb: client: fix potential OOBs in smb2_parse_contexts()") 3. 76025cc2285d ("smb: client: fix parsing of SMB3.1.1 POSIX create context") Please review and consider applying these patches. https://lore.kernel.org/all/2023121834-semisoft-snarl-49ad@gregkh/ fs/cifs/smb2ops.c | 4 +++- fs/cifs/smb2pdu.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------- fs/cifs/smb2proto.h | 12 +++++++----- 3 files changed, 66 insertions(+), 43 deletions(-)

1 year, 8 months

1
3
0 0

[PATCH 5.15.y 1/3] smb: client: fix OOB in receive_encrypted_standard()

by Guruswamy Basavaiah

From: Paulo Alcantara <pc(a)manguebit.com> [ Upstream commit eec04ea119691e65227a97ce53c0da6b9b74b0b7 ] Fix potential OOB in receive_encrypted_standard() if server returned a large shdr->NextCommand that would end up writing off the end of @next_buffer. Fixes: b24df3e30cbf ("cifs: update receive_encrypted_standard to handle compounded responses") Cc: stable(a)vger.kernel.org Reported-by: Robert Morris <rtm(a)csail.mit.edu> Signed-off-by: Paulo Alcantara (SUSE) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> [Guru: receive_encrypted_standard() is present in file smb2ops.c, smb2ops.c file location is changed, modified patch accordingly.] Signed-off-by: Guruswamy Basavaiah <guruswamy.basavaiah(a)broadcom.com> --- fs/cifs/smb2ops.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index f31da2647d04..867b32b1393f 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -5153,6 +5153,7 @@ receive_encrypted_standard(struct TCP_Server_Info *server, struct smb2_sync_hdr *shdr; unsigned int pdu_length = server->pdu_size; unsigned int buf_size; + unsigned int next_cmd; struct mid_q_entry *mid_entry; int next_is_large; char *next_buffer = NULL; @@ -5181,14 +5182,15 @@ receive_encrypted_standard(struct TCP_Server_Info *server, next_is_large = server->large_buf; one_more: shdr = (struct smb2_sync_hdr *)buf; - if (shdr->NextCommand) { + next_cmd = le32_to_cpu(shdr->NextCommand); + if (next_cmd) { + if (WARN_ON_ONCE(next_cmd > pdu_length)) + return -1; if (next_is_large) next_buffer = (char *)cifs_buf_get(); else next_buffer = (char *)cifs_small_buf_get(); - memcpy(next_buffer, - buf + le32_to_cpu(shdr->NextCommand), - pdu_length - le32_to_cpu(shdr->NextCommand)); + memcpy(next_buffer, buf + next_cmd, pdu_length - next_cmd); } mid_entry = smb2_find_mid(server, buf); @@ -5212,8 +5214,8 @@ receive_encrypted_standard(struct TCP_Server_Info *server, else ret = cifs_handle_standard(server, mid_entry); - if (ret == 0 && shdr->NextCommand) { - pdu_length -= le32_to_cpu(shdr->NextCommand); + if (ret == 0 && next_cmd) { + pdu_length -= next_cmd; server->large_buf = next_is_large; if (next_is_large) server->bigbuf = buf = next_buffer; -- 2.25.1

1 year, 8 months

1
5
0 0

[PATCH v2] Revert "usb: typec: tcpm: fix cc role at port reset"

by Badhri Jagan Sridharan

This reverts commit 1e35f074399dece73d5df11847d4a0d7a6f49434. Given that ERROR_RECOVERY calls into PORT_RESET for Hi-Zing the CC pins, setting CC pins to default state during PORT_RESET breaks error recovery. 4.5.2.2.2.1 ErrorRecovery State Requirements The port shall not drive VBUS or VCONN, and shall present a high-impedance to ground (above zOPEN) on its CC1 and CC2 pins. Hi-Zing the CC pins is the inteded behavior for PORT_RESET. CC pins are set to default state after tErrorRecovery in PORT_RESET_WAIT_OFF. 4.5.2.2.2.2 Exiting From ErrorRecovery State A Sink shall transition to Unattached.SNK after tErrorRecovery. A Source shall transition to Unattached.SRC after tErrorRecovery. Cc: stable(a)vger.kernel.org Cc: Frank Wang <frank.wang(a)rock-chips.com> Fixes: 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 5945e3a2b0f7..9d410718eaf4 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4876,8 +4876,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); - tcpm_set_cc(port, tcpm_default_state(port) == SNK_UNATTACHED ? - TYPEC_CC_RD : tcpm_rp_cc(port)); + tcpm_set_cc(port, TYPEC_CC_OPEN); tcpm_set_state(port, PORT_RESET_WAIT_OFF, PD_T_ERROR_RECOVERY); break; base-commit: 933bb7b878ddd0f8c094db45551a7daddf806e00 -- 2.43.0.429.g432eaa2c6b-goog

1 year, 8 months

5
4
0 0

[REGRESSION] 6.7.0: ASoC: SOF: refactoring breaks sof-rt5682 audio on chromebook; successfully bisected

by Mole Shang

I'm relatively new here, first time reporting a regression, so apologies in advance if I'm doing something wrong. I'm using Arch Linux (linux-mainline kernel) on my chromebook Acer Spin 713-2W (Voxel), and after upgrading linux-mainline from 6.7-rc4 to 6.7-rc5 the audio setup isn't working anymore. Firstly I suspected its some changes in the sof- firmware, yet got no luck in upgrading sof-firmware (2023.09.2 -> 2023.12). On certain chromebooks, audio setup needs custom ALSA ucm confs [1], but after contacting the chromebook-linux-audio developer [2], I think it's not a conf problem, but rather a kernel regression. After hours of bisecting, the first bad commit 31ed8da (ASoC: SOF: sof-audio: Modify logic for enabling/disabling topology cores) ensures the regression. demsg log pasted below: // before 31ed8da, working [ 61.572587] sof-audio-pci-intel-tgl 0000:00:1f.3: ipc tx error for 0x60010000 (msg/reply size: 108/20): -22 [ 61.572593] sof-audio-pci-intel-tgl 0000:00:1f.3: HW params ipc failed for stream 1 [ 61.572594] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_hw_params on 0000:00:1f.3: -22 [ 61.573247] sof-audio-pci-intel-tgl 0000:00:1f.3: ipc tx error for 0x60010000 (msg/reply size: 108/20): -22 [ 61.573250] sof-audio-pci-intel-tgl 0000:00:1f.3: HW params ipc failed for stream 1 [ 61.573251] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_hw_params on 0000:00:1f.3: -22 [ 61.573888] sof-audio-pci-intel-tgl 0000:00:1f.3: ipc tx error for 0x60010000 (msg/reply size: 108/20): -22 [ 61.573892] sof-audio-pci-intel-tgl 0000:00:1f.3: HW params ipc failed for stream 1 [ 61.573893] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_hw_params on 0000:00:1f.3: -22 [ 61.574570] sof-audio-pci-intel-tgl 0000:00:1f.3: ipc tx error for 0x60010000 (msg/reply size: 108/20): -22 [ 61.574572] sof-audio-pci-intel-tgl 0000:00:1f.3: HW params ipc failed for stream 1 [ 61.574573] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_hw_params on 0000:00:1f.3: -22 // after 31ed8da, broken [ 48.930740] sof-audio-pci-intel-tgl 0000:00:1f.3: ipc tx error for 0x30020000 (msg/reply size: 12/0): -13 [ 48.930762] sof-audio-pci-intel-tgl 0000:00:1f.3: failed to free widget DMIC0.IN [ 57.235697] sof-audio-pci-intel-tgl 0000:00:1f.3: ipc tx error for 0x30030000 (msg/reply size: 16/0): -22 [ 57.235701] sof-audio-pci-intel-tgl 0000:00:1f.3: sof_ipc3_route_setup: route DMIC0.IN -> BUF4.0 failed [ 57.235703] sof-audio-pci-intel-tgl 0000:00:1f.3: sof_ipc3_set_up_all_pipelines: route set up failed [ 57.235704] sof-audio-pci-intel-tgl 0000:00:1f.3: Failed to restore pipeline after resume -22 [ 57.235706] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.235926] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.235966] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.236006] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.236041] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.236074] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.236107] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.236141] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.236173] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.236205] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 [ 57.236239] sof-audio-pci-intel-tgl 0000:00:1f.3: ASoC: error at snd_soc_pcm_component_pm_runtime_get on 0000:00:1f.3: -22 Steps to reproduce: - Run chromebook-linux-audio script [2] (this would install custom sof-rt5682 ucm confs [1] into /usr/share/alsa/ucm2/conf.d/sof-rt5682 and write a line `options snd-intel-dspcfg dsp_driver=3` to /etc/modprobe.d/snd-sof.conf) - Reboot, gets audio working on kernels before 31ed8da - Install latest stable kernel (6.7.3), audio broken - Install latest git kernel (6.8-rc2), audio broken - Revert 31ed8da, build upon latest linux-git (6.8-rc2), audio working Apologies for my busyiness that I should have reported it long before the regression enters stable and lts, but sadly linux-lts (6.6.13) seems to be affected too [3]. Please let me know if there's any other thing that I can help debugging. -- Mole Shang [1]: https://github.com/WeirdTreeThing/chromebook-ucm-conf/tree/main/sof-rt5682 [2]: https://github.com/WeirdTreeThing/chromebook-linux-audio/issues/70 [3]: https://github.com/WeirdTreeThing/chromebook-linux-audio/issues/ 70#issuecomment-1911048309 #regzbot introduced: 31ed8da1c8e5e504710bb36863700e3389f8fc81

1 year, 8 months

2
1
0 0

[char-misc 1/2] mei: me: add arrow lake point S DID

by Tomas Winkler

From: Alexander Usyskin <alexander.usyskin(a)intel.com> Add Arrow Lake S device id. Cc: <stable(a)vger.kernel.org> Signed-off-by: Alexander Usyskin <alexander.usyskin(a)intel.com> Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> --- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/misc/mei/hw-me-regs.h b/drivers/misc/mei/hw-me-regs.h index 961e5d53a27a8c4221b4b33c..b10536e4974dbdeed046f4f0 100644 --- a/drivers/misc/mei/hw-me-regs.h +++ b/drivers/misc/mei/hw-me-regs.h @@ -112,6 +112,7 @@ #define MEI_DEV_ID_RPL_S 0x7A68 /* Raptor Lake Point S */ #define MEI_DEV_ID_MTL_M 0x7E70 /* Meteor Lake Point M */ +#define MEI_DEV_ID_ARL_S 0x7F68 /* Arrow Lake Point S */ /* * MEI HW Section diff --git a/drivers/misc/mei/pci-me.c b/drivers/misc/mei/pci-me.c index 676d566f38ddfd2cbb5c167f..1a614fb7fdb675e77bcb6be8 100644 --- a/drivers/misc/mei/pci-me.c +++ b/drivers/misc/mei/pci-me.c @@ -119,6 +119,7 @@ static const struct pci_device_id mei_me_pci_tbl[] = { {MEI_PCI_DEVICE(MEI_DEV_ID_RPL_S, MEI_ME_PCH15_CFG)}, {MEI_PCI_DEVICE(MEI_DEV_ID_MTL_M, MEI_ME_PCH15_CFG)}, + {MEI_PCI_DEVICE(MEI_DEV_ID_ARL_S, MEI_ME_PCH15_CFG)}, /* required last entry */ {0, } -- 2.43.0

1 year, 8 months

1
1
0 0

Re: [PATCH v2] btrfs: handle missing chunk mapping more gracefully

by Celeste Liu

On 3/2/23 09:54, Qu Wenruo wrote: > [BUG] > During my scrub rework, I did a stupid thing like this: > > bio->bi_iter.bi_sector = stripe->logical; > btrfs_submit_bio(fs_info, bio, stripe->mirror_num); > > Above bi_sector assignment is using logical address directly, which > lacks ">> SECTOR_SHIFT". > > This results a read on a range which has no chunk mapping. > > This results the following crash: > > BTRFS critical (device dm-1): unable to find logical 11274289152 length 65536 > assertion failed: !IS_ERR(em), in fs/btrfs/volumes.c:6387 > ------------[ cut here ]------------ > > Sure this is all my fault, but this shows a possible problem in real > world, that some bitflip in file extents/tree block can point to > unmapped ranges, and trigger above ASSERT(), or if CONFIG_BTRFS_ASSERT > is not configured, cause invalid pointer. > > [PROBLEMS] > In above call chain, we just don't handle the possible error from > btrfs_get_chunk_map() inside __btrfs_map_block(). > > [FIX] > The fix is pretty straightforward, just replace the ASSERT() with proper > error handling. > > Signed-off-by: Qu Wenruo <wqu(a)suse.com> > --- > Changelog: > v2: > - Rebased to latest misc-next > The error path in bio.c is already fixed, thus only need to replace > the ASSERT() in __btrfs_map_block(). > --- > fs/btrfs/volumes.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c > index 4d479ac233a4..93bc45001e68 100644 > --- a/fs/btrfs/volumes.c > +++ b/fs/btrfs/volumes.c > @@ -6242,7 +6242,8 @@ int __btrfs_map_block(struct btrfs_fs_info *fs_info, enum btrfs_map_op op, > return -EINVAL; > > em = btrfs_get_chunk_map(fs_info, logical, *length); > - ASSERT(!IS_ERR(em)); > + if (IS_ERR(em)) > + return PTR_ERR(em); > > map = em->map_lookup; > data_stripes = nr_data_stripes(map); This bug affects 6.1.y LTS branch but no backport commit of this fix in 6.1.y branch. Please include it. Thanks.

1 year, 8 months

2
3
0 0

+ mm-memblock-add-memblock_rsrv_noinit-into-flagname-array.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memblock-add-memblock_rsrv_noinit-into-flagname-array.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Anshuman Khandual <anshuman.khandual(a)arm.com> Subject: mm/memblock: add MEMBLOCK_RSRV_NOINIT into flagname[] array Date: Fri, 9 Feb 2024 08:39:12 +0530 The commit 77e6c43e137c ("memblock: introduce MEMBLOCK_RSRV_NOINIT flag") skipped adding this newly introduced memblock flag into flagname[] array, thus preventing a correct memblock flags output for applicable memblock regions. Link: https://lkml.kernel.org/r/20240209030912.1382251-1-anshuman.khandual@arm.com Fixes: 77e6c43e137c ("memblock: introduce MEMBLOCK_RSRV_NOINIT flag") Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memblock.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/memblock.c~mm-memblock-add-memblock_rsrv_noinit-into-flagname-array +++ a/mm/memblock.c @@ -2249,6 +2249,7 @@ static const char * const flagname[] = { [ilog2(MEMBLOCK_MIRROR)] = "MIRROR", [ilog2(MEMBLOCK_NOMAP)] = "NOMAP", [ilog2(MEMBLOCK_DRIVER_MANAGED)] = "DRV_MNG", + [ilog2(MEMBLOCK_RSRV_NOINIT)] = "RSV_NIT", }; static int memblock_debug_show(struct seq_file *m, void *private) _ Patches currently in -mm which might be from anshuman.khandual(a)arm.com are fs-proc-task_mmu-add-display-flag-for-vm_mayoverlay.patch mm-memblock-add-memblock_rsrv_noinit-into-flagname-array.patch mm-cma-dont-treat-bad-input-arguments-for-cma_alloc-as-its-failure.patch mm-cma-drop-config_cma_debug.patch mm-cma-make-max_cma_areas-=-config_cma_areas.patch mm-cma-add-sysfs-file-release_pages_success.patch

1 year, 9 months

1
0
0 0

[PATCH] drm/buddy: Fix alloc_range() error handling code

by Arunpravin Paneer Selvam

Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the problem that whenever alloc_range() couldn't find the required memory blocks the function was returning SUCCESS in some of the corner cases. The right approach would be if the total allocated size is less than the required size, the function should return -ENOSPC. Cc: <stable(a)vger.kernel.org> # 6.7+ Fixes: 0a1844bf0b53 ("drm/buddy: Improve contiguous memory allocation") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3097 Tested-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20240207174456.341121-… Acked-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> --- drivers/gpu/drm/drm_buddy.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index f57e6d74fb0e..c1a99bf4dffd 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -539,6 +539,12 @@ static int __alloc_range(struct drm_buddy *mm, } while (1); list_splice_tail(&allocated, blocks); + + if (total_allocated < size) { + err = -ENOSPC; + goto err_free; + } + return 0; err_undo: -- 2.25.1

1 year, 9 months

3
3
0 0

[PATCH 6.6 00/21] xfs backports for 6.6.y (from v6.7)

by Catherine Hoang

Hello, This series contains backports for 6.6 from the 6.7 release. This patchset has gone through xfs testing and review. Anthony Iliopoulos (1): xfs: fix again select in kconfig XFS_ONLINE_SCRUB_STATS Catherine Hoang (2): MAINTAINERS: add Catherine as xfs maintainer for 6.6.y xfs: allow read IO and FICLONE to run concurrently Cheng Lin (1): xfs: introduce protection for drop nlink Christoph Hellwig (4): xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space xfs: only remap the written blocks in xfs_reflink_end_cow_extent xfs: clean up FS_XFLAG_REALTIME handling in xfs_ioctl_setattr_xflags xfs: respect the stable writes flag on the RT device Darrick J. Wong (8): xfs: bump max fsgeom struct version xfs: hoist freeing of rt data fork extent mappings xfs: prevent rt growfs when quota is enabled xfs: rt stubs should return negative errnos when rt disabled xfs: fix units conversion error in xfs_bmap_del_extent_delay xfs: make sure maxlen is still congruent with prod when rounding down xfs: clean up dqblk extraction xfs: dquot recovery does not validate the recovered dquot Dave Chinner (1): xfs: inode recovery does not validate the recovered inode Leah Rumancik (1): xfs: up(ic_sema) if flushing data device fails Long Li (2): xfs: factor out xfs_defer_pending_abort xfs: abort intent items when recovery intents fail Omar Sandoval (1): xfs: fix internal error from AGFL exhaustion MAINTAINERS | 1 + fs/xfs/Kconfig | 2 +- fs/xfs/libxfs/xfs_alloc.c | 27 ++++++++++++-- fs/xfs/libxfs/xfs_bmap.c | 21 +++-------- fs/xfs/libxfs/xfs_defer.c | 28 +++++++++------ fs/xfs/libxfs/xfs_defer.h | 2 +- fs/xfs/libxfs/xfs_inode_buf.c | 3 ++ fs/xfs/libxfs/xfs_rtbitmap.c | 33 +++++++++++++++++ fs/xfs/libxfs/xfs_sb.h | 2 +- fs/xfs/xfs_bmap_util.c | 24 +++++++------ fs/xfs/xfs_dquot.c | 5 +-- fs/xfs/xfs_dquot_item_recover.c | 21 +++++++++-- fs/xfs/xfs_file.c | 63 ++++++++++++++++++++++++++------- fs/xfs/xfs_inode.c | 24 +++++++++++++ fs/xfs/xfs_inode.h | 17 +++++++++ fs/xfs/xfs_inode_item_recover.c | 14 +++++++- fs/xfs/xfs_ioctl.c | 30 ++++++++++------ fs/xfs/xfs_iops.c | 7 ++++ fs/xfs/xfs_log.c | 23 ++++++------ fs/xfs/xfs_log_recover.c | 2 +- fs/xfs/xfs_reflink.c | 5 +++ fs/xfs/xfs_rtalloc.c | 33 +++++++++++++---- fs/xfs/xfs_rtalloc.h | 27 ++++++++------ 23 files changed, 312 insertions(+), 102 deletions(-) -- 2.39.3

1 year, 9 months

3
23
0 0

[PATCH v2] arm64/signal: Don't assume that TIF_SVE means we saved SVE state

by Mark Brown

When we are in a syscall we will only save the FPSIMD subset even though the task still has access to the full register set, and on context switch we will only remove TIF_SVE when loading the register state. This means that the signal handling code should not assume that TIF_SVE means that the register state is stored in SVE format, it should instead check the format that was recorded during save. Fixes: 8c845e273104 ("arm64/sve: Leave SVE enabled on syscall if we don't context switch") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- Changes in v2: - Rebase onto v6.8-rc2. - Link to v1: https://lore.kernel.org/r/20240119-arm64-sve-signal-regs-v1-1-b9fd61b0289a@… --- arch/arm64/kernel/fpsimd.c | 2 +- arch/arm64/kernel/signal.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index a5dc6f764195..25ceaee6b025 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1635,7 +1635,7 @@ void fpsimd_preserve_current_state(void) void fpsimd_signal_preserve_current_state(void) { fpsimd_preserve_current_state(); - if (test_thread_flag(TIF_SVE)) + if (current->thread.fp_type == FP_STATE_SVE) sve_to_fpsimd(current); } diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 0e8beb3349ea..425b1bc17a3f 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -242,7 +242,7 @@ static int preserve_sve_context(struct sve_context __user *ctx) vl = task_get_sme_vl(current); vq = sve_vq_from_vl(vl); flags |= SVE_SIG_FLAG_SM; - } else if (test_thread_flag(TIF_SVE)) { + } else if (current->thread.fp_type == FP_STATE_SVE) { vq = sve_vq_from_vl(vl); } @@ -878,7 +878,7 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; - if (add_all || test_thread_flag(TIF_SVE) || + if (add_all || current->thread.fp_type == FP_STATE_SVE || thread_sm_enabled(&current->thread)) { int vl = max(sve_max_vl(), sme_max_vl()); --- base-commit: 41bccc98fb7931d63d03f326a746ac4d429c1dd3 change-id: 20240118-arm64-sve-signal-regs-5711e0d10425 Best regards, -- Mark Brown <broonie(a)kernel.org>

1 year, 9 months

2
1
0 0

[regression 6.1.67] dlm: cannot start dlm midcomms -97 after backport of e9cdebbe23f1 ("dlm: use kernel_connect() and kernel_bind()")

by Salvatore Bonaccorso

Hi Valentin, hi all [This is about a regression reported in Debian for 6.1.67] On Tue, Feb 06, 2024 at 01:00:11PM +0100, Valentin Kleibel wrote: > Package: linux-image-amd64 > Version: 6.1.76+1 > Source: linux > Source-Version: 6.1.76+1 > Severity: important > Control: notfound -1 6.6.15-2 > > Dear Maintainers, > > We discovered a bug affecting dlm that prevents any tcp communications by > dlm when booted with debian kernel 6.1.76-1. > > Dlm startup works (corosync-cpgtool shows the dlm:controld group with all > expected nodes) but as soon as we try to add a lockspace dmesg shows: > ``` > dlm: Using TCP for communications > dlm: cannot start dlm midcomms -97 > ``` > > It seems that commit "dlm: use kernel_connect() and kernel_bind()" > (e9cdebbe) was merged to 6.1. > > Checking the code it seems that the changed function dlm_tcp_listen_bind() > fails with exit code 97 (EAFNOSUPPORT) > It is called from > > dlm/lockspace.c: threads_start() -> dlm_midcomms_start() > dlm/midcomms.c: dlm_midcomms_start() -> dlm_lowcomms_start() > dlm/lowcomms.c: dlm_lowcomms_start() -> dlm_listen_for_all() -> > dlm_proto_ops->listen_bind() = dlm_tcp_listen_bind() > > The error code is returned all the way to threads_start() where the error > message is emmitted. > > Booting with the unsigned kernel from testing (6.6.15-2), which also > contains this commit, works without issues. > > I'm not sure what additional changes are required to get this working or if > rolling back this change is an option. > > We'd be happy to test patches that might fix this issue. Thanks for your report. So we have a 6.1.76 specific regression for the backport of e9cdebbe23f1 ("dlm: use kernel_connect() and kernel_bind()") . Let's loop in the upstream regression list for tracking and people involved for the subsystem to see if the issue can be identified. As it is working for 6.6.15 which includes the commit backport as well it might be very well that a prerequisite is missing. # annotate regression with 6.1.y specific commit #regzbot ^introduced e11dea8f503341507018b60906c4a9e7332f3663 #regzbot link: https://bugs.debian.org/1063338 Any ideas? Regards, Salvatore

1 year, 9 months

4
8
0 0

[PATCH] drm/buddy: Fix alloc_range() error handling code

by Arunpravin Paneer Selvam

Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the problem that whenever alloc_range() couldn't find the required memory blocks the function was returning SUCCESS in some of the corner cases. The right approach would be if the total allocated size is less than the required size, the function should return -ENOSPC. Cc: <stable(a)vger.kernel.org> # 6.7+ Fixes: 0a1844bf0b53 ("drm/buddy: Improve contiguous memory allocation") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3097 Tested-by: Mario Limonciello <mario.limonciello(a)amd.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20240207174456.341121-… Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> --- drivers/gpu/drm/drm_buddy.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index f57e6d74fb0e..c1a99bf4dffd 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -539,6 +539,12 @@ static int __alloc_range(struct drm_buddy *mm, } while (1); list_splice_tail(&allocated, blocks); + + if (total_allocated < size) { + err = -ENOSPC; + goto err_free; + } + return 0; err_undo: -- 2.25.1

1 year, 9 months

1
0
0 0

[for-linus][PATCH 2/2] tracing: Fix wasted memory in saved_cmdlines logic

by Steven Rostedt

From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> While looking at improving the saved_cmdlines cache I found a huge amount of wasted memory that should be used for the cmdlines. The tracing data saves pids during the trace. At sched switch, if a trace occurred, it will save the comm of the task that did the trace. This is saved in a "cache" that maps pids to comms and exposed to user space via the /sys/kernel/tracing/saved_cmdlines file. Currently it only caches by default 128 comms. The structure that uses this creates an array to store the pids using PID_MAX_DEFAULT (which is usually set to 32768). This causes the structure to be of the size of 131104 bytes on 64 bit machines. In hex: 131104 = 0x20020, and since the kernel allocates generic memory in powers of two, the kernel would allocate 0x40000 or 262144 bytes to store this structure. That leaves 131040 bytes of wasted space. Worse, the structure points to an allocated array to store the comm names, which is 16 bytes times the amount of names to save (currently 128), which is 2048 bytes. Instead of allocating a separate array, make the structure end with a variable length string and use the extra space for that. This is similar to a recommendation that Linus had made about eventfs_inode names: https://lore.kernel.org/all/20240130190355.11486-5-torvalds@linux-foundatio… Instead of allocating a separate string array to hold the saved comms, have the structure end with: char saved_cmdlines[]; and round up to the next power of two over sizeof(struct saved_cmdline_buffers) + num_cmdlines * TASK_COMM_LEN It will use this extra space for the saved_cmdline portion. Now, instead of saving only 128 comms by default, by using this wasted space at the end of the structure it can save over 8000 comms and even saves space by removing the need for allocating the other array. Link: https://lore.kernel.org/linux-trace-kernel/20240208105328.7e73f71d@rorschac… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Vincent Donnefort <vdonnefort(a)google.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Mete Durlu <meted(a)linux.ibm.com> Fixes: 939c7a4f04fcd ("tracing: Introduce saved_cmdlines_size file") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 73 +++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 39 deletions(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 2a7c6fd934e9..ea6d13ff256c 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -2320,7 +2320,7 @@ struct saved_cmdlines_buffer { unsigned *map_cmdline_to_pid; unsigned cmdline_num; int cmdline_idx; - char *saved_cmdlines; + char saved_cmdlines[]; }; static struct saved_cmdlines_buffer *savedcmd; @@ -2334,47 +2334,54 @@ static inline void set_cmdline(int idx, const char *cmdline) strncpy(get_saved_cmdlines(idx), cmdline, TASK_COMM_LEN); } -static int allocate_cmdlines_buffer(unsigned int val, - struct saved_cmdlines_buffer *s) +static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s) +{ + int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN); + + kfree(s->map_cmdline_to_pid); + free_pages((unsigned long)s, order); +} + +static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val) { + struct saved_cmdlines_buffer *s; + struct page *page; + int orig_size, size; + int order; + + /* Figure out how much is needed to hold the given number of cmdlines */ + orig_size = sizeof(*s) + val * TASK_COMM_LEN; + order = get_order(orig_size); + size = 1 << (order + PAGE_SHIFT); + page = alloc_pages(GFP_KERNEL, order); + if (!page) + return NULL; + + s = page_address(page); + memset(s, 0, sizeof(*s)); + + /* Round up to actual allocation */ + val = (size - sizeof(*s)) / TASK_COMM_LEN; + s->cmdline_num = val; + s->map_cmdline_to_pid = kmalloc_array(val, sizeof(*s->map_cmdline_to_pid), GFP_KERNEL); - if (!s->map_cmdline_to_pid) - return -ENOMEM; - - s->saved_cmdlines = kmalloc_array(TASK_COMM_LEN, val, GFP_KERNEL); - if (!s->saved_cmdlines) { - kfree(s->map_cmdline_to_pid); - return -ENOMEM; - } s->cmdline_idx = 0; - s->cmdline_num = val; memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP, sizeof(s->map_pid_to_cmdline)); memset(s->map_cmdline_to_pid, NO_CMDLINE_MAP, val * sizeof(*s->map_cmdline_to_pid)); - return 0; + return s; } static int trace_create_savedcmd(void) { - int ret; - - savedcmd = kmalloc(sizeof(*savedcmd), GFP_KERNEL); - if (!savedcmd) - return -ENOMEM; - - ret = allocate_cmdlines_buffer(SAVED_CMDLINES_DEFAULT, savedcmd); - if (ret < 0) { - kfree(savedcmd); - savedcmd = NULL; - return -ENOMEM; - } + savedcmd = allocate_cmdlines_buffer(SAVED_CMDLINES_DEFAULT); - return 0; + return savedcmd ? 0 : -ENOMEM; } int is_tracing_stopped(void) @@ -6056,26 +6063,14 @@ tracing_saved_cmdlines_size_read(struct file *filp, char __user *ubuf, return simple_read_from_buffer(ubuf, cnt, ppos, buf, r); } -static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s) -{ - kfree(s->saved_cmdlines); - kfree(s->map_cmdline_to_pid); - kfree(s); -} - static int tracing_resize_saved_cmdlines(unsigned int val) { struct saved_cmdlines_buffer *s, *savedcmd_temp; - s = kmalloc(sizeof(*s), GFP_KERNEL); + s = allocate_cmdlines_buffer(val); if (!s) return -ENOMEM; - if (allocate_cmdlines_buffer(val, s) < 0) { - kfree(s); - return -ENOMEM; - } - preempt_disable(); arch_spin_lock(&trace_cmdline_lock); savedcmd_temp = savedcmd; -- 2.43.0

1 year, 9 months

1
1
0 0

[PATCH 1/3] driver core: bus: introduce can_remove()

by Hamza Mahfooz

Currently, drivers have no mechanism to block requests to unbind devices. However, this can cause resource leaks and leave the device in an inconsistent state, such that rebinding the device may cause a hang or otherwise prevent the device from being rebound. So, introduce the can_remove() callback to allow drivers to indicate if it isn't appropriate to remove a device at the given time. Cc: stable(a)vger.kernel.org Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> --- drivers/base/bus.c | 4 ++++ include/linux/device/bus.h | 2 ++ 2 files changed, 6 insertions(+) diff --git a/drivers/base/bus.c b/drivers/base/bus.c index daee55c9b2d9..7c259b01ea99 100644 --- a/drivers/base/bus.c +++ b/drivers/base/bus.c @@ -239,6 +239,10 @@ static ssize_t unbind_store(struct device_driver *drv, const char *buf, dev = bus_find_device_by_name(bus, NULL, buf); if (dev && dev->driver == drv) { + if (dev->bus && dev->bus->can_remove && + !dev->bus->can_remove(dev)) + return -EBUSY; + device_driver_detach(dev); err = count; } diff --git a/include/linux/device/bus.h b/include/linux/device/bus.h index 5ef4ec1c36c3..c9d4af0ed3b8 100644 --- a/include/linux/device/bus.h +++ b/include/linux/device/bus.h @@ -46,6 +46,7 @@ struct fwnode_handle; * be called at late_initcall_sync level. If the device has * consumers that are never bound to a driver, this function * will never get called until they do. + * @can_remove: Called before attempting to remove a device from this bus. * @remove: Called when a device removed from this bus. * @shutdown: Called at shut-down time to quiesce the device. * @@ -85,6 +86,7 @@ struct bus_type { int (*uevent)(const struct device *dev, struct kobj_uevent_env *env); int (*probe)(struct device *dev); void (*sync_state)(struct device *dev); + bool (*can_remove)(struct device *dev); void (*remove)(struct device *dev); void (*shutdown)(struct device *dev); -- 2.43.0

1 year, 9 months

5
11
0 0

[for-linus][PATCH 1/2] ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default

by Steven Rostedt

From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> The commit 60c8971899f3 ("ftrace: Make DIRECT_CALLS work WITH_ARGS and !WITH_REGS") changed DIRECT_CALLS to use SAVE_ARGS when there are multiple ftrace_ops at the same function, but since the x86 only support to jump to direct_call from ftrace_regs_caller, when we set the function tracer on the same target function on x86, ftrace-direct does not work as below (this actually works on arm64.) At first, insmod ftrace-direct.ko to put a direct_call on 'wake_up_process()'. # insmod kernel/samples/ftrace/ftrace-direct.ko # less trace ... <idle>-0 [006] ..s1. 564.686958: my_direct_func: waking up rcu_preempt-17 <idle>-0 [007] ..s1. 564.687836: my_direct_func: waking up kcompactd0-63 <idle>-0 [006] ..s1. 564.690926: my_direct_func: waking up rcu_preempt-17 <idle>-0 [006] ..s1. 564.696872: my_direct_func: waking up rcu_preempt-17 <idle>-0 [007] ..s1. 565.191982: my_direct_func: waking up kcompactd0-63 Setup a function filter to the 'wake_up_process' too, and enable it. # cd /sys/kernel/tracing/ # echo wake_up_process > set_ftrace_filter # echo function > current_tracer # less trace ... <idle>-0 [006] ..s3. 686.180972: wake_up_process <-call_timer_fn <idle>-0 [006] ..s3. 686.186919: wake_up_process <-call_timer_fn <idle>-0 [002] ..s3. 686.264049: wake_up_process <-call_timer_fn <idle>-0 [002] d.h6. 686.515216: wake_up_process <-kick_pool <idle>-0 [002] d.h6. 686.691386: wake_up_process <-kick_pool Then, only function tracer is shown on x86. But if you enable 'kprobe on ftrace' event (which uses SAVE_REGS flag) on the same function, it is shown again. # echo 'p wake_up_process' >> dynamic_events # echo 1 > events/kprobes/p_wake_up_process_0/enable # echo > trace # less trace ... <idle>-0 [006] ..s2. 2710.345919: p_wake_up_process_0: (wake_up_process+0x4/0x20) <idle>-0 [006] ..s3. 2710.345923: wake_up_process <-call_timer_fn <idle>-0 [006] ..s1. 2710.345928: my_direct_func: waking up rcu_preempt-17 <idle>-0 [006] ..s2. 2710.349931: p_wake_up_process_0: (wake_up_process+0x4/0x20) <idle>-0 [006] ..s3. 2710.349934: wake_up_process <-call_timer_fn <idle>-0 [006] ..s1. 2710.349937: my_direct_func: waking up rcu_preempt-17 To fix this issue, use SAVE_REGS flag for multiple ftrace_ops flag of direct_call by default. Link: https://lore.kernel.org/linux-trace-kernel/170484558617.178953.159051694939… Fixes: 60c8971899f3 ("ftrace: Make DIRECT_CALLS work WITH_ARGS and !WITH_REGS") Cc: stable(a)vger.kernel.org Cc: Florent Revest <revest(a)chromium.org> Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Tested-by: Mark Rutland <mark.rutland(a)arm.com> [arm64] Acked-by: Jiri Olsa <jolsa(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index b01ae7d36021..c060d5b47910 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5325,7 +5325,17 @@ static LIST_HEAD(ftrace_direct_funcs); static int register_ftrace_function_nolock(struct ftrace_ops *ops); +/* + * If there are multiple ftrace_ops, use SAVE_REGS by default, so that direct + * call will be jumped from ftrace_regs_caller. Only if the architecture does + * not support ftrace_regs_caller but direct_call, use SAVE_ARGS so that it + * jumps from ftrace_caller for multiple ftrace_ops. + */ +#ifndef HAVE_DYNAMIC_FTRACE_WITH_REGS #define MULTI_FLAGS (FTRACE_OPS_FL_DIRECT | FTRACE_OPS_FL_SAVE_ARGS) +#else +#define MULTI_FLAGS (FTRACE_OPS_FL_DIRECT | FTRACE_OPS_FL_SAVE_REGS) +#endif static int check_direct_multi(struct ftrace_ops *ops) { -- 2.43.0

1 year, 9 months

1
0
0 0

[PATCH v3] soc: qcom: mdt_loader: Add Upperbounds check for program header access

by Auditya Bhattaram

hash_index is evaluated by looping phdrs till QCOM_MDT_TYPE_HASH is found. Add an upperbound check to phdrs to access within elf size. Fixes: 64fb5eb87d58 ("soc: qcom: mdt_loader: Allow hash to reside in any segment") Cc: <stable(a)vger.kernel.org> Signed-off-by: Auditya Bhattaram <quic_audityab(a)quicinc.com> --- Changes in v3: - Corrected wrong patch versioning in the Subject. - Added error prints for Invalid access. Link to v2 https://lore.kernel.org/linux-arm-msm/9773d189-c896-d5c5-804c-e086c24987b4@… Link to v1 https://lore.kernel.org/linux-arm-msm/5d7a3b97-d840-4863-91a0-32c1d8e7532f@… --- drivers/soc/qcom/mdt_loader.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c index 6f177e46fa0f..61e2377cc5c3 100644 --- a/drivers/soc/qcom/mdt_loader.c +++ b/drivers/soc/qcom/mdt_loader.c @@ -145,6 +145,11 @@ void *qcom_mdt_read_metadata(const struct firmware *fw, size_t *data_len, if (phdrs[0].p_type == PT_LOAD) return ERR_PTR(-EINVAL); + if (((size_t)(phdrs + ehdr->e_phnum)) > ((size_t)ehdr + fw->size)) { + dev_err(dev, "Invalid phdrs access: %s\n", fw_name); + return ERR_PTR(-EINVAL); + } + for (i = 1; i < ehdr->e_phnum; i++) { if ((phdrs[i].p_flags & QCOM_MDT_TYPE_MASK) == QCOM_MDT_TYPE_HASH) { hash_segment = i; -- 2.17.1

1 year, 9 months

2
2
0 0

[PATCH v4] mm/zswap: invalidate old entry when store fail or !zswap_enabled

by chengming.zhou＠linux.dev

From: Chengming Zhou <zhouchengming(a)bytedance.com> We may encounter duplicate entry in the zswap_store(): 1. swap slot that freed to per-cpu swap cache, doesn't invalidate the zswap entry, then got reused. This has been fixed. 2. !exclusive load mode, swapin folio will leave its zswap entry on the tree, then swapout again. This has been removed. 3. one folio can be dirtied again after zswap_store(), so need to zswap_store() again. This should be handled correctly. So we must invalidate the old duplicate entry before insert the new one, which actually doesn't have to be done at the beginning of zswap_store(). And this is a normal situation, we shouldn't WARN_ON(1) in this case, so delete it. (The WARN_ON(1) seems want to detect swap entry UAF problem? But not very necessary here.) The good point is that we don't need to lock tree twice in the store success path. Note we still need to invalidate the old duplicate entry in the store failure path, otherwise the new data in swapfile could be overwrite by the old data in zswap pool when lru writeback. We have to do this even when !zswap_enabled since zswap can be disabled anytime. If the folio store success before, then got dirtied again but zswap disabled, we won't invalidate the old duplicate entry in the zswap_store(). So later lru writeback may overwrite the new data in swapfile. Fixes: 42c06a0e8ebe ("mm: kill frontswap") Cc: <stable(a)vger.kernel.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Acked-by: Chris Li <chrisl(a)kernel.org> Signed-off-by: Chengming Zhou <zhouchengming(a)bytedance.com> --- v4: - VM_WARN_ON generate no code when !CONFIG_DEBUG_VM, change to use WARN_ON. v3: - Fix a few grammatical problems in comments, per Yosry. v2: - Change the duplicate entry invalidation loop to if, since we hold the lock, we won't find it once we invalidate it, per Yosry. - Add Fixes tag. --- mm/zswap.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/mm/zswap.c b/mm/zswap.c index cd67f7f6b302..62fe307521c9 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1518,18 +1518,8 @@ bool zswap_store(struct folio *folio) return false; if (!zswap_enabled) - return false; + goto check_old; - /* - * If this is a duplicate, it must be removed before attempting to store - * it, otherwise, if the store fails the old page won't be removed from - * the tree, and it might be written back overriding the new data. - */ - spin_lock(&tree->lock); - entry = zswap_rb_search(&tree->rbroot, offset); - if (entry) - zswap_invalidate_entry(tree, entry); - spin_unlock(&tree->lock); objcg = get_obj_cgroup_from_folio(folio); if (objcg && !obj_cgroup_may_zswap(objcg)) { memcg = get_mem_cgroup_from_objcg(objcg); @@ -1608,14 +1598,12 @@ bool zswap_store(struct folio *folio) /* map */ spin_lock(&tree->lock); /* - * A duplicate entry should have been removed at the beginning of this - * function. Since the swap entry should be pinned, if a duplicate is - * found again here it means that something went wrong in the swap - * cache. + * The folio may have been dirtied again, invalidate the + * possibly stale entry before inserting the new entry. */ - while (zswap_rb_insert(&tree->rbroot, entry, &dupentry) == -EEXIST) { - WARN_ON(1); + if (zswap_rb_insert(&tree->rbroot, entry, &dupentry) == -EEXIST) { zswap_invalidate_entry(tree, dupentry); + WARN_ON(zswap_rb_insert(&tree->rbroot, entry, &dupentry)); } if (entry->length) { INIT_LIST_HEAD(&entry->lru); @@ -1638,6 +1626,17 @@ bool zswap_store(struct folio *folio) reject: if (objcg) obj_cgroup_put(objcg); +check_old: + /* + * If the zswap store fails or zswap is disabled, we must invalidate the + * possibly stale entry which was previously stored at this offset. + * Otherwise, writeback could overwrite the new data in the swapfile. + */ + spin_lock(&tree->lock); + entry = zswap_rb_search(&tree->rbroot, offset); + if (entry) + zswap_invalidate_entry(tree, entry); + spin_unlock(&tree->lock); return false; shrink: -- 2.40.1

1 year, 9 months

5
8
0 0

+ mm-zswap-invalidate-duplicate-entry-when-zswap_enabled.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/zswap: invalidate duplicate entry when !zswap_enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-zswap-invalidate-duplicate-entry-when-zswap_enabled.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Chengming Zhou <zhouchengming(a)bytedance.com> Subject: mm/zswap: invalidate duplicate entry when !zswap_enabled Date: Thu, 8 Feb 2024 02:32:54 +0000 We have to invalidate any duplicate entry even when !zswap_enabled since zswap can be disabled anytime. If the folio store success before, then got dirtied again but zswap disabled, we won't invalidate the old duplicate entry in the zswap_store(). So later lru writeback may overwrite the new data in swapfile. Link: https://lkml.kernel.org/r/20240208023254.3873823-1-chengming.zhou@linux.dev Fixes: 42c06a0e8ebe ("mm: kill frontswap") Signed-off-by: Chengming Zhou <zhouchengming(a)bytedance.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zswap.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/mm/zswap.c~mm-zswap-invalidate-duplicate-entry-when-zswap_enabled +++ a/mm/zswap.c @@ -1516,7 +1516,7 @@ bool zswap_store(struct folio *folio) if (folio_test_large(folio)) return false; - if (!zswap_enabled || !tree) + if (!tree) return false; /* @@ -1531,6 +1531,10 @@ bool zswap_store(struct folio *folio) zswap_invalidate_entry(tree, dupentry); } spin_unlock(&tree->lock); + + if (!zswap_enabled) + return false; + objcg = get_obj_cgroup_from_folio(folio); if (objcg && !obj_cgroup_may_zswap(objcg)) { memcg = get_mem_cgroup_from_objcg(objcg); _ Patches currently in -mm which might be from zhouchengming(a)bytedance.com are mm-zswap-invalidate-duplicate-entry-when-zswap_enabled.patch mm-zswap-make-sure-each-swapfile-always-have-zswap-rb-tree.patch mm-zswap-split-zswap-rb-tree.patch mm-zswap-fix-race-between-lru-writeback-and-swapoff.patch mm-list_lru-remove-list_lru_putback.patch mm-zswap-add-more-comments-in-shrink_memcg_cb.patch mm-zswap-invalidate-zswap-entry-when-swap-entry-free.patch mm-zswap-stop-lru-list-shrinking-when-encounter-warm-region.patch mm-zswap-remove-duplicate_entry-debug-value.patch mm-zswap-only-support-zswap_exclusive_loads_enabled.patch mm-zswap-zswap-entry-doesnt-need-refcount-anymore.patch

1 year, 9 months

1
0
0 0

+ fs-proc-task_mmu-add-display-flag-for-vm_mayoverlay.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: add display flag for VM_MAYOVERLAY has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-add-display-flag-for-vm_mayoverlay.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Anshuman Khandual <anshuman.khandual(a)arm.com> Subject: fs/proc/task_mmu: add display flag for VM_MAYOVERLAY Date: Thu, 8 Feb 2024 14:18:05 +0530 VM_UFFD_MISSING flag is mutually exclussive with VM_MAYOVERLAY flag as they both use the same bit position i.e 0x00000200 in the vm_flags. Let's update show_smap_vma_flags() to display the correct flags depending on CONFIG_MMU. Link: https://lkml.kernel.org/r/20240208084805.1252337-1-anshuman.khandual@arm.com Fixes: b6b7a8faf05c ("mm/nommu: don't use VM_MAYSHARE for MAP_PRIVATE mappings") Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-add-display-flag-for-vm_mayoverlay +++ a/fs/proc/task_mmu.c @@ -681,7 +681,11 @@ static void show_smap_vma_flags(struct s [ilog2(VM_HUGEPAGE)] = "hg", [ilog2(VM_NOHUGEPAGE)] = "nh", [ilog2(VM_MERGEABLE)] = "mg", +#ifdef CONFIG_MMU [ilog2(VM_UFFD_MISSING)]= "um", +#else + [ilog2(VM_MAYOVERLAY)] = "ov", +#endif /* CONFIG_MMU */ [ilog2(VM_UFFD_WP)] = "uw", #ifdef CONFIG_ARM64_MTE [ilog2(VM_MTE)] = "mt", _ Patches currently in -mm which might be from anshuman.khandual(a)arm.com are fs-proc-task_mmu-add-display-flag-for-vm_mayoverlay.patch mm-cma-dont-treat-bad-input-arguments-for-cma_alloc-as-its-failure.patch mm-cma-drop-config_cma_debug.patch mm-cma-make-max_cma_areas-=-config_cma_areas.patch mm-cma-add-sysfs-file-release_pages_success.patch

1 year, 9 months

1
0
0 0

+ lib-kconfigdebug-test_iov_iter-depends-on-mmu.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-kconfigdebug-test_iov_iter-depends-on-mmu.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Guenter Roeck <linux(a)roeck-us.net> Subject: lib/Kconfig.debug: TEST_IOV_ITER depends on MMU Date: Thu, 8 Feb 2024 07:30:10 -0800 Trying to run the iov_iter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash. KTAP version 1 # Subtest: iov_iter # module: kunit_iov_iter 1..9 BUG: failure at mm/nommu.c:318/vmap()! Kernel panic - not syncing: BUG! The test calls vmap() directly, but vmap() is not supported on nommu systems, causing the crash. TEST_IOV_ITER therefore needs to depend on MMU. Link: https://lkml.kernel.org/r/20240208153010.1439753-1-linux@roeck-us.net Fixes: 2d71340ff1d4 ("iov_iter: Kunit tests for copying to/from an iterator") Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> Cc: David Howells <dhowells(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/Kconfig.debug | 1 + 1 file changed, 1 insertion(+) --- a/lib/Kconfig.debug~lib-kconfigdebug-test_iov_iter-depends-on-mmu +++ a/lib/Kconfig.debug @@ -2235,6 +2235,7 @@ config TEST_DIV64 config TEST_IOV_ITER tristate "Test iov_iter operation" if !KUNIT_ALL_TESTS depends on KUNIT + depends on MMU default KUNIT_ALL_TESTS help Enable this to turn on testing of the operation of the I/O iterator _ Patches currently in -mm which might be from linux(a)roeck-us.net are lib-kconfigdebug-test_iov_iter-depends-on-mmu.patch

1 year, 9 months

1
0
0 0

[obsolete] xfs-disable-large-folio-support-in-xfile_create.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: xfs: disable large folio support in xfile_create has been removed from the -mm tree. Its filename was xfs-disable-large-folio-support-in-xfile_create.patch This patch was dropped because it is obsolete ------------------------------------------------------ From: Christoph Hellwig <hch(a)lst.de> Subject: xfs: disable large folio support in xfile_create Date: Wed, 10 Jan 2024 10:21:09 +0100 The xfarray code will crash if large folios are force enabled using: echo force > /sys/kernel/mm/transparent_hugepage/shmem_enabled Fixing this will require a bit of an API change, and prefeably sorting out the hwpoison story for pages vs folio and where it is placed in the shmem API. For now use this one liner to disable large folios. Link: https://lkml.kernel.org/r/20240110092109.1950011-3-hch@lst.de Fixes: 3934e8ebb7cc ("xfs: create a big array data structure") Reported-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Cc: Chandan Babu R <chandan.babu(a)oracle.com> Cc: Christian K��nig <christian.koenig(a)amd.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Dave Airlie <airlied(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Huang Rui <ray.huang(a)amd.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/xfs/scrub/xfile.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/fs/xfs/scrub/xfile.c~xfs-disable-large-folio-support-in-xfile_create +++ a/fs/xfs/scrub/xfile.c @@ -94,6 +94,11 @@ xfile_create( lockdep_set_class(&inode->i_rwsem, &xfile_i_mutex_key); + /* + * We're not quite ready for large folios yet. + */ + mapping_clear_large_folios(inode->i_mapping); + trace_xfile_create(xf); *xfilep = xf; _ Patches currently in -mm which might be from hch(a)lst.de are

1 year, 9 months

1
0
0 0

[obsolete] mm-add-a-mapping_clear_large_folios-helper.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: add a mapping_clear_large_folios helper has been removed from the -mm tree. Its filename was mm-add-a-mapping_clear_large_folios-helper.patch This patch was dropped because it is obsolete ------------------------------------------------------ From: Christoph Hellwig <hch(a)lst.de> Subject: mm: add a mapping_clear_large_folios helper Date: Wed, 10 Jan 2024 10:21:08 +0100 Patch series "disable large folios for shmem file used by xfs xfile". Darrick reported that the fairly new XFS xfile code blows up when force enabling large folio for shmem. This series fixes this quickly by disabling large folios for this particular shmem file for now until it can be fixed properly, which will be a lot more invasive. This patch (of 2): Users of shmem_kernel_file_setup might not be able to deal with large folios (yet). Give them a way to disable large folio support on their mapping. Link: https://lkml.kernel.org/r/20240110092109.1950011-1-hch@lst.de Link: https://lkml.kernel.org/r/20240110092109.1950011-2-hch@lst.de Fixes: 3934e8ebb7cc ("xfs: create a big array data structure") Signed-off-by: Christoph Hellwig <hch(a)lst.de> Cc: Chandan Babu R <chandan.babu(a)oracle.com> Cc: Christian K��nig <christian.koenig(a)amd.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Dave Airlie <airlied(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Huang Rui <ray.huang(a)amd.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Tvrtko Ursulin <tvrtko.ursulin(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/pagemap.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) --- a/include/linux/pagemap.h~mm-add-a-mapping_clear_large_folios-helper +++ a/include/linux/pagemap.h @@ -360,6 +360,20 @@ static inline void mapping_set_large_fol __set_bit(AS_LARGE_FOLIO_SUPPORT, &mapping->flags); } +/** + * mapping_clear_large_folios() - Disable large folio support for a mapping + * @mapping: The mapping. + * + * This can be called to undo the effect of mapping_set_large_folios(). + * + * Context: This should not be called while the inode is active as it + * is non-atomic. + */ +static inline void mapping_clear_large_folios(struct address_space *mapping) +{ + __clear_bit(AS_LARGE_FOLIO_SUPPORT, &mapping->flags); +} + /* * Large folio support currently depends on THP. These dependencies are * being worked on but are not yet fixed. _ Patches currently in -mm which might be from hch(a)lst.de are xfs-disable-large-folio-support-in-xfile_create.patch

1 year, 9 months

1
0
0 0

Apply e08ff622c91a to 6.6.y

by Miguel Ojeda

Hi Greg, Sasha, Please consider applying commit e08ff622c91a to 6.6.y. It requires the following chain: 828176d037e2 ("rust: arc: add explicit `drop()` around `Box::from_raw()`") ae6df65dabc3 ("rust: upgrade to Rust 1.72.1") c61bcc278b19 ("rust: task: remove redundant explicit link") a53d8cdd5a0a ("rust: print: use explicit link in documentation") e08ff622c91a ("rust: upgrade to Rust 1.73.0") which applies cleanly to 6.6.y. This upgrades the Rust compiler version from 1.71.1 to 1.73.0 (2 version upgrades + 3 prerequisites for the upgrades), fixing a couple issues with the Rust compiler version currently used in 6.6.y. In particular: - A build error with `CONFIG_RUST_DEBUG_ASSERTIONS` enabled (`.eh_frame` section unexpected generation). This is solved applying up to ae6df65dabc3. - A developer-only Make target error (building `.rsi` single-target files, i.e. the equivalent to requesting a preprocessed file in C). This is solved applying all of them. Thanks! Cheers, Miguel

1 year, 9 months

2
1
0 0

[PATCH stable 5.4] net: bcmgenet: Fix EEE implementation

by Florian Fainelli

commit a9f31047baca57d47440c879cf259b86f900260c upstream We had a number of short comings: - EEE must be re-evaluated whenever the state machine detects a link change as wight be switching from a link partner with EEE enabled/disabled - tx_lpi_enabled controls whether EEE should be enabled/disabled for the transmit path, which applies to the TBUF block - We do not need to forcibly enable EEE upon system resume, as the PHY state machine will trigger a link event that will do that, too Fixes: 6ef398ea60d9 ("net: bcmgenet: add EEE support") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> Link: https://lore.kernel.org/r/20230606214348.2408018-1-florian.fainelli@broadco… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Change-Id: I9e9d9d9e10817c7fcf3d9cde2389a1f6fe42a2ba --- .../net/ethernet/broadcom/genet/bcmgenet.c | 22 +++++++------------ .../net/ethernet/broadcom/genet/bcmgenet.h | 3 +++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +++++ 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index eeadeeec17ba..380bf7a328ba 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -1018,7 +1018,8 @@ static void bcmgenet_get_ethtool_stats(struct net_device *dev, } } -static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) +void bcmgenet_eee_enable_set(struct net_device *dev, bool enable, + bool tx_lpi_enabled) { struct bcmgenet_priv *priv = netdev_priv(dev); u32 off = priv->hw_params->tbuf_offset + TBUF_ENERGY_CTRL; @@ -1038,7 +1039,7 @@ static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) /* Enable EEE and switch to a 27Mhz clock automatically */ reg = bcmgenet_readl(priv->base + off); - if (enable) + if (tx_lpi_enabled) reg |= TBUF_EEE_EN | TBUF_PM_EN; else reg &= ~(TBUF_EEE_EN | TBUF_PM_EN); @@ -1059,6 +1060,7 @@ static void bcmgenet_eee_enable_set(struct net_device *dev, bool enable) priv->eee.eee_enabled = enable; priv->eee.eee_active = enable; + priv->eee.tx_lpi_enabled = tx_lpi_enabled; } static int bcmgenet_get_eee(struct net_device *dev, struct ethtool_eee *e) @@ -1074,6 +1076,7 @@ static int bcmgenet_get_eee(struct net_device *dev, struct ethtool_eee *e) e->eee_enabled = p->eee_enabled; e->eee_active = p->eee_active; + e->tx_lpi_enabled = p->tx_lpi_enabled; e->tx_lpi_timer = bcmgenet_umac_readl(priv, UMAC_EEE_LPI_TIMER); return phy_ethtool_get_eee(dev->phydev, e); @@ -1083,7 +1086,6 @@ static int bcmgenet_set_eee(struct net_device *dev, struct ethtool_eee *e) { struct bcmgenet_priv *priv = netdev_priv(dev); struct ethtool_eee *p = &priv->eee; - int ret = 0; if (GENET_IS_V1(priv)) return -EOPNOTSUPP; @@ -1094,16 +1096,11 @@ static int bcmgenet_set_eee(struct net_device *dev, struct ethtool_eee *e) p->eee_enabled = e->eee_enabled; if (!p->eee_enabled) { - bcmgenet_eee_enable_set(dev, false); + bcmgenet_eee_enable_set(dev, false, false); } else { - ret = phy_init_eee(dev->phydev, 0); - if (ret) { - netif_err(priv, hw, dev, "EEE initialization failed\n"); - return ret; - } - + p->eee_active = phy_init_eee(dev->phydev, false) >= 0; bcmgenet_umac_writel(priv, e->tx_lpi_timer, UMAC_EEE_LPI_TIMER); - bcmgenet_eee_enable_set(dev, true); + bcmgenet_eee_enable_set(dev, p->eee_active, e->tx_lpi_enabled); } return phy_ethtool_set_eee(dev->phydev, e); @@ -3688,9 +3685,6 @@ static int bcmgenet_resume(struct device *d) if (!device_may_wakeup(d)) phy_resume(dev->phydev); - if (priv->eee.eee_enabled) - bcmgenet_eee_enable_set(dev, true); - bcmgenet_netif_start(dev); netif_device_attach(dev); diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 5b7c2f9241d0..29bf256d13f6 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -736,4 +736,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, enum bcmgenet_power_mode mode); +void bcmgenet_eee_enable_set(struct net_device *dev, bool enable, + bool tx_lpi_enabled); + #endif /* __BCMGENET_H__ */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 2fbec2acb606..026f00ccaa0c 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -25,6 +25,7 @@ #include "bcmgenet.h" + /* setup netdev link state when PHY link status change and * update UMAC and RGMII block when link up */ @@ -96,6 +97,11 @@ void bcmgenet_mii_setup(struct net_device *dev) CMD_RX_PAUSE_IGNORE | CMD_TX_PAUSE_IGNORE); reg |= cmd_bits; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + + priv->eee.eee_active = phy_init_eee(phydev, 0) >= 0; + bcmgenet_eee_enable_set(dev, + priv->eee.eee_enabled && priv->eee.eee_active, + priv->eee.tx_lpi_enabled); } else { /* done if nothing has changed */ if (!status_changed) -- 2.34.1

1 year, 9 months

2
2
0 0

[PATCH 1/8] docs: kernel_feat.py: fix build error for missing files

by Vegard Nossum

If the directory passed to the '.. kernel-feat::' directive does not exist or the get_feat.pl script does not find any files to extract features from, Sphinx will report the following error: Sphinx parallel build error: UnboundLocalError: local variable 'fname' referenced before assignment make[2]: *** [Documentation/Makefile:102: htmldocs] Error 2 This is due to how I changed the script in c48a7c44a1d0 ("docs: kernel_feat.py: fix potential command injection"). Before that, the filename passed along to self.nestedParse() in this case was weirdly just the whole get_feat.pl invocation. We can fix it by doing what kernel_abi.py does -- just pass self.arguments[0] as 'fname'. Fixes: c48a7c44a1d0 ("docs: kernel_feat.py: fix potential command injection") Cc: Justin Forbes <jforbes(a)fedoraproject.org> Cc: Salvatore Bonaccorso <carnil(a)debian.org> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Vegard Nossum <vegard.nossum(a)oracle.com> --- Documentation/sphinx/kernel_feat.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/sphinx/kernel_feat.py b/Documentation/sphinx/kernel_feat.py index b9df61eb4501..03ace5f01b5c 100644 --- a/Documentation/sphinx/kernel_feat.py +++ b/Documentation/sphinx/kernel_feat.py @@ -109,7 +109,7 @@ class KernelFeat(Directive): else: out_lines += line + "\n" - nodeList = self.nestedParse(out_lines, fname) + nodeList = self.nestedParse(out_lines, self.arguments[0]) return nodeList def nestedParse(self, lines, fname): -- 2.34.1

1 year, 9 months

4
7
0 0

[PATCH] drm/i915/dp: Limit SST link rate to <=8.1Gbps

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Limit the link rate to HBR3 or below (<=8.1Gbps) in SST mode. UHBR (10Gbps+) link rates require 128b/132b channel encoding which we have not yet hooked up into the SST/no-sideband codepaths. Cc: stable(a)vger.kernel.org Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index ab415f41924d..5045c34a16be 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -2356,6 +2356,9 @@ intel_dp_compute_config_limits(struct intel_dp *intel_dp, limits->min_rate = intel_dp_common_rate(intel_dp, 0); limits->max_rate = intel_dp_max_link_rate(intel_dp); + /* FIXME 128b/132b SST support missing */ + limits->max_rate = min(limits->max_rate, 810000); + limits->min_lane_count = 1; limits->max_lane_count = intel_dp_max_lane_count(intel_dp); -- 2.43.0

1 year, 9 months

2
1
0 0

[PATCH] leds: trigger: netdev: Fix kernel panic on interface rename trig notify

by Christian Marangi

Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link speed mode") in the various changes, reworked the way to set the LINKUP mode in commit cee4bd16c319 ("leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename") and moved it to a generic function. This changed the logic where, in the previous implementation the dev from the trigger event was used to check if the carrier was ok, but in the new implementation with the generic function, the dev in trigger_data is used instead. This is problematic and cause a possible kernel panic due to the fact that the dev in the trigger_data still reference the old one as the new one (passed from the trigger event) still has to be hold and saved in the trigger_data struct (done in the NETDEV_REGISTER case). On calling of get_device_state(), an invalid net_dev is used and this cause a kernel panic. To handle this correctly, move the call to get_device_state() after the new net_dev is correctly set in trigger_data (in the NETDEV_REGISTER case) and correctly parse the new dev. Fixes: d5e01266e7f5 ("leds: trigger: netdev: add additional specific link speed mode") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/leds/trigger/ledtrig-netdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/leds/trigger/ledtrig-netdev.c b/drivers/leds/trigger/ledtrig-netdev.c index 8e5475819590..df1b1d8468e6 100644 --- a/drivers/leds/trigger/ledtrig-netdev.c +++ b/drivers/leds/trigger/ledtrig-netdev.c @@ -504,12 +504,12 @@ static int netdev_trig_notify(struct notifier_block *nb, trigger_data->duplex = DUPLEX_UNKNOWN; switch (evt) { case NETDEV_CHANGENAME: - get_device_state(trigger_data); - fallthrough; case NETDEV_REGISTER: dev_put(trigger_data->net_dev); dev_hold(dev); trigger_data->net_dev = dev; + if (evt == NETDEV_CHANGENAME) + get_device_state(trigger_data); break; case NETDEV_UNREGISTER: dev_put(trigger_data->net_dev); -- 2.43.0

1 year, 9 months

3
10
0 0

[PATCH] fs: relax mount_setattr() permission checks

by Christian Brauner

When we added mount_setattr() I added additional checks compared to the legacy do_reconfigure_mnt() and do_change_type() helpers used by regular mount(2). If that mount had a parent then verify that the caller and the mount namespace the mount is attached to match and if not make sure that it's an anonymous mount. The real rootfs falls into neither category. It is neither an anoymous mount because it is obviously attached to the initial mount namespace but it also obviously doesn't have a parent mount. So that means legacy mount(2) allows changing mount properties on the real rootfs but mount_setattr(2) blocks this. I never thought much about this but of course someone on this planet of earth changes properties on the real rootfs as can be seen in [1]. Since util-linux finally switched to the new mount api in 2.39 not so long ago it also relies on mount_setattr() and that surfaced this issue when Fedora 39 finally switched to it. Fix this. Link: https://bugzilla.redhat.com/show_bug.cgi?id=2256843 Reported-by: Karel Zak <kzak(a)redhat.com> Cc: stable(a)vger.kernel.org # v5.12+ Signed-off-by: Christian Brauner <brauner(a)kernel.org> --- fs/namespace.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 437f60e96d40..fb0286920bce 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -4472,10 +4472,15 @@ static int do_mount_setattr(struct path *path, struct mount_kattr *kattr) /* * If this is an attached mount make sure it's located in the callers * mount namespace. If it's not don't let the caller interact with it. - * If this is a detached mount make sure it has an anonymous mount - * namespace attached to it, i.e. we've created it via OPEN_TREE_CLONE. + * + * If this mount doesn't have a parent it's most often simply a + * detached mount with an anonymous mount namespace. IOW, something + * that's simply not attached yet. But there are apparently also users + * that do change mount properties on the rootfs itself. That obviously + * neither has a parent nor is it a detached mount so we cannot + * unconditionally check for detached mounts. */ - if (!(mnt_has_parent(mnt) ? check_mnt(mnt) : is_anon_ns(mnt->mnt_ns))) + if (mnt_has_parent(mnt) && !check_mnt(mnt)) goto out; /* --- base-commit: 2a42e144dd0b62eaf79148394ab057145afbc3c5 change-id: 20240206-vfs-mount-rootfs-70aff2e3956d

1 year, 9 months

2
3
0 0

[PATCH 5.10 0/2] bpf: cpumap: Fix memory leak in cpu_map_update_elem

by Alexey Panov

Syzkaller reports "memory leak in cpu_map_update_elem" in 5.10 stable release. The problem has been fixed by the following patches which can be cleanly applied to the 5.10 branch. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

1 year, 9 months

1
2
0 0

[PATCH net] s390/qeth: Fix potential loss of L3-IP@ in case of network issues

by Alexandra Winter

Symptom: In case of a bad cable connection (e.g. dirty optics) a fast sequence of network DOWN-UP-DOWN-UP could happen. UP triggers recovery of the qeth interface. In case of a second DOWN while recovery is still ongoing, it can happen that the IP@ of a Layer3 qeth interface is lost and will not be recovered by the second UP. Problem: When registration of IP addresses with Layer 3 qeth devices fails, (e.g. because of bad address format) the respective IP address is deleted from its hash-table in the driver. If registration fails because of a ENETDOWN condition, the address should stay in the hashtable, so a subsequent recovery can restore it. 3caa4af834df ("qeth: keep ip-address after LAN_OFFLINE failure") fixes this for registration failures during normal operation, but not during recovery. Solution: Keep L3-IP address in case of ENETDOWN in qeth_l3_recover_ip(). For consistency with qeth_l3_add_ip() we also keep it in case of EADDRINUSE, i.e. for some reason the card already/still has this address registered. Fixes: 4a71df50047f ("qeth: new qeth device driver") Cc: stable(a)vger.kernel.org Signed-off-by: Alexandra Winter <wintera(a)linux.ibm.com> --- drivers/s390/net/qeth_l3_main.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c index b92a32b4b114..04c64ce0a1ca 100644 --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -255,9 +255,10 @@ static void qeth_l3_clear_ip_htable(struct qeth_card *card, int recover) if (!recover) { hash_del(&addr->hnode); kfree(addr); - continue; + } else { + /* prepare for recovery */ + addr->disp_flag = QETH_DISP_ADDR_ADD; } - addr->disp_flag = QETH_DISP_ADDR_ADD; } mutex_unlock(&card->ip_lock); @@ -278,9 +279,11 @@ static void qeth_l3_recover_ip(struct qeth_card *card) if (addr->disp_flag == QETH_DISP_ADDR_ADD) { rc = qeth_l3_register_addr_entry(card, addr); - if (!rc) { + if (!rc || rc == -EADDRINUSE || rc == -ENETDOWN) { + /* keep it in the records */ addr->disp_flag = QETH_DISP_ADDR_DO_NOTHING; } else { + /* bad address */ hash_del(&addr->hnode); kfree(addr); } -- 2.40.1

1 year, 9 months

2
1
0 0

[PATCH 0/6] tools: Fix rtla and rv problems (found) with clang

by Daniel Bristot de Oliveira

RHEL people reported some errors when compiling rtla and rv with clang. The command line used to compile the tools is: $ make HOSTCC=clang CC=clang LLVM_IAS=1 The first problem is two unsupported flags passed to the compiler: -ffat-lto-objects and -Wno-maybe-uninitialized. They will be removed if the compile is clang. Also, the clang linker does not automatically recognize the -flto=auto option used at compilation time, so it is explicitly set. With the compiler working, it starts pointing to some warnings and errors about uninitialized variables, variable size, and an unused function. These problems are also fixed. Daniel Bristot de Oliveira (6): tools/rtla: Fix Makefile compiler options for clang tools/rtla: Fix uninitialized bucket/data->bucket_size warning tools/rtla: Fix clang warning about mount_point var size tools/rtla: Remove unused sched_getattr() function tools/rv: Fix Makefile compiler options for clang tools/rv: Fix curr_reactor uninitialized variable tools/tracing/rtla/Makefile | 7 ++++++- tools/tracing/rtla/src/osnoise_hist.c | 3 +-- tools/tracing/rtla/src/timerlat_hist.c | 3 +-- tools/tracing/rtla/src/utils.c | 8 +------- tools/verification/rv/Makefile | 7 ++++++- tools/verification/rv/src/in_kernel.c | 2 +- 6 files changed, 16 insertions(+), 14 deletions(-) -- 2.43.0

1 year, 9 months

2
8
0 0

[PATCH V3 1/2] net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio

by Sinthu Raja

From: Sinthu Raja <sinthu.raja(a)ti.com> The below commit introduced a WARN when phy state is not in the states: PHY_HALTED, PHY_READY and PHY_UP. commit 744d23c71af3 ("net: phy: Warn about incorrect mdio_bus_phy_resume() state") When cpsw_new resumes, there have port in PHY_NOLINK state, so the below warning comes out. Set mac_managed_pm be true to tell mdio that the phy resume/suspend is managed by the mac, to fix the following warning: WARNING: CPU: 0 PID: 965 at drivers/net/phy/phy_device.c:326 mdio_bus_phy_resume+0x140/0x144 CPU: 0 PID: 965 Comm: sh Tainted: G O 6.1.46-g247b2535b2 #1 Hardware name: Generic AM33XX (Flattened Device Tree) unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x24/0x2c dump_stack_lvl from __warn+0x84/0x15c __warn from warn_slowpath_fmt+0x1a8/0x1c8 warn_slowpath_fmt from mdio_bus_phy_resume+0x140/0x144 mdio_bus_phy_resume from dpm_run_callback+0x3c/0x140 dpm_run_callback from device_resume+0xb8/0x2b8 device_resume from dpm_resume+0x144/0x314 dpm_resume from dpm_resume_end+0x14/0x20 dpm_resume_end from suspend_devices_and_enter+0xd0/0x924 suspend_devices_and_enter from pm_suspend+0x2e0/0x33c pm_suspend from state_store+0x74/0xd0 state_store from kernfs_fop_write_iter+0x104/0x1ec kernfs_fop_write_iter from vfs_write+0x1b8/0x358 vfs_write from ksys_write+0x78/0xf8 ksys_write from ret_fast_syscall+0x0/0x54 Exception stack(0xe094dfa8 to 0xe094dff0) dfa0: 00000004 005c3fb8 00000001 005c3fb8 00000004 00000001 dfc0: 00000004 005c3fb8 b6f6bba0 00000004 00000004 0059edb8 00000000 00000000 dfe0: 00000004 bed918f0 b6f09bd3 b6e89a66 Cc: <stable(a)vger.kernel.org> # v6.0+ Fixes: 744d23c71af3 ("net: phy: Warn about incorrect mdio_bus_phy_resume() state") Signed-off-by: Sinthu Raja <sinthu.raja(a)ti.com> --- Changes in V3: - No Change Changes in V2: - Add fixes tag. drivers/net/ethernet/ti/cpsw_new.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/ti/cpsw_new.c b/drivers/net/ethernet/ti/cpsw_new.c index 498c50c6d1a7..087dcb67505a 100644 --- a/drivers/net/ethernet/ti/cpsw_new.c +++ b/drivers/net/ethernet/ti/cpsw_new.c @@ -773,6 +773,9 @@ static void cpsw_slave_open(struct cpsw_slave *slave, struct cpsw_priv *priv) slave->slave_num); return; } + + phy->mac_managed_pm = true; + slave->phy = phy; phy_attached_info(slave->phy); -- 2.36.1

1 year, 9 months

4
3
0 0

[PATCH 0/2] ARM: prctl: Reject PR_SET_MDWE where not supported

by Zev Weiss

Hello, I noticed after a recent kernel update that my ARM926 system started segfaulting on any execve() after calling prctl(PR_SET_MDWE). After some investigation it appears that ARMv5 is incapable of providing the appropriate protections for MDWE, since any readable memory is also implicitly executable. (Note that I'm not an expert in either ARM arch details or the mm subsystem, so please bear with me if I've botched something in the above analysis.) The prctl_set_mdwe() function already had some special-case logic added disabling it on PARISC (commit 793838138c15, "prctl: Disable prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that check to use an arch_*() function, and (2) adds a corresponding override for ARM to disable MDWE on pre-ARMv6 CPUs. With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can succeed instead of unconditionally failing; on ARMv6 the prctl works as it did previously. Since this was effectively a userspace-breaking change in v6.3 (with newer MDWE-aware userspace on older pre-MDWE kernels the prctl would simply fail safely) I've CCed -stable for v6.3+, though since the patches depend on the PARISC one above it will only apply cleanly on the linux-6.6.y and linux-6.7.y branches, since at least at time of writing the 6.3 through 6.5 branches don't have that patch backported (due to further missing dependencies [0]). Thanks, Zev [0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/ Zev Weiss (2): prctl: Generalize PR_SET_MDWE support check to be per-arch ARM: prctl: Reject PR_SET_MDWE on pre-ARMv6 arch/arm/include/asm/mman.h | 14 ++++++++++++++ arch/parisc/include/asm/mman.h | 14 ++++++++++++++ include/linux/mman.h | 8 ++++++++ kernel/sys.c | 7 +++++-- 4 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 arch/arm/include/asm/mman.h create mode 100644 arch/parisc/include/asm/mman.h -- 2.43.0

1 year, 9 months

3
6
0 0

[merged mm-hotfixes-stable] hugetlb-pages-should-not-be-reserved-by-shmat-if-shm_noreserve.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE has been removed from the -mm tree. Its filename was hugetlb-pages-should-not-be-reserved-by-shmat-if-shm_noreserve.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Prakash Sangappa <prakash.sangappa(a)oracle.com> Subject: mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Date: Tue, 23 Jan 2024 12:04:42 -0800 For shared memory of type SHM_HUGETLB, hugetlb pages are reserved in shmget() call. If SHM_NORESERVE flags is specified then the hugetlb pages are not reserved. However when the shared memory is attached with the shmat() call the hugetlb pages are getting reserved incorrectly for SHM_HUGETLB shared memory created with SHM_NORESERVE which is a bug. ------------------------------- Following test shows the issue. $cat shmhtb.c int main() { int shmflags = 0660 | IPC_CREAT | SHM_HUGETLB | SHM_NORESERVE; int shmid; shmid = shmget(SKEY, SHMSZ, shmflags); if (shmid < 0) { printf("shmat: shmget() failed, %d\n", errno); return 1; } printf("After shmget()\n"); system("cat /proc/meminfo | grep -i hugepages_"); shmat(shmid, NULL, 0); printf("\nAfter shmat()\n"); system("cat /proc/meminfo | grep -i hugepages_"); shmctl(shmid, IPC_RMID, NULL); return 0; } #sysctl -w vm.nr_hugepages=20 #./shmhtb After shmget() HugePages_Total: 20 HugePages_Free: 20 HugePages_Rsvd: 0 HugePages_Surp: 0 After shmat() HugePages_Total: 20 HugePages_Free: 20 HugePages_Rsvd: 5 <-- HugePages_Surp: 0 -------------------------------- Fix is to ensure that hugetlb pages are not reserved for SHM_HUGETLB shared memory in the shmat() call. Link: https://lkml.kernel.org/r/1706040282-12388-1-git-send-email-prakash.sangapp… Signed-off-by: Prakash Sangappa <prakash.sangappa(a)oracle.com> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/hugetlbfs/inode.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/fs/hugetlbfs/inode.c~hugetlb-pages-should-not-be-reserved-by-shmat-if-shm_noreserve +++ a/fs/hugetlbfs/inode.c @@ -100,6 +100,7 @@ static int hugetlbfs_file_mmap(struct fi loff_t len, vma_len; int ret; struct hstate *h = hstate_file(file); + vm_flags_t vm_flags; /* * vma address alignment (but not the pgoff alignment) has @@ -141,10 +142,20 @@ static int hugetlbfs_file_mmap(struct fi file_accessed(file); ret = -ENOMEM; + + vm_flags = vma->vm_flags; + /* + * for SHM_HUGETLB, the pages are reserved in the shmget() call so skip + * reserving here. Note: only for SHM hugetlbfs file, the inode + * flag S_PRIVATE is set. + */ + if (inode->i_flags & S_PRIVATE) + vm_flags |= VM_NORESERVE; + if (!hugetlb_reserve_pages(inode, vma->vm_pgoff >> huge_page_order(h), len >> huge_page_shift(h), vma, - vma->vm_flags)) + vm_flags)) goto out; ret = 0; _ Patches currently in -mm which might be from prakash.sangappa(a)oracle.com are

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-potential-bug-in-end_buffer_async_write.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix potential bug in end_buffer_async_write has been removed from the -mm tree. Its filename was nilfs2-fix-potential-bug-in-end_buffer_async_write.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix potential bug in end_buffer_async_write Date: Sun, 4 Feb 2024 01:16:45 +0900 According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer. Link: https://lkml.kernel.org/r/20240203161645.4992-1-konishi.ryusuke@gmail.com Fixes: 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+5c04210f7c7f897c1e7f(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000019a97c05fd42f8c8@google.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/fs/nilfs2/segment.c~nilfs2-fix-potential-bug-in-end_buffer_async_write +++ a/fs/nilfs2/segment.c @@ -1703,7 +1703,6 @@ static void nilfs_segctor_prepare_write( list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - set_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); @@ -1714,6 +1713,7 @@ static void nilfs_segctor_prepare_write( } break; } + set_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_begin_folio_io(fs_folio); fs_folio = bh->b_folio; @@ -1800,7 +1800,6 @@ static void nilfs_abort_logs(struct list list_for_each_entry(bh, &segbuf->sb_payload_buffers, b_assoc_buffers) { - clear_buffer_async_write(bh); if (bh == segbuf->sb_super_root) { clear_buffer_uptodate(bh); if (bh->b_folio != bd_folio) { @@ -1809,6 +1808,7 @@ static void nilfs_abort_logs(struct list } break; } + clear_buffer_async_write(bh); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, err); fs_folio = bh->b_folio; @@ -1896,8 +1896,9 @@ static void nilfs_segctor_complete_write BIT(BH_Delay) | BIT(BH_NILFS_Volatile) | BIT(BH_NILFS_Redirected)); - set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh == segbuf->sb_super_root) { + set_buffer_uptodate(bh); + clear_buffer_dirty(bh); if (bh->b_folio != bd_folio) { folio_end_writeback(bd_folio); bd_folio = bh->b_folio; @@ -1905,6 +1906,7 @@ static void nilfs_segctor_complete_write update_sr = true; break; } + set_mask_bits(&bh->b_state, clear_bits, set_bits); if (bh->b_folio != fs_folio) { nilfs_end_folio_io(fs_folio, 0); fs_folio = bh->b_folio; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-convert-segment-buffer-to-use-kmap_local.patch nilfs2-convert-nilfs_copy_buffer-to-use-kmap_local.patch nilfs2-convert-metadata-file-common-code-to-use-kmap_local.patch nilfs2-convert-sufile-to-use-kmap_local.patch nilfs2-convert-persistent-object-allocator-to-use-kmap_local.patch nilfs2-convert-dat-to-use-kmap_local.patch nilfs2-move-nilfs_bmap_write-call-out-of-nilfs_write_inode_common.patch nilfs2-do-not-acquire-rwsem-in-nilfs_bmap_write.patch nilfs2-convert-ifile-to-use-kmap_local.patch nilfs2-localize-highmem-mapping-for-checkpoint-creation-within-cpfile.patch nilfs2-localize-highmem-mapping-for-checkpoint-finalization-within-cpfile.patch nilfs2-localize-highmem-mapping-for-checkpoint-reading-within-cpfile.patch nilfs2-remove-nilfs_cpfile_getput_checkpoint.patch nilfs2-convert-cpfile-to-use-kmap_local.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-sysfs-schemes-fix-wrong-damos-tried-regions-update-timeout-setup.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/sysfs-schemes: fix wrong DAMOS tried regions update timeout setup has been removed from the -mm tree. Its filename was mm-damon-sysfs-schemes-fix-wrong-damos-tried-regions-update-timeout-setup.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/sysfs-schemes: fix wrong DAMOS tried regions update timeout setup Date: Fri, 2 Feb 2024 11:19:56 -0800 DAMON sysfs interface's update_schemes_tried_regions command has a timeout of two apply intervals of the DAMOS scheme. Having zero value DAMOS scheme apply interval means it will use the aggregation interval as the value. However, the timeout setup logic is mistakenly using the sampling interval insted of the aggregartion interval for the case. This could cause earlier-than-expected timeout of the command. Fix it. Link: https://lkml.kernel.org/r/20240202191956.88791-1-sj@kernel.org Fixes: 7d6fa31a2fd7 ("mm/damon/sysfs-schemes: add timeout for update_schemes_tried_regions") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 6.7.x Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs-schemes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/damon/sysfs-schemes.c~mm-damon-sysfs-schemes-fix-wrong-damos-tried-regions-update-timeout-setup +++ a/mm/damon/sysfs-schemes.c @@ -2194,7 +2194,7 @@ static void damos_tried_regions_init_upd sysfs_regions->upd_timeout_jiffies = jiffies + 2 * usecs_to_jiffies(scheme->apply_interval_us ? scheme->apply_interval_us : - ctx->attrs.sample_interval); + ctx->attrs.aggr_interval); } } _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-core-check-apply-interval-in-damon_do_apply_schemes.patch docs-admin-guide-mm-damon-usage-use-sysfs-interface-for-tracepoints-example.patch mm-damon-rename-config_damon_dbgfs-to-damon_dbgfs_deprecated.patch mm-damon-dbgfs-implement-deprecation-notice-file.patch mm-damon-dbgfs-make-debugfs-interface-deprecation-message-a-macro.patch docs-admin-guide-mm-damon-usage-document-deprecated-file-of-damon-debugfs-interface.patch selftets-damon-prepare-for-monitor_on-file-renaming.patch mm-damon-dbgfs-rename-monitor_on-file-to-monitor_on_deprecated.patch docs-admin-guide-mm-damon-usage-update-for-monitor_on-renaming.patch docs-translations-damon-usage-update-for-monitor_on-renaming.patch mm-damon-sysfs-handle-state-file-inputs-for-every-sampling-interval-if-possible.patch selftests-damon-_damon_sysfs-support-damos-quota.patch selftests-damon-_damon_sysfs-support-damos-stats.patch selftests-damon-_damon_sysfs-support-damos-apply-interval.patch selftests-damon-add-a-test-for-damos-quota.patch selftests-damon-add-a-test-for-damos-apply-intervals.patch selftests-damon-add-a-test-for-a-race-between-target_ids_read-and-dbgfs_before_terminate.patch selftests-damon-add-a-test-for-the-pid-leak-of-dbgfs_target_ids_write.patch selftests-damon-_chk_dependency-get-debugfs-mount-point-from-proc-mounts.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() has been removed from the -mm tree. Its filename was nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Date: Wed, 31 Jan 2024 23:56:57 +0900 Syzbot reported a hang issue in migrate_pages_batch() called by mbind() and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. While migrate_pages_batch() locks a folio and waits for the writeback to complete, the log writer thread that should bring the writeback to completion picks up the folio being written back in nilfs_lookup_dirty_data_buffers() that it calls for subsequent log creation and was trying to lock the folio. Thus causing a deadlock. In the first place, it is unexpected that folios/pages in the middle of writeback will be updated and become dirty. Nilfs2 adds a checksum to verify the validity of the log being written and uses it for recovery at mount, so data changes during writeback are suppressed. Since this is broken, an unclean shutdown could potentially cause recovery to fail. Investigation revealed that the root cause is that the wait for writeback completion in nilfs_page_mkwrite() is conditional, and if the backing device does not require stable writes, data may be modified without waiting. Fix these issues by making nilfs_page_mkwrite() wait for writeback to finish regardless of the stable write requirement of the backing device. Link: https://lkml.kernel.org/r/20240131145657.4209-1-konishi.ryusuke@gmail.com Fixes: 1d1d1a767206 ("mm: only enforce stable page writes if the backing device requires it") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+ee2ae68da3b22d04cd8d(a)syzkaller.appspotmail.com Closes: https://lkml.kernel.org/r/00000000000047d819061004ad6c@google.com Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/file.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/fs/nilfs2/file.c~nilfs2-fix-hang-in-nilfs_lookup_dirty_data_buffers +++ a/fs/nilfs2/file.c @@ -107,7 +107,13 @@ static vm_fault_t nilfs_page_mkwrite(str nilfs_transaction_commit(inode->i_sb); mapped: - folio_wait_stable(folio); + /* + * Since checksumming including data blocks is performed to determine + * the validity of the log to be written and used for recovery, it is + * necessary to wait for writeback to finish here, regardless of the + * stable write requirement of the backing device. + */ + folio_wait_writeback(folio); out: sb_end_pagefault(inode->i_sb); return vmf_fs_error(ret); _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-convert-segment-buffer-to-use-kmap_local.patch nilfs2-convert-nilfs_copy_buffer-to-use-kmap_local.patch nilfs2-convert-metadata-file-common-code-to-use-kmap_local.patch nilfs2-convert-sufile-to-use-kmap_local.patch nilfs2-convert-persistent-object-allocator-to-use-kmap_local.patch nilfs2-convert-dat-to-use-kmap_local.patch nilfs2-move-nilfs_bmap_write-call-out-of-nilfs_write_inode_common.patch nilfs2-do-not-acquire-rwsem-in-nilfs_bmap_write.patch nilfs2-convert-ifile-to-use-kmap_local.patch nilfs2-localize-highmem-mapping-for-checkpoint-creation-within-cpfile.patch nilfs2-localize-highmem-mapping-for-checkpoint-finalization-within-cpfile.patch nilfs2-localize-highmem-mapping-for-checkpoint-reading-within-cpfile.patch nilfs2-remove-nilfs_cpfile_getput_checkpoint.patch nilfs2-convert-cpfile-to-use-kmap_local.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] fshugetlb-fix-null-pointer-dereference-in-hugetlbs_fill_super.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super has been removed from the -mm tree. Its filename was fshugetlb-fix-null-pointer-dereference-in-hugetlbs_fill_super.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Oscar Salvador <osalvador(a)suse.de> Subject: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Date: Tue, 30 Jan 2024 22:04:18 +0100 When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize is non valid. E.g: Taking the following steps: fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced with NULL, losing its previous value, and we will print an error: ... ... case Opt_pagesize: ps = memparse(param->string, &rest); ctx->hstate = h; if (!ctx->hstate) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } return 0; ... ... This is a problem because later on, we will dereference ctxt->hstate in hugetlbfs_fill_super() ... ... sb->s_blocksize = huge_page_size(ctx->hstate); ... ... Causing below Oops. Fix this by replacing cxt->hstate value only when then pagesize is known to be valid. kernel: hugetlbfs: Unsupported page size 0 MB kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028 kernel: #PF: supervisor read access in kernel mode kernel: #PF: error_code(0x0000) - not-present page kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0 kernel: Oops: 0000 [#1] PREEMPT SMP PTI kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017 kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 kernel: Call Trace: kernel: <TASK> kernel: ? __die_body+0x1a/0x60 kernel: ? page_fault_oops+0x16f/0x4a0 kernel: ? search_bpf_extables+0x65/0x70 kernel: ? fixup_exception+0x22/0x310 kernel: ? exc_page_fault+0x69/0x150 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: ? hugetlbfs_fill_super+0xb4/0x1a0 kernel: ? hugetlbfs_fill_super+0x28/0x1a0 kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10 kernel: vfs_get_super+0x40/0xa0 kernel: ? __pfx_bpf_lsm_capable+0x10/0x10 kernel: vfs_get_tree+0x25/0xd0 kernel: vfs_cmd_create+0x64/0xe0 kernel: __x64_sys_fsconfig+0x395/0x410 kernel: do_syscall_64+0x80/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? syscall_exit_to_user_mode+0x82/0x240 kernel: ? do_syscall_64+0x8d/0x160 kernel: ? exc_page_fault+0x69/0x150 kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76 kernel: RIP: 0033:0x7ffbc0cb87c9 kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48 kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9 kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000 kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000 kernel: </TASK> kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common(E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_support(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_thermal(E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_button(E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hc d(E) ehci_hcd(E) libata(E) kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E) kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1 kernel: CR2: 0000000000000028 kernel: ---[ end trace 0000000000000000 ]--- kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0 kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28 kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246 kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004 kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000 kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004 kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000 kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400 kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0 Link: https://lkml.kernel.org/r/20240130210418.3771-1-osalvador@suse.de Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") Signed-off-by: Michal Hocko <mhocko(a)suse.com> Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/hugetlbfs/inode.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/fs/hugetlbfs/inode.c~fshugetlb-fix-null-pointer-dereference-in-hugetlbs_fill_super +++ a/fs/hugetlbfs/inode.c @@ -1365,6 +1365,7 @@ static int hugetlbfs_parse_param(struct { struct hugetlbfs_fs_context *ctx = fc->fs_private; struct fs_parse_result result; + struct hstate *h; char *rest; unsigned long ps; int opt; @@ -1409,11 +1410,12 @@ static int hugetlbfs_parse_param(struct case Opt_pagesize: ps = memparse(param->string, &rest); - ctx->hstate = size_to_hstate(ps); - if (!ctx->hstate) { + h = size_to_hstate(ps); + if (!h) { pr_err("Unsupported page size %lu MB\n", ps / SZ_1M); return -EINVAL; } + ctx->hstate = h; return 0; case Opt_min_size: _ Patches currently in -mm which might be from osalvador(a)suse.de are

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] arch-arm-mm-fix-major-fault-accounting-when-retrying-under-per-vma-lock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: arch/arm/mm: fix major fault accounting when retrying under per-VMA lock has been removed from the -mm tree. Its filename was arch-arm-mm-fix-major-fault-accounting-when-retrying-under-per-vma-lock.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: arch/arm/mm: fix major fault accounting when retrying under per-VMA lock Date: Mon, 22 Jan 2024 22:43:05 -0800 The change [1] missed ARM architecture when fixing major fault accounting for page fault retry under per-VMA lock. The user-visible effects is that it restores correct major fault accounting that was broken after [2] was merged in 6.7 kernel. The more detailed description is in [3] and this patch simply adds the same fix to ARM architecture which I missed in [3]. Add missing code to fix ARM architecture fault accounting. [1] 46e714c729c8 ("arch/mm/fault: fix major fault accounting when retrying under per-VMA lock") [2] https://lore.kernel.org/all/20231006195318.4087158-6-willy@infradead.org/ [3] https://lore.kernel.org/all/20231226214610.109282-1-surenb@google.com/ Link: https://lkml.kernel.org/r/20240123064305.2829244-1-surenb@google.com Fixes: 12214eba1992 ("mm: handle read faults under the VMA lock") Reported-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm/mm/fault.c | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/arm/mm/fault.c~arch-arm-mm-fix-major-fault-accounting-when-retrying-under-per-vma-lock +++ a/arch/arm/mm/fault.c @@ -298,6 +298,8 @@ do_page_fault(unsigned long addr, unsign goto done; } count_vm_vma_lock_event(VMA_LOCK_RETRY); + if (fault & VM_FAULT_MAJOR) + flags |= FAULT_FLAG_TRIED; /* Quick path to respond to signals */ if (fault_signal_pending(fault, regs)) { _ Patches currently in -mm which might be from surenb(a)google.com are userfaultfd-handle-zeropage-moves-by-uffdio_move.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix data corruption in dsync block recovery for small block sizes has been removed from the -mm tree. Its filename was nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix data corruption in dsync block recovery for small block sizes Date: Wed, 24 Jan 2024 21:19:36 +0900 The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount after an unclean shutdown, incorrectly calculates the on-page offset when copying repair data to the file's page cache. In environments where the block size is smaller than the page size, this flaw can cause data corruption and leak uninitialized memory bytes during the recovery process. Fix these issues by correcting this byte offset calculation on the page. Link: https://lkml.kernel.org/r/20240124121936.10575-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/recovery.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/fs/nilfs2/recovery.c~nilfs2-fix-data-corruption-in-dsync-block-recovery-for-small-block-sizes +++ a/fs/nilfs2/recovery.c @@ -472,9 +472,10 @@ static int nilfs_prepare_segment_for_rec static int nilfs_recovery_copy_block(struct the_nilfs *nilfs, struct nilfs_recovery_block *rb, - struct page *page) + loff_t pos, struct page *page) { struct buffer_head *bh_org; + size_t from = pos & ~PAGE_MASK; void *kaddr; bh_org = __bread(nilfs->ns_bdev, rb->blocknr, nilfs->ns_blocksize); @@ -482,7 +483,7 @@ static int nilfs_recovery_copy_block(str return -EIO; kaddr = kmap_atomic(page); - memcpy(kaddr + bh_offset(bh_org), bh_org->b_data, bh_org->b_size); + memcpy(kaddr + from, bh_org->b_data, bh_org->b_size); kunmap_atomic(kaddr); brelse(bh_org); return 0; @@ -521,7 +522,7 @@ static int nilfs_recover_dsync_blocks(st goto failed_inode; } - err = nilfs_recovery_copy_block(nilfs, rb, page); + err = nilfs_recovery_copy_block(nilfs, rb, pos, page); if (unlikely(err)) goto failed_page; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-convert-segment-buffer-to-use-kmap_local.patch nilfs2-convert-nilfs_copy_buffer-to-use-kmap_local.patch nilfs2-convert-metadata-file-common-code-to-use-kmap_local.patch nilfs2-convert-sufile-to-use-kmap_local.patch nilfs2-convert-persistent-object-allocator-to-use-kmap_local.patch nilfs2-convert-dat-to-use-kmap_local.patch nilfs2-move-nilfs_bmap_write-call-out-of-nilfs_write_inode_common.patch nilfs2-do-not-acquire-rwsem-in-nilfs_bmap_write.patch nilfs2-convert-ifile-to-use-kmap_local.patch nilfs2-localize-highmem-mapping-for-checkpoint-creation-within-cpfile.patch nilfs2-localize-highmem-mapping-for-checkpoint-finalization-within-cpfile.patch nilfs2-localize-highmem-mapping-for-checkpoint-reading-within-cpfile.patch nilfs2-remove-nilfs_cpfile_getput_checkpoint.patch nilfs2-convert-cpfile-to-use-kmap_local.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] exit-wait_task_zombie-kill-the-no-longer-necessary-spin_lock_irqsiglock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) has been removed from the -mm tree. Its filename was exit-wait_task_zombie-kill-the-no-longer-necessary-spin_lock_irqsiglock.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Oleg Nesterov <oleg(a)redhat.com> Subject: exit: wait_task_zombie: kill the no longer necessary spin_lock_irq(siglock) Date: Tue, 23 Jan 2024 16:34:00 +0100 After the recent changes nobody use siglock to read the values protected by stats_lock, we can kill spin_lock_irq(&current->sighand->siglock) and update the comment. With this patch only __exit_signal() and thread_group_start_cputime() take stats_lock under siglock. Link: https://lkml.kernel.org/r/20240123153359.GA21866@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/exit.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) --- a/kernel/exit.c~exit-wait_task_zombie-kill-the-no-longer-necessary-spin_lock_irqsiglock +++ a/kernel/exit.c @@ -1127,17 +1127,14 @@ static int wait_task_zombie(struct wait_ * and nobody can change them. * * psig->stats_lock also protects us from our sub-threads - * which can reap other children at the same time. Until - * we change k_getrusage()-like users to rely on this lock - * we have to take ->siglock as well. + * which can reap other children at the same time. * * We use thread_group_cputime_adjusted() to get times for * the thread group, which consolidates times for all threads * in the group including the group leader. */ thread_group_cputime_adjusted(p, &tgutime, &tgstime); - spin_lock_irq(&current->sighand->siglock); - write_seqlock(&psig->stats_lock); + write_seqlock_irq(&psig->stats_lock); psig->cutime += tgutime + sig->cutime; psig->cstime += tgstime + sig->cstime; psig->cgtime += task_gtime(p) + sig->gtime + sig->cgtime; @@ -1160,8 +1157,7 @@ static int wait_task_zombie(struct wait_ psig->cmaxrss = maxrss; task_io_accounting_add(&psig->ioac, &p->ioac); task_io_accounting_add(&psig->ioac, &sig->ioac); - write_sequnlock(&psig->stats_lock); - spin_unlock_irq(&current->sighand->siglock); + write_sequnlock_irq(&psig->stats_lock); } if (wo->wo_rusage) _ Patches currently in -mm which might be from oleg(a)redhat.com are ptrace_attach-shift-sendsigstop-into-ptrace_set_stopped.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-do_task_stat-use-sig-stats_lock-to-gather-the-threads-children-stats.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats has been removed from the -mm tree. Its filename was fs-proc-do_task_stat-use-sig-stats_lock-to-gather-the-threads-children-stats.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Oleg Nesterov <oleg(a)redhat.com> Subject: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Date: Tue, 23 Jan 2024 16:33:57 +0100 lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless. Link: https://lkml.kernel.org/r/20240123153357.GA21857@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/array.c | 58 +++++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 26 deletions(-) --- a/fs/proc/array.c~fs-proc-do_task_stat-use-sig-stats_lock-to-gather-the-threads-children-stats +++ a/fs/proc/array.c @@ -477,13 +477,13 @@ static int do_task_stat(struct seq_file int permitted; struct mm_struct *mm; unsigned long long start_time; - unsigned long cmin_flt = 0, cmaj_flt = 0; - unsigned long min_flt = 0, maj_flt = 0; - u64 cutime, cstime, utime, stime; - u64 cgtime, gtime; + unsigned long cmin_flt, cmaj_flt, min_flt, maj_flt; + u64 cutime, cstime, cgtime, utime, stime, gtime; unsigned long rsslim = 0; unsigned long flags; int exit_code = task->exit_code; + struct signal_struct *sig = task->signal; + unsigned int seq = 1; state = *get_task_state(task); vsize = eip = esp = 0; @@ -511,12 +511,8 @@ static int do_task_stat(struct seq_file sigemptyset(&sigign); sigemptyset(&sigcatch); - cutime = cstime = 0; - cgtime = gtime = 0; if (lock_task_sighand(task, &flags)) { - struct signal_struct *sig = task->signal; - if (sig->tty) { struct pid *pgrp = tty_get_pgrp(sig->tty); tty_pgrp = pid_nr_ns(pgrp, ns); @@ -527,27 +523,9 @@ static int do_task_stat(struct seq_file num_threads = get_nr_threads(task); collect_sigign_sigcatch(task, &sigign, &sigcatch); - cmin_flt = sig->cmin_flt; - cmaj_flt = sig->cmaj_flt; - cutime = sig->cutime; - cstime = sig->cstime; - cgtime = sig->cgtime; rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur); - /* add up live thread stats at the group level */ if (whole) { - struct task_struct *t; - - __for_each_thread(sig, t) { - min_flt += t->min_flt; - maj_flt += t->maj_flt; - gtime += task_gtime(t); - } - - min_flt += sig->min_flt; - maj_flt += sig->maj_flt; - gtime += sig->gtime; - if (sig->flags & (SIGNAL_GROUP_EXIT | SIGNAL_STOP_STOPPED)) exit_code = sig->group_exit_code; } @@ -562,6 +540,34 @@ static int do_task_stat(struct seq_file if (permitted && (!whole || num_threads < 2)) wchan = !task_is_running(task); + do { + seq++; /* 2 on the 1st/lockless path, otherwise odd */ + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); + + cmin_flt = sig->cmin_flt; + cmaj_flt = sig->cmaj_flt; + cutime = sig->cutime; + cstime = sig->cstime; + cgtime = sig->cgtime; + + if (whole) { + struct task_struct *t; + + min_flt = sig->min_flt; + maj_flt = sig->maj_flt; + gtime = sig->gtime; + + rcu_read_lock(); + __for_each_thread(sig, t) { + min_flt += t->min_flt; + maj_flt += t->maj_flt; + gtime += task_gtime(t); + } + rcu_read_unlock(); + } + } while (need_seqretry(&sig->stats_lock, seq)); + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); + if (whole) { thread_group_cputime_adjusted(task, &utime, &stime); } else { _ Patches currently in -mm which might be from oleg(a)redhat.com are ptrace_attach-shift-sendsigstop-into-ptrace_set_stopped.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-do_task_stat-move-thread_group_cputime_adjusted-outside-of-lock_task_sighand.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() has been removed from the -mm tree. Its filename was fs-proc-do_task_stat-move-thread_group_cputime_adjusted-outside-of-lock_task_sighand.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Oleg Nesterov <oleg(a)redhat.com> Subject: fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Date: Tue, 23 Jan 2024 16:33:55 +0100 Patch series "fs/proc: do_task_stat: use sig->stats_". do_task_stat() has the same problem as getrusage() had before "getrusage: use sig->stats_lock rather than lock_task_sighand()": a hard lockup. If NR_CPUS threads call lock_task_sighand() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. This patch (of 3): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. Not only this removes for_each_thread() from the critical section with irqs disabled, this removes another case when stats_lock is taken with siglock held. We want to remove this dependency, then we can change the users of stats_lock to not disable irqs. Link: https://lkml.kernel.org/r/20240123153313.GA21832@redhat.com Link: https://lkml.kernel.org/r/20240123153355.GA21854@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/array.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/fs/proc/array.c~fs-proc-do_task_stat-move-thread_group_cputime_adjusted-outside-of-lock_task_sighand +++ a/fs/proc/array.c @@ -511,7 +511,7 @@ static int do_task_stat(struct seq_file sigemptyset(&sigign); sigemptyset(&sigcatch); - cutime = cstime = utime = stime = 0; + cutime = cstime = 0; cgtime = gtime = 0; if (lock_task_sighand(task, &flags)) { @@ -546,7 +546,6 @@ static int do_task_stat(struct seq_file min_flt += sig->min_flt; maj_flt += sig->maj_flt; - thread_group_cputime_adjusted(task, &utime, &stime); gtime += sig->gtime; if (sig->flags & (SIGNAL_GROUP_EXIT | SIGNAL_STOP_STOPPED)) @@ -562,10 +561,13 @@ static int do_task_stat(struct seq_file if (permitted && (!whole || num_threads < 2)) wchan = !task_is_running(task); - if (!whole) { + + if (whole) { + thread_group_cputime_adjusted(task, &utime, &stime); + } else { + task_cputime_adjusted(task, &utime, &stime); min_flt = task->min_flt; maj_flt = task->maj_flt; - task_cputime_adjusted(task, &utime, &stime); gtime = task_gtime(task); } _ Patches currently in -mm which might be from oleg(a)redhat.com are ptrace_attach-shift-sendsigstop-into-ptrace_set_stopped.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] getrusage-use-sig-stats_lock-rather-than-lock_task_sighand.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: getrusage: use sig->stats_lock rather than lock_task_sighand() has been removed from the -mm tree. Its filename was getrusage-use-sig-stats_lock-rather-than-lock_task_sighand.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Oleg Nesterov <oleg(a)redhat.com> Subject: getrusage: use sig->stats_lock rather than lock_task_sighand() Date: Mon, 22 Jan 2024 16:50:53 +0100 lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call getrusage() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change getrusage() to use sig->stats_lock, it was specifically designed for this type of use. This way it runs lockless in the likely case. TODO: - Change do_task_stat() to use sig->stats_lock too, then we can remove spin_lock_irq(siglock) in wait_task_zombie(). - Turn sig->stats_lock into seqcount_rwlock_t, this way the readers in the slow mode won't exclude each other. See https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/ - stats_lock has to disable irqs because ->siglock can be taken in irq context, it would be very nice to change __exit_signal() to avoid the siglock->stats_lock dependency. Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/sys.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) --- a/kernel/sys.c~getrusage-use-sig-stats_lock-rather-than-lock_task_sighand +++ a/kernel/sys.c @@ -1788,7 +1788,9 @@ void getrusage(struct task_struct *p, in unsigned long maxrss; struct mm_struct *mm; struct signal_struct *sig = p->signal; + unsigned int seq = 0; +retry: memset(r, 0, sizeof(*r)); utime = stime = 0; maxrss = 0; @@ -1800,8 +1802,7 @@ void getrusage(struct task_struct *p, in goto out_thread; } - if (!lock_task_sighand(p, &flags)) - return; + flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq); switch (who) { case RUSAGE_BOTH: @@ -1829,14 +1830,23 @@ void getrusage(struct task_struct *p, in r->ru_oublock += sig->oublock; if (maxrss < sig->maxrss) maxrss = sig->maxrss; + + rcu_read_lock(); __for_each_thread(sig, t) accumulate_thread_rusage(t, r); + rcu_read_unlock(); + break; default: BUG(); } - unlock_task_sighand(p, &flags); + + if (need_seqretry(&sig->stats_lock, seq)) { + seq = 1; + goto retry; + } + done_seqretry_irqrestore(&sig->stats_lock, seq, flags); if (who == RUSAGE_CHILDREN) goto out_children; _ Patches currently in -mm which might be from oleg(a)redhat.com are ptrace_attach-shift-sendsigstop-into-ptrace_set_stopped.patch

1 year, 9 months

1
0
0 0

[merged mm-hotfixes-stable] getrusage-move-thread_group_cputime_adjusted-outside-of-lock_task_sighand.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() has been removed from the -mm tree. Its filename was getrusage-move-thread_group_cputime_adjusted-outside-of-lock_task_sighand.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Oleg Nesterov <oleg(a)redhat.com> Subject: getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() Date: Mon, 22 Jan 2024 16:50:50 +0100 Patch series "getrusage: use sig->stats_lock", v2. This patch (of 2): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. This is also preparation for the next patch which changes getrusage() to use stats_lock instead of siglock, thread_group_cputime() takes the same lock. With the current implementation recursive read_seqbegin_or_lock() is fine, thread_group_cputime() can't enter the slow mode if the caller holds stats_lock, yet this looks more safe and better performance-wise. Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Reported-by: Dylan Hatch <dylanbhatch(a)google.com> Tested-by: Dylan Hatch <dylanbhatch(a)google.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/sys.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) --- a/kernel/sys.c~getrusage-move-thread_group_cputime_adjusted-outside-of-lock_task_sighand +++ a/kernel/sys.c @@ -1785,17 +1785,19 @@ void getrusage(struct task_struct *p, in struct task_struct *t; unsigned long flags; u64 tgutime, tgstime, utime, stime; - unsigned long maxrss = 0; + unsigned long maxrss; + struct mm_struct *mm; struct signal_struct *sig = p->signal; - memset((char *)r, 0, sizeof (*r)); + memset(r, 0, sizeof(*r)); utime = stime = 0; + maxrss = 0; if (who == RUSAGE_THREAD) { task_cputime_adjusted(current, &utime, &stime); accumulate_thread_rusage(p, r); maxrss = sig->maxrss; - goto out; + goto out_thread; } if (!lock_task_sighand(p, &flags)) @@ -1819,9 +1821,6 @@ void getrusage(struct task_struct *p, in fallthrough; case RUSAGE_SELF: - thread_group_cputime_adjusted(p, &tgutime, &tgstime); - utime += tgutime; - stime += tgstime; r->ru_nvcsw += sig->nvcsw; r->ru_nivcsw += sig->nivcsw; r->ru_minflt += sig->min_flt; @@ -1839,19 +1838,24 @@ void getrusage(struct task_struct *p, in } unlock_task_sighand(p, &flags); -out: - r->ru_utime = ns_to_kernel_old_timeval(utime); - r->ru_stime = ns_to_kernel_old_timeval(stime); - - if (who != RUSAGE_CHILDREN) { - struct mm_struct *mm = get_task_mm(p); + if (who == RUSAGE_CHILDREN) + goto out_children; - if (mm) { - setmax_mm_hiwater_rss(&maxrss, mm); - mmput(mm); - } + thread_group_cputime_adjusted(p, &tgutime, &tgstime); + utime += tgutime; + stime += tgstime; + +out_thread: + mm = get_task_mm(p); + if (mm) { + setmax_mm_hiwater_rss(&maxrss, mm); + mmput(mm); } + +out_children: r->ru_maxrss = maxrss * (PAGE_SIZE / 1024); /* convert pages to KBs */ + r->ru_utime = ns_to_kernel_old_timeval(utime); + r->ru_stime = ns_to_kernel_old_timeval(stime); } SYSCALL_DEFINE2(getrusage, int, who, struct rusage __user *, ru) _ Patches currently in -mm which might be from oleg(a)redhat.com are ptrace_attach-shift-sendsigstop-into-ptrace_set_stopped.patch

1 year, 9 months

1
0
0 0

[PATCH] ASoC: tas2781: remove unused acpi_subysystem_id

by Gergo Koteles

The acpi_subysystem_id is only written and freed, not read, so unnecessary. Fixes: ef3bcde75d06 ("ASoC: tas2781: Add tas2781 driver") CC: stable(a)vger.kernel.org Signed-off-by: Gergo Koteles <soyer(a)irl.hu> --- include/sound/tas2781.h | 1 - sound/pci/hda/tas2781_hda_i2c.c | 10 ---------- sound/soc/codecs/tas2781-comlib.c | 1 - 3 files changed, 12 deletions(-) diff --git a/include/sound/tas2781.h b/include/sound/tas2781.h index 9aff384941de..99ca3e401fd1 100644 --- a/include/sound/tas2781.h +++ b/include/sound/tas2781.h @@ -103,7 +103,6 @@ struct tasdevice_priv { struct tm tm; enum device_catlog_id catlog_id; - const char *acpi_subsystem_id; unsigned char cal_binaryname[TASDEVICE_MAX_CHANNELS][64]; unsigned char crc8_lkp_tbl[CRC8_TABLE_SIZE]; unsigned char coef_binaryname[64]; diff --git a/sound/pci/hda/tas2781_hda_i2c.c b/sound/pci/hda/tas2781_hda_i2c.c index 1bfb00102a77..02c85084aca5 100644 --- a/sound/pci/hda/tas2781_hda_i2c.c +++ b/sound/pci/hda/tas2781_hda_i2c.c @@ -129,18 +129,8 @@ static int tas2781_read_acpi(struct tasdevice_priv *p, const char *hid) acpi_dev_free_resource_list(&resources); strscpy(p->dev_name, hid, sizeof(p->dev_name)); - physdev = get_device(acpi_get_first_physical_node(adev)); acpi_dev_put(adev); - /* No side-effect to the playback even if subsystem_id is NULL*/ - sub = acpi_get_subsystem_id(ACPI_HANDLE(physdev)); - if (IS_ERR(sub)) - sub = NULL; - - p->acpi_subsystem_id = sub; - - put_device(physdev); - return 0; err: diff --git a/sound/soc/codecs/tas2781-comlib.c b/sound/soc/codecs/tas2781-comlib.c index 5d0e5348b361..3aa81514dad7 100644 --- a/sound/soc/codecs/tas2781-comlib.c +++ b/sound/soc/codecs/tas2781-comlib.c @@ -408,7 +408,6 @@ void tasdevice_remove(struct tasdevice_priv *tas_priv) { if (gpio_is_valid(tas_priv->irq_info.irq_gpio)) gpio_free(tas_priv->irq_info.irq_gpio); - kfree(tas_priv->acpi_subsystem_id); mutex_destroy(&tas_priv->codec_lock); } EXPORT_SYMBOL_GPL(tasdevice_remove); base-commit: 610010737f74482a61896596a0116876ecf9e65c -- 2.43.0

1 year, 9 months

3
7
0 0

[PATCH AUTOSEL 4.19 1/3] ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

by Sasha Levin

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 4530b3660d396a646aad91a787b6ab37cf604b53 ] Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan group gets ac_b_ex but doesn't use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap corrupted group Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-7-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ext4/mballoc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 8875fac9f958..cf034a38e8ba 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1802,6 +1802,9 @@ int ext4_mb_try_best_found(struct ext4_allocation_context *ac, return err; ext4_lock_group(ac->ac_sb, group); + if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) + goto out; + max = mb_find_extent(e4b, ex.fe_start, ex.fe_len, &ex); if (max > 0) { @@ -1809,6 +1812,7 @@ int ext4_mb_try_best_found(struct ext4_allocation_context *ac, ext4_mb_use_best_found(ac, e4b); } +out: ext4_unlock_group(ac->ac_sb, group); ext4_mb_unload_buddy(e4b); -- 2.43.0

1 year, 9 months

1
2
0 0

[PATCH AUTOSEL 5.4 1/7] ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

by Sasha Levin

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 4530b3660d396a646aad91a787b6ab37cf604b53 ] Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan group gets ac_b_ex but doesn't use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap corrupted group Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-7-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ext4/mballoc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 9e5aa625ab30..c1af95898aa4 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1802,6 +1802,9 @@ int ext4_mb_try_best_found(struct ext4_allocation_context *ac, return err; ext4_lock_group(ac->ac_sb, group); + if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) + goto out; + max = mb_find_extent(e4b, ex.fe_start, ex.fe_len, &ex); if (max > 0) { @@ -1809,6 +1812,7 @@ int ext4_mb_try_best_found(struct ext4_allocation_context *ac, ext4_mb_use_best_found(ac, e4b); } +out: ext4_unlock_group(ac->ac_sb, group); ext4_mb_unload_buddy(e4b); -- 2.43.0

1 year, 9 months

1
6
0 0

[PATCH AUTOSEL 5.15 01/23] ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt

by Sasha Levin

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 993bf0f4c393b3667830918f9247438a8f6fdb5b ] Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-6-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ext4/mballoc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index e44c28ceb9cd..3df3c3894f7b 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -853,7 +853,7 @@ mb_update_avg_fragment_size(struct super_block *sb, struct ext4_group_info *grp) { struct ext4_sb_info *sbi = EXT4_SB(sb); - if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_free == 0) + if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_fragments == 0) return; write_lock(&sbi->s_mb_rb_lock); -- 2.43.0

1 year, 9 months

1
22
0 0

[PATCH AUTOSEL 6.1 01/29] ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt

by Sasha Levin

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 993bf0f4c393b3667830918f9247438a8f6fdb5b ] Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-6-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ext4/mballoc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 33be702d6e38..779555925029 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -831,7 +831,7 @@ mb_update_avg_fragment_size(struct super_block *sb, struct ext4_group_info *grp) struct ext4_sb_info *sbi = EXT4_SB(sb); int new_order; - if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_free == 0) + if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_fragments == 0) return; new_order = mb_avg_fragment_size_order(sb, -- 2.43.0

1 year, 9 months

1
28
0 0

[PATCH AUTOSEL 6.6 01/38] ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt

by Sasha Levin

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 993bf0f4c393b3667830918f9247438a8f6fdb5b ] Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20240104142040.2835097-6-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ext4/mballoc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 9a4b73485ded..f74a8f144a66 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -841,7 +841,7 @@ mb_update_avg_fragment_size(struct super_block *sb, struct ext4_group_info *grp) struct ext4_sb_info *sbi = EXT4_SB(sb); int new_order; - if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_free == 0) + if (!test_opt2(sb, MB_OPTIMIZE_SCAN) || grp->bb_fragments == 0) return; new_order = mb_avg_fragment_size_order(sb, -- 2.43.0

1 year, 9 months

1
37
0 0

[PATCH v2] clocksource: timer-riscv: Clear timer interrupt on timer initialization

by Ley Foon Tan

In the RISC-V specification, the stimecmp register doesn't have a default value. To prevent the timer interrupt from being triggered during timer initialization, clear the timer interrupt by writing stimecmp with a maximum value. Fixes: 9f7a8ff6391f ("RISC-V: Prefer sstc extension if available") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ley Foon Tan <leyfoon.tan(a)starfivetech.com> --- v2: Resolved comments from Anup. - Moved riscv_clock_event_stop() to riscv_timer_starting_cpu(). - Added Fixes tag --- drivers/clocksource/timer-riscv.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/clocksource/timer-riscv.c b/drivers/clocksource/timer-riscv.c index e66dcbd66566..672669eb7281 100644 --- a/drivers/clocksource/timer-riscv.c +++ b/drivers/clocksource/timer-riscv.c @@ -116,6 +116,9 @@ static int riscv_timer_starting_cpu(unsigned int cpu) ce->rating = 450; clockevents_config_and_register(ce, riscv_timebase, 100, 0x7fffffff); + /* Clear timer interrupt */ + riscv_clock_event_stop(); + enable_percpu_irq(riscv_clock_event_irq, irq_get_trigger_type(riscv_clock_event_irq)); return 0; -- 2.43.0

1 year, 9 months

3
2
0 0

[PATCH 6.7 000/641] 6.7.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.7.2 release. There are 641 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 24 Jan 2024 23:56:49 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.7.2-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.7.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.7.2-rc1 Marek Szyprowski <m.szyprowski(a)samsung.com> i2c: s3c24xx: fix transferring more than one message in polling mode Marek Szyprowski <m.szyprowski(a)samsung.com> i2c: s3c24xx: fix read transfers in polling mode Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work Amit Cohen <amcohen(a)nvidia.com> selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes Petr Machata <petrm(a)nvidia.com> mlxsw: spectrum_router: Register netdevice notifier before nexthop Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix stack corruption Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path Amit Cohen <amcohen(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure Christoph Hellwig <hch(a)lst.de> loop: fix the the direct I/O support check when used on top of block devices Ludvig Pärsson <ludvig.parsson(a)axis.com> ethtool: netlink: Add missing ethnl_ops_begin/complete Mark Brown <broonie(a)kernel.org> arm64/ptrace: Don't flush ZA/ZT storage when writing ZA via ptrace Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> kdb: Fix a potential buffer overflow in kdb_local() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: adjust defer tw counting Fedor Pchelkin <pchelkin(a)ispras.ru> ipvs: avoid stat macros calls from preemptible context Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip dead set elements in netlink dump Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: do not allow mismatch field size and set key length Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> netfilter: bridge: replace physindev with physinif in nf_bridge_info Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> netfilter: propagate net to nf_bridge_get_physindev Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> netfilter: nf_queue: remove excess nf_bridge variable Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> netfilter: nfnetlink_log: use proper helper for fetching physinif Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_limit: do not ignore unsupported flags Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject invalid set policy Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: don't try to destroy PHC on VFs Paolo Abeni <pabeni(a)redhat.com> mptcp: relax check on MPC passive fallback Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Prevent out-of-bounds memory access Kunwu Chan <chentao(a)kylinos.cn> net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe Hao Sun <sunhao.th(a)gmail.com> bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS Qiang Ma <maqianga(a)uniontech.com> net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake calls Benjamin Poirier <bpoirier(a)nvidia.com> selftests: bonding: Change script interpreter Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fall back to INPUT power for AVG power via INFO IOCTL Dafna Hirschfeld <dhirschfeld(a)habana.ai> drm/amdkfd: fixes for HMM mem allocation Lukas Wunner <lukas(a)wunner.de> gpiolib: Fix scope-based gpio_device refcounting Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: ipc4-loader: remove the CPC check warnings Su Hui <suhui(a)nfschina.com> gpio: mlxbf3: add an error code check in mlxbf3_gpio_probe Michal Simek <michal.simek(a)amd.com> dt-bindings: gpio: xilinx: Fix node address in gpio Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: ravb: Fix dma_addr_t truncation in error case John Fastabend <john.fastabend(a)gmail.com> net: tls, fix WARNIING in __sk_msg_free Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Avoid iter->offset making backward progress in bpf_iter_udp Martin KaFai Lau <martin.lau(a)kernel.org> bpf: iter_udp: Retry with a larger batch size without going back to the previous bucket Marc Kleine-Budde <mkl(a)pengutronix.de> net: netdev_queue: netdev_txq_completed_mb(): fix wake condition Eric Dumazet <edumazet(a)google.com> net: add more sanity check in virtio_net_hdr_to_skb() Gao Xiang <xiang(a)kernel.org> erofs: fix inconsistent per-file compression format Eric Dumazet <edumazet(a)google.com> udp: annotate data-races around up->pending Sneh Shah <quic_snehshah(a)quicinc.com> net: stmmac: Fix ethool link settings ops for integrated PCS Jens Axboe <axboe(a)kernel.dk> block: ensure we hold a queue reference when using queue limits Eric Dumazet <edumazet(a)google.com> mptcp: refine opt_mp_capable determination Eric Dumazet <edumazet(a)google.com> mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() Eric Dumazet <edumazet(a)google.com> mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() Eric Dumazet <edumazet(a)google.com> mptcp: strict validation before using mp_opt->hmac Eric Dumazet <edumazet(a)google.com> mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ALSA: hda: Properly setup HDMI stream Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: phy: micrel: populate .soft_reset for KSZ9131 Horatiu Vultur <horatiu.vultur(a)microchip.com> net: micrel: Fix PTP frame parsing for lan8841 Chancel Liu <chancel.liu(a)nxp.com> ALSA: aloop: Introduce a function to get if access is interleaved mode Taehee Yoo <ap420073(a)gmail.com> amt: do not use overwrapped cb area Sanjuán García, Jorge <Jorge.SanjuanGarcia(a)duagon.com> net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: CN10KB: Fix FIFO length calculation for RPM2 David Howells <dhowells(a)redhat.com> rxrpc: Fix use of Don't Fragment flag Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events Lin Ma <linma(a)zju.edu.cn> net: qualcomm: rmnet: fix global oob in rmnet_policy Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: fix max size calculation in zpci_memcpy_toio() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> ASoC: mediatek: sof-common: Add NULL check for normal_link string Jianjun Wang <jianjun.wang(a)mediatek.com> PCI: mediatek-gen3: Fix translation window size calculation Gaosheng Cui <cuigaosheng1(a)huawei.com> apparmor: Fix memory leak in unpack_profile() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Fix race condition when initializing PHYs Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: Fix the H2C expected PDU len calculation Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> PCI: xilinx-xdma: Fix error code in xilinx_pl_dma_pcie_init_irq_domain() Krzysztof Wilczyński <kwilczynski(a)kernel.org> PCI: xilinx-xdma: Fix uninitialized symbols in xilinx_pl_dma_pcie_setup_irq() Arnd Bergmann <arnd(a)arndb.de> nvme: trace: avoid memcpy overflow warning Arnd Bergmann <arnd(a)arndb.de> nvmet: re-fix tracing strncpy() warning Shameer Kolothum <shameerali.kolothum.thodi(a)huawei.com> hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: coldfire-qspi: Remove an erroneous clk_disable_unprepare() from the remove function Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix missing target list lock Ben Gainey <ben.gainey(a)arm.com> perf db-export: Fix missing reference count get in call_path_from_sample() Dan Carpenter <dan.carpenter(a)linaro.org> cdx: Unlock on error path in rescan_store() Dan Carpenter <dan.carpenter(a)linaro.org> cdx: call of_node_put() on error path Sam Ravnborg <sam(a)ravnborg.org> serial: apbuart: fix console prompt on qemu Christoph Niedermaier <cniedermaier(a)dh-electronics.com> serial: imx: Correct clock error message in function probe() Chunfeng Yun <chunfeng.yun(a)mediatek.com> usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: avoid crash when parsed profile name is empty Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: fix possible memory leak in unpack_trans_table Jim Harris <jim.harris(a)samsung.com> cxl/region: fix x9 interleave typo Ian Rogers <irogers(a)google.com> perf stat: Fix hard coded LL miss units Ian Rogers <irogers(a)google.com> perf env: Avoid recursively taking env->bpf_progs.lock Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: free the allocated pdb objects Christoph Hellwig <hch(a)lst.de> nvmet-tcp: fix a missing endianess conversion in nvmet_tcp_try_peek_pdu Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix a crash in nvmet_req_complete() Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length John Johansen <john.johansen(a)canonical.com> apparmor: Fix ref count leak in task_kill Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vdpa: Fix an error handling path in eni_vdpa_probe() Kunwu Chan <chentao(a)kylinos.cn> power: supply: Fix null pointer dereference in smb2_probe Jing Zhang <renyu.zj(a)linux.alibaba.com> perf vendor events: Remove UTF-8 characters from cmn.json Ashish Mhetre <amhetre(a)nvidia.com> iommu: Don't reserve 0-length IOVA region Ayush Singh <ayushdevel1325(a)gmail.com> greybus: gb-beagleplay: Remove use of pad bytes Andrzej Pietrasiewicz <andrzej.p(a)collabora.com> usb: gadget: webcam: Make g_webcam loadable again Nícolas F. R. A. Prado <nfraprado(a)collabora.com> spmi: mtk-pmif: Serialize PMIF status check and command submission Rob Herring <robh(a)kernel.org> cdx: Explicitly include correct DT includes, again Douglas Anderson <dianders(a)chromium.org> usb: core: Fix crash w/ usb_choose_configuration() if no driver Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb5165-rb5: use u16 for DP altmode svid Oliver Neukum <oneukum(a)suse.com> usb: cdc-acm: return correct error code on unsupported break Manivannan Sadhasivam <mani(a)kernel.org> PCI: epf-mhi: Fix the DMA data direction of dma_unmap_single() Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Pass mhi_ep_buf_info struct to read/write APIs Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Use slab allocator where applicable Manivannan Sadhasivam <mani(a)kernel.org> bus: mhi: ep: Do not allocate event ring element on stack Namhyung Kim <namhyung(a)kernel.org> perf unwind-libunwind: Fix base address for .eh_frame Namhyung Kim <namhyung(a)kernel.org> perf unwind-libdw: Handle JIT-generated DSOs properly Namhyung Kim <namhyung(a)kernel.org> perf genelf: Set ELF program header addresses properly Yicong Yang <yangyicong(a)hisilicon.com> perf hisi-ptt: Fix one memory leakage in hisi_ptt_process_auxtrace_event() Yicong Yang <yangyicong(a)hisilicon.com> perf header: Fix one memory leakage in perf_event__fprintf_event_update() Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad9467: fix scale setting Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad9467: add mutex to struct ad9467_state Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad9467: don't ignore error codes Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad9467: fix reset gpio handling Zhao Mengmeng <zhaomengmeng(a)kylinos.cn> selftests/sgx: Skip non X86_64 platform Jo Van Bulck <jo.vanbulck(a)cs.kuleuven.be> selftests/sgx: Include memory clobber for inline asm in test enclave Jo Van Bulck <jo.vanbulck(a)cs.kuleuven.be> selftests/sgx: Fix uninitialized pointer dereferences in encl_get_entry Jo Van Bulck <jo.vanbulck(a)cs.kuleuven.be> selftests/sgx: Fix uninitialized pointer dereference in error path Paul Geurts <paul_geurts(a)live.nl> serial: imx: fix tx statemachine deadlock Sakari Ailus <sakari.ailus(a)linux.intel.com> software node: Let args be NULL in software_node_get_reference_args Sakari Ailus <sakari.ailus(a)linux.intel.com> acpi: property: Let args be NULL in __acpi_node_get_property_reference Gregory Price <gourry.memverge(a)gmail.com> base/node.c: initialize the accessor list before registering Ian Rogers <irogers(a)google.com> perf stat: Exit perf stat if parse groups fails Kan Liang <kan.liang(a)linux.intel.com> perf mem: Fix error on hybrid related to availability of mem event in a PMU Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> perf vendor events powerpc: Update datasource event name to fix duplicate events Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf vendor events arm64 AmpereOne: Rename BPU_FLUSH_MEM_FAULT to GPC_FLUSH_MEM_FAULT Brett Creeley <brett.creeley(a)amd.com> vfio/pds: Fix calculations in pds_vfio_dirty_sync Veronika Molnarova <vmolnaro(a)redhat.com> perf test record user-regs: Fix mask for vg register Douglas Anderson <dianders(a)chromium.org> r8152: Choose our USB config with choose_configuration() rather than probe() Douglas Anderson <dianders(a)chromium.org> usb: core: Allow subclassed USB drivers to override usb_choose_configuration() Umang Jain <umang.jain(a)ideasonboard.com> staging: vc04_services: Do not pass NULL to vchiq_log_error() Umang Jain <umang.jain(a)ideasonboard.com> staging: vc04_services: vchiq_core: Log through struct vchiq_instance Arnaldo Carvalho de Melo <acme(a)redhat.com> libapi: Add missing linux/types.h header to get the __u64 type on io.h Adrian Hunter <adrian.hunter(a)intel.com> perf header: Fix segfault on build_mem_topology() error path Nick Forrington <nick.forrington(a)arm.com> perf test: Remove atomics from test_loop to avoid test failures Laurentiu Tudor <laurentiu.tudor(a)nxp.com> iommu: Map reserved memory as cacheable if device is coherent Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() Su Hui <suhui(a)nfschina.com> power: supply: bq256xx: fix some problem in bq256xx_hw_init Jan Palus <jpalus(a)fastmail.com> power: supply: cw2015: correct time_to_empty units in sysfs Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Fix the max DSC bpc supported by source Frederik Haxel <haxel(a)fzi.de> riscv: Fixed wrong register in XIP_FIXUP_FLASH_OFFSET macro Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix set_direct_map_default_noflush() to reset _PAGE_EXEC Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix module_alloc() that did not reset the linear mapping permissions Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix wrong usage of lm_alias() when splitting a huge linear mapping Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Check if the code to patch lies in the exit section Vincent Whitchurch <vincent.whitchurch(a)axis.com> um: virt-pci: fix platform map offset Serge Semin <fancer.lancer(a)gmail.com> mips: Fix incorrect max_low_pfn adjustment Serge Semin <fancer.lancer(a)gmail.com> mips: dmi: Fix early remap on MIPS32 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> srcu: Use try-lock lockdep annotation for NMI-safe access. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel-lpss: Fix the fractional clock divider flags Kunwu Chan <chentao(a)kylinos.cn> mfd: tps6594: Add null pointer check to tps6594_device_init() Martin Kurbanov <mmkurbanov(a)salutedevices.com> leds: aw200xx: Fix write to DIM parameter Dang Huynh <danct12(a)riseup.net> leds: aw2013: Select missing dependency REGMAP_I2C Paul E. McKenney <paulmck(a)kernel.org> rcu: Restrict access to RCU CPU stall notifiers Kunwu Chan <chentao(a)kylinos.cn> mfd: syscon: Fix null pointer dereference in of_syscon_register() Charles Keepax <ckeepax(a)opensource.cirrus.com> mfd: cs42l43: Correct SoundWire port list Neil Armstrong <neil.armstrong(a)linaro.org> mfd: rk8xx: fixup devices registration with PLATFORM_DEVID_AUTO Randy Dunlap <rdunlap(a)infradead.org> ARM: 9330/1: davinci: also select PINCTRL Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: set safe default SPI clock frequency Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: add check for unsupported SPI modes during probe Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Correct behavior when processing some confidence == false touches Yauhen Kharuzhy <jekhor(a)gmail.com> HID: sensor-hub: Enable hid core report processing for all devices Marcelo Schmitt <marcelo.schmitt(a)analog.com> iio: adc: ad7091r: Pass iio_dev to event handler Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Reset the PMU, i.e. stop counters, before refreshing Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Move PMU reset logic to common x86 code Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v4: Restore pending state on host userspace write Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/kvm: Do not try to disable kvmclock if it was not enabled Manivannan Sadhasivam <mani(a)kernel.org> ARM: dts: qcom: sdx55: Fix the base address of PCIe PHY qizhong cheng <qizhong.cheng(a)mediatek.com> PCI: mediatek: Clear interrupt status before dispatching handler Niklas Cassel <niklas.cassel(a)wdc.com> PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support Bjorn Helgaas <bhelgaas(a)google.com> x86/pci: Reserve ECAM if BIOS didn't include it in PNP0C02 _CRS Tadeusz Struk <tstruk(a)gigaio.com> PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() Huang Ying <ying.huang(a)intel.com> cxl/port: Fix decoder initialization when nr_targets > interleave_ways Christian König <christian.koenig(a)amd.com> drm/amdgpu: revert "Adjust removal control flow for smu v13_0_2" Sean Christopherson <seanjc(a)google.com> Revert "nSVM: Check for reserved encodings of TLB_CONTROL in nested VMCB" Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Revert "net: rtnetlink: Enslave device before bringing it up" Romain Gantois <romain.gantois(a)bootlin.com> net: stmmac: Prevent DSA tags from breaking COE Petr Tesarik <petr(a)tesarici.cz> net: stmmac: fix ethtool per-queue statistics David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: fix uninitialized firmware_stat David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: configure BSSID consistently when starting AP David Lin <yu-hao.lin(a)nxp.com> wifi: mwifiex: add extra delay for firmware ready Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code Christian Marangi <ansuelsmth(a)gmail.com> wifi: mt76: fix broken precal loading from MTD for mt7915 Isaac J. Manjarres <isaacmanjarres(a)google.com> iommu/dma: Trace bounce buffer usage when mapping buffers Rob Clark <robdclark(a)chromium.org> iommu/arm-smmu-qcom: Add missing GMU entry to match table Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Jiri Olsa <olsajiri(a)gmail.com> bpf: Fix re-attachment branch in bpf_tracing_prog_attach Gui-Dong Han <2045gemini(a)gmail.com> Bluetooth: Fix atomicity violation in {min,max}_key_size_set Stefan Berger <stefanb(a)linux.ibm.com> rootfs: Fix support for rootfstype= when root= is given Bart Van Assche <bvanassche(a)acm.org> md/raid1: Use blk_opf_t for read and write operations Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: Fix out-of-bounds access in of_pwm_single_xlate() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: jz4740: Don't use dev_err_probe() in .request() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: check if catch-all set element is active in next generation Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Fix iterating over an empty bio with bio_for_each_folio_all Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Remove special-casing of compound pages Min Li <min15.li(a)samsung.com> block: add check that partition length needs to be aligned with block size Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Enable PCIe PME from D3 Yu Kuai <yukuai3(a)huawei.com> md: Fix md_seq_ops() regressions Junxiao Bi <junxiao.bi(a)oracle.com> md: bypass block throttle for superblock update Chandrakanth patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Block PEL Enable Command on Controller Reset and Unrecoverable State Chandrakanth patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Clean up block devices post controller reset Chandrakanth patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Refresh sdev queue depth after controller reset Amir Goldstein <amir73il(a)gmail.com> scsi: target: core: add missing file_{start,end}_write() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Simplify power management during async scan Nam Cao <namcao(a)linutronix.de> fbdev: flush deferred IO before closing Nam Cao <namcao(a)linutronix.de> fbdev: flush deferred work in fb_deferred_io_fsync() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/acornfb: Fix name of fb_ops initializer macro Jens Axboe <axboe(a)kernel.dk> io_uring: ensure local task_work is run on wait timeout Jens Axboe <axboe(a)kernel.dk> io_uring/rw: ensure io->bytes_done is always initialized Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't check iopoll if request completes Xi Ruoyao <xry111(a)xry111.site> LoongArch: Fix and simplify fcsr initialization on execve() Eric Biggers <ebiggers(a)google.com> ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: only v2 leases handle the directory Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix UAF issue in ksmbd_tcp_new_connection() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate mech token in session setup Bin Li <bin.li(a)canonical.com> ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 Yo-Jung Lin <leo.lin(a)canonical.com> ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook Çağhan Demir <caghandemir(a)marun.edu.tr> ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx Takashi Iwai <tiwai(a)suse.de> ALSA: oxygen: Fix right channel of capture volume mixer Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: omap: do not override settings for RS485 support Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: 8250_exar: Set missing rs485_supported flag Christoph Niedermaier <cniedermaier(a)dh-electronics.com> serial: imx: Ensure that imx_uart_rs485_config() is called with enabled clock Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: core, imx: do not set RS485 enabled if it is not supported Stefan Wahren <wahrenst(a)gmx.net> serial: 8250_bcm2835aux: Restore clock error handling Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: core: set missing supported flag for RX during TX GPIO Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: core: make sure RS485 cannot be enabled when it is not supported Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: core: fix sanitizing check for RTS settings Lino Sanfilippo <l.sanfilippo(a)kunbus.com> serial: Do not hold the port lock when setting rx-during-tx GPIO Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: phy: qcom,sc8280xp-qmp-usb43dp-phy: fix path to header Gui-Dong Han <2045gemini(a)gmail.com> usb: mon: Fix atomicity violation in mon_bin_vma_fault RD Babiera <rdbabiera(a)google.com> usb: typec: class: fix typec_altmode_put_partner to put plugs Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Revert "usb: typec: class: fix typec_altmode_put_partner to put plugs" Frank Li <Frank.Li(a)nxp.com> usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix iso transfer error when mult is not zero Frank Li <Frank.Li(a)nxp.com> usb: cdns3: fix uvc failure work since sg support enabled Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: wait controller resume finished for wakeup irq Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Revert "usb: dwc3: don't reset device side if dwc3 was configured as host-only" Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Revert "usb: dwc3: Soft reset phy on probe for host" Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Queue PM runtime idle on disconnect event Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: gadget: Handle EP0 request dequeuing properly Uttkarsh Aggarwal <quic_uaggarwa(a)quicinc.com> usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() Richard Acayan <mailingradian(a)gmail.com> usb: gadget: u_ether: Re-attach netif device to mirror detachment Frank Li <Frank.Li(a)nxp.com> Revert "usb: gadget: f_uvc: change endpoint allocation in uvc_function_bind()" Heiko Carstens <hca(a)linux.ibm.com> tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64s: Increase default stack size to 32KB Arnd Bergmann <arnd(a)arndb.de> clocksource/drivers/ep93xx: Fix error handling during probe Inochi Amaoto <inochiama(a)outlook.com> dt-bindings: timer: thead,c900-aclint-mtimer: separate mtime and mtimecmp regs Tony Lindgren <tony(a)atomide.com> clocksource/drivers/timer-ti-dm: Fix make W=n kerneldoc warnings Carlos Llamas <cmllamas(a)google.com> binder: fix race between mmput() and do_exit() Jan Beulich <jbeulich(a)suse.com> xen-netback: don't produce zero-size SKB frags Kaibo Ma <ent3rm4n(a)gmail.com> Revert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole" Matthew Maurer <mmaurer(a)google.com> rust: Ignore preserve-most functions Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - use ab83 as id when skipping the getid command Carlos Llamas <cmllamas(a)google.com> binder: fix unused alloc->free_async_space Carlos Llamas <cmllamas(a)google.com> binder: fix async space check for 0-sized buffers Jordan Rome <linux(a)jordanrome.com> selftests/bpf: Add assert for user stacks in test_task_stack Tejun Heo <tj(a)kernel.org> Revert "kernfs: convert kernfs_idr_lock to an irq safe raw spinlock" Andrea Righi <andrea.righi(a)canonical.com> kernfs: convert kernfs_idr_lock to an irq safe raw spinlock Jing Xia <jing.xia(a)unisoc.com> class: fix use-after-free in class_register() Geert Uytterhoeven <geert+renesas(a)glider.be> of: unittest: Fix of_count_phandle_with_args() expected value message Dario Binacchi <dario.binacchi(a)amarulasolutions.com> fbdev: imxfb: fix left margin setting Christian A. Ehrhardt <lk(a)c--e.de> of: Fix double free in of_parse_phandle_with_args_map Li Nan <linan122(a)huawei.com> ksmbd: validate the zero field of packet header Mirsad Todorovac <mirsad.todorovac(a)alu.unizg.hr> kselftest/alsa - conf: Stringify the printed errno in sysfs_get() Mirsad Todorovac <mirsad.todorovac(a)alu.unizg.hr> kselftest/alsa - mixer-test: Fix the print format specifier warning Mirsad Todorovac <mirsad.todorovac(a)alu.unizg.hr> kselftest/alsa - mixer-test: fix the number of parameters to ksft_exit_fail_msg() Arnd Bergmann <arnd(a)arndb.de> drm/amd/display: avoid stringop-overflow warnings for dp_decide_lane_settings() Zhipeng Lu <alexious(a)zju.edu.cn> drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Sergey Gorenko <sergeygo(a)nvidia.com> IB/iser: Prevent invalidating wrong MR Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix type of 'dbg_flags' in 'struct kfd_process' Peter Robinson <pbrobinson(a)gmail.com> mmc: sdhci_omap: Fix TI SoC dependencies Peter Robinson <pbrobinson(a)gmail.com> mmc: sdhci_am654: Fix TI SoC dependencies Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add missing mutex lock around get meter levels Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add missing error checks to *_ctl_get() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add missing error check to scarlett2_config_save() Hans de Goede <hdegoede(a)redhat.com> ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] Philipp Zabel <p.zabel(a)pengutronix.de> pwm: stm32: Fix enable count for clk in .probe() Philipp Zabel <p.zabel(a)pengutronix.de> pwm: stm32: Use hweight32 in stm32_pwm_detect_channels Théo Lebrun <theo.lebrun(a)bootlin.com> clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: dispcc-sm8550: Use the correct PLL configuration function Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: dispcc-sm8550: Update disp PLL settings Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: gpucc-sm8550: Update GPU PLL settings Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: gcc-sm8550: Mark RCGs shared where applicable Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: gcc-sm8550: use collapse-voting for PCIe GDSCs Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: gcc-sm8550: Mark the PCIe GDSCs votable Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: gcc-sm8550: Add the missing RETAIN_FF_ENABLE GDSC flag Xingyuan Mo <hdthky0(a)gmail.com> accel/habanalabs: fix information leak in sec_attest_info() Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/mediatek: dp: Add phy_mtk_dp module as pre-dependency Gergo Koteles <soyer(a)irl.hu> ASoC: tas2781: add support for FW version 0x0503 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ASoC: amd: vangogh: Drop conflicting ACPI-based probing Su Hui <suhui(a)nfschina.com> clk: si5341: fix an error code problem in si5341_output_clk_set_rate Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: rs9: Fix DIF OEn bit placement on 9FGV0241 Vignesh Raghavendra <vigneshr(a)ti.com> watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused Stefan Wahren <wahrenst(a)gmx.net> watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling Jerry Hoemann <jerry.hoemann(a)hpe.com> watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO Curtis Klein <curtis.klein(a)hpe.com> watchdog: set cdev owner before adding Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: clk: zynqmp: update divider round rate logic Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: clk: zynqmp: calculate closest mux rate Yang Yingliang <yangyingliang(a)huawei.com> clk: sp7021: fix return value check in sp7021_clk_probe() Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: videocc-sm8150: Add missing PLL config property Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to check return value of f2fs_recover_xattr_data Zhipeng Lu <alexious(a)zju.edu.cn> drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table Zhipeng Lu <alexious(a)zju.edu.cn> gpu/drm/radeon: fix two memleaks in radeon_vm_init Zhipeng Lu <alexious(a)zju.edu.cn> drivers/amd/pm: fix a use-after-free in kv_parse_power_table Zhipeng Lu <alexious(a)zju.edu.cn> drm/amd/pm: fix a double-free in si_dpm_init Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/debugfs: fix error code when smc register accessors are NULL Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Fix underrun in VDO1 when switches off the layer Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Remove the redundant driver data for DPI Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Return error if MDP RDMA failed to enable the clock Arnd Bergmann <arnd(a)arndb.de> media: i2c: mt9m114: use fsleep() in place of udelay() Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Set input_sel bit for INTF Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Check reset monitor registers Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l-cpg: Reuse code in rzg2l_cpg_reset() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() Dan Carpenter <dan.carpenter(a)linaro.org> media: dvbdev: drop refcount on error path in dvb_device_open() Chao Yu <chao(a)kernel.org> f2fs: fix to update iostat correctly in f2fs_filemap_fault() Chao Yu <chao(a)kernel.org> f2fs: fix to check compress file in f2fs_move_file_range() Chao Yu <chao(a)kernel.org> f2fs: fix to wait on block writeback for post_read case Chris Morgan <macromorgan(a)hotmail.com> drm/panel: st7701: Fix AVCL calculation Bjorn Andersson <quic_bjorande(a)quicinc.com> drm/msm/adreno: Fix A680 chip id Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Fix memory leaks in rkisp1_isp_unregister() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: rkisp1: Fix media device memory leak Mehdi Djait <mehdi.djait(a)bootlin.com> media: dt-bindings: media: rkisp1: Fix the port description for the parallel interface Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: imx-mipi-csis: Drop extra clock enable at probe() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: imx-mipi-csis: Fix clock handling in remove() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: videobuf2: request more buffers for vb2_read Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: bttv: add back vbi hack Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: bttv: start_streaming should return a proper error code Daniel Rosenberg <drosen(a)google.com> f2fs: Restrict max filesize for 16K f2fs Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix memory leak in free_mr_init() Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: pci-mtl: fix ARL-S definitions Zhipeng Lu <alexious(a)zju.edu.cn> media: cx231xx: fix a memleak in cx231xx_init_isoc Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358767: Fix return value on error case Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable Zhipeng Lu <alexious(a)zju.edu.cn> drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table Zhipeng Lu <alexious(a)zju.edu.cn> drm/radeon/dpm: fix a memleak in sumo_parse_power_table Yang Yingliang <yangyingliang(a)huawei.com> drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check writeback connectors in create_validate_stream_for_sink Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Use drm_connector in create_stream_for_sink Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Return drm_connector from find_first_crtc_matching_connector Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: correct clk bit for WB2 block AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: populate SSPP scaler block version Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: enable SmartDMA on SM8450 Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: SOF: topology: Use partial match for disconnecting DAI link and DAI widget Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL Brent Lu <brent.lu(a)intel.com> ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch Sebastian Reichel <sre(a)kernel.org> media: v4l: async: Fix duplicated list deletion Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/drv: propagate errors from drm_modeset_register_all() Konrad Dybcio <konrad.dybcio(a)linaro.org> drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks Bjorn Andersson <quic_bjorande(a)quicinc.com> drm/msm/dpu: Add missing safe_lut_tbl in sc8180x catalog Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/mdp4: flush vblank event on disable Arnd Bergmann <arnd(a)arndb.de> drm/msm/a6xx: add QMP dependency Linus Walleij <linus.walleij(a)linaro.org> ASoC: cs35l34: Fix GPIO name and drop legacy include Linus Walleij <linus.walleij(a)linaro.org> ASoC: cs35l33: Fix GPIO name and drop legacy include Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> drm/imx/lcdc: Fix double-free of driver data Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Fix dss reset Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Check for K2G in in dispc_softreset() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Return error value from from softreset Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Move reset to the end of dispc_init() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix NULL pointer dereference at hibernate Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: check return value of radeon_ring_lock() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() Arnd Bergmann <arnd(a)arndb.de> ASoC: fsl_rpmsg: update Kconfig dependencies Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/sm712fb: Use correct initializer macros for struct fb_ops Xin Ji <xji(a)analogixsemi.com> Revert "drm/bridge: Add 200ms delay to wait FW HPD status stable" Chao Yu <chao(a)kernel.org> f2fs: fix to avoid dirent corruption Liu Ying <victor.liu(a)nxp.com> drm/bridge: imx93-mipi-dsi: Fix a couple of building warnings Dario Binacchi <dario.binacchi(a)amarulasolutions.com> drm/bridge: Fix typo in post_disable() description Luben Tuikov <ltuikov89(a)gmail.com> drm/sched: Fix bounds limiting when given a malformed entity Alexander Stein <alexander.stein(a)ew.tq-group.com> media: amphion: Fix VPU core alias name Paul Kocialkowski <paul.kocialkowski(a)bootlin.com> media: rkvdec: Hook the (TRY_)DECODER_CMD stateless ioctls Paul Kocialkowski <paul.kocialkowski(a)bootlin.com> media: verisilicon: Hook the (TRY_)DECODER_CMD stateless ioctls Paul Kocialkowski <paul.kocialkowski(a)bootlin.com> media: visl: Hook the (TRY_)DECODER_CMD stateless ioctls Zheng Wang <zyytlz.wz(a)163.com> media: mtk-jpeg: Remove cancel worker in mtk_jpeg_remove to avoid the crash of multi-core JPEG devices Ricardo B. Marliere <ricardo(a)marliere.net> media: pvrusb2: fix use after free on context disconnection Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tilcdc: Fix irq free on unload Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function Abhinav Singh <singhabhinav9051571833(a)gmail.com> drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer Chris Morgan <macromorgan(a)hotmail.com> drm/panel-elida-kd35t133: hold panel in reset for unprepare Chris Morgan <macromorgan(a)hotmail.com> drm/panel: nv3051d: Hold panel in reset for unprepare Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix inappropriate err code for unsupported operations Leon Romanovsky <leon(a)kernel.org> RDMA/usnic: Silence uninitialized symbol smatch warnings AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/dp_mst: Fix fractional DSC bpp handling Jouni Högander <jouni.hogander(a)intel.com> drm/i915/display: Move releasing gem object away from fb tracking Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Revert "drm/omapdrm: Annotate dma-fence critical section in commit path" Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Revert "drm/tidss: Annotate dma-fence critical section in commit path" Arnd Bergmann <arnd(a)arndb.de> ARM: davinci: always select CONFIG_CPU_ARM926T Eric Dumazet <edumazet(a)google.com> ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() David Howells <dhowells(a)redhat.com> rxrpc: Fix skbuff cleanup of call's recvmsg_queue and rx_oos_queue Asmaa Mnebhi <asmaa(a)nvidia.com> mlxbf_gige: Enable the GigE port in mlxbf_gige_open Asmaa Mnebhi <asmaa(a)nvidia.com> mlxbf_gige: Fix intermittent no ip issue Tao Liu <taoliu828(a)163.com> net/sched: act_ct: fix skb leak and crash on ooo frags Ming Lei <ming.lei(a)redhat.com> blk-cgroup: fix rcu lockdep warning in blkg_lookup() Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix gotol with large offsets Eric Dumazet <edumazet(a)google.com> sctp: fix busy polling Eric Dumazet <edumazet(a)google.com> sctp: support MSG_ERRQUEUE flag in recvmsg() John Fastabend <john.fastabend(a)gmail.com> bpf: sockmap, fix proto update hook to avoid dup calls Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: parse all ML elements in an ML probe response Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: correct comment about MLD ID Kunwu Chan <chentao(a)kylinos.cn> ice: Fix some null pointer dereference issues in ice_ptp.c Andy Yan <andyshrk(a)163.com> arm64: dts: rockchip: Fix led pinctrl of lubancat 1 Christoph Hellwig <hch(a)lst.de> null_blk: don't cap max_hw_sectors to BLK_DEF_MAX_SECTORS Francesco Dolcini <francesco.dolcini(a)toradex.com> Bluetooth: btmtkuart: fix recv_buf() return value Francesco Dolcini <francesco.dolcini(a)toradex.com> Bluetooth: btnxpuart: fix recv_buf() return value Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix bogus check for re-auth no supported with non-ssp Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: validate chain type update if available Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: mark newset as dead on transaction abort Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: assign phy_ctxt before eSR activation Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fix out of bound copy_from_user Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Do not warn if valid link pair was not found Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: send TX path flush in rfkill Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request Ayala Beker <ayala.beker(a)intel.com> wifi: mac80211: fix advertised TTLM scheduling Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192se: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192de: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8192c: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: add calculate_bit_shift() Hou Tao <houtao1(a)huawei.com> bpf: Use c->unit_size to select target cache during free Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc8180x: Fix up PCIe nodes Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc8180x: Mark PCIe hosts cache-coherent Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8550: Update idle state time requirements Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm8550: Separate out X3 idle state Chukun Pan <amadeus(a)jmu.edu.cn> arm64: dts: qcom: ipq6018: fix clock rates for GCC_USB0_MOCK_UTMI_CLK Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc7280: Mark SDHCI hosts as cache-coherent Li Nan <linan122(a)huawei.com> block: add check of 'minors' and 'first_minor' in device_add_disk() Abel Vesa <abel.vesa(a)linaro.org> soc: qcom: llcc: Fix LLCC_TRP_ATTR2_CFGn offset Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: qseecom: fix memory leaks in error paths Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8150-hdk: fix SS USB regulators Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8150: make dispcc cast minimal vote on MMCX Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sm6375: Hook up MPM Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm6375: fix USB wakeup interrupt types Atul Dhudase <quic_adhudase(a)quicinc.com> soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration Nikita Travkin <nikita(a)trvn.ru> arm64: dts: qcom: acer-aspire1: Correct audio codec definition Hou Tao <houtao1(a)huawei.com> bpf: Limit the number of kprobes when attaching program to multiple kprobes Hou Tao <houtao1(a)huawei.com> bpf: Limit the number of uprobes when attaching program to multiple uprobes Joakim Zhang <joakim.zhang(a)cixtech.com> dma-mapping: clear dev->dma_mem to NULL after freeing it Arseniy Krasnov <avkrasnov(a)salutedevices.com> virtio/vsock: send credit update during setting SO_RCVLOWAT Arseniy Krasnov <avkrasnov(a)salutedevices.com> virtio/vsock: fix logic which reduces credit update messages Leone Fernando <leone4fernando(a)gmail.com> ipmr: support IP_PKTINFO on cache report IGMP msg Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: fix grep checking for fib_nexthop_multiprefix Yonghong Song <yonghong.song(a)linux.dev> bpf: Fix a race condition between btf_put() and map_free() Ahmad Fatoum <a.fatoum(a)pengutronix.de> ARM: dts: stm32: don't mix SCMI and non-SCMI board compatibles Tushar Vyavahare <tushar.vyavahare(a)intel.com> selftests/xsk: Fix for SEND_RECEIVE_UNALIGNED test Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Correct the number of global debugfs registers Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Rollback some operations if FLR failed Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Check before using pointer variables Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Replace with standard error code return value Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: qcom: Fix the return value when platform_get_resource_byname() fails Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: qcom: Fix the return value of ufs_qcom_ice_program_key() Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm: Reduce GPU to nominal speed Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: white-hawk-cpu: Fix missing serial console pin control Rob Herring <robh(a)kernel.org> arm64: dts: xilinx: Apply overlays to base dtbs Li Nan <linan122(a)huawei.com> block: Set memalloc_noio to false on device_add_disk() error path YiFei Zhu <zhuyifei(a)google.com> selftests/bpf: Relax time_tai test for equal timestamps in tai_forward Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: don't support triggered EHT CQI feedback Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix wrong 6Ghz power type Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix CLC command timeout when suspend/resume Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix country count limitation for CLC Eugen Hristev <eugen.hristev(a)collabora.com> arm64: dts: mediatek: mt8186: fix address warning for ADSP mailboxes Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186: Fix alias prefix for ovl_2l0 Moudy Ho <moudy.ho(a)mediatek.com> arm64: dts: mediatek: mt8195: revise VDOSYS RDMA node name Moudy Ho <moudy.ho(a)mediatek.com> arm64: dts: mediatek: mt8183: correct MDP3 DMA-related nodes Moudy Ho <moudy.ho(a)mediatek.com> dt-bindings: media: mediatek: mdp3: correct RDMA and WROT node with generic names Tiezhu Yang <yangtiezhu(a)loongson.cn> test_bpf: Rename second ALU64_SMOD_X to ALU64_SMOD_K Andrei Matei <andreimatei1(a)gmail.com> bpf: Fix accesses to uninit stack slots Andrei Matei <andreimatei1(a)gmail.com> bpf: Guard stack limits against 32bit overflow Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: hisilicon: hikey970-pmic: fix regulator cells properties Andrei Matei <andreimatei1(a)gmail.com> bpf: Fix verification of indirect var-off stack access Wang Zhao <wang.zhao(a)mediatek.com> wifi: mt76: mt7921s: fix workqueue problem causes STA association fail Arnd Bergmann <arnd(a)arndb.de> wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing StanleyYP Wang <StanleyYP.Wang(a)mediatek.com> wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band StanleyYP Wang <StanleyYP.Wang(a)mediatek.com> wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 StanleyYP Wang <StanleyYP.Wang(a)mediatek.com> wifi: mt76: mt7996: fix alignment of sta info event MeiChia Chiu <meichia.chiu(a)mediatek.com> wifi: mt76: mt7996: fix rate usage of inband discovery frames Sujuan Chen <sujuan.chen(a)mediatek.com> wifi: mt76: mt7996: fix the size of struct bss_rate_tlv Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7915: fallback to non-wed mode if platform_get_resource fails in mt7915_mmio_wed_init() Christian Marangi <ansuelsmth(a)gmail.com> wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function Yi-Chia Hsieh <yi-chia.hsieh(a)mediatek.com> wifi: mt76: mt7996: fix uninitialized variable in parsing txfree Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sm8550: fix USB wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7280: fix usb_2 wakeup interrupt types Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sa8775p: fix USB wakeup interrupt types Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc7280: Mark Adreno SMMU as DMA coherent Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc7280: Fix up GPU SIDs Nia Espera <nespera(a)igalia.com> arm64: dts: qcom: sm8350: Fix DMA0 address Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm6125: add interrupts to DWC3 USB controller Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sdm845-db845c: correct LED panic indicator Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator Caleb Connolly <caleb.connolly(a)linaro.org> arm64: dts: qcom: qrb2210-rb1: use USB host mode Artem Chernyshev <artem.chernyshev(a)red-soft.ru> scsi: fnic: Return error if vmalloc() failed Andrii Nakryiko <andrii(a)kernel.org> bpf: fix check for attempt to corrupt spilled pointer Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: specify the interface when do arping Hou Tao <houtao1(a)huawei.com> bpf: Defer the free of inner map when necessary Hou Tao <houtao1(a)huawei.com> bpf: Add map and need_defer parameters to .map_fd_put_ptr() Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sm6350: Make watchdog bark interrupt edge triggered Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sc8280xp: Make watchdog bark interrupt edge triggered Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sa8775p: Make watchdog bark interrupt edge triggered Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sm8250: Make watchdog bark interrupt edge triggered Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sm8150: Make watchdog bark interrupt edge triggered Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sdm845: Make watchdog bark interrupt edge triggered Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sc7280: Make watchdog bark interrupt edge triggered Douglas Anderson <dianders(a)chromium.org> arm64: dts: qcom: sc7180: Make watchdog bark interrupt edge triggered Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8550: correct TX Soundwire clock Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8450: correct TX Soundwire clock Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: sc8180x-primus: Fix HALL_INT polarity Stephen Boyd <swboyd(a)chromium.org> dt-bindings: arm: qcom: Fix html link Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: qcom: sdx65: correct SPMI node name Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: qcom: sdx65: correct PCIe EP phy-names Andrii Nakryiko <andrii(a)kernel.org> bpf: enforce precision of R0 on callback return Yu Kuai <yukuai3(a)huawei.com> md: synchronize flush io with array reconfiguration Jeroen van Ingen Schenau <jeroen.vaningenschenau(a)novoserve.com> selftests/bpf: Fix erroneous bitmask operation Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> wifi: rtw88: sdio: Honor the host max_req_size in the RX path Jan Kiszka <jan.kiszka(a)siemens.com> arm64: dts: ti: iot2050: Re-add aliases Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type Nitin Yadav <n-yadav(a)ti.com> arm64: dts: ti: k3-am62a-main: Fix GPIO pin count in DT nodes Su Hui <suhui(a)nfschina.com> wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: fix the error handler of rfkill config Bart Van Assche <bvanassche(a)acm.org> scsi: bfa: Use the proper data type for BLIST flags Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() Peter Delevoryas <peter(a)pjd.dev> net/ncsi: Fix netlink major/minor version numbers Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> ARM: dts: qcom: apq8064: correct XOADC register address Arnd Bergmann <arnd(a)arndb.de> wifi: libertas: stop selecting wext Luca Weiss <luca.weiss(a)fairphone.com> wifi: ath11k: Defer on rproc_get failure Jordan Rome <jordalgo(a)meta.com> bpf: Add crosstask check to __bpf_get_stack Dave Marchevsky <davemarchevsky(a)fb.com> bpf: Add KF_RCU flag to bpf_refcount_acquire_impl Florian Lehner <dev(a)der-flo.net> bpf, lpm: Fix check prefixlen before walking trie Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw88: fix RX filter in FIF_ALLMULTI flag Dan Carpenter <dan.carpenter(a)linaro.org> wifi: plfxlc: check for allocation failure in plfxlc_usb_wreq_async() Luca Weiss <luca(a)z3ntu.xyz> ARM: dts: qcom: msm8226: provide dsi phy clocks to mmcc Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp-x13s: add missing camera LED pin config Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: sc8280xp-x13s: Use the correct DP PHY compatible Caleb Connolly <caleb.connolly(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: don't force usb peripheral mode David McKay <david.mckay(a)codasip.com> asm-generic: Fix 32 bit __generic_cmpxchg_local Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fixup v4.1 backchannel request timeouts Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS: Fix the pnfs block driver's calculation of layoutget size Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: fix _xprt_switch_find_current_entry logic Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT Scott Mayhew <smayhew(a)redhat.com> NFS: Use parent's objective cred in nfs_access_login_time() Benjamin Coddington <bcodding(a)redhat.com> blocklayoutdriver: Fix reference leak of pnfs_device_node Arnd Bergmann <arnd(a)arndb.de> csky: fix arch_jump_label_transform_static override David Howells <dhowells(a)redhat.com> keys, dns: Fix size check of V1 server-list header Chengming Zhou <zhouchengming(a)bytedance.com> crypto: scomp - fix req->dst buffer overflow Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - do not resize req->src when doing hash operations Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix processing hash requests with req->nbytes < sg->length Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - improve error handling in sahara_sha_process() Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix wait_for_completion_timeout() error handling Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix ahash reqsize Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - handle zero-length aes requests Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - avoid skcipher fallback code duplication wangyangxin <wangyangxin1(a)huawei.com> crypto: virtio - Wait for tasklet to complete on device remove Alexander Aring <aahringo(a)redhat.com> dlm: fix format seq ops type 4 Edward Adam Davis <eadavis(a)qq.com> gfs2: fix kernel BUG in gfs2_quota_cleanup Osama Muhammad <osmtendev(a)gmail.com> gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Christian Brauner <brauner(a)kernel.org> fs: indicate request originates from old mount API Gao Xiang <xiang(a)kernel.org> erofs: fix memory leak on short-lived bounced pages Sergey Shtylyov <s.shtylyov(a)omp.ru> pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/zip - save capability registers in probe process Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/sec2 - save capability registers in probe process Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - save capability registers in probe process Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/qm - add a function to set qm algs Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/zip - add zip comp high perf mode configuration Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/qm - save capability registers in qm init process Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix error handling in sahara_hw_descriptor_create() Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix processing requests with cryptlen < sg->length Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix ahash selftest failure Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - fix cbc selftest failure Ovidiu Panait <ovidiu.panait(a)windriver.com> crypto: sahara - remove FLAGS_NEW_KEY logic Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> crypto: safexcel - Add error handling for dma_map_sg() calls Yang Yingliang <yangyingliang(a)huawei.com> hwrng: stm32 - add missing clk_disable_unprepare() in stm32_rng_init() Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - add NULL pointer check Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - fix mutex ordering in adf_rl Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - fix error path in add_update_sla() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: af_alg - Disallow multiple in-flight AIO requests Dinghao Liu <dinghao.liu(a)zju.edu.cn> crypto: ccp - fix memleak in ccp_init_dm_workarea Chen Ni <nichen(a)iscas.ac.cn> crypto: sa2ul - Return crypto_aead_setkey to transfer the error Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - add sysfs_added flag for rate limiting Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - add sysfs_added flag for ras Gonglei (Arei) <arei.gonglei(a)huawei.com> crypto: virtio - Handle dataq logic with tasklet Chanho Park <chanho61.park(a)samsung.com> crypto: jh7110 - Correct deferred probe return Dan Carpenter <dan.carpenter(a)linaro.org> crypto: qat - prevent underflow in rp2srv_store() Dan Carpenter <dan.carpenter(a)linaro.org> crypto: rsa - add a check for allocation failure Mickaël Salaün <mic(a)digikod.net> selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket Binbin Zhou <zhoubinbin(a)loongson.cn> drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment Borislav Petkov (AMD) <bp(a)alien8.de> cpuidle: haltpoll: Do not enable interrupts when entering idle ZhaoLong Wang <wangzhaolong1(a)huawei.com> mtd: Fix gluebi NULL pointer dereference caused by ftl notifier Richard Fitzgerald <rf(a)opensource.cirrus.com> kunit: debugfs: Handle errors from alloc_string_stream() Richard Fitzgerald <rf(a)opensource.cirrus.com> kunit: debugfs: Fix unchecked dereference in debugfs_print_results() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Fix NULL pointer dereference in zone registration error path Tony Luck <tony.luck(a)intel.com> ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: LPSS: Fix the fractional clock divider flags Wolfram Sang <wsa+renesas(a)sang-engineering.com> spi: sh-msiof: Enforce fixed DTDL for R-Car H3 Ard Biesheuvel <ardb(a)kernel.org> efivarfs: Free s_fs_info on unmount Ilias Apalodimas <ilias.apalodimas(a)linaro.org> efivarfs: force RO when remounting if SetVariable is not supported Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> calipso: fix memory leak in netlbl_calipso_add_pass() Alexandra Diupina <adiupina(a)astralinux.ru> cpufreq: scmi: process the result of devm_of_clk_add_hw_provider() David E. Box <david.e.box(a)linux.intel.com> platform/x86/intel/vsec: Fix xa_alloc memory leak Yang Yingliang <yangyingliang(a)huawei.com> spi: cadence-quadspi: add missing clk_disable_unprepare() in cqspi_probe() Chen Ni <nichen(a)iscas.ac.cn> KEYS: encrypted: Add check for strsep Nikita Kiryushin <kiryushin(a)ancud.ru> ACPI: LPIT: Avoid u32 multiplication overflow Nikita Kiryushin <kiryushin(a)ancud.ru> ACPI: video: check for error while searching for backlight device parent Ronald Monthero <debug.penguin32(a)gmail.com> mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response Amit Kumar Mahapatra <amit.kumar-mahapatra(a)amd.com> spi: spi-zynqmp-gqspi: fix driver kconfig dependencies Alexander Antonov <alexander.antonov(a)linux.intel.com> perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() Yiwei Lin <s921975628(a)gmail.com> sched/fair: Update min_vruntime for reweight_entity() correctly Kunwu Chan <chentao(a)kylinos.cn> powerpc/imc-pmu: Add a null pointer check in update_events_in_group() Kunwu Chan <chentao(a)kylinos.cn> powerpc/powernv: Add a null pointer check in opal_powercap_init() Kunwu Chan <chentao(a)kylinos.cn> powerpc/powernv: Add a null pointer check in opal_event_init() Kunwu Chan <chentao(a)kylinos.cn> powerpc/powernv: Add a null pointer check to scom_debug_init_one() Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: Avoid warning on invalid token argument to sys_rtas() Kajol Jain <kjain(a)linux.ibm.com> powerpc/hv-gpci: Add return value check in affinity_domain_via_partition_show function Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix error handling in FPU/VMX preemption tests Nicholas Piggin <npiggin(a)gmail.com> KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: Fix some event id for HiSilicon UC pmu Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix HN-F class_occup_id events Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/intel: Set new revision only after a successful update Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/pseries/memhp: Fix access beyond end of drmem array Randy Dunlap <rdunlap(a)infradead.org> powerpc/44x: select I2C for CURRITUCK Peter Zijlstra <peterz(a)infradead.org> x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Masahiro Yamada <masahiroy(a)kernel.org> powerpc: add crtsavres.o to always-y instead of extra-y Arnd Bergmann <arnd(a)arndb.de> EDAC/thunderx: Fix possible out-of-bounds string access Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/inject: Clear test status value Colin Ian King <colin.i.king(a)gmail.com> x86/lib: Fix overflow when counting digits ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 6 + Documentation/devicetree/bindings/arm/qcom.yaml | 2 +- .../devicetree/bindings/gpio/xlnx,gpio-xilinx.yaml | 2 +- .../bindings/media/mediatek,mdp3-rdma.yaml | 29 +- .../bindings/media/mediatek,mdp3-wrot.yaml | 23 +- .../devicetree/bindings/media/rockchip-isp1.yaml | 11 +- .../phy/qcom,sc8280xp-qmp-usb43dp-phy.yaml | 4 +- .../bindings/timer/thead,c900-aclint-mtimer.yaml | 9 +- Documentation/driver-api/pci/p2pdma.rst | 16 +- Makefile | 4 +- arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 2 +- arch/arm/boot/dts/qcom/qcom-msm8226.dtsi | 4 +- arch/arm/boot/dts/qcom/qcom-sdx55.dtsi | 4 +- arch/arm/boot/dts/qcom/qcom-sdx65.dtsi | 4 +- arch/arm/boot/dts/st/stm32mp157a-dk1-scmi.dts | 2 +- arch/arm/boot/dts/st/stm32mp157c-dk2-scmi.dts | 2 +- arch/arm/boot/dts/st/stm32mp157c-ed1-scmi.dts | 2 +- arch/arm/boot/dts/st/stm32mp157c-ev1-scmi.dts | 3 +- arch/arm/mach-davinci/Kconfig | 2 + arch/arm64/boot/dts/freescale/imx8mm.dtsi | 4 +- arch/arm64/boot/dts/hisilicon/hikey970-pmic.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 24 +- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 2 +- arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 4 + arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 1 - arch/arm64/boot/dts/qcom/qrb5165-rb5.dts | 4 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 14 +- arch/arm64/boot/dts/qcom/sc7180-acer-aspire1.dts | 17 +- arch/arm64/boot/dts/qcom/sc7180.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- arch/arm64/boot/dts/qcom/sc8180x-primus.dts | 2 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 10 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 11 + arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 2 +- arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 2 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6125.dtsi | 4 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 41 ++- arch/arm64/boot/dts/qcom/sm8150-hdk.dts | 12 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 3 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8550.dtsi | 38 ++- .../boot/dts/renesas/r8a779g0-white-hawk-cpu.dtsi | 3 + arch/arm64/boot/dts/rockchip/rk3566-lubancat-1.dts | 2 +- arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am65-iot2050-common.dtsi | 10 + arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 2 +- arch/arm64/boot/dts/xilinx/Makefile | 9 +- arch/arm64/kernel/ptrace.c | 13 +- arch/arm64/kvm/vgic/vgic-its.c | 5 + arch/arm64/kvm/vgic/vgic-mmio-v3.c | 27 +- arch/csky/include/asm/jump_label.h | 5 + arch/loongarch/include/asm/elf.h | 5 - arch/loongarch/kernel/elf.c | 5 - arch/loongarch/kernel/process.c | 1 + arch/loongarch/net/bpf_jit.c | 5 +- arch/mips/alchemy/devboards/db1200.c | 2 +- arch/mips/alchemy/devboards/db1550.c | 2 +- arch/mips/include/asm/dmi.h | 2 +- arch/mips/kernel/setup.c | 4 +- arch/powerpc/Kconfig | 1 + arch/powerpc/kernel/rtas.c | 19 +- arch/powerpc/kvm/book3s_hv.c | 18 +- arch/powerpc/lib/Makefile | 2 +- arch/powerpc/perf/hv-gpci.c | 3 + arch/powerpc/perf/imc-pmu.c | 6 + arch/powerpc/platforms/44x/Kconfig | 1 + arch/powerpc/platforms/powernv/opal-irqchip.c | 2 + arch/powerpc/platforms/powernv/opal-powercap.c | 6 + arch/powerpc/platforms/powernv/opal-xscom.c | 5 + arch/powerpc/platforms/pseries/hotplug-memory.c | 9 +- arch/riscv/include/asm/sections.h | 1 + arch/riscv/include/asm/xip_fixup.h | 2 +- arch/riscv/kernel/module.c | 3 +- arch/riscv/kernel/patch.c | 11 +- arch/riscv/kernel/vmlinux-xip.lds.S | 2 + arch/riscv/kernel/vmlinux.lds.S | 2 + arch/riscv/mm/pageattr.c | 11 +- arch/s390/include/asm/pci_io.h | 32 +- arch/s390/net/bpf_jit_comp.c | 2 +- arch/s390/pci/pci_mmio.c | 12 +- arch/um/drivers/virt-pci.c | 2 +- arch/x86/events/intel/uncore_snbep.c | 10 +- arch/x86/include/asm/kvm-x86-pmu-ops.h | 2 +- arch/x86/include/asm/mwait.h | 11 +- arch/x86/kernel/cpu/mce/inject.c | 1 + arch/x86/kernel/cpu/microcode/intel.c | 14 +- arch/x86/kernel/kvmclock.c | 12 +- arch/x86/kvm/pmu.c | 63 +++- arch/x86/kvm/pmu.h | 18 -- arch/x86/kvm/svm/nested.c | 15 - arch/x86/kvm/svm/pmu.c | 16 - arch/x86/kvm/vmx/pmu_intel.c | 20 -- arch/x86/lib/misc.c | 2 +- arch/x86/pci/mmconfig-shared.c | 13 +- block/bio.c | 46 +-- block/blk-cgroup.h | 3 +- block/blk-mq.c | 16 +- block/genhd.c | 5 +- block/ioctl.c | 11 +- crypto/af_alg.c | 14 +- crypto/rsa.c | 2 + crypto/scompress.c | 6 + drivers/accel/habanalabs/common/habanalabs_ioctl.c | 2 +- drivers/acpi/acpi_extlog.c | 7 +- drivers/acpi/acpi_lpit.c | 2 +- drivers/acpi/acpi_lpss.c | 3 +- drivers/acpi/acpi_video.c | 12 +- drivers/acpi/property.c | 4 + drivers/android/binder_alloc.c | 22 +- drivers/base/class.c | 1 + drivers/base/node.c | 9 +- drivers/base/swnode.c | 3 + drivers/block/loop.c | 52 ++-- drivers/block/null_blk/main.c | 12 +- drivers/bluetooth/btmtkuart.c | 11 +- drivers/bluetooth/btnxpuart.c | 7 +- drivers/bus/mhi/ep/main.c | 139 ++++++--- drivers/bus/mhi/ep/ring.c | 41 +-- drivers/cdx/cdx.c | 14 +- drivers/char/hw_random/stm32-rng.c | 1 + drivers/clk/clk-renesas-pcie.c | 2 +- drivers/clk/clk-si5341.c | 4 +- drivers/clk/clk-sp7021.c | 12 +- drivers/clk/qcom/dispcc-sm8550.c | 12 +- drivers/clk/qcom/gcc-sm8550.c | 110 +++---- drivers/clk/qcom/gpucc-sm8150.c | 4 +- drivers/clk/qcom/gpucc-sm8550.c | 6 +- drivers/clk/qcom/videocc-sm8150.c | 1 + drivers/clk/renesas/rzg2l-cpg.c | 91 +++--- drivers/clk/zynqmp/clk-mux-zynqmp.c | 2 +- drivers/clk/zynqmp/divider.c | 66 +--- drivers/clocksource/timer-ep93xx.c | 5 +- drivers/clocksource/timer-ti-dm.c | 4 +- drivers/cpufreq/scmi-cpufreq.c | 7 +- drivers/cpuidle/cpuidle-haltpoll.c | 9 +- drivers/crypto/ccp/ccp-ops.c | 5 +- drivers/crypto/hisilicon/hpre/hpre_main.c | 122 ++++---- drivers/crypto/hisilicon/qm.c | 98 +++++- drivers/crypto/hisilicon/sec2/sec.h | 7 + drivers/crypto/hisilicon/sec2/sec_crypto.c | 10 +- drivers/crypto/hisilicon/sec2/sec_main.c | 70 +++-- drivers/crypto/hisilicon/zip/zip_main.c | 175 ++++++++--- drivers/crypto/inside-secure/safexcel_cipher.c | 19 +- .../intel/qat/qat_common/adf_accel_devices.h | 1 + drivers/crypto/intel/qat/qat_common/adf_rl.c | 7 +- drivers/crypto/intel/qat/qat_common/adf_rl.h | 1 + drivers/crypto/intel/qat/qat_common/adf_sysfs.c | 6 +- .../intel/qat/qat_common/adf_sysfs_ras_counters.c | 7 +- drivers/crypto/intel/qat/qat_common/adf_sysfs_rl.c | 8 + drivers/crypto/sa2ul.c | 3 +- drivers/crypto/sahara.c | 248 +++++++-------- drivers/crypto/starfive/jh7110-cryp.c | 10 +- drivers/crypto/virtio/virtio_crypto_common.h | 2 + drivers/crypto/virtio/virtio_crypto_core.c | 26 +- drivers/cxl/core/port.c | 24 +- drivers/cxl/core/region.c | 2 +- drivers/cxl/cxl.h | 2 - drivers/edac/thunderx_edac.c | 10 +- drivers/firmware/qcom/qcom_qseecom_uefisecapp.c | 20 +- drivers/firmware/ti_sci.c | 10 +- drivers/gpio/gpio-mlxbf3.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 32 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 34 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_reset.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.h | 1 - drivers/gpu/drm/amd/amdkfd/kfd_flat_memory.c | 26 +- drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 21 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 76 +++-- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 4 +- .../display/dc/link/protocols/link_dp_training.c | 2 +- .../display/dc/link/protocols/link_dp_training.h | 2 +- drivers/gpu/drm/amd/pm/legacy-dpm/kv_dpm.c | 4 +- drivers/gpu/drm/amd/pm/legacy-dpm/legacy_dpm.c | 52 +--- drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 6 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 3 - .../gpu/drm/bridge/cadence/cdns-mhdp8546-hdcp.c | 3 +- drivers/gpu/drm/bridge/imx/imx93-mipi-dsi.c | 4 +- drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/bridge/ti-tpd12s015.c | 4 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 20 +- drivers/gpu/drm/drm_drv.c | 10 +- drivers/gpu/drm/i915/display/intel_dp.c | 2 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 5 +- drivers/gpu/drm/i915/display/intel_frontbuffer.c | 2 - .../gpu/drm/i915/gem/i915_gem_object_frontbuffer.h | 1 + drivers/gpu/drm/imx/lcdc/imx-lcdc.c | 9 - drivers/gpu/drm/mediatek/mtk_disp_merge.c | 2 +- drivers/gpu/drm/mediatek/mtk_dp.c | 1 + drivers/gpu/drm/mediatek/mtk_dpi.c | 16 +- drivers/gpu/drm/mediatek/mtk_mdp_rdma.c | 3 +- drivers/gpu/drm/msm/Kconfig | 1 + drivers/gpu/drm/msm/adreno/adreno_device.c | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 8 +- .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 9 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_2_sc7180.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_7_2_sc7280.h | 2 +- .../gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 24 +- drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.c | 95 ++++-- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_catalog.h | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c | 6 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.h | 4 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.c | 6 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_lm.h | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_util.c | 20 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_util.h | 8 +- drivers/gpu/drm/msm/disp/mdp4/mdp4_crtc.c | 9 + drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 +- drivers/gpu/drm/nouveau/dispnv50/disp.c | 3 +- drivers/gpu/drm/nouveau/nv04_fence.c | 2 +- drivers/gpu/drm/omapdrm/omap_drv.c | 9 +- drivers/gpu/drm/panel/panel-elida-kd35t133.c | 2 + drivers/gpu/drm/panel/panel-newvision-nv3051d.c | 2 + drivers/gpu/drm/panel/panel-sitronix-st7701.c | 2 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 70 +++-- drivers/gpu/drm/radeon/r100.c | 4 +- drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/radeon/radeon_display.c | 7 +- drivers/gpu/drm/radeon/radeon_vm.c | 8 +- drivers/gpu/drm/radeon/si.c | 4 + drivers/gpu/drm/radeon/sumo_dpm.c | 4 +- drivers/gpu/drm/radeon/trinity_dpm.c | 4 +- drivers/gpu/drm/scheduler/sched_entity.c | 13 +- drivers/gpu/drm/tests/drm_dp_mst_helper_test.c | 6 +- drivers/gpu/drm/tidss/tidss_dispc.c | 63 +++- drivers/gpu/drm/tidss/tidss_kms.c | 4 - drivers/gpu/drm/tilcdc/tilcdc_drv.c | 2 +- drivers/greybus/gb-beagleplay.c | 58 +++- drivers/hid/hid-sensor-hub.c | 2 +- drivers/hid/wacom_wac.c | 32 +- drivers/i2c/busses/i2c-s3c2410.c | 40 +-- drivers/idle/intel_idle.c | 19 +- drivers/iio/adc/ad7091r-base.c | 6 +- drivers/iio/adc/ad9467.c | 112 +++++-- drivers/iio/adc/adi-axi-adc.c | 74 +---- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6 +- drivers/infiniband/hw/hns/hns_roce_pd.c | 2 +- drivers/infiniband/hw/mthca/mthca_cmd.c | 4 +- drivers/infiniband/hw/mthca/mthca_main.c | 2 +- drivers/infiniband/ulp/iser/iscsi_iser.h | 2 - drivers/infiniband/ulp/iser/iser_initiator.c | 5 +- drivers/infiniband/ulp/iser/iser_memory.c | 8 +- drivers/infiniband/ulp/iser/iser_verbs.c | 1 - drivers/input/keyboard/atkbd.c | 12 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/dma-iommu.c | 3 + drivers/iommu/of_iommu.c | 7 + drivers/leds/Kconfig | 1 + drivers/leds/leds-aw200xx.c | 7 +- drivers/md/md.c | 69 +++-- drivers/md/raid1.c | 12 +- drivers/media/common/videobuf2/videobuf2-core.c | 9 +- drivers/media/dvb-core/dvbdev.c | 2 + drivers/media/dvb-frontends/m88ds3103.c | 7 +- drivers/media/i2c/mt9m114.c | 2 +- drivers/media/pci/bt8xx/bttv-driver.c | 27 +- drivers/media/pci/bt8xx/bttv-vbi.c | 8 +- drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/media/platform/amphion/vpu_core.c | 2 +- .../media/platform/mediatek/jpeg/mtk_jpeg_core.c | 1 - drivers/media/platform/nxp/imx-mipi-csis.c | 17 +- .../media/platform/rockchip/rkisp1/rkisp1-dev.c | 6 +- .../media/platform/rockchip/rkisp1/rkisp1-isp.c | 1 + drivers/media/platform/verisilicon/hantro_drv.c | 2 + drivers/media/platform/verisilicon/hantro_v4l2.c | 3 + drivers/media/test-drivers/visl/visl-video.c | 3 + drivers/media/usb/cx231xx/cx231xx-core.c | 2 + drivers/media/usb/pvrusb2/pvrusb2-context.c | 3 +- drivers/media/v4l2-core/v4l2-async.c | 1 - drivers/mfd/cs42l43-sdw.c | 74 ++--- drivers/mfd/intel-lpss.c | 2 +- drivers/mfd/rk8xx-core.c | 34 +-- drivers/mfd/syscon.c | 4 + drivers/mfd/tps6594-core.c | 3 + drivers/mmc/host/Kconfig | 10 +- drivers/mtd/mtd_blkdevs.c | 4 +- drivers/mtd/nand/raw/fsl_ifc_nand.c | 2 +- drivers/net/amt.c | 6 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 2 + drivers/net/ethernet/intel/ice/ice_ptp.c | 4 + drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 7 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 26 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_rx.c | 6 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 8 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 6 +- .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 24 +- drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 1 + .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 29 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 33 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 5 +- drivers/net/netdevsim/netdev.c | 9 +- drivers/net/phy/micrel.c | 9 + drivers/net/usb/r8152.c | 16 +- drivers/net/wireless/ath/ath11k/ahb.c | 4 +- drivers/net/wireless/ath/ath12k/core.c | 6 +- drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c | 3 +- drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c | 2 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/phy-ctxt.c | 11 - drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 2 +- drivers/net/wireless/marvell/libertas/Kconfig | 2 - drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/marvell/mwifiex/fw.h | 1 + drivers/net/wireless/marvell/mwifiex/ioctl.h | 1 + drivers/net/wireless/marvell/mwifiex/sdio.c | 21 +- drivers/net/wireless/marvell/mwifiex/sdio.h | 2 + drivers/net/wireless/marvell/mwifiex/uap_cmd.c | 8 + drivers/net/wireless/mediatek/mt76/eeprom.c | 6 +- drivers/net/wireless/mediatek/mt76/mt76.h | 3 +- drivers/net/wireless/mediatek/mt76/mt7615/sdio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/eeprom.h | 3 +- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7921/init.c | 23 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 38 ++- drivers/net/wireless/mediatek/mt76/mt7921/mcu.c | 11 +- drivers/net/wireless/mediatek/mt76/mt7921/mt7921.h | 1 + drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 3 + drivers/net/wireless/mediatek/mt76/mt7921/sdio.c | 4 +- .../net/wireless/mediatek/mt76/mt7921/sdio_mac.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.h | 10 +- drivers/net/wireless/mediatek/mt76/sdio.c | 18 +- drivers/net/wireless/purelifi/plfxlc/usb.c | 5 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 79 +---- drivers/net/wireless/realtek/rtlwifi/pci.h | 5 - .../net/wireless/realtek/rtlwifi/rtl8188ee/phy.c | 14 +- .../wireless/realtek/rtlwifi/rtl8192c/phy_common.c | 12 +- .../wireless/realtek/rtlwifi/rtl8192c/phy_common.h | 1 - .../net/wireless/realtek/rtlwifi/rtl8192ce/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192ce/phy.h | 1 - .../net/wireless/realtek/rtlwifi/rtl8192cu/phy.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 15 +- .../net/wireless/realtek/rtlwifi/rtl8192ee/phy.c | 16 +- .../net/wireless/realtek/rtlwifi/rtl8192se/phy.c | 15 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 5 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 7 + drivers/net/wireless/realtek/rtw88/mac80211.c | 4 +- drivers/net/wireless/realtek/rtw88/sdio.c | 35 ++- drivers/net/xen-netback/netback.c | 44 ++- drivers/nvme/target/tcp.c | 22 +- drivers/nvme/target/trace.h | 5 +- drivers/of/base.c | 1 + drivers/of/unittest-data/tests-phandle.dtsi | 10 +- drivers/of/unittest.c | 74 +++-- drivers/pci/controller/dwc/pci-keystone.c | 9 + drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/pcie-mediatek-gen3.c | 85 +++--- drivers/pci/controller/pcie-mediatek.c | 10 +- drivers/pci/controller/pcie-xilinx-dma-pl.c | 6 +- drivers/pci/endpoint/functions/pci-epf-mhi.c | 66 ++-- drivers/perf/arm-cmn.c | 2 +- drivers/perf/hisilicon/hisi_uncore_uc_pmu.c | 4 +- drivers/platform/x86/intel/vsec.c | 25 +- drivers/platform/x86/intel/vsec.h | 1 + drivers/power/supply/bq256xx_charger.c | 5 +- drivers/power/supply/cw2015_battery.c | 2 +- drivers/power/supply/qcom_pmi8998_charger.c | 4 + drivers/pwm/core.c | 2 +- drivers/pwm/pwm-jz4740.c | 7 +- drivers/pwm/pwm-stm32.c | 31 +- drivers/scsi/bfa/bfad_bsg.c | 2 +- drivers/scsi/fnic/fnic_debugfs.c | 3 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 11 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 9 +- drivers/scsi/lpfc/lpfc_els.c | 4 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 16 + drivers/scsi/mpi3mr/mpi3mr_os.c | 19 +- drivers/soc/qcom/llcc-qcom.c | 10 +- drivers/spi/Kconfig | 3 +- drivers/spi/spi-cadence-quadspi.c | 4 +- drivers/spi/spi-coldfire-qspi.c | 1 - drivers/spi/spi-sh-msiof.c | 17 ++ drivers/spmi/spmi-mtk-pmif.c | 20 +- drivers/staging/media/rkvdec/rkvdec.c | 3 + .../interface/vchiq_arm/vchiq_connected.c | 4 +- .../interface/vchiq_arm/vchiq_connected.h | 4 +- .../vc04_services/interface/vchiq_arm/vchiq_core.c | 6 +- drivers/target/target_core_file.c | 10 +- drivers/thermal/loongson2_thermal.c | 2 +- drivers/thermal/thermal_core.c | 1 - drivers/tty/serial/8250/8250_bcm2835aux.c | 2 + drivers/tty/serial/8250/8250_exar.c | 5 +- drivers/tty/serial/8250/8250_omap.c | 2 +- drivers/tty/serial/apbuart.c | 2 +- drivers/tty/serial/imx.c | 40 +-- drivers/tty/serial/omap-serial.c | 27 +- drivers/tty/serial/sc16is7xx.c | 8 +- drivers/tty/serial/serial_core.c | 61 +++- drivers/tty/serial/stm32-usart.c | 8 +- drivers/tty/tty_io.c | 3 + drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-qcom.c | 4 +- drivers/usb/cdns3/cdns3-gadget.c | 142 ++++++--- drivers/usb/cdns3/cdns3-gadget.h | 3 + drivers/usb/chipidea/core.c | 7 + drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/generic.c | 16 + drivers/usb/dwc3/core.c | 39 +-- drivers/usb/dwc3/ep0.c | 5 +- drivers/usb/dwc3/gadget.c | 19 +- drivers/usb/gadget/function/f_uvc.c | 63 ++-- drivers/usb/gadget/function/u_ether.c | 2 + drivers/usb/gadget/function/u_uvc.h | 6 + drivers/usb/gadget/legacy/webcam.c | 333 ++++++++++++++++----- drivers/usb/host/xhci-mtk.c | 40 ++- drivers/usb/host/xhci-mtk.h | 2 + drivers/usb/mon/mon_bin.c | 7 +- drivers/usb/phy/phy-mxs-usb.c | 3 +- drivers/usb/typec/class.c | 4 +- drivers/vdpa/alibaba/eni_vdpa.c | 6 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 7 +- drivers/vfio/pci/pds/dirty.c | 6 +- drivers/vhost/vsock.c | 1 + drivers/video/fbdev/acornfb.c | 2 +- drivers/video/fbdev/core/fb_defio.c | 8 +- drivers/video/fbdev/imxfb.c | 27 +- drivers/video/fbdev/sm712fb.c | 6 +- drivers/watchdog/bcm2835_wdt.c | 3 +- drivers/watchdog/hpwdt.c | 2 +- drivers/watchdog/rti_wdt.c | 13 +- drivers/watchdog/watchdog_dev.c | 3 +- fs/ceph/Kconfig | 1 + fs/dlm/debug_fs.c | 2 +- fs/efivarfs/super.c | 15 + fs/erofs/decompressor.c | 2 +- fs/erofs/zdata.c | 5 +- fs/erofs/zmap.c | 23 +- fs/f2fs/data.c | 7 +- fs/f2fs/file.c | 7 +- fs/f2fs/namei.c | 2 +- fs/f2fs/node.c | 6 +- fs/f2fs/super.c | 8 + fs/f2fs/xattr.c | 11 +- fs/gfs2/quota.c | 3 +- fs/gfs2/rgrp.c | 2 +- fs/namespace.c | 11 + fs/nfs/blocklayout/blocklayout.c | 7 +- fs/nfs/dir.c | 2 +- fs/nfs/direct.c | 5 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4proc.c | 3 + fs/nfs/pnfs.c | 3 +- fs/pipe.c | 17 +- fs/pstore/ram_core.c | 2 +- fs/smb/server/asn1.c | 5 + fs/smb/server/connection.c | 6 - fs/smb/server/connection.h | 2 +- fs/smb/server/oplock.c | 6 + fs/smb/server/smb2pdu.c | 22 +- fs/smb/server/smb_common.c | 6 +- fs/smb/server/transport_rdma.c | 11 +- fs/smb/server/transport_tcp.c | 13 +- include/asm-generic/cmpxchg-local.h | 2 +- include/crypto/if_alg.h | 3 + include/drm/display/drm_dp_mst_helper.h | 2 +- include/drm/drm_bridge.h | 2 +- include/linux/bio.h | 9 +- include/linux/bpf.h | 13 +- include/linux/clk-provider.h | 4 +- include/linux/gpio/driver.h | 2 +- include/linux/hisi_acc_qm.h | 20 +- include/linux/iio/adc/adi-axi-adc.h | 4 + include/linux/mhi_ep.h | 19 +- include/linux/netfilter_bridge.h | 6 +- include/linux/pci.h | 12 +- include/linux/rcu_notifier.h | 6 +- include/linux/rcupdate.h | 6 + include/linux/skbuff.h | 2 +- include/linux/srcu.h | 2 +- include/linux/usb.h | 6 + include/linux/virtio_net.h | 9 +- include/linux/virtio_vsock.h | 1 + include/net/af_vsock.h | 2 +- include/net/bluetooth/hci_core.h | 1 - include/net/netdev_queues.h | 2 +- include/uapi/linux/bpf.h | 3 + init/do_mounts.c | 9 +- io_uring/io_uring.c | 22 +- io_uring/rw.c | 10 +- kernel/bpf/arraymap.c | 12 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/helpers.c | 2 +- kernel/bpf/lpm_trie.c | 3 + kernel/bpf/map_in_map.c | 13 +- kernel/bpf/map_in_map.h | 2 +- kernel/bpf/memalloc.c | 105 +------ kernel/bpf/stackmap.c | 11 +- kernel/bpf/syscall.c | 47 ++- kernel/bpf/verifier.c | 96 +++--- kernel/debug/kdb/kdb_main.c | 2 - kernel/dma/coherent.c | 4 +- kernel/rcu/Kconfig.debug | 25 ++ kernel/rcu/rcu.h | 8 +- kernel/rcu/rcutorture.c | 12 +- kernel/rcu/tree_stall.h | 11 +- kernel/rcu/update.c | 6 + kernel/sched/fair.c | 20 +- kernel/time/tick-sched.c | 5 + kernel/trace/bpf_trace.c | 7 + lib/kunit/debugfs.c | 34 ++- lib/test_bpf.c | 2 +- net/bluetooth/hci_conn.c | 8 +- net/bluetooth/hci_debugfs.c | 12 +- net/bluetooth/hci_event.c | 11 +- net/bridge/br_netfilter_hooks.c | 42 ++- net/bridge/br_netfilter_ipv6.c | 14 +- net/core/rtnetlink.c | 14 +- net/dns_resolver/dns_key.c | 2 +- net/dsa/user.c | 7 +- net/ethtool/features.c | 9 +- net/ipv4/af_inet.c | 1 + net/ipv4/ipmr.c | 13 +- net/ipv4/netfilter/nf_reject_ipv4.c | 9 +- net/ipv4/udp.c | 34 +-- net/ipv6/ip6_tunnel.c | 26 +- net/ipv6/mcast.c | 4 + net/ipv6/netfilter/nf_reject_ipv6.c | 11 +- net/ipv6/udp.c | 16 +- net/mac80211/mlme.c | 49 ++- net/mptcp/options.c | 6 +- net/mptcp/subflow.c | 17 +- net/ncsi/internal.h | 7 +- net/ncsi/ncsi-netlink.c | 4 +- net/ncsi/ncsi-pkt.h | 7 +- net/ncsi/ncsi-rsp.c | 26 +- net/netfilter/ipset/ip_set_hash_netiface.c | 8 +- net/netfilter/ipvs/ip_vs_xmit.c | 4 +- net/netfilter/nf_log_syslog.c | 13 +- net/netfilter/nf_queue.c | 6 +- net/netfilter/nf_tables_api.c | 38 ++- net/netfilter/nfnetlink_log.c | 8 +- net/netfilter/nft_limit.c | 19 +- net/netfilter/xt_physdev.c | 2 +- net/netlabel/netlabel_calipso.c | 49 +-- net/rxrpc/ar-internal.h | 1 + net/rxrpc/call_object.c | 4 +- net/rxrpc/local_object.c | 13 +- net/rxrpc/output.c | 6 +- net/rxrpc/rxkad.c | 2 + net/sched/act_ct.c | 12 +- net/sctp/socket.c | 13 +- net/sunrpc/xprt.c | 23 +- net/sunrpc/xprtmultipath.c | 2 +- net/tls/tls_sw.c | 6 +- net/unix/unix_bpf.c | 21 +- net/vmw_vsock/af_vsock.c | 9 +- net/vmw_vsock/hyperv_transport.c | 4 +- net/vmw_vsock/virtio_transport.c | 1 + net/vmw_vsock/virtio_transport_common.c | 43 ++- net/vmw_vsock/vsock_loopback.c | 1 + net/wireless/scan.c | 47 ++- rust/bindgen_parameters | 4 + security/apparmor/lib.c | 1 + security/apparmor/lsm.c | 1 - security/apparmor/policy.c | 13 +- security/apparmor/policy_unpack.c | 13 +- security/keys/encrypted-keys/encrypted.c | 4 + security/selinux/hooks.c | 7 + sound/drivers/aloop.c | 23 +- sound/pci/hda/patch_hdmi.c | 6 + sound/pci/hda/patch_realtek.c | 3 + sound/pci/oxygen/oxygen_mixer.c | 2 +- sound/soc/amd/vangogh/acp5x-mach.c | 35 +-- sound/soc/codecs/cs35l33.c | 4 +- sound/soc/codecs/cs35l34.c | 4 +- sound/soc/codecs/rt5645.c | 8 - sound/soc/codecs/tas2781-fmwlib.c | 1 + sound/soc/fsl/Kconfig | 1 + .../soc/intel/boards/sof_sdw_rt_sdca_jack_common.c | 1 + sound/soc/intel/common/soc-acpi-intel-glk-match.c | 14 +- sound/soc/mediatek/common/mtk-dsp-sof-common.c | 2 +- sound/soc/sof/intel/hda.h | 1 + sound/soc/sof/intel/mtl.c | 28 ++ sound/soc/sof/intel/pci-mtl.c | 12 +- sound/soc/sof/ipc4-loader.c | 11 +- sound/soc/sof/topology.c | 2 +- sound/usb/mixer_scarlett2.c | 207 +++++++++---- tools/include/uapi/linux/bpf.h | 3 + tools/lib/api/io.h | 1 + tools/perf/builtin-stat.c | 18 +- .../arch/arm64/ampere/ampereone/core-imp-def.json | 2 +- .../pmu-events/arch/arm64/arm/cmn/sys/cmn.json | 2 +- .../arch/powerpc/power10/datasource.json | 18 +- .../attr/test-record-user-regs-no-sve-aarch64 | 2 +- .../tests/attr/test-record-user-regs-sve-aarch64 | 2 +- tools/perf/tests/workloads/thloop.c | 4 +- tools/perf/util/bpf-event.c | 8 +- tools/perf/util/bpf-event.h | 12 +- tools/perf/util/db-export.c | 4 +- tools/perf/util/env.c | 50 ++-- tools/perf/util/env.h | 4 + tools/perf/util/genelf.c | 6 +- tools/perf/util/header.c | 17 +- tools/perf/util/hisi-ptt.c | 1 + tools/perf/util/mem-events.c | 25 +- tools/perf/util/stat-shadow.c | 2 +- tools/perf/util/unwind-libdw.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/testing/selftests/alsa/conf.c | 2 +- tools/testing/selftests/alsa/mixer-test.c | 4 +- tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 2 + tools/testing/selftests/bpf/prog_tests/time_tai.c | 2 +- .../selftests/bpf/progs/bpf_iter_task_stack.c | 5 + tools/testing/selftests/bpf/progs/iters.c | 2 +- .../selftests/bpf/progs/test_global_func16.c | 2 +- .../selftests/bpf/progs/verifier_basic_stack.c | 8 +- .../testing/selftests/bpf/progs/verifier_int_ptr.c | 5 +- .../selftests/bpf/progs/verifier_raw_stack.c | 5 +- .../testing/selftests/bpf/progs/verifier_var_off.c | 62 +++- .../selftests/bpf/progs/xdp_synproxy_kern.c | 4 +- .../selftests/bpf/verifier/atomic_cmpxchg.c | 11 - tools/testing/selftests/bpf/verifier/calls.c | 4 +- tools/testing/selftests/bpf/xskxceiver.c | 25 +- .../drivers/net/bonding/mode-1-recovery-updelay.sh | 2 +- .../drivers/net/bonding/mode-2-recovery-updelay.sh | 2 +- .../testing/selftests/drivers/net/mlxsw/qos_pfc.sh | 18 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 106 ++++++- .../selftests/net/arp_ndisc_untracked_subnets.sh | 2 +- .../selftests/net/fib_nexthop_multiprefix.sh | 4 +- tools/testing/selftests/powerpc/math/fpu_preempt.c | 9 +- tools/testing/selftests/powerpc/math/vmx_preempt.c | 10 +- tools/testing/selftests/sgx/Makefile | 2 +- tools/testing/selftests/sgx/load.c | 9 +- tools/testing/selftests/sgx/sigstruct.c | 5 +- tools/testing/selftests/sgx/test_encl.c | 8 +- 643 files changed, 5372 insertions(+), 3267 deletions(-)

1 year, 9 months

13
663
0 0

[PATCH 5.15 0/1] cifs: Fix stack-out-of-bounds in smb2_set_next_command()

by ZhaoLong Wang

Hello, I am sending this patch for inclusion in the stable tree, as it fixes a critical stack-out-of-bounds bug in the cifs module related to the `smb2_set_next_command()` function. Problem Summary: A problem was observed in the `statfs` system call for cifs, where it failed with a "Resource temporarily unavailable" message. Further investigation with KASAN revealed a stack-out-of-bounds error. The root cause was a miscalculation of the size of the `smb2_query_info_req` structure in the `SMB2_query_info_init()` function. This situation arose due to a dependency on a prior commit (`eb3e28c1e89b`) that replaced a 1-element array with a flexible array member in the `smb2_query_info_req` structure. This commit was not backported to the 5.10.y and 5.15.y stable branch, leading to an incorrect size calculation after the backport of commit `33eae65c6f49`. Fix Details: The patch corrects the size calculation to ensure the correct length is used when initializing the `smb2_query_info_req` structure. It has been tested and confirmed to resolve the issue without introducing any regressions. Maybe the prior commit eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays") should be backported to solve this problem directly. The patch does not seem to conflict. Best regards, ZhaoLong Wang ZhaoLong Wang (1): cifs: Fix stack-out-of-bounds in smb2_set_next_command() fs/cifs/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.39.2

1 year, 9 months

2
2
0 0

[PATCH v3] mm/zswap: invalidate old entry when store fail or !zswap_enabled

by chengming.zhou＠linux.dev

From: Chengming Zhou <zhouchengming(a)bytedance.com> We may encounter duplicate entry in the zswap_store(): 1. swap slot that freed to per-cpu swap cache, doesn't invalidate the zswap entry, then got reused. This has been fixed. 2. !exclusive load mode, swapin folio will leave its zswap entry on the tree, then swapout again. This has been removed. 3. one folio can be dirtied again after zswap_store(), so need to zswap_store() again. This should be handled correctly. So we must invalidate the old duplicate entry before insert the new one, which actually doesn't have to be done at the beginning of zswap_store(). And this is a normal situation, we shouldn't WARN_ON(1) in this case, so delete it. (The WARN_ON(1) seems want to detect swap entry UAF problem? But not very necessary here.) The good point is that we don't need to lock tree twice in the store success path. Note we still need to invalidate the old duplicate entry in the store failure path, otherwise the new data in swapfile could be overwrite by the old data in zswap pool when lru writeback. We have to do this even when !zswap_enabled since zswap can be disabled anytime. If the folio store success before, then got dirtied again but zswap disabled, we won't invalidate the old duplicate entry in the zswap_store(). So later lru writeback may overwrite the new data in swapfile. Fixes: 42c06a0e8ebe ("mm: kill frontswap") Cc: <stable(a)vger.kernel.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Chengming Zhou <zhouchengming(a)bytedance.com> --- v3: - Fix a few grammatical problems in comments, per Yosry. v2: - Change the duplicate entry invalidation loop to if, since we hold the lock, we won't find it once we invalidate it, per Yosry. - Add Fixes tag. --- mm/zswap.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/mm/zswap.c b/mm/zswap.c index cd67f7f6b302..d9d8947d6761 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1518,18 +1518,8 @@ bool zswap_store(struct folio *folio) return false; if (!zswap_enabled) - return false; + goto check_old; - /* - * If this is a duplicate, it must be removed before attempting to store - * it, otherwise, if the store fails the old page won't be removed from - * the tree, and it might be written back overriding the new data. - */ - spin_lock(&tree->lock); - entry = zswap_rb_search(&tree->rbroot, offset); - if (entry) - zswap_invalidate_entry(tree, entry); - spin_unlock(&tree->lock); objcg = get_obj_cgroup_from_folio(folio); if (objcg && !obj_cgroup_may_zswap(objcg)) { memcg = get_mem_cgroup_from_objcg(objcg); @@ -1608,14 +1598,12 @@ bool zswap_store(struct folio *folio) /* map */ spin_lock(&tree->lock); /* - * A duplicate entry should have been removed at the beginning of this - * function. Since the swap entry should be pinned, if a duplicate is - * found again here it means that something went wrong in the swap - * cache. + * The folio may have been dirtied again, invalidate the + * possibly stale entry before inserting the new entry. */ - while (zswap_rb_insert(&tree->rbroot, entry, &dupentry) == -EEXIST) { - WARN_ON(1); + if (zswap_rb_insert(&tree->rbroot, entry, &dupentry) == -EEXIST) { zswap_invalidate_entry(tree, dupentry); + VM_WARN_ON(zswap_rb_insert(&tree->rbroot, entry, &dupentry)); } if (entry->length) { INIT_LIST_HEAD(&entry->lru); @@ -1638,6 +1626,17 @@ bool zswap_store(struct folio *folio) reject: if (objcg) obj_cgroup_put(objcg); +check_old: + /* + * If the zswap store fails or zswap is disabled, we must invalidate the + * possibly stale entry which was previously stored at this offset. + * Otherwise, writeback could overwrite the new data in the swapfile. + */ + spin_lock(&tree->lock); + entry = zswap_rb_search(&tree->rbroot, offset); + if (entry) + zswap_invalidate_entry(tree, entry); + spin_unlock(&tree->lock); return false; shrink: -- 2.40.1

1 year, 9 months

4
4
0 0

[PATCH 1/1] netfilter: ipset: Missing gc cancellations fixed

by Jozsef Kadlecsik

The patch fdb8e12cc2cc ("netfilter: ipset: fix performance regression in swap operation") missed to add the calls to gc cancellations at the error path of create operations and at module unload. Also, because the half of the destroy operations now executed by a function registered by call_rcu(), neither NFNL_SUBSYS_IPSET mutex or rcu read lock is held and therefore the checking of them results false warnings. Reported-by: syzbot+52bbc0ad036f6f0d4a25(a)syzkaller.appspotmail.com Reported-by: Brad Spengler <spender(a)grsecurity.net> Reported-by: Стас Ничипорович <stasn77(a)gmail.com> Fixes: fdb8e12cc2cc ("netfilter: ipset: fix performance regression in swap operation") Tested-by: Brad Spengler <spender(a)grsecurity.net> Tested-by: Стас Ничипорович <stasn77(a)gmail.com> Signed-off-by: Jozsef Kadlecsik <kadlec(a)netfilter.org> --- net/netfilter/ipset/ip_set_core.c | 2 ++ net/netfilter/ipset/ip_set_hash_gen.h | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index bcaad9c009fe..3184cc6be4c9 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1154,6 +1154,7 @@ static int ip_set_create(struct sk_buff *skb, const struct nfnl_info *info, return ret; cleanup: + set->variant->cancel_gc(set); set->variant->destroy(set); put_out: module_put(set->type->me); @@ -2378,6 +2379,7 @@ ip_set_net_exit(struct net *net) set = ip_set(inst, i); if (set) { ip_set(inst, i) = NULL; + set->variant->cancel_gc(set); ip_set_destroy_set(set); } } diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h index c62998b46f00..7f362cad8e68 100644 --- a/net/netfilter/ipset/ip_set_hash_gen.h +++ b/net/netfilter/ipset/ip_set_hash_gen.h @@ -431,7 +431,7 @@ mtype_ahash_destroy(struct ip_set *set, struct htable *t, bool ext_destroy) u32 i; for (i = 0; i < jhash_size(t->htable_bits); i++) { - n = __ipset_dereference(hbucket(t, i)); + n = hbucket(t, i); if (!n) continue; if (set->extensions & IPSET_EXT_DESTROY && ext_destroy) @@ -451,7 +451,7 @@ mtype_destroy(struct ip_set *set) struct htype *h = set->data; struct list_head *l, *lt; - mtype_ahash_destroy(set, ipset_dereference_nfnl(h->table), true); + mtype_ahash_destroy(set, h->table, true); list_for_each_safe(l, lt, &h->ad) { list_del(l); kfree(l); -- 2.39.2

1 year, 9 months

3
2
0 0

[PATCH] btrfs: always scan a single device when mounted

by David Sterba

There are reports that since version 6.7 update-grub fails to find the device of the root on systems without initrd and on a single device. This looks like the device name changed in the output of /proc/self/mountinfo: 6.5-rc5 working 18 1 0:16 / / rw,noatime - btrfs /dev/sda8 ... 6.7 not working: 17 1 0:15 / / rw,noatime - btrfs /dev/root ... and "update-grub" shows this error: /usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?) This looks like it's related to the device name, but grub-probe recognizes the "/dev/root" path and tries to find the underlying device. However there's a special case for some filesystems, for btrfs in particular. The generic root device detection heuristic is not done and it all relies on reading the device infos by a btrfs specific ioctl. This ioctl returns the device name as it was saved at the time of device scan (in this case it's /dev/root). The change in 6.7 for temp_fsid to allow several single device filesystem to exist with the same fsid (and transparently generate a new UUID at mount time) was to skip caching/registering such devices. This also skipped mounted device. One step of scanning is to check if the device name hasn't changed, and if yes then update the cached value. This broke the grub-probe as it always read the device /dev/root and couldn't find it in the system. A temporary workaround is to create a symlink but this does not survive reboot. The right fix is to allow updating the device path of a mounted filesystem even if this is a single device one. This does not affect the temp_fsid feature, the UUID of the mounted filesystem remains the same and the matching is based on device major:minor which is unique per mounted filesystem. As the main part of device scanning and list update is done in device_list_add() that handles all corner cases and locking, it is extended to take a parameter that tells it to do everything as before, except adding a new device entry. This covers the path when the device (that exists for all mounted devices) name changes, updating /dev/root to /dev/sdx. Any other single device with filesystem is skipped. Note that if a system is booted and initial mount is done on the /dev/root device, this will be the cached name of the device. Only after the command "btrfs device rescan" it will change as it triggers the rename. The fix was verified by users whose systems were affected. CC: stable(a)vger.kernel.org # 6.7+ Fixes: bc27d6f0aa0e ("btrfs: scan but don't register device on single device filesystem") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=218353 Link: https://lore.kernel.org/lkml/CAKLYgeJ1tUuqLcsquwuFqjDXPSJpEiokrWK2gisPKDZLs… Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/volumes.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index 474ab7ed65ea..f2c2f7ca5c3d 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -738,6 +738,7 @@ static noinline struct btrfs_device *device_list_add(const char *path, bool same_fsid_diff_dev = false; bool has_metadata_uuid = (btrfs_super_incompat_flags(disk_super) & BTRFS_FEATURE_INCOMPAT_METADATA_UUID); + bool can_create_new = *new_device_added; if (btrfs_super_flags(disk_super) & BTRFS_SUPER_FLAG_CHANGING_FSID_V2) { btrfs_err(NULL, @@ -753,6 +754,7 @@ static noinline struct btrfs_device *device_list_add(const char *path, return ERR_PTR(error); } + *new_device_added = false; fs_devices = find_fsid_by_device(disk_super, path_devt, &same_fsid_diff_dev); if (!fs_devices) { @@ -804,6 +806,15 @@ static noinline struct btrfs_device *device_list_add(const char *path, return ERR_PTR(-EBUSY); } + if (!can_create_new) { + pr_info( + "BTRFS: device fsid %pU devid %llu transid %llu %s skip registration scanned by %s (%d)\n", + disk_super->fsid, devid, found_transid, path, + current->comm, task_pid_nr(current)); + mutex_unlock(&fs_devices->device_list_mutex); + return NULL; + } + nofs_flag = memalloc_nofs_save(); device = btrfs_alloc_device(NULL, &devid, disk_super->dev_item.uuid, path); @@ -1355,27 +1366,14 @@ struct btrfs_device *btrfs_scan_one_device(const char *path, blk_mode_t flags, goto error_bdev_put; } - if (!mount_arg_dev && btrfs_super_num_devices(disk_super) == 1 && - !(btrfs_super_flags(disk_super) & BTRFS_SUPER_FLAG_SEEDING)) { - dev_t devt; - - ret = lookup_bdev(path, &devt); - if (ret) - btrfs_warn(NULL, "lookup bdev failed for path %s: %d", - path, ret); - else - btrfs_free_stale_devices(devt, NULL); - - pr_debug("BTRFS: skip registering single non-seed device %s\n", path); - device = NULL; - goto free_disk_super; - } + if (mount_arg_dev || btrfs_super_num_devices(disk_super) != 1 || + (btrfs_super_flags(disk_super) & BTRFS_SUPER_FLAG_SEEDING)) + new_device_added = true; device = device_list_add(path, disk_super, &new_device_added); if (!IS_ERR(device) && new_device_added) btrfs_free_stale_devices(device->devt, device); -free_disk_super: btrfs_release_disk_super(disk_super); error_bdev_put: -- 2.42.1

1 year, 9 months

4
4
0 0

[PATCH 1/4] arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping

by Krzysztof Kozlowski

WCD9385 audio codec TX port mapping was copied form HDK8450, but in fact it is offset by one. Correct it to fix recording via analogue microphones. Cc: <stable(a)vger.kernel.org> Fixes: 83fae950c992 ("arm64: dts: qcom: sm8550-qrd: add WCD9385 audio-codec") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/sm8550-qrd.dts b/arch/arm64/boot/dts/qcom/sm8550-qrd.dts index 6c8e206080d2..76e9ca954093 100644 --- a/arch/arm64/boot/dts/qcom/sm8550-qrd.dts +++ b/arch/arm64/boot/dts/qcom/sm8550-qrd.dts @@ -842,7 +842,7 @@ &swr2 { wcd_tx: codec@0,3 { compatible = "sdw20217010d00"; reg = <0 3>; - qcom,tx-port-mapping = <1 1 2 3>; + qcom,tx-port-mapping = <2 2 3 4>; }; }; -- 2.34.1

1 year, 9 months

4
9
0 0

[git:media_tree/master] media: tc358743: register v4l2 async device only after successful setup

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: tc358743: register v4l2 async device only after successful setup Author: Alexander Stein <alexander.stein(a)ew.tq-group.com> Date: Wed Jan 10 10:01:11 2024 +0100 Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access. Signed-off-by: Alexander Stein <alexander.stein(a)ew.tq-group.com> Reviewed-by: Robert Foss <rfoss(a)kernel.org> Fixes: 4c5211a10039 ("[media] tc358743: register v4l2 asynchronous subdevice") Cc: stable(a)vger.kernel.org Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/i2c/tc358743.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- diff --git a/drivers/media/i2c/tc358743.c b/drivers/media/i2c/tc358743.c index 2785935da497..558152575d10 100644 --- a/drivers/media/i2c/tc358743.c +++ b/drivers/media/i2c/tc358743.c @@ -2091,9 +2091,6 @@ static int tc358743_probe(struct i2c_client *client) state->mbus_fmt_code = MEDIA_BUS_FMT_RGB888_1X24; sd->dev = &client->dev; - err = v4l2_async_register_subdev(sd); - if (err < 0) - goto err_hdl; mutex_init(&state->confctl_mutex); @@ -2151,6 +2148,10 @@ static int tc358743_probe(struct i2c_client *client) if (err) goto err_work_queues; + err = v4l2_async_register_subdev(sd); + if (err < 0) + goto err_work_queues; + v4l2_info(sd, "%s found @ 0x%x (%s)\n", client->name, client->addr << 1, client->adapter->name);

1 year, 9 months

1
0
0 0

[PATCH v2] mm/zswap: invalidate old entry when store fail or !zswap_enabled

by chengming.zhou＠linux.dev

From: Chengming Zhou <zhouchengming(a)bytedance.com> We may encounter duplicate entry in the zswap_store(): 1. swap slot that freed to per-cpu swap cache, doesn't invalidate the zswap entry, then got reused. This has been fixed. 2. !exclusive load mode, swapin folio will leave its zswap entry on the tree, then swapout again. This has been removed. 3. one folio can be dirtied again after zswap_store(), so need to zswap_store() again. This should be handled correctly. So we must invalidate the old duplicate entry before insert the new one, which actually doesn't have to be done at the beginning of zswap_store(). And this is a normal situation, we shouldn't WARN_ON(1) in this case, so delete it. (The WARN_ON(1) seems want to detect swap entry UAF problem? But not very necessary here.) The good point is that we don't need to lock tree twice in the store success path. Note we still need to invalidate the old duplicate entry in the store failure path, otherwise the new data in swapfile could be overwrite by the old data in zswap pool when lru writeback. We have to do this even when !zswap_enabled since zswap can be disabled anytime. If the folio store success before, then got dirtied again but zswap disabled, we won't invalidate the old duplicate entry in the zswap_store(). So later lru writeback may overwrite the new data in swapfile. Fixes: 42c06a0e8ebe ("mm: kill frontswap") Cc: <stable(a)vger.kernel.org> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Signed-off-by: Chengming Zhou <zhouchengming(a)bytedance.com> --- v2: - Change the duplicate entry invalidation loop to if, since we hold the lock, we won't find it once we invalidate it, per Yosry. - Add Fixes tag. --- mm/zswap.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/mm/zswap.c b/mm/zswap.c index cd67f7f6b302..6c1466633274 100644 --- a/mm/zswap.c +++ b/mm/zswap.c @@ -1518,18 +1518,8 @@ bool zswap_store(struct folio *folio) return false; if (!zswap_enabled) - return false; + goto check_old; - /* - * If this is a duplicate, it must be removed before attempting to store - * it, otherwise, if the store fails the old page won't be removed from - * the tree, and it might be written back overriding the new data. - */ - spin_lock(&tree->lock); - entry = zswap_rb_search(&tree->rbroot, offset); - if (entry) - zswap_invalidate_entry(tree, entry); - spin_unlock(&tree->lock); objcg = get_obj_cgroup_from_folio(folio); if (objcg && !obj_cgroup_may_zswap(objcg)) { memcg = get_mem_cgroup_from_objcg(objcg); @@ -1608,14 +1598,12 @@ bool zswap_store(struct folio *folio) /* map */ spin_lock(&tree->lock); /* - * A duplicate entry should have been removed at the beginning of this - * function. Since the swap entry should be pinned, if a duplicate is - * found again here it means that something went wrong in the swap - * cache. + * The folio could be dirtied again, invalidate the possible old entry + * before insert this new entry. */ - while (zswap_rb_insert(&tree->rbroot, entry, &dupentry) == -EEXIST) { - WARN_ON(1); + if (zswap_rb_insert(&tree->rbroot, entry, &dupentry) == -EEXIST) { zswap_invalidate_entry(tree, dupentry); + VM_WARN_ON(zswap_rb_insert(&tree->rbroot, entry, &dupentry)); } if (entry->length) { INIT_LIST_HEAD(&entry->lru); @@ -1638,6 +1626,17 @@ bool zswap_store(struct folio *folio) reject: if (objcg) obj_cgroup_put(objcg); +check_old: + /* + * If zswap store fail or zswap disabled, we must invalidate possible + * old entry which previously stored by this folio. Otherwise, later + * writeback could overwrite the new data in swapfile. + */ + spin_lock(&tree->lock); + entry = zswap_rb_search(&tree->rbroot, offset); + if (entry) + zswap_invalidate_entry(tree, entry); + spin_unlock(&tree->lock); return false; shrink: -- 2.40.1

1 year, 9 months

2
1
0 0

Requesting 3 patches for Apple Magic Keyboard 2021 to be merged to LTS kernels

by Aseda Aboagye

Dear stable kernel maintainers, I am writing to request that 3 related patches be merged to various LTS kernels. I'm not sure if it would have been preferable for me to send 3 separate emails, so please forgive me if I chose wrongly. (This is my first foray into interacting with the kernel community) :) The patches are as follows: 1. 0cd3be51733f (HID: apple: Add support for the 2021 Magic Keyboard, 2021-10-08) 2. 346338ef00d3 (HID: apple: Swap the Fn and Left Control keys on Apple keyboards, 2020-05-15) 3. 531cb56972f2 (HID: apple: Add 2021 magic keyboard FN key mapping, 2021-11-08) These patches have all been merged to mainline, but I believe when they were submitted, backporting may not have been considered. The Apple Magic Keyboard 2021 (Model # A2450) seems to be a popular keyboard, and without these patches, for users on certain LTS kernels that use this keyboard, the function keys do not behave as expected. e.g. Pressing the brightness down or brightness up key didn't work, and bizarrely pressing the globe/Fn key alone caused the brightness to decrease. None of the top row keys worked as expected. I checked to see where the patches were missing and figured that it would be good to have those patches in those kernels. I would ask that patches 1 & 3 be merged to v4.19, v5.4, v5.10, and v5.15. I would ask that patch 2 be merged to: v5.4 and v4.19. For patch 3 to apply cleanly, it needed patch 2 to be present in the tree. Thanks, -- Aseda Aboagye

1 year, 9 months

2
2
0 0

[PATCH] perf/x86: Fix out of range data

by Namhyung Kim

On x86 each cpu_hw_events maintains a table for counter assignment but it missed to update one for the deleted event in x86_pmu_del(). This can make perf_clear_dirty_counters() reset used counter if it's called before event scheduling or enabling. Then it would return out of range data which doesn't make sense. The following code can reproduce the problem. $ cat repro.c #include <pthread.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <linux/perf_event.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <sys/syscall.h> struct perf_event_attr attr = { .type = PERF_TYPE_HARDWARE, .config = PERF_COUNT_HW_CPU_CYCLES, .disabled = 1, }; void *worker(void *arg) { int cpu = (long)arg; int fd1 = syscall(SYS_perf_event_open, &attr, -1, cpu, -1, 0); int fd2 = syscall(SYS_perf_event_open, &attr, -1, cpu, -1, 0); void *p; do { ioctl(fd1, PERF_EVENT_IOC_ENABLE, 0); p = mmap(NULL, 4096, PROT_READ, MAP_SHARED, fd1, 0); ioctl(fd2, PERF_EVENT_IOC_ENABLE, 0); ioctl(fd2, PERF_EVENT_IOC_DISABLE, 0); munmap(p, 4096); ioctl(fd1, PERF_EVENT_IOC_DISABLE, 0); } while (1); return NULL; } int main(void) { int i; int n = sysconf(_SC_NPROCESSORS_ONLN); pthread_t *th = calloc(n, sizeof(*th)); for (i = 0; i < n; i++) pthread_create(&th[i], NULL, worker, (void *)(long)i); for (i = 0; i < n; i++) pthread_join(th[i], NULL); free(th); return 0; } And you can see the out of range data using perf stat like this. Probably it'd be easier to see on a large machine. $ gcc -o repro repro.c -pthread $ ./repro & $ sudo perf stat -A -I 1000 2>&1 | awk '{ if (length($3) > 15) print }' 1.001028462 CPU6 196,719,295,683,763 cycles # 194290.996 GHz (71.54%) 1.001028462 CPU3 396,077,485,787,730 branch-misses # 15804359784.80% of all branches (71.07%) 1.001028462 CPU17 197,608,350,727,877 branch-misses # 14594186554.56% of all branches (71.22%) 2.020064073 CPU4 198,372,472,612,140 cycles # 194681.113 GHz (70.95%) 2.020064073 CPU6 199,419,277,896,696 cycles # 195720.007 GHz (70.57%) 2.020064073 CPU20 198,147,174,025,639 cycles # 194474.654 GHz (71.03%) 2.020064073 CPU20 198,421,240,580,145 stalled-cycles-frontend # 100.14% frontend cycles idle (70.93%) 3.037443155 CPU4 197,382,689,923,416 cycles # 194043.065 GHz (71.30%) 3.037443155 CPU20 196,324,797,879,414 cycles # 193003.773 GHz (71.69%) 3.037443155 CPU5 197,679,956,608,205 stalled-cycles-backend # 1315606428.66% backend cycles idle (71.19%) 3.037443155 CPU5 198,571,860,474,851 instructions # 13215422.58 insn per cycle It should move the contents in the cpuc->assign as well. Fixes: 5471eea5d3bf ("perf/x86: Reset the dirty counter to prevent the leak for an RDPMC task") Cc: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Namhyung Kim <namhyung(a)kernel.org> --- arch/x86/events/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 09050641ce5d..5b0dd07b1ef1 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -1644,6 +1644,7 @@ static void x86_pmu_del(struct perf_event *event, int flags) while (++i < cpuc->n_events) { cpuc->event_list[i-1] = cpuc->event_list[i]; cpuc->event_constraint[i-1] = cpuc->event_constraint[i]; + cpuc->assign[i-1] = cpuc->assign[i]; } cpuc->event_constraint[i-1] = NULL; --cpuc->n_events; -- 2.43.0.472.g3155946c3a-goog

1 year, 9 months

2
3
0 0

[PATCH v3 8/8] m68k: Move signal frame following exception on 68020/030

by Michael Schmitz

From: Finn Thain <fthain(a)linux-m68k.org> commit b845b574f86dcb6a70dfa698aa87a237b0878d2a upstream. On 68030/020, an instruction such as, moveml %a2-%a3/%a5,%sp@- may cause a stack page fault during instruction execution (i.e. not at an instruction boundary) and produce a format 0xB exception frame. In this situation, the value of USP will be unreliable. If a signal is to be delivered following the exception, this USP value is used to calculate the location for a signal frame. This can result in a corrupted user stack. The corruption was detected in dash (actually in glibc) where it showed up as an intermittent "stack smashing detected" message and crash following signal delivery for SIGCHLD. It was hard to reproduce that failure because delivery of the signal raced with the page fault and because the kernel places an unpredictable gap of up to 7 bytes between the USP and the signal frame. A format 0xB exception frame can be produced by a bus error or an address error. The 68030 Users Manual says that address errors occur immediately upon detection during instruction prefetch. The instruction pipeline allows prefetch to overlap with other instructions, which means an address error can arise during the execution of a different instruction. So it seems likely that this patch may help in the address error case also. Reported-and-tested-by: Stan Johnson <userm57(a)yahoo.com> Link: https://lore.kernel.org/all/CAMuHMdW3yD22_ApemzW_6me3adq6A458u1_F0v-1EYwK_6… Cc: Michael Schmitz <schmitzmic(a)gmail.com> Cc: Andreas Schwab <schwab(a)linux-m68k.org> Cc: stable(a)vger.kernel.org Co-developed-by: Michael Schmitz <schmitzmic(a)gmail.com> Signed-off-by: Michael Schmitz <schmitzmic(a)gmail.com> Signed-off-by: Finn Thain <fthain(a)linux-m68k.org> Reviewed-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Link: https://lore.kernel.org/r/9e66262a754fcba50208aa424188896cc52a1dd1.16833658… Signed-off-by: Geert Uytterhoeven <geert(a)linux-m68k.org> --- arch/m68k/kernel/signal.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/m68k/kernel/signal.c b/arch/m68k/kernel/signal.c index 8fb8ee804b3a..de7c1bde62bc 100644 --- a/arch/m68k/kernel/signal.c +++ b/arch/m68k/kernel/signal.c @@ -808,11 +808,17 @@ static inline int rt_setup_ucontext(struct ucontext __user *uc, struct pt_regs * } static inline void __user * -get_sigframe(struct ksignal *ksig, size_t frame_size) +get_sigframe(struct ksignal *ksig, struct pt_regs *tregs, size_t frame_size) { unsigned long usp = sigsp(rdusp(), ksig); + unsigned long gap = 0; - return (void __user *)((usp - frame_size) & -8UL); + if (CPU_IS_020_OR_030 && tregs->format == 0xb) { + /* USP is unreliable so use worst-case value */ + gap = 256; + } + + return (void __user *)((usp - gap - frame_size) & -8UL); } static int setup_frame(struct ksignal *ksig, sigset_t *set, @@ -830,7 +836,7 @@ static int setup_frame(struct ksignal *ksig, sigset_t *set, return -EFAULT; } - frame = get_sigframe(ksig, sizeof(*frame) + fsize); + frame = get_sigframe(ksig, tregs, sizeof(*frame) + fsize); if (fsize) err |= copy_to_user (frame + 1, regs + 1, fsize); @@ -903,7 +909,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set, return -EFAULT; } - frame = get_sigframe(ksig, sizeof(*frame)); + frame = get_sigframe(ksig, tregs, sizeof(*frame)); if (fsize) err |= copy_to_user (&frame->uc.uc_extra, regs + 1, fsize); -- 2.17.1

1 year, 9 months

1
0
0 0

[PATCH v3 1/8] m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()

by Michael Schmitz

commit 3f90f9ef2dda316d64e420d5d51ba369587ccc55 upstream. If 020/030 support is enabled, get_io_area() leaves an IO_SIZE gap between mappings which is added to the vm_struct representing the mapping. __ioremap() uses the actual requested size (after alignment), while __iounmap() is passed the size from the vm_struct. On 020/030, early termination descriptors are used to set up mappings of extent 'size', which are validated on unmapping. The unmapped gap of size IO_SIZE defeats the sanity check of the pmd tables, causing __iounmap() to loop forever on 030. On 040/060, unmapping of page table entries does not check for a valid mapping, so the umapping loop always completes there. Adjust size to be unmapped by the gap that had been added in the vm_struct prior. This fixes the hang in atari_platform_init() reported a long time ago, and a similar one reported by Finn recently (addressed by removing ioremap() use from the SWIM driver. Tested on my Falcon in 030 mode - untested but should work the same on 040/060 (the extra page tables cleared there would never have been set up anyway). Signed-off-by: Michael Schmitz <schmitzmic(a)gmail.com> [geert: Minor commit description improvements] [geert: This was fixed in 2.4.23, but not in 2.5.x] Signed-off-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Cc: stable(a)vger.kernel.org Cc: <cip-dev(a)lists.cip-project.org> # 4.4 --- arch/m68k/mm/kmap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/m68k/mm/kmap.c b/arch/m68k/mm/kmap.c index 6e4955bc542b..fcd52cefee29 100644 --- a/arch/m68k/mm/kmap.c +++ b/arch/m68k/mm/kmap.c @@ -88,7 +88,8 @@ static inline void free_io_area(void *addr) for (p = &iolist ; (tmp = *p) ; p = &tmp->next) { if (tmp->addr == addr) { *p = tmp->next; - __iounmap(tmp->addr, tmp->size); + /* remove gap added in get_io_area() */ + __iounmap(tmp->addr, tmp->size - IO_SIZE); kfree(tmp); return; } -- 2.17.1

1 year, 9 months

1
0
0 0

[PATCH 5.10/5.15/6.1 0/1] net: prevent mss overflow in skb_segment()

by Alexey Panov

Syzkaller reports NULL pointer dereference issue at skb_segment() in 5.10/5.15/6.1 stable releases. The problem has been fixed by the following patch which can be cleanly applied to 5.10/5.15/6.1 branches. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

1 year, 9 months

1
1
0 0

[PATCH] blk-wbt: Fix detection of dirty-throttled tasks

by Jan Kara

The detection of dirty-throttled tasks in blk-wbt has been subtly broken since its beginning in 2016. Namely if we are doing cgroup writeback and the throttled task is not in the root cgroup, balance_dirty_pages() will set dirty_sleep for the non-root bdi_writeback structure. However blk-wbt checks dirty_sleep only in the root cgroup bdi_writeback structure. Thus detection of recently throttled tasks is not working in this case (we noticed this when we switched to cgroup v2 and suddently writeback was slow). Since blk-wbt has no easy way to get to proper bdi_writeback and furthermore its intention has always been to work on the whole device rather than on individual cgroups, just move the dirty_sleep timestamp from bdi_writeback to backing_dev_info. That fixes the checking for recently throttled task and saves memory for everybody as a bonus. CC: stable(a)vger.kernel.org Fixes: b57d74aff9ab ("writeback: track if we're sleeping on progress in balance_dirty_pages()") Signed-off-by: Jan Kara <jack(a)suse.cz> --- block/blk-wbt.c | 4 ++-- include/linux/backing-dev-defs.h | 7 +++++-- mm/backing-dev.c | 2 +- mm/page-writeback.c | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/block/blk-wbt.c b/block/blk-wbt.c index 5ba3cd574eac..0c0e270a8265 100644 --- a/block/blk-wbt.c +++ b/block/blk-wbt.c @@ -163,9 +163,9 @@ static void wb_timestamp(struct rq_wb *rwb, unsigned long *var) */ static bool wb_recent_wait(struct rq_wb *rwb) { - struct bdi_writeback *wb = &rwb->rqos.disk->bdi->wb; + struct backing_dev_info *bdi = rwb->rqos.disk->bdi; - return time_before(jiffies, wb->dirty_sleep + HZ); + return time_before(jiffies, bdi->last_bdp_sleep + HZ); } static inline struct rq_wait *get_rq_wait(struct rq_wb *rwb, diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index ae12696ec492..ad17739a2e72 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -141,8 +141,6 @@ struct bdi_writeback { struct delayed_work dwork; /* work item used for writeback */ struct delayed_work bw_dwork; /* work item used for bandwidth estimate */ - unsigned long dirty_sleep; /* last wait */ - struct list_head bdi_node; /* anchored at bdi->wb_list */ #ifdef CONFIG_CGROUP_WRITEBACK @@ -179,6 +177,11 @@ struct backing_dev_info { * any dirty wbs, which is depended upon by bdi_has_dirty(). */ atomic_long_t tot_write_bandwidth; + /* + * Jiffies when last process was dirty throttled on this bdi. Used by + * blk-wbt. + */ + unsigned long last_bdp_sleep; struct bdi_writeback wb; /* the root writeback info for this bdi */ struct list_head wb_list; /* list of all wbs */ diff --git a/mm/backing-dev.c b/mm/backing-dev.c index 1e3447bccdb1..e039d05304dd 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -436,7 +436,6 @@ static int wb_init(struct bdi_writeback *wb, struct backing_dev_info *bdi, INIT_LIST_HEAD(&wb->work_list); INIT_DELAYED_WORK(&wb->dwork, wb_workfn); INIT_DELAYED_WORK(&wb->bw_dwork, wb_update_bandwidth_workfn); - wb->dirty_sleep = jiffies; err = fprop_local_init_percpu(&wb->completions, gfp); if (err) @@ -921,6 +920,7 @@ int bdi_init(struct backing_dev_info *bdi) INIT_LIST_HEAD(&bdi->bdi_list); INIT_LIST_HEAD(&bdi->wb_list); init_waitqueue_head(&bdi->wb_waitq); + bdi->last_bdp_sleep = jiffies; return cgwb_bdi_init(bdi); } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index cd4e4ae77c40..cc37fa7f3364 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1921,7 +1921,7 @@ static int balance_dirty_pages(struct bdi_writeback *wb, break; } __set_current_state(TASK_KILLABLE); - wb->dirty_sleep = now; + bdi->last_bdp_sleep = jiffies; io_schedule_timeout(pause); current->dirty_paused_when = now + pause; -- 2.35.3

1 year, 9 months

2
2
0 0

[PATCH 5.15.y 0/1] smb: client: fix "df: Resource temporarily unavailable" on 5.15 stable kernel

by kovalev＠altlinux.org

ATTENTION! Before applying this patch a conflict patch in the queue needs to be removed: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tre… Describe bug: After mounting a remote cifs resource, it becomes unavailable: df: /mnt/sambashare: Resource temporarily unavailable It was tested on the following Linux kernel: Linux altlinux 5.15.148 The error appeared starting from kernel 5.15.147 after adding the commit [1] "smb: client: fix OOB in SMB2_query_info_init()", in which the buffer length increases by 1 as a result of changes: . - iov[0].iov_len = total_len - 1 + input_len; + iov[0].iov_len = len; . [1] https://patchwork.kernel.org/project/cifs-client/patch/20231213152557.6634-… Error fixed by backported commit in next patch adapted for the 5.15 kernel: [PATCH 5.15.y 1/1] smb3: Replace smb2pdu 1-element arrays with flex-arrays P.S. I have already backported similar changes for the 5.10.y kernel [2], but I did not know that there was the same error on 5.15, since I only deal with kernels 5.10 and 6.1. Therefore, this patch is to follow the rules of backport to stable branches. [2] https://lore.kernel.org/all/2024012613-woozy-exhume-7b9d@gregkh/T/

1 year, 9 months

1
1
0 0

[PATCH v6 0/4] Regather scattered PCI-Code

by Philipp Stanner

@Stable-Kernel: You receive this patch series because its first patch fixes a leak in PCI. @Bjorn: I decided that it's now actually possible to just embed the docu updates to the respective patches, instead of a separate patch. Also dropped the ioport_unmap() for now. Changes in v6: - Remove the addition of ioport_unmap() from patch #1, since this is not really a bug, as explained by the comment above pci_iounmap. (Bjorn) - Drop the patch unifying the two versions of pci_iounmap(). (Bjorn) - Make patch #4's style congruent with PCI style. - Drop (in any case empty) ioport_unmap() again from pci_iounmap() - Add forgotten updates to Documentation/ when moving files from lib/ to drivers/pci/ Changes in v5: - Add forgotten update to MAINTAINERS file. Changes in v4: - Apply Arnd's Reviewed-by's - Add ifdef CONFIG_HAS_IOPORT_MAP guard in drivers/pci/iomap.c (build error on openrisc) - Fix typo in patch no.5 Changes in v3: - Create a separate patch for the leaks in lib/iomap.c. Make it the series' first patch. (Arnd) - Turns out the aforementioned bug wasn't just accidentally removing iounmap() with the ifdef, it was also missing ioport_unmap() to begin with. Add it. - Move the ARCH_WANTS_GENERIC_IOMEM_IS_IOPORT-mechanism from asm-generic/io.h to asm-generic/ioport.h. (Arnd) - Adjust the implementation of iomem_is_ioport() in asm-generic/io.h so that it matches exactly what pci_iounmap() previously did in lib/pci_iomap.c. (Arnd) - Move the CONFIG_HAS_IOPORT guard in asm-generic/io.h so that iomem_is_ioport() will always be compiled and just returns false if there are no ports. - Add TODOs to several places informing about the generic iomem_is_ioport() in lib/iomap.c not being generic. - Add TODO about the followup work to make drivers/pci/iomap.c's pci_iounmap() actually generic. Changes in v2: - Replace patch 4, previously extending the comment about pci_iounmap() in lib/iomap.c, with a patch that moves pci_iounmap() from that file to drivers/pci/iomap.c, creating a unified version there. (Arnd) - Implement iomem_is_ioport() as a new helper in asm-generic/io.h and lib/iomap.c. (Arnd) - Move the build rule in drivers/pci/Makefile for iomap.o under the guard of #if PCI. This had to be done because when just checking for GENERIC_PCI_IOMAP being defined, the functions don't disappear, which was the case previously in lib/pci_iomap.c, where the entire file was made empty if PCI was not set by the guard #ifdef PCI. (Intel's Bots) - Rephares all patches' commit messages a little bit. Sooooooooo. I reworked v1. Please review this carefully, the IO-Ranges are obviously a bit tricky, as is the build-system / ifdef-ery. Arnd has suggested that architectures defining a custom inb() need their own iomem_is_ioport(), as well. I've grepped for inb() and found the following list of archs that define their own: - alpha - arm - m68k <-- - parisc - powerpc - sh - sparc - x86 <-- All of those have their own definitons of pci_iounmap(). Therefore, they don't need our generic version in the first place and, thus, also need no iomem_is_ioport(). The two exceptions are x86 and m68k. The former uses lib/iomap.c through CONFIG_GENERIC_IOMAP, as Arnd pointed out in the previous discussion (thus, CONFIG_GENERIC_IOMAP is not really generic in this regard). So as I see it, only m68k WOULD need its own custom definition of iomem_is_ioport(). But as I understand it it doesn't because it uses the one from asm-generic/pci_iomap.h ?? I wasn't entirely sure how to deal with the address ranges for the generic implementation in asm-generic/io.h. It's marked with a TODO. Input appreciated. I removed the guard around define pci_iounmap in asm-generic/io.h. An alternative would be to have it be guarded by CONFIG_GENERIC_IOMAP and CONFIG_GENERIC_PCI_IOMAP, both. Without such a guard, there is no collision however, because generic pci_iounmap() from drivers/pci/iomap.c will only get pulled in when CONFIG_GENERIC_PCI_IOMAP is actually set. I cross-built this for a variety of architectures, including the usual suspects (s390, m68k). So far successfully. But let's see what Intel's robots say :O P. Original cover letter: Hi! So it seems that since ca. 2007 the PCI code has been scattered a bit. PCI's devres code, which is only ever used by users of the entire PCI-subsystem anyways, resides in lib/devres.c and is guarded by an ifdef PCI, just as the content of lib/pci_iomap.c is. It, thus, seems reasonable to move all of that. As I were at it, I moved as much of the devres-specific code from pci.c to devres.c, too. The only exceptions are four functions that are currently difficult to move. More information about that can be read here [1]. I noticed these scattered files while working on (new) PCI-specific devres functions. If we can get this here merged, I'll soon send another patch series that addresses some API-inconsistencies and could move the devres-part of the four remaining functions. I don't want to do that in this series as this here is only about moving code, whereas the next series would have to actually change API behavior. I successfully (cross-)built this for x86, x86_64, AARCH64 and ARM (allyesconfig). I booted a kernel with it on x86_64, with a Fedora desktop environment as payload. The OS came up fine I hope this is OK. If we can get it in, we'd soon have a very consistent PCI API again. Regards, P. Philipp Stanner (4): lib/pci_iomap.c: fix cleanup bug in pci_iounmap() lib: move pci_iomap.c to drivers/pci/ lib: move pci-specific devres code to drivers/pci/ PCI: Move devres code from pci.c to devres.c Documentation/driver-api/device-io.rst | 2 +- Documentation/driver-api/pci/pci.rst | 6 + MAINTAINERS | 1 - drivers/pci/Kconfig | 5 + drivers/pci/Makefile | 3 +- drivers/pci/devres.c | 450 +++++++++++++++++++++++++ lib/pci_iomap.c => drivers/pci/iomap.c | 5 +- drivers/pci/pci.c | 249 -------------- drivers/pci/pci.h | 24 ++ lib/Kconfig | 3 - lib/Makefile | 1 - lib/devres.c | 208 +----------- 12 files changed, 490 insertions(+), 467 deletions(-) create mode 100644 drivers/pci/devres.c rename lib/pci_iomap.c => drivers/pci/iomap.c (99%) -- 2.43.0

1 year, 9 months

3
12
0 0

[PATCH] HID: wacom: Do not register input devices until after hid_hw_start

by Gerecke, Jason

From: Jason Gerecke <killertofu(a)gmail.com> If a input device is opened before hid_hw_start is called, events may not be received from the hardware. In the case of USB-backed devices, for example, the hid_hw_start function is responsible for filling in the URB which is submitted when the input device is opened. If a device is opened prematurely, polling will never start because the device will not have been in the correct state to send the URB. Because the wacom driver registers its input devices before calling hid_hw_start, there is a window of time where a device can be opened and end up in an inoperable state. Some ARM-based Chromebooks in particular reliably trigger this bug. This commit splits the wacom_register_inputs function into two pieces. One which is responsible for setting up the allocated inputs (and runs prior to hid_hw_start so that devices are ready for any input events they may end up receiving) and another which only registers the devices (and runs after hid_hw_start to ensure devices can be immediately opened without issue). Note that the functions to initialize the LEDs and remotes are also moved after hid_hw_start to maintain their own dependency chains. Fixes: 7704ac937345 ("HID: wacom: implement generic HID handling for pen generic devices") Cc: stable(a)vger.kernel.org # v3.18+ Suggested-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Jason Gerecke <jason.gerecke(a)wacom.com> --- drivers/hid/wacom_sys.c | 63 ++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 20 deletions(-) diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c index b613f11ed9498..2bc45b24075c3 100644 --- a/drivers/hid/wacom_sys.c +++ b/drivers/hid/wacom_sys.c @@ -2087,7 +2087,7 @@ static int wacom_allocate_inputs(struct wacom *wacom) return 0; } -static int wacom_register_inputs(struct wacom *wacom) +static int wacom_setup_inputs(struct wacom *wacom) { struct input_dev *pen_input_dev, *touch_input_dev, *pad_input_dev; struct wacom_wac *wacom_wac = &(wacom->wacom_wac); @@ -2106,10 +2106,6 @@ static int wacom_register_inputs(struct wacom *wacom) input_free_device(pen_input_dev); wacom_wac->pen_input = NULL; pen_input_dev = NULL; - } else { - error = input_register_device(pen_input_dev); - if (error) - goto fail; } error = wacom_setup_touch_input_capabilities(touch_input_dev, wacom_wac); @@ -2118,10 +2114,6 @@ static int wacom_register_inputs(struct wacom *wacom) input_free_device(touch_input_dev); wacom_wac->touch_input = NULL; touch_input_dev = NULL; - } else { - error = input_register_device(touch_input_dev); - if (error) - goto fail; } error = wacom_setup_pad_input_capabilities(pad_input_dev, wacom_wac); @@ -2130,7 +2122,34 @@ static int wacom_register_inputs(struct wacom *wacom) input_free_device(pad_input_dev); wacom_wac->pad_input = NULL; pad_input_dev = NULL; - } else { + } + + return 0; +} + +static int wacom_register_inputs(struct wacom *wacom) +{ + struct input_dev *pen_input_dev, *touch_input_dev, *pad_input_dev; + struct wacom_wac *wacom_wac = &(wacom->wacom_wac); + int error = 0; + + pen_input_dev = wacom_wac->pen_input; + touch_input_dev = wacom_wac->touch_input; + pad_input_dev = wacom_wac->pad_input; + + if (pen_input_dev) { + error = input_register_device(pen_input_dev); + if (error) + goto fail; + } + + if (touch_input_dev) { + error = input_register_device(touch_input_dev); + if (error) + goto fail; + } + + if (pad_input_dev) { error = input_register_device(pad_input_dev); if (error) goto fail; @@ -2383,6 +2402,20 @@ static int wacom_parse_and_register(struct wacom *wacom, bool wireless) if (error) goto fail; + error = wacom_setup_inputs(wacom); + if (error) + goto fail; + + if (features->type == HID_GENERIC) + connect_mask |= HID_CONNECT_DRIVER; + + /* Regular HID work starts now */ + error = hid_hw_start(hdev, connect_mask); + if (error) { + hid_err(hdev, "hw start failed\n"); + goto fail; + } + error = wacom_register_inputs(wacom); if (error) goto fail; @@ -2397,16 +2430,6 @@ static int wacom_parse_and_register(struct wacom *wacom, bool wireless) goto fail; } - if (features->type == HID_GENERIC) - connect_mask |= HID_CONNECT_DRIVER; - - /* Regular HID work starts now */ - error = hid_hw_start(hdev, connect_mask); - if (error) { - hid_err(hdev, "hw start failed\n"); - goto fail; - } - if (!wireless) { /* Note that if query fails it is not a hard failure */ wacom_query_tablet_data(wacom); -- 2.43.0

1 year, 9 months

3
2
0 0

[PATCH] drm/amd/display: Increase frame-larger-than for all display_mode_vba files

by Nathan Chancellor

After a recent change in LLVM, allmodconfig (which has CONFIG_KCSAN=y and CONFIG_WERROR=y enabled) has a few new instances of -Wframe-larger-than for the mode support and system configuration functions: drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn20/display_mode_vba_20v2.c:3393:6: error: stack frame size (2144) exceeds limit (2048) in 'dml20v2_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] 3393 | void dml20v2_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib) | ^ 1 error generated. drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn21/display_mode_vba_21.c:3520:6: error: stack frame size (2192) exceeds limit (2048) in 'dml21_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] 3520 | void dml21_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib) | ^ 1 error generated. drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn20/display_mode_vba_20.c:3286:6: error: stack frame size (2128) exceeds limit (2048) in 'dml20_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] 3286 | void dml20_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib) | ^ 1 error generated. Without the sanitizers enabled, there are no warnings. This was the catalyst for commit 6740ec97bcdb ("drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml2") and that same change was made to dml in commit 5b750b22530f ("drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml") but the frame_warn_flag variable was not applied to all files. Do so now to clear up the warnings and make all these files consistent. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issue/1990 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml/Makefile b/drivers/gpu/drm/amd/display/dc/dml/Makefile index 6042a5a6a44f..59ade76ffb18 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/Makefile +++ b/drivers/gpu/drm/amd/display/dc/dml/Makefile @@ -72,11 +72,11 @@ CFLAGS_$(AMDDALPATH)/dc/dml/display_mode_lib.o := $(dml_ccflags) CFLAGS_$(AMDDALPATH)/dc/dml/display_mode_vba.o := $(dml_ccflags) CFLAGS_$(AMDDALPATH)/dc/dml/dcn10/dcn10_fpu.o := $(dml_ccflags) CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/dcn20_fpu.o := $(dml_ccflags) -CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_mode_vba_20.o := $(dml_ccflags) +CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_mode_vba_20.o := $(dml_ccflags) $(frame_warn_flag) CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_rq_dlg_calc_20.o := $(dml_ccflags) -CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_mode_vba_20v2.o := $(dml_ccflags) +CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_mode_vba_20v2.o := $(dml_ccflags) $(frame_warn_flag) CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_rq_dlg_calc_20v2.o := $(dml_ccflags) -CFLAGS_$(AMDDALPATH)/dc/dml/dcn21/display_mode_vba_21.o := $(dml_ccflags) +CFLAGS_$(AMDDALPATH)/dc/dml/dcn21/display_mode_vba_21.o := $(dml_ccflags) $(frame_warn_flag) CFLAGS_$(AMDDALPATH)/dc/dml/dcn21/display_rq_dlg_calc_21.o := $(dml_ccflags) CFLAGS_$(AMDDALPATH)/dc/dml/dcn30/display_mode_vba_30.o := $(dml_ccflags) $(frame_warn_flag) CFLAGS_$(AMDDALPATH)/dc/dml/dcn30/display_rq_dlg_calc_30.o := $(dml_ccflags) --- base-commit: 6813cdca4ab94a238f8eb0cef3d3f3fcbdfb0ee0 change-id: 20240205-amdgpu-raise-flt-for-dml-vba-files-ee5b5a9c5e43 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 9 months

2
1
0 0

[PATCH] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8

by Mario Limonciello

The laptop requires a quirk ID to enable its internal microphone. Add it to the DMI quirk table. Reported-by: Stanislav Petrov <stanislav.i.petrov(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=216925 Cc: stable(a)vger.kernel.org Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- sound/soc/amd/yc/acp6x-mach.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sound/soc/amd/yc/acp6x-mach.c b/sound/soc/amd/yc/acp6x-mach.c index 23d44a50d815..80ad60d485ea 100644 --- a/sound/soc/amd/yc/acp6x-mach.c +++ b/sound/soc/amd/yc/acp6x-mach.c @@ -248,6 +248,13 @@ static const struct dmi_system_id yc_acp_quirk_table[] = { DMI_MATCH(DMI_PRODUCT_NAME, "82YM"), } }, + { + .driver_data = &acp6x_card, + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "83AS"), + } + }, { .driver_data = &acp6x_card, .matches = { -- 2.34.1

1 year, 9 months

2
1
0 0

Re: [PATCH V3] lockdep: fix deadlock issue between lockdep and rcu

by Carlos Llamas

On Fri, Feb 02, 2024 at 04:14:36PM +0800, Zhiguo Niu wrote: > There is a deadlock scenario between lockdep and rcu when > rcu nocb feature is enabled, just as following call stack: > > rcuop/x > -000|queued_spin_lock_slowpath(lock = 0xFFFFFF817F2A8A80, val = ?) > -001|queued_spin_lock(inline) // try to hold nocb_gp_lock > -001|do_raw_spin_lock(lock = 0xFFFFFF817F2A8A80) > -002|__raw_spin_lock_irqsave(inline) > -002|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F2A8A80) > -003|wake_nocb_gp_defer(inline) > -003|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F30B680) > -004|__call_rcu_common(inline) > -004|call_rcu(head = 0xFFFFFFC082EECC28, func = ?) > -005|call_rcu_zapped(inline) > -005|free_zapped_rcu(ch = ?)// hold graph lock > -006|rcu_do_batch(rdp = 0xFFFFFF817F245680) > -007|nocb_cb_wait(inline) > -007|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F245680) > -008|kthread(_create = 0xFFFFFF80803122C0) > -009|ret_from_fork(asm) > > rcuop/y > -000|queued_spin_lock_slowpath(lock = 0xFFFFFFC08291BBC8, val = 0) > -001|queued_spin_lock() > -001|lockdep_lock() > -001|graph_lock() // try to hold graph lock > -002|lookup_chain_cache_add() > -002|validate_chain() > -003|lock_acquire > -004|_raw_spin_lock_irqsave(lock = 0xFFFFFF817F211D80) > -005|lock_timer_base(inline) > -006|mod_timer(inline) > -006|wake_nocb_gp_defer(inline)// hold nocb_gp_lock > -006|__call_rcu_nocb_wake(rdp = 0xFFFFFF817F2A8680) > -007|__call_rcu_common(inline) > -007|call_rcu(head = 0xFFFFFFC0822E0B58, func = ?) > -008|call_rcu_hurry(inline) > -008|rcu_sync_call(inline) > -008|rcu_sync_func(rhp = 0xFFFFFFC0822E0B58) > -009|rcu_do_batch(rdp = 0xFFFFFF817F266680) > -010|nocb_cb_wait(inline) > -010|rcu_nocb_cb_kthread(arg = 0xFFFFFF817F266680) > -011|kthread(_create = 0xFFFFFF8080363740) > -012|ret_from_fork(asm) > > rcuop/x and rcuop/y are rcu nocb threads with the same nocb gp thread. > This patch release the graph lock before lockdep call_rcu. > > Fixes: a0b0fd53e1e6 ("locking/lockdep: Free lock classes that are no longer in use") > Cc: <stable(a)vger.kernel.org> > Cc: Boqun Feng <boqun.feng(a)gmail.com> > Cc: Waiman Long <longman(a)redhat.com> > Cc: Carlos Llamas <cmllamas(a)google.com> > Cc: Bart Van Assche <bvanassche(a)acm.org> > Signed-off-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> > Signed-off-by: Xuewen Yan <xuewen.yan(a)unisoc.com> > --- > changes of v3: correct code comments and add Cc tag. > changes of v2: update patch according to Boqun's suggestions. > --- It seems v3 should have collected the review tags from Boqun and Waiman. Also, I'm actually Cc'ing stable here. I hope that is enough. FWIW, this looks fine to me. Reviewed-by: Carlos Llamas <cmllamas(a)google.com> Thanks

1 year, 9 months

3
3
0 0

[PATCH] usb: cdnsp: blocked some cdns3 specific code

by Pawel Laszczak

host.c file has some parts of code that were introduced for CDNS3 driver and should not be used with CDNSP driver. This patch blocks using these parts of codes by CDNSP driver. These elements include: - xhci_plat_cdns3_xhci object - cdns3 specific XECP_PORT_CAP_REG register - cdns3 specific XECP_AUX_CTRL_REG1 register cc: <stable(a)vger.kernel.org> Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/host.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/usb/cdns3/host.c b/drivers/usb/cdns3/host.c index 6164fc4c96a4..ceca4d839dfd 100644 --- a/drivers/usb/cdns3/host.c +++ b/drivers/usb/cdns3/host.c @@ -18,6 +18,11 @@ #include "../host/xhci.h" #include "../host/xhci-plat.h" +/* + * The XECP_PORT_CAP_REG and XECP_AUX_CTRL_REG1 exist only + * in Cadence USB3 dual-role controller, so it can't be used + * with Cadence CDNSP dual-role controller. + */ #define XECP_PORT_CAP_REG 0x8000 #define XECP_AUX_CTRL_REG1 0x8120 @@ -57,6 +62,8 @@ static const struct xhci_plat_priv xhci_plat_cdns3_xhci = { .resume_quirk = xhci_cdns3_resume_quirk, }; +static const struct xhci_plat_priv xhci_plat_cdnsp_xhci; + static int __cdns_host_init(struct cdns *cdns) { struct platform_device *xhci; @@ -81,8 +88,13 @@ static int __cdns_host_init(struct cdns *cdns) goto err1; } - cdns->xhci_plat_data = kmemdup(&xhci_plat_cdns3_xhci, - sizeof(struct xhci_plat_priv), GFP_KERNEL); + if (cdns->version < CDNSP_CONTROLLER_V2) + cdns->xhci_plat_data = kmemdup(&xhci_plat_cdns3_xhci, + sizeof(struct xhci_plat_priv), GFP_KERNEL); + else + cdns->xhci_plat_data = kmemdup(&xhci_plat_cdnsp_xhci, + sizeof(struct xhci_plat_priv), GFP_KERNEL); + if (!cdns->xhci_plat_data) { ret = -ENOMEM; goto err1; -- 2.37.2

1 year, 9 months

1
0
0 0

[tip: timers/urgent] hrtimer: Report offline hrtimer enqueue

by tip-bot2 for Frederic Weisbecker

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: dad6a09f3148257ac1773cd90934d721d68ab595 Gitweb: https://git.kernel.org/tip/dad6a09f3148257ac1773cd90934d721d68ab595 Author: Frederic Weisbecker <frederic(a)kernel.org> AuthorDate: Mon, 29 Jan 2024 15:56:36 -08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 06 Feb 2024 10:56:35 +01:00 hrtimer: Report offline hrtimer enqueue The hrtimers migration on CPU-down hotplug process has been moved earlier, before the CPU actually goes to die. This leaves a small window of opportunity to queue an hrtimer in a blind spot, leaving it ignored. For example a practical case has been reported with RCU waking up a SCHED_FIFO task right before the CPUHP_AP_IDLE_DEAD stage, queuing that way a sched/rt timer to the local offline CPU. Make sure such situations never go unnoticed and warn when that happens. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240129235646.3171983-4-boqun.feng@gmail.com --- include/linux/hrtimer.h | 4 +++- kernel/time/hrtimer.c | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h index 87e3bed..641c456 100644 --- a/include/linux/hrtimer.h +++ b/include/linux/hrtimer.h @@ -157,6 +157,7 @@ enum hrtimer_base_type { * @max_hang_time: Maximum time spent in hrtimer_interrupt * @softirq_expiry_lock: Lock which is taken while softirq based hrtimer are * expired + * @online: CPU is online from an hrtimers point of view * @timer_waiters: A hrtimer_cancel() invocation waits for the timer * callback to finish. * @expires_next: absolute time of the next event, is required for remote @@ -179,7 +180,8 @@ struct hrtimer_cpu_base { unsigned int hres_active : 1, in_hrtirq : 1, hang_detected : 1, - softirq_activated : 1; + softirq_activated : 1, + online : 1; #ifdef CONFIG_HIGH_RES_TIMERS unsigned int nr_events; unsigned short nr_retries; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 7607939..edb0f82 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -1085,6 +1085,7 @@ static int enqueue_hrtimer(struct hrtimer *timer, enum hrtimer_mode mode) { debug_activate(timer, mode); + WARN_ON_ONCE(!base->cpu_base->online); base->cpu_base->active_bases |= 1 << base->index; @@ -2183,6 +2184,7 @@ int hrtimers_prepare_cpu(unsigned int cpu) cpu_base->softirq_next_timer = NULL; cpu_base->expires_next = KTIME_MAX; cpu_base->softirq_expires_next = KTIME_MAX; + cpu_base->online = 1; hrtimer_cpu_base_init_expiry_lock(cpu_base); return 0; } @@ -2250,6 +2252,7 @@ int hrtimers_cpu_dying(unsigned int dying_cpu) smp_call_function_single(ncpu, retrigger_next_event, NULL, 0); raw_spin_unlock(&new_base->lock); + old_base->online = 0; raw_spin_unlock(&old_base->lock); return 0;

1 year, 9 months

1
0
0 0

[PATCH net] s390/qeth: Fix potential loss of L3-IP@ in case of network issues

by Alexandra Winter

Symptom: In case of a bad cable connection (e.g. dirty optics) a fast sequence of network DOWN-UP-DOWN-UP could happen. UP triggers recovery of the qeth interface. In case of a second DOWN while recovery is still ongoing, it can happen that the IP@ of a Layer3 qeth interface is lost and will not be recovered by the second UP. Problem: When registration of IP addresses with Layer 3 qeth devices fails, (e.g. because of bad address format) the respective IP address is deleted from its hash-table in the driver. If registration fails because of a ENETDOWN condition, the address should stay in the hashtable, so a subsequent recovery can restore it. 3caa4af834df ("qeth: keep ip-address after LAN_OFFLINE failure") fixes this for registration failures during normal operation, but not during recovery. Solution: Keep L3-IP address in case of ENETDOWN in qeth_l3_recover_ip(). For consistency with qeth_l3_add_ip() we also keep it in case of EADDRINUSE, i.e. for some reason the card already/still has this address registered. Fixes: 4a71df50047f ("qeth: new qeth device driver") Cc: stable(a)vger.kernel.org Signed-off-by: Alexandra Winter <wintera(a)linux.ibm.com> --- drivers/s390/net/qeth_l3_main.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c index b92a32b4b114..04c64ce0a1ca 100644 --- a/drivers/s390/net/qeth_l3_main.c +++ b/drivers/s390/net/qeth_l3_main.c @@ -255,9 +255,10 @@ static void qeth_l3_clear_ip_htable(struct qeth_card *card, int recover) if (!recover) { hash_del(&addr->hnode); kfree(addr); - continue; + } else { + /* prepare for recovery */ + addr->disp_flag = QETH_DISP_ADDR_ADD; } - addr->disp_flag = QETH_DISP_ADDR_ADD; } mutex_unlock(&card->ip_lock); @@ -278,9 +279,11 @@ static void qeth_l3_recover_ip(struct qeth_card *card) if (addr->disp_flag == QETH_DISP_ADDR_ADD) { rc = qeth_l3_register_addr_entry(card, addr); - if (!rc) { + if (!rc || rc == -EADDRINUSE || rc == -ENETDOWN) { + /* keep it in the records */ addr->disp_flag = QETH_DISP_ADDR_DO_NOTHING; } else { + /* bad address */ hash_del(&addr->hnode); kfree(addr); } -- 2.40.1

1 year, 9 months

1
0
0 0

[PATCH V3 2/2] net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio

by Sinthu Raja

From: Sinthu Raja <sinthu.raja(a)ti.com> The below commit introduced a WARN when phy state is not in the states: PHY_HALTED, PHY_READY and PHY_UP. commit 744d23c71af3 ("net: phy: Warn about incorrect mdio_bus_phy_resume() state") When cpsw resumes, there have port in PHY_NOLINK state, so the below warning comes out. Set mac_managed_pm be true to tell mdio that the phy resume/suspend is managed by the mac, to fix the following warning: WARNING: CPU: 0 PID: 965 at drivers/net/phy/phy_device.c:326 mdio_bus_phy_resume+0x140/0x144 CPU: 0 PID: 965 Comm: sh Tainted: G O 6.1.46-g247b2535b2 #1 Hardware name: Generic AM33XX (Flattened Device Tree) unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x24/0x2c dump_stack_lvl from __warn+0x84/0x15c __warn from warn_slowpath_fmt+0x1a8/0x1c8 warn_slowpath_fmt from mdio_bus_phy_resume+0x140/0x144 mdio_bus_phy_resume from dpm_run_callback+0x3c/0x140 dpm_run_callback from device_resume+0xb8/0x2b8 device_resume from dpm_resume+0x144/0x314 dpm_resume from dpm_resume_end+0x14/0x20 dpm_resume_end from suspend_devices_and_enter+0xd0/0x924 suspend_devices_and_enter from pm_suspend+0x2e0/0x33c pm_suspend from state_store+0x74/0xd0 state_store from kernfs_fop_write_iter+0x104/0x1ec kernfs_fop_write_iter from vfs_write+0x1b8/0x358 vfs_write from ksys_write+0x78/0xf8 ksys_write from ret_fast_syscall+0x0/0x54 Exception stack(0xe094dfa8 to 0xe094dff0) dfa0: 00000004 005c3fb8 00000001 005c3fb8 00000004 00000001 dfc0: 00000004 005c3fb8 b6f6bba0 00000004 00000004 0059edb8 00000000 00000000 dfe0: 00000004 bed918f0 b6f09bd3 b6e89a66 Cc: <stable(a)vger.kernel.org> # v6.0+ Fixes: 744d23c71af3 ("net: phy: Warn about incorrect mdio_bus_phy_resume() state") Signed-off-by: Sinthu Raja <sinthu.raja(a)ti.com> --- drivers/net/ethernet/ti/cpsw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/ti/cpsw.c b/drivers/net/ethernet/ti/cpsw.c index ea85c6dd5484..c0a5abd8d9a8 100644 --- a/drivers/net/ethernet/ti/cpsw.c +++ b/drivers/net/ethernet/ti/cpsw.c @@ -631,6 +631,8 @@ static void cpsw_slave_open(struct cpsw_slave *slave, struct cpsw_priv *priv) } } + phy->mac_managed_pm = true; + slave->phy = phy; phy_attached_info(slave->phy); -- 2.36.1

1 year, 9 months

1
0
0 0

+ fat-fix-uninitialized-field-in-nostale-filehandles.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: fat: Fix uninitialized field in nostale filehandles has been added to the -mm mm-nonmm-unstable branch. Its filename is fat-fix-uninitialized-field-in-nostale-filehandles.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jan Kara <jack(a)suse.cz> Subject: fat: Fix uninitialized field in nostale filehandles Date: Mon, 5 Feb 2024 13:26:26 +0100 When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length. Link: https://lkml.kernel.org/r/20240205122626.13701-1-jack@suse.cz Reported-by: syzbot+3ce5dea5b1539ff36769(a)syzkaller.appspotmail.com Fixes: ea3983ace6b7 ("fat: restructure export_operations") Signed-off-by: Jan Kara <jack(a)suse.cz> Acked-by: OGAWA Hirofumi <hirofumi(a)mail.parknet.co.jp> Cc: Amir Goldstein <amir73il(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/fat/nfs.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/fs/fat/nfs.c~fat-fix-uninitialized-field-in-nostale-filehandles +++ a/fs/fat/nfs.c @@ -130,6 +130,12 @@ fat_encode_fh_nostale(struct inode *inod fid->parent_i_gen = parent->i_generation; type = FILEID_FAT_WITH_PARENT; *lenp = FAT_FID_SIZE_WITH_PARENT; + } else { + /* + * We need to initialize this field because the fh is actually + * 12 bytes long + */ + fid->parent_i_pos_hi = 0; } return type; _ Patches currently in -mm which might be from jack(a)suse.cz are fat-fix-uninitialized-field-in-nostale-filehandles.patch

1 year, 9 months

1
0
0 0

+ selftests-mm-uffd-unit-test-check-if-huge-page-size-is-0.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: uffd-unit-test check if huge page size is 0 has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-uffd-unit-test-check-if-huge-page-size-is-0.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Terry Tritton <terry.tritton(a)linaro.org> Subject: selftests/mm: uffd-unit-test check if huge page size is 0 Date: Mon, 5 Feb 2024 14:50:56 +0000 If HUGETLBFS is not enabled then the default_huge_page_size function will return 0 and cause a divide by 0 error. Add a check to see if the huge page size is 0 and skip the hugetlb tests if it is. Link: https://lkml.kernel.org/r/20240205145055.3545806-2-terry.tritton@linaro.org Fixes: 16a45b57cbf2 ("selftests/mm: add framework for uffd-unit-test") Signed-off-by: Terry Tritton <terry.tritton(a)linaro.org> Cc: Peter Griffin <peter.griffin(a)linaro.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-unit-tests.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-uffd-unit-test-check-if-huge-page-size-is-0 +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -1517,6 +1517,12 @@ int main(int argc, char *argv[]) continue; uffd_test_start("%s on %s", test->name, mem_type->name); + if ((mem_type->mem_flag == MEM_HUGETLB || + mem_type->mem_flag == MEM_HUGETLB_PRIVATE) && + (default_huge_page_size() == 0)) { + uffd_test_skip("huge page size is 0, feature missing?"); + continue; + } if (!uffd_feature_supported(test)) { uffd_test_skip("feature missing"); continue; _ Patches currently in -mm which might be from terry.tritton(a)linaro.org are selftests-mm-uffd-unit-test-check-if-huge-page-size-is-0.patch

1 year, 9 months

1
0
0 0

+ mm-damon-core-check-apply-interval-in-damon_do_apply_schemes.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/core: check apply interval in damon_do_apply_schemes() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-core-check-apply-interval-in-damon_do_apply_schemes.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: check apply interval in damon_do_apply_schemes() Date: Mon, 5 Feb 2024 12:13:06 -0800 kdamond_apply_schemes() checks apply intervals of schemes and avoid further applying any schemes if no scheme passed its apply interval. However, the following schemes applying function, damon_do_apply_schemes() iterates all schemes without the apply interval check. As a result, the shortest apply interval is applied to all schemes. Fix the problem by checking the apply interval in damon_do_apply_schemes(). Link: https://lkml.kernel.org/r/20240205201306.88562-1-sj@kernel.org Fixes: 42f994b71404 ("mm/damon/core: implement scheme-specific apply interval") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.7.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) --- a/mm/damon/core.c~mm-damon-core-check-apply-interval-in-damon_do_apply_schemes +++ a/mm/damon/core.c @@ -1026,6 +1026,9 @@ static void damon_do_apply_schemes(struc damon_for_each_scheme(s, c) { struct damos_quota *quota = &s->quota; + if (c->passed_sample_intervals != s->next_apply_sis) + continue; + if (!s->wmarks.activated) continue; @@ -1176,10 +1179,6 @@ static void kdamond_apply_schemes(struct if (c->passed_sample_intervals != s->next_apply_sis) continue; - s->next_apply_sis += - (s->apply_interval_us ? s->apply_interval_us : - c->attrs.aggr_interval) / sample_interval; - if (!s->wmarks.activated) continue; @@ -1195,6 +1194,14 @@ static void kdamond_apply_schemes(struct damon_for_each_region_safe(r, next_r, t) damon_do_apply_schemes(c, t, r); } + + damon_for_each_scheme(s, c) { + if (c->passed_sample_intervals != s->next_apply_sis) + continue; + s->next_apply_sis += + (s->apply_interval_us ? s->apply_interval_us : + c->attrs.aggr_interval) / sample_interval; + } } /* _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-sysfs-schemes-fix-wrong-damos-tried-regions-update-timeout-setup.patch mm-damon-core-check-apply-interval-in-damon_do_apply_schemes.patch docs-admin-guide-mm-damon-usage-use-sysfs-interface-for-tracepoints-example.patch mm-damon-rename-config_damon_dbgfs-to-damon_dbgfs_deprecated.patch mm-damon-dbgfs-implement-deprecation-notice-file.patch mm-damon-dbgfs-make-debugfs-interface-deprecation-message-a-macro.patch docs-admin-guide-mm-damon-usage-document-deprecated-file-of-damon-debugfs-interface.patch selftets-damon-prepare-for-monitor_on-file-renaming.patch mm-damon-dbgfs-rename-monitor_on-file-to-monitor_on_deprecated.patch docs-admin-guide-mm-damon-usage-update-for-monitor_on-renaming.patch docs-translations-damon-usage-update-for-monitor_on-renaming.patch

1 year, 9 months

1
0
0 0

Linux 6.7.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.7.4 kernel. All users of the 6.7 kernel series must upgrade. The updated 6.7.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.7.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-class-net-queues | 22 Documentation/sound/soc/dapm.rst | 2 Makefile | 2 arch/alpha/kernel/asm-offsets.c | 2 arch/arm/boot/dts/intel/ixp/intel-ixp42x-usrobotics-usr8200.dts | 22 arch/arm/boot/dts/marvell/armada-370-rd.dts | 24 arch/arm/boot/dts/marvell/armada-381-netgear-gs110emx.dts | 44 - arch/arm/boot/dts/marvell/armada-385-clearfog-gtr-l8.dts | 38 - arch/arm/boot/dts/marvell/armada-385-clearfog-gtr-s4.dts | 22 arch/arm/boot/dts/marvell/armada-385-linksys.dtsi | 18 arch/arm/boot/dts/marvell/armada-385-turris-omnia.dts | 20 arch/arm/boot/dts/marvell/armada-388-clearfog.dts | 20 arch/arm/boot/dts/marvell/armada-xp-linksys-mamba.dts | 18 arch/arm/boot/dts/nxp/imx/imx1-ads.dts | 2 arch/arm/boot/dts/nxp/imx/imx1-apf9328.dts | 2 arch/arm/boot/dts/nxp/imx/imx1.dtsi | 5 arch/arm/boot/dts/nxp/imx/imx25-eukrea-cpuimx25.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 arch/arm/boot/dts/nxp/imx/imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 arch/arm/boot/dts/nxp/imx/imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 arch/arm/boot/dts/nxp/imx/imx25-pdk.dts | 2 arch/arm/boot/dts/nxp/imx/imx25.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx27-apf27dev.dts | 4 arch/arm/boot/dts/nxp/imx/imx27-eukrea-cpuimx27.dtsi | 4 arch/arm/boot/dts/nxp/imx/imx27-eukrea-mbimxsd27-baseboard.dts | 2 arch/arm/boot/dts/nxp/imx/imx27-phytec-phycard-s-rdk.dts | 2 arch/arm/boot/dts/nxp/imx/imx27-phytec-phycore-rdk.dts | 2 arch/arm/boot/dts/nxp/imx/imx27-phytec-phycore-som.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx27.dtsi | 3 arch/arm/boot/dts/nxp/imx/imx7d.dtsi | 3 arch/arm/boot/dts/nxp/imx/imx7s.dtsi | 10 arch/arm/boot/dts/nxp/mxs/imx23-sansa.dts | 12 arch/arm/boot/dts/nxp/mxs/imx23.dtsi | 2 arch/arm/boot/dts/nxp/mxs/imx28.dtsi | 2 arch/arm/boot/dts/qcom/pm8226.dtsi | 180 +++++++ arch/arm/boot/dts/qcom/pm8841.dtsi | 68 ++ arch/arm/boot/dts/qcom/pm8941.dtsi | 254 ++++++++++ arch/arm/boot/dts/qcom/pma8084.dtsi | 99 +++ arch/arm/boot/dts/qcom/pmx55.dtsi | 85 +++ arch/arm/boot/dts/qcom/pmx65.dtsi | 33 + arch/arm/boot/dts/qcom/qcom-apq8026-asus-sparrow.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8026-huawei-sturgeon.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8026-lg-lenok.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8026-samsung-matisse-wifi.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8060-dragonboard.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8074-dragonboard.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8084-ifc6540.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8084-mtp.dts | 2 arch/arm/boot/dts/qcom/qcom-mdm9615-wp8548.dtsi | 2 arch/arm/boot/dts/qcom/qcom-mdm9615.dtsi | 14 arch/arm/boot/dts/qcom/qcom-msm8660.dtsi | 16 arch/arm/boot/dts/qcom/qcom-msm8974-lge-nexus5-hammerhead.dts | 4 arch/arm/boot/dts/qcom/qcom-msm8974-sony-xperia-rhine.dtsi | 4 arch/arm/boot/dts/qcom/qcom-msm8974pro-fairphone-fp2.dts | 4 arch/arm/boot/dts/qcom/qcom-msm8974pro-oneplus-bacon.dts | 4 arch/arm/boot/dts/qcom/qcom-msm8974pro-samsung-klte.dts | 2 arch/arm/boot/dts/qcom/qcom-msm8974pro-sony-xperia-shinano-castor.dts | 4 arch/arm/boot/dts/qcom/qcom-pm8226.dtsi | 180 ------- arch/arm/boot/dts/qcom/qcom-pm8841.dtsi | 68 -- arch/arm/boot/dts/qcom/qcom-pm8941.dtsi | 254 ---------- arch/arm/boot/dts/qcom/qcom-pma8084.dtsi | 99 --- arch/arm/boot/dts/qcom/qcom-pmx55.dtsi | 85 --- arch/arm/boot/dts/qcom/qcom-pmx65.dtsi | 33 - arch/arm/boot/dts/qcom/qcom-sdx55-mtp.dts | 2 arch/arm/boot/dts/qcom/qcom-sdx55-t55.dts | 2 arch/arm/boot/dts/qcom/qcom-sdx55-telit-fn980-tlb.dts | 2 arch/arm/boot/dts/qcom/qcom-sdx65-mtp.dts | 2 arch/arm/boot/dts/rockchip/rk3036.dtsi | 14 arch/arm/boot/dts/samsung/exynos4.dtsi | 26 - arch/arm/boot/dts/samsung/exynos4x12.dtsi | 17 arch/arm/boot/dts/samsung/s5pv210.dtsi | 18 arch/arm/include/asm/irq_work.h | 2 arch/arm64/boot/dts/amlogic/meson-s4-s805x2-aq222.dts | 4 arch/arm64/boot/dts/amlogic/meson-s4.dtsi | 4 arch/arm64/boot/dts/marvell/armada-3720-espressobin-ultra.dts | 14 arch/arm64/boot/dts/marvell/armada-3720-espressobin.dtsi | 20 arch/arm64/boot/dts/marvell/armada-3720-gl-mv1000.dts | 20 arch/arm64/boot/dts/marvell/armada-3720-turris-mox.dts | 85 +-- arch/arm64/boot/dts/marvell/armada-7040-mochabin.dts | 24 arch/arm64/boot/dts/marvell/armada-8040-clearfog-gt-8k.dts | 22 arch/arm64/boot/dts/marvell/cn9130-crb.dtsi | 42 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 - arch/arm64/boot/dts/qcom/sdm845.dtsi | 5 arch/arm64/boot/dts/qcom/sm8150.dtsi | 5 arch/arm64/boot/dts/qcom/sm8250.dtsi | 24 arch/arm64/boot/dts/qcom/sm8350.dtsi | 8 arch/arm64/boot/dts/qcom/sm8450.dtsi | 8 arch/arm64/boot/dts/qcom/sm8550.dtsi | 8 arch/arm64/boot/dts/sprd/ums512.dtsi | 3 arch/arm64/boot/dts/xilinx/zynqmp-sck-kv-g-revA.dtso | 40 - arch/arm64/boot/dts/xilinx/zynqmp-sck-kv-g-revB.dtso | 42 - arch/arm64/include/asm/irq_work.h | 2 arch/arm64/kernel/irq.c | 7 arch/csky/include/asm/irq_work.h | 2 arch/loongarch/kernel/asm-offsets.c | 26 - arch/powerpc/crypto/aes-gcm-p10-glue.c | 2 arch/powerpc/include/asm/irq_work.h | 1 arch/powerpc/include/asm/mmu.h | 4 arch/powerpc/include/asm/mmzone.h | 8 arch/powerpc/kernel/traps.c | 2 arch/powerpc/lib/sstep.c | 10 arch/powerpc/mm/book3s64/pgtable.c | 2 arch/powerpc/mm/init-common.c | 5 arch/powerpc/mm/mmu_decl.h | 5 arch/riscv/include/asm/irq_work.h | 2 arch/riscv/kernel/head.S | 1 arch/riscv/mm/init.c | 12 arch/s390/boot/ipl_parm.c | 2 arch/s390/boot/startup.c | 3 arch/s390/include/asm/irq_work.h | 2 arch/s390/kernel/ptrace.c | 6 arch/s390/kvm/kvm-s390.c | 5 arch/sparc/kernel/asm-offsets.c | 6 arch/um/drivers/net_kern.c | 2 arch/um/include/shared/kern_util.h | 2 arch/um/kernel/process.c | 2 arch/um/kernel/time.c | 32 + arch/um/os-Linux/helper.c | 6 arch/um/os-Linux/util.c | 19 arch/x86/boot/compressed/ident_map_64.c | 5 arch/x86/boot/compressed/idt_64.c | 1 arch/x86/boot/compressed/idt_handlers_64.S | 1 arch/x86/boot/compressed/misc.h | 1 arch/x86/include/asm/irq_work.h | 1 arch/x86/include/asm/kmsan.h | 17 arch/x86/kernel/cpu/mce/core.c | 16 block/bio.c | 2 block/blk-mq.c | 16 drivers/accel/habanalabs/common/device.c | 17 drivers/accel/habanalabs/common/habanalabs.h | 2 drivers/accel/habanalabs/common/habanalabs_drv.c | 3 drivers/accel/habanalabs/common/mmu/mmu.c | 1 drivers/accel/habanalabs/common/sysfs.c | 3 drivers/accel/habanalabs/gaudi2/gaudi2.c | 14 drivers/accel/habanalabs/include/hw_ip/pci/pci_general.h | 1 drivers/acpi/acpi_extlog.c | 5 drivers/acpi/acpi_video.c | 9 drivers/acpi/apei/ghes.c | 29 - drivers/acpi/numa/srat.c | 4 drivers/acpi/resource.c | 21 drivers/base/arch_numa.c | 2 drivers/block/rnbd/rnbd-srv.c | 19 drivers/bluetooth/hci_qca.c | 1 drivers/char/hw_random/jh7110-trng.c | 2 drivers/clk/hisilicon/clk-hi3620.c | 4 drivers/clk/imx/clk-imx8qxp.c | 24 drivers/clk/imx/clk-scu.c | 4 drivers/clk/mmp/clk-of-pxa168.c | 3 drivers/crypto/caam/caamalg_qi2.c | 7 drivers/crypto/caam/caamhash.c | 7 drivers/crypto/marvell/octeontx2/otx2_cptlf.c | 6 drivers/crypto/marvell/octeontx2/otx2_cptvf_main.c | 3 drivers/crypto/starfive/jh7110-cryp.c | 2 drivers/crypto/stm32/stm32-crc32.c | 2 drivers/devfreq/devfreq.c | 24 drivers/extcon/extcon.c | 3 drivers/gpu/drm/amd/amdgpu/aldebaran.c | 26 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 21 drivers/gpu/drm/amd/amdgpu/amdgpu_mca.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 31 + drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 6 drivers/gpu/drm/amd/amdgpu/gfxhub_v1_0.c | 4 drivers/gpu/drm/amd/amdgpu/gfxhub_v1_2.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/mmhub_v1_0.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 42 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 24 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 30 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 9 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.c | 71 ++ drivers/gpu/drm/amd/display/dc/clk_mgr/dcn314/dcn314_clk_mgr.h | 11 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/core/dc.c | 4 drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 drivers/gpu/drm/amd/display/dc/dce/dce_audio.c | 2 drivers/gpu/drm/amd/display/dc/dce/dce_clock_source.c | 9 drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dio_link_encoder.c | 5 drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c | 33 + drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.h | 1 drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c | 2 drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c | 8 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 5 drivers/gpu/drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 23 drivers/gpu/drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 25 drivers/gpu/drm/amd/display/dc/inc/hw/clk_mgr.h | 1 drivers/gpu/drm/amd/display/dc/inc/hw/dccg.h | 4 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 40 + drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 221 +++----- drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.h | 4 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_irq_handler.c | 12 drivers/gpu/drm/amd/display/include/audio_types.h | 2 drivers/gpu/drm/amd/display/modules/power/power_helpers.c | 2 drivers/gpu/drm/amd/include/amd_shared.h | 2 drivers/gpu/drm/amd/include/mes_v11_api_def.h | 3 drivers/gpu/drm/amd/pm/powerplay/hwmgr/process_pptables_v1_0.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 17 drivers/gpu/drm/bridge/analogix/anx7625.c | 51 +- drivers/gpu/drm/bridge/analogix/anx7625.h | 4 drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_framebuffer.c | 2 drivers/gpu/drm/drm_mipi_dsi.c | 17 drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 23 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 18 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 18 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 6 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys.h | 4 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 32 - drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 33 - drivers/gpu/drm/msm/disp/dpu1/dpu_hw_wb.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 drivers/gpu/drm/msm/dp/dp_display.c | 6 drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 drivers/gpu/drm/msm/msm_mdss.c | 2 drivers/gpu/drm/panel/panel-edp.c | 48 + drivers/hid/hidraw.c | 7 drivers/hwmon/hp-wmi-sensors.c | 127 ++++- drivers/hwmon/nct6775-core.c | 7 drivers/i2c/busses/i2c-rk3x.c | 8 drivers/i3c/master/i3c-master-cdns.c | 7 drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 drivers/leds/trigger/ledtrig-panic.c | 5 drivers/mailbox/arm_mhuv2.c | 3 drivers/md/md.c | 54 +- drivers/media/i2c/imx335.c | 4 drivers/media/i2c/ov2740.c | 17 drivers/media/pci/ddbridge/ddbridge-main.c | 2 drivers/media/platform/amphion/vpu.h | 3 drivers/media/platform/amphion/vpu_cmds.c | 28 - drivers/media/platform/amphion/vpu_v4l2.c | 1 drivers/media/platform/rockchip/rga/rga.c | 15 drivers/media/platform/rockchip/rkisp1/rkisp1-common.h | 11 drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c | 14 drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 35 + drivers/media/platform/rockchip/rkisp1/rkisp1-isp.c | 20 drivers/media/platform/rockchip/rkisp1/rkisp1-resizer.c | 38 - drivers/media/usb/stk1160/stk1160-video.c | 5 drivers/media/usb/uvc/uvc_driver.c | 18 drivers/mfd/Kconfig | 1 drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 drivers/net/bonding/bond_alb.c | 3 drivers/net/dsa/mt7530.c | 3 drivers/net/dsa/mv88e6xxx/chip.h | 4 drivers/net/dsa/mv88e6xxx/serdes.c | 10 drivers/net/dsa/mv88e6xxx/serdes.h | 8 drivers/net/dsa/qca/qca8k-8xxx.c | 24 drivers/net/ethernet/amd/pds_core/adminq.c | 64 +- drivers/net/ethernet/amd/pds_core/core.c | 46 + drivers/net/ethernet/amd/pds_core/core.h | 2 drivers/net/ethernet/amd/pds_core/debugfs.c | 4 drivers/net/ethernet/amd/pds_core/dev.c | 16 drivers/net/ethernet/amd/pds_core/devlink.c | 3 drivers/net/ethernet/amd/pds_core/fw.c | 3 drivers/net/ethernet/amd/pds_core/main.c | 26 - drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 28 - drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 61 -- drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 22 drivers/net/ethernet/aquantia/atlantic/aq_vec.c | 23 drivers/net/ethernet/google/gve/gve_rx.c | 8 drivers/net/ethernet/intel/e1000/e1000_hw.c | 1 drivers/net/ethernet/intel/e1000e/e1000.h | 20 drivers/net/ethernet/intel/e1000e/ptp.c | 22 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 1 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 1 drivers/net/ethernet/intel/i40e/i40e_common.c | 1 drivers/net/ethernet/intel/i40e/i40e_dcb.c | 2 drivers/net/ethernet/intel/i40e/i40e_nvm.c | 1 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 32 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 1 drivers/net/ethernet/intel/iavf/iavf_common.c | 3 drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 drivers/net/ethernet/intel/ice/ice_lib.c | 7 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 12 drivers/net/ethernet/intel/ice/ice_vsi_vlan_lib.c | 16 drivers/net/ethernet/intel/idpf/virtchnl2.h | 2 drivers/net/ethernet/intel/igb/e1000_i210.c | 4 drivers/net/ethernet/intel/igb/e1000_nvm.c | 4 drivers/net/ethernet/intel/igb/e1000_phy.c | 4 drivers/net/ethernet/intel/igbvf/netdev.c | 28 - drivers/net/ethernet/intel/igc/igc_i225.c | 1 drivers/net/ethernet/intel/igc/igc_phy.c | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 - drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 145 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 42 - drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 43 - drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 44 - drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 +++-- drivers/net/ethernet/marvell/mvmdio.c | 53 -- drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 13 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 7 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 5 drivers/net/ethernet/microchip/lan966x/lan966x_port.c | 5 drivers/net/ethernet/pensando/ionic/ionic_bus_pci.c | 4 drivers/net/ethernet/pensando/ionic/ionic_dev.c | 1 drivers/net/ethernet/pensando/ionic/ionic_dev.h | 1 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 3 drivers/net/ethernet/pensando/ionic/ionic_main.c | 22 drivers/net/phy/at803x.c | 6 drivers/net/phy/mediatek-ge-soc.c | 147 +++-- drivers/net/phy/micrel.c | 6 drivers/net/usb/ax88179_178a.c | 2 drivers/net/virtio_net.c | 9 drivers/net/wireless/ath/ath11k/pcic.c | 4 drivers/net/wireless/ath/ath12k/hal.c | 4 drivers/net/wireless/ath/ath12k/hw.c | 3 drivers/net/wireless/ath/ath12k/mac.c | 4 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/pci.c | 8 drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 2 drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 drivers/net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 drivers/net/wireless/realtek/rtw89/coex.c | 4 drivers/net/wireless/realtek/rtw89/core.c | 2 drivers/net/wireless/realtek/rtw89/core.h | 12 drivers/net/wireless/realtek/rtw89/fw.c | 17 drivers/net/wireless/realtek/rtw89/mac.c | 100 +++ drivers/net/wireless/realtek/rtw89/mac.h | 1 drivers/net/wireless/realtek/rtw89/mac80211.c | 3 drivers/net/wireless/realtek/rtw89/reg.h | 17 drivers/net/wireless/silabs/wfx/sta.c | 42 - drivers/opp/core.c | 9 drivers/pci/pci.h | 2 drivers/pci/pcie/aer.c | 9 drivers/pci/quirks.c | 24 drivers/pci/switch/switchtec.c | 25 drivers/perf/arm_pmuv3.c | 6 drivers/pinctrl/intel/pinctrl-baytrail.c | 3 drivers/pnp/pnpacpi/rsparser.c | 12 drivers/regulator/core.c | 56 +- drivers/regulator/ti-abb-regulator.c | 22 drivers/s390/crypto/vfio_ap_ops.c | 16 drivers/scsi/arcmsr/arcmsr.h | 4 drivers/scsi/arcmsr/arcmsr_hba.c | 6 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 drivers/scsi/isci/request.c | 2 drivers/scsi/libfc/fc_fcp.c | 18 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_els.c | 14 drivers/scsi/lpfc/lpfc_init.c | 4 drivers/scsi/lpfc/lpfc_vmid.c | 1 drivers/scsi/mpi3mr/mpi3mr_fw.c | 3 drivers/scsi/mpi3mr/mpi3mr_os.c | 13 drivers/scsi/scsi_error.c | 8 drivers/scsi/scsi_lib.c | 2 drivers/scsi/scsi_priv.h | 2 drivers/soc/xilinx/xlnx_event_manager.c | 7 drivers/spmi/spmi-mtk-pmif.c | 7 drivers/staging/vme_user/vme.c | 2 drivers/thermal/thermal_core.c | 30 - drivers/tty/serial/8250/8250_pci.c | 58 ++ drivers/tty/tty_ioctl.c | 4 drivers/usb/core/hub.c | 33 + drivers/usb/host/xhci-plat.c | 23 drivers/watchdog/it87_wdt.c | 14 drivers/watchdog/starfive-wdt.c | 2 drivers/xen/gntdev-dmabuf.c | 50 - fs/9p/v9fs_vfs.h | 1 fs/9p/vfs_inode.c | 6 fs/9p/vfs_inode_dotl.c | 1 fs/afs/callback.c | 3 fs/ceph/caps.c | 9 fs/ceph/mds_client.c | 2 fs/ceph/quota.c | 39 - fs/dcache.c | 7 fs/ecryptfs/inode.c | 8 fs/erofs/zdata.c | 2 fs/erofs/zmap.c | 32 - fs/ext4/extents.c | 6 fs/ext4/mballoc.c | 11 fs/ext4/resize.c | 37 - fs/f2fs/compress.c | 4 fs/f2fs/file.c | 2 fs/f2fs/recovery.c | 25 fs/jfs/jfs_dmap.c | 57 +- fs/jfs/jfs_dtree.c | 7 fs/jfs/jfs_imap.c | 3 fs/jfs/jfs_mount.c | 6 fs/kernfs/dir.c | 12 fs/ocfs2/namei.c | 8 fs/proc/proc_sysctl.c | 9 fs/pstore/ram.c | 1 fs/reiserfs/namei.c | 54 +- fs/smb/client/cifsglob.h | 30 - fs/smb/client/cifsproto.h | 15 fs/smb/client/cifssmb.c | 17 fs/smb/client/inode.c | 3 fs/smb/client/link.c | 4 fs/smb/client/sess.c | 14 fs/smb/client/smb2inode.c | 55 +- fs/smb/client/smb2proto.h | 16 fs/tracefs/event_inode.c | 117 +++- fs/tracefs/inode.c | 198 ++++--- fs/tracefs/internal.h | 4 include/asm-generic/numa.h | 2 include/asm-generic/unaligned.h | 24 include/drm/drm_color_mgmt.h | 1 include/drm/drm_mipi_dsi.h | 2 include/linux/avf/virtchnl.h | 1 include/linux/bpf.h | 2 include/linux/irq_work.h | 3 include/linux/mm_types.h | 3 include/linux/mmzone.h | 6 include/linux/pci_ids.h | 1 include/linux/pm_opp.h | 4 include/linux/thermal.h | 2 include/net/af_unix.h | 20 include/net/ip.h | 2 include/net/netfilter/nf_tables.h | 2 kernel/audit.c | 31 - kernel/bpf/arraymap.c | 23 kernel/bpf/helpers.c | 15 kernel/bpf/syscall.c | 6 kernel/events/core.c | 38 + kernel/sched/fair.c | 56 ++ lib/debugobjects.c | 200 +++---- lib/fw_table.c | 30 - lib/kunit/executor.c | 4 lib/kunit/test.c | 15 net/bluetooth/hci_sync.c | 10 net/bluetooth/iso.c | 51 +- net/bluetooth/l2cap_core.c | 3 net/bpf/test_run.c | 2 net/bridge/br_cfm_netlink.c | 2 net/bridge/br_multicast.c | 20 net/bridge/br_private.h | 4 net/devlink/port.c | 2 net/ipv4/ip_output.c | 12 net/ipv4/ip_sockglue.c | 6 net/ipv4/ipmr.c | 2 net/ipv4/raw.c | 2 net/ipv4/tcp.c | 12 net/ipv4/udp.c | 2 net/ipv6/addrconf_core.c | 21 net/ipv6/ip6_tunnel.c | 21 net/kcm/kcmsock.c | 2 net/llc/af_llc.c | 2 net/netfilter/nf_conntrack_proto_tcp.c | 10 net/netfilter/nf_log.c | 7 net/netfilter/nf_tables_api.c | 14 net/netfilter/nft_ct.c | 24 net/netfilter/nft_tunnel.c | 1 net/rxrpc/conn_service.c | 3 net/smc/smc_clc.c | 14 net/sunrpc/xprtmultipath.c | 17 net/unix/af_unix.c | 14 net/unix/diag.c | 2 net/wireless/scan.c | 4 sound/hda/hdac_stream.c | 9 sound/hda/intel-dsp-config.c | 10 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 115 ++++ sound/soc/amd/acp-config.c | 15 sound/soc/codecs/lpass-wsa-macro.c | 7 sound/soc/codecs/rtq9128.c | 73 +- sound/soc/codecs/wcd938x.c | 2 sound/soc/codecs/wsa883x.c | 6 sound/soc/qcom/sc8280xp.c | 12 tools/build/feature/test-libopencsd.c | 4 tools/lib/bpf/libbpf.c | 2 tools/lib/bpf/libbpf_common.h | 13 tools/lib/subcmd/help.c | 18 tools/testing/kunit/kunit_parser.py | 4 tools/testing/selftests/bpf/cgroup_helpers.c | 18 tools/testing/selftests/bpf/prog_tests/btf.c | 6 tools/testing/selftests/bpf/prog_tests/tc_opts.c | 6 tools/testing/selftests/bpf/progs/pyperf180.c | 22 tools/testing/selftests/bpf/progs/test_global_func17.c | 1 tools/testing/selftests/bpf/veristat.c | 2 tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 tools/testing/selftests/drivers/net/bonding/lag_lib.sh | 11 tools/testing/selftests/drivers/net/team/config | 4 tools/testing/selftests/net/Makefile | 5 tools/testing/selftests/net/config | 16 tools/testing/selftests/net/pmtu.sh | 18 tools/testing/selftests/net/setup_veth.sh | 2 tools/testing/selftests/net/udpgro.sh | 4 tools/testing/selftests/net/udpgro_bench.sh | 4 tools/testing/selftests/net/udpgro_frglist.sh | 6 tools/testing/selftests/net/udpgro_fwd.sh | 8 tools/testing/selftests/net/veth.sh | 4 tools/testing/selftests/net/xdp_dummy.c | 13 tools/testing/selftests/nolibc/nolibc-test.c | 4 tools/testing/selftests/sgx/test_encl.lds | 6 517 files changed, 5331 insertions(+), 3339 deletions(-) Abhinav Kumar (1): drm/msm/dpu: fix writeback programming for YUV cases Adrian Reber (1): tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Ahmed Zaki (1): ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values Al Viro (1): fast_dput(): handle underflows gracefully Alex Deucher (2): drm/amdgpu: apply the RV2 system aperture fix to RN/CZN as well drm/amdgpu: fix avg vs input power reporting on smu7 Alex Lyakas (1): md: Whenassemble the array, consult the superblock of the freshest device Alexander Gordeev (1): s390/boot: always align vmalloc area on segment boundary Alexander Stein (4): ARM: dts: imx7d: Fix coresight funnel ports ARM: dts: imx7s: Fix lcdif compatible ARM: dts: imx7s: Fix nand-controller #size-cells clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks Alexandre Ghiti (1): riscv: Fix build error on rv32 + XIP Alexei Starovoitov (1): x86/cfi,bpf: Fix bpf_exception_cb() signature Allen Pan (1): drm/amd/display: fix usb-c connector_type Alvin Lee (3): drm/amd/display: For prefetch mode > 0, extend prefetch if possible drm/amd/display: Force p-state disallow if leaving no plane config drm/amd/display: Only clear symclk otg flag for HDMI Andrii Nakryiko (3): selftests/bpf: fix RELEASE=1 build for tc_opts selftests/bpf: satisfy compiler by having explicit return in btf test selftests/bpf: fix compiler warnings in RELEASE=1 mode Andrii Staikov (1): i40e: Fix VF disable behavior to block all traffic Andrzej Hajda (1): debugobjects: Stop accessing objects after releasing hash bucket lock Andy Shevchenko (1): pinctrl: baytrail: Fix types of config value in byt_pin_config_set() Anna Schumaker (1): SUNRPC: Fix a suspicious RCU usage warning Anton Ivanov (1): um: Fix naming clash between UML and scheduler Arnd Bergmann (2): arch: consolidate arch_irq_work_raise prototypes arch: fix asm-offsets.c building with -Wmissing-prototypes Baochen Qiang (1): wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early Baokun Li (3): ext4: unify the type of flexbg_size to unsigned int ext4: remove unnecessary check from alloc_flex_gd() ext4: avoid online resizing failures due to oversized flex bg Ben Dooks (1): watchdog: starfive: add lock annotations to fix context imbalances Ben Mayo (1): ACPI: resource: Add DMI quirks for ASUS Vivobook E1504GA and E1504GAB Benjamin Berg (2): wifi: cfg80211: free beacon_ies when overridden from hidden BSS um: Don't use vfprintf() for os_info() Benjamin Poirier (2): selftests: team: Add missing config options selftests: bonding: Check initial state Bharat Bhushan (1): crypto: octeontx2 - Fix cptvf driver cleanup Bjorn Helgaas (1): PCI/AER: Decode Requester ID when no error info found Breno Leitao (1): net: sysfs: Fix /sys/class/net/<iface> path Brett Creeley (6): pds_core: Prevent health thread from running during reset/remove pds_core: Cancel AQ work on teardown pds_core: Use struct pdsc for the pdsc_adminq_isr private data pds_core: Prevent race issues involving the adminq pds_core: Clear BARs on reset pds_core: Rework teardown/setup flow to be more common Chao Yu (2): f2fs: fix to check return value of f2fs_reserve_new_block() f2fs: fix to tag gcing flag on page during block migration ChiYuan Huang (2): ASoC: codecs: rtq9128: Fix PM_RUNTIME usage ASoC: codecs: rtq9128: Fix TDM enable and DAI format control flow Chih-Kang Chang (1): wifi: rtw89: fix misbehavior of TX beacon in concurrent mode Ching-Te Ku (1): wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members Chris Riches (1): audit: Send netlink ACK before setting connection in auditd_set Christian Marangi (1): net: phy: at803x: fix passing the wrong reference for config_intr Christoph Hellwig (1): block: prevent an integer overflow in bvec_try_merge_hw_page Christophe JAILLET (1): ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Chunyan Zhang (2): arm64: dts: sprd: Add clock reference for pll2 on UMS512 arm64: dts: sprd: Change UMS512 idle-state nodename to match bindings Crescent CY Hsieh (1): tty: serial: 8250: Set RS422 interface by default to fix Moxa RS422/RS485 PCIe boards Cristian Ciocaltea (1): ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Dafna Hirschfeld (1): accel/habanalabs/gaudi2: fix undef opcode reporting Daniel Golle (3): net: ethernet: mtk_eth_soc: set DMA coherent mask to get PPE working net: phy: mediatek-ge-soc: sync driver with MediaTek SDK net: dsa: mt7530: fix 10M/100M speed on MT7988 switch Daniel Miess (1): Revert "drm/amd/display: Fix conversions between bytes and KB" Daniel Stodden (1): PCI: switchtec: Fix stdev_release() crash after surprise hot remove Daniel Vacek (1): IB/ipoib: Fix mcast list locking Danylo Piliaiev (1): drm/msm/a690: Fix reg values for a690 David Howells (1): 9p: Fix initialisation of netfs_inode for 9p Dennis Chan (1): drm/amd/display: Fix Replay Desync Error IRQ handler Dmitry Antipov (3): PNP: ACPI: fix fortify warning wifi: rtw89: fix timeout calculation in rtw89_roc_end() wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Dmitry Baryshkov (5): ARM: dts: qcom: strip prefix from PMIC files ARM: dts: qcom: mdm9615: fix PMIC node labels ARM: dts: qcom: msm8660: fix PMIC node labels drm/msm/dpu: enable writeback on SM8350 drm/msm/dpu: enable writeback on SM8450 Dmitry Torokhov (1): asm-generic: make sparse happy with odd-sized put_unaligned_*() Douglas Anderson (1): drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Edward Adam Davis (3): jfs: fix uaf in jfs_evict_inode jfs: fix array-index-out-of-bounds in diNewExt wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Eric Dumazet (4): ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() tcp: add sanity checks to rx zerocopy llc: call sock_orphan() at release time af_unix: fix lockdep positive in sk_diag_dump_icons() Fabio Estevam (9): ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx27: Fix sram node ARM: dts: imx1: Fix sram node ARM: dts: imx25: Fix the iim compatible string ARM: dts: imx25/27: Pass timing0 ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx23/28: Fix the DMA controller node name Farah Kassabri (1): accel/habanalabs: fix EQ heartbeat mechanism Felix Kuehling (2): drm/amdgpu: Let KFD sync with VM fences drm/amdkfd: Fix lock dependency warning Frederik Haxel (1): riscv: Make XIP bootable again Frédéric Danis (1): Bluetooth: L2CAP: Fix possible multiple reject send Gabriel Krisman Bertazi (1): ecryptfs: Reject casefold directory inodes Gao Xiang (2): erofs: fix up compacted indexes for block size < 4096 erofs: fix ztailpacking for subpage compressed blocks Gaurav Jain (1): crypto: caam - fix asynchronous hash Geetha sowjanya (1): octeontx2-pf: Remove xdp queues on program detach Ghanshyam Agrawal (1): media: stk1160: Fixed high volume of stk1160_dbg messages Greg KH (1): perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Greg Kroah-Hartman (1): Linux 6.7.4 Guilherme G. Piccoli (1): PCI: Only override AMD USB controller if required Gustavo A. R. Silva (1): crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings Hannes Reinecke (2): scsi: libfc: Don't schedule abort twice scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hans de Goede (2): media: ov2740: Fix hts value misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Hardik Gajjar (2): usb: hub: Replace hardcoded quirk value with BIT() macro usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x hub HariBabu Gattem (1): soc: xilinx: Fix for call trace due to the usage of smp_processor_id() Harshit Shah (1): i3c: master: cdns: Update maximum prescaler value for i2c clock Heiko Carstens (2): s390/ptrace: handle setting of fpc register correctly KVM: s390: fix setting of fpc register Heiner Kallweit (1): leds: trigger: panic: Don't register panic notifier if creating the trigger failed Helge Deller (1): ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Horatiu Vultur (1): net: lan966x: Fix port configuration when using SGMII interface Hou Tao (3): bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers bpf: Set need_defer as false when clearing fd array during map free bpf: Set uattr->batch.count as zero before batched update or deletion Hsin-Yi Wang (1): drm/panel-edp: Add override_edid_mode quirk for generic edp Huang Shijie (2): arm64: irq: set the correct node for VMAP stack arm64: irq: set the correct node for shadow call stack Ian Rogers (1): libsubcmd: Fix memory leak in uniq() Ido Schimmel (2): PCI: Add no PM reset quirk for NVIDIA Spectrum devices selftests: net: Add missing matchall classifier Igor Russkikh (1): net: atlantic: eliminate double free in error handling logic Ilpo Järvinen (1): PCI: Fix 64GT/s effective data rate calculation Ilya Bakoulin (1): drm/amd/display: Fix MST PBN/X.Y value calculations Iulia Tanasescu (1): Bluetooth: ISO: Avoid creating child socket if PA sync is terminating Ivan Lipski (1): Re-revert "drm/amd/display: Enable Replay for static screen use cases" Jack Wang (1): RDMA/IPoIB: Fix error code return in ipoib_mcast_join Jacob Keller (1): e1000e: correct maximum frequency adjustment values Jaegeuk Kim (1): f2fs: fix write pointers on zoned device after roll forward Jakub Kicinski (2): selftests: net: add missing config for nftables-backed iptables selftests: net: add missing config for NF_TARGET_TTL James Clark (1): perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present James Seo (1): hwmon: (hp-wmi-sensors) Fix failure to load on EliteDesk 800 G6 Jan Kara (2): reiserfs: Avoid touching renamed directory if parent does not change ocfs2: Avoid touching renamed directory if parent does not change Jedrzej Jagielski (2): ixgbe: Refactor returning internal error codes ixgbe: Refactor overtemp event handling Jesse Brandeburg (2): intel: add bit macro includes where needed ice: fix pre-shifted bit usage Jia Jie Ho (2): hwrng: starfive - Fix dev_err_probe return error crypto: starfive - Fix dev_err_probe return error Jo Van Bulck (1): selftests/sgx: Fix linker script asserts Joel Granados (1): sysctl: Fix out of bounds access for empty sysctl registers Johan Hovold (4): ASoC: qcom: sc8280xp: limit speaker volumes ASoC: codecs: wcd938x: fix headphones volume controls ASoC: codecs: lpass-wsa-macro: fix compander volume hack ASoC: codecs: wsa883x: fix PA volume control Johan Jonker (1): ARM: dts: rockchip: fix rk3036 hdmi ports node Johannes Berg (1): um: time-travel: fix time corruption Jonathan Gray (1): Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again" Jonathan Kim (2): drm/amdkfd: fix mes set shader debugger process management drm/amdkfd: only flush mes process context if mes support is there Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid two consecutive device resets Josip Pavic (1): drm/amd/display: make flip_timestamp_in_us a 64-bit variable Jun'ichi Nomura (1): x86/boot: Ignore NMIs during very early boot Justin Tee (3): scsi: lpfc: Fix possible file string name overflow when updating firmware scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes Kang Yang (1): wifi: ath12k: fix and enable AP mode for WCN7850 Kees Cook (1): block/rnbd-srv: Check for unlikely string overflow Kieran Bingham (1): media: i2c: imx335: Fix hblank min/max values Konrad Dybcio (1): drm/msm/dsi: Enable runtime PM Kory Maincent (1): net: phy: micrel: fix ts_info value in case of no phc Krzysztof Kozlowski (2): ARM: dts: samsung: exynos4: fix camera unit addresses/ranges ARM: dts: samsung: s5pv210: fix camera unit addresses/ranges Kuan-Wei Chiu (3): clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() clk: imx: scu: Fix memory leak in __imx_clk_gpr_scu() Kunwu Chan (1): powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Laurent Pinchart (1): media: rkisp1: resizer: Stop manual allocation of v4l2_subdev_state Lin Ma (1): bridge: cfm: fix enum typo in br_cc_ccm_tx_parse Lingbo Kong (1): wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 Linus Lüssing (1): bridge: mcast: fix disabled snooping after long uptime Linus Torvalds (1): tracefs: remove stale 'update_gid' code Linus Walleij (3): ARM: dts: marvell: Fix some common switch mistakes ARM64: dts: marvell: Fix some common switch mistakes ARM: dts: usr8200: Fix phy registers Manas Ghandat (2): jfs: fix slab-out-of-bounds Read in dtSearch jfs: fix array-index-out-of-bounds in dbAdjTree Mao Jinlong (3): arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property arm64: dts: qcom: Fix coresight warnings in in-ports and out-ports Marco Elver (1): mm, kmsan: fix infinite recursion due to RCU critical section Marco Pagani (1): kunit: run test suites only after module initialization completes Mark Rutland (1): drivers/perf: pmuv3: don't expose SW_INCR event in sysfs Martin Tsai (1): drm/amd/display: To adjust dprefclk by down spread percentage Matthias May (1): selftests: net: add missing config for GENEVE Max Kellermann (1): fs/kernfs/dir: obey S_ISGID Meenakshikumar Somasundaram (2): drm/amd/display: Fix tiled display misalignment drm/amd/display: Fix minor issues in BW Allocation Phase2 MeiChia Chiu (1): wifi: mt76: connac: fix EHT phy mode check Michael Ellerman (3): powerpc: Fix build error due to is_valid_bugaddr() powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() Michael Maltsev (1): ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CGA Michael Strauss (1): drm/amd/display: Fix lightup regression with DP2 single display configs Michael Tretter (1): media: rockchip: rga: fix swizzling for RGB formats Michal Simek (2): arm64: zynqmp: Move fixed clock to / for kv260 arm64: zynqmp: Fix clock node name in kv260 cards Michal Vokáč (1): net: dsa: qca8k: fix illegal usage of GPIO Michal Wajdeczko (1): kunit: Reset test->priv after each param iteration Mina Almasry (1): net: kcm: fix direct access to bv_len Ming Lei (2): blk-mq: fix IO hang from sbitmap wakeup race scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Ming Qian (1): media: amphion: remove mutext lock in condition of wait_event Mingyi Zhang (1): libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos Minsuk Kang (1): wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Mukesh Ojha (1): PM / devfreq: Synchronize devfreq_monitor_[start/stop] Nathan Chancellor (1): um: net: Fix return type of uml_net_start_xmit() Naveen N Rao (1): powerpc/lib: Validate size for vector operations Neil Armstrong (3): arm64: dts: qcom: sm8550: fix soundwire controllers node name arm64: dts: qcom: sm8450: fix soundwire controllers node name drm/msm/dp: Add DisplayPort controller for SM8650 Nia Espera (1): arm64: dts: qcom: sm8350: Fix remoteproc interrupt type Nicholas Susanto (1): drm/amd/display: Fix disable_otg_wa logic Nicolas Dichtel (1): ipmr: fix kernel panic when forwarding mcast packets Oded Gabbay (1): accel/habanalabs: add support for Gaudi2C device Ojaswin Mujoo (1): ext4: treat end of range as exclusive in ext4_zero_range() Oleg Nesterov (2): afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleksandr Tyshchenko (1): xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import Osama Muhammad (2): FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree UBSAN: array-index-out-of-bounds in dtSplitRoot Pablo Neira Ayuso (3): netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Paloma Arellano (1): drm/msm/dpu: Add mutex lock in control vblank irq Paolo Abeni (9): selftests: net: remove dependency on ebpf tests selftests: net: explicitly wait for listener ready selftests: net: add missing config for big tcp tests selftests: net: add missing required classifier selftests: net: give more time for GRO aggregation selftests: net: add missing config for pmtu.sh tests selftests: net: fix available tunnels detection selftests: net: don't access /dev/stdout in pmtu.sh selftests: net: enable some more knobs Parav Pandit (1): devlink: Fix referring to hw_addr attribute during state validation Paulo Alcantara (2): smb: client: fix renaming of reparse points smb: client: fix hardlinking of reparse points Pavan Kumar Linga (1): idpf: avoid compiler padding in virtchnl2_ptype struct Peter Robinson (1): mfd: ti_am335x_tscadc: Fix TI SoC dependencies Peter Zijlstra (1): perf: Fix the nr_addr_filters fix Philip Yang (1): drm/amdkfd: Fix lock dependency warning with srcu Pierre-Louis Bossart (3): PCI: add INTEL_HDA_ARL to pci_ids.h ALSA: hda: Intel: add HDA_ARL PCI ID support ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL Piro Yang (1): staging: vme_user: Fix the issue of return the wrong error code Po-Hao Huang (1): wifi: rtw89: fix not entering PS mode after AP stops Prarit Bhargava (1): ACPI: extlog: fix NULL pointer dereference check Praveen Kaligineedi (1): gve: Fix skb truesize underestimation Rae Moar (1): kunit: tool: fix parsing of test attributes Rafael J. Wysocki (1): thermal: core: Fix thermal zone suspend-resume synchronization Raghavendra K T (1): sched/numa: Fix mm numa_scan_seq based unconditional scan Ricardo Ribalda (2): media: uvcvideo: Fix power line control for a Chicony camera media: uvcvideo: Fix power line control for SunplusIT camera Rob Clark (2): drm/msm/dpu: Ratelimit framedone timeout msgs drm/msm/dpu: Correct UBWC settings for sc8280xp Romain Naour (1): regulator: ti-abb: don't use devm_platform_ioremap_resource_byname for shared interrupt register Rui Zhang (1): regulator: core: Only increment use_count when enable_count changes Ryan Schaefer (1): netfilter: conntrack: correct window scaling with retransmitted SYN Shannon Nelson (2): ionic: pass opcode to devcmd_wait ionic: bypass firmware cmds when stuck in reset Shiji Yang (2): wifi: rt2x00: restart beacon queue when hardware reset wifi: rt2x00: correct wrong BBP register in RxDCOC calibration Shuai Xue (1): ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events Shyam Prasad N (1): cifs: fix in logging in cifs_chan_update_iface Srinivasan Shanmugam (10): drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' Stanley.Yang (1): drm/amdgpu: Fix ecc irq enable/disable unpaired StanleyYP Wang (1): wifi: mt76: mt7996: add PCI IDs for mt7992 Stephen Rothwell (2): powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE drm: using mul_u32_u32() requires linux/math64.h Steven Rostedt (Google) (1): tracefs/eventfs: Use root and instance inodes as default ownership Su Hui (4): wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() media: ddbridge: fix an error code problem in ddb_probe scsi: isci: Fix an error code problem in isci_io_request_build() HID: hidraw: fix a problem of memory leak in hidraw_release() Suman Ghosh (1): octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry Sumit Saxena (2): scsi: mpi3mr: Add support for SAS5116 PCI IDs scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116 Takashi Iwai (1): ALSA: hda: Refer to correct stream index at loops Tanmay Shah (1): soc: xilinx: fix unhandled SGI warning message Thomas Bourgoin (1): crypto: stm32/crc32 - fix parsing list of devices Thomas Weißschuh (1): selftests/nolibc: fix testcase status alignment Tim Lunn (1): i2c: rk3x: Adjust mask/value offset for i2c2 on rv1126 Tobias Waldekranz (2): net: mvmdio: Avoid excessive sleeps in polled mode net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path Tomi Valkeinen (7): drm/drm_file: fix use of uninitialized variable drm/framebuffer: Fix use of uninitialized variable drm/mipi-dsi: Fix detach call without attach media: rkisp1: Drop IRQF_SHARED media: rkisp1: Fix IRQ handler return values media: rkisp1: Store IRQ lines media: rkisp1: Fix IRQ disable race issue Tony Krowiak (1): s390/vfio-ap: fix sysfs status attribute for AP queue devices Venkata Prasad Potturu (1): ASoC: amd: Add new dmi entries for acp5x platform Venky Shankar (1): ceph: reinitialize mds feature bit even when session in open Vincent Guittot (1): sched/fair: Fix tg->load when offlining a CPU Viresh Kumar (1): OPP: The level field is always of unsigned int type Vladimir Oltean (1): net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure Wang, Beyond (1): drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap Weichen Chen (1): pstore/ram: Fix crash when setting number of cpus to an odd number Wen Gu (1): net/smc: disable SEID on non-s390 archs where virtual ISM may be used Wenchao Hao (1): ceph: fix invalid pointer access if get_quota_realm return ERR_PTR Wenjing Liu (1): drm/amd/display: add support for DTO genarated dscclk Werner Fischer (1): watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Xianwei Zhao (1): arm64: dts: amlogic: fix format for s4 uart node Xiaowu.ding (1): mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt Xin Ji (1): drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms Xing Tong Wu (1): hwmon: (nct6775) Fix fan speed set failure in automatic mode Xiubo Li (1): ceph: fix deadlock or deadcode of misusing dget() Yafang Shao (1): selftests/bpf: Fix issues in setup_classid_environment() Yaxiong Tian (1): extcon: fix possible name leak in extcon_dev_register() Ye Bin (1): ext4: fix inconsistent between segment fstrim and full fstrim Yihang Li (1): scsi: hisi_sas: Set .phy_attached before notifing phyup event HISI_PHYE_PHY_UP_PM Yinbo Zhu (1): usb: xhci-plat: fix usb disconnect issue after s4 Yonghong Song (4): libbpf: Fix potential uninitialized tail padding with LIBBPF_OPTS_RESET selftests/bpf: Fix pyperf180 compilation failure with clang18 bpf: Fix a few selftest failures due to llvm18 change selftests/bpf: Remove flaky test_btf_id test Yu-Che Cheng (1): spmi: mediatek: Fix UAF on device remove Yuluo Qiu (1): ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Yuntao Wang (2): ACPI: tables: Correct and clean up the logic of acpi_parse_entries_array() ACPI: NUMA: Fix the logic of getting the fake_pxm value Zenm Chen (1): wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Zhengchao Shao (2): bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk bonding: remove print in bond_verify_device_path Zhipeng Lu (1): net: ipv4: fix a memleak in ip_setup_cork Zhiquan Li (1): x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Zhu Yanjun (1): virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Zijun Hu (1): Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 bo liu (1): ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 ching Huang (1): scsi: arcmsr: Support new PCI device IDs 1883 and 1886 clancy shang (1): Bluetooth: hci_sync: fix BR/EDR wakeup bug

1 year, 9 months

1
1
0 0

Linux 6.6.16

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.16 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-class-net-queues | 22 Documentation/sound/soc/dapm.rst | 2 Documentation/sphinx/cdomain.py | 2 Documentation/sphinx/kernel_abi.py | 2 Documentation/sphinx/kernel_feat.py | 2 Documentation/sphinx/kerneldoc.py | 2 Documentation/sphinx/maintainers_include.py | 8 Makefile | 2 arch/arm/boot/dts/nxp/imx/imx1-ads.dts | 2 arch/arm/boot/dts/nxp/imx/imx1-apf9328.dts | 2 arch/arm/boot/dts/nxp/imx/imx1.dtsi | 5 arch/arm/boot/dts/nxp/imx/imx25-eukrea-cpuimx25.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 arch/arm/boot/dts/nxp/imx/imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 arch/arm/boot/dts/nxp/imx/imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 arch/arm/boot/dts/nxp/imx/imx25-pdk.dts | 2 arch/arm/boot/dts/nxp/imx/imx25.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx27-apf27dev.dts | 4 arch/arm/boot/dts/nxp/imx/imx27-eukrea-cpuimx27.dtsi | 4 arch/arm/boot/dts/nxp/imx/imx27-eukrea-mbimxsd27-baseboard.dts | 2 arch/arm/boot/dts/nxp/imx/imx27-phytec-phycard-s-rdk.dts | 2 arch/arm/boot/dts/nxp/imx/imx27-phytec-phycore-rdk.dts | 2 arch/arm/boot/dts/nxp/imx/imx27-phytec-phycore-som.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx27.dtsi | 3 arch/arm/boot/dts/nxp/imx/imx7d.dtsi | 3 arch/arm/boot/dts/nxp/imx/imx7s.dtsi | 10 arch/arm/boot/dts/nxp/mxs/imx23-sansa.dts | 12 arch/arm/boot/dts/nxp/mxs/imx23.dtsi | 2 arch/arm/boot/dts/nxp/mxs/imx28.dtsi | 2 arch/arm/boot/dts/qcom/pm8226.dtsi | 180 +++++++ arch/arm/boot/dts/qcom/pm8841.dtsi | 68 ++ arch/arm/boot/dts/qcom/pm8941.dtsi | 254 ++++++++++ arch/arm/boot/dts/qcom/pma8084.dtsi | 99 +++ arch/arm/boot/dts/qcom/pmx55.dtsi | 85 +++ arch/arm/boot/dts/qcom/pmx65.dtsi | 33 + arch/arm/boot/dts/qcom/qcom-apq8026-asus-sparrow.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8026-huawei-sturgeon.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8026-lg-lenok.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8026-samsung-matisse-wifi.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8060-dragonboard.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8074-dragonboard.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8084-ifc6540.dts | 2 arch/arm/boot/dts/qcom/qcom-apq8084-mtp.dts | 2 arch/arm/boot/dts/qcom/qcom-mdm9615-wp8548.dtsi | 2 arch/arm/boot/dts/qcom/qcom-mdm9615.dtsi | 14 arch/arm/boot/dts/qcom/qcom-msm8660.dtsi | 16 arch/arm/boot/dts/qcom/qcom-msm8974-lge-nexus5-hammerhead.dts | 4 arch/arm/boot/dts/qcom/qcom-msm8974-sony-xperia-rhine.dtsi | 4 arch/arm/boot/dts/qcom/qcom-msm8974pro-fairphone-fp2.dts | 4 arch/arm/boot/dts/qcom/qcom-msm8974pro-oneplus-bacon.dts | 4 arch/arm/boot/dts/qcom/qcom-msm8974pro-samsung-klte.dts | 2 arch/arm/boot/dts/qcom/qcom-msm8974pro-sony-xperia-shinano-castor.dts | 4 arch/arm/boot/dts/qcom/qcom-pm8226.dtsi | 180 ------- arch/arm/boot/dts/qcom/qcom-pm8841.dtsi | 68 -- arch/arm/boot/dts/qcom/qcom-pm8941.dtsi | 254 ---------- arch/arm/boot/dts/qcom/qcom-pma8084.dtsi | 99 --- arch/arm/boot/dts/qcom/qcom-pmx55.dtsi | 85 --- arch/arm/boot/dts/qcom/qcom-pmx65.dtsi | 33 - arch/arm/boot/dts/qcom/qcom-sdx55-mtp.dts | 2 arch/arm/boot/dts/qcom/qcom-sdx55-t55.dts | 2 arch/arm/boot/dts/qcom/qcom-sdx55-telit-fn980-tlb.dts | 2 arch/arm/boot/dts/qcom/qcom-sdx65-mtp.dts | 2 arch/arm/boot/dts/rockchip/rk3036.dtsi | 14 arch/arm/boot/dts/samsung/exynos4.dtsi | 26 - arch/arm/boot/dts/samsung/exynos4x12.dtsi | 17 arch/arm/boot/dts/samsung/s5pv210.dtsi | 18 arch/arm/include/asm/irq_work.h | 2 arch/arm64/boot/dts/amlogic/meson-s4-s805x2-aq222.dts | 4 arch/arm64/boot/dts/amlogic/meson-s4.dtsi | 4 arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 - arch/arm64/boot/dts/qcom/sdm845.dtsi | 5 arch/arm64/boot/dts/qcom/sm8150.dtsi | 5 arch/arm64/boot/dts/qcom/sm8250.dtsi | 24 arch/arm64/boot/dts/qcom/sm8350.dtsi | 8 arch/arm64/boot/dts/qcom/sm8450.dtsi | 8 arch/arm64/boot/dts/qcom/sm8550.dtsi | 8 arch/arm64/boot/dts/sprd/ums512.dtsi | 3 arch/arm64/boot/dts/xilinx/zynqmp-sck-kv-g-revA.dtso | 40 - arch/arm64/boot/dts/xilinx/zynqmp-sck-kv-g-revB.dtso | 42 - arch/arm64/include/asm/irq_work.h | 2 arch/arm64/kernel/irq.c | 7 arch/csky/include/asm/irq_work.h | 2 arch/loongarch/kernel/smp.c | 1 arch/loongarch/mm/tlb.c | 16 arch/powerpc/crypto/aes-gcm-p10-glue.c | 2 arch/powerpc/include/asm/irq_work.h | 1 arch/powerpc/include/asm/mmu.h | 4 arch/powerpc/include/asm/mmzone.h | 8 arch/powerpc/kernel/traps.c | 2 arch/powerpc/lib/sstep.c | 10 arch/powerpc/mm/book3s64/pgtable.c | 2 arch/powerpc/mm/init-common.c | 5 arch/powerpc/mm/mmu_decl.h | 5 arch/riscv/include/asm/irq_work.h | 2 arch/riscv/kernel/head.S | 1 arch/riscv/mm/init.c | 12 arch/s390/boot/ipl_parm.c | 2 arch/s390/boot/startup.c | 3 arch/s390/include/asm/irq_work.h | 2 arch/s390/kernel/ptrace.c | 6 arch/s390/kvm/kvm-s390.c | 5 arch/um/drivers/net_kern.c | 2 arch/um/include/shared/kern_util.h | 2 arch/um/kernel/process.c | 2 arch/um/kernel/time.c | 32 + arch/um/os-Linux/helper.c | 6 arch/um/os-Linux/util.c | 19 arch/x86/boot/compressed/ident_map_64.c | 5 arch/x86/boot/compressed/idt_64.c | 1 arch/x86/boot/compressed/idt_handlers_64.S | 1 arch/x86/boot/compressed/misc.h | 1 arch/x86/include/asm/irq_work.h | 1 arch/x86/include/asm/kmsan.h | 17 arch/x86/kernel/cpu/mce/core.c | 16 block/bio.c | 2 block/blk-mq.c | 16 drivers/accel/habanalabs/common/device.c | 3 drivers/accel/habanalabs/common/habanalabs.h | 2 drivers/accel/habanalabs/common/habanalabs_drv.c | 3 drivers/accel/habanalabs/common/mmu/mmu.c | 1 drivers/accel/habanalabs/common/sysfs.c | 3 drivers/accel/habanalabs/include/hw_ip/pci/pci_general.h | 1 drivers/acpi/acpi_extlog.c | 5 drivers/acpi/acpi_video.c | 9 drivers/acpi/apei/ghes.c | 29 - drivers/acpi/numa/srat.c | 4 drivers/base/arch_numa.c | 2 drivers/block/rnbd/rnbd-srv.c | 19 drivers/bluetooth/hci_qca.c | 1 drivers/char/hw_random/jh7110-trng.c | 2 drivers/clk/hisilicon/clk-hi3620.c | 4 drivers/clk/imx/clk-imx8qxp.c | 24 drivers/clk/mmp/clk-of-pxa168.c | 3 drivers/crypto/marvell/octeontx2/otx2_cptlf.c | 6 drivers/crypto/marvell/octeontx2/otx2_cptvf_main.c | 3 drivers/crypto/starfive/jh7110-cryp.c | 2 drivers/crypto/stm32/stm32-crc32.c | 2 drivers/devfreq/devfreq.c | 24 drivers/extcon/extcon.c | 3 drivers/gpu/drm/amd/amdgpu/aldebaran.c | 26 - drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 21 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 31 + drivers/gpu/drm/amd/amdgpu/amdgpu_mes.h | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 6 drivers/gpu/drm/amd/amdgpu/gfxhub_v1_0.c | 4 drivers/gpu/drm/amd/amdgpu/gfxhub_v1_2.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 8 drivers/gpu/drm/amd/amdgpu/mmhub_v1_0.c | 4 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 42 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 24 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 30 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 9 drivers/gpu/drm/amd/display/dc/core/dc.c | 4 drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c | 3 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 23 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c | 33 + drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.h | 1 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 13 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 221 +++----- drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.h | 4 drivers/gpu/drm/amd/display/modules/power/power_helpers.c | 2 drivers/gpu/drm/amd/include/amd_shared.h | 2 drivers/gpu/drm/amd/include/mes_v11_api_def.h | 3 drivers/gpu/drm/amd/pm/powerplay/hwmgr/process_pptables_v1_0.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 17 drivers/gpu/drm/bridge/analogix/anx7625.c | 51 +- drivers/gpu/drm/bridge/analogix/anx7625.h | 4 drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_framebuffer.c | 2 drivers/gpu/drm/drm_mipi_dsi.c | 17 drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 18 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_8_1_sm8450.h | 18 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_wb.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 drivers/gpu/drm/msm/dp/dp_display.c | 6 drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 drivers/gpu/drm/panel/panel-edp.c | 48 + drivers/hid/hidraw.c | 7 drivers/hwmon/hp-wmi-sensors.c | 127 ++++- drivers/hwmon/nct6775-core.c | 7 drivers/i2c/busses/i2c-rk3x.c | 8 drivers/i3c/master/i3c-master-cdns.c | 7 drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 drivers/leds/trigger/ledtrig-panic.c | 5 drivers/mailbox/arm_mhuv2.c | 3 drivers/md/md.c | 54 +- drivers/media/i2c/imx335.c | 4 drivers/media/pci/ddbridge/ddbridge-main.c | 2 drivers/media/platform/amphion/vpu.h | 3 drivers/media/platform/amphion/vpu_cmds.c | 28 - drivers/media/platform/amphion/vpu_v4l2.c | 1 drivers/media/platform/rockchip/rga/rga.c | 15 drivers/media/platform/rockchip/rkisp1/rkisp1-common.h | 11 drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c | 14 drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 35 + drivers/media/platform/rockchip/rkisp1/rkisp1-isp.c | 20 drivers/media/platform/rockchip/rkisp1/rkisp1-resizer.c | 38 - drivers/media/usb/stk1160/stk1160-video.c | 5 drivers/media/usb/uvc/uvc_driver.c | 18 drivers/mfd/Kconfig | 1 drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 drivers/net/bonding/bond_alb.c | 3 drivers/net/dsa/mt7530.c | 3 drivers/net/dsa/mv88e6xxx/chip.h | 4 drivers/net/dsa/mv88e6xxx/serdes.c | 10 drivers/net/dsa/mv88e6xxx/serdes.h | 8 drivers/net/dsa/qca/qca8k-8xxx.c | 24 drivers/net/ethernet/amd/pds_core/adminq.c | 64 +- drivers/net/ethernet/amd/pds_core/core.c | 52 +- drivers/net/ethernet/amd/pds_core/core.h | 6 drivers/net/ethernet/amd/pds_core/debugfs.c | 4 drivers/net/ethernet/amd/pds_core/dev.c | 16 drivers/net/ethernet/amd/pds_core/devlink.c | 3 drivers/net/ethernet/amd/pds_core/fw.c | 3 drivers/net/ethernet/amd/pds_core/main.c | 74 ++ drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 28 - drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 61 -- drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 22 drivers/net/ethernet/aquantia/atlantic/aq_vec.c | 23 drivers/net/ethernet/google/gve/gve_rx.c | 8 drivers/net/ethernet/intel/e1000e/e1000.h | 20 drivers/net/ethernet/intel/e1000e/ptp.c | 22 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 32 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 1 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 drivers/net/ethernet/intel/ice/ice_lib.c | 7 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 12 drivers/net/ethernet/intel/ice/ice_vsi_vlan_lib.c | 16 drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 - drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 +- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 145 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 42 - drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 ++-- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 43 - drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 44 - drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 +++-- drivers/net/ethernet/marvell/mvmdio.c | 53 -- drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 13 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 7 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 5 drivers/net/ethernet/microchip/lan966x/lan966x_port.c | 5 drivers/net/ethernet/pensando/ionic/ionic_bus_pci.c | 4 drivers/net/ethernet/pensando/ionic/ionic_dev.c | 1 drivers/net/ethernet/pensando/ionic/ionic_dev.h | 1 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 3 drivers/net/ethernet/pensando/ionic/ionic_main.c | 22 drivers/net/phy/at803x.c | 6 drivers/net/phy/mediatek-ge-soc.c | 147 +++-- drivers/net/phy/micrel.c | 6 drivers/net/usb/ax88179_178a.c | 2 drivers/net/virtio_net.c | 9 drivers/net/wireless/ath/ath11k/pcic.c | 4 drivers/net/wireless/ath/ath12k/hal.c | 4 drivers/net/wireless/ath/ath12k/hw.c | 3 drivers/net/wireless/ath/ath12k/mac.c | 4 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/pci.c | 8 drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 2 drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 drivers/net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 drivers/net/wireless/realtek/rtw89/coex.c | 4 drivers/net/wireless/realtek/rtw89/core.c | 2 drivers/net/wireless/realtek/rtw89/core.h | 12 drivers/net/wireless/realtek/rtw89/fw.c | 17 drivers/net/wireless/realtek/rtw89/mac.c | 29 - drivers/net/wireless/realtek/rtw89/mac.h | 1 drivers/net/wireless/realtek/rtw89/mac80211.c | 3 drivers/net/wireless/silabs/wfx/sta.c | 42 - drivers/pci/pci.h | 2 drivers/pci/pcie/aer.c | 9 drivers/pci/quirks.c | 24 drivers/pci/switch/switchtec.c | 25 drivers/perf/arm_pmuv3.c | 6 drivers/pinctrl/intel/pinctrl-baytrail.c | 3 drivers/pnp/pnpacpi/rsparser.c | 12 drivers/regulator/core.c | 56 +- drivers/regulator/ti-abb-regulator.c | 22 drivers/s390/crypto/vfio_ap_ops.c | 16 drivers/scsi/arcmsr/arcmsr.h | 4 drivers/scsi/arcmsr/arcmsr_hba.c | 6 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 drivers/scsi/isci/request.c | 2 drivers/scsi/libfc/fc_fcp.c | 18 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_els.c | 14 drivers/scsi/lpfc/lpfc_init.c | 4 drivers/scsi/lpfc/lpfc_vmid.c | 1 drivers/scsi/mpi3mr/mpi3mr_fw.c | 3 drivers/scsi/mpi3mr/mpi3mr_os.c | 13 drivers/scsi/scsi_error.c | 8 drivers/scsi/scsi_lib.c | 2 drivers/scsi/scsi_priv.h | 2 drivers/soc/xilinx/xlnx_event_manager.c | 7 drivers/spmi/spmi-mtk-pmif.c | 7 drivers/thermal/thermal_core.c | 30 - drivers/tty/tty_ioctl.c | 4 drivers/usb/core/hub.c | 33 + drivers/usb/host/xhci-plat.c | 23 drivers/watchdog/it87_wdt.c | 14 drivers/watchdog/starfive-wdt.c | 2 drivers/xen/gntdev-dmabuf.c | 50 - fs/9p/v9fs_vfs.h | 1 fs/9p/vfs_inode.c | 6 fs/9p/vfs_inode_dotl.c | 1 fs/afs/callback.c | 3 fs/afs/server.c | 7 fs/ceph/caps.c | 9 fs/ceph/mds_client.c | 2 fs/ceph/quota.c | 39 - fs/dcache.c | 7 fs/ecryptfs/inode.c | 8 fs/erofs/zdata.c | 2 fs/erofs/zmap.c | 32 - fs/ext4/extents.c | 6 fs/ext4/mballoc.c | 11 fs/ext4/resize.c | 37 - fs/f2fs/compress.c | 4 fs/f2fs/file.c | 2 fs/f2fs/recovery.c | 25 fs/jfs/jfs_dmap.c | 57 +- fs/jfs/jfs_dtree.c | 7 fs/jfs/jfs_imap.c | 3 fs/jfs/jfs_mount.c | 6 fs/kernfs/dir.c | 12 fs/proc/proc_sysctl.c | 9 fs/pstore/ram.c | 1 fs/reiserfs/namei.c | 54 +- fs/smb/client/cifsglob.h | 30 - fs/smb/client/cifsproto.h | 15 fs/smb/client/cifssmb.c | 17 fs/smb/client/inode.c | 3 fs/smb/client/link.c | 4 fs/smb/client/smb2inode.c | 55 +- fs/smb/client/smb2proto.h | 16 include/asm-generic/numa.h | 2 include/asm-generic/unaligned.h | 24 include/drm/drm_color_mgmt.h | 1 include/drm/drm_mipi_dsi.h | 2 include/linux/irq_work.h | 3 include/linux/minmax.h | 129 ++--- include/linux/mmzone.h | 6 include/linux/pci_ids.h | 1 include/linux/thermal.h | 2 include/net/af_unix.h | 20 include/net/ip.h | 2 include/net/netfilter/nf_tables.h | 2 kernel/audit.c | 31 - kernel/bpf/arraymap.c | 23 kernel/bpf/helpers.c | 13 kernel/bpf/syscall.c | 6 kernel/events/core.c | 38 + lib/debugobjects.c | 200 +++---- lib/kunit/executor.c | 4 lib/kunit/test.c | 14 net/bluetooth/hci_sync.c | 10 net/bluetooth/iso.c | 51 +- net/bluetooth/l2cap_core.c | 3 net/bpf/test_run.c | 2 net/bridge/br_cfm_netlink.c | 2 net/bridge/br_multicast.c | 20 net/bridge/br_private.h | 4 net/devlink/port.c | 2 net/ipv4/ip_output.c | 12 net/ipv4/ip_sockglue.c | 6 net/ipv4/ipmr.c | 2 net/ipv4/raw.c | 2 net/ipv4/tcp.c | 12 net/ipv4/udp.c | 2 net/ipv6/addrconf_core.c | 21 net/ipv6/ip6_tunnel.c | 21 net/kcm/kcmsock.c | 2 net/llc/af_llc.c | 2 net/netfilter/nf_conntrack_proto_tcp.c | 10 net/netfilter/nf_log.c | 7 net/netfilter/nf_tables_api.c | 14 net/netfilter/nft_ct.c | 24 net/netfilter/nft_tunnel.c | 1 net/rxrpc/conn_service.c | 3 net/smc/smc_clc.c | 14 net/sunrpc/xprtmultipath.c | 17 net/unix/af_unix.c | 14 net/unix/diag.c | 2 net/wireless/scan.c | 4 sound/hda/hdac_stream.c | 9 sound/hda/intel-dsp-config.c | 10 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 115 ++++ sound/soc/amd/acp-config.c | 15 sound/soc/codecs/lpass-wsa-macro.c | 7 sound/soc/codecs/wcd938x.c | 2 sound/soc/codecs/wsa883x.c | 6 sound/soc/qcom/sc8280xp.c | 12 tools/build/feature/test-libopencsd.c | 4 tools/lib/bpf/libbpf.c | 2 tools/lib/bpf/libbpf_common.h | 13 tools/lib/subcmd/help.c | 18 tools/testing/kunit/kunit_parser.py | 4 tools/testing/selftests/bpf/cgroup_helpers.c | 18 tools/testing/selftests/bpf/prog_tests/btf.c | 6 tools/testing/selftests/bpf/prog_tests/tc_opts.c | 6 tools/testing/selftests/bpf/progs/pyperf180.c | 22 tools/testing/selftests/bpf/progs/test_global_func17.c | 1 tools/testing/selftests/bpf/veristat.c | 2 tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 tools/testing/selftests/drivers/net/bonding/lag_lib.sh | 11 tools/testing/selftests/drivers/net/team/config | 4 tools/testing/selftests/net/Makefile | 5 tools/testing/selftests/net/config | 16 tools/testing/selftests/net/pmtu.sh | 18 tools/testing/selftests/net/setup_veth.sh | 2 tools/testing/selftests/net/udpgro.sh | 4 tools/testing/selftests/net/udpgro_bench.sh | 4 tools/testing/selftests/net/udpgro_frglist.sh | 6 tools/testing/selftests/net/udpgro_fwd.sh | 8 tools/testing/selftests/net/veth.sh | 4 tools/testing/selftests/net/xdp_dummy.c | 13 tools/testing/selftests/nolibc/nolibc-test.c | 4 tools/testing/selftests/sgx/test_encl.lds | 6 448 files changed, 4444 insertions(+), 2856 deletions(-) Abhinav Kumar (1): drm/msm/dpu: fix writeback programming for YUV cases Adrian Reber (1): tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Ahmed Zaki (1): ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values Al Viro (1): fast_dput(): handle underflows gracefully Alex Deucher (2): drm/amdgpu: apply the RV2 system aperture fix to RN/CZN as well drm/amdgpu: fix avg vs input power reporting on smu7 Alex Lyakas (1): md: Whenassemble the array, consult the superblock of the freshest device Alexander Gordeev (1): s390/boot: always align vmalloc area on segment boundary Alexander Stein (4): ARM: dts: imx7d: Fix coresight funnel ports ARM: dts: imx7s: Fix lcdif compatible ARM: dts: imx7s: Fix nand-controller #size-cells clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks Alexandre Ghiti (1): riscv: Fix build error on rv32 + XIP Alvin Lee (3): drm/amd/display: For prefetch mode > 0, extend prefetch if possible drm/amd/display: Force p-state disallow if leaving no plane config drm/amd/display: Only clear symclk otg flag for HDMI Andrii Nakryiko (3): selftests/bpf: fix RELEASE=1 build for tc_opts selftests/bpf: satisfy compiler by having explicit return in btf test selftests/bpf: fix compiler warnings in RELEASE=1 mode Andrii Staikov (1): i40e: Fix VF disable behavior to block all traffic Andrzej Hajda (1): debugobjects: Stop accessing objects after releasing hash bucket lock Andy Shevchenko (3): minmax: deduplicate __unconst_integer_typeof() minmax: fix header inclusions pinctrl: baytrail: Fix types of config value in byt_pin_config_set() Anna Schumaker (1): SUNRPC: Fix a suspicious RCU usage warning Anton Ivanov (1): um: Fix naming clash between UML and scheduler Arnd Bergmann (1): arch: consolidate arch_irq_work_raise prototypes Baochen Qiang (1): wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early Baokun Li (3): ext4: unify the type of flexbg_size to unsigned int ext4: remove unnecessary check from alloc_flex_gd() ext4: avoid online resizing failures due to oversized flex bg Ben Dooks (1): watchdog: starfive: add lock annotations to fix context imbalances Benjamin Berg (2): wifi: cfg80211: free beacon_ies when overridden from hidden BSS um: Don't use vfprintf() for os_info() Benjamin Gray (1): Documentation/sphinx: fix Python string escapes Benjamin Poirier (2): selftests: team: Add missing config options selftests: bonding: Check initial state Bharat Bhushan (1): crypto: octeontx2 - Fix cptvf driver cleanup Bjorn Helgaas (1): PCI/AER: Decode Requester ID when no error info found Breno Leitao (1): net: sysfs: Fix /sys/class/net/<iface> path Brett Creeley (6): pds_core: Cancel AQ work on teardown pds_core: Use struct pdsc for the pdsc_adminq_isr private data pds_core: Prevent race issues involving the adminq pds_core: Clear BARs on reset pds_core: Rework teardown/setup flow to be more common pds_core: Prevent health thread from running during reset/remove Chao Yu (2): f2fs: fix to check return value of f2fs_reserve_new_block() f2fs: fix to tag gcing flag on page during block migration Chih-Kang Chang (1): wifi: rtw89: fix misbehavior of TX beacon in concurrent mode Ching-Te Ku (1): wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members Chris Riches (1): audit: Send netlink ACK before setting connection in auditd_set Christian Marangi (1): net: phy: at803x: fix passing the wrong reference for config_intr Christoph Hellwig (1): block: prevent an integer overflow in bvec_try_merge_hw_page Christophe JAILLET (1): ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Chunyan Zhang (2): arm64: dts: sprd: Add clock reference for pll2 on UMS512 arm64: dts: sprd: Change UMS512 idle-state nodename to match bindings Cristian Ciocaltea (1): ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Daniel Golle (3): net: ethernet: mtk_eth_soc: set DMA coherent mask to get PPE working net: phy: mediatek-ge-soc: sync driver with MediaTek SDK net: dsa: mt7530: fix 10M/100M speed on MT7988 switch Daniel Stodden (1): PCI: switchtec: Fix stdev_release() crash after surprise hot remove Daniel Vacek (1): IB/ipoib: Fix mcast list locking David Howells (1): 9p: Fix initialisation of netfs_inode for 9p David Laight (5): minmax: add umin(a, b) and umax(a, b) minmax: allow min()/max()/clamp() if the arguments have the same signedness. minmax: fix indentation of __cmp_once() and __clamp_once() minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: relax check to allow comparison between unsigned arguments and signed constants Dmitry Antipov (3): PNP: ACPI: fix fortify warning wifi: rtw89: fix timeout calculation in rtw89_roc_end() wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Dmitry Baryshkov (5): ARM: dts: qcom: strip prefix from PMIC files ARM: dts: qcom: mdm9615: fix PMIC node labels ARM: dts: qcom: msm8660: fix PMIC node labels drm/msm/dpu: enable writeback on SM8350 drm/msm/dpu: enable writeback on SM8450 Dmitry Torokhov (1): asm-generic: make sparse happy with odd-sized put_unaligned_*() Douglas Anderson (1): drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Edward Adam Davis (3): jfs: fix uaf in jfs_evict_inode jfs: fix array-index-out-of-bounds in diNewExt wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Eric Dumazet (4): ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() tcp: add sanity checks to rx zerocopy llc: call sock_orphan() at release time af_unix: fix lockdep positive in sk_diag_dump_icons() Fabio Estevam (9): ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx27: Fix sram node ARM: dts: imx1: Fix sram node ARM: dts: imx25: Fix the iim compatible string ARM: dts: imx25/27: Pass timing0 ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx23/28: Fix the DMA controller node name Felix Kuehling (2): drm/amdgpu: Let KFD sync with VM fences drm/amdkfd: Fix lock dependency warning Frederik Haxel (1): riscv: Make XIP bootable again Frédéric Danis (1): Bluetooth: L2CAP: Fix possible multiple reject send Gabriel Krisman Bertazi (1): ecryptfs: Reject casefold directory inodes Gao Xiang (2): erofs: fix up compacted indexes for block size < 4096 erofs: fix ztailpacking for subpage compressed blocks Geetha sowjanya (1): octeontx2-pf: Remove xdp queues on program detach Ghanshyam Agrawal (1): media: stk1160: Fixed high volume of stk1160_dbg messages Greg KH (1): perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Greg Kroah-Hartman (1): Linux 6.6.16 Guilherme G. Piccoli (1): PCI: Only override AMD USB controller if required Gustavo A. R. Silva (1): crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings Hannes Reinecke (2): scsi: libfc: Don't schedule abort twice scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hans de Goede (1): misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Hardik Gajjar (2): usb: hub: Replace hardcoded quirk value with BIT() macro usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x hub HariBabu Gattem (1): soc: xilinx: Fix for call trace due to the usage of smp_processor_id() Harshit Shah (1): i3c: master: cdns: Update maximum prescaler value for i2c clock Heiko Carstens (2): s390/ptrace: handle setting of fpc register correctly KVM: s390: fix setting of fpc register Heiner Kallweit (1): leds: trigger: panic: Don't register panic notifier if creating the trigger failed Helge Deller (1): ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Horatiu Vultur (1): net: lan966x: Fix port configuration when using SGMII interface Hou Tao (3): bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers bpf: Set need_defer as false when clearing fd array during map free bpf: Set uattr->batch.count as zero before batched update or deletion Hsin-Yi Wang (1): drm/panel-edp: Add override_edid_mode quirk for generic edp Huacai Chen (1): LoongArch/smp: Call rcutree_report_cpu_starting() at tlb_init() Huang Shijie (2): arm64: irq: set the correct node for VMAP stack arm64: irq: set the correct node for shadow call stack Ian Rogers (1): libsubcmd: Fix memory leak in uniq() Ido Schimmel (2): PCI: Add no PM reset quirk for NVIDIA Spectrum devices selftests: net: Add missing matchall classifier Igor Russkikh (1): net: atlantic: eliminate double free in error handling logic Ilpo Järvinen (1): PCI: Fix 64GT/s effective data rate calculation Ilya Bakoulin (1): drm/amd/display: Fix MST PBN/X.Y value calculations Iulia Tanasescu (1): Bluetooth: ISO: Avoid creating child socket if PA sync is terminating Ivan Lipski (1): Re-revert "drm/amd/display: Enable Replay for static screen use cases" Jack Wang (1): RDMA/IPoIB: Fix error code return in ipoib_mcast_join Jacob Keller (1): e1000e: correct maximum frequency adjustment values Jaegeuk Kim (1): f2fs: fix write pointers on zoned device after roll forward Jakub Kicinski (2): selftests: net: add missing config for nftables-backed iptables selftests: net: add missing config for NF_TARGET_TTL James Clark (1): perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present James Seo (1): hwmon: (hp-wmi-sensors) Fix failure to load on EliteDesk 800 G6 Jan Kara (1): reiserfs: Avoid touching renamed directory if parent does not change Jedrzej Jagielski (2): ixgbe: Refactor returning internal error codes ixgbe: Refactor overtemp event handling Jesse Brandeburg (1): ice: fix pre-shifted bit usage Jia Jie Ho (2): hwrng: starfive - Fix dev_err_probe return error crypto: starfive - Fix dev_err_probe return error Jo Van Bulck (1): selftests/sgx: Fix linker script asserts Joel Granados (1): sysctl: Fix out of bounds access for empty sysctl registers Johan Hovold (4): ASoC: qcom: sc8280xp: limit speaker volumes ASoC: codecs: wcd938x: fix headphones volume controls ASoC: codecs: lpass-wsa-macro: fix compander volume hack ASoC: codecs: wsa883x: fix PA volume control Johan Jonker (1): ARM: dts: rockchip: fix rk3036 hdmi ports node Johannes Berg (1): um: time-travel: fix time corruption Jonathan Gray (1): Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again" Jonathan Kim (2): drm/amdkfd: fix mes set shader debugger process management drm/amdkfd: only flush mes process context if mes support is there Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid two consecutive device resets Josip Pavic (1): drm/amd/display: make flip_timestamp_in_us a 64-bit variable Jun'ichi Nomura (1): x86/boot: Ignore NMIs during very early boot Justin Tee (3): scsi: lpfc: Fix possible file string name overflow when updating firmware scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes Kang Yang (1): wifi: ath12k: fix and enable AP mode for WCN7850 Kees Cook (1): block/rnbd-srv: Check for unlikely string overflow Kieran Bingham (1): media: i2c: imx335: Fix hblank min/max values Konrad Dybcio (1): drm/msm/dsi: Enable runtime PM Kory Maincent (1): net: phy: micrel: fix ts_info value in case of no phc Krzysztof Kozlowski (2): ARM: dts: samsung: exynos4: fix camera unit addresses/ranges ARM: dts: samsung: s5pv210: fix camera unit addresses/ranges Kuan-Wei Chiu (2): clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kunwu Chan (1): powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Laurent Pinchart (1): media: rkisp1: resizer: Stop manual allocation of v4l2_subdev_state Lin Ma (1): bridge: cfm: fix enum typo in br_cc_ccm_tx_parse Lingbo Kong (1): wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 Linus Lüssing (1): bridge: mcast: fix disabled snooping after long uptime Manas Ghandat (2): jfs: fix slab-out-of-bounds Read in dtSearch jfs: fix array-index-out-of-bounds in dbAdjTree Mao Jinlong (3): arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property arm64: dts: qcom: Fix coresight warnings in in-ports and out-ports Marco Elver (1): mm, kmsan: fix infinite recursion due to RCU critical section Marco Pagani (1): kunit: run test suites only after module initialization completes Mark Rutland (1): drivers/perf: pmuv3: don't expose SW_INCR event in sysfs Matthias May (1): selftests: net: add missing config for GENEVE Max Kellermann (1): fs/kernfs/dir: obey S_ISGID Meenakshikumar Somasundaram (2): drm/amd/display: Fix tiled display misalignment drm/amd/display: Fix minor issues in BW Allocation Phase2 MeiChia Chiu (1): wifi: mt76: connac: fix EHT phy mode check Michael Ellerman (3): powerpc: Fix build error due to is_valid_bugaddr() powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() Michael Tretter (1): media: rockchip: rga: fix swizzling for RGB formats Michal Simek (2): arm64: zynqmp: Move fixed clock to / for kv260 arm64: zynqmp: Fix clock node name in kv260 cards Michal Vokáč (1): net: dsa: qca8k: fix illegal usage of GPIO Mina Almasry (1): net: kcm: fix direct access to bv_len Ming Lei (2): blk-mq: fix IO hang from sbitmap wakeup race scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Ming Qian (1): media: amphion: remove mutext lock in condition of wait_event Mingyi Zhang (1): libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos Minsuk Kang (1): wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Mukesh Ojha (1): PM / devfreq: Synchronize devfreq_monitor_[start/stop] Nathan Chancellor (1): um: net: Fix return type of uml_net_start_xmit() Naveen N Rao (1): powerpc/lib: Validate size for vector operations Neil Armstrong (3): arm64: dts: qcom: sm8550: fix soundwire controllers node name arm64: dts: qcom: sm8450: fix soundwire controllers node name drm/msm/dp: Add DisplayPort controller for SM8650 Nia Espera (1): arm64: dts: qcom: sm8350: Fix remoteproc interrupt type Nicolas Dichtel (1): ipmr: fix kernel panic when forwarding mcast packets Oded Gabbay (1): accel/habanalabs: add support for Gaudi2C device Ojaswin Mujoo (1): ext4: treat end of range as exclusive in ext4_zero_range() Oleg Nesterov (3): afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleksandr Tyshchenko (1): xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import Osama Muhammad (2): FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree UBSAN: array-index-out-of-bounds in dtSplitRoot Pablo Neira Ayuso (3): netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Paolo Abeni (9): selftests: net: remove dependency on ebpf tests selftests: net: explicitly wait for listener ready selftests: net: add missing config for big tcp tests selftests: net: add missing required classifier selftests: net: give more time for GRO aggregation selftests: net: add missing config for pmtu.sh tests selftests: net: fix available tunnels detection selftests: net: don't access /dev/stdout in pmtu.sh selftests: net: enable some more knobs Parav Pandit (1): devlink: Fix referring to hw_addr attribute during state validation Paulo Alcantara (2): smb: client: fix renaming of reparse points smb: client: fix hardlinking of reparse points Peter Robinson (1): mfd: ti_am335x_tscadc: Fix TI SoC dependencies Peter Zijlstra (1): perf: Fix the nr_addr_filters fix Philip Yang (1): drm/amdkfd: Fix lock dependency warning with srcu Pierre-Louis Bossart (3): PCI: add INTEL_HDA_ARL to pci_ids.h ALSA: hda: Intel: add HDA_ARL PCI ID support ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL Prarit Bhargava (1): ACPI: extlog: fix NULL pointer dereference check Praveen Kaligineedi (1): gve: Fix skb truesize underestimation Rae Moar (1): kunit: tool: fix parsing of test attributes Rafael J. Wysocki (1): thermal: core: Fix thermal zone suspend-resume synchronization Ricardo Ribalda (2): media: uvcvideo: Fix power line control for a Chicony camera media: uvcvideo: Fix power line control for SunplusIT camera Rob Clark (1): drm/msm/dpu: Ratelimit framedone timeout msgs Romain Naour (1): regulator: ti-abb: don't use devm_platform_ioremap_resource_byname for shared interrupt register Rui Zhang (1): regulator: core: Only increment use_count when enable_count changes Ryan Schaefer (1): netfilter: conntrack: correct window scaling with retransmitted SYN Shannon Nelson (3): ionic: pass opcode to devcmd_wait ionic: bypass firmware cmds when stuck in reset pds_core: implement pci reset handlers Shiji Yang (2): wifi: rt2x00: restart beacon queue when hardware reset wifi: rt2x00: correct wrong BBP register in RxDCOC calibration Shuai Xue (1): ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events Srinivasan Shanmugam (8): drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' Stanley.Yang (1): drm/amdgpu: Fix ecc irq enable/disable unpaired StanleyYP Wang (1): wifi: mt76: mt7996: add PCI IDs for mt7992 Stephen Rothwell (2): powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE drm: using mul_u32_u32() requires linux/math64.h Su Hui (4): wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() media: ddbridge: fix an error code problem in ddb_probe scsi: isci: Fix an error code problem in isci_io_request_build() HID: hidraw: fix a problem of memory leak in hidraw_release() Suman Ghosh (1): octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry Sumit Saxena (2): scsi: mpi3mr: Add support for SAS5116 PCI IDs scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116 Takashi Iwai (1): ALSA: hda: Refer to correct stream index at loops Tanmay Shah (1): soc: xilinx: fix unhandled SGI warning message Thomas Bourgoin (1): crypto: stm32/crc32 - fix parsing list of devices Thomas Weißschuh (1): selftests/nolibc: fix testcase status alignment Tim Lunn (1): i2c: rk3x: Adjust mask/value offset for i2c2 on rv1126 Tobias Waldekranz (2): net: mvmdio: Avoid excessive sleeps in polled mode net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path Tomi Valkeinen (7): drm/drm_file: fix use of uninitialized variable drm/framebuffer: Fix use of uninitialized variable drm/mipi-dsi: Fix detach call without attach media: rkisp1: Drop IRQF_SHARED media: rkisp1: Fix IRQ handler return values media: rkisp1: Store IRQ lines media: rkisp1: Fix IRQ disable race issue Tony Krowiak (1): s390/vfio-ap: fix sysfs status attribute for AP queue devices Venkata Prasad Potturu (1): ASoC: amd: Add new dmi entries for acp5x platform Venky Shankar (1): ceph: reinitialize mds feature bit even when session in open Vladimir Oltean (1): net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure Wang, Beyond (1): drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap Weichen Chen (1): pstore/ram: Fix crash when setting number of cpus to an odd number Wen Gu (1): net/smc: disable SEID on non-s390 archs where virtual ISM may be used Wenchao Hao (1): ceph: fix invalid pointer access if get_quota_realm return ERR_PTR Werner Fischer (1): watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Xianwei Zhao (1): arm64: dts: amlogic: fix format for s4 uart node Xiaowu.ding (1): mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt Xin Ji (1): drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms Xing Tong Wu (1): hwmon: (nct6775) Fix fan speed set failure in automatic mode Xiubo Li (1): ceph: fix deadlock or deadcode of misusing dget() Yafang Shao (1): selftests/bpf: Fix issues in setup_classid_environment() Yaxiong Tian (1): extcon: fix possible name leak in extcon_dev_register() Ye Bin (1): ext4: fix inconsistent between segment fstrim and full fstrim Yihang Li (1): scsi: hisi_sas: Set .phy_attached before notifing phyup event HISI_PHYE_PHY_UP_PM Yinbo Zhu (1): usb: xhci-plat: fix usb disconnect issue after s4 Yonghong Song (4): libbpf: Fix potential uninitialized tail padding with LIBBPF_OPTS_RESET selftests/bpf: Fix pyperf180 compilation failure with clang18 bpf: Fix a few selftest failures due to llvm18 change selftests/bpf: Remove flaky test_btf_id test Yu-Che Cheng (1): spmi: mediatek: Fix UAF on device remove Yuluo Qiu (1): ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Yuntao Wang (1): ACPI: NUMA: Fix the logic of getting the fake_pxm value Zenm Chen (1): wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Zhengchao Shao (2): bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk bonding: remove print in bond_verify_device_path Zhipeng Lu (1): net: ipv4: fix a memleak in ip_setup_cork Zhiquan Li (1): x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Zhu Yanjun (1): virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Zijun Hu (1): Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 bo liu (1): ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 ching Huang (1): scsi: arcmsr: Support new PCI device IDs 1883 and 1886 clancy shang (1): Bluetooth: hci_sync: fix BR/EDR wakeup bug

1 year, 9 months

1
1
0 0

Linux 6.1.77

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.77 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-class-net-queues | 22 - Documentation/sound/soc/dapm.rst | 2 Makefile | 2 arch/arm/boot/dts/imx1-ads.dts | 2 arch/arm/boot/dts/imx1-apf9328.dts | 2 arch/arm/boot/dts/imx1.dtsi | 5 arch/arm/boot/dts/imx23-sansa.dts | 12 arch/arm/boot/dts/imx23.dtsi | 2 arch/arm/boot/dts/imx25-eukrea-cpuimx25.dtsi | 2 arch/arm/boot/dts/imx25-eukrea-mbimxsd25-baseboard-cmo-qvga.dts | 2 arch/arm/boot/dts/imx25-eukrea-mbimxsd25-baseboard-dvi-svga.dts | 2 arch/arm/boot/dts/imx25-eukrea-mbimxsd25-baseboard-dvi-vga.dts | 2 arch/arm/boot/dts/imx25-pdk.dts | 2 arch/arm/boot/dts/imx25.dtsi | 2 arch/arm/boot/dts/imx27-apf27dev.dts | 4 arch/arm/boot/dts/imx27-eukrea-cpuimx27.dtsi | 4 arch/arm/boot/dts/imx27-eukrea-mbimxsd27-baseboard.dts | 2 arch/arm/boot/dts/imx27-phytec-phycard-s-rdk.dts | 2 arch/arm/boot/dts/imx27-phytec-phycore-rdk.dts | 2 arch/arm/boot/dts/imx27-phytec-phycore-som.dtsi | 2 arch/arm/boot/dts/imx27.dtsi | 3 arch/arm/boot/dts/imx28.dtsi | 2 arch/arm/boot/dts/imx7d.dtsi | 3 arch/arm/boot/dts/imx7s.dtsi | 10 arch/arm/boot/dts/rk3036.dtsi | 14 arch/arm/include/asm/irq_work.h | 2 arch/arm64/boot/dts/amlogic/meson-s4-s805x2-aq222.dts | 4 arch/arm64/boot/dts/amlogic/meson-s4.dtsi | 4 arch/arm64/boot/dts/qcom/msm8996.dtsi | 21 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 32 + arch/arm64/include/asm/irq_work.h | 2 arch/arm64/kernel/irq.c | 7 arch/arm64/kernel/perf_event.c | 6 arch/csky/include/asm/irq_work.h | 2 arch/loongarch/kernel/smp.c | 1 arch/loongarch/mm/tlb.c | 16 arch/powerpc/include/asm/irq_work.h | 1 arch/powerpc/include/asm/mmu.h | 4 arch/powerpc/include/asm/mmzone.h | 8 arch/powerpc/kernel/traps.c | 2 arch/powerpc/lib/sstep.c | 10 arch/powerpc/mm/book3s64/pgtable.c | 2 arch/powerpc/mm/init-common.c | 5 arch/powerpc/mm/mmu_decl.h | 5 arch/riscv/include/asm/irq_work.h | 2 arch/s390/include/asm/irq_work.h | 2 arch/s390/kernel/ptrace.c | 6 arch/s390/kvm/kvm-s390.c | 5 arch/um/drivers/net_kern.c | 2 arch/um/include/shared/kern_util.h | 2 arch/um/kernel/process.c | 2 arch/um/kernel/time.c | 32 + arch/um/os-Linux/helper.c | 6 arch/um/os-Linux/util.c | 19 arch/x86/boot/compressed/ident_map_64.c | 5 arch/x86/boot/compressed/idt_64.c | 1 arch/x86/boot/compressed/idt_handlers_64.S | 1 arch/x86/boot/compressed/misc.h | 1 arch/x86/include/asm/irq_work.h | 1 arch/x86/include/asm/kmsan.h | 17 arch/x86/kernel/cpu/mce/core.c | 16 block/bio.c | 2 block/blk-mq.c | 16 drivers/acpi/acpi_extlog.c | 5 drivers/acpi/acpi_video.c | 9 drivers/acpi/apei/ghes.c | 29 + drivers/acpi/numa/srat.c | 4 drivers/base/arch_numa.c | 2 drivers/block/rnbd/rnbd-srv.c | 19 drivers/bluetooth/hci_qca.c | 1 drivers/clk/hisilicon/clk-hi3620.c | 4 drivers/clk/imx/clk-imx8qxp.c | 24 + drivers/clk/mmp/clk-of-pxa168.c | 3 drivers/crypto/marvell/octeontx2/otx2_cptlf.c | 6 drivers/crypto/marvell/octeontx2/otx2_cptvf_main.c | 3 drivers/crypto/stm32/stm32-crc32.c | 2 drivers/devfreq/devfreq.c | 24 + drivers/gpu/drm/amd/amdgpu/aldebaran.c | 26 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_fence.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 21 - drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 6 drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 8 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 42 -- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 24 - drivers/gpu/drm/amd/display/dc/core/dc.c | 4 drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 2 drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.c | 33 + drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_util_32.h | 1 drivers/gpu/drm/amd/display/modules/power/power_helpers.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/process_pptables_v1_0.c | 2 drivers/gpu/drm/bridge/analogix/anx7625.c | 51 +- drivers/gpu/drm/bridge/analogix/anx7625.h | 4 drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_framebuffer.c | 2 drivers/gpu/drm/drm_mipi_dsi.c | 17 drivers/gpu/drm/exynos/exynos_drm_drv.c | 11 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 drivers/gpu/drm/msm/disp/dpu1/dpu_hw_wb.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 1 drivers/gpu/drm/msm/dsi/phy/dsi_phy.c | 4 drivers/gpu/drm/panel/panel-edp.c | 48 ++ drivers/hid/hidraw.c | 7 drivers/hwmon/nct6775-core.c | 7 drivers/i3c/master/i3c-master-cdns.c | 7 drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 drivers/leds/trigger/ledtrig-panic.c | 5 drivers/mailbox/arm_mhuv2.c | 3 drivers/md/md.c | 54 ++ drivers/media/i2c/imx335.c | 4 drivers/media/pci/ddbridge/ddbridge-main.c | 2 drivers/media/platform/amphion/vpu.h | 3 drivers/media/platform/amphion/vpu_cmds.c | 28 - drivers/media/platform/amphion/vpu_v4l2.c | 1 drivers/media/platform/rockchip/rga/rga.c | 15 drivers/media/platform/rockchip/rkisp1/rkisp1-common.h | 11 drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c | 14 drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 35 + drivers/media/platform/rockchip/rkisp1/rkisp1-isp.c | 20 - drivers/media/usb/stk1160/stk1160-video.c | 5 drivers/mfd/Kconfig | 1 drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 1 drivers/net/bonding/bond_alb.c | 3 drivers/net/dsa/mv88e6xxx/chip.h | 4 drivers/net/dsa/mv88e6xxx/serdes.c | 10 drivers/net/dsa/mv88e6xxx/serdes.h | 8 drivers/net/dsa/qca/qca8k-8xxx.c | 24 - drivers/net/ethernet/aquantia/atlantic/aq_ptp.c | 28 - drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 61 --- drivers/net/ethernet/aquantia/atlantic/aq_ring.h | 22 - drivers/net/ethernet/aquantia/atlantic/aq_vec.c | 23 - drivers/net/ethernet/google/gve/gve_tx_dqo.c | 5 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 32 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 1 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 18 drivers/net/ethernet/intel/ice/ice_lib.c | 7 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 12 drivers/net/ethernet/intel/ice/ice_vsi_vlan_lib.c | 16 drivers/net/ethernet/intel/ixgbe/ixgbe_82598.c | 36 - drivers/net/ethernet/intel/ixgbe/ixgbe_82599.c | 61 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 145 +++---- drivers/net/ethernet/intel/ixgbe/ixgbe_ethtool.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 42 -- drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.c | 34 - drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 105 ++--- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.h | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_type.h | 43 -- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 44 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 149 +++---- drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 13 drivers/net/ethernet/microchip/lan966x/lan966x_port.c | 5 drivers/net/ethernet/pensando/ionic/ionic_bus_pci.c | 4 drivers/net/ethernet/pensando/ionic/ionic_dev.c | 1 drivers/net/ethernet/pensando/ionic/ionic_dev.h | 1 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 3 drivers/net/ethernet/pensando/ionic/ionic_main.c | 22 - drivers/net/phy/at803x.c | 6 drivers/net/usb/ax88179_178a.c | 2 drivers/net/virtio_net.c | 9 drivers/net/wireless/ath/ath11k/pcic.c | 4 drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 5 drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 2 drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 3 drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 11 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 12 drivers/net/wireless/realtek/rtlwifi/rtl8723ae/phy.c | 6 drivers/net/wireless/realtek/rtlwifi/rtl8723be/phy.c | 4 drivers/net/wireless/silabs/wfx/sta.c | 42 +- drivers/pci/pci.h | 2 drivers/pci/pcie/aer.c | 9 drivers/pci/quirks.c | 24 + drivers/pci/switch/switchtec.c | 25 - drivers/pnp/pnpacpi/rsparser.c | 12 drivers/regulator/core.c | 56 +- drivers/regulator/ti-abb-regulator.c | 22 - drivers/s390/crypto/vfio_ap_ops.c | 16 drivers/scsi/arcmsr/arcmsr.h | 4 drivers/scsi/arcmsr/arcmsr_hba.c | 6 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 drivers/scsi/isci/request.c | 2 drivers/scsi/libfc/fc_fcp.c | 18 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_init.c | 4 drivers/scsi/mpi3mr/mpi3mr_fw.c | 3 drivers/scsi/mpi3mr/mpi3mr_os.c | 5 drivers/scsi/scsi_error.c | 8 drivers/scsi/scsi_lib.c | 2 drivers/scsi/scsi_priv.h | 2 drivers/soc/xilinx/xlnx_event_manager.c | 7 drivers/spmi/spmi-mtk-pmif.c | 7 drivers/tty/tty_ioctl.c | 4 drivers/usb/core/hub.c | 33 + drivers/watchdog/it87_wdt.c | 14 drivers/xen/gntdev-dmabuf.c | 50 +- fs/9p/v9fs_vfs.h | 1 fs/9p/vfs_inode.c | 6 fs/9p/vfs_inode_dotl.c | 1 fs/afs/callback.c | 3 fs/afs/server.c | 7 fs/ceph/caps.c | 9 fs/ceph/mds_client.c | 2 fs/ceph/quota.c | 39 + fs/dcache.c | 7 fs/ecryptfs/inode.c | 8 fs/erofs/zdata.c | 2 fs/ext4/mballoc.c | 11 fs/ext4/resize.c | 37 + fs/f2fs/compress.c | 4 fs/f2fs/file.c | 2 fs/f2fs/recovery.c | 25 - fs/jfs/jfs_dmap.c | 57 +- fs/jfs/jfs_dtree.c | 7 fs/jfs/jfs_imap.c | 3 fs/jfs/jfs_mount.c | 6 fs/kernfs/dir.c | 12 fs/pstore/ram.c | 1 include/asm-generic/numa.h | 2 include/asm-generic/unaligned.h | 24 - include/drm/drm_color_mgmt.h | 1 include/drm/drm_mipi_dsi.h | 2 include/linux/irq_work.h | 3 include/linux/mmzone.h | 6 include/linux/pci_ids.h | 1 include/net/af_unix.h | 20 - include/net/ip.h | 2 include/net/netfilter/nf_tables.h | 2 kernel/audit.c | 31 + kernel/bpf/helpers.c | 13 kernel/bpf/syscall.c | 6 kernel/events/core.c | 38 + lib/debugobjects.c | 200 +++------- net/bluetooth/hci_sync.c | 10 net/bluetooth/l2cap_core.c | 3 net/bridge/br_cfm_netlink.c | 2 net/bridge/br_multicast.c | 20 - net/bridge/br_private.h | 4 net/ipv4/ip_output.c | 12 net/ipv4/ip_sockglue.c | 6 net/ipv4/ipmr.c | 2 net/ipv4/raw.c | 10 net/ipv4/tcp.c | 12 net/ipv4/udp.c | 2 net/ipv6/addrconf_core.c | 21 - net/ipv6/ip6_tunnel.c | 21 - net/llc/af_llc.c | 2 net/netfilter/nf_conntrack_proto_tcp.c | 10 net/netfilter/nf_log.c | 7 net/netfilter/nf_tables_api.c | 14 net/netfilter/nft_ct.c | 24 + net/netfilter/nft_tunnel.c | 1 net/rxrpc/conn_service.c | 3 net/smc/smc_clc.c | 14 net/sunrpc/xprtmultipath.c | 17 net/unix/af_unix.c | 14 net/unix/diag.c | 2 net/wireless/scan.c | 4 sound/hda/hdac_stream.c | 9 sound/pci/hda/hda_intel.c | 2 sound/pci/hda/patch_conexant.c | 115 +++++ sound/soc/amd/acp-config.c | 15 sound/soc/codecs/lpass-wsa-macro.c | 7 sound/soc/codecs/wsa883x.c | 6 tools/build/feature/test-libopencsd.c | 4 tools/lib/bpf/libbpf.c | 2 tools/lib/subcmd/help.c | 18 tools/testing/selftests/bpf/cgroup_helpers.c | 18 tools/testing/selftests/bpf/prog_tests/btf.c | 1 tools/testing/selftests/bpf/progs/pyperf180.c | 22 + tools/testing/selftests/drivers/net/bonding/lag_lib.sh | 11 tools/testing/selftests/drivers/net/team/config | 4 tools/testing/selftests/net/config | 1 tools/testing/selftests/net/pmtu.sh | 16 tools/testing/selftests/net/setup_veth.sh | 2 tools/testing/selftests/sgx/test_encl.lds | 6 286 files changed, 2318 insertions(+), 1337 deletions(-) Abhinav Kumar (1): drm/msm/dpu: fix writeback programming for YUV cases Adrian Reber (1): tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE Ahmed Zaki (1): ice: fix ICE_AQ_VSI_Q_OPT_RSS_* register values Al Viro (1): fast_dput(): handle underflows gracefully Alex Lyakas (1): md: Whenassemble the array, consult the superblock of the freshest device Alexander Stein (4): ARM: dts: imx7d: Fix coresight funnel ports ARM: dts: imx7s: Fix lcdif compatible ARM: dts: imx7s: Fix nand-controller #size-cells clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks Alvin Lee (1): drm/amd/display: For prefetch mode > 0, extend prefetch if possible Andrii Nakryiko (1): selftests/bpf: satisfy compiler by having explicit return in btf test Andrii Staikov (1): i40e: Fix VF disable behavior to block all traffic Andrzej Hajda (1): debugobjects: Stop accessing objects after releasing hash bucket lock Anna Schumaker (1): SUNRPC: Fix a suspicious RCU usage warning Anton Ivanov (1): um: Fix naming clash between UML and scheduler Arnd Bergmann (1): arch: consolidate arch_irq_work_raise prototypes Baochen Qiang (1): wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early Baokun Li (3): ext4: unify the type of flexbg_size to unsigned int ext4: remove unnecessary check from alloc_flex_gd() ext4: avoid online resizing failures due to oversized flex bg Benjamin Berg (2): wifi: cfg80211: free beacon_ies when overridden from hidden BSS um: Don't use vfprintf() for os_info() Benjamin Poirier (2): selftests: team: Add missing config options selftests: bonding: Check initial state Bharat Bhushan (1): crypto: octeontx2 - Fix cptvf driver cleanup Bjorn Helgaas (1): PCI/AER: Decode Requester ID when no error info found Breno Leitao (1): net: sysfs: Fix /sys/class/net/<iface> path Chao Yu (2): f2fs: fix to check return value of f2fs_reserve_new_block() f2fs: fix to tag gcing flag on page during block migration Chris Riches (1): audit: Send netlink ACK before setting connection in auditd_set Christian Marangi (1): net: phy: at803x: fix passing the wrong reference for config_intr Christoph Hellwig (1): block: prevent an integer overflow in bvec_try_merge_hw_page Christophe JAILLET (1): ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() Cristian Ciocaltea (1): ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument Daniel Stodden (1): PCI: switchtec: Fix stdev_release() crash after surprise hot remove Daniel Vacek (1): IB/ipoib: Fix mcast list locking David Howells (1): 9p: Fix initialisation of netfs_inode for 9p Dmitry Antipov (2): PNP: ACPI: fix fortify warning wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Dmitry Torokhov (1): asm-generic: make sparse happy with odd-sized put_unaligned_*() Douglas Anderson (1): drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time Edward Adam Davis (3): jfs: fix uaf in jfs_evict_inode jfs: fix array-index-out-of-bounds in diNewExt wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update Eric Dumazet (5): ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() ipv4: raw: add drop reasons tcp: add sanity checks to rx zerocopy llc: call sock_orphan() at release time af_unix: fix lockdep positive in sk_diag_dump_icons() Fabio Estevam (9): ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx27: Fix sram node ARM: dts: imx1: Fix sram node ARM: dts: imx25: Fix the iim compatible string ARM: dts: imx25/27: Pass timing0 ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx23/28: Fix the DMA controller node name Felix Kuehling (2): drm/amdgpu: Let KFD sync with VM fences drm/amdkfd: Fix lock dependency warning Frédéric Danis (1): Bluetooth: L2CAP: Fix possible multiple reject send Gabriel Krisman Bertazi (1): ecryptfs: Reject casefold directory inodes Gao Xiang (1): erofs: fix ztailpacking for subpage compressed blocks Ghanshyam Agrawal (1): media: stk1160: Fixed high volume of stk1160_dbg messages Greg KH (1): perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file Greg Kroah-Hartman (1): Linux 6.1.77 Guilherme G. Piccoli (1): PCI: Only override AMD USB controller if required Hannes Reinecke (2): scsi: libfc: Don't schedule abort twice scsi: libfc: Fix up timeout error in fc_fcp_rec_error() Hans de Goede (1): misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback Hardik Gajjar (2): usb: hub: Replace hardcoded quirk value with BIT() macro usb: hub: Add quirk to decrease IN-ep poll interval for Microchip USB491x hub HariBabu Gattem (1): soc: xilinx: Fix for call trace due to the usage of smp_processor_id() Harshit Shah (1): i3c: master: cdns: Update maximum prescaler value for i2c clock Heiko Carstens (2): s390/ptrace: handle setting of fpc register correctly KVM: s390: fix setting of fpc register Heiner Kallweit (1): leds: trigger: panic: Don't register panic notifier if creating the trigger failed Helge Deller (1): ipv6: Ensure natural alignment of const ipv6 loopback and router addresses Horatiu Vultur (1): net: lan966x: Fix port configuration when using SGMII interface Hou Tao (2): bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers bpf: Set uattr->batch.count as zero before batched update or deletion Hsin-Yi Wang (1): drm/panel-edp: Add override_edid_mode quirk for generic edp Huacai Chen (1): LoongArch/smp: Call rcutree_report_cpu_starting() at tlb_init() Huang Shijie (2): arm64: irq: set the correct node for VMAP stack arm64: irq: set the correct node for shadow call stack Ian Rogers (1): libsubcmd: Fix memory leak in uniq() Ido Schimmel (1): PCI: Add no PM reset quirk for NVIDIA Spectrum devices Igor Russkikh (1): net: atlantic: eliminate double free in error handling logic Ilpo Järvinen (1): PCI: Fix 64GT/s effective data rate calculation Jack Wang (1): RDMA/IPoIB: Fix error code return in ipoib_mcast_join Jaegeuk Kim (1): f2fs: fix write pointers on zoned device after roll forward James Clark (1): perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present Jedrzej Jagielski (2): ixgbe: Refactor returning internal error codes ixgbe: Refactor overtemp event handling Jesse Brandeburg (1): ice: fix pre-shifted bit usage Jo Van Bulck (1): selftests/sgx: Fix linker script asserts Johan Hovold (2): ASoC: codecs: lpass-wsa-macro: fix compander volume hack ASoC: codecs: wsa883x: fix PA volume control Johan Jonker (1): ARM: dts: rockchip: fix rk3036 hdmi ports node Johannes Berg (1): um: time-travel: fix time corruption Jonathan Gray (1): Revert "drm/amd/display: Disable PSR-SU on Parade 0803 TCON again" Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid two consecutive device resets Josip Pavic (1): drm/amd/display: make flip_timestamp_in_us a 64-bit variable Jun'ichi Nomura (1): x86/boot: Ignore NMIs during very early boot Justin Tee (1): scsi: lpfc: Fix possible file string name overflow when updating firmware Kees Cook (1): block/rnbd-srv: Check for unlikely string overflow Kieran Bingham (1): media: i2c: imx335: Fix hblank min/max values Konrad Dybcio (1): drm/msm/dsi: Enable runtime PM Kuan-Wei Chiu (2): clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() Kunwu Chan (1): powerpc/mm: Fix null-pointer dereference in pgtable_cache_add Lin Ma (1): bridge: cfm: fix enum typo in br_cc_ccm_tx_parse Linus Lüssing (1): bridge: mcast: fix disabled snooping after long uptime Manas Ghandat (2): jfs: fix slab-out-of-bounds Read in dtSearch jfs: fix array-index-out-of-bounds in dbAdjTree Mao Jinlong (2): arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property Marco Elver (1): mm, kmsan: fix infinite recursion due to RCU critical section Mark Rutland (1): drivers/perf: pmuv3: don't expose SW_INCR event in sysfs Matthias May (1): selftests: net: add missing config for GENEVE Max Kellermann (1): fs/kernfs/dir: obey S_ISGID Meenakshikumar Somasundaram (1): drm/amd/display: Fix tiled display misalignment Michael Ellerman (3): powerpc: Fix build error due to is_valid_bugaddr() powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() Michael Tretter (1): media: rockchip: rga: fix swizzling for RGB formats Michal Vokáč (1): net: dsa: qca8k: fix illegal usage of GPIO Ming Lei (2): blk-mq: fix IO hang from sbitmap wakeup race scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Ming Qian (1): media: amphion: remove mutext lock in condition of wait_event Mingyi Zhang (1): libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos Minsuk Kang (1): wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Mukesh Ojha (1): PM / devfreq: Synchronize devfreq_monitor_[start/stop] Nathan Chancellor (1): um: net: Fix return type of uml_net_start_xmit() Naveen N Rao (1): powerpc/lib: Validate size for vector operations Nicolas Dichtel (1): ipmr: fix kernel panic when forwarding mcast packets Oleg Nesterov (3): afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() Oleksandr Tyshchenko (1): xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import Osama Muhammad (2): FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree UBSAN: array-index-out-of-bounds in dtSplitRoot Pablo Neira Ayuso (3): netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations Paolo Abeni (2): selftests: net: give more time for GRO aggregation selftests: net: fix available tunnels detection Peter Robinson (1): mfd: ti_am335x_tscadc: Fix TI SoC dependencies Peter Zijlstra (1): perf: Fix the nr_addr_filters fix Philip Yang (1): drm/amdkfd: Fix lock dependency warning with srcu Pierre-Louis Bossart (2): PCI: add INTEL_HDA_ARL to pci_ids.h ALSA: hda: Intel: add HDA_ARL PCI ID support Prarit Bhargava (1): ACPI: extlog: fix NULL pointer dereference check Praveen Kaligineedi (1): gve: Fix use-after-free vulnerability Rob Clark (1): drm/msm/dpu: Ratelimit framedone timeout msgs Romain Naour (1): regulator: ti-abb: don't use devm_platform_ioremap_resource_byname for shared interrupt register Rui Zhang (1): regulator: core: Only increment use_count when enable_count changes Ryan Schaefer (1): netfilter: conntrack: correct window scaling with retransmitted SYN Shannon Nelson (2): ionic: pass opcode to devcmd_wait ionic: bypass firmware cmds when stuck in reset Shiji Yang (2): wifi: rt2x00: restart beacon queue when hardware reset wifi: rt2x00: correct wrong BBP register in RxDCOC calibration Shuai Xue (1): ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events Srinivasan Shanmugam (8): drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' Stanley.Yang (1): drm/amdgpu: Fix ecc irq enable/disable unpaired Stephen Rothwell (2): powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE drm: using mul_u32_u32() requires linux/math64.h Su Hui (4): wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() media: ddbridge: fix an error code problem in ddb_probe scsi: isci: Fix an error code problem in isci_io_request_build() HID: hidraw: fix a problem of memory leak in hidraw_release() Suman Ghosh (1): octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry Sumit Saxena (1): scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116 Takashi Iwai (1): ALSA: hda: Refer to correct stream index at loops Tanmay Shah (1): soc: xilinx: fix unhandled SGI warning message Thomas Bourgoin (1): crypto: stm32/crc32 - fix parsing list of devices Tobias Waldekranz (1): net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path Tomi Valkeinen (7): drm/drm_file: fix use of uninitialized variable drm/framebuffer: Fix use of uninitialized variable drm/mipi-dsi: Fix detach call without attach media: rkisp1: Drop IRQF_SHARED media: rkisp1: Fix IRQ handler return values media: rkisp1: Store IRQ lines media: rkisp1: Fix IRQ disable race issue Tony Krowiak (1): s390/vfio-ap: fix sysfs status attribute for AP queue devices Venkata Prasad Potturu (1): ASoC: amd: Add new dmi entries for acp5x platform Venky Shankar (1): ceph: reinitialize mds feature bit even when session in open Vladimir Oltean (1): net: dsa: qca8k: put MDIO bus OF node on qca8k_mdio_register() failure Wang, Beyond (1): drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap Weichen Chen (1): pstore/ram: Fix crash when setting number of cpus to an odd number Wen Gu (1): net/smc: disable SEID on non-s390 archs where virtual ISM may be used Wenchao Hao (1): ceph: fix invalid pointer access if get_quota_realm return ERR_PTR Werner Fischer (1): watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 Xianwei Zhao (1): arm64: dts: amlogic: fix format for s4 uart node Xiaowu.ding (1): mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt Xin Ji (1): drm/bridge: anx7625: Fix Set HPD irq detect window to 2ms Xing Tong Wu (1): hwmon: (nct6775) Fix fan speed set failure in automatic mode Xiubo Li (1): ceph: fix deadlock or deadcode of misusing dget() Yafang Shao (1): selftests/bpf: Fix issues in setup_classid_environment() Ye Bin (1): ext4: fix inconsistent between segment fstrim and full fstrim Yihang Li (1): scsi: hisi_sas: Set .phy_attached before notifing phyup event HISI_PHYE_PHY_UP_PM Yonghong Song (1): selftests/bpf: Fix pyperf180 compilation failure with clang18 Yu-Che Cheng (1): spmi: mediatek: Fix UAF on device remove Yuluo Qiu (1): ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop Yuntao Wang (1): ACPI: NUMA: Fix the logic of getting the fake_pxm value Zenm Chen (1): wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices Zhengchao Shao (2): bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk bonding: remove print in bond_verify_device_path Zhipeng Lu (1): net: ipv4: fix a memleak in ip_setup_cork Zhiquan Li (1): x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel Zhu Yanjun (1): virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings Zijun Hu (1): Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 bo liu (1): ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 ching Huang (1): scsi: arcmsr: Support new PCI device IDs 1883 and 1886 clancy shang (1): Bluetooth: hci_sync: fix BR/EDR wakeup bug

1 year, 9 months

1
1
0 0

[PATCH RESEND] mm/damon/core: check apply interval in damon_do_apply_schemes()

by SeongJae Park

kdamond_apply_schemes() checks apply intervals of schemes and avoid further applying any schemes if no scheme passed its apply interval. However, the following schemes applying function, damon_do_apply_schemes() iterates all schemes without the apply interval check. As a result, the shortest apply interval is applied to all schemes. Fix the problem by checking the apply interval in damon_do_apply_schemes(). Fixes: 42f994b71404 ("mm/damon/core: implement scheme-specific apply interval") Cc: <stable(a)vger.kernel.org> # 6.7.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- Sending the same patch[1] again because the subject of the patch was broken. [1] https://lore.kernel.org/linux-mm/20240204204946.87265-1-sj@kernel.org/ mm/damon/core.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/mm/damon/core.c b/mm/damon/core.c index 0c144fb466b8..f444734cc613 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -1064,6 +1064,9 @@ static void damon_do_apply_schemes(struct damon_ctx *c, damon_for_each_scheme(s, c) { struct damos_quota *quota = &s->quota; + if (c->passed_sample_intervals != s->next_apply_sis) + continue; + if (!s->wmarks.activated) continue; @@ -1216,10 +1219,6 @@ static void kdamond_apply_schemes(struct damon_ctx *c) if (c->passed_sample_intervals != s->next_apply_sis) continue; - s->next_apply_sis += - (s->apply_interval_us ? s->apply_interval_us : - c->attrs.aggr_interval) / sample_interval; - if (!s->wmarks.activated) continue; @@ -1235,6 +1234,14 @@ static void kdamond_apply_schemes(struct damon_ctx *c) damon_for_each_region_safe(r, next_r, t) damon_do_apply_schemes(c, t, r); } + + damon_for_each_scheme(s, c) { + if (c->passed_sample_intervals != s->next_apply_sis) + continue; + s->next_apply_sis += + (s->apply_interval_us ? s->apply_interval_us : + c->attrs.aggr_interval) / sample_interval; + } } /* -- 2.39.2

1 year, 9 months

1
0
0 0

[PATCH] mm/damon/core: check apply interval in

by SeongJae Park

kdamond_apply_schemes() checks apply intervals of schemes and avoid further applying any schemes if no scheme passed its apply interval. However, the following schemes applying function, damon_do_apply_schemes() iterates all schemes without the apply interval check. As a result, the shortest apply interval is applied to all schemes. Fix the problem by checking the apply interval in damon_do_apply_schemes(). Fixes: 42f994b71404 ("mm/damon/core: implement scheme-specific apply interval") Cc: <stable(a)vger.kernel.org> # 6.7.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- mm/damon/core.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/mm/damon/core.c b/mm/damon/core.c index 0c144fb466b8..f444734cc613 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -1064,6 +1064,9 @@ static void damon_do_apply_schemes(struct damon_ctx *c, damon_for_each_scheme(s, c) { struct damos_quota *quota = &s->quota; + if (c->passed_sample_intervals != s->next_apply_sis) + continue; + if (!s->wmarks.activated) continue; @@ -1216,10 +1219,6 @@ static void kdamond_apply_schemes(struct damon_ctx *c) if (c->passed_sample_intervals != s->next_apply_sis) continue; - s->next_apply_sis += - (s->apply_interval_us ? s->apply_interval_us : - c->attrs.aggr_interval) / sample_interval; - if (!s->wmarks.activated) continue; @@ -1235,6 +1234,14 @@ static void kdamond_apply_schemes(struct damon_ctx *c) damon_for_each_region_safe(r, next_r, t) damon_do_apply_schemes(c, t, r); } + + damon_for_each_scheme(s, c) { + if (c->passed_sample_intervals != s->next_apply_sis) + continue; + s->next_apply_sis += + (s->apply_interval_us ? s->apply_interval_us : + c->attrs.aggr_interval) / sample_interval; + } } /* -- 2.39.2

1 year, 9 months

1
1
0 0

[PATCH net 0/3] nfp: a few simple driver fixes

by Louis Peens

This is combining a few unrelated one-liner fixes which have been floating around internally into a single series. I'm not sure what is the least amount of overhead for reviewers, this or a separate submission per-patch? I guess it probably depends on personal preference, but please let me know if there is a strong preference to rather split these in the future. Summary: Patch1: Fixes an old issue which was hidden because 0 just so happens to be the correct value. Patch2: Fixes a corner case for flower offloading with bond ports Patch3: Re-enables the 'NETDEV_XDP_ACT_REDIRECT', which was accidentally disabled after a previous refactor. Daniel Basilio (1): nfp: use correct macro for LengthSelect in BAR config Daniel de Villiers (1): nfp: flower: prevent re-adding mac index for bonded port James Hershaw (1): nfp: enable NETDEV_XDP_ACT_REDIRECT feature flag drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +- drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 1 + drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 ++++-- 3 files changed, 6 insertions(+), 3 deletions(-) -- 2.34.1

1 year, 9 months

3
10
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror