- Linux-stable-mirror - lists.linaro.org

[PATCH] crypto: qat - flush misc workqueue during device shutdown

by Giovanni Cabiddu

Repeated loading and unloading of a device specific QAT driver, for example qat_4xxx, in a tight loop can lead to a crash due to a use-after-free scenario. This occurs when a power management (PM) interrupt triggers just before the device-specific driver (e.g., qat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains loaded. Since the driver uses a shared workqueue (`qat_misc_wq`) across all devices and owned by intel_qat.ko, a deferred routine from the device-specific driver may still be pending in the queue. If this routine executes after the driver is unloaded, it can dereference freed memory, resulting in a page fault and kernel crash like the following: BUG: unable to handle page fault for address: ffa000002e50a01c #PF: supervisor read access in kernel mode RIP: 0010:pm_bh_handler+0x1d2/0x250 [intel_qat] Call Trace: pm_bh_handler+0x1d2/0x250 [intel_qat] process_one_work+0x171/0x340 worker_thread+0x277/0x3a0 kthread+0xf0/0x120 ret_from_fork+0x2d/0x50 To prevent this, flush the misc workqueue during device shutdown to ensure that all pending work items are completed before the driver is unloaded. Note: This approach may slightly increase shutdown latency if the workqueue contains jobs from other devices, but it ensures correctness and stability. Fixes: e5745f34113b ("crypto: qat - enable power management for QAT GEN4") Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Cc: stable(a)vger.kernel.org Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> --- drivers/crypto/intel/qat/qat_common/adf_common_drv.h | 1 + drivers/crypto/intel/qat/qat_common/adf_init.c | 1 + drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/drivers/crypto/intel/qat/qat_common/adf_common_drv.h b/drivers/crypto/intel/qat/qat_common/adf_common_drv.h index eaa6388a6678..7a022bd4ae07 100644 --- a/drivers/crypto/intel/qat/qat_common/adf_common_drv.h +++ b/drivers/crypto/intel/qat/qat_common/adf_common_drv.h @@ -189,6 +189,7 @@ void adf_exit_misc_wq(void); bool adf_misc_wq_queue_work(struct work_struct *work); bool adf_misc_wq_queue_delayed_work(struct delayed_work *work, unsigned long delay); +void adf_misc_wq_flush(void); #if defined(CONFIG_PCI_IOV) int adf_sriov_configure(struct pci_dev *pdev, int numvfs); void adf_disable_sriov(struct adf_accel_dev *accel_dev); diff --git a/drivers/crypto/intel/qat/qat_common/adf_init.c b/drivers/crypto/intel/qat/qat_common/adf_init.c index f189cce7d153..46491048e0bb 100644 --- a/drivers/crypto/intel/qat/qat_common/adf_init.c +++ b/drivers/crypto/intel/qat/qat_common/adf_init.c @@ -404,6 +404,7 @@ static void adf_dev_shutdown(struct adf_accel_dev *accel_dev) hw_data->exit_admin_comms(accel_dev); adf_cleanup_etr_data(accel_dev); + adf_misc_wq_flush(); adf_dev_restore(accel_dev); } diff --git a/drivers/crypto/intel/qat/qat_common/adf_isr.c b/drivers/crypto/intel/qat/qat_common/adf_isr.c index cae1aee5479a..12e565613661 100644 --- a/drivers/crypto/intel/qat/qat_common/adf_isr.c +++ b/drivers/crypto/intel/qat/qat_common/adf_isr.c @@ -407,3 +407,8 @@ bool adf_misc_wq_queue_delayed_work(struct delayed_work *work, { return queue_delayed_work(adf_misc_wq, work, delay); } + +void adf_misc_wq_flush(void) +{ + flush_workqueue(adf_misc_wq); +} base-commit: 9d21467fca15472efb701dad69abf685195845a4 -- 2.50.0

2 months

2
1
0 0

[PATCH] crypto: acomp - Fix CFI failure due to type punning

by Eric Biggers

To avoid a crash when control flow integrity is enabled, make the workspace ("stream") free function use a consistent type, and call it through a function pointer that has that same type. Fixes: 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> --- crypto/deflate.c | 7 ++++++- crypto/zstd.c | 7 ++++++- include/crypto/internal/acompress.h | 5 +---- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/crypto/deflate.c b/crypto/deflate.c index fe8e4ad0fee10..21404515dc77e 100644 --- a/crypto/deflate.c +++ b/crypto/deflate.c @@ -46,13 +46,18 @@ static void *deflate_alloc_stream(void) ctx->stream.workspace = ctx->workspace; return ctx; } +static void deflate_free_stream(void *ctx) +{ + kvfree(ctx); +} + static struct crypto_acomp_streams deflate_streams = { .alloc_ctx = deflate_alloc_stream, - .cfree_ctx = kvfree, + .free_ctx = deflate_free_stream, }; static int deflate_compress_one(struct acomp_req *req, struct deflate_stream *ds) { diff --git a/crypto/zstd.c b/crypto/zstd.c index 657e0cf7b9524..ff5f596a4ea7e 100644 --- a/crypto/zstd.c +++ b/crypto/zstd.c @@ -52,13 +52,18 @@ static void *zstd_alloc_stream(void) ctx->wksp_size = wksp_size; return ctx; } +static void zstd_free_stream(void *ctx) +{ + kvfree(ctx); +} + static struct crypto_acomp_streams zstd_streams = { .alloc_ctx = zstd_alloc_stream, - .cfree_ctx = kvfree, + .free_ctx = zstd_free_stream, }; static int zstd_init(struct crypto_acomp *acomp_tfm) { int ret = 0; diff --git a/include/crypto/internal/acompress.h b/include/crypto/internal/acompress.h index ffffd88bbbad3..2d97440028ffd 100644 --- a/include/crypto/internal/acompress.h +++ b/include/crypto/internal/acompress.h @@ -61,14 +61,11 @@ struct crypto_acomp_stream { }; struct crypto_acomp_streams { /* These must come first because of struct scomp_alg. */ void *(*alloc_ctx)(void); - union { - void (*free_ctx)(void *); - void (*cfree_ctx)(const void *); - }; + void (*free_ctx)(void *); struct crypto_acomp_stream __percpu *streams; struct work_struct stream_work; cpumask_t stream_want; }; base-commit: 181698af38d3f93381229ad89c09b5bd0496661a -- 2.50.1

2 months

3
2
0 0

[PATCH] rv: Ensure containers are registered first

by Nam Cao

If rv_register_monitor() is called with a non-NULL parent pointer (i.e. by monitors inside a container), it is expected that the parent (a.k.a container) is already registered. The containers seem to always be registered first. I suspect because of the order in Makefile. But nothing guarantees this. If this registering order is changed, "strange" things happen. For example, if the container is registered last, rv_is_container_monitor() incorrectly says this is NOT a container. .enable() is then called, which is NULL for container, thus we have a NULL pointer deref crash. Guarantee that containers are registered first. Fixes: cb85c660fcd4 ("rv: Add option for nested monitors and include sched") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- include/linux/rv.h | 5 +++++ kernel/trace/rv/monitors/pagefault/pagefault.c | 4 ++-- kernel/trace/rv/monitors/rtapp/rtapp.c | 4 ++-- kernel/trace/rv/monitors/sched/sched.c | 4 ++-- kernel/trace/rv/monitors/sco/sco.c | 4 ++-- kernel/trace/rv/monitors/scpd/scpd.c | 4 ++-- kernel/trace/rv/monitors/sleep/sleep.c | 4 ++-- kernel/trace/rv/monitors/sncid/sncid.c | 4 ++-- kernel/trace/rv/monitors/snep/snep.c | 4 ++-- kernel/trace/rv/monitors/snroc/snroc.c | 4 ++-- kernel/trace/rv/monitors/tss/tss.c | 4 ++-- kernel/trace/rv/monitors/wip/wip.c | 4 ++-- kernel/trace/rv/monitors/wwnr/wwnr.c | 4 ++-- tools/verification/rvgen/rvgen/templates/container/main.c | 4 ++-- tools/verification/rvgen/rvgen/templates/dot2k/main.c | 4 ++-- tools/verification/rvgen/rvgen/templates/ltl2k/main.c | 4 ++-- 16 files changed, 35 insertions(+), 30 deletions(-) diff --git a/include/linux/rv.h b/include/linux/rv.h index 97baf58d88b2..094c9f62389c 100644 --- a/include/linux/rv.h +++ b/include/linux/rv.h @@ -119,5 +119,10 @@ static inline bool rv_reacting_on(void) } #endif /* CONFIG_RV_REACTORS */ +#define rv_container_init device_initcall +#define rv_container_exit __exitcall +#define rv_monitor_init late_initcall +#define rv_monitor_exit __exitcall + #endif /* CONFIG_RV */ #endif /* _LINUX_RV_H */ diff --git a/kernel/trace/rv/monitors/pagefault/pagefault.c b/kernel/trace/rv/monitors/pagefault/pagefault.c index 9fe6123b2200..2b226d27ddff 100644 --- a/kernel/trace/rv/monitors/pagefault/pagefault.c +++ b/kernel/trace/rv/monitors/pagefault/pagefault.c @@ -80,8 +80,8 @@ static void __exit unregister_pagefault(void) rv_unregister_monitor(&rv_pagefault); } -module_init(register_pagefault); -module_exit(unregister_pagefault); +rv_monitor_init(register_pagefault); +rv_monitor_exit(unregister_pagefault); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Nam Cao <namcao(a)linutronix.de>"); diff --git a/kernel/trace/rv/monitors/rtapp/rtapp.c b/kernel/trace/rv/monitors/rtapp/rtapp.c index fd75fc927d65..b078327e71bf 100644 --- a/kernel/trace/rv/monitors/rtapp/rtapp.c +++ b/kernel/trace/rv/monitors/rtapp/rtapp.c @@ -25,8 +25,8 @@ static void __exit unregister_rtapp(void) rv_unregister_monitor(&rv_rtapp); } -module_init(register_rtapp); -module_exit(unregister_rtapp); +rv_container_init(register_rtapp); +rv_container_exit(unregister_rtapp); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Nam Cao <namcao(a)linutronix.de>"); diff --git a/kernel/trace/rv/monitors/sched/sched.c b/kernel/trace/rv/monitors/sched/sched.c index 905e03c3c934..e89e193bd8e0 100644 --- a/kernel/trace/rv/monitors/sched/sched.c +++ b/kernel/trace/rv/monitors/sched/sched.c @@ -30,8 +30,8 @@ static void __exit unregister_sched(void) rv_unregister_monitor(&rv_sched); } -module_init(register_sched); -module_exit(unregister_sched); +rv_container_init(register_sched); +rv_container_exit(unregister_sched); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Gabriele Monaco <gmonaco(a)redhat.com>"); diff --git a/kernel/trace/rv/monitors/sco/sco.c b/kernel/trace/rv/monitors/sco/sco.c index 4cff59220bfc..b96e09e64a2f 100644 --- a/kernel/trace/rv/monitors/sco/sco.c +++ b/kernel/trace/rv/monitors/sco/sco.c @@ -80,8 +80,8 @@ static void __exit unregister_sco(void) rv_unregister_monitor(&rv_sco); } -module_init(register_sco); -module_exit(unregister_sco); +rv_monitor_init(register_sco); +rv_monitor_exit(unregister_sco); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Gabriele Monaco <gmonaco(a)redhat.com>"); diff --git a/kernel/trace/rv/monitors/scpd/scpd.c b/kernel/trace/rv/monitors/scpd/scpd.c index cbdd6a5f8d7f..a4c8e78fa768 100644 --- a/kernel/trace/rv/monitors/scpd/scpd.c +++ b/kernel/trace/rv/monitors/scpd/scpd.c @@ -88,8 +88,8 @@ static void __exit unregister_scpd(void) rv_unregister_monitor(&rv_scpd); } -module_init(register_scpd); -module_exit(unregister_scpd); +rv_monitor_init(register_scpd); +rv_monitor_exit(unregister_scpd); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Gabriele Monaco <gmonaco(a)redhat.com>"); diff --git a/kernel/trace/rv/monitors/sleep/sleep.c b/kernel/trace/rv/monitors/sleep/sleep.c index eea447b06907..6980f8de725d 100644 --- a/kernel/trace/rv/monitors/sleep/sleep.c +++ b/kernel/trace/rv/monitors/sleep/sleep.c @@ -229,8 +229,8 @@ static void __exit unregister_sleep(void) rv_unregister_monitor(&rv_sleep); } -module_init(register_sleep); -module_exit(unregister_sleep); +rv_monitor_init(register_sleep); +rv_monitor_exit(unregister_sleep); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Nam Cao <namcao(a)linutronix.de>"); diff --git a/kernel/trace/rv/monitors/sncid/sncid.c b/kernel/trace/rv/monitors/sncid/sncid.c index f5037cd6214c..97a126c6083a 100644 --- a/kernel/trace/rv/monitors/sncid/sncid.c +++ b/kernel/trace/rv/monitors/sncid/sncid.c @@ -88,8 +88,8 @@ static void __exit unregister_sncid(void) rv_unregister_monitor(&rv_sncid); } -module_init(register_sncid); -module_exit(unregister_sncid); +rv_monitor_init(register_sncid); +rv_monitor_exit(unregister_sncid); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Gabriele Monaco <gmonaco(a)redhat.com>"); diff --git a/kernel/trace/rv/monitors/snep/snep.c b/kernel/trace/rv/monitors/snep/snep.c index 0076ba6d7ea4..376a856ebffa 100644 --- a/kernel/trace/rv/monitors/snep/snep.c +++ b/kernel/trace/rv/monitors/snep/snep.c @@ -88,8 +88,8 @@ static void __exit unregister_snep(void) rv_unregister_monitor(&rv_snep); } -module_init(register_snep); -module_exit(unregister_snep); +rv_monitor_init(register_snep); +rv_monitor_exit(unregister_snep); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Gabriele Monaco <gmonaco(a)redhat.com>"); diff --git a/kernel/trace/rv/monitors/snroc/snroc.c b/kernel/trace/rv/monitors/snroc/snroc.c index bb1f60d55296..e4439605b4b6 100644 --- a/kernel/trace/rv/monitors/snroc/snroc.c +++ b/kernel/trace/rv/monitors/snroc/snroc.c @@ -77,8 +77,8 @@ static void __exit unregister_snroc(void) rv_unregister_monitor(&rv_snroc); } -module_init(register_snroc); -module_exit(unregister_snroc); +rv_monitor_init(register_snroc); +rv_monitor_exit(unregister_snroc); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Gabriele Monaco <gmonaco(a)redhat.com>"); diff --git a/kernel/trace/rv/monitors/tss/tss.c b/kernel/trace/rv/monitors/tss/tss.c index 542787e6524f..8f960c9fe0ff 100644 --- a/kernel/trace/rv/monitors/tss/tss.c +++ b/kernel/trace/rv/monitors/tss/tss.c @@ -83,8 +83,8 @@ static void __exit unregister_tss(void) rv_unregister_monitor(&rv_tss); } -module_init(register_tss); -module_exit(unregister_tss); +rv_monitor_init(register_tss); +rv_monitor_exit(unregister_tss); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Gabriele Monaco <gmonaco(a)redhat.com>"); diff --git a/kernel/trace/rv/monitors/wip/wip.c b/kernel/trace/rv/monitors/wip/wip.c index ed758fec8608..5c39c6074bd3 100644 --- a/kernel/trace/rv/monitors/wip/wip.c +++ b/kernel/trace/rv/monitors/wip/wip.c @@ -80,8 +80,8 @@ static void __exit unregister_wip(void) rv_unregister_monitor(&rv_wip); } -module_init(register_wip); -module_exit(unregister_wip); +rv_monitor_init(register_wip); +rv_monitor_exit(unregister_wip); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Daniel Bristot de Oliveira <bristot(a)kernel.org>"); diff --git a/kernel/trace/rv/monitors/wwnr/wwnr.c b/kernel/trace/rv/monitors/wwnr/wwnr.c index 172f31c4b0f3..ec671546f571 100644 --- a/kernel/trace/rv/monitors/wwnr/wwnr.c +++ b/kernel/trace/rv/monitors/wwnr/wwnr.c @@ -79,8 +79,8 @@ static void __exit unregister_wwnr(void) rv_unregister_monitor(&rv_wwnr); } -module_init(register_wwnr); -module_exit(unregister_wwnr); +rv_monitor_init(register_wwnr); +rv_monitor_exit(unregister_wwnr); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Daniel Bristot de Oliveira <bristot(a)kernel.org>"); diff --git a/tools/verification/rvgen/rvgen/templates/container/main.c b/tools/verification/rvgen/rvgen/templates/container/main.c index 89fc17cf8958..5820c9705d0f 100644 --- a/tools/verification/rvgen/rvgen/templates/container/main.c +++ b/tools/verification/rvgen/rvgen/templates/container/main.c @@ -30,8 +30,8 @@ static void __exit unregister_%%MODEL_NAME%%(void) rv_unregister_monitor(&rv_%%MODEL_NAME%%); } -module_init(register_%%MODEL_NAME%%); -module_exit(unregister_%%MODEL_NAME%%); +rv_container_init(register_%%MODEL_NAME%%); +rv_container_exit(unregister_%%MODEL_NAME%%); MODULE_LICENSE("GPL"); MODULE_AUTHOR("dot2k: auto-generated"); diff --git a/tools/verification/rvgen/rvgen/templates/dot2k/main.c b/tools/verification/rvgen/rvgen/templates/dot2k/main.c index 83044a20c89a..d6bd248aba9c 100644 --- a/tools/verification/rvgen/rvgen/templates/dot2k/main.c +++ b/tools/verification/rvgen/rvgen/templates/dot2k/main.c @@ -83,8 +83,8 @@ static void __exit unregister_%%MODEL_NAME%%(void) rv_unregister_monitor(&rv_%%MODEL_NAME%%); } -module_init(register_%%MODEL_NAME%%); -module_exit(unregister_%%MODEL_NAME%%); +rv_monitor_init(register_%%MODEL_NAME%%); +rv_monitor_exit(unregister_%%MODEL_NAME%%); MODULE_LICENSE("GPL"); MODULE_AUTHOR("dot2k: auto-generated"); diff --git a/tools/verification/rvgen/rvgen/templates/ltl2k/main.c b/tools/verification/rvgen/rvgen/templates/ltl2k/main.c index f85d076fbf78..2069a7a0f1ae 100644 --- a/tools/verification/rvgen/rvgen/templates/ltl2k/main.c +++ b/tools/verification/rvgen/rvgen/templates/ltl2k/main.c @@ -94,8 +94,8 @@ static void __exit unregister_%%MODEL_NAME%%(void) rv_unregister_monitor(&rv_%%MODEL_NAME%%); } -module_init(register_%%MODEL_NAME%%); -module_exit(unregister_%%MODEL_NAME%%); +rv_monitor_init(register_%%MODEL_NAME%%); +rv_monitor_exit(unregister_%%MODEL_NAME%%); MODULE_LICENSE("GPL"); MODULE_AUTHOR(/* TODO */); -- 2.39.5

2 months

3
3
0 0

Re: [PATCH] misc: rtsx: usb: Ensure mmc child device is active when card is present

by Gwendal Grignou

> --- > drivers/misc/cardreader/rtsx_usb.c | 16 +++++++++------- > 1 file changed, 9 insertions(+), 7 deletions(-) > > diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c > index 148107a4547c..d007a4455ce5 100644 > --- a/drivers/misc/cardreader/rtsx_usb.c > +++ b/drivers/misc/cardreader/rtsx_usb.c > @@ -698,6 +698,12 @@ static void rtsx_usb_disconnect(struct usb_interface *intf) > } > > #ifdef CONFIG_PM > +static int rtsx_usb_resume_child(struct device *dev, void *data) > +{ > + pm_request_resume(dev); > + return 0; > +} > + > static int rtsx_usb_suspend(struct usb_interface *intf, pm_message_t message) > { > struct rtsx_ucr *ucr = > @@ -713,8 +719,10 @@ static int rtsx_usb_suspend(struct usb_interface *intf, pm_message_t message) > mutex_unlock(&ucr->dev_mutex); > > /* Defer the autosuspend if card exists */ > - if (val & (SD_CD | MS_CD)) > + if (val & (SD_CD | MS_CD)) { > + device_for_each_child(&intf->dev, NULL, rtsx_usb_resume_child); Why not calling rtsx_usb_resume() here? > return -EAGAIN; > + } > } else { > /* There is an ongoing operation*/ > return -EAGAIN; > @@ -724,12 +732,6 @@ static int rtsx_usb_suspend(struct usb_interface *intf, pm_message_t message) > return 0; > } > > -static int rtsx_usb_resume_child(struct device *dev, void *data) > -{ > - pm_request_resume(dev); > - return 0; > -} > - > static int rtsx_usb_resume(struct usb_interface *intf) > { > device_for_each_child(&intf->dev, NULL, rtsx_usb_resume_child); > -- > 2.25.1 >

2 months

2
1
0 0

[PATCH v2] media: lirc: Fix error handling in lirc_register()

by Ma Ke

When cdev_device_add() failed, calling put_device() to explicitly release dev->lirc_dev. Otherwise, it could cause the fault of the reference count. Found by code review. Cc: stable(a)vger.kernel.org Fixes: a6ddd4fecbb0 ("media: lirc: remove last remnants of lirc kapi") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - move get_device() before cdev_device_add() to adjust the timing of parent device reference. --- drivers/media/rc/lirc_dev.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index a2257dc2f25d..7d4942925993 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -736,11 +736,11 @@ int lirc_register(struct rc_dev *dev) cdev_init(&dev->lirc_cdev, &lirc_fops); + get_device(&dev->dev); + err = cdev_device_add(&dev->lirc_cdev, &dev->lirc_dev); if (err) - goto out_ida; - - get_device(&dev->dev); + goto out_put_device; switch (dev->driver_type) { case RC_DRIVER_SCANCODE: @@ -764,7 +764,8 @@ int lirc_register(struct rc_dev *dev) return 0; -out_ida: +out_put_device: + put_device(&dev->lirc_dev); ida_free(&lirc_ida, minor); return err; } -- 2.25.1

2 months

1
0
0 0

[PATCH RESEND] fsi/core: fix error handling in fsi_slave_init()

by Ma Ke

Once cdev_device_add() failed, we should use put_device() to decrement reference count for cleanup. Or it could cause memory leak. Although operations in err_free_ida are similar to the operations in callback function fsi_slave_release(), put_device() is a correct handling operation as comments require when cdev_device_add() fails. As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 371975b0b075 ("fsi/core: Fix error paths on CFAM init") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/fsi/fsi-core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c index 50e8736039fe..c494fc0bd747 100644 --- a/drivers/fsi/fsi-core.c +++ b/drivers/fsi/fsi-core.c @@ -1084,7 +1084,8 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) rc = cdev_device_add(&slave->cdev, &slave->dev); if (rc) { dev_err(&slave->dev, "Error %d creating slave device\n", rc); - goto err_free_ida; + put_device(&slave->dev); + return rc; } /* Now that we have the cdev registered with the core, any fatal @@ -1110,8 +1111,6 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id) return 0; -err_free_ida: - fsi_free_minor(slave->dev.devt); err_free: of_node_put(slave->dev.of_node); kfree(slave); -- 2.25.1

2 months

1
0
0 0

[PATCH] vhost/net: Replace wait_queue with completion in ubufs reference

by Nikolay Kuratov

When operating on struct vhost_net_ubuf_ref, the following execution sequence is theoretically possible: CPU0 is finalizing DMA operation CPU1 is doing VHOST_NET_SET_BACKEND // &ubufs->refcount == 2 vhost_net_ubuf_put() vhost_net_ubuf_put_wait_and_free(oldubufs) vhost_net_ubuf_put_and_wait() vhost_net_ubuf_put() int r = atomic_sub_return(1, &ubufs->refcount); // r = 1 int r = atomic_sub_return(1, &ubufs->refcount); // r = 0 wait_event(ubufs->wait, !atomic_read(&ubufs->refcount)); // no wait occurs here because condition is already true kfree(ubufs); if (unlikely(!r)) wake_up(&ubufs->wait); // use-after-free This leads to use-after-free on ubufs access. This happens because CPU1 skips waiting for wake_up() when refcount is already zero. To prevent that use a completion instead of wait_queue as the ubufs notification mechanism. wait_for_completion() guarantees that there will be complete() call prior to its return. We also need to reinit completion because refcnt == 0 does not mean freeing in case of vhost_net_flush() - it then sets refcnt back to 1. AFAIK concurrent calls to vhost_net_ubuf_put_and_wait() with the same ubufs object aren't possible since those calls (through vhost_net_flush() or vhost_net_set_backend()) are protected by the device mutex. So reinit_completion() right after wait_for_completion() should be fine. Cc: stable(a)vger.kernel.org Fixes: 0ad8b480d6ee9 ("vhost: fix ref cnt checking deadlock") Reported-by: Andrey Ryabinin <arbn(a)yandex-team.com> Suggested-by: Andrey Smetanin <asmetanin(a)yandex-team.ru> Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> --- drivers/vhost/net.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c index 7cbfc7d718b3..454d179fffeb 100644 --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -94,7 +94,7 @@ struct vhost_net_ubuf_ref { * >1: outstanding ubufs */ atomic_t refcount; - wait_queue_head_t wait; + struct completion wait; struct vhost_virtqueue *vq; }; @@ -240,7 +240,7 @@ vhost_net_ubuf_alloc(struct vhost_virtqueue *vq, bool zcopy) if (!ubufs) return ERR_PTR(-ENOMEM); atomic_set(&ubufs->refcount, 1); - init_waitqueue_head(&ubufs->wait); + init_completion(&ubufs->wait); ubufs->vq = vq; return ubufs; } @@ -249,14 +249,15 @@ static int vhost_net_ubuf_put(struct vhost_net_ubuf_ref *ubufs) { int r = atomic_sub_return(1, &ubufs->refcount); if (unlikely(!r)) - wake_up(&ubufs->wait); + complete_all(&ubufs->wait); return r; } static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs) { vhost_net_ubuf_put(ubufs); - wait_event(ubufs->wait, !atomic_read(&ubufs->refcount)); + wait_for_completion(&ubufs->wait); + reinit_completion(&ubufs->wait); } static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs) -- 2.34.1

2 months

2
1
0 0

Re: [PATCH bpf-next v5 2/2] selftests/bpf: Add tests with stack ptr register in conditional jmp

by Shung-Hsi Yu

Hi Andrii and Yonghong, On Fri, May 23, 2025 at 09:13:40PM -0700, Yonghong Song wrote: > Add two tests: > - one test has 'rX <op> r10' where rX is not r10, and > - another test has 'rX <op> rY' where rX and rY are not r10 > but there is an early insn 'rX = r10'. > > Without previous verifier change, both tests will fail. > > Signed-off-by: Yonghong Song <yonghong.song(a)linux.dev> > --- > .../selftests/bpf/progs/verifier_precision.c | 53 +++++++++++++++++++ > 1 file changed, 53 insertions(+) I was looking this commit (5ffb537e416e) since it was a BPF selftest test for CVE-2025-38279, but upon looking I found that the commit differs from the patch, there is an extra hunk that changed kernel/bpf/verifier.c that wasn't found the Yonghong's original patch. I suppose it was meant to be squashed into the previous commit e2d2115e56c4 "bpf: Do not include stack ptr register in precision backtracking bookkeeping"? Since stable backports got only e2d2115e56c4, but not the 5ffb537e416e here with the extra change for kernel/bpf/verifier.c, I'd guess the backtracking logic in the stable kernel isn't correct at the moment, so I'll send 5ffb537e416e "selftests/bpf: Add tests with stack ptr register in conditional jmp" to stable as well. Let me know if that's not the right thing to do. Shung-Hsi diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 98c52829936e..a7d6e0c5928b 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -16456,6 +16456,8 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, if (src_reg->type == PTR_TO_STACK) insn_flags |= INSN_F_SRC_REG_STACK; + if (dst_reg->type == PTR_TO_STACK) + insn_flags |= INSN_F_DST_REG_STACK; } else { if (insn->src_reg != BPF_REG_0) { verbose(env, "BPF_JMP/JMP32 uses reserved fields\n"); @@ -16465,10 +16467,11 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, memset(src_reg, 0, sizeof(*src_reg)); src_reg->type = SCALAR_VALUE; __mark_reg_known(src_reg, insn->imm); + + if (dst_reg->type == PTR_TO_STACK) + insn_flags |= INSN_F_DST_REG_STACK; } - if (dst_reg->type == PTR_TO_STACK) - insn_flags |= INSN_F_DST_REG_STACK; if (insn_flags) { err = push_insn_history(env, this_branch, insn_flags, 0); if (err) > diff --git a/tools/testing/selftests/bpf/progs/verifier_precision.c b/tools/testing/selftests/bpf/progs/verifier_precision.c ...

2 months

2
2
0 0

[PATCH] cifs: reset iface weights when we cannot find a candidate

by nspmangalore＠gmail.com

From: Shyam Prasad N <sprasad(a)microsoft.com> We now do a weighted selection of server interfaces when allocating new channels. The weights are decided based on the speed advertised. The fulfilled weight for an interface is a counter that is used to track the interface selection. It should be reset back to zero once all interfaces fulfilling their weight. In cifs_chan_update_iface, this reset logic was missing. As a result when the server interface list changes, the client may not be able to find a new candidate for other channels after all interfaces have been fulfilled. Fixes: a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") Cc: <stable(a)vger.kernel.org> Signed-off-by: Shyam Prasad N <sprasad(a)microsoft.com> --- fs/smb/client/sess.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c index 330bc3d25bad..0a8c2fcc9ded 100644 --- a/fs/smb/client/sess.c +++ b/fs/smb/client/sess.c @@ -332,6 +332,7 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server) struct cifs_server_iface *old_iface = NULL; struct cifs_server_iface *last_iface = NULL; struct sockaddr_storage ss; + int retry = 0; spin_lock(&ses->chan_lock); chan_index = cifs_ses_get_chan_index(ses, server); @@ -360,6 +361,7 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server) return; } +try_again: last_iface = list_last_entry(&ses->iface_list, struct cifs_server_iface, iface_head); iface_min_speed = last_iface->speed; @@ -397,6 +399,13 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server) } if (list_entry_is_head(iface, &ses->iface_list, iface_head)) { + list_for_each_entry(iface, &ses->iface_list, iface_head) + iface->weight_fulfilled = 0; + + /* see if it can be satisfied in second attempt */ + if (!retry++) + goto try_again; + iface = NULL; cifs_dbg(FYI, "unable to find a suitable iface\n"); } -- 2.43.0

2 months

2
1
0 0

[PATCH 5.4.y 0/6] Backport few sch_sfq fixes

by Harshit Mogalapalli

commit: 10685681bafc ("net_sched: sch_sfq: don't allow 1 packet limit") fixes CVE-2024-57996 and commit: b3bf8f63e617 ("net_sched: sch_sfq: move the limit validation") fixes CVE-2025-37752 and commit: 7ca52541c05c ("net_sched: sch_sfq: reject invalid perturb period") fixes CVE-2025-38193. Patches 3, 5, 6 are CVE fixes for above mentioned CVEs. Patch 1,2 and 4 are pulled in as stable-deps. Testing performed on the patched 5.4.295 kernel with the above 5 patches: (Used latest upstream kselftests for tc-testing) $ uname -a Linux hamogala-kdevoci8-1 5.4.295-master.20250717.el8.rc2.x86_64 #1 SMP Thu Jul 17 00:57:21 PDT 2025 x86_64 x86_64 x86_64 GNU/Linux $ python3.12 ./tdc.py -f tc-tests/qdiscs/sfq.json -- ns/SubPlugin.__init__ Test 7482: Create SFQ with default setting Test c186: Create SFQ with limit setting Test ae23: Create SFQ with perturb setting Test a430: Create SFQ with quantum setting Test 4539: Create SFQ with divisor setting Test b089: Create SFQ with flows setting Test 99a0: Create SFQ with depth setting Test 7389: Create SFQ with headdrop setting Test 6472: Create SFQ with redflowlimit setting Test 8929: Show SFQ class Test 4d6f: Check that limit of 1 is rejected Test 7f8f: Check that a derived limit of 1 is rejected (limit 2 depth 1 flows 1) Test 5168: Check that a derived limit of 1 is rejected (limit 2 depth 1 divisor 1) All test results: 1..13 ok 1 7482 - Create SFQ with default setting ok 2 c186 - Create SFQ with limit setting ok 3 ae23 - Create SFQ with perturb setting ok 4 a430 - Create SFQ with quantum setting ok 5 4539 - Create SFQ with divisor setting ok 6 b089 - Create SFQ with flows setting ok 7 99a0 - Create SFQ with depth setting ok 8 7389 - Create SFQ with headdrop setting ok 9 6472 - Create SFQ with redflowlimit setting ok 10 8929 - Show SFQ class ok 11 4d6f - Check that limit of 1 is rejected ok 12 7f8f - Check that a derived limit of 1 is rejected (limit 2 depth 1 flows 1) ok 13 5168 - Check that a derived limit of 1 is rejected (limit 2 depth 1 divisor 1) Thanks, Harshit Eric Dumazet (3): net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets net_sched: sch_sfq: reject invalid perturb period Octavian Purdila (3): net_sched: sch_sfq: don't allow 1 packet limit net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation net/sched/sch_sfq.c | 114 +++++++++++++++++++++++++++++--------------- 1 file changed, 75 insertions(+), 39 deletions(-) -- 2.47.1

2 months

2
12
0 0

[PATCH stable 6.6 0/2] selftests/bpf: revert changes from "check bpf_dummy_struct_ops program params for test runs"

by Shung-Hsi Yu

This patchset reverts BPF selftests changes backported from "check bpf_dummy_struct_ops program params for test runs" series[1]. The changes are causing BPF selftests to fail on stable 6.6 kernel due to missing dependencies (mainly the "Support PTR_MAYBE_NULL for struct_ops arguments." series[2]). Please see individual patch for detail. 1: https://lore.kernel.org/bpf/20240424012821.595216-1-eddyz87@gmail.com/ 2: https://lore.kernel.org/bpf/20240209023750.1153905-1-thinker.li@gmail.com/ Shung-Hsi Yu (2): Revert "selftests/bpf: adjust dummy_st_ops_success to detect additional error" Revert "selftests/bpf: dummy_st_ops should reject 0 for non-nullable params" .../selftests/bpf/prog_tests/dummy_st_ops.c | 27 ------------------- .../bpf/progs/dummy_st_ops_success.c | 13 ++------- 2 files changed, 2 insertions(+), 38 deletions(-) -- 2.50.1

2 months

2
4
0 0

[to-be-updated] mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: check if folio has valid mapcount before folio_test_{anon,ksm}() when necessary has been removed from the -mm tree. Its filename was mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Harry Yoo <harry.yoo(a)oracle.com> Subject: mm: check if folio has valid mapcount before folio_test_{anon,ksm}() when necessary Date: Mon, 7 Jul 2025 21:07:40 +0900 folio_test_anon() and folio_test_ksm() may return false positives when the folio is a typed page (except hugetlb), because lower bits of folio->mapping field can be set even if it doesn't mean FOLIO_MAPPING_* flags. To avoid false positives, folio_test_{anon,ksm}() should be called only if !page_has_type(&folio->page) || folio_test_hugetlb(folio). However, the check can be skipped if a folio is or will be mapped to userspace because typed pages that are not hugetlb folios cannot be mapped to userspace. As folio_expected_ref_count() already does the check, introduce a helper function folio_has_mapcount() and use it in folio_expected_ref_count() and stable_page_flags(). Update the comment in FOLIO_MAPPING_* flags accordingly. This fixes tools/mm/page-types reporting pages with KPF_SLAB, KPF_ANON and KPF_SLAB (with flags, page-counts, MB omitted): $ sudo ./page-types | grep slab _______S___________________________________ slab _______S____a________x_____________________ slab,anonymous,ksm Link: https://lkml.kernel.org/r/20250707120740.4413-1-harry.yoo@oracle.com Fixes: 130d4df57390 ("mm/sl[au]b: rearrange struct slab fields to allow larger rcu_head") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/page.c | 19 +++++++++++-------- include/linux/mm.h | 2 +- include/linux/page-flags.h | 20 ++++++++++++++------ 3 files changed, 26 insertions(+), 15 deletions(-) --- a/fs/proc/page.c~mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary +++ a/fs/proc/page.c @@ -148,18 +148,21 @@ u64 stable_page_flags(const struct page folio = page_folio(page); k = folio->flags; - mapping = (unsigned long)folio->mapping; - is_anon = mapping & FOLIO_MAPPING_ANON; /* * pseudo flags for the well known (anonymous) memory mapped pages */ - if (page_mapped(page)) - u |= 1 << KPF_MMAP; - if (is_anon) { - u |= 1 << KPF_ANON; - if (mapping & FOLIO_MAPPING_KSM) - u |= 1 << KPF_KSM; + if (folio_has_mapcount(folio)) { + mapping = (unsigned long)folio->mapping; + is_anon = mapping & FOLIO_MAPPING_ANON; + + if (page_mapped(page)) + u |= 1 << KPF_MMAP; + if (is_anon) { + u |= 1 << KPF_ANON; + if (mapping & FOLIO_MAPPING_KSM) + u |= 1 << KPF_KSM; + } } /* --- a/include/linux/mm.h~mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary +++ a/include/linux/mm.h @@ -2169,7 +2169,7 @@ static inline int folio_expected_ref_cou const int order = folio_order(folio); int ref_count = 0; - if (WARN_ON_ONCE(page_has_type(&folio->page) && !folio_test_hugetlb(folio))) + if (WARN_ON_ONCE(!folio_has_mapcount(folio))) return 0; if (folio_test_anon(folio)) { --- a/include/linux/page-flags.h~mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary +++ a/include/linux/page-flags.h @@ -706,12 +706,15 @@ PAGEFLAG_FALSE(VmemmapSelfHosted, vmemma * address_space which maps the folio from disk; whereas "folio_mapped" * refers to user virtual address space into which the folio is mapped. * - * For slab pages, since slab reuses the bits in struct page to store its - * internal states, the folio->mapping does not exist as such, nor do - * these flags below. So in order to avoid testing non-existent bits, - * please make sure that folio_test_slab(folio) actually evaluates to - * false before calling the following functions (e.g., folio_test_anon). - * See mm/slab.h. + * For certain typed pages like slabs, since they reuse bits in struct page + * to store internal states, folio->mapping does not point to a valid + * mapping, nor do these flags exist. To avoid testing non-existent bits, + * make sure folio_has_mapcount() actually evaluates to true before calling + * the following functions (e.g., folio_test_anon). + * + * The folio_has_mapcount() check can be skipped if the folio is mapped + * to userspace, since a folio with !folio_has_mapcount() cannot be mapped + * to userspace at all. */ #define FOLIO_MAPPING_ANON 0x1 #define FOLIO_MAPPING_ANON_KSM 0x2 @@ -1092,6 +1095,11 @@ static inline bool PageHuge(const struct return folio_test_hugetlb(page_folio(page)); } +static inline bool folio_has_mapcount(const struct folio *folio) +{ + return !page_has_type(&folio->page) || folio_test_hugetlb(folio); +} + /* * Check if a page is currently marked HWPoisoned. Note that this check is * best effort only and inherently racy: there is no way to synchronize with _ Patches currently in -mm which might be from harry.yoo(a)oracle.com are mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch

2 months

1
0
0 0

[ath10k][QCA9377] Firmware crashes on Dell Inspiron 5567 (IRQ #16, all modern distro kernels)

by Bandhan Pramanik

Hello, This is to inform all that constant firmware crashes have been seen in the "Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter", which was shipped with the Dell Inspiron 5567 laptops. This affects every kernel release, including the stable and the longterm ones. All the logs have been taken after livebooting an Arch Linux ISO. Every distro has been tried, and it has been confirmed that some error of this kind is shown in every distro. ## Steps to reproduce the issue 1. Boot/liveboot any Linux ISO through this card (and possibly, this laptop). 2. Wi-Fi network interface appears. 3. Connect the Wi-Fi router to the computer. 4. A few moments/minutes after that, the touchpad stops working, and the network interface cannot even access the Internet anymore (BUT, the network interface might disappear, might not disappear). ## Affected distros and the necessary workarounds This has been the pattern on every distro and their corresponding kernels (LMDE, Linux Mint, Pop!_OS, Zorin, Kubuntu, KDE Neon, elementaryOS, Fedora, and even Arch). The fix which made these distros usable is to add two things: - Adding "options ath10k_core skip_otp=y" to a new conf file in /etc/modprobe.d. - Adding "pci=noaer" in GRUB kernel parameters so that the logs are not flooded with Multiple Correctable Errors. To defend my case (that it occurs in the other models of Inspiron 5567 too), I have recently contacted someone running Linux Mint on the same model. The answer was the same: the touchpad and the Wi-Fi stop simultaneously. ## Some of the limitations The kernel was tainted, but the other things have been properly noted in case they might provide some useful details. As stated, investigating why IRQ #16 is disabled will probably give us the answer. ## Logs provided All the logs in a combined manner can be found here: https://gist.github.com/BandhanPramanik/ddb0cb23eca03ca2ea43a1d832a16180 - Full dmesg: https://gist.github.com/BandhanPramanik/ddb0cb23eca03ca2ea43a1d832a16180#fi… - Hostnamectl: https://gist.github.com/BandhanPramanik/ddb0cb23eca03ca2ea43a1d832a16180#fi… - lspci: https://gist.github.com/BandhanPramanik/ddb0cb23eca03ca2ea43a1d832a16180#fi… - Modinfo of the driver: https://gist.github.com/BandhanPramanik/ddb0cb23eca03ca2ea43a1d832a16180#fi… - Ping command: https://gist.github.com/BandhanPramanik/ddb0cb23eca03ca2ea43a1d832a16180#fi… - /proc/interrupts: https://gist.github.com/BandhanPramanik/ddb0cb23eca03ca2ea43a1d832a16180#fi… - IP addr command (Heavily Redacted): https://gist.github.com/BandhanPramanik/ddb0cb23eca03ca2ea43a1d832a16180#fi… Lastly, this issue on the GitHub repository of Pop!_OS 'might' be relevant: https://github.com/pop-os/pop/issues/1470 It would be highly appreciated if the matter were looked into. Thanks, Bandhan Pramanik

2 months

1
4
0 0

[TEST REGRESSION] stable-rc/linux-6.12.y: kselftest.breakpoints.breakpoints_step_after_suspend_test on stm32mp157a-dhcor-avenger96

by KernelCI bot

Hello, New test failure found on stable-rc/linux-6.12.y: kselftest.breakpoints.breakpoints_step_after_suspend_test running on stm32mp157a-dhcor-avenger96 giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git branch: linux-6.12.y commit HEAD: d50d16f002928cde05a54e0049ddc203323ae7ac test id: maestro:687945d32ce2c1874ed4d342 status: FAIL start time: log: https://files.kernelci.org/kselftest-breakpoints-6876a2d634612746bbcec7ff/l… # Test details: - test path: kselftest.breakpoints.breakpoints_step_after_suspend_test - platform: stm32mp157a-dhcor-avenger96 - compatibles: arrow,stm32mp157a-avenger96 | dh,stm32mp157a-dhcor-som | st,stm32mp157 - config: multi_v7_defconfig - architecture: arm - compiler: gcc-12 Dashboard: https://d.kernelci.org/t/maestro:687945d32ce2c1874ed4d342 Log excerpt: ===================================================== of an unmet condition check (ConditionPathExists=/sys/kernel/mm/hugepages). [ 28.116033] systemd[1]: dev-mqueue.mount - POSIX Message Queue File System was skipped because of an unmet condition check (ConditionPathExists=/proc/sys/fs/mqueue). [ 28.180697] systemd[1]: Mounting sys-kernel-debug.mount - Kernel Debug File System... Mounting [0;1;39msys-kernel-debug.…[0m - Kernel Debug File System... [ 28.217714] systemd[1]: Mounting sys-kernel-tracing.mount - Kernel Trace File System... Mounting [0;1;39msys-kernel-tracin…[0m - Kernel Trace File System... [ 28.291406] systemd[1]: Starting kmod-static-nodes.service - Create List of Static Device Nodes... Starting [0;1;39mkmod-static-nodes…ate List of Static Device Nodes... [ 28.331680] systemd[1]: Starting modprobe(a)configfs.service - Load Kernel Module configfs... Starting [0;1;39mmodprobe@configfs…m - Load Kernel Module configfs... [ 28.371165] systemd[1]: Starting modprobe(a)dm_mod.service - Load Kernel Module dm_mod... Starting [0;1;39mmodprobe(a)dm_mod.s...[0m - Load Kernel Module dm_mod... [ 28.408054] systemd[1]: Starting modprobe(a)drm.service - Load Kernel Module drm... Starting [0;1;39mmodprobe(a)drm.service[0m - Load Kernel Module drm... [ 28.449915] systemd[1]: Starting modprobe(a)efi_pstore.service - Load Kernel Module efi_pstore... Starting [0;1;39mmodprobe@efi_psto…- Load Kernel Module efi_pstore... [ 28.487986] systemd[1]: Starting modprobe(a)fuse.service - Load Kernel Module fuse... Starting [0;1;39mmodprobe(a)fuse.ser...e[0m - Load Kernel Module fuse... [ 28.532255] systemd[1]: Starting modprobe(a)loop.service - Load Kernel Module loop... Starting [0;1;39mmodprobe(a)loop.ser...e[0m - Load Kernel Module loop... [ 28.563256] systemd[1]: systemd-journald.service: unit configures an IP firewall, but the local system does not support BPF/cgroup firewalling. [ 28.574983] systemd[1]: (This warning is only shown for the first unit using IP firewalling.) [ 28.588124] systemd[1]: Starting systemd-journald.service - Journal Service... Starting [0;1;39msystemd-journald.service[0m - Journal Service... [ 28.682143] systemd[1]: Starting systemd-modules-load.service - Load Kernel Modules... Starting [0;1;39msystemd-modules-l…rvice[0m - Load Kernel Modules... [ 28.726528] systemd[1]: Starting systemd-network-generator.service - Generate network units from Kernel command line... Starting [0;1;39msystemd-network-g… units from Kernel command line... [ 28.831292] systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems... Starting [0;1;39msystemd-remount-f…nt Root and Kernel File Systems... [ 28.868196] systemd[1]: Starting systemd-udev-trigger.service - Coldplug All udev Devices... Starting [0;1;39msystemd-udev-trig…[0m - Coldplug All udev Devices... [ 28.925905] systemd[1]: Mounted sys-kernel-debug.mount - Kernel Debug File System. [[0;32m OK [0m] Mounted [0;1;39msys-kernel-debug.m…nt[0m - Kernel Debug File System. [ 28.971980] systemd[1]: Mounted sys-kernel-tracing.mount - Kernel Trace File System. [[0;32m OK [0m] Mounted [0;1;39msys-kernel-tracing…nt[0m - Kernel Trace File System. [ 29.004249] systemd[1]: Finished kmod-static-nodes.service - Create List of Static Device Nodes. [[0;32m OK [0m] Finished [0;1;39mkmod-static-nodes…reate List of Static Device Nodes. [ 29.106198] systemd[1]: modprobe(a)configfs.service: Deactivated successfully. [ 29.121680] systemd[1]: Finished modprobe(a)configfs.service - Load Kernel Module configfs. [[0;32m OK [0m] Finished [0;1;39mmodprobe@configfs…[0m - Load Kernel Module configfs. [ 29.142952] systemd[1]: modprobe(a)dm_mod.service: Deactivated successfully. [ 29.160513] systemd[1]: Finished modprobe(a)dm_mod.service - Load Kernel Module dm_mod. [[0;32m OK [0m] Finished [0;1;39mmodprobe(a)dm_mod.s...e[0m - Load Kernel Module dm_mod. [ 29.203027] systemd[1]: modprobe(a)drm.service: Deactivated successfully. [ 29.209669] systemd[1]: Finished modprobe(a)drm.service - Load Kernel Module drm. [[0;32m OK [0m] Finished [0;1;39mmodprobe(a)drm.service[0m - Load Kernel Module drm. [ 29.251945] systemd[1]: Started systemd-journald.service - Journal Service. [[0;32m OK [0m] Started [0;1;39msystemd-journald.service[0m - Journal Service. [[0;32m OK [0m] Finished [0;1;39mmodprobe@efi_psto…m - Load Kernel Module efi_pstore. [[0;32m OK [0m] Finished [0;1;39mmodprobe(a)fuse.service[0m - Load Kernel Module fuse. [[0;32m OK [0m] Finished [0;1;39mmodprobe(a)loop.service[0m - Load Kernel Module loop. [[0;32m OK [0m] Finished [0;1;39msystemd-modules-l…service[0m - Load Kernel Modules. [[0;32m OK [0m] Finished [0;1;39msystemd-network-g…rk units from Kernel command line. [[0;32m OK [0m] Finished [0;1;39msystemd-remount-f…ount Root and Kernel File Systems. [[0;32m OK [0m] Reached target [0;1;39mnetwork-pre…get[0m - Preparation for Network. Mounting [0;1;39msys-kernel-config…ernel Configuration File System... Starting [0;1;39msystemd-journal-f…h Journal to Persistent Storage... Starting [0;1;39msystemd-random-se…ice[0m - Load/Save Random Seed... Starting [0;1;39msystemd-sysctl.se…ce[0m - Apply Kernel Variables... Starting [0;1;39msystemd-sysusers.…rvice[0m - Create System Users... [[0;32m OK [0m] Mounted [0;1;39msys-kernel-config.… Kernel Configuration File System. [ 29.895899] systemd-journald[191]: Received client request to flush runtime journal. [[0;32m OK [0m] Finished [0;1;39msystemd-random-se…rvice[0m - Load/Save Random Seed. [[0;32m OK [0m] Finished [0;1;39msystemd-sysctl.service[0m - Apply Kernel Variables. [[0;32m OK [0m] Finished [0;1;39msystemd-sysusers.service[0m - Create System Users. Starting [0;1;39msystemd-tmpfiles-…ate Static Device Nodes in /dev... [[0;32m OK [0m] Finished [0;1;39msystemd-journal-f…ush Journal to Persistent Storage. [[0;32m OK [0m] Finished [0;1;39msystemd-tmpfiles-…reate Static Device Nodes in /dev. [[0;32m OK [0m] Reached target [0;1;39mlocal-fs-pr…reparation for Local File Systems. [[0;32m OK [0m] Reached target [0;1;39mlocal-fs.target[0m - Local File Systems. Starting [0;1;39msystemd-tmpfiles-…te System Files and Directories... Starting [0;1;39msystemd-udevd.ser…ger for Device Events and Files... [[0;32m OK [0m] Started [0;1;39msystemd-udevd.serv…nager for Device Events and Files. [[0;32m OK [0m] Finished [0;1;39msystemd-tmpfiles-…eate System Files and Directories. Starting [0;1;39msystemd-networkd.…ice[0m - Network Configuration... Starting [0;1;39msystemd-timesyncd… - Network Time Synchronization... Starting [0;1;39msystemd-update-ut…rd System Boot/Shutdown in UTMP... [[0;32m OK [0m] Finished [0;1;39msystemd-update-ut…cord System Boot/Shutdown in UTMP. [[0;32m OK [0m] Finished [0;1;39msystemd-udev-trig…e[0m - Coldplug All udev Devices. [[0;32m OK [0m] Started [0;1;39msystemd-timesyncd.…0m - Network Time Synchronization. [[0;32m OK [0m] Started [0;1;39msystemd-networkd.service[0m - Network Configuration. [[0;32m OK [0m] Found device [0;1;39mdev-ttySTM0.device[0m - /dev/ttySTM0. [[0;32m OK [0m] Reached target [0;1;39mbluetooth.target[0m - Bluetooth Support. [[0;32m OK [0m] Reached target [0;1;39mnetwork.target[0m - Network. [[0;32m OK [0m] Reached target [0;1;39mtime-set.target[0m - System Time Set. [[0;32m OK [0m] Reached target [0;1;39musb-gadget.…m - Hardware activated USB gadget. [[0;32m OK [0m] Listening on [0;1;39msystemd-rfkil…l Switch Status /dev/rfkill Watch. Starting [0;1;39mmodprobe(a)dm_mod.s...[0m - Load Kernel Module dm_mod... Starting [0;1;39mmodprobe@efi_psto…- Load Kernel Module efi_pstore... Starting [0;1;39mmodprobe(a)fuse.ser...e[0m - Load Kernel Module fuse... Starting [0;1;39mmodprobe(a)loop.ser...e[0m - Load Kernel Module loop... [[0;32m OK [0m] Finished [0;1;39mmodprobe(a)dm_mod.s...e[0m - Load Kernel Module dm_mod. [[0;32m OK [0m] Finished [0;1;39mmodprobe@efi_psto…m - Load Kernel Module efi_pstore. [[0;32m OK [0m] Finished [0;1;39mmodprobe(a)fuse.service[0m - Load Kernel Module fuse. [[0;32m OK [0m] Finished [0;1;39mmodprobe(a)loop.service[0m - Load Kernel Module loop. [[0;32m OK [0m] Reached target [0;1;39msysinit.target[0m - System Initialization. [[0;32m OK [0m] Started [0;1;39mapt-daily.timer[0m - Daily apt download activities. [[0;32m OK [0m] Started [0;1;39mapt-daily-upgrade.… apt upgrade and clean activities. [[0;32m OK [0m] Started [0;1;39mdpkg-db-backup.tim… Daily dpkg database backup timer. [[0;32m OK [0m] Started [0;1;39me2scrub_all.timer…etadata Check for All Filesystems. [[0;32m OK [0m] Started [0;1;39mfstrim.timer[0m - Discard unused blocks once a week. [[0;32m OK [0m] Started [0;1;39msystemd-tmpfiles-c… Cleanup of Temporary Directories. [[0;32m OK [0m] Reached target [0;1;39mtimers.target[0m - Timer Units. [[0;32m OK [0m] Listening on [0;1;39mdbus.socket[…- D-Bus System Message Bus Socket. [[0;32m OK [0m] Reached target [0;1;39msockets.target[0m - Socket Units. [[0;32m OK [0m] Reached target [0;1;39mbasic.target[0m - Basic System. Starting [0;1;39malsa-restore.serv…- Save/Restore Sound Card State... Starting [0;1;39mdbus.service[0m - D-Bus System Message Bus... Starting [0;1;39me2scrub_reap.serv…e ext4 Metadata Check Snapshots... Starting [0;1;39msystemd-logind.se…ice[0m - User Login Management... Starting [0;1;39msystemd-rfkill.se…Load/Save RF Kill Switch Status... Starting [0;1;39msystemd-user-sess…vice[0m - Permit User Sessions... [[0;32m OK [0m] Finished [0;1;39malsa-restore.serv…m - Save/Restore Sound Card State. [[0;32m OK [0m] Reached target [0;1;39msound.target[0m - Sound Card. [[0;32m OK [0m] Started [0;1;39msystemd-rfkill.ser…- Load/Save RF Kill Switch Status. [[0;32m OK [0m] Finished [0;1;39msystemd-user-sess…ervice[0m - Permit User Sessions. [[0;32m OK [0m] Started [0;1;39mgetty(a)tty1.service[0m - Getty on tty1. [[0;32m OK [0m] Started [0;1;39mserial-getty@ttyST…ice[0m - Serial Getty on ttySTM0. [[0;32m OK [0m] Reached target [0;1;39mgetty.target[0m - Login Prompts. [[0;32m OK [0m] Started [0;1;39mdbus.service[0m - D-Bus System Message Bus. Starting [0;1;39msystemd-hostnamed.service[0m - Hostname Service... [[0;32m OK [0m] Started [0;1;39msystemd-logind.service[0m - User Login Management. [[0;32m OK [0m] Finished [0;1;39me2scrub_reap.serv…ine ext4 Metadata Check Snapshots. [[0;32m OK [0m] Reached target [0;1;39mmulti-user.target[0m - Multi-User System. [[0;32m OK [0m] Reached target [0;1;39mgraphical.target[0m - Graphical Interface. Starting [0;1;39msystemd-update-ut… Record Runlevel Change in UTMP... [[0;32m OK [0m] Finished [0;1;39msystemd-update-ut… - Record Runlevel Change in UTMP. [[0;32m OK [0m] Started [0;1;39msystemd-hostnamed.service[0m - Hostname Service. Debian GNU/Linux 12 debian-bookworm-armhf ttySTM0 debian-bookworm-armhf login: root (automatic login) Linux debian-bookworm-armhf 6.12.39-rc2 #1 SMP Tue Jul 15 18:39:20 UTC 2025 armv7l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. / # / # export NFS_ROOTFS='/var/lib/lava/dispatcher/tmp/1574985/extract-nfsrootfs-w6q8rnvr' export NFS_ROOTFS='/var/lib/lava/dispatcher/tmp/1574985/extract-nfsrootfs-w6q8rnvr' / # export NFS_SERVER_IP='172.16.0.3' export NFS_SERVER_IP='172.16.0.3' / # # # / # export SHELL=/bin/bash export SHELL=/bin/bash / # . /lava-1574985/environment . /lava-1574985/environment / # /lava-1574985/bin/lava-test-runner /lava-1574985/0 /lava-1574985/bin/lava-test-runner /lava-1574985/0 + export TESTRUN_ID=0_timesync-off + TESTRUN_ID=0_timesync-off + cd /lava-1574985/0/tests/0_timesync-off ++ cat uuid + UUID=1574985_1.6.2.4.1 + set +x <LAVA_SIGNAL_STARTRUN 0_timesync-off 1574985_1.6.2.4.1> + systemctl stop systemd-timesyncd + set +x <LAVA_SIGNAL_ENDRUN 0_timesync-off 1574985_1.6.2.4.1> + export TESTRUN_ID=1_kselftest-breakpoints + TESTRUN_ID=1_kselftest-breakpoints + cd /lava-1574985/0/tests/1_kselftest-breakpoints ++ cat uuid + UUID=1574985_1.6.2.4.5 + set +x <LAVA_SIGNAL_STARTRUN 1_kselftest-breakpoints 1574985_1.6.2.4.5> + cd ./automated/linux/kselftest/ + ./kselftest.sh -c breakpoints -T '' -t kselftest_armhf.tar.gz -s True -u https://files.kernelci.org/kbuild-gcc-12-arm-6876975b34612746bbce6ee9/kself… -L '' -S /dev/null -b '' -g '' -e '' -p /opt/kselftests/mainline/ -n 1 -i 1 -E '' INFO: install_deps skipped --2025-07-17 18:49:22-- https://files.kernelci.org/kbuild-gcc-12-arm-6876975b34612746bbce6ee9/kself… Resolving files.kernelci.org (files.kernelci.org)... 20.171.243.82 Connecting to files.kernelci.org (files.kernelci.org)|20.171.243.82|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 9351030 (8.9M) [application/gzip] Saving to: 'kselftest_armhf.tar.gz' kselftest_armhf.tar 0%[ ] 0 --.-KB/s ?kselftest_armhf.tar 1%[ ] 103.76K 357KB/s ?kselftest_armhf.tar 4%[ ] 439.76K 756KB/s ?kselftest_armhf.tar 12%[=> ] 1.13M 1.45MB/s ?kselftest_armhf.tar 23%[===> ] 2.13M 2.17MB/s ?kselftest_armhf.tar 35%[======> ] 3.13M 2.64MB/s ?kselftest_armhf.tar 46%[========> ] 4.13M 2.98MB/s ?kselftest_armhf.tar 57%[==========> ] 5.13M 3.24MB/s ?kselftest_armhf.tar 68%[============> ] 6.13M 3.43MB/s ?kselftest_armhf.tar 79%[==============> ] 7.13M 3.59MB/s ?kselftest_armhf.tar 90%[=================> ] 8.06M 3.57MB/s ?kselftest_armhf.tar 100%[===================>] 8.92M 3.66MB/s in 2.4s 2025-07-17 18:49:25 (3.66 MB/s) - 'kselftest_armhf.tar.gz' saved [9351030/9351030] skiplist: ======================================== ======================================== breakpoints:step_after_suspend_test ============== Tests to run =============== breakpoints:step_after_suspend_test ===========End Tests to run =============== shardfile-breakpoints pass [ 67.220163] kselftest: Running tests in breakpoints TAP version 13 1..1 # timeout set to 45 # selftests: breakpoints: step_after_suspend_test [ 67.432985] PM: suspend entry (deep) [ 67.449347] Filesystems sync: 0.014 seconds [ 67.458329] Freezing user space processes [ 67.462606] Freezing user space processes completed (elapsed 0.001 seconds) [ 67.468205] OOM killer disabled. [ 67.471493] Freezing remaining freezable tasks [ 67.477234] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [ 67.483366] printk: Suspending console(s) (use no_console_suspend to debug) [ 67.611609] stm32-dwmac 5800a000.ethernet end0: Link is Down [ 67.624958] Disabling non-boot CPUs ... [ 67.626403] CPU1 killed. [ 67.628604] Enabling non-boot CPUs ... [ 67.630318] CPU1 is up [ 67.638677] stm32-dwmac 5800a000.ethernet end0: configuring for phy/rgmii link mode [ 67.640262] dwmac4: Master AXI performs any burst length [ 67.640314] stm32-dwmac 5800a000.ethernet end0: No Safety Features support found [ 67.640345] stm32-dwmac 5800a000.ethernet end0: Invalid PTP clock rate [ 67.640361] stm32-dwmac 5800a000.ethernet end0: PTP init failed [ 67.642550] stm32-dwmac 5800a000.ethernet end0: Link is Up - 1Gbps/Full - flow control off [ 67.910193] usb 2-1: reset high-speed USB device number 2 using ehci-platform [ 68.257543] OOM killer enabled. [ 68.260709] Restarting tasks ... done. [ 68.267811] random: crng reseeded on system resumption [ 68.281019] PM: suspend exit # TAP version 13 # Bail out! Failed to enter Suspend state # # Totals: pass:0 fail:0 xfail:0 xpass:0 skip:0 error:0 not ok 1 selftests: breakpoints: step_after_suspend_test # exit=1 WARNING: Optional imports not found, TAP 13 output will be ignored. To parse yaml, see requirements in docs: https://tappy.readthedocs.io/en/latest/consumers.html#tap-version-13 breakpoints_step_after_suspend_test fail + ../../utils/send-to-lava.sh ./output/result.txt <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=shardfile-breakpoints RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=breakpoints_step_after_suspend_test RESULT=fail> + set +x <LAVA_SIGNAL_ENDRUN 1_kselftest-breakpoints 1574985_1.6.2.4.5> <LAVA_TEST_RUNNER EXIT> / # ===================================================== #kernelci test maestro:687945d32ce2c1874ed4d342 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

2 months

2
1
0 0

FYI

by Allen Cheng

Good day, I sent you a message a few hours ago, but no reply yet, or did you not receive it? Kindly read my letter and reply. I want to make an inquiry Thanks. Dr.Allen Cheng Human Resource Manager | Product Research Assistant FGP Ltd "Email ini dan dokumen lampirannya ditujukan untuk digunakan oleh penerima e-mail. Apabila anda bukan orang yang tepat untuk menerima e-mail ini segera hapus e-mail ini. Isi e-mail ini mungkin tidak mewakili pandangan dan/atau pendapat PT. Transportasi Jakarta, kecuali bila dinyatakan dengan jelas demikian. Informasi yang terdapat dalam e-mail ini dapat bersifat rahasia. Dilarang memperbanyak, menyebarkan dan menyalin informasi rahasia kepada pihak lain tanpa persetujuan PT. Transportasi Jakart tidak bertanggung jawab atas penggunaan email ini oleh bukan penerima e-mail yang dituju dan atas kerusakan yang diakibatkan oleh e-mail ini jika terkena virus atau gangguan komunikasi."

2 months

1
0
0 0

[PATCH] vfio: cdx: Fix missing GENERIC_MSI_IRQ on compile test

by Krzysztof Kozlowski

VFIO_CDX driver uses msi_domain_alloc_irqs() which is provided by non-user-visible GENERIC_MSI_IRQ, thus it should select that option directly. VFIO_CDX depends on CDX_BUS, which also will select GENERIC_MSI_IRQ (separate fix), nevertheless driver should poll what is being used there instead of relying on bus Kconfig. Without the fix on CDX_BUS compile test fails: drivers/vfio/cdx/intr.c: In function ‘vfio_cdx_msi_enable’: drivers/vfio/cdx/intr.c:41:15: error: implicit declaration of function ‘msi_domain_alloc_irqs’; did you mean ‘irq_domain_alloc_irqs’? [-Wimplicit-function-declaration] Reported-by: Randy Dunlap <rdunlap(a)infradead.org> Closes: https://lore.kernel.org/r/4a6fd102-f8e0-42f3-b789-6e3340897032@infradead.or… Fixes: 848e447e000c ("vfio/cdx: add interrupt support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/vfio/cdx/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/vfio/cdx/Kconfig b/drivers/vfio/cdx/Kconfig index e6de0a0caa32..90cf3dee5dba 100644 --- a/drivers/vfio/cdx/Kconfig +++ b/drivers/vfio/cdx/Kconfig @@ -9,6 +9,7 @@ config VFIO_CDX tristate "VFIO support for CDX bus devices" depends on CDX_BUS select EVENTFD + select GENERIC_MSI_IRQ help Driver to enable VFIO support for the devices on CDX bus. This is required to make use of CDX devices present in -- 2.48.1

2 months

2
1
0 0

Linux 6.15.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.7 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/bpf/map_hash.rst | 8 Documentation/bpf/map_lru_hash_update.dot | 6 Documentation/devicetree/bindings/clock/mediatek,mt8188-clock.yaml | 3 Makefile | 2 arch/arm64/kernel/cpufeature.c | 57 +- arch/arm64/kernel/process.c | 5 arch/arm64/mm/fault.c | 30 - arch/arm64/mm/proc.S | 1 arch/riscv/kernel/vdso/vdso.lds.S | 2 arch/s390/crypto/sha1_s390.c | 2 arch/s390/crypto/sha256_s390.c | 3 arch/s390/crypto/sha512_s390.c | 3 arch/um/drivers/vector_kern.c | 42 - arch/x86/Kconfig | 2 arch/x86/coco/sev/core.c | 22 arch/x86/include/asm/msr-index.h | 1 arch/x86/include/asm/sev.h | 17 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/mce/amd.c | 28 - arch/x86/kernel/cpu/mce/core.c | 24 arch/x86/kernel/cpu/mce/intel.c | 1 arch/x86/kvm/hyperv.c | 3 arch/x86/kvm/svm/sev.c | 4 arch/x86/kvm/xen.c | 15 drivers/acpi/battery.c | 19 drivers/atm/idt77252.c | 5 drivers/block/nbd.c | 6 drivers/block/ublk_drv.c | 3 drivers/bluetooth/hci_qca.c | 13 drivers/char/ipmi/ipmi_msghandler.c | 3 drivers/clk/clk-scmi.c | 18 drivers/clk/imx/clk-imx95-blk-ctl.c | 12 drivers/edac/ecs.c | 4 drivers/edac/mem_repair.c | 1 drivers/edac/scrub.c | 1 drivers/gpio/gpiolib.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v8.c | 8 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 - drivers/gpu/drm/drm_framebuffer.c | 31 + drivers/gpu/drm/drm_gem.c | 74 ++ drivers/gpu/drm/drm_internal.h | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/gpu/drm/imagination/pvr_power.c | 4 drivers/gpu/drm/nouveau/nouveau_debugfs.c | 6 drivers/gpu/drm/nouveau/nouveau_debugfs.h | 5 drivers/gpu/drm/nouveau/nouveau_drm.c | 4 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 drivers/gpu/drm/tegra/nvdec.c | 6 drivers/gpu/drm/ttm/ttm_bo_util.c | 13 drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 drivers/gpu/drm/xe/xe_lmtt.c | 11 drivers/gpu/drm/xe/xe_migrate.c | 2 drivers/gpu/drm/xe/xe_pci.c | 1 drivers/gpu/drm/xe/xe_pm.c | 11 drivers/hid/hid-ids.h | 6 drivers/hid/hid-lenovo.c | 8 drivers/hid/hid-multitouch.c | 8 drivers/hid/hid-nintendo.c | 38 + drivers/hid/hid-quirks.c | 3 drivers/irqchip/Kconfig | 1 drivers/md/md-bitmap.c | 3 drivers/md/raid1.c | 4 drivers/md/raid10.c | 12 drivers/net/can/m_can/m_can.c | 2 drivers/net/ethernet/airoha/airoha_eth.c | 1 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 18 drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/ibm/ibmvnic.h | 8 drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 1 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 drivers/net/ethernet/renesas/rtsn.c | 5 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/phy/microchip.c | 3 drivers/net/phy/qcom/at803x.c | 27 - drivers/net/phy/qcom/qca808x.c | 2 drivers/net/phy/qcom/qcom-phy-lib.c | 25 drivers/net/phy/qcom/qcom.h | 5 drivers/net/phy/smsc.c | 57 ++ drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/marvell/mwifiex/util.c | 4 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 6 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 40 - drivers/net/wireless/mediatek/mt76/mt7996/main.c | 5 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 188 +++++-- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 16 drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pci/pci-acpi.c | 23 drivers/pinctrl/nuvoton/pinctrl-ma35.c | 10 drivers/pinctrl/pinctrl-amd.c | 11 drivers/pinctrl/qcom/pinctrl-msm.c | 20 drivers/pwm/core.c | 2 drivers/pwm/pwm-mediatek.c | 13 drivers/tty/vt/vt.c | 1 drivers/usb/gadget/function/u_serial.c | 12 fs/btrfs/free-space-tree.c | 16 fs/erofs/data.c | 21 fs/erofs/decompressor.c | 12 fs/erofs/fileio.c | 6 fs/erofs/internal.h | 6 fs/erofs/zdata.c | 13 fs/erofs/zmap.c | 9 fs/eventpoll.c | 12 fs/proc/inode.c | 2 fs/proc/proc_sysctl.c | 18 fs/proc/task_mmu.c | 14 fs/smb/server/smb2pdu.c | 29 - fs/smb/server/transport_rdma.c | 5 fs/smb/server/vfs.c | 1 include/drm/drm_file.h | 3 include/drm/drm_framebuffer.h | 7 include/drm/spsc_queue.h | 4 include/linux/blkdev.h | 5 include/linux/ieee80211.h | 45 + include/linux/io_uring_types.h | 2 include/linux/mm.h | 5 include/linux/psp-sev.h | 2 include/net/af_vsock.h | 2 include/net/bluetooth/hci_core.h | 3 include/net/netfilter/nf_flow_table.h | 2 include/sound/soc-acpi.h | 13 include/trace/events/erofs.h | 2 io_uring/msg_ring.c | 4 io_uring/opdef.c | 1 io_uring/zcrx.c | 3 kernel/bpf/bpf_lru_list.c | 9 kernel/bpf/bpf_lru_list.h | 1 kernel/events/core.c | 6 kernel/module/main.c | 4 kernel/sched/core.c | 7 kernel/sched/deadline.c | 10 kernel/stop_machine.c | 20 lib/alloc_tag.c | 3 lib/maple_tree.c | 1 mm/damon/core.c | 8 mm/kasan/report.c | 45 - mm/rmap.c | 46 + mm/vmalloc.c | 22 net/appletalk/ddp.c | 1 net/atm/clip.c | 64 +- net/bluetooth/hci_event.c | 3 net/bluetooth/hci_sync.c | 4 net/ipv4/tcp.c | 2 net/ipv6/addrconf.c | 9 net/mac80211/cfg.c | 14 net/mac80211/mlme.c | 7 net/mac80211/parse.c | 6 net/mac80211/util.c | 9 net/netlink/af_netlink.c | 82 +-- net/rxrpc/call_accept.c | 4 net/sched/sch_api.c | 23 net/tipc/topsrv.c | 2 net/vmw_vsock/af_vsock.c | 57 +- net/wireless/nl80211.c | 7 net/wireless/util.c | 52 +- samples/damon/prcl.c | 8 samples/damon/wsse.c | 8 scripts/gdb/linux/constants.py.in | 7 scripts/gdb/linux/interrupts.py | 16 scripts/gdb/linux/mapletree.py | 252 ++++++++++ scripts/gdb/linux/vfs.py | 2 scripts/gdb/linux/xarray.py | 28 + sound/isa/ad1816a/ad1816a.c | 2 sound/pci/hda/patch_realtek.c | 10 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/cs35l56-shared.c | 2 sound/soc/codecs/rt721-sdca.c | 23 sound/soc/fsl/fsl_asrc.c | 3 sound/soc/fsl/fsl_sai.c | 14 sound/soc/intel/boards/Kconfig | 1 sound/soc/intel/common/Makefile | 2 sound/soc/intel/common/soc-acpi-intel-arl-match.c | 21 sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++ sound/soc/intel/common/sof-function-topology-lib.h | 15 sound/soc/sof/intel/hda.c | 6 tools/arch/x86/include/asm/msr-index.h | 1 tools/include/linux/kallsyms.h | 4 tools/objtool/check.c | 1 tools/testing/selftests/bpf/test_lru_map.c | 105 ++-- tools/testing/selftests/net/lib.sh | 2 virt/kvm/kvm_main.c | 3 203 files changed, 2006 insertions(+), 827 deletions(-) Aaron Thompson (1): drm/nouveau: Do not fail module init on debugfs errors Achill Gilgenast (1): kallsyms: fix build without execinfo Akira Inoue (1): HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Al Viro (2): fix proc_sys_compare() handling of in-lookup dentries ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Alessio Belle (1): drm/imagination: Fix kernel crash when hard resetting the GPU Alex Deucher (1): drm/amdkfd: add hqd_sdma_get_doorbell callbacks for gfx7/8 Alexander Gordeev (1): mm/vmalloc: leave lazy MMU mode on PTE mapping error Alok Tiwari (1): net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Anshuman Khandual (1): arm64/mm: Drop wrong writes into TCR2_EL1 Arun Raghavan (1): ASoC: fsl_sai: Force a software reset when starting in consumer mode Baolin Wang (1): mm: fix the inaccurate memory statistics issue for users Bard Liao (4): ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH ASoC: soc-acpi: add get_function_tplg_files ops ASoC: Intel: add sof_sdw_get_tplg_files ops ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Ben Skeggs (1): drm/nouveau/gsp: fix potential leak of memory used during acpi init Carolina Jubran (2): net/mlx5: Reset bw_share field when changing a node's parent net/mlx5e: Fix race between DIM disable and net_dim() Chao Yu (2): erofs: fix to add missing tracepoint in erofs_read_folio() erofs: fix to add missing tracepoint in erofs_readahead() Charles Keepax (1): ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Chintan Vankar (1): net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info Chris Chiu (1): ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 6 G1a Christian König (1): drm/ttm: fix error handling in ttm_buffer_object_transfer Christophe JAILLET (1): net: airoha: Fix an error handling path in airoha_probe() Dan Carpenter (1): ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() Daniel J. Ogorchock (1): HID: nintendo: avoid bluetooth suspend/resume stalls Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() David Howells (2): rxrpc: Fix bug due to prealloc collision rxrpc: Fix oops due to non-existence of prealloc backlog struct David Woodhouse (1): KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. Deren Wu (2): wifi: mt76: mt7921: prevent decap offload config before STA initialization wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Edip Hazuri (1): ALSA: hda/realtek - Add mute LED support for HP Victus 15-fb2xxx Eric Biggers (1): crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 Eric Dumazet (1): netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() EricChan (1): net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Fangrui Song (1): riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment Felix Fietkau (1): wifi: rt2x00: fix remove callback type mismatch Fengnan Chang (1): io_uring: make fallocate be hashed work Filipe Manana (1): btrfs: fix assertion when building free space tree Florian Fainelli (3): scripts/gdb: fix interrupts display after MCP on x86 scripts/gdb: de-reference per-CPU MCE interrupts scripts/gdb: fix interrupts.py after maple tree conversion Gao Xiang (3): erofs: address D-cache aliasing erofs: fix large fragment handling erofs: refine readahead tracepoint Greg Kroah-Hartman (1): Linux 6.15.7 Guillaume Nault (1): gre: Fix IPv6 multicast route creation. Hangbin Liu (1): selftests: net: lib: fix shift count out of range Haoxiang Li (1): net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Harry Yoo (1): lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Heiko Carstens (1): objtool: Add missing endian conversion to read_annotate() Henry Martin (1): wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() Honggyu Kim (3): mm/damon: fix divide by zero in damon_get_intervals_score() samples/damon: fix damon sample prcl for start failure samples/damon: fix damon sample wsse for start failure Hugo Villeneuve (1): gpiolib: fix performance regression when using gpio_chip_get_multiple() Håkon Bugge (1): md/md-bitmap: fix GPF in bitmap_get_stats() Illia Ostapyshyn (1): scripts: gdb: vfs: support external dentry names JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jack Yu (1): ASoC: rt721-sdca: fix boost gain calculation error Jakub Kicinski (1): netlink: make sure we allow at least one dump skb Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Jason Xing (1): bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL Jens Axboe (1): io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU Jianbo Liu (1): net/mlx5e: Add new prio for promiscuous mode Jiawen Wu (1): net: wangxun: revert the adjustment of the IRQ vector sequence Jiayuan Chen (1): tcp: Correct signedness in skb remaining space calculation Johannes Berg (1): wifi: mac80211: fix non-transmitted BSSID profile search Julien Massot (1): dt-bindings: clock: mediatek: Add #reset-cells property for MT8188 Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kent Russell (1): drm/amdgpu: Include sdma_4_4_4.bin Kevin Brodsky (1): arm64: poe: Handle spurious Overlay faults Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kuen-Han Tsai (2): usb: gadget: u_serial: Fix race condition in TTY wakeup Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuniyuki Iwashima (6): netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lachlan Hodges (2): wifi: cfg80211: fix S1G beacon head validation in nl80211 wifi: mac80211: correctly identify S1G short beacon Lance Yang (1): mm/rmap: fix potential out-of-bounds page table access during batched unmap Liam Merwick (1): KVM: Allow CPU to reschedule while setting per-page memory attributes Linus Torvalds (1): eventpoll: don't decrement ep refcount while still holding the ep mutex Long Li (1): net: mana: Record doorbell physical address in PF mode Lorenzo Bianconi (5): wifi: mt76: Assume __mt76_connac_mcu_alloc_sta_req runs in atomic context wifi: mt76: Move RCU section in mt7996_mcu_set_fixed_field() wifi: mt76: Move RCU section in mt7996_mcu_add_rate_ctrl_fixed() wifi: mt76: Move RCU section in mt7996_mcu_add_rate_ctrl() wifi: mt76: Remove RCU section in mt7996_mac_sta_rc_work() Luiz Augusto von Dentz (4): Bluetooth: hci_sync: Fix not disabling advertising instance Bluetooth: hci_core: Remove check of BDADDR_ANY in hci_conn_hash_lookup_big_state Bluetooth: hci_sync: Fix attempting to send HCI_Disconnect to BIS handle Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Luo Gengkun (1): perf/core: Fix the WARN_ON_ONCE is out of lock protected region Luo Jie (2): net: phy: qcom: move the WoL function to shared library net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() Manuel Andreas (1): KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush Mario Limonciello (1): pinctrl: amd: Clear GPIO debounce for suspend Mark Brown (1): arm64: Filter out SME hwcaps when FEAT_SME isn't implemented Mathy Vanhoef (1): wifi: prevent A-MSDU attacks in mesh networks Matthew Auld (1): drm/xe/bmg: fix compressed VRAM handling Matthew Brost (3): drm/sched: Increment job count before swapping tail spsc queue Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" drm/xe: Allocate PF queue size on pow2 boundary Michael Lo (1): wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan Michal Luczaj (3): vsock: Fix transport_{g2h,h2g} TOCTOU vsock: Fix transport_* TOCTOU vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Wajdeczko (1): drm/xe/pf: Clear all LMTT pages on alloc Mikhail Paulyshka (2): x86/rdrand: Disable RDSEED on AMD Cyan Skillfish x86/CPU/AMD: Disable INVLPGB on Zen2 Mikko Perttunen (1): drm/tegra: nvdec: Fix dma_alloc_coherent error check Ming Yen Hsieh (1): wifi: mt76: mt7925: fix the wrong config for tx interrupt Mingming Cao (1): ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Miquel Raynal (1): pinctrl: nuvoton: Fix boot on ma35dx platforms Miri Korenblit (1): wifi: mac80211: add the virtual monitor after reconfig complete Moon Hee Lee (1): wifi: mac80211: reject VHT opmode for unsupported channel widths Nam Cao (1): irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ Namjae Jeon (1): ksmbd: fix potential use-after-free in oplock/lease break ack Nicolas Pitre (1): vt: add missing notification when switching back to text mode Nigel Croxon (1): raid10: cleanup memleak at raid10_make_request Nikunj A Dadhania (2): KVM: SVM: Add missing member in SNP_LAUNCH_START command structure x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation Oleksij Rempel (5): net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap net: phy: smsc: Force predictable MDI-X state on LAN87xx net: phy: smsc: Fix link failure in forced mode with Auto-MDIX net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Pankaj Raghav (1): block: reject bs > ps block devices when THP is disabled Pavel Begunkov (1): io_uring/zcrx: fix pp destruction warnings Peter Ujfalusi (1): ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count Peter Zijlstra (2): sched/core: Fix migrate_swap() vs. hotplug perf: Revert to requiring CAP_SYS_ADMIN for uprobes Petr Pavlu (1): module: Fix memory deallocation on error path in move_module() Philip Yang (1): drm/amdkfd: Don't call mmput from MMU notifier callback Rafael J. Wysocki (1): Revert "ACPI: battery: negate current when discharging" Richard Fitzgerald (1): ASoC: cs35l56: probe() should fail if the device ID is not recognized Ronnie Sahlberg (1): ublk: sanity check add_dev input for underflow Sascha Hauer (1): clk: scmi: Handle case where child clocks are initialized before their parents Sean Christopherson (1): KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level SeongJae Park (1): mm/damon/core: handle damon_call_control as normal under kdmond deactivation Shengjiu Wang (1): ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Shiju Jose (1): EDAC: Initialize EDAC features sysfs attributes Shravya KN (1): bnxt_en: Fix DCB ETS validation Shruti Parab (1): bnxt_en: Flush FW trace before copying to the coredump Shuai Zhang (1): driver: bluetooth: hci_qca:fix unable to load the BT driver Shuicheng Lin (2): drm/xe/pm: Restore display pm if there is error after display suspend drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() Simona Vetter (1): drm/gem: Fix race in drm_gem_handle_create_tail() Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Stefan Metzmacher (1): smb: server: make use of rdma_destroy_qp() Stefano Garzarella (1): vsock: fix `vsock_proto` declaration Takashi Iwai (1): ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 Tamura Dai (1): ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. Thomas Fourier (1): atm: idt77252: Add missing `dma_map_error()` Thomas Weißschuh (1): sched: Fix preemption string of preempt_dynamic_none Thomas Zimmermann (2): drm/gem: Acquire references on GEM handles for framebuffers drm/framebuffer: Acquire internal references on GEM handles Thorsten Blum (1): ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Tim Crawford (1): ALSA: hda/realtek: Add quirks for some Clevo laptops Tiwei Bie (1): um: vector: Reduce stack usage in vector_eth_configure() Uwe Kleine-König (2): pwm: Fix invalid state detection pwm: mediatek: Ensure to disable clocks in error path Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Vitor Soares (1): wifi: mwifiex: discard erroneous disassoc frames on STA interface Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Wei Yang (1): maple_tree: fix mt_destroy_walk() on root leaf node Willem de Bruijn (2): bpf: Adjust free target to avoid global starvation of LRU map selftests/bpf: adapt one more case in test_lru_map to the new target_free Xiaolei Wang (1): clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yasmin Fitzgerald (1): ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yazen Ghannam (4): x86/mce/amd: Add default names for MCA banks and blocks x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails x86/mce: Ensure user polling settings are honored when restarting timer Yeoreum Yun (1): kasan: remove kasan_find_vm_area() to prevent possible deadlock Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Yuzuru10 (1): ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Zhe Qiao (1): Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" Zheng Qixing (2): md/raid1,raid10: strip REQ_NOWAIT from member bios nbd: fix uaf in nbd_genl_connect() error path kuyo chang (1): sched/deadline: Fix dl_server runtime calculation formula

2 months

1
1
0 0

Linux 6.12.39

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.39 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/bpf/map_hash.rst | 8 Documentation/bpf/map_lru_hash_update.dot | 6 Makefile | 2 arch/arm64/kernel/cpufeature.c | 45 +-- arch/arm64/kernel/process.c | 5 arch/arm64/mm/fault.c | 30 +- arch/riscv/kernel/vdso/vdso.lds.S | 2 arch/s390/crypto/sha1_s390.c | 2 arch/s390/crypto/sha256_s390.c | 3 arch/s390/crypto/sha512_s390.c | 3 arch/um/drivers/vector_kern.c | 42 --- arch/x86/Kconfig | 2 arch/x86/include/asm/msr-index.h | 1 arch/x86/kernel/cpu/amd.c | 7 arch/x86/kernel/cpu/mce/amd.c | 28 +- arch/x86/kernel/cpu/mce/core.c | 24 - arch/x86/kernel/cpu/mce/intel.c | 1 arch/x86/kvm/cpuid.c | 4 arch/x86/kvm/svm/sev.c | 4 arch/x86/kvm/xen.c | 15 - crypto/ecc.c | 2 drivers/acpi/battery.c | 19 - drivers/atm/idt77252.c | 5 drivers/block/nbd.c | 6 drivers/block/ublk_drv.c | 3 drivers/bluetooth/hci_qca.c | 13 drivers/char/ipmi/ipmi_msghandler.c | 3 drivers/clk/clk-scmi.c | 18 - drivers/clk/imx/clk-imx95-blk-ctl.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 30 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 +-- drivers/gpu/drm/drm_framebuffer.c | 31 ++ drivers/gpu/drm/drm_gem.c | 74 ++++- drivers/gpu/drm/drm_internal.h | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/gpu/drm/imagination/pvr_power.c | 4 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 + drivers/gpu/drm/tegra/nvdec.c | 6 drivers/gpu/drm/ttm/ttm_bo_util.c | 13 drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 drivers/gpu/drm/xe/xe_lmtt.c | 11 drivers/gpu/drm/xe/xe_migrate.c | 2 drivers/gpu/drm/xe/xe_pci.c | 1 drivers/gpu/drm/xe/xe_pm.c | 8 drivers/hid/hid-ids.h | 6 drivers/hid/hid-lenovo.c | 8 drivers/hid/hid-multitouch.c | 8 drivers/hid/hid-nintendo.c | 38 ++ drivers/hid/hid-quirks.c | 3 drivers/irqchip/Kconfig | 1 drivers/md/md-bitmap.c | 3 drivers/md/raid1.c | 1 drivers/md/raid10.c | 10 drivers/net/can/m_can/m_can.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/ibm/ibmvnic.h | 8 drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 drivers/net/ethernet/renesas/rtsn.c | 5 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 - drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 - drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/phy/microchip.c | 3 drivers/net/phy/qcom/at803x.c | 27 -- drivers/net/phy/qcom/qca808x.c | 2 drivers/net/phy/qcom/qcom-phy-lib.c | 25 + drivers/net/phy/qcom/qcom.h | 5 drivers/net/phy/smsc.c | 57 +++- drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/marvell/mwifiex/util.c | 4 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pci/pci-acpi.c | 23 - drivers/pinctrl/pinctrl-amd.c | 11 drivers/pinctrl/qcom/pinctrl-msm.c | 20 + drivers/pwm/core.c | 2 drivers/pwm/pwm-mediatek.c | 13 drivers/tty/vt/vt.c | 1 drivers/usb/gadget/function/u_serial.c | 12 fs/btrfs/free-space-tree.c | 16 - fs/erofs/data.c | 21 + fs/erofs/decompressor.c | 12 fs/erofs/fileio.c | 6 fs/erofs/internal.h | 2 fs/erofs/zdata.c | 251 ++++++++---------- fs/erofs/zutil.c | 7 fs/eventpoll.c | 12 fs/netfs/write_collect.c | 2 fs/proc/inode.c | 2 fs/proc/proc_sysctl.c | 18 - fs/proc/task_mmu.c | 14 - fs/smb/server/smb2pdu.c | 29 -- fs/smb/server/transport_rdma.c | 5 fs/smb/server/vfs.c | 1 include/drm/drm_file.h | 3 include/drm/drm_framebuffer.h | 7 include/drm/spsc_queue.h | 4 include/linux/ieee80211.h | 45 ++- include/linux/math.h | 12 include/linux/mm.h | 5 include/linux/psp-sev.h | 2 include/net/af_vsock.h | 2 include/net/netfilter/nf_flow_table.h | 2 include/sound/soc-acpi.h | 13 include/trace/events/erofs.h | 2 io_uring/opdef.c | 1 kernel/bpf/bpf_lru_list.c | 9 kernel/bpf/bpf_lru_list.h | 1 kernel/events/core.c | 6 kernel/rseq.c | 60 +++- kernel/sched/core.c | 5 kernel/sched/deadline.c | 10 kernel/stop_machine.c | 20 - lib/alloc_tag.c | 3 lib/maple_tree.c | 1 mm/kasan/report.c | 13 mm/vmalloc.c | 22 + net/appletalk/ddp.c | 1 net/atm/clip.c | 64 +++- net/bluetooth/hci_event.c | 3 net/bluetooth/hci_sync.c | 2 net/ipv4/tcp.c | 2 net/ipv6/addrconf.c | 9 net/mac80211/mlme.c | 7 net/mac80211/parse.c | 6 net/netlink/af_netlink.c | 82 +++--- net/rxrpc/call_accept.c | 4 net/sched/sch_api.c | 23 + net/tipc/topsrv.c | 2 net/vmw_vsock/af_vsock.c | 57 +++- net/wireless/nl80211.c | 7 net/wireless/util.c | 52 +++ rust/kernel/init/macros.rs | 2 scripts/gdb/linux/constants.py.in | 7 scripts/gdb/linux/interrupts.py | 16 - scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++ scripts/gdb/linux/xarray.py | 28 ++ sound/isa/ad1816a/ad1816a.c | 2 sound/pci/hda/patch_realtek.c | 7 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/cs35l56-shared.c | 2 sound/soc/fsl/fsl_asrc.c | 3 sound/soc/fsl/fsl_sai.c | 14 - sound/soc/intel/boards/Kconfig | 1 sound/soc/intel/common/Makefile | 2 sound/soc/intel/common/soc-acpi-intel-arl-match.c | 66 ++++ sound/soc/intel/common/sof-function-topology-lib.c | 136 ++++++++++ sound/soc/intel/common/sof-function-topology-lib.h | 15 + sound/soc/sof/intel/hda.c | 6 tools/arch/x86/include/asm/msr-index.h | 1 tools/include/linux/kallsyms.h | 4 tools/testing/selftests/bpf/test_lru_map.c | 105 +++---- tools/testing/selftests/net/forwarding/lib.sh | 113 -------- tools/testing/selftests/net/lib.sh | 115 ++++++++ virt/kvm/kvm_main.c | 3 176 files changed, 2012 insertions(+), 874 deletions(-) Achill Gilgenast (1): kallsyms: fix build without execinfo Akira Inoue (1): HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Al Viro (2): fix proc_sys_compare() handling of in-lookup dentries ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Alessio Belle (1): drm/imagination: Fix kernel crash when hard resetting the GPU Alexander Gordeev (1): mm/vmalloc: leave lazy MMU mode on PTE mapping error Alok Tiwari (1): net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Arun Raghavan (1): ASoC: fsl_sai: Force a software reset when starting in consumer mode Baolin Wang (1): mm: fix the inaccurate memory statistics issue for users Bard Liao (4): ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH ASoC: soc-acpi: add get_function_tplg_files ops ASoC: Intel: add sof_sdw_get_tplg_files ops ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Ben Skeggs (1): drm/nouveau/gsp: fix potential leak of memory used during acpi init Borislav Petkov (AMD) (1): KVM: SVM: Set synthesized TSA CPUID flags Carolina Jubran (1): net/mlx5e: Fix race between DIM disable and net_dim() Chao Yu (2): erofs: fix to add missing tracepoint in erofs_read_folio() erofs: fix to add missing tracepoint in erofs_readahead() Charles Keepax (1): ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Chintan Vankar (1): net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info Christian König (1): drm/ttm: fix error handling in ttm_buffer_object_transfer Chunhai Guo (1): erofs: free pclusters if no cached folio is attached Dan Carpenter (1): ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() Daniel J. Ogorchock (1): HID: nintendo: avoid bluetooth suspend/resume stalls Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() David Howells (3): rxrpc: Fix bug due to prealloc collision rxrpc: Fix oops due to non-existence of prealloc backlog struct netfs: Fix ref leak on inserted extra subreq in write retry David Woodhouse (1): KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. Deren Wu (2): wifi: mt76: mt7921: prevent decap offload config before STA initialization wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Eric Biggers (1): crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 Eric Dumazet (1): netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() EricChan (1): net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Fangrui Song (1): riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment Felix Fietkau (1): wifi: rt2x00: fix remove callback type mismatch Fengnan Chang (1): io_uring: make fallocate be hashed work Filipe Manana (1): btrfs: fix assertion when building free space tree Flora Cui (2): drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics drm/amdgpu/ip_discovery: add missing ip_discovery fw Florian Fainelli (3): scripts/gdb: fix interrupts display after MCP on x86 scripts/gdb: de-reference per-CPU MCE interrupts scripts/gdb: fix interrupts.py after maple tree conversion Gao Xiang (5): erofs: address D-cache aliasing erofs: get rid of `z_erofs_next_pcluster_t` erofs: tidy up zdata.c erofs: refine readahead tracepoint erofs: fix rare pcluster memory leak after unmounting Greg Kroah-Hartman (1): Linux 6.12.39 Guillaume Nault (1): gre: Fix IPv6 multicast route creation. Hangbin Liu (1): selftests: net: lib: fix shift count out of range Haoxiang Li (1): net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Harry Yoo (1): lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Henry Martin (1): wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() Håkon Bugge (1): md/md-bitmap: fix GPF in bitmap_get_stats() JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jakub Kicinski (1): netlink: make sure we allow at least one dump skb Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Jason Xing (1): bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL Jianbo Liu (1): net/mlx5e: Add new prio for promiscuous mode Jiawen Wu (1): net: wangxun: revert the adjustment of the IRQ vector sequence Jiayuan Chen (1): tcp: Correct signedness in skb remaining space calculation Johannes Berg (1): wifi: mac80211: fix non-transmitted BSSID profile search Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kevin Brodsky (1): arm64: poe: Handle spurious Overlay faults Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kuen-Han Tsai (2): usb: gadget: u_serial: Fix race condition in TTY wakeup Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuniyuki Iwashima (6): netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lachlan Hodges (2): wifi: cfg80211: fix S1G beacon head validation in nl80211 wifi: mac80211: correctly identify S1G short beacon Liam Merwick (1): KVM: Allow CPU to reschedule while setting per-page memory attributes Linus Torvalds (1): eventpoll: don't decrement ep refcount while still holding the ep mutex Long Li (1): net: mana: Record doorbell physical address in PF mode Luiz Augusto von Dentz (2): Bluetooth: hci_sync: Fix not disabling advertising instance Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Lukas Wunner (1): crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Luo Gengkun (1): perf/core: Fix the WARN_ON_ONCE is out of lock protected region Luo Jie (2): net: phy: qcom: move the WoL function to shared library net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() Mario Limonciello (1): pinctrl: amd: Clear GPIO debounce for suspend Mark Brown (1): arm64: Filter out SME hwcaps when FEAT_SME isn't implemented Mathy Vanhoef (1): wifi: prevent A-MSDU attacks in mesh networks Matthew Auld (1): drm/xe/bmg: fix compressed VRAM handling Matthew Brost (3): drm/sched: Increment job count before swapping tail spsc queue Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" drm/xe: Allocate PF queue size on pow2 boundary Michael Jeanson (1): rseq: Fix segfault on registration when rseq_cs is non-zero Michael Lo (1): wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan Michal Luczaj (3): vsock: Fix transport_{g2h,h2g} TOCTOU vsock: Fix transport_* TOCTOU vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Wajdeczko (1): drm/xe/pf: Clear all LMTT pages on alloc Miguel Ojeda (1): rust: init: allow `dead_code` warnings for Rust >= 1.89.0 Mikhail Paulyshka (1): x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Mikko Perttunen (1): drm/tegra: nvdec: Fix dma_alloc_coherent error check Ming Yen Hsieh (1): wifi: mt76: mt7925: fix the wrong config for tx interrupt Mingming Cao (1): ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Nam Cao (1): irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ Namjae Jeon (1): ksmbd: fix potential use-after-free in oplock/lease break ack Nicolas Pitre (1): vt: add missing notification when switching back to text mode Nigel Croxon (1): raid10: cleanup memleak at raid10_make_request Nikunj A Dadhania (1): KVM: SVM: Add missing member in SNP_LAUNCH_START command structure Oleksij Rempel (5): net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap net: phy: smsc: Force predictable MDI-X state on LAN87xx net: phy: smsc: Fix link failure in forced mode with Auto-MDIX net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Peter Ujfalusi (1): ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count Peter Zijlstra (2): sched/core: Fix migrate_swap() vs. hotplug perf: Revert to requiring CAP_SYS_ADMIN for uprobes Petr Machata (1): selftests: net: lib: Move logging from forwarding/lib.sh here Philip Yang (1): drm/amdkfd: Don't call mmput from MMU notifier callback Rafael J. Wysocki (1): Revert "ACPI: battery: negate current when discharging" Richard Fitzgerald (1): ASoC: cs35l56: probe() should fail if the device ID is not recognized Ronnie Sahlberg (1): ublk: sanity check add_dev input for underflow Sascha Hauer (1): clk: scmi: Handle case where child clocks are initialized before their parents Sean Christopherson (1): KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shengjiu Wang (1): ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Shravya KN (1): bnxt_en: Fix DCB ETS validation Shuai Zhang (1): driver: bluetooth: hci_qca:fix unable to load the BT driver Shuicheng Lin (1): drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() Simon Trimmer (2): ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops Simona Vetter (1): drm/gem: Fix race in drm_gem_handle_create_tail() Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Srinivasan Shanmugam (1): drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV Stefan Metzmacher (1): smb: server: make use of rdma_destroy_qp() Stefano Garzarella (1): vsock: fix `vsock_proto` declaration Takashi Iwai (1): ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 Tamura Dai (1): ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. Thomas Fourier (1): atm: idt77252: Add missing `dma_map_error()` Thomas Zimmermann (2): drm/gem: Acquire references on GEM handles for framebuffers drm/framebuffer: Acquire internal references on GEM handles Thorsten Blum (1): ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Tim Crawford (1): ALSA: hda/realtek: Add quirks for some Clevo laptops Tiwei Bie (1): um: vector: Reduce stack usage in vector_eth_configure() Uwe Kleine-König (2): pwm: Fix invalid state detection pwm: mediatek: Ensure to disable clocks in error path Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Vitor Soares (1): wifi: mwifiex: discard erroneous disassoc frames on STA interface Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Wei Yang (1): maple_tree: fix mt_destroy_walk() on root leaf node Willem de Bruijn (2): bpf: Adjust free target to avoid global starvation of LRU map selftests/bpf: adapt one more case in test_lru_map to the new target_free Xiaolei Wang (1): clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yasmin Fitzgerald (1): ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yazen Ghannam (4): x86/mce/amd: Add default names for MCA banks and blocks x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails x86/mce: Ensure user polling settings are honored when restarting timer Yeoreum Yun (1): kasan: remove kasan_find_vm_area() to prevent possible deadlock Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Yuzuru10 (1): ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Zhe Qiao (1): Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" Zheng Qixing (1): nbd: fix uaf in nbd_genl_connect() error path kuyo chang (1): sched/deadline: Fix dl_server runtime calculation formula

2 months

1
1
0 0

Linux 6.6.99

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.99 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/bpf/map_hash.rst | 8 Documentation/bpf/map_lru_hash_update.dot | 6 Makefile | 2 arch/um/drivers/vector_kern.c | 42 -- arch/x86/Kconfig | 2 arch/x86/include/asm/msr-index.h | 1 arch/x86/kernel/cpu/amd.c | 7 arch/x86/kernel/cpu/mce/amd.c | 28 - arch/x86/kernel/cpu/mce/core.c | 8 arch/x86/kernel/cpu/mce/intel.c | 1 arch/x86/kvm/svm/sev.c | 4 arch/x86/kvm/xen.c | 15 crypto/ecc.c | 2 drivers/acpi/battery.c | 19 - drivers/atm/idt77252.c | 5 drivers/block/nbd.c | 6 drivers/block/ublk_drv.c | 3 drivers/char/ipmi/ipmi_msghandler.c | 3 drivers/gpu/drm/drm_framebuffer.c | 31 + drivers/gpu/drm/drm_gem.c | 74 +++- drivers/gpu/drm/drm_internal.h | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/gpu/drm/tegra/nvdec.c | 6 drivers/gpu/drm/ttm/ttm_bo_util.c | 13 drivers/hid/hid-ids.h | 6 drivers/hid/hid-lenovo.c | 8 drivers/hid/hid-multitouch.c | 8 drivers/hid/hid-quirks.c | 3 drivers/input/keyboard/atkbd.c | 3 drivers/md/md-bitmap.c | 3 drivers/md/raid1.c | 1 drivers/md/raid10.c | 10 drivers/net/can/m_can/m_can.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/ibm/ibmvnic.h | 8 drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 - drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/phy/microchip.c | 2 drivers/net/phy/smsc.c | 57 +++ drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pinctrl/pinctrl-amd.c | 11 drivers/pinctrl/qcom/pinctrl-msm.c | 20 + drivers/pwm/pwm-mediatek.c | 13 drivers/tty/vt/vt.c | 1 drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++----------- drivers/usb/cdns3/cdnsp-ep0.c | 18 - drivers/usb/cdns3/cdnsp-gadget.c | 6 drivers/usb/cdns3/cdnsp-gadget.h | 11 drivers/usb/cdns3/cdnsp-ring.c | 27 - drivers/usb/dwc3/core.c | 9 drivers/usb/dwc3/gadget.c | 22 - drivers/usb/gadget/function/u_serial.c | 12 fs/btrfs/btrfs_inode.h | 2 fs/btrfs/free-space-tree.c | 16 fs/btrfs/inode.c | 18 - fs/btrfs/transaction.c | 2 fs/btrfs/tree-log.c | 331 +++++++++++-------- fs/erofs/data.c | 2 fs/eventpoll.c | 12 fs/proc/inode.c | 2 fs/proc/proc_sysctl.c | 18 - fs/proc/task_mmu.c | 14 fs/smb/client/cifsglob.h | 3 fs/smb/client/cifsproto.h | 13 fs/smb/client/connect.c | 47 +- fs/smb/client/dfs.c | 73 ++-- fs/smb/client/dfs.h | 42 +- fs/smb/client/dfs_cache.c | 186 ++++++---- fs/smb/client/fs_context.h | 1 fs/smb/client/misc.c | 9 fs/smb/client/namespace.c | 2 fs/smb/server/smb2pdu.c | 29 - fs/smb/server/transport_rdma.c | 5 fs/smb/server/vfs.c | 1 include/drm/drm_file.h | 3 include/drm/drm_framebuffer.h | 7 include/drm/spsc_queue.h | 4 include/linux/math.h | 12 include/linux/mm.h | 5 include/net/af_vsock.h | 2 include/net/netfilter/nf_flow_table.h | 2 io_uring/opdef.c | 1 kernel/bpf/bpf_lru_list.c | 9 kernel/bpf/bpf_lru_list.h | 1 kernel/events/core.c | 6 kernel/rseq.c | 60 ++- lib/maple_tree.c | 14 mm/kasan/report.c | 13 mm/vmalloc.c | 22 - net/appletalk/ddp.c | 1 net/atm/clip.c | 64 ++- net/bluetooth/hci_event.c | 39 -- net/bluetooth/hci_sync.c | 215 +++++++----- net/ipv4/tcp.c | 2 net/ipv6/addrconf.c | 9 net/netlink/af_netlink.c | 82 ++-- net/rxrpc/call_accept.c | 4 net/sched/sch_api.c | 23 - net/tipc/topsrv.c | 2 net/vmw_vsock/af_vsock.c | 57 ++- net/wireless/util.c | 52 ++- scripts/gdb/linux/constants.py.in | 7 scripts/gdb/linux/interrupts.py | 16 scripts/gdb/linux/mapletree.py | 252 ++++++++++++++ scripts/gdb/linux/xarray.py | 28 + sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/cs35l56-shared.c | 2 sound/soc/fsl/fsl_asrc.c | 3 tools/arch/x86/include/asm/msr-index.h | 1 tools/build/feature/Makefile | 25 + tools/include/linux/kallsyms.h | 4 tools/perf/Makefile.perf | 27 + tools/testing/selftests/bpf/test_lru_map.c | 105 +++--- 117 files changed, 1937 insertions(+), 1031 deletions(-) Achill Gilgenast (1): kallsyms: fix build without execinfo Akira Inoue (1): HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Al Viro (2): fix proc_sys_compare() handling of in-lookup dentries ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Alexander Gordeev (1): mm/vmalloc: leave lazy MMU mode on PTE mapping error Alok Tiwari (1): net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Baolin Wang (1): mm: fix the inaccurate memory statistics issue for users Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Chao Yu (1): erofs: fix to add missing tracepoint in erofs_read_folio() Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Christian Eggers (1): Bluetooth: HCI: Set extended advertising data synchronously Christian König (1): drm/ttm: fix error handling in ttm_buffer_object_transfer Dan Carpenter (1): ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() David Howells (2): rxrpc: Fix bug due to prealloc collision rxrpc: Fix oops due to non-existence of prealloc backlog struct David Woodhouse (1): KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. Eric Dumazet (1): netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() EricChan (1): net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Fengnan Chang (1): io_uring: make fallocate be hashed work Filipe Manana (6): btrfs: remove noinline from btrfs_update_inode() btrfs: remove redundant root argument from btrfs_update_inode_fallback() btrfs: remove redundant root argument from fixup_inode_link_count() btrfs: return a btrfs_inode from btrfs_iget_logging() btrfs: fix inode lookup error handling during log replay btrfs: fix assertion when building free space tree Florian Fainelli (3): scripts/gdb: fix interrupts display after MCP on x86 scripts/gdb: de-reference per-CPU MCE interrupts scripts/gdb: fix interrupts.py after maple tree conversion Greg Kroah-Hartman (1): Linux 6.6.99 Guillaume Nault (1): gre: Fix IPv6 multicast route creation. Hans de Goede (1): Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Håkon Bugge (1): md/md-bitmap: fix GPF in bitmap_get_stats() JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jakub Kicinski (1): netlink: make sure we allow at least one dump skb Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Jiayuan Chen (1): tcp: Correct signedness in skb remaining space calculation Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kuen-Han Tsai (3): usb: gadget: u_serial: Fix race condition in TTY wakeup Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" usb: dwc3: Abort suspend on soft disconnect failure Kuniyuki Iwashima (6): netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lee Jones (1): usb: cdnsp: Replace snprintf() with the safer scnprintf() variant Leo Yan (1): perf: build: Setup PKG_CONFIG_LIBDIR for cross compilation Liam R. Howlett (1): maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Linus Torvalds (1): eventpoll: don't decrement ep refcount while still holding the ep mutex Long Li (1): net: mana: Record doorbell physical address in PF mode Luiz Augusto von Dentz (2): Bluetooth: hci_sync: Fix not disabling advertising instance Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Lukas Wunner (1): crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Luo Gengkun (1): perf/core: Fix the WARN_ON_ONCE is out of lock protected region Mario Limonciello (1): pinctrl: amd: Clear GPIO debounce for suspend Mathy Vanhoef (1): wifi: prevent A-MSDU attacks in mesh networks Matthew Brost (1): drm/sched: Increment job count before swapping tail spsc queue Michael Jeanson (1): rseq: Fix segfault on registration when rseq_cs is non-zero Michal Luczaj (3): vsock: Fix transport_{g2h,h2g} TOCTOU vsock: Fix transport_* TOCTOU vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Mikhail Paulyshka (1): x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Mikko Perttunen (1): drm/tegra: nvdec: Fix dma_alloc_coherent error check Mingming Cao (1): ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Namjae Jeon (1): ksmbd: fix potential use-after-free in oplock/lease break ack Nicolas Pitre (1): vt: add missing notification when switching back to text mode Nigel Croxon (1): raid10: cleanup memleak at raid10_make_request Oleksij Rempel (4): net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap net: phy: smsc: Force predictable MDI-X state on LAN87xx net: phy: smsc: Fix link failure in forced mode with Auto-MDIX net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Paulo Alcantara (3): smb: client: avoid unnecessary reconnects when refreshing referrals smb: client: fix DFS interlink failover smb: client: fix potential race in cifs_put_tcon() Pawel Laszczak (2): usb:cdnsp: remove TRB_FLUSH_ENDPOINT command usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Zijlstra (1): perf: Revert to requiring CAP_SYS_ADMIN for uprobes Rafael J. Wysocki (1): Revert "ACPI: battery: negate current when discharging" Richard Fitzgerald (1): ASoC: cs35l56: probe() should fail if the device ID is not recognized Ronnie Sahlberg (1): ublk: sanity check add_dev input for underflow Sean Christopherson (1): KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shengjiu Wang (1): ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Shravya KN (1): bnxt_en: Fix DCB ETS validation Shyam Prasad N (1): cifs: all initializations for tcon should happen in tcon_info_alloc Simona Vetter (1): drm/gem: Fix race in drm_gem_handle_create_tail() Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Stefan Metzmacher (1): smb: server: make use of rdma_destroy_qp() Stefano Garzarella (1): vsock: fix `vsock_proto` declaration Thomas Fourier (1): atm: idt77252: Add missing `dma_map_error()` Thomas Zimmermann (2): drm/gem: Acquire references on GEM handles for framebuffers drm/framebuffer: Acquire internal references on GEM handles Tiwei Bie (1): um: vector: Reduce stack usage in vector_eth_configure() Uwe Kleine-König (1): pwm: mediatek: Ensure to disable clocks in error path Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Wei Yang (1): maple_tree: fix mt_destroy_walk() on root leaf node Willem de Bruijn (2): bpf: Adjust free target to avoid global starvation of LRU map selftests/bpf: adapt one more case in test_lru_map to the new target_free Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yasmin Fitzgerald (1): ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yazen Ghannam (3): x86/mce/amd: Add default names for MCA banks and blocks x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails Yeoreum Yun (1): kasan: remove kasan_find_vm_area() to prevent possible deadlock Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Yuzuru10 (1): ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Zheng Qixing (1): nbd: fix uaf in nbd_genl_connect() error path

2 months

1
1
0 0

Linux 6.1.146

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.146 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/um/drivers/vector_kern.c | 42 --- arch/x86/Kconfig | 2 arch/x86/Makefile | 2 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/kernel/cpu/mce/amd.c | 15 - arch/x86/kernel/cpu/mce/core.c | 8 arch/x86/kernel/cpu/mce/intel.c | 1 arch/x86/kvm/svm/sev.c | 4 arch/x86/kvm/xen.c | 15 - drivers/acpi/battery.c | 19 - drivers/atm/idt77252.c | 5 drivers/block/nbd.c | 6 drivers/char/ipmi/ipmi_msghandler.c | 3 drivers/gpu/drm/drm_gem.c | 10 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/gpu/drm/tegra/nvdec.c | 6 drivers/gpu/drm/ttm/ttm_bo_util.c | 13 drivers/hid/hid-ids.h | 6 drivers/hid/hid-lenovo.c | 8 drivers/hid/hid-multitouch.c | 8 drivers/hid/hid-quirks.c | 3 drivers/input/joystick/xpad.c | 2 drivers/input/keyboard/atkbd.c | 3 drivers/md/md-bitmap.c | 3 drivers/md/raid1.c | 1 drivers/md/raid10.c | 10 drivers/net/can/m_can/m_can.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/ibm/ibmvnic.h | 8 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/phy/microchip.c | 2 drivers/net/phy/smsc.c | 28 +- drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pinctrl/qcom/pinctrl-msm.c | 20 + drivers/platform/x86/ideapad-laptop.c | 19 + drivers/pwm/pwm-mediatek.c | 13 drivers/tty/vt/vt.c | 1 drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++++-------------- drivers/usb/cdns3/cdnsp-ep0.c | 18 + drivers/usb/cdns3/cdnsp-gadget.c | 6 drivers/usb/cdns3/cdnsp-gadget.h | 11 drivers/usb/cdns3/cdnsp-ring.c | 27 - drivers/usb/dwc3/core.c | 9 drivers/usb/dwc3/gadget.c | 22 - drivers/usb/gadget/function/u_serial.c | 6 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-pci.c | 30 ++ drivers/usb/host/xhci.h | 1 drivers/vhost/scsi.c | 7 fs/anon_inodes.c | 23 + fs/btrfs/free-space-tree.c | 16 - fs/btrfs/inode.c | 28 +- fs/erofs/data.c | 2 fs/erofs/zdata.c | 126 +++------ fs/proc/inode.c | 2 fs/proc/proc_sysctl.c | 18 - fs/smb/server/smb2pdu.c | 29 -- fs/smb/server/transport_rdma.c | 5 fs/smb/server/vfs.c | 1 include/drm/drm_file.h | 3 include/drm/spsc_queue.h | 4 include/linux/fs.h | 2 include/net/netfilter/nf_flow_table.h | 2 include/trace/events/erofs.h | 16 - kernel/events/core.c | 2 kernel/rseq.c | 60 +++- lib/maple_tree.c | 7 mm/kasan/report.c | 13 mm/secretmem.c | 11 net/appletalk/ddp.c | 1 net/atm/clip.c | 64 +++- net/bluetooth/hci_sync.c | 2 net/ipv6/addrconf.c | 9 net/netlink/af_netlink.c | 82 +++-- net/rxrpc/call_accept.c | 3 net/sched/sch_api.c | 23 + net/tipc/topsrv.c | 2 net/vmw_vsock/af_vsock.c | 57 +++- net/wireless/util.c | 52 +++ sound/pci/hda/patch_realtek.c | 1 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/fsl/fsl_asrc.c | 3 tools/include/linux/kallsyms.h | 4 86 files changed, 900 insertions(+), 588 deletions(-) Achill Gilgenast (1): kallsyms: fix build without execinfo Akira Inoue (1): HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Al Viro (2): fix proc_sys_compare() handling of in-lookup dentries ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Alexey Dobriyan (1): x86/boot: Compile boot code with -std=gnu11 too Alok Tiwari (1): net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Basavaraj Natikar (1): xhci: Allow RPM on the USB controller (1022:43f7) by default Chao Yu (1): erofs: fix to add missing tracepoint in erofs_read_folio() Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Christian König (1): drm/ttm: fix error handling in ttm_buffer_object_transfer Dan Carpenter (1): ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() David Howells (1): rxrpc: Fix oops due to non-existence of prealloc backlog struct David Woodhouse (1): KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. Dongli Zhang (1): vhost-scsi: protect vq->log_used with vq->mutex Eric Dumazet (1): netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Filipe Manana (2): btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: fix assertion when building free space tree Gao Xiang (3): erofs: allocate extra bvec pages directly instead of retrying erofs: avoid on-stack pagepool directly passed by arguments erofs: adapt folios for z_erofs_read_folio() Greg Kroah-Hartman (1): Linux 6.1.146 Guillaume Nault (1): gre: Fix IPv6 multicast route creation. Hans de Goede (1): Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Håkon Bugge (1): md/md-bitmap: fix GPF in bitmap_get_stats() JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jack Wang (1): x86: Fix X86_FEATURE_VERW_CLEAR definition Jakub Kicinski (1): netlink: make sure we allow at least one dump skb Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kuen-Han Tsai (2): usb: gadget: u_serial: Fix race condition in TTY wakeup usb: dwc3: Abort suspend on soft disconnect failure Kuniyuki Iwashima (6): netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lee Jones (1): usb: cdnsp: Replace snprintf() with the safer scnprintf() variant Liam R. Howlett (1): maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Luiz Augusto von Dentz (1): Bluetooth: hci_sync: Fix not disabling advertising instance Mathy Vanhoef (1): wifi: prevent A-MSDU attacks in mesh networks Matthew Brost (1): drm/sched: Increment job count before swapping tail spsc queue Michael Jeanson (1): rseq: Fix segfault on registration when rseq_cs is non-zero Michal Luczaj (3): vsock: Fix transport_{g2h,h2g} TOCTOU vsock: Fix transport_* TOCTOU vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Mikko Perttunen (1): drm/tegra: nvdec: Fix dma_alloc_coherent error check Mingming Cao (1): ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Namjae Jeon (1): ksmbd: fix potential use-after-free in oplock/lease break ack Nicolas Pitre (1): vt: add missing notification when switching back to text mode Nigel Croxon (1): raid10: cleanup memleak at raid10_make_request Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleksij Rempel (3): net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap net: phy: smsc: Fix link failure in forced mode with Auto-MDIX net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Pawel Laszczak (2): usb:cdnsp: remove TRB_FLUSH_ENDPOINT command usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Zijlstra (1): perf: Revert to requiring CAP_SYS_ADMIN for uprobes Rafael J. Wysocki (1): Revert "ACPI: battery: negate current when discharging" Raju Rangoju (1): usb: xhci: quirk for data loss in ISOC transfers Rong Zhang (1): platform/x86: ideapad-laptop: use usleep_range() for EC polling Sean Christopherson (1): KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shengjiu Wang (1): ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Shivank Garg (1): fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Shravya KN (1): bnxt_en: Fix DCB ETS validation Simona Vetter (1): drm/gem: Fix race in drm_gem_handle_create_tail() Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Stefan Metzmacher (1): smb: server: make use of rdma_destroy_qp() Thomas Fourier (1): atm: idt77252: Add missing `dma_map_error()` Tiwei Bie (1): um: vector: Reduce stack usage in vector_eth_configure() Uwe Kleine-König (1): pwm: mediatek: Ensure to disable clocks in error path Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Wei Yang (1): maple_tree: fix mt_destroy_walk() on root leaf node Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yasmin Fitzgerald (1): ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yazen Ghannam (2): x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails Yeoreum Yun (1): kasan: remove kasan_find_vm_area() to prevent possible deadlock Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Yue Hu (2): erofs: remove the member readahead from struct z_erofs_decompress_frontend erofs: clean up z_erofs_pcluster_readmore() Yuzuru10 (1): ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Zheng Qixing (1): nbd: fix uaf in nbd_genl_connect() error path

2 months

1
1
0 0

Linux 5.15.189

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.189 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/um/drivers/vector_kern.c | 42 - arch/x86/Kconfig | 2 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/xen/page.h | 3 arch/x86/kernel/cpu/mce/amd.c | 15 arch/x86/kernel/cpu/mce/core.c | 8 arch/x86/kernel/cpu/mce/intel.c | 1 drivers/acpi/battery.c | 19 drivers/atm/idt77252.c | 5 drivers/block/aoe/aoeblk.c | 5 drivers/block/nbd.c | 6 drivers/dma-buf/dma-resv.c | 171 ++++--- drivers/gpu/drm/drm_gem.c | 10 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/hid/hid-ids.h | 6 drivers/hid/hid-lenovo.c | 8 drivers/hid/hid-multitouch.c | 8 drivers/hid/hid-quirks.c | 3 drivers/infiniband/hw/mlx5/main.c | 33 + drivers/input/joystick/xpad.c | 2 drivers/input/keyboard/atkbd.c | 3 drivers/md/raid1.c | 1 drivers/md/raid10.c | 10 drivers/net/can/m_can/m_can.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/intel/ice/ice_main.c | 29 - drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/phy/microchip.c | 2 drivers/net/phy/smsc.c | 28 + drivers/net/usb/qmi_wwan.c | 1 drivers/net/virtio_net.c | 44 + drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pinctrl/qcom/pinctrl-msm.c | 20 drivers/pwm/pwm-mediatek.c | 15 drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 9 drivers/tty/hvc/hvc_xen.c | 2 drivers/tty/vt/vt.c | 1 drivers/usb/cdns3/cdnsp-debug.h | 358 +++++++--------- drivers/usb/cdns3/cdnsp-ep0.c | 18 drivers/usb/cdns3/cdnsp-gadget.c | 6 drivers/usb/cdns3/cdnsp-gadget.h | 11 drivers/usb/cdns3/cdnsp-ring.c | 27 - drivers/usb/dwc3/core.c | 9 drivers/usb/dwc3/gadget.c | 22 drivers/usb/gadget/function/u_serial.c | 6 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-pci.c | 30 + drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci.h | 1 drivers/vhost/scsi.c | 7 drivers/xen/grant-table.c | 6 drivers/xen/xenbus/xenbus_probe.c | 3 fs/btrfs/inode.c | 36 - fs/jfs/jfs_dtree.c | 2 fs/ksmbd/transport_rdma.c | 5 fs/ksmbd/vfs.c | 1 fs/proc/array.c | 6 fs/proc/inode.c | 2 fs/proc/proc_sysctl.c | 18 include/drm/drm_file.h | 3 include/drm/spsc_queue.h | 4 include/linux/dma-resv.h | 95 ++++ include/net/netfilter/nf_flow_table.h | 2 include/xen/arm/page.h | 3 kernel/bpf/verifier.c | 21 kernel/events/core.c | 2 kernel/rseq.c | 60 ++ net/appletalk/ddp.c | 1 net/atm/clip.c | 64 ++ net/core/skmsg.c | 12 net/ipv6/addrconf.c | 9 net/netlink/af_netlink.c | 82 ++- net/rxrpc/call_accept.c | 3 net/sched/sch_api.c | 23 - net/tipc/topsrv.c | 2 net/vmw_vsock/af_vsock.c | 57 ++ sound/soc/fsl/fsl_asrc.c | 3 79 files changed, 1015 insertions(+), 546 deletions(-) Akira Inoue (1): HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Al Viro (2): fix proc_sys_compare() handling of in-lookup dentries ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Alok Tiwari (1): net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Andrii Nakryiko (1): bpf: fix precision backtracking instruction iteration Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Basavaraj Natikar (1): xhci: Allow RPM on the USB controller (1022:43f7) by default Bui Quang Minh (1): virtio-net: ensure the received length does not exceed allocated size Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Christian König (3): dma-buf: add dma_resv_for_each_fence_unlocked v8 dma-buf: use new iterator in dma_resv_wait_timeout dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() David Howells (1): rxrpc: Fix oops due to non-existence of prealloc backlog struct Dongli Zhang (1): vhost-scsi: protect vq->log_used with vq->mutex Edward Adam Davis (1): jfs: fix null ptr deref in dtInsertEntry Eric Dumazet (1): netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Filipe Manana (2): btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir Greg Kroah-Hartman (1): Linux 5.15.189 Guillaume Nault (1): gre: Fix IPv6 multicast route creation. Hans de Goede (1): Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jack Wang (1): x86: Fix X86_FEATURE_VERW_CLEAR definition Jakub Kicinski (1): netlink: make sure we allow at least one dump skb Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Jesse Brandeburg (1): ice: safer stats processing John Fastabend (1): bpf, sockmap: Fix skb refcnt race after locking changes Juergen Gross (1): xen: replace xen_remap() with memremap() Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kuen-Han Tsai (2): usb: gadget: u_serial: Fix race condition in TTY wakeup usb: dwc3: Abort suspend on soft disconnect failure Kuniyuki Iwashima (6): netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lee Jones (1): usb: cdnsp: Replace snprintf() with the safer scnprintf() variant Lee, Chun-Yi (1): thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR Maksim Kiselev (1): aoe: avoid potential deadlock at set_capacity Matthew Brost (1): drm/sched: Increment job count before swapping tail spsc queue Michael Jeanson (1): rseq: Fix segfault on registration when rseq_cs is non-zero Michal Luczaj (3): vsock: Fix transport_{g2h,h2g} TOCTOU vsock: Fix transport_* TOCTOU vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Nicolas Pitre (1): vt: add missing notification when switching back to text mode Nigel Croxon (1): raid10: cleanup memleak at raid10_make_request Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleg Nesterov (1): fs/proc: do_task_stat: use __for_each_thread() Oleksij Rempel (3): net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap net: phy: smsc: Fix link failure in forced mode with Auto-MDIX net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Patrisious Haddad (1): RDMA/mlx5: Fix vport loopback for MPV device Pawel Laszczak (2): usb:cdnsp: remove TRB_FLUSH_ENDPOINT command usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Zijlstra (1): perf: Revert to requiring CAP_SYS_ADMIN for uprobes Rafael J. Wysocki (1): Revert "ACPI: battery: negate current when discharging" Raju Rangoju (1): usb: xhci: quirk for data loss in ISOC transfers Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shengjiu Wang (1): ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Shravya KN (1): bnxt_en: Fix DCB ETS validation Simona Vetter (1): drm/gem: Fix race in drm_gem_handle_create_tail() Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Stefan Metzmacher (1): smb: server: make use of rdma_destroy_qp() Thomas Fourier (1): atm: idt77252: Add missing `dma_map_error()` Tiwei Bie (1): um: vector: Reduce stack usage in vector_eth_configure() Uwe Kleine-König (1): pwm: mediatek: Ensure to disable clocks in error path Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yazen Ghannam (2): x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Zheng Qixing (1): nbd: fix uaf in nbd_genl_connect() error path

2 months

1
1
0 0

Linux 5.10.240

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.240 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 2 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 156 +++++ Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 28 Documentation/devicetree/bindings/serial/8250.yaml | 2 Makefile | 2 arch/arm64/mm/mmu.c | 3 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/s390/Makefile | 2 arch/s390/purgatory/Makefile | 2 arch/um/drivers/ubd_user.c | 2 arch/um/drivers/vector_kern.c | 42 - arch/um/include/asm/asm-prototypes.h | 5 arch/x86/Kconfig | 22 arch/x86/entry/entry.S | 8 arch/x86/include/asm/alternative.h | 26 arch/x86/include/asm/cpu.h | 13 arch/x86/include/asm/cpufeature.h | 5 arch/x86/include/asm/cpufeatures.h | 14 arch/x86/include/asm/disabled-features.h | 2 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/msr-index.h | 13 arch/x86/include/asm/mwait.h | 19 arch/x86/include/asm/nospec-branch.h | 50 + arch/x86/include/asm/required-features.h | 2 arch/x86/include/asm/text-patching.h | 31 + arch/x86/kernel/alternative.c | 308 +++++++++- arch/x86/kernel/cpu/amd.c | 58 + arch/x86/kernel/cpu/bugs.c | 272 ++++++++ arch/x86/kernel/cpu/common.c | 77 ++ arch/x86/kernel/cpu/mce/amd.c | 15 arch/x86/kernel/cpu/mce/core.c | 8 arch/x86/kernel/cpu/mce/intel.c | 1 arch/x86/kernel/cpu/scattered.c | 1 arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/kprobes/core.c | 39 - arch/x86/kernel/module.c | 14 arch/x86/kernel/process.c | 15 arch/x86/kernel/static_call.c | 2 arch/x86/kernel/vmlinux.lds.S | 8 arch/x86/kvm/cpuid.c | 31 - arch/x86/kvm/cpuid.h | 1 arch/x86/kvm/svm/vmenter.S | 3 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/net/bpf_jit_comp.c | 8 arch/x86/um/asm/checksum.h | 3 drivers/acpi/acpi_pad.c | 7 drivers/acpi/acpica/dsmethod.c | 7 drivers/acpi/battery.c | 19 drivers/ata/pata_cs5536.c | 2 drivers/atm/idt77252.c | 5 drivers/base/cpu.c | 15 drivers/dma-buf/dma-resv.c | 2 drivers/dma/xilinx/xilinx_dma.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 drivers/gpu/drm/bridge/cdns-dsi.c | 27 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/tegra/dc.c | 17 drivers/gpu/drm/tegra/hub.c | 4 drivers/gpu/drm/tegra/hub.h | 3 drivers/gpu/drm/udl/udl_drv.c | 2 drivers/gpu/drm/v3d/v3d_drv.h | 7 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 38 - drivers/hid/hid-ids.h | 5 drivers/hid/hid-quirks.c | 3 drivers/hid/wacom_sys.c | 6 drivers/hv/channel_mgmt.c | 117 ++- drivers/hv/hyperv_vmbus.h | 19 drivers/hv/vmbus_drv.c | 2 drivers/hwmon/pmbus/max34440.c | 48 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 drivers/i2c/busses/i2c-tiny-usb.c | 6 drivers/iio/pressure/zpa2326.c | 2 drivers/infiniband/core/iwcm.c | 38 - drivers/infiniband/core/iwcm.h | 2 drivers/infiniband/hw/mlx5/counters.c | 2 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/infiniband/hw/mlx5/main.c | 33 + drivers/input/joystick/xpad.c | 5 drivers/input/keyboard/atkbd.c | 3 drivers/leds/led-class-multicolor.c | 3 drivers/mailbox/mailbox.c | 2 drivers/md/bcache/super.c | 7 drivers/md/dm-raid.c | 2 drivers/md/md-bitmap.c | 2 drivers/md/raid1.c | 1 drivers/media/platform/omap3isp/ispccdc.c | 8 drivers/media/platform/omap3isp/ispstat.c | 6 drivers/media/usb/uvc/uvc_ctrl.c | 61 + drivers/mfd/max14577.c | 1 drivers/misc/vmw_vmci/vmci_host.c | 9 drivers/mmc/host/mtk-sd.c | 39 - drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 drivers/net/can/m_can/m_can.c | 2 drivers/net/can/m_can/tcan4x5x.c | 9 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 78 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 141 +++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 20 drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 drivers/net/ethernet/sun/niu.c | 31 - drivers/net/ethernet/sun/niu.h | 4 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/phy/microchip.c | 2 drivers/net/phy/smsc.c | 28 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 drivers/pci/controller/pci-hyperv.c | 17 drivers/pinctrl/qcom/pinctrl-msm.c | 20 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/pwm/pwm-mediatek.c | 15 drivers/regulator/gpio-regulator.c | 4 drivers/rtc/lib_test.c | 2 drivers/rtc/rtc-cmos.c | 10 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/ufs/ufs-sysfs.c | 4 drivers/spi/spi-fsl-dspi.c | 11 drivers/staging/rtl8723bs/core/rtw_security.c | 46 - drivers/target/target_core_pr.c | 4 drivers/tty/vt/vt.c | 1 drivers/uio/uio_hv_generic.c | 18 drivers/usb/class/cdc-wdm.c | 23 drivers/usb/common/usb-conn-gpio.c | 25 drivers/usb/core/quirks.c | 3 drivers/usb/core/usb.c | 14 drivers/usb/gadget/function/f_tcm.c | 4 drivers/usb/gadget/function/u_serial.c | 6 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/typec/altmodes/displayport.c | 5 drivers/usb/typec/tcpm/tcpci_maxim.c | 20 drivers/vhost/scsi.c | 7 fs/btrfs/inode.c | 36 - fs/btrfs/tree-log.c | 4 fs/btrfs/volumes.c | 6 fs/ceph/file.c | 2 fs/cifs/misc.c | 8 fs/f2fs/super.c | 30 fs/jfs/jfs_dmap.c | 41 - fs/namespace.c | 8 fs/nfs/flexfilelayout/flexfilelayout.c | 121 ++- fs/nfs/inode.c | 17 fs/nfs/nfs4proc.c | 12 fs/nfs/pnfs.c | 4 fs/overlayfs/util.c | 4 fs/proc/array.c | 6 fs/proc/inode.c | 2 fs/proc/proc_sysctl.c | 18 include/drm/spsc_queue.h | 4 include/linux/cpu.h | 3 include/linux/hyperv.h | 2 include/linux/ipv6.h | 1 include/linux/module.h | 5 include/linux/usb/typec_dp.h | 1 include/uapi/linux/vm_sockets.h | 30 kernel/events/core.c | 2 kernel/rcu/tree.c | 4 kernel/rseq.c | 60 + lib/test_objagg.c | 4 net/appletalk/ddp.c | 1 net/atm/clip.c | 75 +- net/atm/resources.c | 3 net/bluetooth/l2cap_core.c | 9 net/ipv6/ip6_output.c | 9 net/mac80211/rx.c | 4 net/mac80211/util.c | 2 net/netlink/af_netlink.c | 82 +- net/rose/rose_route.c | 15 net/rxrpc/call_accept.c | 3 net/sched/sch_api.c | 42 - net/sched/sch_sfq.c | 10 net/tipc/topsrv.c | 2 net/vmw_vsock/af_vsock.c | 78 ++ net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 4 sound/pci/hda/hda_bind.c | 2 sound/pci/hda/hda_intel.c | 3 sound/soc/fsl/fsl_asrc.c | 3 sound/usb/stream.c | 2 tools/lib/bpf/btf_dump.c | 3 202 files changed, 2709 insertions(+), 793 deletions(-) Al Viro (2): attach_recursive_mnt(): do not lock the covering tree when sliding something under it fix proc_sys_compare() handling of in-lookup dentries Alexandre Belloni (1): rtc: lib_test: add MODULE_LICENSE Alexandru Ardelean (1): uio: uio_hv_generic: use devm_kzalloc() for private data alloc Alexis Czezar Torreno (1): hwmon: (pmbus/max34440) Fix support for max34451 Alok Tiwari (2): enic: fix incorrect MTU comparison in enic_change_mtu() net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Andra Paraschiv (4): vm_sockets: Add flags field in the vsock address data structure vm_sockets: Add VMADDR_FLAG_TO_HOST vsock flag af_vsock: Set VMADDR_FLAG_TO_HOST flag on the receive path af_vsock: Assign the vsock transport considering the vsock address flags Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Andy Shevchenko (1): usb: Add checks for snprintf() calls in usb_alloc_dev() Aradhya Bhatia (4): drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() drm/bridge: cdns-dsi: Fix connecting to next bridge drm/bridge: cdns-dsi: Check return value when getting default PHY config drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Badhri Jagan Sridharan (1): usb: typec: tcpci_maxim: Fix uninitialized return variable Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (5): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: x86: add support for CPUID leaf 0x80000021 KVM: SVM: Advertise TSA CPUID bits to guests x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Brett A C Sheffield (Librecast) (1): Revert "ipv6: save dontfrag in cork" Brett Werling (1): can: tcan4x5x: fix power regulator retrieval during probe Cezary Rojewski (1): ALSA: hda: Ignore unsol events for cards being shut down Chance Yang (1): usb: common: usb-conn-gpio: use a unique name for usb connector device Chao Yu (1): f2fs: don't over-report free space or inodes in statvfs Chen Yufeng (1): usb: potential integer overflow in usbg_make_tpg() Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() Daniel Sneddon (1): x86/bhi: Define SPEC_CTRL_BHI_DIS_S Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Dave Kleikamp (1): fs/jfs: consolidate sanity checking in dbMount David Howells (1): rxrpc: Fix oops due to non-existence of prealloc backlog struct David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dexuan Cui (1): PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Dmitry Kandybka (1): ceph: fix possible integer overflow in ceph_zero_objects() Dongli Zhang (1): vhost-scsi: protect vq->log_used with vq->mutex Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Eric Dumazet (2): net_sched: sch_sfq: reject invalid perturb period atm: clip: prevent NULL deref in clip_push() Filipe Manana (3): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir Frédéric Danis (1): Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak George Kennedy (1): VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF Greg Kroah-Hartman (1): Linux 5.10.240 Gustavo A. R. Silva (1): net: rose: Fix fall-through warnings for Clang Haiyang Zhang (1): Drivers: hv: vmbus: Fix duplicate CPU assignments within a device Hans de Goede (1): Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heinz Mauelshagen (1): dm-raid: fix variable in journal device check Ioana Ciornei (2): dpaa2-eth: rename dpaa2_eth_xdp_release_buf into dpaa2_eth_recycle_buf net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jakub Kicinski (1): netlink: make sure we allow at least one dump skb James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jay Cornwall (1): drm/amdkfd: Fix race in GWS queue scheduling Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Jonathan Cameron (1): iio: pressure: zpa2326: Use aligned_s64 for the timestamp Jos Wang (1): usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Junlin Yang (2): usb: typec: tcpci_maxim: remove redundant assignment usb: typec: tcpci_maxim: add terminating newlines to logging Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kees Cook (1): ovl: Check for NULL d_inode() in ovl_dentry_upper() Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (1): mfd: max14577: Fix wakeup source leaks on device unbind Kuen-Han Tsai (1): usb: gadget: u_serial: Fix race condition in TTY wakeup Kuniyuki Iwashima (8): atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lachlan Hodges (1): wifi: mac80211: fix beacon interval calculation overflow Linggang Zeng (1): bcache: fix NULL pointer in cache_set_flush() Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Long Li (1): uio_hv_generic: Align ring size to system page Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (2): media: omap3isp: use sgtable-based scatterlist wrappers drm/exynos: fimd: Guard display clock control with runtime PM calls Mark Harmstone (1): btrfs: update superblock's device bytes_used when dropping chunk Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Matt Reynolds (1): Input: xpad - add support for Amazon Game Controller Matthew Brost (1): drm/sched: Increment job count before swapping tail spsc queue Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael Jeanson (1): rseq: Fix segfault on registration when rseq_cs is non-zero Michal Luczaj (3): vsock: Fix transport_{g2h,h2g} TOCTOU vsock: Fix transport_* TOCTOU vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Nathan Chancellor (2): s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Nicolas Pitre (1): vt: add missing notification when switching back to text mode Niklas Cassel (1): PCI: cadence-ep: Correct PBA offset in .set_msix() callback Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleg Nesterov (1): fs/proc: do_task_stat: use __for_each_thread() Oleksij Rempel (3): net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap net: phy: smsc: Fix link failure in forced mode with Auto-MDIX net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Olga Kornievskaia (1): NFSv4.2: fix listxattr to return selinux security label Oliver Neukum (1): Logitech C-270 even more broken Pali Rohár (1): cifs: Fix cifs_query_path_info() for Windows NT servers Patrisious Haddad (2): RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Pawan Gupta (7): Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Fix undefined reference to cpu_wants_rethunk_at() x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs Peng Fan (1): mailbox: Not protect module_put with spin_lock_irqsave Peter Zijlstra (5): perf: Revert to requiring CAP_SYS_ADMIN for uprobes x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Qasim Ijaz (3): HID: wacom: fix memory leak on kobject creation failure HID: wacom: fix memory leak on sysfs attribute creation failure HID: wacom: fix kobject reference count leak Qiu-ji Chen (1): drm/tegra: Fix a possible null pointer dereference RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Radu Bulie (2): dpaa2-eth: Update dpni_get_single_step_cfg command dpaa2-eth: Update SINGLE_STEP register access Rafael J. Wysocki (2): ACPICA: Refuse to evaluate a method if arguments are missing Revert "ACPI: battery: negate current when discharging" Raju Rangoju (1): amd-xgbe: align CL37 AN sequence as per databook Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Rollback non processed entities on error Robert Hodaszi (1): usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Sami Tolvanen (1): um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Saurabh Sengar (2): Drivers: hv: vmbus: Add utility function for querying ring size uio_hv_generic: Query the ringbuffer size for device Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Seiji Nishikawa (1): ACPI: PAD: fix crash in exit_round_robin() Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shengjiu Wang (1): ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Shin'ichiro Kawasaki (1): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Shravya KN (1): bnxt_en: Fix DCB ETS validation Simon Horman (1): net: enetc: Correct endianness handling in _enetc_rd_reg64 Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Stefano Garzarella (1): vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Sven Schwermer (1): leds: multicolor: Fix intensity setting while SW blinking Takashi Iwai (1): ALSA: sb: Force to disable DMAs once when DMA mode is changed Thierry Reding (1): drm/tegra: Assign plane type before registration Thomas Fourier (5): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() nui: Fix dma_mapping_error() check ethernet: atl1: Add missing DMA mapping error checks and count errors atm: idt77252: Add missing `dma_map_error()` Thomas Gessler (1): dmaengine: xilinx_dma: Set dma_device directions Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Thomas Zimmermann (1): drm/udl: Unregister device before cleaning up on disconnect Tigran Mkrtchyan (1): flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Tiwei Bie (2): um: ubd: Add missing error check in start_io_thread() um: vector: Reduce stack usage in vector_eth_configure() Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Uwe Kleine-König (1): pwm: mediatek: Ensure to disable clocks in error path Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Vicki Pfau (1): Input: xpad - add VID for Turtle Beach controllers Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vijendar Mukunda (1): ALSA: hda: Add new pci id for AMD GPU display HD audio controller Vitaly Kuznetsov (1): Drivers: hv: Rename 'alloced' to 'allocated' Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Weihang Li (1): RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Wolfram Sang (2): i2c: tiny-usb: disable zero-length read messages i2c: robotfuzz-osif: disable zero-length read messages Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yao Zi (1): dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Yazen Ghannam (2): x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails Youngjun Lee (1): ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Yu Kuai (1): md/md-bitmap: fix dm-raid max_write_behind setting Yuan Chen (1): libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Yue Hu (1): mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

2 months

1
1
0 0

Linux 5.4.296

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.296 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-driver-ufs | 2 Makefile | 2 arch/arm64/mm/mmu.c | 3 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/s390/Makefile | 2 arch/s390/purgatory/Makefile | 2 arch/um/drivers/ubd_user.c | 2 arch/x86/Kconfig | 2 arch/x86/kernel/cpu/mce/amd.c | 15 - arch/x86/kernel/cpu/mce/core.c | 8 arch/x86/kernel/cpu/mce/intel.c | 1 drivers/acpi/acpi_pad.c | 7 drivers/acpi/acpica/dsmethod.c | 7 drivers/acpi/battery.c | 19 - drivers/ata/pata_cs5536.c | 2 drivers/atm/idt77252.c | 5 drivers/dma-buf/dma-resv.c | 5 drivers/dma/xilinx/xilinx_dma.c | 2 drivers/gpu/drm/bridge/cdns-dsi.c | 11 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_ringbuffer.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 - drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/tegra/dc.c | 12 drivers/gpu/drm/tegra/hub.c | 4 drivers/gpu/drm/tegra/hub.h | 3 drivers/gpu/drm/v3d/v3d_drv.h | 9 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 36 +- drivers/hid/hid-ids.h | 5 drivers/hid/hid-quirks.c | 3 drivers/hid/wacom_sys.c | 6 drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 drivers/i2c/busses/i2c-tiny-usb.c | 6 drivers/iio/pressure/zpa2326.c | 2 drivers/infiniband/core/device.c | 1 drivers/infiniband/core/iwcm.c | 38 +- drivers/infiniband/core/iwcm.h | 2 drivers/infiniband/core/uverbs_std_types_counters.c | 17 - drivers/infiniband/hw/mlx5/devx.c | 2 drivers/infiniband/hw/mlx5/main.c | 55 ++- drivers/input/joystick/xpad.c | 5 drivers/input/keyboard/atkbd.c | 3 drivers/mailbox/mailbox.c | 2 drivers/md/dm-raid.c | 2 drivers/md/md-bitmap.c | 2 drivers/md/raid1.c | 1 drivers/media/platform/omap3isp/ispccdc.c | 8 drivers/media/platform/omap3isp/ispstat.c | 6 drivers/media/platform/vivid/vivid-vid-cap.c | 2 drivers/media/usb/dvb-usb/cxusb.c | 36 +- drivers/media/usb/uvc/uvc_ctrl.c | 61 +++- drivers/mfd/max14577.c | 1 drivers/misc/vmw_vmci/vmci_host.c | 9 drivers/mmc/host/mtk-sd.c | 39 +- drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 + drivers/net/can/m_can/m_can.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 78 +++-- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 drivers/net/ethernet/sun/niu.c | 31 ++ drivers/net/ethernet/sun/niu.h | 4 drivers/net/phy/microchip.c | 2 drivers/net/usb/qmi_wwan.c | 1 drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 drivers/pinctrl/qcom/pinctrl-msm.c | 20 + drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/pwm/pwm-mediatek.c | 15 - drivers/regulator/gpio-regulator.c | 19 + drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/ufs/ufs-sysfs.c | 4 drivers/spi/spi-fsl-dspi.c | 55 ++- drivers/staging/rtl8723bs/core/rtw_security.c | 46 --- drivers/tty/serial/uartlite.c | 15 - drivers/tty/vt/vt.c | 1 drivers/usb/class/cdc-wdm.c | 23 - drivers/usb/core/quirks.c | 3 drivers/usb/core/usb.c | 14 drivers/usb/gadget/function/f_tcm.c | 4 drivers/usb/gadget/function/u_serial.c | 6 drivers/usb/typec/altmodes/displayport.c | 5 fs/btrfs/inode.c | 36 +- fs/btrfs/ioctl.c | 3 fs/btrfs/tree-log.c | 4 fs/ceph/file.c | 2 fs/cifs/misc.c | 8 fs/jfs/jfs_dmap.c | 41 -- fs/namespace.c | 8 fs/nfs/flexfilelayout/flexfilelayout.c | 144 +++++++-- fs/nfs/inode.c | 17 - fs/overlayfs/util.c | 4 fs/proc/inode.c | 16 - fs/proc/proc_sysctl.c | 18 - include/drm/spsc_queue.h | 4 include/linux/of.h | 291 +++++++++----------- include/linux/regulator/gpio-regulator.h | 2 include/linux/usb/typec_dp.h | 1 include/rdma/ib_verbs.h | 7 include/uapi/linux/vm_sockets.h | 4 init/Kconfig | 4 lib/test_objagg.c | 4 net/appletalk/ddp.c | 1 net/atm/clip.c | 64 +++- net/atm/resources.c | 3 net/bluetooth/l2cap_core.c | 9 net/bpfilter/Makefile | 5 net/ipv6/route.c | 3 net/mac80211/rx.c | 4 net/mac80211/util.c | 2 net/netlink/af_netlink.c | 82 +++-- net/rose/rose_route.c | 15 - net/rxrpc/call_accept.c | 3 net/sched/sch_api.c | 42 +- net/tipc/topsrv.c | 2 net/vmw_vsock/vmci_transport.c | 4 scripts/Kbuild.include | 2 scripts/Makefile.host | 4 scripts/Makefile.lib | 8 sound/isa/sb/sb16_main.c | 4 sound/pci/hda/hda_bind.c | 2 sound/soc/meson/meson-card-utils.c | 2 sound/usb/stream.c | 2 usr/include/Makefile | 6 132 files changed, 1178 insertions(+), 680 deletions(-) Al Viro (2): attach_recursive_mnt(): do not lock the covering tree when sliding something under it fix proc_sys_compare() handling of in-lookup dentries Alok Tiwari (1): enic: fix incorrect MTU comparison in enic_change_mtu() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Andy Shevchenko (1): usb: Add checks for snprintf() calls in usb_alloc_dev() Aradhya Bhatia (3): drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() drm/bridge: cdns-dsi: Fix connecting to next bridge drm/bridge: cdns-dsi: Check return value when getting default PHY config Arnd Bergmann (1): kbuild: hdrcheck: fix cross build with clang Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Bartosz Golaszewski (1): pinctrl: qcom: msm: mark certain pins as invalid for interrupts Cezary Rojewski (1): ALSA: hda: Ignore unsol events for cards being shut down Chen Yufeng (1): usb: potential integer overflow in usbg_make_tpg() Chia-Lin Kao (AceLan) (1): HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Dan Carpenter (2): lib: test_objagg: Set error message in check_expect_hints_stats() drm/i915/selftests: Change mock_request() to return error pointers Daniil Dulov (1): wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Dave Kleikamp (1): fs/jfs: consolidate sanity checking in dbMount David Howells (1): rxrpc: Fix oops due to non-existence of prealloc backlog struct David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Denis Arefev (1): media: vivid: Change the siize of the composing Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dmitry Kandybka (1): ceph: fix possible integer overflow in ceph_zero_objects() Edward Adam Davis (1): media: cxusb: no longer judge rbuf when the write fails Eric W. Biederman (1): proc: Clear the pieces of proc_inode that proc_evict_inode cares about Filipe Manana (3): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir Frédéric Danis (1): Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Georg Kohmann (1): net: ipv6: Discard next-hop MTU less than minimum link MTU George Kennedy (1): VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF Greg Kroah-Hartman (1): Linux 5.4.296 Gustavo A. R. Silva (1): net: rose: Fix fall-through warnings for Clang Hans de Goede (1): Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heinz Mauelshagen (1): dm-raid: fix variable in journal device check JP Kobryn (1): x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Jakub Kicinski (1): netlink: make sure we allow at least one dump skb Jakub Lewalski (1): tty: serial: uartlite: register uart driver in init James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Jann Horn (1): x86/mm: Disable hugetlb page table sharing on 32-bit Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jerome Neanne (1): regulator: gpio: Add input_supply support in gpio_regulator_config Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Jonathan Cameron (1): iio: pressure: zpa2326: Use aligned_s64 for the timestamp Jos Wang (1): usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Kees Cook (1): ovl: Check for NULL d_inode() in ovl_dentry_upper() Kito Xu (1): net: appletalk: Fix device refcount leak in atrtr_create() Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (1): mfd: max14577: Fix wakeup source leaks on device unbind Kuen-Han Tsai (1): usb: gadget: u_serial: Fix race condition in TTY wakeup Kuniyuki Iwashima (8): atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. netlink: Fix wraparounds of sk->sk_rmem_alloc. tipc: Fix use-after-free in tipc_conn_close(). atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atm: clip: Fix memory leak of struct clip_vcc. atm: clip: Fix infinite recursive call of clip_push(). netlink: Fix rmem check in netlink_broadcast_deliver(). Lachlan Hodges (1): wifi: mac80211: fix beacon interval calculation overflow Leon Romanovsky (1): RDMA/core: Create and destroy counters in the ib_core Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (2): media: omap3isp: use sgtable-based scatterlist wrappers drm/exynos: fimd: Guard display clock control with runtime PM calls Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Martin Blumenstingl (1): ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Masahiro Yamada (3): kbuild: use -MMD instead of -MD to exclude system headers from dependency bpfilter: match bit size of bpfilter_umh to that of the kernel kbuild: add --target to correctly cross-compile UAPI headers with Clang Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Matt Reynolds (1): Input: xpad - add support for Amazon Game Controller Matthew Brost (1): drm/sched: Increment job count before swapping tail spsc queue Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael Walle (1): of: property: define of_property_read_u{8,16,32,64}_array() unconditionally Nathan Chancellor (2): s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Nicolas Pitre (1): vt: add missing notification when switching back to text mode Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleksij Rempel (1): net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Oliver Neukum (1): Logitech C-270 even more broken Omar Sandoval (1): btrfs: don't abort filesystem when attempting to snapshot deleted subvolume Pali Rohár (1): cifs: Fix cifs_query_path_info() for Windows NT servers Patrisious Haddad (2): RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Peng Fan (1): mailbox: Not protect module_put with spin_lock_irqsave Qasim Ijaz (3): HID: wacom: fix memory leak on kobject creation failure HID: wacom: fix memory leak on sysfs attribute creation failure HID: wacom: fix kobject reference count leak RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (2): ACPICA: Refuse to evaluate a method if arguments are missing Revert "ACPI: battery: negate current when discharging" Raju Rangoju (1): amd-xgbe: align CL37 AN sequence as per databook Ricardo Ribalda (3): media: uvcvideo: Return the number of processed controls media: uvcvideo: Send control events for partial succeeds media: uvcvideo: Rollback non processed entities on error Rob Herring (1): of: Add of_property_present() helper Robert Hodaszi (1): usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Sean Nyekjaer (1): can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Sean Young (1): media: cxusb: use dev_dbg() rather than hand-rolled debug Seiji Nishikawa (1): ACPI: PAD: fix crash in exit_round_robin() Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shin'ichiro Kawasaki (1): RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Shravya KN (1): bnxt_en: Fix DCB ETS validation Simon Horman (1): net: enetc: Correct endianness handling in _enetc_rd_reg64 Somnath Kotur (1): bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Stefano Garzarella (1): vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Takashi Iwai (1): ALSA: sb: Force to disable DMAs once when DMA mode is changed Thierry Reding (1): drm/tegra: Assign plane type before registration Thomas Fourier (4): scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() nui: Fix dma_mapping_error() check ethernet: atl1: Add missing DMA mapping error checks and count errors atm: idt77252: Add missing `dma_map_error()` Thomas Gessler (1): dmaengine: xilinx_dma: Set dma_device directions Tigran Mkrtchyan (1): flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Tiwei Bie (1): um: ubd: Add missing error check in start_io_thread() Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Uwe Kleine-König (1): pwm: mediatek: Ensure to disable clocks in error path Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Vicki Pfau (1): Input: xpad - add VID for Turtle Beach controllers Victor Nogueira (1): net/sched: Abort __tc_modify_qdisc if parent class does not exist Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vladimir Oltean (2): spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path Wang Jinchao (1): md/raid1: Fix stack memory use after return in raid1_reshape Weihang Li (1): RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Wolfram Sang (2): i2c: tiny-usb: disable zero-length read messages i2c: robotfuzz-osif: disable zero-length read messages Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xiaowei Li (1): net: usb: qmi_wwan: add SIMCom 8230C composition Yazen Ghannam (2): x86/mce/amd: Fix threshold limit reset x86/mce: Don't remove sysfs if thresholding sysfs init fails Youngjun Lee (1): ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Yu Kuai (1): md/md-bitmap: fix dm-raid max_write_behind setting Yue Haibing (1): atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Yue Hu (1): mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() Zhang Heng (1): HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY

2 months

1
1
0 0

[PATCH vulns] CVE-2022-49501: Fix affected versions

by He Zhe

As mentioned in the commit log of the fix, it is commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()") that causes this CVE. Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- cve/published/2022/CVE-2022-49501.vulnerable | 1 + 1 file changed, 1 insertion(+) create mode 100644 cve/published/2022/CVE-2022-49501.vulnerable diff --git a/cve/published/2022/CVE-2022-49501.vulnerable b/cve/published/2022/CVE-2022-49501.vulnerable new file mode 100644 index 000000000..138b53caf --- /dev/null +++ b/cve/published/2022/CVE-2022-49501.vulnerable @@ -0,0 +1 @@ +2c9d6c2b871d5841ce26ede3e81fd37e2e33c42c -- 2.34.1

2 months

2
1
0 0

[PATCH v2] iommu/amd: Fix geometry.aperture_end for V2 tables

by Jason Gunthorpe

The AMD IOMMU documentation seems pretty clear that the V2 table follows the normal CPU expectation of sign extension. This is shown in Figure 25: AMD64 Long Mode 4-Kbyte Page Address Translation Where bits Sign-Extend [63:57] == [56]. This is typical for x86 which would have three regions in the page table: lower, non-canonical, upper. The manual describes that the V1 table does not sign extend in section 2.2.4 Sharing AMD64 Processor and IOMMU Page Tables GPA-to-SPA Further, Vasant has checked this and indicates the HW has an addtional behavior that the manual does not yet describe. The AMDv2 table does not have the sign extended behavior when attached to PASID 0, which may explain why this has gone unnoticed. The iommu domain geometry does not directly support sign extended page tables. The driver should report only one of the lower/upper spaces. Solve this by removing the top VA bit from the geometry to use only the lower space. This will also make the iommu_domain work consistently on all PASID 0 and PASID != 1. Adjust dma_max_address() to remove the top VA bit. It now returns: 5 Level: Before 0x1ffffffffffffff After 0x0ffffffffffffff 4 Level: Before 0xffffffffffff After 0x7fffffffffff Fixes: 11c439a19466 ("iommu/amd/pgtbl_v2: Fix domain max address") Link: https://lore.kernel.org/all/8858d4d6-d360-4ef0-935c-bfd13ea54f42@amd.com/ Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> --- drivers/iommu/amd/iommu.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) v2: - Revise the commit message and comment with the new information from Vasant. v1: https://patch.msgid.link/r/0-v1-6925ece6b623+296-amdv2_geo_jgg@nvidia.com diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index 3117d99cf83d0d..1baa9d3583f369 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -2526,8 +2526,21 @@ static inline u64 dma_max_address(enum protection_domain_mode pgtable) if (pgtable == PD_MODE_V1) return ~0ULL; - /* V2 with 4/5 level page table */ - return ((1ULL << PM_LEVEL_SHIFT(amd_iommu_gpt_level)) - 1); + /* + * V2 with 4/5 level page table. Note that "2.2.6.5 AMD64 4-Kbyte Page + * Translation" shows that the V2 table sign extends the top of the + * address space creating a reserved region in the middle of the + * translation, just like the CPU does. Further Vasant says the docs are + * incomplete and this only applies to non-zero PASIDs. If the AMDv2 + * page table is assigned to the 0 PASID then there is no sign extension + * check. + * + * Since the IOMMU must have a fixed geometry, and the core code does + * not understand sign extended addressing, we have to chop off the high + * bit to get consistent behavior with attachments of the domain to any + * PASID. + */ + return ((1ULL << (PM_LEVEL_SHIFT(amd_iommu_gpt_level) - 1)) - 1); } static bool amd_iommu_hd_support(struct amd_iommu *iommu) base-commit: eb328711b15b17987021dbb674f446b7b008dca5 -- 2.43.0

2 months

4
8
0 0

Backport 36569780b0d6 ("sched: Change nr_uninterruptible type to unsigned long") to linux-stable

by Aruna Ramakrishna

Hi maintainers, Please consider backporting this upstream commit: 36569780b0d6 ("sched: Change nr_uninterruptible type to unsigned long”) into all stable branches newer than (and including) linux-5.14.y. This fixes an overflow bug introduced in commit: e6fe3f422be1 ("sched: Make multiple runqueue task counters 32-bit”) which was merged into 5.14. I forgot to tag the original patch for inclusion into stable - I apologize for the oversight. The patch should apply cleanly to all versions - let me know if you’d like me to send a separate patch for stable. Thanks very much, Aruna

2 months

1
0
0 0

[PATCH net] phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()

by Nathan Chancellor

A new warning in clang [1] points out a place in pep_sock_accept() where dst is uninitialized then passed as a const pointer to pep_find_pipe(): net/phonet/pep.c:829:37: error: variable 'dst' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 829 | newsk = pep_find_pipe(&pn->hlist, &dst, pipe_handle); | ^~~: Move the call to pn_skb_get_dst_sockaddr(), which initializes dst, to before the call to pep_find_pipe(), so that dst is consistently used initialized throughout the function. Cc: stable(a)vger.kernel.org Fixes: f7ae8d59f661 ("Phonet: allocate sock from accept syscall rather than soft IRQ") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Closes: https://github.com/ClangBuiltLinux/linux/issues/2101 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- net/phonet/pep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/phonet/pep.c b/net/phonet/pep.c index 53a858478e22..62527e1ebb88 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c @@ -826,6 +826,7 @@ static struct sock *pep_sock_accept(struct sock *sk, } /* Check for duplicate pipe handle */ + pn_skb_get_dst_sockaddr(skb, &dst); newsk = pep_find_pipe(&pn->hlist, &dst, pipe_handle); if (unlikely(newsk)) { __sock_put(newsk); @@ -850,7 +851,6 @@ static struct sock *pep_sock_accept(struct sock *sk, newsk->sk_destruct = pipe_destruct; newpn = pep_sk(newsk); - pn_skb_get_dst_sockaddr(skb, &dst); pn_skb_get_src_sockaddr(skb, &src); newpn->pn_sk.sobject = pn_sockaddr_get_object(&dst); newpn->pn_sk.dobject = pn_sockaddr_get_object(&src); --- base-commit: 0e9418961f897be59b1fab6e31ae1b09a0bae902 change-id: 20250715-net-phonet-fix-uninit-const-pointer-64f0182b11e1 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months

2
1
0 0

[PATCH v9 1/4] serial: 8250: fix panic due to PSLVERR

by Yunhui Cui

When the PSLVERR_RESP_EN parameter is set to 1, the device generates an error response if an attempt is made to read an empty RBR (Receive Buffer Register) while the FIFO is enabled. In serial8250_do_startup(), calling serial_port_out(port, UART_LCR, UART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes dw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter function enables the FIFO via serial_out(p, UART_FCR, p->fcr). Execution proceeds to the serial_port_in(port, UART_RX). This satisfies the PSLVERR trigger condition. When another CPU (e.g., using printk()) is accessing the UART (UART is busy), the current CPU fails the check (value & ~UART_LCR_SPAR) == (lcr & ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter dw8250_force_idle(). Put serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port->lock to fix this issue. Panic backtrace: [ 0.442336] Oops - unknown exception [#1] [ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a [ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e ... [ 0.442416] console_on_rootfs+0x26/0x70 Fixes: c49436b657d0 ("serial: 8250_dw: Improve unwritable LCR workaround") Link: https://lore.kernel.org/all/84cydt5peu.fsf@jogness.linutronix.de/T/ Signed-off-by: Yunhui Cui <cuiyunhui(a)bytedance.com> Cc: stable(a)vger.kernel.org --- drivers/tty/serial/8250/8250_port.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c index 6d7b8c4667c9c..07fe818dffa34 100644 --- a/drivers/tty/serial/8250/8250_port.c +++ b/drivers/tty/serial/8250/8250_port.c @@ -2376,9 +2376,10 @@ int serial8250_do_startup(struct uart_port *port) /* * Now, initialize the UART */ - serial_port_out(port, UART_LCR, UART_LCR_WLEN8); uart_port_lock_irqsave(port, &flags); + serial_port_out(port, UART_LCR, UART_LCR_WLEN8); + if (up->port.flags & UPF_FOURPORT) { if (!up->port.irq) up->port.mctrl |= TIOCM_OUT1; -- 2.39.5

2 months

4
3
0 0

[PATCH v2 1/3] bus: mhi: host: keep bhi buffer through suspend cycle

by Muhammad Usama Anjum

When there is memory pressure, at resume time dma_alloc_coherent() returns error which in turn fails the loading of firmware and hence the driver crashes: kernel: kworker/u33:5: page allocation failure: order:7, mode:0xc04(GFP_NOIO|GFP_DMA32), nodemask=(null),cpuset=/,mems_allowed=0 kernel: CPU: 1 UID: 0 PID: 7693 Comm: kworker/u33:5 Not tainted 6.11.11-valve17-1-neptune-611-g027868a0ac03 #1 3843143b92e9da0fa2d3d5f21f51beaed15c7d59 kernel: Hardware name: Valve Galileo/Galileo, BIOS F7G0112 08/01/2024 kernel: Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi] kernel: Call Trace: kernel: <TASK> kernel: dump_stack_lvl+0x4e/0x70 kernel: warn_alloc+0x164/0x190 kernel: ? srso_return_thunk+0x5/0x5f kernel: ? __alloc_pages_direct_compact+0xaf/0x360 kernel: __alloc_pages_slowpath.constprop.0+0xc75/0xd70 kernel: __alloc_pages_noprof+0x321/0x350 kernel: __dma_direct_alloc_pages.isra.0+0x14a/0x290 kernel: dma_direct_alloc+0x70/0x270 kernel: mhi_fw_load_handler+0x126/0x340 [mhi a96cb91daba500cc77f86bad60c1f332dc3babdf] kernel: mhi_pm_st_worker+0x5e8/0xac0 [mhi a96cb91daba500cc77f86bad60c1f332dc3babdf] kernel: ? srso_return_thunk+0x5/0x5f kernel: process_one_work+0x17e/0x330 kernel: worker_thread+0x2ce/0x3f0 kernel: ? __pfx_worker_thread+0x10/0x10 kernel: kthread+0xd2/0x100 kernel: ? __pfx_kthread+0x10/0x10 kernel: ret_from_fork+0x34/0x50 kernel: ? __pfx_kthread+0x10/0x10 kernel: ret_from_fork_asm+0x1a/0x30 kernel: </TASK> kernel: Mem-Info: kernel: active_anon:513809 inactive_anon:152 isolated_anon:0 active_file:359315 inactive_file:2487001 isolated_file:0 unevictable:637 dirty:19 writeback:0 slab_reclaimable:160391 slab_unreclaimable:39729 mapped:175836 shmem:51039 pagetables:4415 sec_pagetables:0 bounce:0 kernel_misc_reclaimable:0 free:125666 free_pcp:0 free_cma:0 In above example, if we sum all the consumed memory, it comes out to be 15.5GB and free memory is ~ 500MB from a total of 16GB RAM. Even though memory is present. But all of the dma memory has been exhausted or fragmented. Fix it by allocating it only once and then reuse the same allocated memory. As we'll allocate this memory only once, this memory will stay allocated. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6 Fixes: cd457afb1667 ("bus: mhi: core: Add support for downloading firmware over BHIe") Cc: stable(a)vger.kernel.org Cc: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- Reported here: https://lore.kernel.org/all/ead32f5b-730a-4b81-b38f-93d822f990c6@collabora.… Still a lot of more fixes are required. Hence, I'm not adding closes tag. Changes since v1: - fix mhi_load_image_bhi() - Cc stable and fix tested on tag --- drivers/bus/mhi/host/boot.c | 25 +++++++++++++++---------- drivers/bus/mhi/host/init.c | 5 +++++ drivers/bus/mhi/host/internal.h | 2 ++ include/linux/mhi.h | 1 + 4 files changed, 23 insertions(+), 10 deletions(-) diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c index b3a85aa3c4768..9fc983bc12d49 100644 --- a/drivers/bus/mhi/host/boot.c +++ b/drivers/bus/mhi/host/boot.c @@ -302,8 +302,8 @@ static int mhi_fw_load_bhi(struct mhi_controller *mhi_cntrl, return -EIO; } -static void mhi_free_bhi_buffer(struct mhi_controller *mhi_cntrl, - struct image_info *image_info) +void mhi_free_bhi_buffer(struct mhi_controller *mhi_cntrl, + struct image_info *image_info) { struct mhi_buf *mhi_buf = image_info->mhi_buf; @@ -455,18 +455,23 @@ static enum mhi_fw_load_type mhi_fw_load_type_get(const struct mhi_controller *m static int mhi_load_image_bhi(struct mhi_controller *mhi_cntrl, const u8 *fw_data, size_t size) { - struct image_info *image; + struct image_info **image = &mhi_cntrl->bhi_image; int ret; - ret = mhi_alloc_bhi_buffer(mhi_cntrl, &image, size); - if (ret) - return ret; + if (!(*image)) { + ret = mhi_alloc_bhi_buffer(mhi_cntrl, image, size); + if (ret) + return ret; - /* Load the firmware into BHI vec table */ - memcpy(image->mhi_buf->buf, fw_data, size); + /* Load the firmware into BHI vec table */ + memcpy((*image)->mhi_buf->buf, fw_data, size); + } - ret = mhi_fw_load_bhi(mhi_cntrl, &image->mhi_buf[image->entries - 1]); - mhi_free_bhi_buffer(mhi_cntrl, image); + ret = mhi_fw_load_bhi(mhi_cntrl, &(*image)->mhi_buf[(*image)->entries - 1]); + if (ret) { + mhi_free_bhi_buffer(mhi_cntrl, *image); + *image = NULL; + } return ret; } diff --git a/drivers/bus/mhi/host/init.c b/drivers/bus/mhi/host/init.c index 6e06e4efec765..2e0f18c939e68 100644 --- a/drivers/bus/mhi/host/init.c +++ b/drivers/bus/mhi/host/init.c @@ -1228,6 +1228,11 @@ void mhi_unprepare_after_power_down(struct mhi_controller *mhi_cntrl) mhi_cntrl->rddm_image = NULL; } + if (mhi_cntrl->bhi_image) { + mhi_free_bhi_buffer(mhi_cntrl, mhi_cntrl->bhi_image); + mhi_cntrl->bhi_image = NULL; + } + mhi_deinit_dev_ctxt(mhi_cntrl); } EXPORT_SYMBOL_GPL(mhi_unprepare_after_power_down); diff --git a/drivers/bus/mhi/host/internal.h b/drivers/bus/mhi/host/internal.h index 1054e67bb450d..60b0699323375 100644 --- a/drivers/bus/mhi/host/internal.h +++ b/drivers/bus/mhi/host/internal.h @@ -324,6 +324,8 @@ int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl, struct image_info **image_info, size_t alloc_size); void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl, struct image_info *image_info); +void mhi_free_bhi_buffer(struct mhi_controller *mhi_cntrl, + struct image_info *image_info); /* Power management APIs */ enum mhi_pm_state __must_check mhi_tryset_pm_state( diff --git a/include/linux/mhi.h b/include/linux/mhi.h index 4c567907933a5..593012f779d97 100644 --- a/include/linux/mhi.h +++ b/include/linux/mhi.h @@ -391,6 +391,7 @@ struct mhi_controller { size_t reg_len; struct image_info *fbc_image; struct image_info *rddm_image; + struct image_info *bhi_image; struct mhi_chan *mhi_chan; struct list_head lpm_chans; int *irq; -- 2.39.5

2 months

3
4
0 0

[PATCH v2 0/1] nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails

by Rick Wertenbroek

Changes from v1 : - Updated comment for nvmet_pci_epf_queue_response() per Damien's suggestion. - Fixed typo in commit message. - Added 3 tags in commit message: Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Fixes: 0faa0fe6f90e ("nvmet: New NVMe PCI endpoint function target driver") Cc: stable(a)vger.kernel.org Best regards, Rick Rick Wertenbroek (1): nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails drivers/nvme/target/pci-epf.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) -- 2.25.1

2 months

4
4
0 0

[PATCH v2 1/1] arm64: dts: qcom: x1e80100-pmics: Disable pm8010 by default

by Aleksandrs Vinarskis

pm8010 is a camera specific PMIC, and may not be present on some devices. These may instead use a dedicated vreg for this purpose (Dell XPS 9345, Dell Inspiron..) or use USB webcam instead of a MIPI one alltogether (Lenovo Thinbook 16, Lenovo Yoga..). Disable pm8010 by default, let platforms that actually have one onboard enable it instead. Cc: <stable(a)vger.kernel.org> Fixes: 2559e61e7ef4 ("arm64: dts: qcom: x1e80100-pmics: Add the missing PMICs") Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> --- arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi b/arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi index e3888bc143a0..621890ada153 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi @@ -475,6 +475,8 @@ pm8010: pmic@c { #address-cells = <1>; #size-cells = <0>; + status = "disabled"; + pm8010_temp_alarm: temp-alarm@2400 { compatible = "qcom,spmi-temp-alarm"; reg = <0x2400>; -- 2.48.1

2 months

1
1
0 0

[PATCH v2] drm/sched: Remove optimization that causes hang when killing dependent jobs

by Lin.Cao

When application A submits jobs and application B submits a job with a dependency on A's fence, the normal flow wakes up the scheduler after processing each job. However, the optimization in drm_sched_entity_add_dependency_cb() uses a callback that only clears dependencies without waking up the scheduler. When application A is killed before its jobs can run, the callback gets triggered but only clears the dependency without waking up the scheduler, causing the scheduler to enter sleep state and application B to hang. Remove the optimization by deleting drm_sched_entity_clear_dep() and its usage, ensuring the scheduler is always woken up when dependencies are cleared. Fixes: 777dbd458c89 ("drm/amdgpu: drop a dummy wakeup scheduler") Cc: stable(a)vger.kernel.org # v4.6+ Signed-off-by: Lin.Cao <lincao12(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> --- drivers/gpu/drm/scheduler/sched_entity.c | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index e671aa241720..ac678de7fe5e 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -355,17 +355,6 @@ void drm_sched_entity_destroy(struct drm_sched_entity *entity) } EXPORT_SYMBOL(drm_sched_entity_destroy); -/* drm_sched_entity_clear_dep - callback to clear the entities dependency */ -static void drm_sched_entity_clear_dep(struct dma_fence *f, - struct dma_fence_cb *cb) -{ - struct drm_sched_entity *entity = - container_of(cb, struct drm_sched_entity, cb); - - entity->dependency = NULL; - dma_fence_put(f); -} - /* * drm_sched_entity_wakeup - callback to clear the entity's dependency and * wake up the scheduler @@ -376,7 +365,8 @@ static void drm_sched_entity_wakeup(struct dma_fence *f, struct drm_sched_entity *entity = container_of(cb, struct drm_sched_entity, cb); - drm_sched_entity_clear_dep(f, cb); + entity->dependency = NULL; + dma_fence_put(f); drm_sched_wakeup(entity->rq->sched); } @@ -429,13 +419,6 @@ static bool drm_sched_entity_add_dependency_cb(struct drm_sched_entity *entity) fence = dma_fence_get(&s_fence->scheduled); dma_fence_put(entity->dependency); entity->dependency = fence; - if (!dma_fence_add_callback(fence, &entity->cb, - drm_sched_entity_clear_dep)) - return true; - - /* Ignore it when it is already scheduled */ - dma_fence_put(fence); - return false; } if (!dma_fence_add_callback(entity->dependency, &entity->cb, -- 2.46.1

2 months

2
1
0 0

[PATCH v4 2/9] vsock/virtio: Validate length in packet header before skb_put()

by Will Deacon

When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put(). Cc: <stable(a)vger.kernel.org> Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff") Signed-off-by: Will Deacon <will(a)kernel.org> --- net/vmw_vsock/virtio_transport.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c index f0e48e6911fc..eb08a393413d 100644 --- a/net/vmw_vsock/virtio_transport.c +++ b/net/vmw_vsock/virtio_transport.c @@ -624,8 +624,9 @@ static void virtio_transport_rx_work(struct work_struct *work) do { virtqueue_disable_cb(vq); for (;;) { + unsigned int len, payload_len; + struct virtio_vsock_hdr *hdr; struct sk_buff *skb; - unsigned int len; if (!virtio_transport_more_replies(vsock)) { /* Stop rx until the device processes already @@ -642,12 +643,19 @@ static void virtio_transport_rx_work(struct work_struct *work) vsock->rx_buf_nr--; /* Drop short/long packets */ - if (unlikely(len < sizeof(struct virtio_vsock_hdr) || + if (unlikely(len < sizeof(*hdr) || len > virtio_vsock_skb_len(skb))) { kfree_skb(skb); continue; } + hdr = virtio_vsock_hdr(skb); + payload_len = le32_to_cpu(hdr->len); + if (unlikely(payload_len > len - sizeof(*hdr))) { + kfree_skb(skb); + continue; + } + virtio_vsock_skb_rx_put(skb); virtio_transport_deliver_tap_pkt(skb); virtio_transport_recv_pkt(&virtio_transport, skb); -- 2.50.0.727.gbf7dc18ff4-goog

2 months

2
1
0 0

[PATCH 5.10 000/209] 5.10.240-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.240 release. There are 209 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 16:35:35 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.240-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.240-rc3 Michael Jeanson <mjeanson(a)efficios.com> rseq: Fix segfault on registration when rseq_cs is non-zero Borislav Petkov <bp(a)kernel.org> x86/process: Move the buffer clearing before MONITOR Borislav Petkov <bp(a)kernel.org> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov <bp(a)kernel.org> KVM: x86: add support for CPUID leaf 0x80000021 Borislav Petkov <bp(a)kernel.org> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov <bp(a)kernel.org> x86/bugs: Rename MDS machinery to something more generic Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: protect vq->log_used with vq->mutex Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Oleksij Rempel <linux(a)rempel-privat.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Vicki Pfau <vi(a)endrift.com> Input: xpad - add VID for Turtle Beach controllers Matt Reynolds <mattreynolds(a)chromium.org> Input: xpad - add support for Amazon Game Controller Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: lib_test: add MODULE_LICENSE Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Peter Zijlstra <peterz(a)infradead.org> x86/its: FineIBT-paranoid vs ITS Eric Biggers <ebiggers(a)google.com> x86/its: Fix build errors when CONFIG_MODULES=n Peter Zijlstra <peterz(a)infradead.org> x86/its: Use dynamic thunks for indirect branches Thomas Gleixner <tglx(a)linutronix.de> x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add "vmexit" option to skip mitigation on some CPUs Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Enable Indirect Target Selection mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Fix undefined reference to cpu_wants_rethunk_at() Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for ITS-safe return thunk Josh Poimboeuf <jpoimboe(a)kernel.org> x86/alternatives: Remove faulty optimization Borislav Petkov (AMD) <bp(a)alien8.de> x86/alternative: Optimize returns patching Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for ITS-safe indirect thunk Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Introduce int3_emulate_jcc() Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Enumerate Indirect Target Selection (ITS) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation: x86/bugs/its: Add ITS documentation David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use __for_each_thread() Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Andra Paraschiv <andraprs(a)amazon.com> af_vsock: Assign the vsock transport considering the vsock address flags Andra Paraschiv <andraprs(a)amazon.com> af_vsock: Set VMADDR_FLAG_TO_HOST flag on the receive path Andra Paraschiv <andraprs(a)amazon.com> vm_sockets: Add VMADDR_FLAG_TO_HOST vsock flag Andra Paraschiv <andraprs(a)amazon.com> vm_sockets: Add flags field in the vsock address data structure Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Send control events for partial succeeds Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Return the number of processed controls Seiji Nishikawa <snishika(a)redhat.com> ACPI: PAD: fix crash in exit_round_robin() Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Ioana Ciornei <ioana.ciornei(a)nxp.com> net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update SINGLE_STEP register access Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update dpni_get_single_step_cfg command Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: rename dpaa2_eth_xdp_release_buf into dpaa2_eth_recycle_buf Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Yue Hu <huyue2(a)yulong.com> mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Gustavo A. R. Silva <gustavoars(a)kernel.org> net: rose: Fix fall-through warnings for Clang Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Dexuan Cui <decui(a)microsoft.com> PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: reject invalid perturb period Niklas Cassel <cassel(a)kernel.org> PCI: cadence-ep: Correct PBA offset in .set_msix() callback Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Vitaly Kuznetsov <vkuznets(a)redhat.com> Drivers: hv: Rename 'alloced' to 'allocated' Haiyang Zhang <haiyangz(a)microsoft.com> Drivers: hv: vmbus: Fix duplicate CPU assignments within a device Alexandru Ardelean <alexandru.ardelean(a)analog.com> uio: uio_hv_generic: use devm_kzalloc() for private data alloc Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Weihang Li <liweihang(a)huawei.com> RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Brett Werling <brett.werling(a)garmin.com> can: tcan4x5x: fix power regulator retrieval during probe Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Junlin Yang <yangjunlin(a)yulong.com> usb: typec: tcpci_maxim: add terminating newlines to logging Junlin Yang <yangjunlin(a)yulong.com> usb: typec: tcpci_maxim: remove redundant assignment Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpci_maxim: Fix uninitialized return variable Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify George Kennedy <george.kennedy(a)oracle.com> VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Dave Penkler <dpenkler(a)gmail.com> USB: usbtmc: Add USBTMC_IOCTL_GET_STB Dave Penkler <dpenkler(a)gmail.com> USB: usbtmc: Fix reading stale status byte Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 2 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 156 +++++++++++ .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 28 ++ Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/drivers/vector_kern.c | 42 +-- arch/um/include/asm/asm-prototypes.h | 5 + arch/x86/Kconfig | 22 +- arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/alternative.h | 26 ++ arch/x86/include/asm/cpu.h | 13 + arch/x86/include/asm/cpufeature.h | 5 +- arch/x86/include/asm/cpufeatures.h | 14 +- arch/x86/include/asm/disabled-features.h | 2 +- arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/msr-index.h | 13 +- arch/x86/include/asm/mwait.h | 19 +- arch/x86/include/asm/nospec-branch.h | 50 ++-- arch/x86/include/asm/required-features.h | 2 +- arch/x86/include/asm/text-patching.h | 31 +++ arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 272 +++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 +++++- arch/x86/kernel/cpu/mce/amd.c | 15 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/kprobes/core.c | 39 +-- arch/x86/kernel/module.c | 14 +- arch/x86/kernel/process.c | 15 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 8 + arch/x86/kvm/cpuid.c | 31 ++- arch/x86/kvm/cpuid.h | 1 + arch/x86/kvm/svm/vmenter.S | 3 + arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 +++ arch/x86/net/bpf_jit_comp.c | 8 +- arch/x86/um/asm/checksum.h | 3 + drivers/acpi/acpi_pad.c | 7 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/acpi/battery.c | 19 +- drivers/ata/pata_cs5536.c | 2 +- drivers/atm/idt77252.c | 5 + drivers/base/cpu.c | 15 + drivers/dma-buf/dma-resv.c | 2 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- drivers/gpu/drm/bridge/cdns-dsi.c | 27 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/v3d/v3d_drv.h | 7 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 38 ++- drivers/hid/hid-ids.h | 5 + drivers/hid/hid-quirks.c | 3 + drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 121 +++++--- drivers/hv/hyperv_vmbus.h | 19 +- drivers/hv/vmbus_drv.c | 2 +- drivers/hwmon/pmbus/max34440.c | 48 +++- drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/core/iwcm.c | 38 +-- drivers/infiniband/core/iwcm.h | 2 +- drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 33 +++ drivers/input/joystick/xpad.c | 5 + drivers/input/keyboard/atkbd.c | 3 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/md/raid1.c | 1 + drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 61 ++-- drivers/mfd/max14577.c | 1 + drivers/misc/vmw_vmci/vmci_host.c | 9 +- drivers/mmc/host/mtk-sd.c | 39 ++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 ++ drivers/net/can/m_can/m_can.c | 2 +- drivers/net/can/m_can/tcan4x5x.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 + drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++-- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 141 ++++++++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 20 +- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +- drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +- drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 + drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/sun/niu.c | 31 ++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 2 +- drivers/net/phy/smsc.c | 28 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 +- drivers/pci/controller/pci-hyperv.c | 17 +- drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/pwm/pwm-mediatek.c | 15 +- drivers/regulator/gpio-regulator.c | 4 +- drivers/rtc/lib_test.c | 2 + drivers/rtc/rtc-cmos.c | 10 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 46 +-- drivers/target/target_core_pr.c | 4 +- drivers/tty/vt/vt.c | 1 + drivers/uio/uio_hv_generic.c | 18 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/class/usbtmc.c | 53 ++-- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 +- drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/gadget/function/u_serial.c | 6 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/usb/typec/tcpm/tcpci_maxim.c | 20 +- drivers/vhost/scsi.c | 7 +- fs/btrfs/inode.c | 36 +-- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 + fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 +-- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++--- fs/nfs/inode.c | 17 +- fs/nfs/nfs4proc.c | 12 +- fs/nfs/pnfs.c | 4 +- fs/overlayfs/util.c | 4 +- fs/proc/array.c | 6 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- include/drm/spsc_queue.h | 4 +- include/linux/cpu.h | 3 + include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/linux/module.h | 5 + include/linux/usb/typec_dp.h | 1 + include/uapi/linux/usb/tmc.h | 2 + include/uapi/linux/vm_sockets.h | 30 +- kernel/events/core.c | 2 +- kernel/rcu/tree.c | 4 + kernel/rseq.c | 60 +++- lib/test_objagg.c | 4 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 75 +++-- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/netlink/af_netlink.c | 90 +++--- net/rose/rose_route.c | 15 +- net/rxrpc/call_accept.c | 3 + net/sched/sch_api.c | 42 +-- net/sched/sch_sfq.c | 10 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 78 +++++- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 4 + sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/soc/fsl/fsl_asrc.c | 3 +- sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 204 files changed, 2750 insertions(+), 821 deletions(-)

2 months

8
7
0 0

[PATCH v2] wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again

by Muhammad Usama Anjum

Don't deinitialize and reinitialize the HAL helpers. The dma memory is deallocated and there is high possibility that we'll not be able to get the same memory allocated from dma when there is high memory pressure. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org Cc: Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- Changes since v1: - Cc stable and fix tested on tag - Clear essential fields as they may have stale data --- drivers/net/wireless/ath/ath11k/core.c | 6 +----- drivers/net/wireless/ath/ath11k/hal.c | 12 ++++++++++++ drivers/net/wireless/ath/ath11k/hal.h | 1 + 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/ath/ath11k/core.c b/drivers/net/wireless/ath/ath11k/core.c index 4488e4cdc5e9e..34b27711ed00f 100644 --- a/drivers/net/wireless/ath/ath11k/core.c +++ b/drivers/net/wireless/ath/ath11k/core.c @@ -2213,14 +2213,10 @@ static int ath11k_core_reconfigure_on_crash(struct ath11k_base *ab) mutex_unlock(&ab->core_lock); ath11k_dp_free(ab); - ath11k_hal_srng_deinit(ab); + ath11k_hal_srng_clear(ab); ab->free_vdev_map = (1LL << (ab->num_radios * TARGET_NUM_VDEVS(ab))) - 1; - ret = ath11k_hal_srng_init(ab); - if (ret) - return ret; - clear_bit(ATH11K_FLAG_CRASH_FLUSH, &ab->dev_flags); ret = ath11k_core_qmi_firmware_ready(ab); diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index b32de563d453a..dafa9bdbb3d32 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -1359,6 +1359,18 @@ void ath11k_hal_srng_deinit(struct ath11k_base *ab) } EXPORT_SYMBOL(ath11k_hal_srng_deinit); +void ath11k_hal_srng_clear(struct ath11k_base *ab) +{ + memset(ab->hal.srng_list, 0, + sizeof(ab->hal.srng_list)); + memset(ab->hal.shadow_reg_addr, 0, + sizeof(ab->hal.shadow_reg_addr)); + ab->hal.avail_blk_resource = 0; + ab->hal.current_blk_index = 0; + ab->hal.num_shadow_reg_configured = 0; +} +EXPORT_SYMBOL(ath11k_hal_srng_clear); + void ath11k_hal_dump_srng_stats(struct ath11k_base *ab) { struct hal_srng *srng; diff --git a/drivers/net/wireless/ath/ath11k/hal.h b/drivers/net/wireless/ath/ath11k/hal.h index 601542410c752..839095af9267e 100644 --- a/drivers/net/wireless/ath/ath11k/hal.h +++ b/drivers/net/wireless/ath/ath11k/hal.h @@ -965,6 +965,7 @@ int ath11k_hal_srng_setup(struct ath11k_base *ab, enum hal_ring_type type, struct hal_srng_params *params); int ath11k_hal_srng_init(struct ath11k_base *ath11k); void ath11k_hal_srng_deinit(struct ath11k_base *ath11k); +void ath11k_hal_srng_clear(struct ath11k_base *ab); void ath11k_hal_dump_srng_stats(struct ath11k_base *ab); void ath11k_hal_srng_get_shadow_config(struct ath11k_base *ab, u32 **cfg, u32 *len); -- 2.39.5

2 months

2
2
0 0

[PATCH v4 1/9] vhost/vsock: Avoid allocating arbitrarily-sized SKBs

by Will Deacon

vhost_vsock_alloc_skb() returns NULL for packets advertising a length larger than VIRTIO_VSOCK_MAX_PKT_BUF_SIZE in the packet header. However, this is only checked once the SKB has been allocated and, if the length in the packet header is zero, the SKB may not be freed immediately. Hoist the size check before the SKB allocation so that an iovec larger than VIRTIO_VSOCK_MAX_PKT_BUF_SIZE + the header size is rejected outright. The subsequent check on the length field in the header can then simply check that the allocated SKB is indeed large enough to hold the packet. Cc: <stable(a)vger.kernel.org> Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff") Reviewed-by: Stefano Garzarella <sgarzare(a)redhat.com> Signed-off-by: Will Deacon <will(a)kernel.org> --- drivers/vhost/vsock.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c index 802153e23073..66a0f060770e 100644 --- a/drivers/vhost/vsock.c +++ b/drivers/vhost/vsock.c @@ -344,6 +344,9 @@ vhost_vsock_alloc_skb(struct vhost_virtqueue *vq, len = iov_length(vq->iov, out); + if (len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE + VIRTIO_VSOCK_SKB_HEADROOM) + return NULL; + /* len contains both payload and hdr */ skb = virtio_vsock_alloc_skb(len, GFP_KERNEL); if (!skb) @@ -367,8 +370,7 @@ vhost_vsock_alloc_skb(struct vhost_virtqueue *vq, return skb; /* The pkt is too big or the length in the header is invalid */ - if (payload_len > VIRTIO_VSOCK_MAX_PKT_BUF_SIZE || - payload_len + sizeof(*hdr) > len) { + if (payload_len + sizeof(*hdr) > len) { kfree_skb(skb); return NULL; } -- 2.50.0.727.gbf7dc18ff4-goog

2 months

3
2
0 0

[PATCH 6.1 00/89] 6.1.146-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.146 release. There are 89 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 16:35:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.146-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.146-rc2 Michael Jeanson <mjeanson(a)efficios.com> rseq: Fix segfault on registration when rseq_cs is non-zero Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Jack Wang <jinpu.wang(a)ionos.com> x86: Fix X86_FEATURE_VERW_CLEAR definition Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: protect vq->log_used with vq->mutex Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Oleksij Rempel <linux(a)rempel-privat.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Gao Xiang <xiang(a)kernel.org> erofs: adapt folios for z_erofs_read_folio() Gao Xiang <xiang(a)kernel.org> erofs: avoid on-stack pagepool directly passed by arguments Gao Xiang <xiang(a)kernel.org> erofs: allocate extra bvec pages directly instead of retrying Yue Hu <huyue2(a)coolpad.com> erofs: clean up z_erofs_pcluster_readmore() Yue Hu <huyue2(a)coolpad.com> erofs: remove the member readahead from struct z_erofs_decompress_frontend Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Zhang Rui <rui.zhang(a)intel.com> platform/x86: think-lmi: Fix sysfs group cleanup Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Lee Jones <lee(a)kernel.org> usb: cdnsp: Replace snprintf() with the safer scnprintf() variant Pawel Laszczak <pawell(a)cadence.com> usb:cdnsp: remove TRB_FLUSH_ENDPOINT command Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Allow RPM on the USB controller (1022:43f7) by default Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() Alexey Dobriyan <adobriyan(a)gmail.com> x86/boot: Compile boot code with -std=gnu11 too David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling ------------- Diffstat: Makefile | 4 +- arch/um/drivers/vector_kern.c | 42 +-- arch/x86/Kconfig | 2 +- arch/x86/Makefile | 2 +- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/kernel/cpu/mce/amd.c | 15 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/gpu/drm/drm_gem.c | 10 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-quirks.c | 3 + drivers/input/joystick/xpad.c | 2 + drivers/input/keyboard/atkbd.c | 3 +- drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 1 + drivers/md/raid10.c | 10 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 2 +- drivers/net/phy/smsc.c | 28 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/platform/x86/ideapad-laptop.c | 19 +- drivers/powercap/intel_rapl_common.c | 22 +- drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/cdns3/cdnsp-debug.h | 358 +++++++++++++------------- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.c | 6 +- drivers/usb/cdns3/cdnsp-gadget.h | 11 +- drivers/usb/cdns3/cdnsp-ring.c | 27 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 22 +- drivers/usb/gadget/function/u_serial.c | 6 +- drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 30 ++- drivers/usb/host/xhci.h | 1 + drivers/vhost/scsi.c | 7 +- fs/anon_inodes.c | 23 +- fs/btrfs/free-space-tree.c | 16 +- fs/btrfs/inode.c | 28 +- fs/erofs/data.c | 2 + fs/erofs/zdata.c | 124 ++++----- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/smb/server/smb2pdu.c | 29 +-- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/spsc_queue.h | 4 +- include/linux/fs.h | 2 + include/net/netfilter/nf_flow_table.h | 2 +- include/trace/events/erofs.h | 16 +- kernel/events/core.c | 2 +- kernel/rseq.c | 60 ++++- lib/maple_tree.c | 7 +- mm/kasan/report.c | 13 +- mm/secretmem.c | 11 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 +++-- net/bluetooth/hci_sync.c | 2 +- net/ipv6/addrconf.c | 9 +- net/netlink/af_netlink.c | 90 ++++--- net/rxrpc/call_accept.c | 3 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 +++- net/wireless/util.c | 52 +++- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/fsl/fsl_asrc.c | 3 +- tools/include/linux/kallsyms.h | 4 + 87 files changed, 924 insertions(+), 594 deletions(-)

2 months

10
9
0 0

[PATCH 6.6 000/111] 6.6.99-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.99 release. There are 111 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 16:35:12 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.99-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.99-rc2 Michael Jeanson <mjeanson(a)efficios.com> rseq: Fix segfault on registration when rseq_cs is non-zero Lukas Wunner <lukas(a)wunner.de> crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential race in cifs_put_tcon() Willem de Bruijn <willemb(a)google.com> selftests/bpf: adapt one more case in test_lru_map to the new target_free Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Willem de Bruijn <willemb(a)google.com> bpf: Adjust free target to avoid global starvation of LRU map Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Long Li <longli(a)microsoft.com> net: mana: Record doorbell physical address in PF mode Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Fengnan Chang <changfengnan(a)bytedance.com> io_uring: make fallocate be hashed work Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Ronnie Sahlberg <rsahlberg(a)whamcloud.com> ublk: sanity check add_dev input for underflow Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Shyam Prasad N <sprasad(a)microsoft.com> cifs: all initializations for tcon should happen in tcon_info_alloc Paulo Alcantara <pc(a)manguebit.com> smb: client: fix DFS interlink failover Paulo Alcantara <pc(a)manguebit.com> smb: client: avoid unnecessary reconnects when refreshing referrals Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Lee Jones <lee(a)kernel.org> usb: cdnsp: Replace snprintf() with the safer scnprintf() variant Pawel Laszczak <pawell(a)cadence.com> usb:cdnsp: remove TRB_FLUSH_ENDPOINT command Filipe Manana <fdmanana(a)suse.com> btrfs: fix inode lookup error handling during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: return a btrfs_inode from btrfs_iget_logging() Filipe Manana <fdmanana(a)suse.com> btrfs: remove redundant root argument from fixup_inode_link_count() Filipe Manana <fdmanana(a)suse.com> btrfs: remove redundant root argument from btrfs_update_inode_fallback() Filipe Manana <fdmanana(a)suse.com> btrfs: remove noinline from btrfs_update_inode() Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Mikhail Paulyshka <me(a)mixaill.net> x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Alexander Gordeev <agordeev(a)linux.ibm.com> mm/vmalloc: leave lazy MMU mode on PTE mapping error Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts.py after maple tree conversion Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: de-reference per-CPU MCE interrupts Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts display after MCP on x86 Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: fix the inaccurate memory statistics issue for users Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Thomas Zimmermann <tzimmermann(a)suse.de> drm/framebuffer: Acquire internal references on GEM handles Kuen-Han Tsai <khtsai(a)google.com> Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Acquire references on GEM handles for framebuffers Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Christian Eggers <ceggers(a)arri.de> Bluetooth: HCI: Set extended advertising data synchronously Leo Yan <leo.yan(a)arm.com> perf: build: Setup PKG_CONFIG_LIBDIR for cross compilation Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() David Howells <dhowells(a)redhat.com> rxrpc: Fix bug due to prealloc collision Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Force predictable MDI-X state on LAN87xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap EricChan <chenchuangyu(a)xiaomi.com> net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Jiayuan Chen <jiayuan.chen(a)linux.dev> tcp: Correct signedness in skb remaining space calculation Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix `vsock_proto` declaration Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Clear GPIO debounce for suspend Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: probe() should fail if the device ID is not recognized Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix the WARN_ON_ONCE is out of lock protected region Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Linus Torvalds <torvalds(a)linux-foundation.org> eventpoll: don't decrement ep refcount while still holding the ep mutex ------------- Diffstat: Documentation/bpf/map_hash.rst | 8 +- Documentation/bpf/map_lru_hash_update.dot | 6 +- Makefile | 4 +- arch/um/drivers/vector_kern.c | 42 +-- arch/x86/Kconfig | 2 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 7 + arch/x86/kernel/cpu/mce/amd.c | 28 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- crypto/ecc.c | 2 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/block/ublk_drv.c | 3 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/gpu/drm/drm_framebuffer.c | 31 +- drivers/gpu/drm/drm_gem.c | 74 ++++- drivers/gpu/drm/drm_internal.h | 2 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-quirks.c | 3 + drivers/input/keyboard/atkbd.c | 3 +- drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 1 + drivers/md/raid10.c | 10 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 2 +- drivers/net/phy/smsc.c | 57 +++- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pinctrl/pinctrl-amd.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++----------- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.c | 6 +- drivers/usb/cdns3/cdnsp-gadget.h | 11 +- drivers/usb/cdns3/cdnsp-ring.c | 27 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 22 +- drivers/usb/gadget/function/u_serial.c | 12 +- fs/btrfs/btrfs_inode.h | 2 +- fs/btrfs/free-space-tree.c | 16 +- fs/btrfs/inode.c | 18 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 331 +++++++++++-------- fs/erofs/data.c | 2 + fs/eventpoll.c | 12 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/proc/task_mmu.c | 14 +- fs/smb/client/cifsglob.h | 3 + fs/smb/client/cifsproto.h | 13 +- fs/smb/client/connect.c | 47 ++- fs/smb/client/dfs.c | 73 ++--- fs/smb/client/dfs.h | 42 ++- fs/smb/client/dfs_cache.c | 198 +++++++----- fs/smb/client/fs_context.h | 1 + fs/smb/client/misc.c | 9 + fs/smb/client/namespace.c | 2 +- fs/smb/server/smb2pdu.c | 29 +- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/drm_framebuffer.h | 7 + include/drm/spsc_queue.h | 4 +- include/linux/math.h | 12 + include/linux/mm.h | 5 + include/net/af_vsock.h | 2 +- include/net/netfilter/nf_flow_table.h | 2 +- io_uring/opdef.c | 1 + kernel/bpf/bpf_lru_list.c | 9 +- kernel/bpf/bpf_lru_list.h | 1 + kernel/events/core.c | 6 +- kernel/rseq.c | 60 +++- lib/maple_tree.c | 14 +- mm/kasan/report.c | 13 +- mm/vmalloc.c | 22 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 +++- net/bluetooth/hci_event.c | 39 +-- net/bluetooth/hci_sync.c | 215 ++++++++----- net/ipv4/tcp.c | 2 +- net/ipv6/addrconf.c | 9 +- net/netlink/af_netlink.c | 90 +++--- net/rxrpc/call_accept.c | 4 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 +++- net/wireless/util.c | 52 ++- scripts/gdb/linux/constants.py.in | 7 + scripts/gdb/linux/interrupts.py | 16 +- scripts/gdb/linux/mapletree.py | 252 +++++++++++++++ scripts/gdb/linux/xarray.py | 28 ++ sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/fsl/fsl_asrc.c | 3 +- tools/arch/x86/include/asm/msr-index.h | 1 + tools/build/feature/Makefile | 25 +- tools/include/linux/kallsyms.h | 4 + tools/perf/Makefile.perf | 27 +- tools/testing/selftests/bpf/test_lru_map.c | 105 +++--- 117 files changed, 1948 insertions(+), 1042 deletions(-) From gregkh(a)linuxfoundation.org Tue Jul 15 18:35:42 2025 Message-ID: <20250715163542.121531643(a)linuxfoundation.org> User-Agent: quilt/0.68 Date: Tue, 15 Jul 2025 18:35:43 +0200 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> To: stable(a)vger.kernel.org Cc: patches(a)lists.linux.dev, linux-kernel(a)vger.kernel.org, torvalds(a)linux-foundation.org, akpm(a)linux-foundation.org, linux(a)roeck-us.net, shuah(a)kernel.org, patches(a)kernelci.org, lkft-triage(a)lists.linaro.org, pavel(a)denx.de, jonathanh(a)nvidia.com, f.fainelli(a)gmail.com, sudipm.mukherjee(a)gmail.com, srw(a)sladewatkins.net, rwarsow(a)gmx.de, conor(a)kernel.org, hargar(a)microsoft.com, broonie(a)kernel.org, Jann Horn <jannh(a)google.com>, Alexander Viro <viro(a)zeniv.linux.org.uk>, Christian Brauner <brauner(a)kernel.org>, Jan Kara <jack(a)suse.cz>, Linus Torvalds <torvalds(a)linux-foundation.org> X-stable: review X-Patchwork-Hint: ignore Subject: [PATCH 6.6 001/111] eventpoll: dont decrement ep refcount while still holding the ep mutex MIME-Version: 1.0 6.6-stable review patch. If anyone has any objections, please let me know. ------------------ From: Linus Torvalds <torvalds(a)linux-foundation.org> commit 8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2 upstream. Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutex_unlock(&ep->mtx); afterwards. That's very wrong, because it can lead to a use-after-free. That pattern is actually fine for the very last reference, because the code in question will delay the actual call to "ep_free(ep)" until after it has unlocked the mutex. But it's wrong for the much subtler "next to last" case when somebody *else* may also be dropping their reference and free the ep while we're still using the mutex. Note that this is true even if that other user is also using the same ep mutex: mutexes, unlike spinlocks, can not be used for object ownership, even if they guarantee mutual exclusion. A mutex "unlock" operation is not atomic, and as one user is still accessing the mutex as part of unlocking it, another user can come in and get the now released mutex and free the data structure while the first user is still cleaning up. See our mutex documentation in Documentation/locking/mutex-design.rst, in particular the section [1] about semantics: "mutex_unlock() may access the mutex structure even after it has internally released the lock already - so it's not safe for another context to acquire the mutex and assume that the mutex_unlock() context is not using the structure anymore" So if we drop our ep ref before the mutex unlock, but we weren't the last one, we may then unlock the mutex, another user comes in, drops _their_ reference and releases the 'ep' as it now has no users - all while the mutex_unlock() is still accessing it. Fix this by simply moving the ep refcount dropping to outside the mutex: the refcount itself is atomic, and doesn't need mutex protection (that's the whole _point_ of refcounts: unlike mutexes, they are inherently about object lifetimes). Reported-by: Jann Horn <jannh(a)google.com> Link: https://docs.kernel.org/locking/mutex-design.html#semantics [1] Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- fs/eventpoll.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -772,7 +772,7 @@ static bool __ep_remove(struct eventpoll call_rcu(&epi->rcu, epi_rcu_free); percpu_counter_dec(&ep->user->epoll_watches); - return ep_refcount_dec_and_test(ep); + return true; } /* @@ -780,14 +780,14 @@ static bool __ep_remove(struct eventpoll */ static void ep_remove_safe(struct eventpoll *ep, struct epitem *epi) { - WARN_ON_ONCE(__ep_remove(ep, epi, false)); + if (__ep_remove(ep, epi, false)) + WARN_ON_ONCE(ep_refcount_dec_and_test(ep)); } static void ep_clear_and_put(struct eventpoll *ep) { struct rb_node *rbp, *next; struct epitem *epi; - bool dispose; /* We need to release all tasks waiting for these file */ if (waitqueue_active(&ep->poll_wait)) @@ -820,10 +820,8 @@ static void ep_clear_and_put(struct even cond_resched(); } - dispose = ep_refcount_dec_and_test(ep); mutex_unlock(&ep->mtx); - - if (dispose) + if (ep_refcount_dec_and_test(ep)) ep_free(ep); } @@ -1003,7 +1001,7 @@ again: dispose = __ep_remove(ep, epi, true); mutex_unlock(&ep->mtx); - if (dispose) + if (dispose && ep_refcount_dec_and_test(ep)) ep_free(ep); goto again; }

2 months

10
9
0 0

[PATCH 5.10 000/355] 5.10.239-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.239 release. There are 355 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 25 Jun 2025 13:05:51 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.239-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.239-rc1 Tengda Wu <wutengda(a)huaweicloud.com> arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() Peter Zijlstra <peterz(a)infradead.org> perf: Fix sample vs do_exit() Aaron Lu <ziqianlu(a)bytedance.com> Revert "bpf: allow precision tracking for programs with subprogs" Aaron Lu <ziqianlu(a)bytedance.com> Revert "bpf: stop setting precise in current state" Aaron Lu <ziqianlu(a)bytedance.com> Revert "bpf: aggressively forget precise markings during state checkpointing" Aaron Lu <ziqianlu(a)bytedance.com> Revert "selftests/bpf: make test_align selftest more robust" Heiko Carstens <hca(a)linux.ibm.com> s390/pci: Fix __pcilg_mio_inuser() inline assembly David Gow <davidgow(a)google.com> rtc: test: Fix invalid format specifier. Eddie James <eajames(a)linux.ibm.com> hwmon: (occ) Fix P10 VRM temp sensors Gavin Guo <gavinguo(a)igalia.com> mm/huge_memory: fix dereferencing invalid pmd migration entry Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: handle bigger packets Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: annotate data-races around q->perturb_period Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Make rtc_time64_to_tm() support dates before 1970 Cassio Neri <cassio.neri(a)gmail.com> rtc: Improve performance of rtc_time64_to_tm(). Add tests. Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Paul Chaignon <paul.chaignon(a)gmail.com> net: Fix checksum update for ILA adj-transport Eliav Farber <farbere(a)amazon.com> net/ipv4: fix type mismatch in inet_ehash_locks_alloc() causing build failure James Morse <james.morse(a)arm.com> arm64: proton-pack: Add new CPUs 'k' values for branch mitigation James Morse <james.morse(a)arm.com> arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users James Morse <james.morse(a)arm.com> arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs Liu Song <liusong(a)linux.alibaba.com> arm64: spectre: increase parameters that can be used to turn off bhb mitigation individually James Morse <james.morse(a)arm.com> arm64: proton-pack: Expose whether the branchy loop k value Will Deacon <will(a)kernel.org> arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Douglas Anderson <dianders(a)chromium.org> arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB James Morse <james.morse(a)arm.com> arm64: proton-pack: Expose whether the platform is mitigated by firmware James Morse <james.morse(a)arm.com> arm64: insn: Add support for encoding DSB Hou Tao <houtao1(a)huawei.com> arm64: insn: add encoders for atomic operations Hou Tao <houtao1(a)huawei.com> arm64: move AARCH64_BREAK_FAULT into insn-def.h Julien Thierry <jthierry(a)redhat.com> arm64: insn: Add barrier encodings Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Increment the runtime usage counter for the earlycon device Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms Colin Foster <colin.foster(a)in-advantage.com> ARM: dts: am335x-bone-common: Increase MDIO reset deassert time Shengyu Qu <wiagn233(a)outlook.com> ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board Eric Dumazet <edumazet(a)google.com> net: atm: fix /proc/net/atm/lec handling Eric Dumazet <edumazet(a)google.com> net: atm: add lec_mutex Kuniyuki Iwashima <kuniyu(a)google.com> calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). Haixia Qu <hxqu(a)hillstonenet.com> tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer Neal Cardwell <ncardwell(a)google.com> tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Free invalid length skb in atmtcp_c_send(). Kuniyuki Iwashima <kuniyu(a)google.com> mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). Dmitry Antipov <dmantipov(a)yandex.ru> wifi: carl9170: do not ping device which has failed to load firmware Krishna Kumar <krikku(a)gmail.com> net: ice: Perform accurate aRFS flow match Justin Sanders <jsanders.devel(a)gmail.com> aoe: clean device rq_list in aoedev_downdev() Simon Horman <horms(a)kernel.org> pldmfw: Select CRC32 when PLDMFW is selected Arnd Bergmann <arnd(a)arndb.de> hwmon: (occ) fix unaligned accesses Arnd Bergmann <arnd(a)arndb.de> hwmon: (occ) Rework attribute registration for stack usage Eddie James <eajames(a)linux.ibm.com> hwmon: (occ) Add soft minimum power cap attribute Eddie James <eajames(a)linux.ibm.com> hwmon: (occ) Add new temperature sensor type Jacob Keller <jacob.e.keller(a)intel.com> drm/nouveau/bl: increase buffer size to avoid truncate warning Gao Xiang <hsiangkao(a)linux.alibaba.com> erofs: remove unused trace event erofs_destroy_inode Jann Horn <jannh(a)google.com> mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race Liu Shixin <liushixin2(a)huawei.com> mm: hugetlb: independent PMD page table shared count Jann Horn <jannh(a)google.com> mm/hugetlb: unshare page tables during VMA split, not before James Houghton <jthoughton(a)google.com> hugetlb: unshare some PMDs when splitting VMAs Jonathan Lane <jon(a)borg.moe> ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged Takashi Iwai <tiwai(a)suse.de> ALSA: hda/intel: Add Thinkpad E15 to PM deny list wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card WangYuli <wangyuli(a)uniontech.com> Input: sparcspkr - avoid unannotated fall-through Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Kuniyuki Iwashima <kuniyu(a)google.com> atm: Revert atm_account_tx() if copy_from_iter_full() fails. Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len Marek Szyprowski <m.szyprowski(a)samsung.com> udmabuf: use sgtable-based scatterlist wrappers Peter Oberparleiter <oberpar(a)linux.ibm.com> scsi: s390: zfcp: Ensure synchronous unit_add Dexuan Cui <decui(a)microsoft.com> scsi: storvsc: Increase the timeouts to storvsc_timeout Fedor Pchelkin <pchelkin(a)ispras.ru> jffs2: check jffs2_prealloc_raw_node_refs() result in few other places Artem Sadovnikov <a.sadovnikov(a)ispras.ru> jffs2: check that raw node were preallocated before writing summary Andrew Morton <akpm(a)linux-foundation.org> drivers/rapidio/rio_cm.c: prevent possible heap overwrite Breno Leitao <leitao(a)debian.org> Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older Narayana Murty N <nnmlinux(a)linux.ibm.com> powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery Stuart Hayes <stuart.w.hayes(a)gmail.com> platform/x86: dell_rbu: Stop overwriting data buffer Stuart Hayes <stuart.w.hayes(a)gmail.com> platform/x86: dell_rbu: Fix list usage Maximilian Luz <luzmaximilian(a)gmail.com> platform: Add Surface platform directory Alexander Sverdlin <alexander.sverdlin(a)siemens.com> Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" Jann Horn <jannh(a)google.com> tee: Prevent size calculation wraparound on 32-bit kernels Sukrut Bellary <sbellary(a)baylibre.com> ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY Laurentiu Tudor <laurentiu.tudor(a)nxp.com> bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value Marcus Folkesson <marcus.folkesson(a)gmail.com> watchdog: da9052_wdt: respect TWDMIN Kyungwook Boo <bookyungwook(a)gmail.com> i40e: fix MMIO write access to an invalid page in i40e_clear_hw Zijun Hu <quic_zijuhu(a)quicinc.com> sock: Correct error checking condition for (assign|release)_proto_idx() Daniel Wagner <wagi(a)kernel.org> scsi: lpfc: Use memcpy() for BIOS version Zijun Hu <quic_zijuhu(a)quicinc.com> software node: Correct a OOB check in software_node_get_reference_args() Ido Schimmel <idosch(a)nvidia.com> vxlan: Do not treat dst cache initialization errors as fatal Sean Christopherson <seanjc(a)google.com> iommu/amd: Ensure GA log notifier callbacks finish running before module unload Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands Heiko Stuebner <heiko(a)sntech.de> clk: rockchip: rk3036: mark ddrphy as critical Benjamin Berg <benjamin(a)sipsolutions.net> wifi: mac80211: do not offer a mesh path if forwarding is disabled Jason Xing <kernelxing(a)tencent.com> net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() Jason Xing <kernelxing(a)tencent.com> net: atlantic: generate software timestamp just before the doorbell Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT Eric Dumazet <edumazet(a)google.com> tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows Eric Dumazet <edumazet(a)google.com> tcp: always seek for minimal rtt in tcp_rcv_rtt_update() Moon Yeounsu <yyyynoom(a)gmail.com> net: dlink: add synchronization for stats update Tali Perry <tali.perry1(a)gmail.com> i2c: npcm: Add clock toggle recovery Petr Malat <oss(a)malat.biz> sctp: Do not wake readers in __sctp_write_space() Henk Vergonet <henk.vergonet(a)gmail.com> wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R Alok Tiwari <alok.a.tiwari(a)oracle.com> emulex/benet: correct command version selection in be_cmd_get_stats() Tan En De <ende.tan(a)starfivetech.com> i2c: designware: Invoke runtime suspend on quick slave re-registration Zilin Guan <zilin(a)seu.edu.cn> tipc: use kfree_sensitive() for aead cleanup Sergio Perez Gonzalez <sperezglz(a)gmail.com> net: macb: Check return value of dma_set_mask_and_coherent() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: Force sync policy boost with global boost on sysfs update George Moussalem <george.moussalem(a)outlook.com> thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for IP v2+ Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults Wentao Liang <vulab(a)iscas.ac.cn> media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() Hans Verkuil <hverkuil(a)xs4all.nl> media: tc358743: ignore video while HPD is low Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't select single flush for active CTL blocks Dylan Wolff <wolffd(a)comp.nus.edu.sg> jfs: Fix null-ptr-deref in jfs_ioc_trim Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx9: fix CSIB handling Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx8: fix CSIB handling Zhang Yi <yi.zhang(a)huawei.com> ext4: prevent stale extent cache entries caused by concurrent get es_cache Long Li <leo.lilong(a)huawei.com> sunrpc: fix race in cache cleanup causing stale nextcheck time Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: rkvdec: Initialize the m2m context before the controls Aditya Dutt <duttaditya18(a)gmail.com> jfs: fix array-index-out-of-bounds read in add_missing_indices Zhang Yi <yi.zhang(a)huawei.com> ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx7: fix CSIB handling Nas Chung <nas.chung(a)chipsnmedia.com> media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx10: fix CSIB handling Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Increase HFI response timeout Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() Nas Chung <nas.chung(a)chipsnmedia.com> media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/hdmi: add runtime PM calls to DDC transfer function Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix double free in delayed_free Damon Ding <damon.ding(a)rock-chips.com> drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() Long Li <leo.lilong(a)huawei.com> sunrpc: update nextcheck time when adding new cache entries Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx6: fix CSIB handling Peter Marheine <pmarheine(a)chromium.org> ACPI: battery: negate current when discharging Charan Teja Kalla <quic_charante(a)quicinc.com> PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() Yuanjun Gong <ruc_gongyuanjun(a)163.com> ASoC: tegra210_ahub: Add check to of_device_get_match_data() gldrk <me(a)rarity.fan> ACPICA: utilities: Fix overflow check in vsnprintf() Jerry Lv <Jerry.Lv(a)axis.com> power: supply: bq27xxx: Retrieve again when busy Seunghun Han <kkamagui(a)gmail.com> ACPICA: fix acpi parse and parseext cache leaks Hector Martin <marcan(a)marcan.st> ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change Ahmed Salem <x0rw3ll(a)gmail.com> ACPICA: Avoid sequence overread in call to strncmp() Guilherme G. Piccoli <gpiccoli(a)igalia.com> clocksource: Fix the CPUs' choice in the watchdog per CPU verification Seunghun Han <kkamagui(a)gmail.com> ACPICA: fix acpi operand cache leak in dswstate.c David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606_spi: fix reg write value mask Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Fix temperature calculation Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix lock symmetry in pci_slot_unlock() Huacai Chen <chenhuacai(a)loongson.cn> PCI: Add ACS quirk for Loongson PCIe Long Li <longli(a)microsoft.com> uio_hv_generic: Use correct size for interrupt and monitor pages Wentao Liang <vulab(a)iscas.ac.cn> regulator: max14577: Add error check for max14577_read_reg() Khem Raj <raj.khem(a)gmail.com> mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: iio: ad5933: Correct settling cycles encoding per datasheet Qasim Ijaz <qasdev00(a)gmail.com> net: ch9200: fix uninitialised access during mii_nway_restart Ye Bin <yebin10(a)huawei.com> ftrace: Fix UAF when lookup kallsym after ftrace disabled Mikulas Patocka <mpatocka(a)redhat.com> dm-mirror: fix a tiny race condition Wentao Liang <vulab(a)iscas.ac.cn> mtd: nand: sunxi: Add randomizer configuration before randomizer enable Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk Jinliang Zheng <alexjlzheng(a)tencent.com> mm: fix ratelimit_pages update error in dirty_ratio_handler() Jeongjun Park <aha310510(a)gmail.com> ipc: fix to protect IPCS lookups using RCU Da Xue <da(a)libre.computer> clk: meson-g12a: add missing fclk_div2 to spicc Arnd Bergmann <arnd(a)arndb.de> parisc: fix building with gcc-15 GONG Ruiqi <gongruiqi1(a)huawei.com> vgacon: Add check for vc_origin address range in vgacon_scroll() Murad Masimov <m.masimov(a)mt-integration.ru> fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> EDAC/altera: Use correct write width with the INTTEST register Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> NFC: nci: uart: Set tty->disc_data only in success path Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sit_bitmap_size Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: prevent kernel warning due to negative i_nlink from corrupted image Dan Carpenter <dan.carpenter(a)linaro.org> Input: ims-pcu - check record size in ims_pcu_flash_firmware() Zhang Yi <yi.zhang(a)huawei.com> ext4: ensure i_size is smaller than maxbytes Zhang Yi <yi.zhang(a)huawei.com> ext4: factor out ext4_get_maxbytes() Jan Kara <jack(a)suse.cz> ext4: fix calculation of credits for extent tree modification Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: inline: fix len overflow in ext4_prepare_inline_data Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device Tasos Sahanidis <tasos(a)tasossah.com> ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 Jeff Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Fix conflict between power_up and SYSERR Andreas Kemnade <andreas(a)kemnade.info> ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4 Ross Stutterheim <ross.stutterheim(a)garmin.com> ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() Denis Arefev <arefev(a)swemel.ru> media: vivid: Change the siize of the composing Edward Adam Davis <eadavis(a)qq.com> media: vidtv: Terminating the subsequent process of initialization failure Marek Szyprowski <m.szyprowski(a)samsung.com> media: videobuf2: use sgtable-based scatterlist wrappers Loic Poulain <loic.poulain(a)oss.qualcomm.com> media: venus: Fix probe error handling Ma Ke <make24(a)iscas.ac.cn> media: v4l2-dev: fix error handling in __video_register_device() Wentao Liang <vulab(a)iscas.ac.cn> media: gspca: Add error handling for stv06xx_read_sensor() Edward Adam Davis <eadavis(a)qq.com> media: cxusb: no longer judge rbuf when the write fails Johan Hovold <johan+linaro(a)kernel.org> media: ov8856: suppress probe deferral errors Mingcong Bai <jeffbai(a)aosc.io> wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 Jeongjun Park <aha310510(a)gmail.com> jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: Initialize ssc before laundromat_work to prevent NULL dereference NeilBrown <neil(a)brown.name> nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request Christian Lamparter <chunkeey(a)gmail.com> wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Wentao Liang <vulab(a)iscas.ac.cn> ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() Alexander Aring <aahringo(a)redhat.com> gfs2: move msleep to sleepable context Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Do not chain submitted requests Zijun Hu <quic_zijuhu(a)quicinc.com> configfs: Do not override creating attribute file failure in populate_attrs() Eric Dumazet <edumazet(a)google.com> tcp: tcp_data_ready() must look at SOCK_DONE Arnd Bergmann <arnd(a)arndb.de> kbuild: hdrcheck: fix cross build with clang Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: fix bitsize and target detection on clang Oliver Neukum <oneukum(a)suse.com> net: usb: aqc111: debug info before sanitation Eric Dumazet <edumazet(a)google.com> calipso: unlock rcu before returning -EAFNOSUPPORT Thomas Gleixner <tglx(a)linutronix.de> x86/iopl: Cure TIF_IO_BITMAP inconsistencies Stefano Stabellini <stefano.stabellini(a)amd.com> xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Flush altsetting 0 endpoints before reinitializating them after reset. Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang Nathan Chancellor <nathan(a)kernel.org> kbuild: Add KBUILD_CPPFLAGS to as-option invocation Masahiro Yamada <masahiroy(a)kernel.org> kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS Nathan Chancellor <nathan(a)kernel.org> kbuild: Add CLANG_FLAGS to as-instr Nathan Chancellor <nathan(a)kernel.org> mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation Nathan Chancellor <nathan(a)kernel.org> drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang Nick Desaulniers <ndesaulniers(a)google.com> kbuild: Update assembler calls to use proper flags and language target Nathan Chancellor <nathan(a)kernel.org> MIPS: Prefer cc-option for additions to cflags Nathan Chancellor <nathan(a)kernel.org> MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option Nick Desaulniers <ndesaulniers(a)google.com> x86/boot/compressed: prefer cc-option for CFLAGS additions Oleg Nesterov <oleg(a)redhat.com> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Zijun Hu <quic_zijuhu(a)quicinc.com> fs/filesystems: Fix potential unsigned integer underflow in fs_name() Eric Dumazet <edumazet(a)google.com> net_sched: ets: fix a race in ets_qdisc_change() Cong Wang <xiyou.wangcong(a)gmail.com> sch_ets: make est_qlen_notify() idempotent Eric Dumazet <edumazet(a)google.com> net_sched: tbf: fix a race in tbf_change() Eric Dumazet <edumazet(a)google.com> net_sched: red: fix a race in __red_change() Eric Dumazet <edumazet(a)google.com> net_sched: prio: fix a race in prio_tune() Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix return value when searching for existing flow group Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Ensure fw pages are always allocated on same NUMA Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds read/write access Andrew Lunn <andrew(a)lunn.ch> net: mdio: C22 is now optional, EOPNOTSUPP if not provided Carlos Fernandez <carlos.fernandez(a)technica-engineering.de> macsec: MACsec SCI assignment for ES = 0 Michal Luczaj <mhal(a)rbox.co> net: Fix TOCTOU issue in sk_is_readable() Cong Wang <cong.wang(a)bytedance.com> net: Rename ->stream_memory_read to ->sock_is_readable Cong Wang <cong.wang(a)bytedance.com> bpf: Clean up sockmap related Kconfigs Eric Dumazet <edumazet(a)google.com> tcp: factorize logic into tcp_epollin_ready() Robert Malz <robert.malz(a)canonical.com> i40e: retry VFLR handling if there is ongoing VF reset Robert Malz <robert.malz(a)canonical.com> i40e: return false from i40e_reset_vf if reset is in progress Haren Myneni <haren(a)linux.ibm.com> powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Haren Myneni <haren(a)linux.ibm.com> powerpc/vas: Move VAS API to book3s common platform Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: fix a potential crash on gso_skb handling Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: iscsi: Fix incorrect error path labels for flashnode operations Caleb Connolly <caleb.connolly(a)linaro.org> ath10k: snoc: fix unbalanced IRQ enable in crash recovery Wen Gong <wgong(a)codeaurora.org> ath10k: prevent deinitializing NAPI twice Wen Gong <wgong(a)codeaurora.org> ath10k: add atomic protection for device recovery Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check if TX data was written to device in .tx_empty() Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Fix sdhci node properties Nishanth Menon <nm(a)ti.com> arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics-rmi - fix crash with unsupported versions of F34 zhang songyi <zhang.songyi(a)zte.com.cn> Input: synaptics-rmi4 - convert to use sysfs_emit() APIs Dan Carpenter <dan.carpenter(a)linaro.org> pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Al Viro <viro(a)zeniv.linux.org.uk> do_change_type(): refuse to operate on unmounted/not ours mounts Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Ronak Doshi <ronak.doshi(a)broadcom.com> vmxnet3: correctly report gso type for UDP tunnels Michal Kubiak <michal.kubiak(a)intel.com> ice: create new Tx scheduler nodes for new queues only Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-hsspi: fix shared reset Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-spi: fix shared reset Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4_en: Prevent potential integer overflow calculating Hz Yanqing Wang <ot_yanqing.wang(a)mediatek.com> driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Charalampos Mitrodimas <charmitro(a)posteo.net> net: tipc: fix refcount warning in tipc_aead_encrypt Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt Quentin Schulz <quentin.schulz(a)cherry.de> net: stmmac: platform: guarantee uniqueness of bus_id Nicolas Pitre <npitre(a)baylibre.com> vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() WangYuli <wangyuli(a)uniontech.com> MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix 3dB filter frequency reading Henry Martin <bsdhenrymartin(a)gmail.com> serial: Fix potential null-ptr-deref in mlb_usio_probe() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> usb: renesas_usbhs: Reorder clock handling and power management in probe Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Fix offset calculation for .start_secs < 0 Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Initialize aer_err_info before using it Henry Martin <bsdhenrymartin(a)gmail.com> dmaengine: ti: Add NULL check in udma_probe() Hans Zhang <18255117159(a)163.com> PCI: cadence: Fix runtime atomic count underflow Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: sh: assign correct interrupts with DT Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when remounting nfs Li Lingfeng <lilingfeng3(a)huawei.com> nfs: clear SB_RDONLY before getting superblock Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf record: Fix incorrect --user-regs comments Leo Yan <leo.yan(a)arm.com> perf tests switch-tracking: Fix timestamp comparison Alexey Gladkov <legion(a)kernel.org> mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Dan Carpenter <dan.carpenter(a)linaro.org> rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() Adrian Hunter <adrian.hunter(a)intel.com> perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Henry Martin <bsdhenrymartin(a)gmail.com> backlight: pm8941: Add NULL check in wled_configure() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Warn when libdebuginfod devel files are not available Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Fix attribute addition Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Remove bogus void member Sergey Shtylyov <s.shtylyov(a)omp.ru> fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Henry Martin <bsdhenrymartin(a)gmail.com> soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() Su Hui <suhui(a)nfschina.com> soc: aspeed: lpc: Fix impossible judgment condition Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: fix double-free on mc_dev Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Wentao Liang <vulab(a)iscas.ac.cn> nilfs2: add pointer check for nilfs_direct_propagate() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check return result of sb_min_blocksize Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Fix RTC capacitive load Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: at91sam9263: fix NAND chip selects Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to correct check conditions in f2fs_cross_rename Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: use d_inode(dentry) cleanup dentry->d_inode Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Faicker Mo <faicker.mo(a)zenlayer.com> net: openvswitch: Fix the dead loop of MPLS parse Kuniyuki Iwashima <kuniyu(a)amazon.com> calipso: Don't call calipso functions for AF_INET sk. Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: aqc111: fix error handling of usbnet read calls Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_tunnel: fix geneve_opt dump Li RongQing <lirongqing(a)baidu.com> vfio/type1: Fix error unwind in migration dirty bitmap allocation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy Toke Høiland-Jørgensen <toke(a)toke.dk> wifi: ath9k_htc: Abort software beacon handling if disabled Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Store backchain even for leaf progs Vincent Knecht <vincent.knecht(a)mailoo.org> clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Tao Chen <chen.dylane(a)linux.dev> bpf: Fix WARN() in get_bpf_raw_tp_regs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: at91: Fix possible out-of-boundary access Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in nlattr Jiayuan Chen <jiayuan.chen(a)linux.dev> ktls, sockmap: Fix missing uncharge operation Henry Martin <bsdhenrymartin(a)gmail.com> clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Huajian Yang <huajianyang(a)asrmicro.com> netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Chao Yu <chao(a)kernel.org> f2fs: clean up w/ fscrypt_is_bounce_page() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: do not ignore hardware read error during DPK Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix GCPS 64-bit member variables Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sbi->total_valid_block_count Stone Zhang <quic_stonez(a)quicinc.com> wifi: ath11k: fix node corruption in ar->arvifs list Huang Yiwei <quic_hyiwei(a)quicinc.com> firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Biju Das <biju.das.jz(a)bp.renesas.com> drm/tegra: rgb: Fix the unbound reference count Kees Cook <kees(a)kernel.org> drm/vkms: Adjust vkms_state->active_planes allocation type Biju Das <biju.das.jz(a)bp.renesas.com> drm: rcar-du: Fix memory leak in rcar_du_vsps_init() Neill Kapron <nkapron(a)google.com> selftests/seccomp: fix syscall_restart test for arm compat Miaoqian Lin <linmq006(a)gmail.com> firmware: psci: Fix refcount leak in psci_dt_init Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix macintosh_config for Mac II Jonas Karlman <jonas(a)kwiboo.se> media: rkvdec: Fix frame size enumeration Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Add seqno waiter for sync_files Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix maximum DMA transfer size Armin Wolf <W_Armin(a)gmx.de> ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Zijun Hu <quic_zijuhu(a)quicinc.com> PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() Alexander Shiyan <eagle.alexander923(a)gmail.com> power: reset: at91-reset: Optimize at91_reset() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Fix general protection fault Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - move fallback ahash_request to the end of the struct Herbert Xu <herbert(a)gondor.apana.org.au> crypto: xts - Only add ecb if it is not already there Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lrw - Only add ecb if it is not already there Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Avoid empty transfer descriptor Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Handle zero-length skcipher requests Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Sanitize CPUID(0x80000000) output Corentin Labbe <clabbe.montjoie(a)gmail.com> crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Qing Wang <wangqing7171(a)gmail.com> perf/core: Fix broken throttling when max_samples_per_tick=1 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: gfs2_create_inode error handling fix Florian Westphal <fw(a)strlen.de> netfilter: nft_socket: fix sk refcount leaks Sergey Senozhatsky <senozhatsky(a)chromium.org> thunderbolt: Do not double dequeue a configuration request Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix timeout value in get_stb Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li <lijiayi(a)kylinos.cn> usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Gautham R. Shenoy <gautham.shenoy(a)amd.com> acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: set GPIO output value before setting direction Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 Pan Taixi <pantaixi(a)huaweicloud.com> tracing: Fix compilation warning on arm32 ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 7 +- MAINTAINERS | 9 + Makefile | 11 +- arch/arm/boot/dts/am335x-bone-common.dtsi | 8 + arch/arm/boot/dts/at91sam9263ek.dts | 2 +- arch/arm/boot/dts/qcom-apq8064.dtsi | 13 +- arch/arm/boot/dts/tny_a9263.dts | 2 +- arch/arm/boot/dts/usb_a9263.dts | 4 +- arch/arm/mach-omap2/clockdomain.h | 1 + arch/arm/mach-omap2/clockdomains33xx_data.c | 2 +- arch/arm/mach-omap2/cm33xx.c | 14 +- arch/arm/mach-omap2/pmic-cpcap.c | 6 +- arch/arm/mm/ioremap.c | 4 +- .../boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 + .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 - arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 20 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/debug-monitors.h | 12 - arch/arm64/include/asm/insn.h | 114 +++++++- arch/arm64/include/asm/spectre.h | 4 +- arch/arm64/kernel/insn.c | 199 ++++++++++++- arch/arm64/kernel/proton-pack.c | 202 ++++++++------ arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/net/bpf_jit.h | 11 +- arch/arm64/net/bpf_jit_comp.c | 58 +++- arch/arm64/xen/hypercall.S | 21 +- arch/m68k/mac/config.c | 2 +- arch/mips/Makefile | 6 +- .../boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 + arch/mips/loongson2ef/Platform | 2 +- arch/mips/vdso/Makefile | 1 + arch/nios2/include/asm/pgtable.h | 16 ++ arch/parisc/boot/compressed/Makefile | 1 + arch/powerpc/include/asm/vas.h | 3 + arch/powerpc/kernel/eeh.c | 2 + arch/powerpc/platforms/Kconfig | 1 + arch/powerpc/platforms/Makefile | 1 + arch/powerpc/platforms/book3s/Kconfig | 15 + arch/powerpc/platforms/book3s/Makefile | 2 + .../platforms/{powernv => book3s}/vas-api.c | 11 +- arch/powerpc/platforms/powernv/Kconfig | 14 - arch/powerpc/platforms/powernv/Makefile | 2 +- arch/powerpc/platforms/powernv/vas.h | 2 - arch/s390/net/bpf_jit_comp.c | 12 +- arch/s390/pci/pci_mmio.c | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/kernel/cpu/bugs.c | 10 +- arch/x86/kernel/cpu/common.c | 17 +- arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/ioport.c | 13 +- arch/x86/kernel/process.c | 6 + crypto/lrw.c | 4 +- crypto/xts.c | 4 +- drivers/acpi/acpica/dsutils.c | 9 +- drivers/acpi/acpica/psobject.c | 52 +--- drivers/acpi/acpica/utprint.c | 7 +- drivers/acpi/apei/Kconfig | 1 + drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/battery.c | 19 +- drivers/acpi/osi.c | 1 - drivers/ata/pata_via.c | 3 +- drivers/atm/atmtcp.c | 4 +- drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 3 +- drivers/base/power/runtime.c | 2 +- drivers/base/swnode.c | 2 +- drivers/block/aoe/aoedev.c | 8 + drivers/bus/fsl-mc/fsl-mc-bus.c | 6 +- drivers/bus/fsl-mc/mc-io.c | 19 +- drivers/bus/fsl-mc/mc-sys.c | 2 +- drivers/bus/mhi/host/pm.c | 18 +- drivers/bus/ti-sysc.c | 49 ---- drivers/clk/bcm/clk-raspberrypi.c | 2 + drivers/clk/meson/g12a.c | 1 + drivers/clk/qcom/gcc-msm8939.c | 4 +- drivers/clk/rockchip/clk-rk3036.c | 1 + drivers/cpufreq/acpi-cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 6 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +- .../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +- drivers/crypto/marvell/cesa/cesa.c | 2 +- drivers/crypto/marvell/cesa/cesa.h | 9 +- drivers/crypto/marvell/cesa/cipher.c | 3 + drivers/crypto/marvell/cesa/hash.c | 2 +- drivers/crypto/marvell/cesa/tdma.c | 53 ++-- drivers/dma-buf/udmabuf.c | 5 +- drivers/dma/ti/k3-udma.c | 3 +- drivers/edac/altera_edac.c | 6 +- drivers/edac/skx_common.c | 1 + drivers/firmware/Kconfig | 1 - drivers/firmware/arm_sdei.c | 11 +- drivers/firmware/psci/psci.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 - drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 - drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 4 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 18 +- drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 3 +- drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 5 +- drivers/gpu/drm/msm/adreno/a6xx_hfi.c | 2 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 3 +- drivers/gpu/drm/msm/hdmi/hdmi_i2c.c | 14 +- drivers/gpu/drm/nouveau/nouveau_backlight.c | 2 +- drivers/gpu/drm/rcar-du/rcar_du_kms.c | 10 +- drivers/gpu/drm/tegra/rgb.c | 14 +- drivers/gpu/drm/vkms/vkms_crtc.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 ++ drivers/hid/hid-hyperv.c | 5 +- drivers/hid/usbhid/hid-core.c | 25 +- drivers/hwmon/occ/common.c | 307 ++++++++++++--------- drivers/i2c/busses/i2c-designware-slave.c | 2 +- drivers/i2c/busses/i2c-npcm7xx.c | 12 +- drivers/iio/adc/ad7124.c | 4 +- drivers/iio/adc/ad7606_spi.c | 2 +- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 + drivers/infiniband/hw/hns/hns_roce_main.c | 1 - drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 - drivers/infiniband/hw/mlx5/qpc.c | 30 +- drivers/input/misc/ims-pcu.c | 6 + drivers/input/misc/sparcspkr.c | 22 +- drivers/input/rmi4/rmi_f34.c | 135 +++++---- drivers/iommu/amd/iommu.c | 8 + drivers/md/dm-raid1.c | 5 +- drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 +- drivers/media/i2c/ov8856.c | 9 +- drivers/media/i2c/tc358743.c | 4 + drivers/media/platform/exynos4-is/fimc-is-regs.c | 1 + drivers/media/platform/qcom/venus/core.c | 16 +- drivers/media/test-drivers/vidtv/vidtv_channel.c | 2 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 2 +- drivers/media/usb/dvb-usb/cxusb.c | 3 +- drivers/media/usb/gspca/stv06xx/stv06xx_hdcs.c | 7 +- drivers/media/v4l2-core/v4l2-dev.c | 14 +- drivers/mfd/exynos-lpass.c | 1 - drivers/mfd/stmpe-spi.c | 2 +- drivers/mtd/nand/raw/sunxi_nand.c | 2 + drivers/net/ethernet/aquantia/atlantic/aq_main.c | 1 - drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 + drivers/net/ethernet/cadence/macb_main.c | 6 +- drivers/net/ethernet/dlink/dl2k.c | 14 +- drivers/net/ethernet/dlink/dl2k.h | 2 + drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_common.c | 7 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 +- drivers/net/ethernet/intel/ice/ice_arfs.c | 48 ++++ drivers/net/ethernet/intel/ice/ice_sched.c | 11 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 + drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +- .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 18 +- drivers/net/ethernet/microchip/lan743x_main.c | 4 +- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 +- drivers/net/macsec.c | 40 ++- drivers/net/phy/mdio_bus.c | 16 +- drivers/net/phy/mscc/mscc_ptp.c | 4 +- drivers/net/usb/aqc111.c | 10 +- drivers/net/usb/ch9200.c | 7 +- drivers/net/vmxnet3/vmxnet3_drv.c | 26 ++ drivers/net/vxlan/vxlan_core.c | 8 +- drivers/net/wireless/ath/ath10k/ahb.c | 5 +- drivers/net/wireless/ath/ath10k/core.c | 36 +++ drivers/net/wireless/ath/ath10k/core.h | 9 + drivers/net/wireless/ath/ath10k/debug.c | 6 +- drivers/net/wireless/ath/ath10k/mac.c | 1 + drivers/net/wireless/ath/ath10k/pci.c | 9 +- drivers/net/wireless/ath/ath10k/sdio.c | 11 +- drivers/net/wireless/ath/ath10k/snoc.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 +- drivers/net/wireless/ath/ath11k/core.c | 8 +- drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 + drivers/net/wireless/ath/carl9170/usb.c | 19 +- drivers/net/wireless/intersil/p54/fwio.c | 2 + drivers/net/wireless/intersil/p54/p54.h | 1 + drivers/net/wireless/intersil/p54/txrx.c | 13 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 2 + .../net/wireless/mediatek/mt76/mt76x2/usb_init.c | 13 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 10 + drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 11 +- drivers/pci/pci.c | 3 +- drivers/pci/pcie/dpc.c | 2 +- drivers/pci/quirks.c | 23 ++ drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 35 ++- drivers/pinctrl/pinctrl-at91.c | 6 +- drivers/platform/Kconfig | 2 + drivers/platform/Makefile | 1 + drivers/platform/surface/Kconfig | 14 + drivers/platform/surface/Makefile | 5 + drivers/platform/x86/dell_rbu.c | 6 +- drivers/power/reset/at91-reset.c | 5 +- drivers/power/supply/bq27xxx_battery.c | 2 +- drivers/power/supply/bq27xxx_battery_i2c.c | 13 +- drivers/rapidio/rio_cm.c | 3 + drivers/regulator/max14577-regulator.c | 5 +- drivers/rpmsg/qcom_smd.c | 2 +- drivers/rtc/Kconfig | 10 + drivers/rtc/Makefile | 1 + drivers/rtc/class.c | 2 +- drivers/rtc/lib.c | 121 ++++++-- drivers/rtc/lib_test.c | 79 ++++++ drivers/rtc/rtc-sh.c | 12 +- drivers/s390/scsi/zfcp_sysfs.c | 2 + drivers/scsi/lpfc/lpfc_hbadisc.c | 2 +- drivers/scsi/lpfc/lpfc_sli.c | 4 +- drivers/scsi/scsi_transport_iscsi.c | 11 +- drivers/scsi/storvsc_drv.c | 10 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 +- drivers/spi/spi-bcm63xx-hsspi.c | 2 +- drivers/spi/spi-bcm63xx.c | 2 +- drivers/spi/spi-sh-msiof.c | 13 +- drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- drivers/staging/media/rkvdec/rkvdec.c | 24 +- drivers/tee/tee_core.c | 11 +- drivers/thermal/qcom/tsens.c | 10 +- drivers/thunderbolt/ctl.c | 5 + drivers/tty/serial/milbeaut_usio.c | 5 +- drivers/tty/serial/sh-sci.c | 97 +++++-- drivers/tty/vt/vt_ioctl.c | 2 - drivers/uio/uio_hv_generic.c | 4 +- drivers/usb/class/usbtmc.c | 4 +- drivers/usb/core/hub.c | 16 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/function/f_hid.c | 12 +- drivers/usb/renesas_usbhs/common.c | 50 +++- drivers/usb/storage/unusual_uas.h | 7 + drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/qcom-wled.c | 6 +- drivers/video/console/vgacon.c | 2 +- drivers/video/fbdev/core/fbcvt.c | 2 +- drivers/video/fbdev/core/fbmem.c | 4 +- drivers/watchdog/da9052_wdt.c | 1 + fs/configfs/dir.c | 2 +- fs/exfat/nls.c | 1 + fs/ext4/ext4.h | 7 + fs/ext4/extents.c | 39 ++- fs/ext4/file.c | 7 +- fs/ext4/inline.c | 2 +- fs/ext4/inode.c | 3 +- fs/ext4/ioctl.c | 8 +- fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 10 +- fs/f2fs/namei.c | 19 +- fs/f2fs/super.c | 12 +- fs/filesystems.c | 14 +- fs/gfs2/inode.c | 3 +- fs/gfs2/lock_dlm.c | 3 +- fs/jbd2/transaction.c | 5 +- fs/jffs2/erase.c | 4 +- fs/jffs2/scan.c | 4 +- fs/jffs2/summary.c | 7 +- fs/jfs/jfs_discard.c | 3 +- fs/jfs/jfs_dtree.c | 18 +- fs/namespace.c | 4 + fs/nfs/super.c | 19 ++ fs/nfsd/nfs4proc.c | 3 +- fs/nfsd/nfssvc.c | 6 +- fs/nilfs2/btree.c | 4 +- fs/nilfs2/direct.c | 3 + fs/squashfs/super.c | 5 + include/acpi/actypes.h | 2 +- include/linux/arm_sdei.h | 4 +- include/linux/atmdev.h | 6 + include/linux/bpf.h | 26 +- include/linux/bpf_types.h | 6 +- include/linux/hid.h | 3 +- include/linux/hugetlb.h | 6 + include/linux/mlx5/driver.h | 1 + include/linux/mm.h | 3 + include/linux/mm_types.h | 3 + include/linux/skmsg.h | 18 ++ include/net/checksum.h | 2 +- include/net/sock.h | 11 +- include/net/tcp.h | 28 +- include/net/tls.h | 2 +- include/net/udp.h | 4 +- include/trace/events/erofs.h | 18 -- include/uapi/linux/bpf.h | 2 + include/uapi/linux/videodev2.h | 12 +- init/Kconfig | 1 + ipc/shm.c | 5 +- kernel/bpf/verifier.c | 175 +----------- kernel/events/core.c | 23 +- kernel/exit.c | 17 +- kernel/power/wakelock.c | 3 + kernel/time/clocksource.c | 2 +- kernel/time/posix-cpu-timers.c | 9 + kernel/trace/bpf_trace.c | 2 +- kernel/trace/ftrace.c | 10 +- kernel/trace/trace.c | 2 +- lib/Kconfig | 1 + mm/huge_memory.c | 2 +- mm/hugetlb.c | 117 +++++++- mm/mmap.c | 8 + mm/page-writeback.c | 2 +- net/Kconfig | 6 +- net/atm/common.c | 1 + net/atm/lec.c | 12 +- net/atm/raw.c | 2 +- net/bluetooth/l2cap_core.c | 3 +- net/bridge/netfilter/nf_conntrack_bridge.c | 12 +- net/core/Makefile | 6 +- net/core/filter.c | 5 +- net/core/skmsg.c | 145 +++++----- net/core/sock.c | 4 +- net/core/sock_map.c | 2 + net/core/utils.c | 4 +- net/ipv4/Makefile | 2 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/route.c | 4 + net/ipv4/tcp.c | 21 +- net/ipv4/tcp_bpf.c | 8 +- net/ipv4/tcp_input.c | 74 ++--- net/ipv6/calipso.c | 8 + net/ipv6/ila/ila_common.c | 6 +- net/ipv6/netfilter.c | 12 +- net/ipv6/netfilter/nft_fib_ipv6.c | 13 +- net/mac80211/mesh_hwmp.c | 6 +- net/mpls/af_mpls.c | 4 +- net/ncsi/internal.h | 21 +- net/ncsi/ncsi-pkt.h | 23 +- net/ncsi/ncsi-rsp.c | 21 +- net/netfilter/nft_socket.c | 5 +- net/netfilter/nft_tunnel.c | 8 +- net/netlabel/netlabel_kapi.c | 5 + net/nfc/nci/uart.c | 8 +- net/openvswitch/flow.c | 2 +- net/sched/sch_ets.c | 10 +- net/sched/sch_prio.c | 2 +- net/sched/sch_red.c | 2 +- net/sched/sch_sfq.c | 117 +++++--- net/sched/sch_tbf.c | 2 +- net/sctp/socket.c | 3 +- net/sunrpc/cache.c | 17 +- net/tipc/crypto.c | 8 +- net/tipc/udp_media.c | 4 +- net/tls/tls_main.c | 4 +- net/tls/tls_sw.c | 9 +- scripts/Kbuild.include | 8 +- scripts/Kconfig.include | 2 +- scripts/as-version.sh | 2 +- scripts/gcc-plugins/gcc-common.h | 32 +++ scripts/gcc-plugins/randomize_layout_plugin.c | 40 +-- security/selinux/xfrm.c | 2 +- sound/pci/hda/hda_intel.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/tas2770.c | 30 +- sound/soc/meson/meson-card-utils.c | 2 +- sound/soc/qcom/sdm845.c | 4 + sound/soc/tegra/tegra210_ahub.c | 2 + sound/usb/mixer_maps.c | 12 + tools/include/uapi/linux/bpf.h | 2 + tools/lib/bpf/nlattr.c | 15 +- tools/perf/Makefile.config | 2 + tools/perf/builtin-record.c | 2 +- tools/perf/scripts/python/exported-sql-viewer.py | 5 +- tools/perf/tests/switch-tracking.c | 2 +- tools/perf/ui/browsers/hists.c | 2 +- tools/testing/selftests/bpf/prog_tests/align.c | 36 +-- tools/testing/selftests/seccomp/seccomp_bpf.c | 7 +- usr/include/Makefile | 2 +- 369 files changed, 3117 insertions(+), 1586 deletions(-)

2 months

8
364
0 0

[PATCH 6.12 000/165] 6.12.39-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.39 release. There are 165 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 16:35:06 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.39-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.39-rc2 Michael Jeanson <mjeanson(a)efficios.com> rseq: Fix segfault on registration when rseq_cs is non-zero Lukas Wunner <lukas(a)wunner.de> crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Mark Brown <broonie(a)kernel.org> arm64: Filter out SME hwcaps when FEAT_SME isn't implemented Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: revert the adjustment of the IRQ vector sequence Gao Xiang <xiang(a)kernel.org> erofs: fix rare pcluster memory leak after unmounting Willem de Bruijn <willemb(a)google.com> selftests/bpf: adapt one more case in test_lru_map to the new target_free Daniel J. Ogorchock <djogorchock(a)gmail.com> HID: nintendo: avoid bluetooth suspend/resume stalls Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Fangrui Song <i(a)maskray.me> riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment Willem de Bruijn <willemb(a)google.com> bpf: Adjust free target to avoid global starvation of LRU map Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Long Li <longli(a)microsoft.com> net: mana: Record doorbell physical address in PF mode Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Shuai Zhang <quic_shuaz(a)quicinc.com> driver: bluetooth: hci_qca:fix unable to load the BT driver Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Fengnan Chang <changfengnan(a)bytedance.com> io_uring: make fallocate be hashed work Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 Tamura Dai <kirinode0(a)gmail.com> ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Ronnie Sahlberg <rsahlberg(a)whamcloud.com> ublk: sanity check add_dev input for underflow Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add new prio for promiscuous mode Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix race between DIM disable and net_dim() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() Hangbin Liu <liuhangbin(a)gmail.com> selftests: net: lib: fix shift count out of range Petr Machata <petrm(a)nvidia.com> selftests: net: lib: Move logging from forwarding/lib.sh here Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_readahead() Gao Xiang <xiang(a)kernel.org> erofs: refine readahead tracepoint Gao Xiang <xiang(a)kernel.org> erofs: tidy up zdata.c Gao Xiang <xiang(a)kernel.org> erofs: get rid of `z_erofs_next_pcluster_t` Chunhai Guo <guochunhai(a)vivo.com> erofs: free pclusters if no cached folio is attached Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Clear all LMTT pages on alloc Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau/gsp: fix potential leak of memory used during acpi init Felix Fietkau <nbd(a)nbd.name> wifi: rt2x00: fix remove callback type mismatch Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix non-transmitted BSSID profile search Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: correctly identify S1G short beacon Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: cfg80211: fix S1G beacon head validation in nl80211 David Howells <dhowells(a)redhat.com> netfs: Fix ref leak on inserted extra subreq in write retry Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count Gao Xiang <xiang(a)kernel.org> erofs: address D-cache aliasing Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Sascha Hauer <s.hauer(a)pengutronix.de> clk: scmi: Handle case where child clocks are initialized before their parents Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Mikhail Paulyshka <me(a)mixaill.net> x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Xiaolei Wang <xiaolei.wang(a)windriver.com> clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data Miguel Ojeda <ojeda(a)kernel.org> rust: init: allow `dead_code` warnings for Rust >= 1.89.0 Harry Yoo <harry.yoo(a)oracle.com> lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Alexander Gordeev <agordeev(a)linux.ibm.com> mm/vmalloc: leave lazy MMU mode on PTE mapping error Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts.py after maple tree conversion Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: de-reference per-CPU MCE interrupts Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts display after MCP on x86 Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: fix the inaccurate memory statistics issue for users Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Zhe Qiao <qiaozhe(a)iscas.ac.cn> Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Matthew Brost <matthew.brost(a)intel.com> drm/xe: Allocate PF queue size on pow2 boundary Thomas Zimmermann <tzimmermann(a)suse.de> drm/framebuffer: Acquire internal references on GEM handles Kuen-Han Tsai <khtsai(a)google.com> Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Matthew Brost <matthew.brost(a)intel.com> Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" Matthew Auld <matthew.auld(a)intel.com> drm/xe/bmg: fix compressed VRAM handling Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Acquire references on GEM handles for framebuffers Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Don't call mmput from MMU notifier callback Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Fix kernel crash when hard resetting the GPU Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong config for tx interrupt Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7921: prevent decap offload config before STA initialization Vitor Soares <vitor.soares(a)toradex.com> wifi: mwifiex: discard erroneous disassoc frames on STA interface Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Fix invalid state detection Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Haoxiang Li <haoxiang_li2024(a)163.com> net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Arun Raghavan <arun(a)asymptotic.io> ASoC: fsl_sai: Force a software reset when starting in consumer mode Thorsten Blum <thorsten.blum(a)linux.dev> ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Liam Merwick <liam.merwick(a)oracle.com> KVM: Allow CPU to reschedule while setting per-page memory attributes Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Nikunj A Dadhania <nikunj(a)amd.com> KVM: SVM: Add missing member in SNP_LAUNCH_START command structure David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Ensure user polling settings are honored when restarting timer Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct David Howells <dhowells(a)redhat.com> rxrpc: Fix bug due to prealloc collision Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Chintan Vankar <c-vankar(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Force predictable MDI-X state on LAN87xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap EricChan <chenchuangyu(a)xiaomi.com> net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Jiayuan Chen <jiayuan.chen(a)linux.dev> tcp: Correct signedness in skb remaining space calculation Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix `vsock_proto` declaration Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: move the WoL function to shared library Kevin Brodsky <kevin.brodsky(a)arm.com> arm64: poe: Handle spurious Overlay faults Jason Xing <kernelxing(a)tencent.com> bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL kuyo chang <kuyo.chang(a)mediatek.com> sched/deadline: Fix dl_server runtime calculation formula Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Clear GPIO debounce for suspend Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: probe() should fail if the device ID is not recognized Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Peter Zijlstra <peterz(a)infradead.org> sched/core: Fix migrate_swap() vs. hotplug Nam Cao <namcao(a)linutronix.de> irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix the WARN_ON_ONCE is out of lock protected region Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: add sof_sdw_get_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: soc-acpi: add get_function_tplg_files ops Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV Eric Biggers <ebiggers(a)kernel.org> crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 Flora Cui <flora.cui(a)amd.com> drm/amdgpu/ip_discovery: add missing ip_discovery fw Flora Cui <flora.cui(a)amd.com> drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Linus Torvalds <torvalds(a)linux-foundation.org> eventpoll: don't decrement ep refcount while still holding the ep mutex ------------- Diffstat: Documentation/bpf/map_hash.rst | 8 +- Documentation/bpf/map_lru_hash_update.dot | 6 +- Makefile | 4 +- arch/arm64/kernel/cpufeature.c | 45 ++-- arch/arm64/kernel/process.c | 5 + arch/arm64/mm/fault.c | 30 ++- arch/riscv/kernel/vdso/vdso.lds.S | 2 +- arch/s390/crypto/sha1_s390.c | 2 + arch/s390/crypto/sha256_s390.c | 3 + arch/s390/crypto/sha512_s390.c | 3 + arch/um/drivers/vector_kern.c | 42 ++-- arch/x86/Kconfig | 2 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 7 + arch/x86/kernel/cpu/mce/amd.c | 28 ++- arch/x86/kernel/cpu/mce/core.c | 24 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- crypto/ecc.c | 2 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/block/ublk_drv.c | 3 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/clk/clk-scmi.c | 20 +- drivers/clk/imx/clk-imx95-blk-ctl.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 30 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 ++-- drivers/gpu/drm/drm_framebuffer.c | 31 ++- drivers/gpu/drm/drm_gem.c | 74 +++++- drivers/gpu/drm/drm_internal.h | 2 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/imagination/pvr_power.c | 4 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 +- drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 + drivers/gpu/drm/xe/xe_lmtt.c | 11 + drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/gpu/drm/xe/xe_pci.c | 1 - drivers/gpu/drm/xe/xe_pm.c | 8 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-nintendo.c | 38 +++- drivers/hid/hid-quirks.c | 3 + drivers/irqchip/Kconfig | 1 + drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 1 + drivers/md/raid10.c | 10 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 +- drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 + drivers/net/ethernet/renesas/rtsn.c | 5 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 +- drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 3 +- drivers/net/phy/qcom/at803x.c | 27 --- drivers/net/phy/qcom/qca808x.c | 2 +- drivers/net/phy/qcom/qcom-phy-lib.c | 25 ++ drivers/net/phy/qcom/qcom.h | 5 + drivers/net/phy/smsc.c | 57 ++++- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/marvell/mwifiex/util.c | 4 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 +- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pci/pci-acpi.c | 23 +- drivers/pinctrl/pinctrl-amd.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/pwm/core.c | 2 +- drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/gadget/function/u_serial.c | 12 +- fs/btrfs/free-space-tree.c | 16 +- fs/erofs/data.c | 21 +- fs/erofs/decompressor.c | 12 +- fs/erofs/fileio.c | 6 +- fs/erofs/internal.h | 2 +- fs/erofs/zdata.c | 251 +++++++++----------- fs/erofs/zutil.c | 7 +- fs/eventpoll.c | 12 +- fs/netfs/write_collect.c | 2 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/proc/task_mmu.c | 14 +- fs/smb/server/smb2pdu.c | 29 +-- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/drm_framebuffer.h | 7 + include/drm/spsc_queue.h | 4 +- include/linux/ieee80211.h | 45 +++- include/linux/math.h | 12 + include/linux/mm.h | 5 + include/linux/psp-sev.h | 2 + include/net/af_vsock.h | 2 +- include/net/netfilter/nf_flow_table.h | 2 +- include/sound/soc-acpi.h | 13 ++ include/trace/events/erofs.h | 2 +- io_uring/opdef.c | 1 + kernel/bpf/bpf_lru_list.c | 9 +- kernel/bpf/bpf_lru_list.h | 1 + kernel/events/core.c | 6 +- kernel/rseq.c | 60 ++++- kernel/sched/core.c | 5 + kernel/sched/deadline.c | 10 +- kernel/stop_machine.c | 20 +- lib/alloc_tag.c | 3 + lib/maple_tree.c | 1 + mm/kasan/report.c | 13 +- mm/vmalloc.c | 22 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 ++++-- net/bluetooth/hci_event.c | 3 + net/bluetooth/hci_sync.c | 2 +- net/ipv4/tcp.c | 2 +- net/ipv6/addrconf.c | 9 +- net/mac80211/mlme.c | 7 +- net/mac80211/parse.c | 6 +- net/netlink/af_netlink.c | 90 +++++--- net/rxrpc/call_accept.c | 4 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 ++++- net/wireless/nl80211.c | 7 +- net/wireless/util.c | 52 ++++- rust/kernel/init/macros.rs | 2 + scripts/gdb/linux/constants.py.in | 7 + scripts/gdb/linux/interrupts.py | 16 +- scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++++ scripts/gdb/linux/xarray.py | 28 +++ sound/isa/ad1816a/ad1816a.c | 2 +- sound/pci/hda/patch_realtek.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/fsl/fsl_asrc.c | 3 +- sound/soc/fsl/fsl_sai.c | 14 +- sound/soc/intel/boards/Kconfig | 1 + sound/soc/intel/common/Makefile | 2 +- sound/soc/intel/common/soc-acpi-intel-arl-match.c | 66 +++++- sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++++++++ sound/soc/intel/common/sof-function-topology-lib.h | 15 ++ sound/soc/sof/intel/hda.c | 6 +- tools/arch/x86/include/asm/msr-index.h | 1 + tools/include/linux/kallsyms.h | 4 + tools/testing/selftests/bpf/test_lru_map.c | 105 ++++----- tools/testing/selftests/net/forwarding/lib.sh | 113 --------- tools/testing/selftests/net/lib.sh | 115 ++++++++++ virt/kvm/kvm_main.c | 3 + 175 files changed, 2014 insertions(+), 880 deletions(-)

2 months

10
9
0 0

[PATCH 6.15 000/192] 6.15.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.7 release. There are 192 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.7-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.7-rc1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Nikunj A Dadhania <nikunj(a)amd.com> x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: revert the adjustment of the IRQ vector sequence Willem de Bruijn <willemb(a)google.com> selftests/bpf: adapt one more case in test_lru_map to the new target_free Daniel J. Ogorchock <djogorchock(a)gmail.com> HID: nintendo: avoid bluetooth suspend/resume stalls Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Fangrui Song <i(a)maskray.me> riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment Willem de Bruijn <willemb(a)google.com> bpf: Adjust free target to avoid global starvation of LRU map Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Long Li <longli(a)microsoft.com> net: mana: Record doorbell physical address in PF mode Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Shuai Zhang <quic_shuaz(a)quicinc.com> driver: bluetooth: hci_qca:fix unable to load the BT driver Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Fengnan Chang <changfengnan(a)bytedance.com> io_uring: make fallocate be hashed work Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 6 G1a Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 Jack Yu <jack.yu(a)realtek.com> ASoC: rt721-sdca: fix boost gain calculation error Tamura Dai <kirinode0(a)gmail.com> ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Ronnie Sahlberg <rsahlberg(a)whamcloud.com> ublk: sanity check add_dev input for underflow Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Flush FW trace before copying to the coredump Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add new prio for promiscuous mode Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix race between DIM disable and net_dim() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Reset bw_share field when changing a node's parent Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/pm: Restore display pm if there is error after display suspend Hangbin Liu <liuhangbin(a)gmail.com> selftests: net: lib: fix shift count out of range Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: add the virtual monitor after reconfig complete Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_readahead() Gao Xiang <xiang(a)kernel.org> erofs: refine readahead tracepoint Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Clear all LMTT pages on alloc Pankaj Raghav <p.raghav(a)samsung.com> block: reject bs > ps block devices when THP is disabled Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Remove RCU section in mt7996_mac_sta_rc_work() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Move RCU section in mt7996_mcu_add_rate_ctrl() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Move RCU section in mt7996_mcu_add_rate_ctrl_fixed() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Move RCU section in mt7996_mcu_set_fixed_field() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Assume __mt76_connac_mcu_alloc_sta_req runs in atomic context Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau/gsp: fix potential leak of memory used during acpi init Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix pp destruction warnings Felix Fietkau <nbd(a)nbd.name> wifi: rt2x00: fix remove callback type mismatch Moon Hee Lee <moonhee.lee.ca(a)gmail.com> wifi: mac80211: reject VHT opmode for unsupported channel widths Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix non-transmitted BSSID profile search Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: correctly identify S1G short beacon Zheng Qixing <zhengqixing(a)huawei.com> md/raid1,raid10: strip REQ_NOWAIT from member bios Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: cfg80211: fix S1G beacon head validation in nl80211 Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count Gao Xiang <xiang(a)kernel.org> erofs: fix large fragment handling Gao Xiang <xiang(a)kernel.org> erofs: address D-cache aliasing Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Sascha Hauer <s.hauer(a)pengutronix.de> clk: scmi: Handle case where child clocks are initialized before their parents Julien Massot <julien.massot(a)collabora.com> dt-bindings: clock: mediatek: Add #reset-cells property for MT8188 Mikhail Paulyshka <me(a)mixaill.net> x86/CPU/AMD: Disable INVLPGB on Zen2 Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Mikhail Paulyshka <me(a)mixaill.net> x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Xiaolei Wang <xiaolei.wang(a)windriver.com> clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data Harry Yoo <harry.yoo(a)oracle.com> lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Honggyu Kim <honggyu.kim(a)sk.com> samples/damon: fix damon sample wsse for start failure Honggyu Kim <honggyu.kim(a)sk.com> samples/damon: fix damon sample prcl for start failure Honggyu Kim <honggyu.kim(a)sk.com> mm/damon: fix divide by zero in damon_get_intervals_score() SeongJae Park <sj(a)kernel.org> mm/damon/core: handle damon_call_control as normal under kdmond deactivation Lance Yang <lance.yang(a)linux.dev> mm/rmap: fix potential out-of-bounds page table access during batched unmap Alexander Gordeev <agordeev(a)linux.ibm.com> mm/vmalloc: leave lazy MMU mode on PTE mapping error Illia Ostapyshyn <illia(a)yshyn.com> scripts: gdb: vfs: support external dentry names Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts.py after maple tree conversion Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: de-reference per-CPU MCE interrupts Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts display after MCP on x86 Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: fix the inaccurate memory statistics issue for users Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Zhe Qiao <qiaozhe(a)iscas.ac.cn> Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Matthew Brost <matthew.brost(a)intel.com> drm/xe: Allocate PF queue size on pow2 boundary Thomas Zimmermann <tzimmermann(a)suse.de> drm/framebuffer: Acquire internal references on GEM handles Kuen-Han Tsai <khtsai(a)google.com> Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Aaron Thompson <dev(a)aaront.org> drm/nouveau: Do not fail module init on debugfs errors Matthew Brost <matthew.brost(a)intel.com> Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" Matthew Auld <matthew.auld(a)intel.com> drm/xe/bmg: fix compressed VRAM handling Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Acquire references on GEM handles for framebuffers Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: add hqd_sdma_get_doorbell callbacks for gfx7/8 Kent Russell <kent.russell(a)amd.com> drm/amdgpu: Include sdma_4_4_4.bin Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Don't call mmput from MMU notifier callback Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Fix kernel crash when hard resetting the GPU Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong config for tx interrupt Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7921: prevent decap offload config before STA initialization Vitor Soares <vitor.soares(a)toradex.com> wifi: mwifiex: discard erroneous disassoc frames on STA interface Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Fix invalid state detection Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Miquel Raynal <miquel.raynal(a)bootlin.com> pinctrl: nuvoton: Fix boot on ma35dx platforms Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> gpiolib: fix performance regression when using gpio_chip_get_multiple() Haoxiang Li <haoxiang_li2024(a)163.com> net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Jens Axboe <axboe(a)kernel.dk> io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU Arun Raghavan <arun(a)asymptotic.io> ASoC: fsl_sai: Force a software reset when starting in consumer mode Mark Brown <broonie(a)kernel.org> arm64: Filter out SME hwcaps when FEAT_SME isn't implemented Edip Hazuri <edip(a)medip.dev> ALSA: hda/realtek - Add mute LED support for HP Victus 15-fb2xxx Thorsten Blum <thorsten.blum(a)linux.dev> ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> sched: Fix preemption string of preempt_dynamic_none Liam Merwick <liam.merwick(a)oracle.com> KVM: Allow CPU to reschedule while setting per-page memory attributes Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Nikunj A Dadhania <nikunj(a)amd.com> KVM: SVM: Add missing member in SNP_LAUNCH_START command structure Manuel Andreas <manuel.andreas(a)tum.de> KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Ensure user polling settings are honored when restarting timer Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Eric Biggers <ebiggers(a)kernel.org> crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 David Howells <dhowells(a)redhat.com> rxrpc: Fix bug due to prealloc collision Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Chintan Vankar <c-vankar(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Force predictable MDI-X state on LAN87xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap EricChan <chenchuangyu(a)xiaomi.com> net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Petr Pavlu <petr.pavlu(a)suse.com> module: Fix memory deallocation on error path in move_module() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: airoha: Fix an error handling path in airoha_probe() Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Jiayuan Chen <jiayuan.chen(a)linux.dev> tcp: Correct signedness in skb remaining space calculation Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix `vsock_proto` declaration Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: move the WoL function to shared library Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Drop wrong writes into TCR2_EL1 Kevin Brodsky <kevin.brodsky(a)arm.com> arm64: poe: Handle spurious Overlay faults Jason Xing <kernelxing(a)tencent.com> bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL kuyo chang <kuyo.chang(a)mediatek.com> sched/deadline: Fix dl_server runtime calculation formula Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Clear GPIO debounce for suspend Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix attempting to send HCI_Disconnect to BIS handle Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Remove check of BDADDR_ANY in hci_conn_hash_lookup_big_state Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: probe() should fail if the device ID is not recognized Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Heiko Carstens <hca(a)linux.ibm.com> objtool: Add missing endian conversion to read_annotate() Peter Zijlstra <peterz(a)infradead.org> sched/core: Fix migrate_swap() vs. hotplug Nam Cao <namcao(a)linutronix.de> irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ Shiju Jose <shiju.jose(a)huawei.com> EDAC: Initialize EDAC features sysfs attributes Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix the WARN_ON_ONCE is out of lock protected region Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: add sof_sdw_get_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: soc-acpi: add get_function_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Linus Torvalds <torvalds(a)linux-foundation.org> eventpoll: don't decrement ep refcount while still holding the ep mutex ------------- Diffstat: Documentation/bpf/map_hash.rst | 8 +- Documentation/bpf/map_lru_hash_update.dot | 6 +- .../bindings/clock/mediatek,mt8188-clock.yaml | 3 + Makefile | 4 +- arch/arm64/kernel/cpufeature.c | 57 +++-- arch/arm64/kernel/process.c | 5 + arch/arm64/mm/fault.c | 30 ++- arch/arm64/mm/proc.S | 1 - arch/riscv/kernel/vdso/vdso.lds.S | 2 +- arch/s390/crypto/sha1_s390.c | 2 + arch/s390/crypto/sha256_s390.c | 3 + arch/s390/crypto/sha512_s390.c | 3 + arch/um/drivers/vector_kern.c | 42 ++-- arch/x86/Kconfig | 2 +- arch/x86/coco/sev/core.c | 22 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/sev.h | 17 +- arch/x86/kernel/cpu/amd.c | 10 + arch/x86/kernel/cpu/mce/amd.c | 28 ++- arch/x86/kernel/cpu/mce/core.c | 24 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/hyperv.c | 3 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/block/ublk_drv.c | 3 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/clk/clk-scmi.c | 20 +- drivers/clk/imx/clk-imx95-blk-ctl.c | 12 +- drivers/edac/ecs.c | 4 +- drivers/edac/mem_repair.c | 1 + drivers/edac/scrub.c | 1 + drivers/gpio/gpiolib.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v8.c | 8 + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 ++-- drivers/gpu/drm/drm_framebuffer.c | 31 ++- drivers/gpu/drm/drm_gem.c | 74 +++++- drivers/gpu/drm/drm_internal.h | 2 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/imagination/pvr_power.c | 4 +- drivers/gpu/drm/nouveau/nouveau_debugfs.c | 6 +- drivers/gpu/drm/nouveau/nouveau_debugfs.h | 5 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 4 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 +- drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 + drivers/gpu/drm/xe/xe_lmtt.c | 11 + drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/gpu/drm/xe/xe_pci.c | 1 - drivers/gpu/drm/xe/xe_pm.c | 11 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-nintendo.c | 38 +++- drivers/hid/hid-quirks.c | 3 + drivers/irqchip/Kconfig | 1 + drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 4 +- drivers/md/raid10.c | 12 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/airoha/airoha_eth.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 18 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 +- drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 + drivers/net/ethernet/renesas/rtsn.c | 5 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 +- drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 3 +- drivers/net/phy/qcom/at803x.c | 27 --- drivers/net/phy/qcom/qca808x.c | 2 +- drivers/net/phy/qcom/qcom-phy-lib.c | 25 ++ drivers/net/phy/qcom/qcom.h | 5 + drivers/net/phy/smsc.c | 57 ++++- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/marvell/mwifiex/util.c | 4 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 40 +--- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 188 ++++++++++----- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 16 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 +- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pci/pci-acpi.c | 23 +- drivers/pinctrl/nuvoton/pinctrl-ma35.c | 10 +- drivers/pinctrl/pinctrl-amd.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/pwm/core.c | 2 +- drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/gadget/function/u_serial.c | 12 +- fs/btrfs/free-space-tree.c | 16 +- fs/erofs/data.c | 21 +- fs/erofs/decompressor.c | 12 +- fs/erofs/fileio.c | 6 +- fs/erofs/internal.h | 6 +- fs/erofs/zdata.c | 13 +- fs/erofs/zmap.c | 9 +- fs/eventpoll.c | 12 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/proc/task_mmu.c | 14 +- fs/smb/server/smb2pdu.c | 29 +-- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/drm_framebuffer.h | 7 + include/drm/spsc_queue.h | 4 +- include/linux/blkdev.h | 5 + include/linux/ieee80211.h | 45 +++- include/linux/io_uring_types.h | 2 + include/linux/mm.h | 5 + include/linux/psp-sev.h | 2 + include/net/af_vsock.h | 2 +- include/net/bluetooth/hci_core.h | 3 +- include/net/netfilter/nf_flow_table.h | 2 +- include/sound/soc-acpi.h | 13 ++ include/trace/events/erofs.h | 2 +- io_uring/msg_ring.c | 4 +- io_uring/opdef.c | 1 + io_uring/zcrx.c | 3 - kernel/bpf/bpf_lru_list.c | 9 +- kernel/bpf/bpf_lru_list.h | 1 + kernel/events/core.c | 6 +- kernel/module/main.c | 4 +- kernel/sched/core.c | 7 +- kernel/sched/deadline.c | 10 +- kernel/stop_machine.c | 20 +- lib/alloc_tag.c | 3 + lib/maple_tree.c | 1 + mm/damon/core.c | 8 +- mm/kasan/report.c | 45 +--- mm/rmap.c | 46 ++-- mm/vmalloc.c | 22 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 ++++-- net/bluetooth/hci_event.c | 3 + net/bluetooth/hci_sync.c | 4 +- net/ipv4/tcp.c | 2 +- net/ipv6/addrconf.c | 9 +- net/mac80211/cfg.c | 14 ++ net/mac80211/mlme.c | 7 +- net/mac80211/parse.c | 6 +- net/mac80211/util.c | 9 +- net/netlink/af_netlink.c | 90 +++++--- net/rxrpc/call_accept.c | 4 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 ++++- net/wireless/nl80211.c | 7 +- net/wireless/util.c | 52 ++++- samples/damon/prcl.c | 8 +- samples/damon/wsse.c | 8 +- scripts/gdb/linux/constants.py.in | 7 + scripts/gdb/linux/interrupts.py | 16 +- scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++++ scripts/gdb/linux/vfs.py | 2 +- scripts/gdb/linux/xarray.py | 28 +++ sound/isa/ad1816a/ad1816a.c | 2 +- sound/pci/hda/patch_realtek.c | 10 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/codecs/rt721-sdca.c | 23 +- sound/soc/fsl/fsl_asrc.c | 3 +- sound/soc/fsl/fsl_sai.c | 14 +- sound/soc/intel/boards/Kconfig | 1 + sound/soc/intel/common/Makefile | 2 +- sound/soc/intel/common/soc-acpi-intel-arl-match.c | 21 +- sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++++++++ sound/soc/intel/common/sof-function-topology-lib.h | 15 ++ sound/soc/sof/intel/hda.c | 6 +- tools/arch/x86/include/asm/msr-index.h | 1 + tools/include/linux/kallsyms.h | 4 + tools/objtool/check.c | 1 + tools/testing/selftests/bpf/test_lru_map.c | 105 ++++----- tools/testing/selftests/net/lib.sh | 2 +- virt/kvm/kvm_main.c | 3 + 203 files changed, 2012 insertions(+), 833 deletions(-)

2 months

20
212
0 0

[PATCH net v2 5/5] rxrpc: Fix to use conn aborts for conn-wide failures

by David Howells

Fix rxrpc to use connection-level aborts for things that affect the whole connection, such as the service ID not matching a local service. Fixes: 57af281e5389 ("rxrpc: Tidy up abort generation infrastructure") Reported-by: Jeffrey Altman <jaltman(a)auristor.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- Notes: Changes ======= ver #2) - Moved trace note declaration out to earlier patch that uses it net/rxrpc/ar-internal.h | 3 +++ net/rxrpc/call_accept.c | 12 ++++++------ net/rxrpc/io_thread.c | 14 ++++++++++++++ net/rxrpc/output.c | 19 ++++++++++--------- net/rxrpc/security.c | 8 ++++---- 5 files changed, 37 insertions(+), 19 deletions(-) diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index df1a618dbf7d..5b7342d43486 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -44,6 +44,7 @@ enum rxrpc_skb_mark { RXRPC_SKB_MARK_SERVICE_CONN_SECURED, /* Service connection response has been verified */ RXRPC_SKB_MARK_REJECT_BUSY, /* Reject with BUSY */ RXRPC_SKB_MARK_REJECT_ABORT, /* Reject with ABORT (code in skb->priority) */ + RXRPC_SKB_MARK_REJECT_CONN_ABORT, /* Reject with connection ABORT (code in skb->priority) */ }; /* @@ -1253,6 +1254,8 @@ int rxrpc_encap_rcv(struct sock *, struct sk_buff *); void rxrpc_error_report(struct sock *); bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, s32 abort_code, int err); +bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, + s32 abort_code, int err); int rxrpc_io_thread(void *data); void rxrpc_post_response(struct rxrpc_connection *conn, struct sk_buff *skb); static inline void rxrpc_wake_up_io_thread(struct rxrpc_local *local) diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index a4d76f2da684..00982a030744 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -374,8 +374,8 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, spin_lock(&rx->incoming_lock); if (rx->sk.sk_state == RXRPC_SERVER_LISTEN_DISABLED || rx->sk.sk_state == RXRPC_CLOSE) { - rxrpc_direct_abort(skb, rxrpc_abort_shut_down, - RX_INVALID_OPERATION, -ESHUTDOWN); + rxrpc_direct_conn_abort(skb, rxrpc_abort_shut_down, + RX_INVALID_OPERATION, -ESHUTDOWN); goto no_call; } @@ -422,12 +422,12 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, unsupported_service: read_unlock_irq(&local->services_lock); - return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered, - RX_INVALID_OPERATION, -EOPNOTSUPP); + return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered, + RX_INVALID_OPERATION, -EOPNOTSUPP); unsupported_security: read_unlock_irq(&local->services_lock); - return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered, - RX_INVALID_OPERATION, -EKEYREJECTED); + return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered, + RX_INVALID_OPERATION, -EKEYREJECTED); no_call: spin_unlock(&rx->incoming_lock); read_unlock_irq(&local->services_lock); diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c index 27b650d30f4d..e939ecf417c4 100644 --- a/net/rxrpc/io_thread.c +++ b/net/rxrpc/io_thread.c @@ -97,6 +97,20 @@ bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, return false; } +/* + * Directly produce a connection abort from a packet. + */ +bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, + s32 abort_code, int err) +{ + struct rxrpc_skb_priv *sp = rxrpc_skb(skb); + + trace_rxrpc_abort(0, why, sp->hdr.cid, 0, sp->hdr.seq, abort_code, err); + skb->mark = RXRPC_SKB_MARK_REJECT_CONN_ABORT; + skb->priority = abort_code; + return false; +} + static bool rxrpc_bad_message(struct sk_buff *skb, enum rxrpc_abort_reason why) { return rxrpc_direct_abort(skb, why, RX_PROTOCOL_ERROR, -EBADMSG); diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index 17c33b5cf7dd..8b5903b6e481 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -829,7 +829,13 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) msg.msg_controllen = 0; msg.msg_flags = 0; - memset(&whdr, 0, sizeof(whdr)); + whdr = (struct rxrpc_wire_header) { + .epoch = htonl(sp->hdr.epoch), + .cid = htonl(sp->hdr.cid), + .callNumber = htonl(sp->hdr.callNumber), + .serviceId = htons(sp->hdr.serviceId), + .flags = ~sp->hdr.flags & RXRPC_CLIENT_INITIATED, + }; switch (skb->mark) { case RXRPC_SKB_MARK_REJECT_BUSY: @@ -837,6 +843,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) size = sizeof(whdr); ioc = 1; break; + case RXRPC_SKB_MARK_REJECT_CONN_ABORT: + whdr.callNumber = 0; + fallthrough; case RXRPC_SKB_MARK_REJECT_ABORT: whdr.type = RXRPC_PACKET_TYPE_ABORT; code = htonl(skb->priority); @@ -850,14 +859,6 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) if (rxrpc_extract_addr_from_skb(&srx, skb) == 0) { msg.msg_namelen = srx.transport_len; - whdr.epoch = htonl(sp->hdr.epoch); - whdr.cid = htonl(sp->hdr.cid); - whdr.callNumber = htonl(sp->hdr.callNumber); - whdr.serviceId = htons(sp->hdr.serviceId); - whdr.flags = sp->hdr.flags; - whdr.flags ^= RXRPC_CLIENT_INITIATED; - whdr.flags &= RXRPC_CLIENT_INITIATED; - iov_iter_kvec(&msg.msg_iter, WRITE, iov, ioc, size); ret = do_udp_sendmsg(local->socket, &msg, size); if (ret < 0) diff --git a/net/rxrpc/security.c b/net/rxrpc/security.c index 078d91a6b77f..2bfbf2b2bb37 100644 --- a/net/rxrpc/security.c +++ b/net/rxrpc/security.c @@ -140,15 +140,15 @@ const struct rxrpc_security *rxrpc_get_incoming_security(struct rxrpc_sock *rx, sec = rxrpc_security_lookup(sp->hdr.securityIndex); if (!sec) { - rxrpc_direct_abort(skb, rxrpc_abort_unsupported_security, - RX_INVALID_OPERATION, -EKEYREJECTED); + rxrpc_direct_conn_abort(skb, rxrpc_abort_unsupported_security, + RX_INVALID_OPERATION, -EKEYREJECTED); return NULL; } if (sp->hdr.securityIndex != RXRPC_SECURITY_NONE && !rx->securities) { - rxrpc_direct_abort(skb, rxrpc_abort_no_service_key, - sec->no_key_abort, -EKEYREJECTED); + rxrpc_direct_conn_abort(skb, rxrpc_abort_no_service_key, + sec->no_key_abort, -EKEYREJECTED); return NULL; }

2 months

1
0
0 0

[PATCH net v2 4/5] rxrpc: Fix transmission of an abort in response to an abort

by David Howells

Under some circumstances, such as when a server socket is closing, ABORT packets will be generated in response to incoming packets. Unfortunately, this also may include generating aborts in response to incoming aborts - which may cause a cycle. It appears this may be made possible by giving the client a multicast address. Fix this such that rxrpc_reject_packet() will refuse to generate aborts in response to aborts. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Linus Torvalds <torvalds(a)linux-foundation.org> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- net/rxrpc/output.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index ef7b3096c95e..17c33b5cf7dd 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -814,6 +814,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) __be32 code; int ret, ioc; + if (sp->hdr.type == RXRPC_PACKET_TYPE_ABORT) + return; /* Never abort an abort. */ + rxrpc_see_skb(skb, rxrpc_skb_see_reject); iov[0].iov_base = &whdr;

2 months

1
0
0 0

[PATCH net v2 3/5] rxrpc: Fix notification vs call-release vs recvmsg

by David Howells

When a call is released, rxrpc takes the spinlock and removes it from ->recvmsg_q in an effort to prevent racing recvmsg() invocations from seeing the same call. Now, rxrpc_recvmsg() only takes the spinlock when actually removing a call from the queue; it doesn't, however, take it in the lead up to that when it checks to see if the queue is empty. It *does* hold the socket lock, which prevents a recvmsg/recvmsg race - but this doesn't prevent sendmsg from ending the call because sendmsg() drops the socket lock and relies on the call->user_mutex. Fix this by firstly removing the bit in rxrpc_release_call() that dequeues the released call and, instead, rely on recvmsg() to simply discard released calls (done in a preceding fix). Secondly, rxrpc_notify_socket() is abandoned if the call is already marked as released rather than trying to be clever by setting both pointers in call->recvmsg_link to NULL to trick list_empty(). This isn't perfect and can still race, resulting in a released call on the queue, but recvmsg() will now clean that up. Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- Notes: Changes ======= ver #2) - Moved in missing trace note declaration from later patch include/trace/events/rxrpc.h | 3 ++- net/rxrpc/call_object.c | 28 ++++++++++++---------------- net/rxrpc/recvmsg.c | 4 ++++ 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index e7dcfb1369b6..de6f6d25767c 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -322,10 +322,10 @@ EM(rxrpc_call_put_kernel, "PUT kernel ") \ EM(rxrpc_call_put_poke, "PUT poke ") \ EM(rxrpc_call_put_recvmsg, "PUT recvmsg ") \ + EM(rxrpc_call_put_release_recvmsg_q, "PUT rls-rcmq") \ EM(rxrpc_call_put_release_sock, "PUT rls-sock") \ EM(rxrpc_call_put_release_sock_tba, "PUT rls-sk-a") \ EM(rxrpc_call_put_sendmsg, "PUT sendmsg ") \ - EM(rxrpc_call_put_unnotify, "PUT unnotify") \ EM(rxrpc_call_put_userid_exists, "PUT u-exists") \ EM(rxrpc_call_put_userid, "PUT user-id ") \ EM(rxrpc_call_see_accept, "SEE accept ") \ @@ -338,6 +338,7 @@ EM(rxrpc_call_see_disconnected, "SEE disconn ") \ EM(rxrpc_call_see_distribute_error, "SEE dist-err") \ EM(rxrpc_call_see_input, "SEE input ") \ + EM(rxrpc_call_see_notify_released, "SEE nfy-rlsd") \ EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \ EM(rxrpc_call_see_release, "SEE release ") \ EM(rxrpc_call_see_userid_exists, "SEE u-exists") \ diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c index 15067ff7b1f2..918f41d97a2f 100644 --- a/net/rxrpc/call_object.c +++ b/net/rxrpc/call_object.c @@ -561,7 +561,7 @@ static void rxrpc_cleanup_rx_buffers(struct rxrpc_call *call) void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) { struct rxrpc_connection *conn = call->conn; - bool put = false, putu = false; + bool putu = false; _enter("{%d,%d}", call->debug_id, refcount_read(&call->ref)); @@ -573,23 +573,13 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) rxrpc_put_call_slot(call); - /* Make sure we don't get any more notifications */ + /* Note that at this point, the call may still be on or may have been + * added back on to the socket receive queue. recvmsg() must discard + * released calls. The CALL_RELEASED flag should prevent further + * notifications. + */ spin_lock_irq(&rx->recvmsg_lock); - - if (!list_empty(&call->recvmsg_link)) { - _debug("unlinking once-pending call %p { e=%lx f=%lx }", - call, call->events, call->flags); - list_del(&call->recvmsg_link); - put = true; - } - - /* list_empty() must return false in rxrpc_notify_socket() */ - call->recvmsg_link.next = NULL; - call->recvmsg_link.prev = NULL; - spin_unlock_irq(&rx->recvmsg_lock); - if (put) - rxrpc_put_call(call, rxrpc_call_put_unnotify); write_lock(&rx->call_lock); @@ -638,6 +628,12 @@ void rxrpc_release_calls_on_socket(struct rxrpc_sock *rx) rxrpc_put_call(call, rxrpc_call_put_release_sock); } + while ((call = list_first_entry_or_null(&rx->recvmsg_q, + struct rxrpc_call, recvmsg_link))) { + list_del_init(&call->recvmsg_link); + rxrpc_put_call(call, rxrpc_call_put_release_recvmsg_q); + } + _leave(""); } diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index 6990e37697de..7fa7e77f6bb9 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -29,6 +29,10 @@ void rxrpc_notify_socket(struct rxrpc_call *call) if (!list_empty(&call->recvmsg_link)) return; + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_notify_released); + return; + } rcu_read_lock();

2 months

1
0
0 0

[PATCH net v2 2/5] rxrpc: Fix recv-recv race of completed call

by David Howells

If a call receives an event (such as incoming data), the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up the call off of the queue, further events will cause it to be requeued, and once the socket lock is dropped (recvmsg uses call->user_mutex to allow the socket to be used in parallel), a second thread can come in and its recvmsg can pop the call off the socket queue again. In such a case, the first thread will be receiving stuff from the call and the second thread will be blocked on call->user_mutex. The first thread can, at this point, process both the event that it picked call for and the event that the second thread picked the call for and may see the call terminate - in which case the call will be "released", decoupling the call from the user call ID assigned to it (RXRPC_USER_CALL_ID in the control message). The first thread will return okay, but then the second thread will wake up holding the user_mutex and, if it sees that the call has been released by the first thread, it will BUG thusly: kernel BUG at net/rxrpc/recvmsg.c:474! Fix this by just dequeuing the call and ignoring it if it is seen to be already released. We can't tell userspace about it anyway as the user call ID has become stale. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Reported-by: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- include/trace/events/rxrpc.h | 3 +++ net/rxrpc/call_accept.c | 1 + net/rxrpc/recvmsg.c | 19 +++++++++++++++++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index 378d2dfc7392..e7dcfb1369b6 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -330,12 +330,15 @@ EM(rxrpc_call_put_userid, "PUT user-id ") \ EM(rxrpc_call_see_accept, "SEE accept ") \ EM(rxrpc_call_see_activate_client, "SEE act-clnt") \ + EM(rxrpc_call_see_already_released, "SEE alrdy-rl") \ EM(rxrpc_call_see_connect_failed, "SEE con-fail") \ EM(rxrpc_call_see_connected, "SEE connect ") \ EM(rxrpc_call_see_conn_abort, "SEE conn-abt") \ + EM(rxrpc_call_see_discard, "SEE discard ") \ EM(rxrpc_call_see_disconnected, "SEE disconn ") \ EM(rxrpc_call_see_distribute_error, "SEE dist-err") \ EM(rxrpc_call_see_input, "SEE input ") \ + EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \ EM(rxrpc_call_see_release, "SEE release ") \ EM(rxrpc_call_see_userid_exists, "SEE u-exists") \ EM(rxrpc_call_see_waiting_call, "SEE q-conn ") \ diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index 226b4bf82747..a4d76f2da684 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -219,6 +219,7 @@ void rxrpc_discard_prealloc(struct rxrpc_sock *rx) tail = b->call_backlog_tail; while (CIRC_CNT(head, tail, size) > 0) { struct rxrpc_call *call = b->call_backlog[tail]; + rxrpc_see_call(call, rxrpc_call_see_discard); rcu_assign_pointer(call->socket, rx); if (rx->app_ops && rx->app_ops->discard_new_call) { diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index 86a27fb55a1c..6990e37697de 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -447,6 +447,16 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, goto try_again; } + rxrpc_see_call(call, rxrpc_call_see_recvmsg); + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_already_released); + list_del_init(&call->recvmsg_link); + spin_unlock_irq(&rx->recvmsg_lock); + release_sock(&rx->sk); + trace_rxrpc_recvmsg(call->debug_id, rxrpc_recvmsg_unqueue, 0); + rxrpc_put_call(call, rxrpc_call_put_recvmsg); + goto try_again; + } if (!(flags & MSG_PEEK)) list_del_init(&call->recvmsg_link); else @@ -470,8 +480,13 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, release_sock(&rx->sk); - if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) - BUG(); + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_already_released); + mutex_unlock(&call->user_mutex); + if (!(flags & MSG_PEEK)) + rxrpc_put_call(call, rxrpc_call_put_recvmsg); + goto try_again; + } ret = rxrpc_recvmsg_user_id(call, msg, flags); if (ret < 0)

2 months

1
0
0 0

[PATCH net v2 1/5] rxrpc: Fix irq-disabled in local_bh_enable()

by David Howells

The rxrpc_assess_MTU_size() function calls down into the IP layer to find out the MTU size for a route. When accepting an incoming call, this is called from rxrpc_new_incoming_call() which holds interrupts disabled across the code that calls down to it. Unfortunately, the IP layer uses local_bh_enable() which, config dependent, throws a warning if IRQs are enabled: WARNING: CPU: 1 PID: 5544 at kernel/softirq.c:387 __local_bh_enable_ip+0x43/0xd0 ... RIP: 0010:__local_bh_enable_ip+0x43/0xd0 ... Call Trace: <TASK> rt_cache_route+0x7e/0xa0 rt_set_nexthop.isra.0+0x3b3/0x3f0 __mkroute_output+0x43a/0x460 ip_route_output_key_hash+0xf7/0x140 ip_route_output_flow+0x1b/0x90 rxrpc_assess_MTU_size.isra.0+0x2a0/0x590 rxrpc_new_incoming_peer+0x46/0x120 rxrpc_alloc_incoming_call+0x1b1/0x400 rxrpc_new_incoming_call+0x1da/0x5e0 rxrpc_input_packet+0x827/0x900 rxrpc_io_thread+0x403/0xb60 kthread+0x2f7/0x310 ret_from_fork+0x2a/0x230 ret_from_fork_asm+0x1a/0x30 ... hardirqs last enabled at (23): _raw_spin_unlock_irq+0x24/0x50 hardirqs last disabled at (24): _raw_read_lock_irq+0x17/0x70 softirqs last enabled at (0): copy_process+0xc61/0x2730 softirqs last disabled at (25): rt_add_uncached_list+0x3c/0x90 Fix this by moving the call to rxrpc_assess_MTU_size() out of rxrpc_init_peer() and further up the stack where it can be done without interrupts disabled. It shouldn't be a problem for rxrpc_new_incoming_call() to do it after the locks are dropped as pmtud is going to be performed by the I/O thread - and we're in the I/O thread at this point. Fixes: a2ea9a907260 ("rxrpc: Use irq-disabling spinlocks between app and I/O thread") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- net/rxrpc/ar-internal.h | 1 + net/rxrpc/call_accept.c | 1 + net/rxrpc/peer_object.c | 6 ++---- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index 376e33dce8c1..df1a618dbf7d 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -1383,6 +1383,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *, const struct sockaddr_rxrpc *); struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_local *local, struct sockaddr_rxrpc *srx, gfp_t gfp); +void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *peer); struct rxrpc_peer *rxrpc_alloc_peer(struct rxrpc_local *, gfp_t, enum rxrpc_peer_trace); void rxrpc_new_incoming_peer(struct rxrpc_local *local, struct rxrpc_peer *peer); diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index 49fccee1a726..226b4bf82747 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -406,6 +406,7 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, spin_unlock(&rx->incoming_lock); read_unlock_irq(&local->services_lock); + rxrpc_assess_MTU_size(local, call->peer); if (hlist_unhashed(&call->error_link)) { spin_lock_irq(&call->peer->lock); diff --git a/net/rxrpc/peer_object.c b/net/rxrpc/peer_object.c index e2f35e6c04d6..366431b0736c 100644 --- a/net/rxrpc/peer_object.c +++ b/net/rxrpc/peer_object.c @@ -149,8 +149,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *local, * assess the MTU size for the network interface through which this peer is * reached */ -static void rxrpc_assess_MTU_size(struct rxrpc_local *local, - struct rxrpc_peer *peer) +void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *peer) { struct net *net = local->net; struct dst_entry *dst; @@ -277,8 +276,6 @@ static void rxrpc_init_peer(struct rxrpc_local *local, struct rxrpc_peer *peer, peer->hdrsize += sizeof(struct rxrpc_wire_header); peer->max_data = peer->if_mtu - peer->hdrsize; - - rxrpc_assess_MTU_size(local, peer); } /* @@ -297,6 +294,7 @@ static struct rxrpc_peer *rxrpc_create_peer(struct rxrpc_local *local, if (peer) { memcpy(&peer->srx, srx, sizeof(*srx)); rxrpc_init_peer(local, peer, hash_key); + rxrpc_assess_MTU_size(local, peer); } _leave(" = %p", peer);

2 months

1
0
0 0

[PATCH v2] arm64: dts: qcom: qcs615: add missing dt property in QUP SEs

by Viken Dadhaniya

Add the missing required-opps and operating-points-v2 properties to several I2C, SPI, and UART nodes in the QUP SEs. Fixes: f6746dc9e379 ("arm64: dts: qcom: qcs615: Add QUPv3 configuration") Cc: stable(a)vger.kernel.org Signed-off-by: Viken Dadhaniya <viken.dadhaniya(a)oss.qualcomm.com> --- v1 -> v2: - Added Fixes and Cc tag. v1 Link: https://lore.kernel.org/all/20250626102826.3422984-1-viken.dadhaniya@oss.qu… --- --- arch/arm64/boot/dts/qcom/qcs615.dtsi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi index bfbb21035492..e033b53f0f0f 100644 --- a/arch/arm64/boot/dts/qcom/qcs615.dtsi +++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi @@ -631,6 +631,7 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, interconnect-names = "qup-core", "qup-config"; power-domains = <&rpmhpd RPMHPD_CX>; + operating-points-v2 = <&qup_opp_table>; status = "disabled"; }; @@ -654,6 +655,7 @@ &config_noc SLAVE_QUP_0 QCOM_ICC_TAG_ALWAYS>, "qup-config", "qup-memory"; power-domains = <&rpmhpd RPMHPD_CX>; + required-opps = <&rpmhpd_opp_low_svs>; dmas = <&gpi_dma0 0 1 QCOM_GPI_I2C>, <&gpi_dma0 1 1 QCOM_GPI_I2C>; dma-names = "tx", @@ -681,6 +683,7 @@ &config_noc SLAVE_QUP_0 QCOM_ICC_TAG_ALWAYS>, "qup-config", "qup-memory"; power-domains = <&rpmhpd RPMHPD_CX>; + required-opps = <&rpmhpd_opp_low_svs>; dmas = <&gpi_dma0 0 2 QCOM_GPI_I2C>, <&gpi_dma0 1 2 QCOM_GPI_I2C>; dma-names = "tx", @@ -703,6 +706,7 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, interconnect-names = "qup-core", "qup-config"; power-domains = <&rpmhpd RPMHPD_CX>; + operating-points-v2 = <&qup_opp_table>; dmas = <&gpi_dma0 0 2 QCOM_GPI_SPI>, <&gpi_dma0 1 2 QCOM_GPI_SPI>; dma-names = "tx", @@ -728,6 +732,7 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, interconnect-names = "qup-core", "qup-config"; power-domains = <&rpmhpd RPMHPD_CX>; + operating-points-v2 = <&qup_opp_table>; status = "disabled"; }; @@ -751,6 +756,7 @@ &config_noc SLAVE_QUP_0 QCOM_ICC_TAG_ALWAYS>, "qup-config", "qup-memory"; power-domains = <&rpmhpd RPMHPD_CX>; + required-opps = <&rpmhpd_opp_low_svs>; dmas = <&gpi_dma0 0 3 QCOM_GPI_I2C>, <&gpi_dma0 1 3 QCOM_GPI_I2C>; dma-names = "tx", -- 2.34.1

2 months

3
2
0 0

[PATCH] i2c: qup: jump out of the loop in case of timeout

by Yang Xiwen via B4 Relay

From: Yang Xiwen <forbidden405(a)outlook.com> Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender. Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and return to the caller with -ETIMEDOUT. Cc: stable(a)vger.kernel.org Signed-off-by: Yang Xiwen <forbidden405(a)outlook.com> --- drivers/i2c/busses/i2c-qup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-qup.c b/drivers/i2c/busses/i2c-qup.c index 3a36d682ed57..5b053e51f4c9 100644 --- a/drivers/i2c/busses/i2c-qup.c +++ b/drivers/i2c/busses/i2c-qup.c @@ -452,8 +452,10 @@ static int qup_i2c_bus_active(struct qup_i2c_dev *qup, int len) if (!(status & I2C_STATUS_BUS_ACTIVE)) break; - if (time_after(jiffies, timeout)) + if (time_after(jiffies, timeout)) { ret = -ETIMEDOUT; + break; + } usleep_range(len, len * 2); } --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250615-qca-i2c-d41bb61aa59e Best regards, -- Yang Xiwen <forbidden405(a)outlook.com>

2 months

4
3
0 0

Access Target Contacts from the GSX 2025 Audience

by Lena Schwekendiek

Hi , Planning to get the GSX 2025 attendee list? Expo Name: Global Security Exchange (GSX) 2025 Total Number of records: 17,000 records List includes: Company Name, Contact Name, Job Title, Mailing Address, Phone, Emails, etc. Interested in moving forward with these leads? Let me know, and I'll share the price. Can't wait for your reply Regards Lena Marketing Manager Pro Tech Insights., Please reply with REMOVE if you don't wish to receive further emails

2 months

1
0
0 0

[PATCH 1/7] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> On g4x we currently use the 96MHz non-SSC refclk, which can't actually generate an exact 2.7 Gbps link rate. In practice we end up with 2.688 Gbps which seems to be close enough to actually work, but link training is currently failing due to miscalculating the DP_LINK_BW value (we calcualte it directly from port_clock which reflects the actual PLL outpout frequency). Ideas how to fix this: - nudge port_clock back up to 270000 during PLL computation/readout - track port_clock and the nominal link rate separately so they might differ a bit - switch to the 100MHz refclk, but that one should be SSC so perhaps not something we want While we ponder about a better solution apply some band aid to the immediate issue of miscalculated DP_LINK_BW value. With this I can again use 2.7 Gbps link rate on g4x. Cc: stable(a)vger.kernel.org Fixes: 665a7b04092c ("drm/i915: Feed the DPLL output freq back into crtc_state") Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index f48912f308df..7976fec88606 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -1606,6 +1606,12 @@ int intel_dp_rate_select(struct intel_dp *intel_dp, int rate) void intel_dp_compute_rate(struct intel_dp *intel_dp, int port_clock, u8 *link_bw, u8 *rate_select) { + struct intel_display *display = to_intel_display(intel_dp); + + /* FIXME g4x can't generate an exact 2.7GHz with the 96MHz non-SSC refclk */ + if (display->platform.g4x && port_clock == 268800) + port_clock = 270000; + /* eDP 1.4 rate select method. */ if (intel_dp->use_rate_select) { *link_bw = 0; -- 2.49.0

2 months

3
3
0 0

+ kasan-use-vmalloc_dump_obj-for-vmalloc-error-reports.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: use vmalloc_dump_obj() for vmalloc error reports has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-use-vmalloc_dump_obj-for-vmalloc-error-reports.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Marco Elver <elver(a)google.com> Subject: kasan: use vmalloc_dump_obj() for vmalloc error reports Date: Wed, 16 Jul 2025 17:23:28 +0200 Since 6ee9b3d84775 ("kasan: remove kasan_find_vm_area() to prevent possible deadlock"), more detailed info about the vmalloc mapping and the origin was dropped due to potential deadlocks. While fixing the deadlock is necessary, that patch was too quick in killing an otherwise useful feature, and did no due-diligence in understanding if an alternative option is available. Restore printing more helpful vmalloc allocation info in KASAN reports with the help of vmalloc_dump_obj(). Example report: | BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x4c9/0x610 | Read of size 1 at addr ffffc900002fd7f3 by task kunit_try_catch/493 | | CPU: [...] | Call Trace: | <TASK> | dump_stack_lvl+0xa8/0xf0 | print_report+0x17e/0x810 | kasan_report+0x155/0x190 | vmalloc_oob+0x4c9/0x610 | [...] | | The buggy address belongs to a 1-page vmalloc region starting at 0xffffc900002fd000 allocated at vmalloc_oob+0x36/0x610 | The buggy address belongs to the physical page: | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x126364 | flags: 0x200000000000000(node=0|zone=2) | raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 | page dumped because: kasan: bad access detected | | [..] Link: https://lkml.kernel.org/r/20250716152448.3877201-1-elver@google.com Fixes: 6ee9b3d84775 ("kasan: remove kasan_find_vm_area() to prevent possible deadlock") Signed-off-by: Marco Elver <elver(a)google.com> Suggested-by: Uladzislau Rezki <urezki(a)gmail.com> Acked-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Yeoreum Yun <yeoreum.yun(a)arm.com> Cc: Yunseong Kim <ysk(a)kzalloc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/report.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/kasan/report.c~kasan-use-vmalloc_dump_obj-for-vmalloc-error-reports +++ a/mm/kasan/report.c @@ -399,7 +399,9 @@ static void print_address_description(vo } if (is_vmalloc_addr(addr)) { - pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); + pr_err("The buggy address belongs to a"); + if (!vmalloc_dump_obj(addr)) + pr_cont(" vmalloc virtual mapping\n"); page = vmalloc_to_page(addr); } _ Patches currently in -mm which might be from elver(a)google.com are kasan-use-vmalloc_dump_obj-for-vmalloc-error-reports.patch

2 months

1
0
0 0

[PATCH 1/2] s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again

by Ilya Leoshkevich

Commit 7ded842b356d ("s390/bpf: Fix bpf_plt pointer arithmetic") has accidentally removed the critical piece of commit c730fce7c70c ("s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL"), causing intermittent kernel panics in e.g. perf's on_switch() prog to reappear. Restore the fix and add a comment. Fixes: 7ded842b356d ("s390/bpf: Fix bpf_plt pointer arithmetic") Cc: stable(a)vger.kernel.org Signed-off-by: Ilya Leoshkevich <iii(a)linux.ibm.com> --- arch/s390/net/bpf_jit_comp.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 8bb738f1b1b6..bb17efe29d65 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -576,7 +576,15 @@ static void bpf_jit_plt(struct bpf_plt *plt, void *ret, void *target) { memcpy(plt, &bpf_plt, sizeof(*plt)); plt->ret = ret; - plt->target = target; + /* + * (target == NULL) implies that the branch to this PLT entry was + * patched and became a no-op. However, some CPU could have jumped + * to this PLT entry before patching and may be still executing it. + * + * Since the intention in this case is to make the PLT entry a no-op, + * make the target point to the return label instead of NULL. + */ + plt->target = target ?: ret; } /* -- 2.50.1

2 months

1
0
0 0

[PATCH net 3/5] rxrpc: Fix notification vs call-release vs recvmsg

by David Howells

When a call is released, rxrpc takes the spinlock and removes it from ->recvmsg_q in an effort to prevent racing recvmsg() invocations from seeing the same call. Now, rxrpc_recvmsg() only takes the spinlock when actually removing a call from the queue; it doesn't, however, take it in the lead up to that when it checks to see if the queue is empty. It *does* hold the socket lock, which prevents a recvmsg/recvmsg race - but this doesn't prevent sendmsg from ending the call because sendmsg() drops the socket lock and relies on the call->user_mutex. Fix this by firstly removing the bit in rxrpc_release_call() that dequeues the released call and, instead, rely on recvmsg() to simply discard released calls (done in a preceding fix). Secondly, rxrpc_notify_socket() is abandoned if the call is already marked as released rather than trying to be clever by setting both pointers in call->recvmsg_link to NULL to trick list_empty(). This isn't perfect and can still race, resulting in a released call on the queue, but recvmsg() will now clean that up. Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- include/trace/events/rxrpc.h | 2 +- net/rxrpc/call_object.c | 28 ++++++++++++---------------- net/rxrpc/recvmsg.c | 4 ++++ 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index e7dcfb1369b6..8e5a73eb5268 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -325,7 +325,6 @@ EM(rxrpc_call_put_release_sock, "PUT rls-sock") \ EM(rxrpc_call_put_release_sock_tba, "PUT rls-sk-a") \ EM(rxrpc_call_put_sendmsg, "PUT sendmsg ") \ - EM(rxrpc_call_put_unnotify, "PUT unnotify") \ EM(rxrpc_call_put_userid_exists, "PUT u-exists") \ EM(rxrpc_call_put_userid, "PUT user-id ") \ EM(rxrpc_call_see_accept, "SEE accept ") \ @@ -338,6 +337,7 @@ EM(rxrpc_call_see_disconnected, "SEE disconn ") \ EM(rxrpc_call_see_distribute_error, "SEE dist-err") \ EM(rxrpc_call_see_input, "SEE input ") \ + EM(rxrpc_call_see_notify_released, "SEE nfy-rlsd") \ EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \ EM(rxrpc_call_see_release, "SEE release ") \ EM(rxrpc_call_see_userid_exists, "SEE u-exists") \ diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c index 15067ff7b1f2..918f41d97a2f 100644 --- a/net/rxrpc/call_object.c +++ b/net/rxrpc/call_object.c @@ -561,7 +561,7 @@ static void rxrpc_cleanup_rx_buffers(struct rxrpc_call *call) void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) { struct rxrpc_connection *conn = call->conn; - bool put = false, putu = false; + bool putu = false; _enter("{%d,%d}", call->debug_id, refcount_read(&call->ref)); @@ -573,23 +573,13 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) rxrpc_put_call_slot(call); - /* Make sure we don't get any more notifications */ + /* Note that at this point, the call may still be on or may have been + * added back on to the socket receive queue. recvmsg() must discard + * released calls. The CALL_RELEASED flag should prevent further + * notifications. + */ spin_lock_irq(&rx->recvmsg_lock); - - if (!list_empty(&call->recvmsg_link)) { - _debug("unlinking once-pending call %p { e=%lx f=%lx }", - call, call->events, call->flags); - list_del(&call->recvmsg_link); - put = true; - } - - /* list_empty() must return false in rxrpc_notify_socket() */ - call->recvmsg_link.next = NULL; - call->recvmsg_link.prev = NULL; - spin_unlock_irq(&rx->recvmsg_lock); - if (put) - rxrpc_put_call(call, rxrpc_call_put_unnotify); write_lock(&rx->call_lock); @@ -638,6 +628,12 @@ void rxrpc_release_calls_on_socket(struct rxrpc_sock *rx) rxrpc_put_call(call, rxrpc_call_put_release_sock); } + while ((call = list_first_entry_or_null(&rx->recvmsg_q, + struct rxrpc_call, recvmsg_link))) { + list_del_init(&call->recvmsg_link); + rxrpc_put_call(call, rxrpc_call_put_release_recvmsg_q); + } + _leave(""); } diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index 6990e37697de..7fa7e77f6bb9 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -29,6 +29,10 @@ void rxrpc_notify_socket(struct rxrpc_call *call) if (!list_empty(&call->recvmsg_link)) return; + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_notify_released); + return; + } rcu_read_lock();

2 months

2
1
0 0

[PATCH] usb: atm: cxacru: Zero initialize bp in cxacru_heavy_init()

by Nathan Chancellor

After a recent change in clang to expose uninitialized warnings from const variables [1], there is a warning in cxacru_heavy_init(): drivers/usb/atm/cxacru.c:1104:6: error: variable 'bp' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] 1104 | if (instance->modem_type->boot_rom_patch) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/usb/atm/cxacru.c:1113:39: note: uninitialized use occurs here 1113 | cxacru_upload_firmware(instance, fw, bp); | ^~ drivers/usb/atm/cxacru.c:1104:2: note: remove the 'if' if its condition is always true 1104 | if (instance->modem_type->boot_rom_patch) { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/usb/atm/cxacru.c:1095:32: note: initialize the variable 'bp' to silence this warning 1095 | const struct firmware *fw, *bp; | ^ | = NULL This warning occurs in clang's frontend before inlining occurs, so it cannot notice that bp is only used within cxacru_upload_firmware() under the same condition that initializes it in cxacru_heavy_init(). Just initialize bp to NULL to silence the warning without functionally changing the code, which is what happens with modern compilers when they support '-ftrivial-auto-var-init=zero' (CONFIG_INIT_STACK_ALL_ZERO=y). Cc: stable(a)vger.kernel.org Fixes: 1b0e61465234 ("[PATCH] USB ATM: driver for the Conexant AccessRunner chipset cxacru") Closes: https://github.com/ClangBuiltLinux/linux/issues/2102 Link: https://github.com/llvm/llvm-project/commit/2464313eef01c5b1edf0eccf57a32cd… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/usb/atm/cxacru.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c index a12ab90b3db7..b7c3b224a759 100644 --- a/drivers/usb/atm/cxacru.c +++ b/drivers/usb/atm/cxacru.c @@ -1092,7 +1092,7 @@ static int cxacru_find_firmware(struct cxacru_data *instance, static int cxacru_heavy_init(struct usbatm_data *usbatm_instance, struct usb_interface *usb_intf) { - const struct firmware *fw, *bp; + const struct firmware *fw, *bp = NULL; struct cxacru_data *instance = usbatm_instance->driver_data; int ret = cxacru_find_firmware(instance, "fw", &fw); --- base-commit: fdfa018c6962c86d2faa183187669569be4d513f change-id: 20250715-usb-cxacru-fix-clang-21-uninit-warning-9430d96c6bc1 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months

2
7
0 0

[PATCH v4 1/1] mm/rmap: fix potential out-of-bounds page table access during batched unmap

by Lance Yang

From: Lance Yang <lance.yang(a)linux.dev> As pointed out by David[1], the batched unmap logic in try_to_unmap_one() may read past the end of a PTE table when a large folio's PTE mappings are not fully contained within a single page table. While this scenario might be rare, an issue triggerable from userspace must be fixed regardless of its likelihood. This patch fixes the out-of-bounds access by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper correctly calculates the safe batch size by capping the scan at both the VMA and PMD boundaries. To simplify the code, it also supports partial batching (i.e., any number of pages from 1 up to the calculated safe maximum), as there is no strong reason to special-case for fully mapped folios. [1] https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Cc: <stable(a)vger.kernel.org> Reported-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Suggested-by: Barry Song <baohua(a)kernel.org> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Lance Yang <lance.yang(a)linux.dev> --- v3 -> v4: - Add Reported-by + Closes tags (per David) - Pick RB from Lorenzo - thanks! - Pick AB from David - thanks! - https://lore.kernel.org/linux-mm/20250630011305.23754-1-lance.yang@linux.dev v2 -> v3: - Tweak changelog (per Barry and David) - Pick AB from Barry - thanks! - https://lore.kernel.org/linux-mm/20250627062319.84936-1-lance.yang@linux.dev v1 -> v2: - Update subject and changelog (per Barry) - https://lore.kernel.org/linux-mm/20250627025214.30887-1-lance.yang@linux.dev mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/mm/rmap.c b/mm/rmap.c index fb63d9256f09..1320b88fab74 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio *folio, struct page *page, #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: -- 2.49.0

2 months, 1 week

6
7
0 0

[PATCH 5.4 000/148] 5.4.296-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.296 release. There are 148 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.296-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.296-rc1 Georg Kohmann <geokohma(a)cisco.com> net: ipv6: Discard next-hop MTU less than minimum link MTU Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Oleksij Rempel <linux(a)rempel-privat.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Vicki Pfau <vi(a)endrift.com> Input: xpad - add VID for Turtle Beach controllers Matt Reynolds <mattreynolds(a)chromium.org> Input: xpad - add support for Amazon Game Controller Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Eric W. Biederman <ebiederm(a)xmission.com> proc: Clear the pieces of proc_inode that proc_evict_inode cares about Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Send control events for partial succeeds Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Return the number of processed controls Seiji Nishikawa <snishika(a)redhat.com> ACPI: PAD: fix crash in exit_round_robin() Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Gustavo A. R. Silva <gustavoars(a)kernel.org> net: rose: Fix fall-through warnings for Clang Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Vladimir Oltean <vladimir.oltean(a)nxp.com> spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path Vladimir Oltean <vladimir.oltean(a)nxp.com> spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Leon Romanovsky <leon(a)kernel.org> RDMA/core: Create and destroy counters in the ib_core Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Yue Hu <huyue2(a)yulong.com> mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Jerome Neanne <jneanne(a)baylibre.com> regulator: gpio: Add input_supply support in gpio_regulator_config Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Omar Sandoval <osandov(a)fb.com> btrfs: don't abort filesystem when attempting to snapshot deleted subvolume Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Weihang Li <liweihang(a)huawei.com> RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Denis Arefev <arefev(a)swemel.ru> media: vivid: Change the siize of the composing Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Edward Adam Davis <eadavis(a)qq.com> media: cxusb: no longer judge rbuf when the write fails Sean Young <sean(a)mess.org> media: cxusb: use dev_dbg() rather than hand-rolled debug Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Rob Herring <robh(a)kernel.org> of: Add of_property_present() helper Michael Walle <michael(a)walle.cc> of: property: define of_property_read_u{8,16,32,64}_array() unconditionally Arnd Bergmann <arnd(a)arndb.de> kbuild: hdrcheck: fix cross build with clang Masahiro Yamada <masahiroy(a)kernel.org> kbuild: add --target to correctly cross-compile UAPI headers with Clang Masahiro Yamada <masahiroy(a)kernel.org> bpfilter: match bit size of bpfilter_umh to that of the kernel Masahiro Yamada <masahiroy(a)kernel.org> kbuild: use -MMD instead of -MD to exclude system headers from dependency Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify George Kennedy <george.kennedy(a)oracle.com> VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Dave Penkler <dpenkler(a)gmail.com> USB: usbtmc: Add USBTMC_IOCTL_GET_STB Dave Penkler <dpenkler(a)gmail.com> USB: usbtmc: Fix reading stale status byte Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers ------------- Diffstat: Documentation/ABI/testing/sysfs-driver-ufs | 2 +- Makefile | 4 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/x86/Kconfig | 2 +- arch/x86/kernel/cpu/mce/amd.c | 15 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kernel/cpu/mce/intel.c | 1 + drivers/acpi/acpi_pad.c | 7 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/acpi/battery.c | 19 +- drivers/ata/pata_cs5536.c | 2 +- drivers/atm/idt77252.c | 5 + drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/bridge/cdns-dsi.c | 11 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_ringbuffer.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/tegra/dc.c | 12 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/v3d/v3d_drv.h | 9 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 36 ++- drivers/hid/hid-ids.h | 5 + drivers/hid/hid-quirks.c | 3 + drivers/hid/wacom_sys.c | 6 +- drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/core/device.c | 1 + drivers/infiniband/core/iwcm.c | 38 +-- drivers/infiniband/core/iwcm.h | 2 +- .../infiniband/core/uverbs_std_types_counters.c | 17 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 55 ++-- drivers/input/joystick/xpad.c | 5 + drivers/input/keyboard/atkbd.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/md/raid1.c | 1 + drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/platform/vivid/vivid-vid-cap.c | 2 +- drivers/media/usb/dvb-usb/cxusb.c | 36 ++- drivers/media/usb/uvc/uvc_ctrl.c | 61 +++-- drivers/mfd/max14577.c | 1 + drivers/misc/vmw_vmci/vmci_host.c | 9 +- drivers/mmc/host/mtk-sd.c | 39 ++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 ++ drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 + drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++-- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +- drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/sun/niu.c | 31 ++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/phy/microchip.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/pwm/pwm-mediatek.c | 15 +- drivers/regulator/gpio-regulator.c | 19 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 55 ++-- drivers/staging/rtl8723bs/core/rtw_security.c | 46 +--- drivers/tty/serial/uartlite.c | 15 +- drivers/tty/vt/vt.c | 1 + drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/class/usbtmc.c | 53 ++-- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 +- drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/gadget/function/u_serial.c | 6 +- drivers/usb/typec/altmodes/displayport.c | 5 +- fs/btrfs/inode.c | 36 +-- fs/btrfs/ioctl.c | 3 + fs/btrfs/tree-log.c | 4 +- fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 + fs/jfs/jfs_dmap.c | 41 +-- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 144 +++++++--- fs/nfs/inode.c | 17 +- fs/overlayfs/util.c | 4 +- fs/proc/inode.c | 16 +- fs/proc/proc_sysctl.c | 18 +- include/drm/spsc_queue.h | 4 +- include/linux/of.h | 291 ++++++++++----------- include/linux/regulator/gpio-regulator.h | 2 + include/linux/usb/typec_dp.h | 1 + include/rdma/ib_verbs.h | 7 +- include/uapi/linux/usb/tmc.h | 2 + include/uapi/linux/vm_sockets.h | 4 + init/Kconfig | 4 +- kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 +++-- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/bpfilter/Makefile | 5 +- net/ipv6/route.c | 3 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/netlink/af_netlink.c | 90 ++++--- net/rose/rose_route.c | 15 +- net/rxrpc/call_accept.c | 3 + net/sched/sch_api.c | 42 +-- net/tipc/topsrv.c | 2 + net/vmw_vsock/vmci_transport.c | 4 +- scripts/Kbuild.include | 2 +- scripts/Makefile.host | 4 +- scripts/Makefile.lib | 8 +- sound/isa/sb/sb16_main.c | 4 + sound/pci/hda/hda_bind.c | 2 +- sound/soc/meson/meson-card-utils.c | 2 +- sound/usb/stream.c | 2 + usr/include/Makefile | 6 +- 135 files changed, 1221 insertions(+), 706 deletions(-)

2 months, 1 week

4
153
0 0

[PATCH 5.15 00/77] 5.15.189-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.189 release. There are 77 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.189-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.189-rc1 Jack Wang <jinpu.wang(a)ionos.com> x86: Fix X86_FEATURE_VERW_CLEAR definition Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: protect vq->log_used with vq->mutex Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Oleksij Rempel <linux(a)rempel-privat.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Christian König <christian.koenig(a)amd.com> dma-buf: use new iterator in dma_resv_wait_timeout Christian König <christian.koenig(a)amd.com> dma-buf: add dma_resv_for_each_fence_unlocked v8 Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Lee Jones <lee(a)kernel.org> usb: cdnsp: Replace snprintf() with the safer scnprintf() variant Pawel Laszczak <pawell(a)cadence.com> usb:cdnsp: remove TRB_FLUSH_ENDPOINT command Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Allow RPM on the USB controller (1022:43f7) by default Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Juergen Gross <jgross(a)suse.com> xen: replace xen_remap() with memremap() Edward Adam Davis <eadavis(a)qq.com> jfs: fix null ptr deref in dtInsertEntry John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Fix skb refcnt race after locking changes Maksim Kiselev <bigunclemax(a)gmail.com> aoe: avoid potential deadlock at set_capacity Lee, Chun-Yi <joeyli.kernel(a)gmail.com> thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR Andrii Nakryiko <andrii(a)kernel.org> bpf: fix precision backtracking instruction iteration David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: safer stats processing Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use __for_each_thread() Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling ------------- Diffstat: Makefile | 4 +- arch/um/drivers/vector_kern.c | 42 +-- arch/x86/Kconfig | 2 +- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/include/asm/xen/page.h | 3 - arch/x86/kernel/cpu/mce/amd.c | 15 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kernel/cpu/mce/intel.c | 1 + drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/aoe/aoeblk.c | 5 +- drivers/block/nbd.c | 6 +- drivers/dma-buf/dma-resv.c | 171 ++++++---- drivers/gpu/drm/drm_gem.c | 10 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-quirks.c | 3 + drivers/infiniband/hw/mlx5/main.c | 33 ++ drivers/input/joystick/xpad.c | 2 + drivers/input/keyboard/atkbd.c | 3 +- drivers/md/raid1.c | 1 + drivers/md/raid10.c | 10 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 29 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 2 +- drivers/net/phy/smsc.c | 28 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 44 ++- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/platform/x86/think-lmi.c | 35 +- drivers/pwm/pwm-mediatek.c | 15 +- .../intel/int340x_thermal/int3400_thermal.c | 9 +- drivers/tty/hvc/hvc_xen.c | 2 +- drivers/tty/vt/vt.c | 1 + drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++----------- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.c | 6 +- drivers/usb/cdns3/cdnsp-gadget.h | 11 +- drivers/usb/cdns3/cdnsp-ring.c | 27 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 22 +- drivers/usb/gadget/function/u_serial.c | 6 +- drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 30 +- drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci.h | 1 + drivers/vhost/scsi.c | 7 +- drivers/xen/grant-table.c | 6 +- drivers/xen/xenbus/xenbus_probe.c | 3 +- fs/btrfs/inode.c | 36 +-- fs/jfs/jfs_dtree.c | 2 + fs/ksmbd/transport_rdma.c | 5 +- fs/ksmbd/vfs.c | 1 + fs/proc/array.c | 6 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- include/drm/drm_file.h | 3 + include/drm/spsc_queue.h | 4 +- include/linux/dma-resv.h | 95 ++++++ include/net/netfilter/nf_flow_table.h | 2 +- include/xen/arm/page.h | 3 - kernel/bpf/verifier.c | 21 +- kernel/events/core.c | 2 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 +++- net/core/skmsg.c | 12 +- net/ipv6/addrconf.c | 9 +- net/netlink/af_netlink.c | 90 +++--- net/rxrpc/call_accept.c | 3 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 +++- sound/soc/fsl/fsl_asrc.c | 3 +- 79 files changed, 982 insertions(+), 564 deletions(-)

2 months, 1 week

5
85
0 0

[PATCH 6.1 00/88] 6.1.146-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.146 release. There are 88 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.146-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.146-rc1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Jack Wang <jinpu.wang(a)ionos.com> x86: Fix X86_FEATURE_VERW_CLEAR definition Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: protect vq->log_used with vq->mutex Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Oleksij Rempel <linux(a)rempel-privat.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Gao Xiang <xiang(a)kernel.org> erofs: adapt folios for z_erofs_read_folio() Gao Xiang <xiang(a)kernel.org> erofs: avoid on-stack pagepool directly passed by arguments Gao Xiang <xiang(a)kernel.org> erofs: allocate extra bvec pages directly instead of retrying Yue Hu <huyue2(a)coolpad.com> erofs: clean up z_erofs_pcluster_readmore() Yue Hu <huyue2(a)coolpad.com> erofs: remove the member readahead from struct z_erofs_decompress_frontend Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Zhang Rui <rui.zhang(a)intel.com> platform/x86: think-lmi: Fix sysfs group cleanup Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Lee Jones <lee(a)kernel.org> usb: cdnsp: Replace snprintf() with the safer scnprintf() variant Pawel Laszczak <pawell(a)cadence.com> usb:cdnsp: remove TRB_FLUSH_ENDPOINT command Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Allow RPM on the USB controller (1022:43f7) by default Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() Alexey Dobriyan <adobriyan(a)gmail.com> x86/boot: Compile boot code with -std=gnu11 too David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling ------------- Diffstat: Makefile | 4 +- arch/um/drivers/vector_kern.c | 42 +-- arch/x86/Kconfig | 2 +- arch/x86/Makefile | 2 +- arch/x86/include/asm/cpufeatures.h | 2 +- arch/x86/kernel/cpu/mce/amd.c | 15 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/gpu/drm/drm_gem.c | 10 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-quirks.c | 3 + drivers/input/joystick/xpad.c | 2 + drivers/input/keyboard/atkbd.c | 3 +- drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 1 + drivers/md/raid10.c | 10 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 2 +- drivers/net/phy/smsc.c | 28 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/platform/x86/ideapad-laptop.c | 19 +- drivers/powercap/intel_rapl_common.c | 22 +- drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/cdns3/cdnsp-debug.h | 358 +++++++++++++------------- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.c | 6 +- drivers/usb/cdns3/cdnsp-gadget.h | 11 +- drivers/usb/cdns3/cdnsp-ring.c | 27 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 22 +- drivers/usb/gadget/function/u_serial.c | 6 +- drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 30 ++- drivers/usb/host/xhci.h | 1 + drivers/vhost/scsi.c | 7 +- fs/anon_inodes.c | 23 +- fs/btrfs/free-space-tree.c | 16 +- fs/btrfs/inode.c | 28 +- fs/erofs/data.c | 2 + fs/erofs/zdata.c | 124 ++++----- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/smb/server/smb2pdu.c | 29 +-- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/spsc_queue.h | 4 +- include/linux/fs.h | 2 + include/net/netfilter/nf_flow_table.h | 2 +- include/trace/events/erofs.h | 16 +- kernel/events/core.c | 2 +- lib/maple_tree.c | 7 +- mm/kasan/report.c | 13 +- mm/secretmem.c | 11 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 +++-- net/bluetooth/hci_sync.c | 2 +- net/ipv6/addrconf.c | 9 +- net/netlink/af_netlink.c | 90 ++++--- net/rxrpc/call_accept.c | 3 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 +++- net/wireless/util.c | 52 +++- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/fsl/fsl_asrc.c | 3 +- tools/include/linux/kallsyms.h | 4 + 86 files changed, 876 insertions(+), 582 deletions(-)

2 months, 1 week

5
92
0 0

[PATCH 6.6 000/109] 6.6.99-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.99 release. There are 109 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.99-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.99-rc1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential race in cifs_put_tcon() Willem de Bruijn <willemb(a)google.com> selftests/bpf: adapt one more case in test_lru_map to the new target_free Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Willem de Bruijn <willemb(a)google.com> bpf: Adjust free target to avoid global starvation of LRU map Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Long Li <longli(a)microsoft.com> net: mana: Record doorbell physical address in PF mode Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Fengnan Chang <changfengnan(a)bytedance.com> io_uring: make fallocate be hashed work Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Ronnie Sahlberg <rsahlberg(a)whamcloud.com> ublk: sanity check add_dev input for underflow Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Shyam Prasad N <sprasad(a)microsoft.com> cifs: all initializations for tcon should happen in tcon_info_alloc Paulo Alcantara <pc(a)manguebit.com> smb: client: fix DFS interlink failover Paulo Alcantara <pc(a)manguebit.com> smb: client: avoid unnecessary reconnects when refreshing referrals Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Lee Jones <lee(a)kernel.org> usb: cdnsp: Replace snprintf() with the safer scnprintf() variant Pawel Laszczak <pawell(a)cadence.com> usb:cdnsp: remove TRB_FLUSH_ENDPOINT command Filipe Manana <fdmanana(a)suse.com> btrfs: fix inode lookup error handling during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: return a btrfs_inode from btrfs_iget_logging() Filipe Manana <fdmanana(a)suse.com> btrfs: remove redundant root argument from fixup_inode_link_count() Filipe Manana <fdmanana(a)suse.com> btrfs: remove redundant root argument from btrfs_update_inode_fallback() Filipe Manana <fdmanana(a)suse.com> btrfs: remove noinline from btrfs_update_inode() Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Mikhail Paulyshka <me(a)mixaill.net> x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Alexander Gordeev <agordeev(a)linux.ibm.com> mm/vmalloc: leave lazy MMU mode on PTE mapping error Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts.py after maple tree conversion Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: de-reference per-CPU MCE interrupts Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts display after MCP on x86 Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: fix the inaccurate memory statistics issue for users Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Thomas Zimmermann <tzimmermann(a)suse.de> drm/framebuffer: Acquire internal references on GEM handles Kuen-Han Tsai <khtsai(a)google.com> Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Acquire references on GEM handles for framebuffers Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Christian Eggers <ceggers(a)arri.de> Bluetooth: HCI: Set extended advertising data synchronously Leo Yan <leo.yan(a)arm.com> perf: build: Setup PKG_CONFIG_LIBDIR for cross compilation Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() David Howells <dhowells(a)redhat.com> rxrpc: Fix bug due to prealloc collision Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Force predictable MDI-X state on LAN87xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap EricChan <chenchuangyu(a)xiaomi.com> net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Jiayuan Chen <jiayuan.chen(a)linux.dev> tcp: Correct signedness in skb remaining space calculation Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix `vsock_proto` declaration Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Clear GPIO debounce for suspend Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: probe() should fail if the device ID is not recognized Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix the WARN_ON_ONCE is out of lock protected region Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Linus Torvalds <torvalds(a)linux-foundation.org> eventpoll: don't decrement ep refcount while still holding the ep mutex ------------- Diffstat: Documentation/bpf/map_hash.rst | 8 +- Documentation/bpf/map_lru_hash_update.dot | 6 +- Makefile | 4 +- arch/um/drivers/vector_kern.c | 42 +-- arch/x86/Kconfig | 2 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 7 + arch/x86/kernel/cpu/mce/amd.c | 28 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/block/ublk_drv.c | 3 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/gpu/drm/drm_framebuffer.c | 31 +- drivers/gpu/drm/drm_gem.c | 74 ++++- drivers/gpu/drm/drm_internal.h | 2 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-quirks.c | 3 + drivers/input/keyboard/atkbd.c | 3 +- drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 1 + drivers/md/raid10.c | 10 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 2 +- drivers/net/phy/smsc.c | 57 +++- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pinctrl/pinctrl-amd.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/cdns3/cdnsp-debug.h | 358 ++++++++++----------- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.c | 6 +- drivers/usb/cdns3/cdnsp-gadget.h | 11 +- drivers/usb/cdns3/cdnsp-ring.c | 27 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 22 +- drivers/usb/gadget/function/u_serial.c | 12 +- fs/btrfs/btrfs_inode.h | 2 +- fs/btrfs/free-space-tree.c | 16 +- fs/btrfs/inode.c | 18 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 331 +++++++++++-------- fs/erofs/data.c | 2 + fs/eventpoll.c | 12 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/proc/task_mmu.c | 14 +- fs/smb/client/cifsglob.h | 3 + fs/smb/client/cifsproto.h | 13 +- fs/smb/client/connect.c | 47 ++- fs/smb/client/dfs.c | 73 ++--- fs/smb/client/dfs.h | 42 ++- fs/smb/client/dfs_cache.c | 198 +++++++----- fs/smb/client/fs_context.h | 1 + fs/smb/client/misc.c | 9 + fs/smb/client/namespace.c | 2 +- fs/smb/server/smb2pdu.c | 29 +- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/drm_framebuffer.h | 7 + include/drm/spsc_queue.h | 4 +- include/linux/mm.h | 5 + include/net/af_vsock.h | 2 +- include/net/netfilter/nf_flow_table.h | 2 +- io_uring/opdef.c | 1 + kernel/bpf/bpf_lru_list.c | 9 +- kernel/bpf/bpf_lru_list.h | 1 + kernel/events/core.c | 6 +- lib/maple_tree.c | 14 +- mm/kasan/report.c | 13 +- mm/vmalloc.c | 22 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 +++- net/bluetooth/hci_event.c | 39 +-- net/bluetooth/hci_sync.c | 215 ++++++++----- net/ipv4/tcp.c | 2 +- net/ipv6/addrconf.c | 9 +- net/netlink/af_netlink.c | 90 +++--- net/rxrpc/call_accept.c | 4 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 +++- net/wireless/util.c | 52 ++- scripts/gdb/linux/constants.py.in | 7 + scripts/gdb/linux/interrupts.py | 16 +- scripts/gdb/linux/mapletree.py | 252 +++++++++++++++ scripts/gdb/linux/xarray.py | 28 ++ sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/fsl/fsl_asrc.c | 3 +- tools/arch/x86/include/asm/msr-index.h | 1 + tools/build/feature/Makefile | 25 +- tools/include/linux/kallsyms.h | 4 + tools/perf/Makefile.perf | 27 +- tools/testing/selftests/bpf/test_lru_map.c | 105 +++--- 114 files changed, 1887 insertions(+), 1029 deletions(-)

2 months, 1 week

3
111
0 0

[PATCH 6.12 000/163] 6.12.39-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.39 release. There are 163 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.39-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.39-rc1 Mark Brown <broonie(a)kernel.org> arm64: Filter out SME hwcaps when FEAT_SME isn't implemented Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: revert the adjustment of the IRQ vector sequence Gao Xiang <xiang(a)kernel.org> erofs: fix rare pcluster memory leak after unmounting Willem de Bruijn <willemb(a)google.com> selftests/bpf: adapt one more case in test_lru_map to the new target_free Daniel J. Ogorchock <djogorchock(a)gmail.com> HID: nintendo: avoid bluetooth suspend/resume stalls Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Fangrui Song <i(a)maskray.me> riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment Willem de Bruijn <willemb(a)google.com> bpf: Adjust free target to avoid global starvation of LRU map Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Long Li <longli(a)microsoft.com> net: mana: Record doorbell physical address in PF mode Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Shuai Zhang <quic_shuaz(a)quicinc.com> driver: bluetooth: hci_qca:fix unable to load the BT driver Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Fengnan Chang <changfengnan(a)bytedance.com> io_uring: make fallocate be hashed work Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 Tamura Dai <kirinode0(a)gmail.com> ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Ronnie Sahlberg <rsahlberg(a)whamcloud.com> ublk: sanity check add_dev input for underflow Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add new prio for promiscuous mode Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix race between DIM disable and net_dim() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() Hangbin Liu <liuhangbin(a)gmail.com> selftests: net: lib: fix shift count out of range Petr Machata <petrm(a)nvidia.com> selftests: net: lib: Move logging from forwarding/lib.sh here Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_readahead() Gao Xiang <xiang(a)kernel.org> erofs: refine readahead tracepoint Gao Xiang <xiang(a)kernel.org> erofs: tidy up zdata.c Gao Xiang <xiang(a)kernel.org> erofs: get rid of `z_erofs_next_pcluster_t` Chunhai Guo <guochunhai(a)vivo.com> erofs: free pclusters if no cached folio is attached Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Clear all LMTT pages on alloc Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau/gsp: fix potential leak of memory used during acpi init Felix Fietkau <nbd(a)nbd.name> wifi: rt2x00: fix remove callback type mismatch Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix non-transmitted BSSID profile search Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: correctly identify S1G short beacon Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: cfg80211: fix S1G beacon head validation in nl80211 David Howells <dhowells(a)redhat.com> netfs: Fix ref leak on inserted extra subreq in write retry Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count Gao Xiang <xiang(a)kernel.org> erofs: address D-cache aliasing Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Sascha Hauer <s.hauer(a)pengutronix.de> clk: scmi: Handle case where child clocks are initialized before their parents Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Mikhail Paulyshka <me(a)mixaill.net> x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Xiaolei Wang <xiaolei.wang(a)windriver.com> clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data Miguel Ojeda <ojeda(a)kernel.org> rust: init: allow `dead_code` warnings for Rust >= 1.89.0 Harry Yoo <harry.yoo(a)oracle.com> lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Alexander Gordeev <agordeev(a)linux.ibm.com> mm/vmalloc: leave lazy MMU mode on PTE mapping error Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts.py after maple tree conversion Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: de-reference per-CPU MCE interrupts Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts display after MCP on x86 Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: fix the inaccurate memory statistics issue for users Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Zhe Qiao <qiaozhe(a)iscas.ac.cn> Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Matthew Brost <matthew.brost(a)intel.com> drm/xe: Allocate PF queue size on pow2 boundary Thomas Zimmermann <tzimmermann(a)suse.de> drm/framebuffer: Acquire internal references on GEM handles Kuen-Han Tsai <khtsai(a)google.com> Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Matthew Brost <matthew.brost(a)intel.com> Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" Matthew Auld <matthew.auld(a)intel.com> drm/xe/bmg: fix compressed VRAM handling Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Acquire references on GEM handles for framebuffers Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Don't call mmput from MMU notifier callback Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Fix kernel crash when hard resetting the GPU Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong config for tx interrupt Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7921: prevent decap offload config before STA initialization Vitor Soares <vitor.soares(a)toradex.com> wifi: mwifiex: discard erroneous disassoc frames on STA interface Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Fix invalid state detection Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Haoxiang Li <haoxiang_li2024(a)163.com> net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Arun Raghavan <arun(a)asymptotic.io> ASoC: fsl_sai: Force a software reset when starting in consumer mode Thorsten Blum <thorsten.blum(a)linux.dev> ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Liam Merwick <liam.merwick(a)oracle.com> KVM: Allow CPU to reschedule while setting per-page memory attributes Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Nikunj A Dadhania <nikunj(a)amd.com> KVM: SVM: Add missing member in SNP_LAUNCH_START command structure David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Ensure user polling settings are honored when restarting timer Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct David Howells <dhowells(a)redhat.com> rxrpc: Fix bug due to prealloc collision Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Chintan Vankar <c-vankar(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Force predictable MDI-X state on LAN87xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap EricChan <chenchuangyu(a)xiaomi.com> net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Jiayuan Chen <jiayuan.chen(a)linux.dev> tcp: Correct signedness in skb remaining space calculation Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix `vsock_proto` declaration Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: move the WoL function to shared library Kevin Brodsky <kevin.brodsky(a)arm.com> arm64: poe: Handle spurious Overlay faults Jason Xing <kernelxing(a)tencent.com> bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL kuyo chang <kuyo.chang(a)mediatek.com> sched/deadline: Fix dl_server runtime calculation formula Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Clear GPIO debounce for suspend Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: probe() should fail if the device ID is not recognized Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Peter Zijlstra <peterz(a)infradead.org> sched/core: Fix migrate_swap() vs. hotplug Nam Cao <namcao(a)linutronix.de> irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix the WARN_ON_ONCE is out of lock protected region Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: add sof_sdw_get_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: soc-acpi: add get_function_tplg_files ops Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV Eric Biggers <ebiggers(a)kernel.org> crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 Flora Cui <flora.cui(a)amd.com> drm/amdgpu/ip_discovery: add missing ip_discovery fw Flora Cui <flora.cui(a)amd.com> drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Linus Torvalds <torvalds(a)linux-foundation.org> eventpoll: don't decrement ep refcount while still holding the ep mutex ------------- Diffstat: Documentation/bpf/map_hash.rst | 8 +- Documentation/bpf/map_lru_hash_update.dot | 6 +- Makefile | 4 +- arch/arm64/kernel/cpufeature.c | 45 ++-- arch/arm64/kernel/process.c | 5 + arch/arm64/mm/fault.c | 30 ++- arch/riscv/kernel/vdso/vdso.lds.S | 2 +- arch/s390/crypto/sha1_s390.c | 2 + arch/s390/crypto/sha256_s390.c | 3 + arch/s390/crypto/sha512_s390.c | 3 + arch/um/drivers/vector_kern.c | 42 ++-- arch/x86/Kconfig | 2 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 7 + arch/x86/kernel/cpu/mce/amd.c | 28 ++- arch/x86/kernel/cpu/mce/core.c | 24 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/block/ublk_drv.c | 3 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/clk/clk-scmi.c | 20 +- drivers/clk/imx/clk-imx95-blk-ctl.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 30 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 ++-- drivers/gpu/drm/drm_framebuffer.c | 31 ++- drivers/gpu/drm/drm_gem.c | 74 +++++- drivers/gpu/drm/drm_internal.h | 2 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/imagination/pvr_power.c | 4 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 +- drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 + drivers/gpu/drm/xe/xe_lmtt.c | 11 + drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/gpu/drm/xe/xe_pci.c | 1 - drivers/gpu/drm/xe/xe_pm.c | 8 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-nintendo.c | 38 +++- drivers/hid/hid-quirks.c | 3 + drivers/irqchip/Kconfig | 1 + drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 1 + drivers/md/raid10.c | 10 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 +- drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 + drivers/net/ethernet/renesas/rtsn.c | 5 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 +- drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 3 +- drivers/net/phy/qcom/at803x.c | 27 --- drivers/net/phy/qcom/qca808x.c | 2 +- drivers/net/phy/qcom/qcom-phy-lib.c | 25 ++ drivers/net/phy/qcom/qcom.h | 5 + drivers/net/phy/smsc.c | 57 ++++- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/marvell/mwifiex/util.c | 4 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 +- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pci/pci-acpi.c | 23 +- drivers/pinctrl/pinctrl-amd.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/pwm/core.c | 2 +- drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/gadget/function/u_serial.c | 12 +- fs/btrfs/free-space-tree.c | 16 +- fs/erofs/data.c | 21 +- fs/erofs/decompressor.c | 12 +- fs/erofs/fileio.c | 6 +- fs/erofs/internal.h | 2 +- fs/erofs/zdata.c | 251 +++++++++----------- fs/erofs/zutil.c | 7 +- fs/eventpoll.c | 12 +- fs/netfs/write_collect.c | 2 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/proc/task_mmu.c | 14 +- fs/smb/server/smb2pdu.c | 29 +-- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/drm_framebuffer.h | 7 + include/drm/spsc_queue.h | 4 +- include/linux/ieee80211.h | 45 +++- include/linux/mm.h | 5 + include/linux/psp-sev.h | 2 + include/net/af_vsock.h | 2 +- include/net/netfilter/nf_flow_table.h | 2 +- include/sound/soc-acpi.h | 13 ++ include/trace/events/erofs.h | 2 +- io_uring/opdef.c | 1 + kernel/bpf/bpf_lru_list.c | 9 +- kernel/bpf/bpf_lru_list.h | 1 + kernel/events/core.c | 6 +- kernel/sched/core.c | 5 + kernel/sched/deadline.c | 10 +- kernel/stop_machine.c | 20 +- lib/alloc_tag.c | 3 + lib/maple_tree.c | 1 + mm/kasan/report.c | 13 +- mm/vmalloc.c | 22 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 ++++-- net/bluetooth/hci_event.c | 3 + net/bluetooth/hci_sync.c | 2 +- net/ipv4/tcp.c | 2 +- net/ipv6/addrconf.c | 9 +- net/mac80211/mlme.c | 7 +- net/mac80211/parse.c | 6 +- net/netlink/af_netlink.c | 90 +++++--- net/rxrpc/call_accept.c | 4 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 ++++- net/wireless/nl80211.c | 7 +- net/wireless/util.c | 52 ++++- rust/kernel/init/macros.rs | 2 + scripts/gdb/linux/constants.py.in | 7 + scripts/gdb/linux/interrupts.py | 16 +- scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++++ scripts/gdb/linux/xarray.py | 28 +++ sound/isa/ad1816a/ad1816a.c | 2 +- sound/pci/hda/patch_realtek.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/fsl/fsl_asrc.c | 3 +- sound/soc/fsl/fsl_sai.c | 14 +- sound/soc/intel/boards/Kconfig | 1 + sound/soc/intel/common/Makefile | 2 +- sound/soc/intel/common/soc-acpi-intel-arl-match.c | 66 +++++- sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++++++++ sound/soc/intel/common/sof-function-topology-lib.h | 15 ++ sound/soc/sof/intel/hda.c | 6 +- tools/arch/x86/include/asm/msr-index.h | 1 + tools/include/linux/kallsyms.h | 4 + tools/testing/selftests/bpf/test_lru_map.c | 105 ++++----- tools/testing/selftests/net/forwarding/lib.sh | 113 --------- tools/testing/selftests/net/lib.sh | 115 ++++++++++ virt/kvm/kvm_main.c | 3 + 172 files changed, 1953 insertions(+), 867 deletions(-)

2 months, 1 week

6
169
0 0

[TEST REGRESSION] stable-rc/linux-6.12.y: kselftest.seccomp.seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 on bcm2837-rpi-3-b-plus

by KernelCI bot

Hello, New test failure found on stable-rc/linux-6.12.y: kselftest.seccomp.seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 running on bcm2837-rpi-3-b-plus giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git branch: linux-6.12.y commit HEAD: d50d16f002928cde05a54e0049ddc203323ae7ac test id: maestro:687779f42ce2c1874ed2365d status: FAIL timestamp: 2025-07-16 10:14:31.303039+00:00 log: https://files.kernelci.org/kselftest-seccomp-6876c79234612746bbcf9a7e/log.t… # Test details: - test path: kselftest.seccomp.seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 - platform: bcm2837-rpi-3-b-plus - compatibles: raspberrypi,3-model-b-plus | rbrcm | bcm2837; - config: defconfig+arm64-chromebook+kselftest - architecture: arm64 - compiler: gcc-12 Dashboard: https://d.kernelci.org/t/maestro:687779f42ce2c1874ed2365d Log excerpt: ===================================================== t_is_kill_inside pass seccomp_seccomp_bpf_global_unknown_ret_is_kill_above_allow pass seccomp_seccomp_bpf_global_KILL_all pass seccomp_seccomp_bpf_global_KILL_one pass seccomp_seccomp_bpf_global_KILL_one_arg_one pass seccomp_seccomp_bpf_global_KILL_one_arg_six pass seccomp_seccomp_bpf_global_KILL_thread pass seccomp_seccomp_bpf_global_KILL_process pass seccomp_seccomp_bpf_global_KILL_unknown pass seccomp_seccomp_bpf_global_arg_out_of_range pass seccomp_seccomp_bpf_global_ERRNO_valid pass seccomp_seccomp_bpf_global_ERRNO_zero pass seccomp_seccomp_bpf_global_ERRNO_capped pass seccomp_seccomp_bpf_global_ERRNO_order pass seccomp_seccomp_bpf_global_negative_ENOSYS pass seccomp_seccomp_bpf_global_seccomp_syscall pass seccomp_seccomp_bpf_global_seccomp_syscall_mode_lock pass seccomp_seccomp_bpf_global_detect_seccomp_filter_flags pass seccomp_seccomp_bpf_global_TSYNC_first pass seccomp_seccomp_bpf_global_syscall_restart pass seccomp_seccomp_bpf_global_filter_flag_log pass seccomp_seccomp_bpf_global_get_action_avail pass seccomp_seccomp_bpf_global_get_metadata_Kernel_does_not_support_PTRACE_SECCOMP_GET_METADATA_missing_CONFIG_CHECKPOINT_RESTORE skip seccomp_seccomp_bpf_global_user_notification_basic pass seccomp_seccomp_bpf_global_user_notification_with_tsync pass seccomp_seccomp_bpf_global_user_notification_kill_in_middle pass seccomp_seccomp_bpf_global_user_notification_signal pass seccomp_seccomp_bpf_global_user_notification_closed_listener pass seccomp_seccomp_bpf_global_user_notification_child_pid_ns pass seccomp_seccomp_bpf_global_user_notification_sibling_pid_ns pass seccomp_seccomp_bpf_global_user_notification_fault_recv pass seccomp_seccomp_bpf_global_seccomp_get_notif_sizes pass seccomp_seccomp_bpf_global_user_notification_continue pass seccomp_seccomp_bpf_global_user_notification_filter_empty pass seccomp_seccomp_bpf_global_user_ioctl_notification_filter_empty pass seccomp_seccomp_bpf_global_user_notification_filter_empty_threaded pass seccomp_seccomp_bpf_global_user_notification_addfd pass seccomp_seccomp_bpf_global_user_notification_addfd_rlimit pass seccomp_seccomp_bpf_global_user_notification_sync pass seccomp_seccomp_bpf_global_user_notification_fifo pass seccomp_seccomp_bpf_global_user_notification_wait_killable_pre_notification pass seccomp_seccomp_bpf_global_user_notification_wait_killable pass seccomp_seccomp_bpf_global_user_notification_wait_killable_fatal pass seccomp_seccomp_bpf_global_tsync_vs_dead_thread_leader pass seccomp_seccomp_bpf_TRAP_dfl pass seccomp_seccomp_bpf_TRAP_ign pass seccomp_seccomp_bpf_TRAP_handler pass seccomp_seccomp_bpf_precedence_allow_ok pass seccomp_seccomp_bpf_precedence_kill_is_highest pass seccomp_seccomp_bpf_precedence_kill_is_highest_in_any_order pass seccomp_seccomp_bpf_precedence_trap_is_second pass seccomp_seccomp_bpf_precedence_trap_is_second_in_any_order pass seccomp_seccomp_bpf_precedence_errno_is_third pass seccomp_seccomp_bpf_precedence_errno_is_third_in_any_order pass seccomp_seccomp_bpf_precedence_trace_is_fourth pass seccomp_seccomp_bpf_precedence_trace_is_fourth_in_any_order pass seccomp_seccomp_bpf_precedence_log_is_fifth pass seccomp_seccomp_bpf_precedence_log_is_fifth_in_any_order pass seccomp_seccomp_bpf_TRACE_poke_read_has_side_effects pass seccomp_seccomp_bpf_TRACE_poke_getpid_runs_normally pass seccomp_seccomp_bpf_TRACE_syscall_ptrace_negative_ENOSYS pass seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_allowed pass seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_redirected pass seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_errno pass seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_faked pass seccomp_seccomp_bpf_TRACE_syscall_ptrace_kill_immediate pass seccomp_seccomp_bpf_TRACE_syscall_ptrace_skip_after pass seccomp_seccomp_bpf_TRACE_syscall_ptrace_kill_after pass seccomp_seccomp_bpf_TRACE_syscall_seccomp_negative_ENOSYS pass seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_allowed pass seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_redirected pass seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_errno pass seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_faked pass seccomp_seccomp_bpf_TRACE_syscall_seccomp_kill_immediate pass seccomp_seccomp_bpf_TRACE_syscall_seccomp_skip_after pass seccomp_seccomp_bpf_TRACE_syscall_seccomp_kill_after pass seccomp_seccomp_bpf_TSYNC_siblings_fail_prctl pass seccomp_seccomp_bpf_TSYNC_two_siblings_with_ancestor pass seccomp_seccomp_bpf_TSYNC_two_sibling_want_nnp pass seccomp_seccomp_bpf_TSYNC_two_siblings_with_no_filter pass seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence pass seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence_no_tid_in_err pass seccomp_seccomp_bpf_TSYNC_two_siblings_not_under_filter pass seccomp_seccomp_bpf_O_SUSPEND_SECCOMP_setoptions_Kernel_does_not_support_PTRACE_O_SUSPEND_SECCOMP_missing_CONFIG_CHECKPOINT_RESTORE skip seccomp_seccomp_bpf_O_SUSPEND_SECCOMP_seize_Kernel_does_not_support_PTRACE_O_SUSPEND_SECCOMP_missing_CONFIG_CHECKPOINT_RESTORE skip seccomp_seccomp_bpf pass seccomp_seccomp_benchmark_native_1_bitmap pass seccomp_seccomp_benchmark_native_1_filter pass seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 fail seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped pass seccomp_seccomp_benchmark_entry_1_bitmapped pass seccomp_seccomp_benchmark_entry_2_bitmapped pass seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total pass seccomp_seccomp_benchmark fail + ../../utils/send-to-lava.sh ./output/result.txt <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=shardfile-seccomp RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_kcmp RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_strict_support RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_strict_cannot_call_prctl RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_no_new_privs_support RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_filter_support RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_filter_without_nnp RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_filter_size_limits RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_filter_chain_limits RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_filter_cannot_move_to_strict RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_mode_filter_get_seccomp RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ALLOW_all RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_empty_prog RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_log_all RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_unknown_ret_is_kill_inside RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_unknown_ret_is_kill_above_allow RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_all RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_one RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_one_arg_one RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_one_arg_six RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_thread RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_process RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_KILL_unknown RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_arg_out_of_range RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ERRNO_valid RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ERRNO_zero RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ERRNO_capped RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_ERRNO_order RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_negative_ENOSYS RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_seccomp_syscall RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_seccomp_syscall_mode_lock RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_detect_seccomp_filter_flags RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_TSYNC_first RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_syscall_restart RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_filter_flag_log RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_get_action_avail RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_get_metadata_Kernel_does_not_support_PTRACE_SECCOMP_GET_METADATA_missing_CONFIG_CHECKPOINT_RESTORE RESULT=skip> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_basic RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_with_tsync RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_kill_in_middle RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_signal RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_closed_listener RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_child_pid_ns RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_sibling_pid_ns RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_fault_recv RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_seccomp_get_notif_sizes RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_continue RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_filter_empty RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_ioctl_notification_filter_empty RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_filter_empty_threaded RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_addfd RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_addfd_rlimit RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_sync RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_fifo RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_wait_killable_pre_notification RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_wait_killable RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_user_notification_wait_killable_fatal RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_global_tsync_vs_dead_thread_leader RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRAP_dfl RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRAP_ign RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRAP_handler RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_allow_ok RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_kill_is_highest RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_kill_is_highest_in_any_order RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_trap_is_second RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_trap_is_second_in_any_order RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_errno_is_third RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_errno_is_third_in_any_order RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_trace_is_fourth RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_trace_is_fourth_in_any_order RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_log_is_fifth RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_precedence_log_is_fifth_in_any_order RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_poke_read_has_side_effects RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_poke_getpid_runs_normally RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_negative_ENOSYS RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_allowed RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_redirected RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_errno RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_syscall_faked RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_kill_immediate RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_skip_after RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_ptrace_kill_after RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_negative_ENOSYS RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_allowed RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_redirected RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_errno RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_syscall_faked RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_kill_immediate RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_skip_after RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TRACE_syscall_seccomp_kill_after RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_siblings_fail_prctl RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_with_ancestor RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_sibling_want_nnp RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_with_no_filter RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence_no_tid_in_err RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_TSYNC_two_siblings_not_under_filter RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_O_SUSPEND_SECCOMP_setoptions_Kernel_does_not_support_PTRACE_O_SUSPEND_SECCOMP_missing_CONFIG_CHECKPOINT_RESTORE RESULT=skip> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf_O_SUSPEND_SECCOMP_seize_Kernel_does_not_support_PTRACE_O_SUSPEND_SECCOMP_missing_CONFIG_CHECKPOINT_RESTORE RESULT=skip> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_bpf RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_native_1_bitmap RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_native_1_filter RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4 RESULT=fail> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_1_bitmapped_2_bitmapped RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_entry_1_bitmapped RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_entry_2_bitmapped RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark_native_entry_per_filter_4_4_filters_total RESULT=pass> <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=seccomp_seccomp_benchmark RESULT=fail> + set +x <LAVA_SIGNAL_ENDRUN 1_kselftest-seccomp 1575830_1.6.2.4.5> <LAVA_TEST_RUNNER EXIT> / # ===================================================== #kernelci test maestro:687779f42ce2c1874ed2365d Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

2 months, 1 week

3
3
0 0

[PATCH v2] nvmem: layouts: u-boot-env: remove crc32 endianness conversion

by srini＠kernel.org

From: "Michael C. Pratt" <mcpratt(a)pm.me> On 11 Oct 2022, it was reported that the crc32 verification of the u-boot environment failed only on big-endian systems for the u-boot-env nvmem layout driver with the following error. Invalid calculated CRC32: 0x88cd6f09 (expected: 0x096fcd88) This problem has been present since the driver was introduced, and before it was made into a layout driver. The suggested fix at the time was to use further endianness conversion macros in order to have both the stored and calculated crc32 values to compare always represented in the system's endianness. This was not accepted due to sparse warnings and some disagreement on how to handle the situation. Later on in a newer revision of the patch, it was proposed to use cpu_to_le32() for both values to compare instead of le32_to_cpu() and store the values as __le32 type to remove compilation errors. The necessity of this is based on the assumption that the use of crc32() requires endianness conversion because the algorithm uses little-endian, however, this does not prove to be the case and the issue is unrelated. Upon inspecting the current kernel code, there already is an existing use of le32_to_cpu() in this driver, which suggests there already is special handling for big-endian systems, however, it is big-endian systems that have the problem. This, being the only functional difference between architectures in the driver combined with the fact that the suggested fix was to use the exact same endianness conversion for the values brings up the possibility that it was not necessary to begin with, as the same endianness conversion for two values expected to be the same is expected to be equivalent to no conversion at all. After inspecting the u-boot environment of devices of both endianness and trying to remove the existing endianness conversion, the problem is resolved in an equivalent way as the other suggested fixes. Ultimately, it seems that u-boot is agnostic to endianness at least for the purpose of environment variables. In other words, u-boot reads and writes the stored crc32 value with the same endianness that the crc32 value is calculated with in whichever endianness a certain architecture runs on. Therefore, the u-boot-env driver does not need to convert endianness. Remove the usage of endianness macros in the u-boot-env driver, and change the type of local variables to maintain the same return type. If there is a special situation in the case of endianness, it would be a corner case and should be handled by a unique "compatible". Even though it is not necessary to use endianness conversion macros here, it may be useful to use them in the future for consistent error printing. Fixes: d5542923f200 ("nvmem: add driver handling U-Boot environment variables") Reported-by: INAGAKI Hiroshi <musashino.open(a)gmail.com> Link: https://lore.kernel.org/all/20221011024928.1807-1-musashino.open@gmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Michael C. Pratt <mcpratt(a)pm.me> Signed-off-by: Srinivas Kandagatla <srini(a)kernel.org> --- Changes since v1: - removed long list of short git ids as it was too much for small patch. drivers/nvmem/layouts/u-boot-env.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/nvmem/layouts/u-boot-env.c b/drivers/nvmem/layouts/u-boot-env.c index 436426d4e8f9..8571aac56295 100644 --- a/drivers/nvmem/layouts/u-boot-env.c +++ b/drivers/nvmem/layouts/u-boot-env.c @@ -92,7 +92,7 @@ int u_boot_env_parse(struct device *dev, struct nvmem_device *nvmem, size_t crc32_data_offset; size_t crc32_data_len; size_t crc32_offset; - __le32 *crc32_addr; + uint32_t *crc32_addr; size_t data_offset; size_t data_len; size_t dev_size; @@ -143,8 +143,8 @@ int u_boot_env_parse(struct device *dev, struct nvmem_device *nvmem, goto err_kfree; } - crc32_addr = (__le32 *)(buf + crc32_offset); - crc32 = le32_to_cpu(*crc32_addr); + crc32_addr = (uint32_t *)(buf + crc32_offset); + crc32 = *crc32_addr; crc32_data_len = dev_size - crc32_data_offset; data_len = dev_size - data_offset; -- 2.43.0

2 months, 1 week

1
0
0 0

[PATCH 6.12 1/2] arm64: defconfig: enable DRM_DISPLAY_CONNECTOR as a module

by Macpaul Lin

From: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> [ Upstream commit 691b5b53dbcc30bb3572cbb255374990723af0d2 ] The display connector family of bridges is used on a plenty of ARM64 platforms (including, but not being limited to several Qualcomm Robotics and Dragonboard platforms). It doesn't make sense for the DRM drivers to select the driver, so select it via the defconfig. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/r/20250214-arm64-display-connector-v1-1-306bca76316… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> [ Backport to 6.12.y ] Signed-off-by: Macpaul Lin <macpaul.lin(a)mediatek.com> --- arch/arm64/configs/defconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index 7e475f38f3e1..219ef05ee5a7 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -911,6 +911,7 @@ CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20=m CONFIG_DRM_PANEL_SITRONIX_ST7703=m CONFIG_DRM_PANEL_TRULY_NT35597_WQXGA=m CONFIG_DRM_PANEL_VISIONOX_VTDR6130=m +CONFIG_DRM_DISPLAY_CONNECTOR=m CONFIG_DRM_FSL_LDB=m CONFIG_DRM_LONTIUM_LT8912B=m CONFIG_DRM_LONTIUM_LT9611=m -- 2.45.2

2 months, 1 week

4
4
0 0

[PATCH v2] media: pci: ivtv: Add missing check after DMA map

by Thomas Fourier

The DMA map functions can fail and should be tested for errors. If the mapping fails, free blanking_ptr and set it to 0. As 0 is a valid DMA address, use blanking_ptr to test if the DMA address is set. Fixes: 1a0adaf37c30 ("V4L/DVB (5345): ivtv driver for Conexant cx23416/cx23415 MPEG encoder/decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> --- v1 -> v2: - Fix Fixes: line - Add Cc: stable drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-yuv.c | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/media/pci/ivtv/ivtv-irq.c b/drivers/media/pci/ivtv/ivtv-irq.c index 748c14e87963..4d63daa01eed 100644 --- a/drivers/media/pci/ivtv/ivtv-irq.c +++ b/drivers/media/pci/ivtv/ivtv-irq.c @@ -351,7 +351,7 @@ void ivtv_dma_stream_dec_prepare(struct ivtv_stream *s, u32 offset, int lock) /* Insert buffer block for YUV if needed */ if (s->type == IVTV_DEC_STREAM_TYPE_YUV && f->offset_y) { - if (yi->blanking_dmaptr) { + if (yi->blanking_ptr) { s->sg_pending[idx].src = yi->blanking_dmaptr; s->sg_pending[idx].dst = offset; s->sg_pending[idx].size = 720 * 16; diff --git a/drivers/media/pci/ivtv/ivtv-yuv.c b/drivers/media/pci/ivtv/ivtv-yuv.c index 2d9274537725..71f040106647 100644 --- a/drivers/media/pci/ivtv/ivtv-yuv.c +++ b/drivers/media/pci/ivtv/ivtv-yuv.c @@ -125,7 +125,7 @@ static int ivtv_yuv_prep_user_dma(struct ivtv *itv, struct ivtv_user_dma *dma, ivtv_udma_fill_sg_array(dma, y_buffer_offset, uv_buffer_offset, y_size); /* If we've offset the y plane, ensure top area is blanked */ - if (f->offset_y && yi->blanking_dmaptr) { + if (f->offset_y && yi->blanking_ptr) { dma->SGarray[dma->SG_length].size = cpu_to_le32(720*16); dma->SGarray[dma->SG_length].src = cpu_to_le32(yi->blanking_dmaptr); dma->SGarray[dma->SG_length].dst = cpu_to_le32(IVTV_DECODER_OFFSET + yuv_offset[frame]); @@ -929,6 +929,12 @@ static void ivtv_yuv_init(struct ivtv *itv) yi->blanking_dmaptr = dma_map_single(&itv->pdev->dev, yi->blanking_ptr, 720 * 16, DMA_TO_DEVICE); + if (dma_mapping_error(&itv->pdev->dev, yi->blanking_dmaptr)) { + kfree(yi->blanking_ptr); + yi->blanking_ptr = NULL; + yi->blanking_dmaptr = 0; + IVTV_DEBUG_WARN("Failed to dma_map yuv blanking buffer\n"); + } } else { yi->blanking_dmaptr = 0; IVTV_DEBUG_WARN("Failed to allocate yuv blanking buffer\n"); -- 2.43.0

2 months, 1 week

1
0
0 0

[PATCH 6.6.y] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented

by Mark Brown

[ Upstream commit a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac ] We have a number of hwcaps for various SME subfeatures enumerated via ID_AA64SMFR0_EL1. Currently we advertise these without cross checking against the main SME feature, advertised in ID_AA64PFR1_EL1.SME which means that if the two are out of sync userspace can see a confusing situation where SME subfeatures are advertised without the base SME hwcap. This can be readily triggered by using the arm64.nosme override which only masks out ID_AA64PFR1_EL1.SME, and there have also been reports of VMMs which do the same thing. Fix this as we did previously for SVE in 064737920bdb ("arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented") by filtering out the SME subfeature hwcaps when FEAT_SME is not present. Fixes: 5e64b862c482 ("arm64/sme: Basic enumeration support") Reported-by: Yury Khrustalev <yury.khrustalev(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250620-arm64-sme-filter-hwcaps-v1-1-02b9d3c2d8e… Signed-off-by: Will Deacon <will(a)kernel.org> Signed-off-by: Mark Brown <broonie(a)kernel.org> --- arch/arm64/kernel/cpufeature.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 82778258855d..b6d381f743f3 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2804,6 +2804,13 @@ static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) } #endif +#ifdef CONFIG_ARM64_SME +static bool has_sme_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sme() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -2875,20 +2882,20 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR2_EL1, MOPS, IMP, CAP_HWCAP, KERNEL_HWCAP_MOPS), HWCAP_CAP(ID_AA64ISAR2_EL1, BC, IMP, CAP_HWCAP, KERNEL_HWCAP_HBC), #ifdef CONFIG_ARM64_SME - HWCAP_CAP(ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME), - HWCAP_CAP(ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), - HWCAP_CAP(ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), + HWCAP_CAP(ID_MATCH_ID(has_sme_feature, AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), #endif /* CONFIG_ARM64_SME */ {}, }; --- base-commit: 9247f4e6573a4d05fe70c3e90dbd53da26e8c5cb change-id: 20250715-stable-6-6-sme-feat-filt-5e942478105f Best regards, -- Mark Brown <broonie(a)kernel.org>

2 months, 1 week

1
0
0 0

[PATCH net 5/5] rxrpc: Fix to use conn aborts for conn-wide failures

by David Howells

Fix rxrpc to use connection-level aborts for things that affect the whole connection, such as the service ID not matching a local service. Fixes: 57af281e5389 ("rxrpc: Tidy up abort generation infrastructure") Reported-by: Jeffrey Altman <jaltman(a)auristor.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- include/trace/events/rxrpc.h | 1 + net/rxrpc/ar-internal.h | 3 +++ net/rxrpc/call_accept.c | 12 ++++++------ net/rxrpc/io_thread.c | 14 ++++++++++++++ net/rxrpc/output.c | 19 ++++++++++--------- net/rxrpc/security.c | 8 ++++---- 6 files changed, 38 insertions(+), 19 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index 8e5a73eb5268..de6f6d25767c 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -322,6 +322,7 @@ EM(rxrpc_call_put_kernel, "PUT kernel ") \ EM(rxrpc_call_put_poke, "PUT poke ") \ EM(rxrpc_call_put_recvmsg, "PUT recvmsg ") \ + EM(rxrpc_call_put_release_recvmsg_q, "PUT rls-rcmq") \ EM(rxrpc_call_put_release_sock, "PUT rls-sock") \ EM(rxrpc_call_put_release_sock_tba, "PUT rls-sk-a") \ EM(rxrpc_call_put_sendmsg, "PUT sendmsg ") \ diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index df1a618dbf7d..5b7342d43486 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -44,6 +44,7 @@ enum rxrpc_skb_mark { RXRPC_SKB_MARK_SERVICE_CONN_SECURED, /* Service connection response has been verified */ RXRPC_SKB_MARK_REJECT_BUSY, /* Reject with BUSY */ RXRPC_SKB_MARK_REJECT_ABORT, /* Reject with ABORT (code in skb->priority) */ + RXRPC_SKB_MARK_REJECT_CONN_ABORT, /* Reject with connection ABORT (code in skb->priority) */ }; /* @@ -1253,6 +1254,8 @@ int rxrpc_encap_rcv(struct sock *, struct sk_buff *); void rxrpc_error_report(struct sock *); bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, s32 abort_code, int err); +bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, + s32 abort_code, int err); int rxrpc_io_thread(void *data); void rxrpc_post_response(struct rxrpc_connection *conn, struct sk_buff *skb); static inline void rxrpc_wake_up_io_thread(struct rxrpc_local *local) diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index a4d76f2da684..00982a030744 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -374,8 +374,8 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, spin_lock(&rx->incoming_lock); if (rx->sk.sk_state == RXRPC_SERVER_LISTEN_DISABLED || rx->sk.sk_state == RXRPC_CLOSE) { - rxrpc_direct_abort(skb, rxrpc_abort_shut_down, - RX_INVALID_OPERATION, -ESHUTDOWN); + rxrpc_direct_conn_abort(skb, rxrpc_abort_shut_down, + RX_INVALID_OPERATION, -ESHUTDOWN); goto no_call; } @@ -422,12 +422,12 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, unsupported_service: read_unlock_irq(&local->services_lock); - return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered, - RX_INVALID_OPERATION, -EOPNOTSUPP); + return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered, + RX_INVALID_OPERATION, -EOPNOTSUPP); unsupported_security: read_unlock_irq(&local->services_lock); - return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered, - RX_INVALID_OPERATION, -EKEYREJECTED); + return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered, + RX_INVALID_OPERATION, -EKEYREJECTED); no_call: spin_unlock(&rx->incoming_lock); read_unlock_irq(&local->services_lock); diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c index 27b650d30f4d..e939ecf417c4 100644 --- a/net/rxrpc/io_thread.c +++ b/net/rxrpc/io_thread.c @@ -97,6 +97,20 @@ bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, return false; } +/* + * Directly produce a connection abort from a packet. + */ +bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, + s32 abort_code, int err) +{ + struct rxrpc_skb_priv *sp = rxrpc_skb(skb); + + trace_rxrpc_abort(0, why, sp->hdr.cid, 0, sp->hdr.seq, abort_code, err); + skb->mark = RXRPC_SKB_MARK_REJECT_CONN_ABORT; + skb->priority = abort_code; + return false; +} + static bool rxrpc_bad_message(struct sk_buff *skb, enum rxrpc_abort_reason why) { return rxrpc_direct_abort(skb, why, RX_PROTOCOL_ERROR, -EBADMSG); diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index 17c33b5cf7dd..8b5903b6e481 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -829,7 +829,13 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) msg.msg_controllen = 0; msg.msg_flags = 0; - memset(&whdr, 0, sizeof(whdr)); + whdr = (struct rxrpc_wire_header) { + .epoch = htonl(sp->hdr.epoch), + .cid = htonl(sp->hdr.cid), + .callNumber = htonl(sp->hdr.callNumber), + .serviceId = htons(sp->hdr.serviceId), + .flags = ~sp->hdr.flags & RXRPC_CLIENT_INITIATED, + }; switch (skb->mark) { case RXRPC_SKB_MARK_REJECT_BUSY: @@ -837,6 +843,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) size = sizeof(whdr); ioc = 1; break; + case RXRPC_SKB_MARK_REJECT_CONN_ABORT: + whdr.callNumber = 0; + fallthrough; case RXRPC_SKB_MARK_REJECT_ABORT: whdr.type = RXRPC_PACKET_TYPE_ABORT; code = htonl(skb->priority); @@ -850,14 +859,6 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) if (rxrpc_extract_addr_from_skb(&srx, skb) == 0) { msg.msg_namelen = srx.transport_len; - whdr.epoch = htonl(sp->hdr.epoch); - whdr.cid = htonl(sp->hdr.cid); - whdr.callNumber = htonl(sp->hdr.callNumber); - whdr.serviceId = htons(sp->hdr.serviceId); - whdr.flags = sp->hdr.flags; - whdr.flags ^= RXRPC_CLIENT_INITIATED; - whdr.flags &= RXRPC_CLIENT_INITIATED; - iov_iter_kvec(&msg.msg_iter, WRITE, iov, ioc, size); ret = do_udp_sendmsg(local->socket, &msg, size); if (ret < 0) diff --git a/net/rxrpc/security.c b/net/rxrpc/security.c index 078d91a6b77f..2bfbf2b2bb37 100644 --- a/net/rxrpc/security.c +++ b/net/rxrpc/security.c @@ -140,15 +140,15 @@ const struct rxrpc_security *rxrpc_get_incoming_security(struct rxrpc_sock *rx, sec = rxrpc_security_lookup(sp->hdr.securityIndex); if (!sec) { - rxrpc_direct_abort(skb, rxrpc_abort_unsupported_security, - RX_INVALID_OPERATION, -EKEYREJECTED); + rxrpc_direct_conn_abort(skb, rxrpc_abort_unsupported_security, + RX_INVALID_OPERATION, -EKEYREJECTED); return NULL; } if (sp->hdr.securityIndex != RXRPC_SECURITY_NONE && !rx->securities) { - rxrpc_direct_abort(skb, rxrpc_abort_no_service_key, - sec->no_key_abort, -EKEYREJECTED); + rxrpc_direct_conn_abort(skb, rxrpc_abort_no_service_key, + sec->no_key_abort, -EKEYREJECTED); return NULL; }

2 months, 1 week

1
0
0 0

[PATCH net 4/5] rxrpc: Fix transmission of an abort in response to an abort

by David Howells

Under some circumstances, such as when a server socket is closing, ABORT packets will be generated in response to incoming packets. Unfortunately, this also may include generating aborts in response to incoming aborts - which may cause a cycle. It appears this may be made possible by giving the client a multicast address. Fix this such that rxrpc_reject_packet() will refuse to generate aborts in response to aborts. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Linus Torvalds <torvalds(a)linux-foundation.org> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- net/rxrpc/output.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index ef7b3096c95e..17c33b5cf7dd 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -814,6 +814,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) __be32 code; int ret, ioc; + if (sp->hdr.type == RXRPC_PACKET_TYPE_ABORT) + return; /* Never abort an abort. */ + rxrpc_see_skb(skb, rxrpc_skb_see_reject); iov[0].iov_base = &whdr;

2 months, 1 week

1
0
0 0

[PATCH net 2/5] rxrpc: Fix recv-recv race of completed call

by David Howells

If a call receives an event (such as incoming data), the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up the call off of the queue, further events will cause it to be requeued, and once the socket lock is dropped (recvmsg uses call->user_mutex to allow the socket to be used in parallel), a second thread can come in and its recvmsg can pop the call off the socket queue again. In such a case, the first thread will be receiving stuff from the call and the second thread will be blocked on call->user_mutex. The first thread can, at this point, process both the event that it picked call for and the event that the second thread picked the call for and may see the call terminate - in which case the call will be "released", decoupling the call from the user call ID assigned to it (RXRPC_USER_CALL_ID in the control message). The first thread will return okay, but then the second thread will wake up holding the user_mutex and, if it sees that the call has been released by the first thread, it will BUG thusly: kernel BUG at net/rxrpc/recvmsg.c:474! Fix this by just dequeuing the call and ignoring it if it is seen to be already released. We can't tell userspace about it anyway as the user call ID has become stale. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Reported-by: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- include/trace/events/rxrpc.h | 3 +++ net/rxrpc/call_accept.c | 1 + net/rxrpc/recvmsg.c | 19 +++++++++++++++++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index 378d2dfc7392..e7dcfb1369b6 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -330,12 +330,15 @@ EM(rxrpc_call_put_userid, "PUT user-id ") \ EM(rxrpc_call_see_accept, "SEE accept ") \ EM(rxrpc_call_see_activate_client, "SEE act-clnt") \ + EM(rxrpc_call_see_already_released, "SEE alrdy-rl") \ EM(rxrpc_call_see_connect_failed, "SEE con-fail") \ EM(rxrpc_call_see_connected, "SEE connect ") \ EM(rxrpc_call_see_conn_abort, "SEE conn-abt") \ + EM(rxrpc_call_see_discard, "SEE discard ") \ EM(rxrpc_call_see_disconnected, "SEE disconn ") \ EM(rxrpc_call_see_distribute_error, "SEE dist-err") \ EM(rxrpc_call_see_input, "SEE input ") \ + EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \ EM(rxrpc_call_see_release, "SEE release ") \ EM(rxrpc_call_see_userid_exists, "SEE u-exists") \ EM(rxrpc_call_see_waiting_call, "SEE q-conn ") \ diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index 226b4bf82747..a4d76f2da684 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -219,6 +219,7 @@ void rxrpc_discard_prealloc(struct rxrpc_sock *rx) tail = b->call_backlog_tail; while (CIRC_CNT(head, tail, size) > 0) { struct rxrpc_call *call = b->call_backlog[tail]; + rxrpc_see_call(call, rxrpc_call_see_discard); rcu_assign_pointer(call->socket, rx); if (rx->app_ops && rx->app_ops->discard_new_call) { diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index 86a27fb55a1c..6990e37697de 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -447,6 +447,16 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, goto try_again; } + rxrpc_see_call(call, rxrpc_call_see_recvmsg); + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_already_released); + list_del_init(&call->recvmsg_link); + spin_unlock_irq(&rx->recvmsg_lock); + release_sock(&rx->sk); + trace_rxrpc_recvmsg(call->debug_id, rxrpc_recvmsg_unqueue, 0); + rxrpc_put_call(call, rxrpc_call_put_recvmsg); + goto try_again; + } if (!(flags & MSG_PEEK)) list_del_init(&call->recvmsg_link); else @@ -470,8 +480,13 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, release_sock(&rx->sk); - if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) - BUG(); + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_already_released); + mutex_unlock(&call->user_mutex); + if (!(flags & MSG_PEEK)) + rxrpc_put_call(call, rxrpc_call_put_recvmsg); + goto try_again; + } ret = rxrpc_recvmsg_user_id(call, msg, flags); if (ret < 0)

2 months, 1 week

1
0
0 0

[PATCH net 1/5] rxrpc: Fix irq-disabled in local_bh_enable()

by David Howells

The rxrpc_assess_MTU_size() function calls down into the IP layer to find out the MTU size for a route. When accepting an incoming call, this is called from rxrpc_new_incoming_call() which holds interrupts disabled across the code that calls down to it. Unfortunately, the IP layer uses local_bh_enable() which, config dependent, throws a warning if IRQs are enabled: WARNING: CPU: 1 PID: 5544 at kernel/softirq.c:387 __local_bh_enable_ip+0x43/0xd0 ... RIP: 0010:__local_bh_enable_ip+0x43/0xd0 ... Call Trace: <TASK> rt_cache_route+0x7e/0xa0 rt_set_nexthop.isra.0+0x3b3/0x3f0 __mkroute_output+0x43a/0x460 ip_route_output_key_hash+0xf7/0x140 ip_route_output_flow+0x1b/0x90 rxrpc_assess_MTU_size.isra.0+0x2a0/0x590 rxrpc_new_incoming_peer+0x46/0x120 rxrpc_alloc_incoming_call+0x1b1/0x400 rxrpc_new_incoming_call+0x1da/0x5e0 rxrpc_input_packet+0x827/0x900 rxrpc_io_thread+0x403/0xb60 kthread+0x2f7/0x310 ret_from_fork+0x2a/0x230 ret_from_fork_asm+0x1a/0x30 ... hardirqs last enabled at (23): _raw_spin_unlock_irq+0x24/0x50 hardirqs last disabled at (24): _raw_read_lock_irq+0x17/0x70 softirqs last enabled at (0): copy_process+0xc61/0x2730 softirqs last disabled at (25): rt_add_uncached_list+0x3c/0x90 Fix this by moving the call to rxrpc_assess_MTU_size() out of rxrpc_init_peer() and further up the stack where it can be done without interrupts disabled. It shouldn't be a problem for rxrpc_new_incoming_call() to do it after the locks are dropped as pmtud is going to be performed by the I/O thread - and we're in the I/O thread at this point. Fixes: a2ea9a907260 ("rxrpc: Use irq-disabling spinlocks between app and I/O thread") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- net/rxrpc/ar-internal.h | 1 + net/rxrpc/call_accept.c | 1 + net/rxrpc/peer_object.c | 6 ++---- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index 376e33dce8c1..df1a618dbf7d 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -1383,6 +1383,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *, const struct sockaddr_rxrpc *); struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_local *local, struct sockaddr_rxrpc *srx, gfp_t gfp); +void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *peer); struct rxrpc_peer *rxrpc_alloc_peer(struct rxrpc_local *, gfp_t, enum rxrpc_peer_trace); void rxrpc_new_incoming_peer(struct rxrpc_local *local, struct rxrpc_peer *peer); diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index 49fccee1a726..226b4bf82747 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -406,6 +406,7 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, spin_unlock(&rx->incoming_lock); read_unlock_irq(&local->services_lock); + rxrpc_assess_MTU_size(local, call->peer); if (hlist_unhashed(&call->error_link)) { spin_lock_irq(&call->peer->lock); diff --git a/net/rxrpc/peer_object.c b/net/rxrpc/peer_object.c index e2f35e6c04d6..366431b0736c 100644 --- a/net/rxrpc/peer_object.c +++ b/net/rxrpc/peer_object.c @@ -149,8 +149,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *local, * assess the MTU size for the network interface through which this peer is * reached */ -static void rxrpc_assess_MTU_size(struct rxrpc_local *local, - struct rxrpc_peer *peer) +void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *peer) { struct net *net = local->net; struct dst_entry *dst; @@ -277,8 +276,6 @@ static void rxrpc_init_peer(struct rxrpc_local *local, struct rxrpc_peer *peer, peer->hdrsize += sizeof(struct rxrpc_wire_header); peer->max_data = peer->if_mtu - peer->hdrsize; - - rxrpc_assess_MTU_size(local, peer); } /* @@ -297,6 +294,7 @@ static struct rxrpc_peer *rxrpc_create_peer(struct rxrpc_local *local, if (peer) { memcpy(&peer->srx, srx, sizeof(*srx)); rxrpc_init_peer(local, peer, hash_key); + rxrpc_assess_MTU_size(local, peer); } _leave(" = %p", peer);

2 months, 1 week

1
0
0 0

Re: [PATCH 6.15 000/192] 6.15.7-rc1 review

by Dileep malepu

> This is the start of the stable review cycle for the 6.15.7 release. > There are 192 patches in this series, all will be posted as a response > to this one. If anyone has any issues with these being applied, please > let me know. > > Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000. > Anything received after that time might be too late. > > The whole patch series can be found in one patch at: > https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.7-rc1… > or in the git tree and branch at: > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y > and the diffstat can be found below. > > thanks, > > greg k-h Tested Linux kernel 6.15.7-rc1 on Fedora 37 (x86_64) with Intel i7-11800H. All major tests including boot, Wi-Fi, Bluetooth, audio, video, and USB mass storage detection passed successfully. Kernel Version : 6.15.7-rc1 Fedora Version : 37 (Thirty Seven) Processor : 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz Build Architecture: x86_64 Test Results: - Boot Test : PASS - Wi-Fi Test : PASS - Bluetooth Test : PASS - Audio Test : PASS - Video Test : PASS - USB Mass Storage Drive Detect : PASS Tested-by: Dileep Malepu <dileep.debian(a)gmail.com>

2 months, 1 week

1
0
0 0

[PATCH] kernel/fork: Increase minimum number of allowed threads

by Hauke Mehrtens

From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> A modern Linux system creates much more than 20 threads at bootup. When I booted up OpenWrt in qemu the system sometimes failed to boot up when it wanted to create the 419th thread. The VM had 128MB RAM and the calculation in set_max_threads() calculated that max_threads should be set to 419. When the system booted up it tried to notify the user space about every device it created because CONFIG_UEVENT_HELPER was set and used. I counted 1299 calles to call_usermodehelper_setup(), all of them try to create a new thread and call the userspace hotplug script in it. This fixes bootup of Linux on systems with low memory. I saw the problem with qemu 10.0.2 using these commands: qemu-system-aarch64 -machine virt -cpu cortex-a57 -nographic Cc: stable(a)vger.kernel.org Signed-off-by: Hauke Mehrtens <hauke(a)hauke-m.de> --- kernel/fork.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/fork.c b/kernel/fork.c index 7966c9a1c163..388299525f3c 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -115,7 +115,7 @@ /* * Minimum number of threads to boot the kernel */ -#define MIN_THREADS 20 +#define MIN_THREADS 600 /* * Maximum number of threads -- 2.50.1

2 months, 1 week

2
2
0 0

[PATCH v5 2/3] drm/amdgpu: Reset the clear flag in buddy during resume

by Arunpravin Paneer Selvam

- Added a handler in DRM buddy manager to reset the cleared flag for the blocks in the freelist. - This is necessary because, upon resuming, the VRAM becomes cluttered with BIOS data, yet the VRAM backend manager believes that everything has been cleared. v2: - Add lock before accessing drm_buddy_clear_reset_blocks()(Matthew Auld) - Force merge the two dirty blocks.(Matthew Auld) - Add a new unit test case for this issue.(Matthew Auld) - Having this function being able to flip the state either way would be good. (Matthew Brost) v3(Matthew Auld): - Do merge step first to avoid the use of extra reset flag. Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Suggested-by: Christian König <christian.koenig(a)amd.com> Acked-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: a68c7eaa7a8f ("drm/amdgpu: Enable clear page functionality") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 17 ++++++++ drivers/gpu/drm/drm_buddy.c | 43 ++++++++++++++++++++ include/drm/drm_buddy.h | 2 + 5 files changed, 65 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index 723ab95d8c48..ac92220f9fc3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -5327,6 +5327,8 @@ int amdgpu_device_resume(struct drm_device *dev, bool notify_clients) dev->dev->power.disable_depth--; #endif } + + amdgpu_vram_mgr_clear_reset_blocks(adev); adev->in_suspend = false; if (amdgpu_acpi_smart_shift_update(dev, AMDGPU_SS_DEV_D0)) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h index 215c198e4aff..2309df3f68a9 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h @@ -155,6 +155,7 @@ int amdgpu_vram_mgr_reserve_range(struct amdgpu_vram_mgr *mgr, uint64_t start, uint64_t size); int amdgpu_vram_mgr_query_page_status(struct amdgpu_vram_mgr *mgr, uint64_t start); +void amdgpu_vram_mgr_clear_reset_blocks(struct amdgpu_device *adev); bool amdgpu_res_cpu_visible(struct amdgpu_device *adev, struct ttm_resource *res); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c index abdc52b0895a..07c936e90d8e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c @@ -782,6 +782,23 @@ uint64_t amdgpu_vram_mgr_vis_usage(struct amdgpu_vram_mgr *mgr) return atomic64_read(&mgr->vis_usage); } +/** + * amdgpu_vram_mgr_clear_reset_blocks - reset clear blocks + * + * @adev: amdgpu device pointer + * + * Reset the cleared drm buddy blocks. + */ +void amdgpu_vram_mgr_clear_reset_blocks(struct amdgpu_device *adev) +{ + struct amdgpu_vram_mgr *mgr = &adev->mman.vram_mgr; + struct drm_buddy *mm = &mgr->mm; + + mutex_lock(&mgr->lock); + drm_buddy_reset_clear(mm, false); + mutex_unlock(&mgr->lock); +} + /** * amdgpu_vram_mgr_intersects - test each drm buddy block for intersection * diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index a1e652b7631d..a94061f373de 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -405,6 +405,49 @@ drm_get_buddy(struct drm_buddy_block *block) } EXPORT_SYMBOL(drm_get_buddy); +/** + * drm_buddy_reset_clear - reset blocks clear state + * + * @mm: DRM buddy manager + * @is_clear: blocks clear state + * + * Reset the clear state based on @is_clear value for each block + * in the freelist. + */ +void drm_buddy_reset_clear(struct drm_buddy *mm, bool is_clear) +{ + u64 root_size, size, start; + unsigned int order; + int i; + + size = mm->size; + for (i = 0; i < mm->n_roots; ++i) { + order = ilog2(size) - ilog2(mm->chunk_size); + start = drm_buddy_block_offset(mm->roots[i]); + __force_merge(mm, start, start + size, order); + + root_size = mm->chunk_size << order; + size -= root_size; + } + + for (i = 0; i <= mm->max_order; ++i) { + struct drm_buddy_block *block; + + list_for_each_entry_reverse(block, &mm->free_list[i], link) { + if (is_clear != drm_buddy_block_is_clear(block)) { + if (is_clear) { + mark_cleared(block); + mm->clear_avail += drm_buddy_block_size(mm, block); + } else { + clear_reset(block); + mm->clear_avail -= drm_buddy_block_size(mm, block); + } + } + } + } +} +EXPORT_SYMBOL(drm_buddy_reset_clear); + /** * drm_buddy_free_block - free a block * diff --git a/include/drm/drm_buddy.h b/include/drm/drm_buddy.h index 9689a7c5dd36..513837632b7d 100644 --- a/include/drm/drm_buddy.h +++ b/include/drm/drm_buddy.h @@ -160,6 +160,8 @@ int drm_buddy_block_trim(struct drm_buddy *mm, u64 new_size, struct list_head *blocks); +void drm_buddy_reset_clear(struct drm_buddy *mm, bool is_clear); + void drm_buddy_free_block(struct drm_buddy *mm, struct drm_buddy_block *block); void drm_buddy_free_list(struct drm_buddy *mm, -- 2.43.0

2 months, 1 week

3
5
0 0

[PATCH] PCI: j721e: Fix programming sequence of "strap" settings

by Siddharth Vadapalli

The Cadence PCIe Controller integrated in the TI K3 SoCs supports both Root-Complex and Endpoint modes of operation. The Glue Layer allows "strapping" the mode of operation of the Controller, the Link Speed and the Link Width. This is enabled by programming the "PCIEn_CTRL" register (n corresponds to the PCIe instance) within the CTRL_MMR memory-mapped register space. In the PCIe Controller's register space, the same set of registers that correspond to the Root-Port configuration space when the Controller is configured for Root-Complex mode of operation, also correspond to the Physical Function configuration space when the Controller is configured for Endpoint mode of operation. As a result, the "reset-value" of these set of registers _should_ vary depending on the selected mode of operation. This is the expected behavior according to the description of the registers and their reset values in the Technical Reference Manual for the SoCs. However, it is observed that the "reset-value" seen in practice do not match the description. To be precise, when the Controller is configured for Root-Complex mode of operation, the "reset-value" of the Root-Port configuration space reflect the "reset-value" corresponding to the Physical Function configuration space. This can be attributed to the fact that the "strap" settings play a role in "switching" the "reset-value" of the registers to match the expected values as determined by the selected mode of operation. Since the "strap" settings are sampled the moment the PCIe Controller is powered ON, the "reset-value" of the registers are setup at that point in time. As a result, if the "strap" settings are programmed at a later point in time, it _will not_ update the "reset-value" of the registers. This will cause the Physical Function configuration space to be seen when the Root-Port configuration space is accessed after programming the PCIe Controller for Root-Complex mode of operation. Fix this by powering off the PCIe Controller before programming the "strap" settings and powering it on after that. This will ensure that the "strap" settings that have been sampled convey the intended mode of operation, thereby resulting in the "reset-value" of the registers being accurate. Fixes: f3e25911a430 ("PCI: j721e: Add TI J721E PCIe driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit 155a3c003e55 Merge tag 'for-6.16/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm of Mainline Linux. Patch has been validated on the J7200 SoC which is affected by the existing programming sequence of the "strap" settings. Regards, Siddharth. drivers/pci/controller/cadence/pci-j721e.c | 82 ++++++++++++++-------- 1 file changed, 53 insertions(+), 29 deletions(-) diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c index 6c93f39d0288..d5e7cb7277dc 100644 --- a/drivers/pci/controller/cadence/pci-j721e.c +++ b/drivers/pci/controller/cadence/pci-j721e.c @@ -19,6 +19,7 @@ #include <linux/of.h> #include <linux/pci.h> #include <linux/platform_device.h> +#include <linux/pm_domain.h> #include <linux/pm_runtime.h> #include <linux/regmap.h> @@ -173,10 +174,9 @@ static const struct cdns_pcie_ops j721e_pcie_ops = { .link_up = j721e_pcie_link_up, }; -static int j721e_pcie_set_mode(struct j721e_pcie *pcie, struct regmap *syscon, - unsigned int offset) +static int j721e_pcie_set_mode(struct j721e_pcie *pcie, struct device *dev, + struct regmap *syscon, unsigned int offset) { - struct device *dev = pcie->cdns_pcie->dev; u32 mask = J721E_MODE_RC; u32 mode = pcie->mode; u32 val = 0; @@ -193,9 +193,9 @@ static int j721e_pcie_set_mode(struct j721e_pcie *pcie, struct regmap *syscon, } static int j721e_pcie_set_link_speed(struct j721e_pcie *pcie, + struct device *dev, struct regmap *syscon, unsigned int offset) { - struct device *dev = pcie->cdns_pcie->dev; struct device_node *np = dev->of_node; int link_speed; u32 val = 0; @@ -214,9 +214,9 @@ static int j721e_pcie_set_link_speed(struct j721e_pcie *pcie, } static int j721e_pcie_set_lane_count(struct j721e_pcie *pcie, + struct device *dev, struct regmap *syscon, unsigned int offset) { - struct device *dev = pcie->cdns_pcie->dev; u32 lanes = pcie->num_lanes; u32 mask = BIT(8); u32 val = 0; @@ -234,9 +234,9 @@ static int j721e_pcie_set_lane_count(struct j721e_pcie *pcie, } static int j721e_enable_acspcie_refclk(struct j721e_pcie *pcie, + struct device *dev, struct regmap *syscon) { - struct device *dev = pcie->cdns_pcie->dev; struct device_node *node = dev->of_node; u32 mask = ACSPCIE_PAD_DISABLE_MASK; struct of_phandle_args args; @@ -263,9 +263,8 @@ static int j721e_enable_acspcie_refclk(struct j721e_pcie *pcie, return 0; } -static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) +static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie, struct device *dev) { - struct device *dev = pcie->cdns_pcie->dev; struct device_node *node = dev->of_node; struct of_phandle_args args; unsigned int offset = 0; @@ -284,19 +283,19 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) if (!ret) offset = args.args[0]; - ret = j721e_pcie_set_mode(pcie, syscon, offset); + ret = j721e_pcie_set_mode(pcie, dev, syscon, offset); if (ret < 0) { dev_err(dev, "Failed to set pci mode\n"); return ret; } - ret = j721e_pcie_set_link_speed(pcie, syscon, offset); + ret = j721e_pcie_set_link_speed(pcie, dev, syscon, offset); if (ret < 0) { dev_err(dev, "Failed to set link speed\n"); return ret; } - ret = j721e_pcie_set_lane_count(pcie, syscon, offset); + ret = j721e_pcie_set_lane_count(pcie, dev, syscon, offset); if (ret < 0) { dev_err(dev, "Failed to set num-lanes\n"); return ret; @@ -308,7 +307,7 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) if (!syscon) return 0; - return j721e_enable_acspcie_refclk(pcie, syscon); + return j721e_enable_acspcie_refclk(pcie, dev, syscon); } static int cdns_ti_pcie_config_read(struct pci_bus *bus, unsigned int devfn, @@ -469,6 +468,47 @@ static int j721e_pcie_probe(struct platform_device *pdev) if (!pcie) return -ENOMEM; + pcie->mode = mode; + + ret = of_property_read_u32(node, "num-lanes", &num_lanes); + if (ret || num_lanes > data->max_lanes) { + dev_warn(dev, "num-lanes property not provided or invalid, setting num-lanes to 1\n"); + num_lanes = 1; + } + + pcie->num_lanes = num_lanes; + pcie->max_lanes = data->max_lanes; + + /* + * The PCIe Controller's registers have different "reset-value" depending + * on the "strap" settings programmed into the Controller's Glue Layer. + * This is because the same set of registers are used for representing the + * Physical Function configuration space in Endpoint mode and for + * representing the Root-Port configuration space in Root-Complex mode. + * + * The registers latch onto a "reset-value" based on the "strap" settings + * sampled after the Controller is powered on. Therefore, for the + * "reset-value" to be accurate, it is necessary to program the "strap" + * settings when the Controller is powered off, and power on the Controller + * after the "strap" settings have been programmed. + * + * The "strap" settings are programmed by "j721e_pcie_ctrl_init()". + * Therefore, power off the Controller before invoking "j721e_pcie_ctrl_init()", + * program the "strap" settings, and then power on the Controller. This ensures + * that the reset values are accurate and reflect the "strap" settings. + */ + dev_pm_domain_detach(dev, true); + + ret = j721e_pcie_ctrl_init(pcie, dev); + if (ret < 0) + return ret; + + ret = dev_pm_domain_attach(dev, true); + if (ret < 0) { + dev_err(dev, "failed to power on PCIe Controller\n"); + return ret; + } + switch (mode) { case PCI_MODE_RC: if (!IS_ENABLED(CONFIG_PCI_J721E_HOST)) @@ -510,7 +550,6 @@ static int j721e_pcie_probe(struct platform_device *pdev) return 0; } - pcie->mode = mode; pcie->linkdown_irq_regfield = data->linkdown_irq_regfield; base = devm_platform_ioremap_resource_byname(pdev, "intd_cfg"); @@ -523,15 +562,6 @@ static int j721e_pcie_probe(struct platform_device *pdev) return PTR_ERR(base); pcie->user_cfg_base = base; - ret = of_property_read_u32(node, "num-lanes", &num_lanes); - if (ret || num_lanes > data->max_lanes) { - dev_warn(dev, "num-lanes property not provided or invalid, setting num-lanes to 1\n"); - num_lanes = 1; - } - - pcie->num_lanes = num_lanes; - pcie->max_lanes = data->max_lanes; - if (dma_set_mask_and_coherent(dev, DMA_BIT_MASK(48))) return -EINVAL; @@ -547,12 +577,6 @@ static int j721e_pcie_probe(struct platform_device *pdev) goto err_get_sync; } - ret = j721e_pcie_ctrl_init(pcie); - if (ret < 0) { - dev_err_probe(dev, ret, "pm_runtime_get_sync failed\n"); - goto err_get_sync; - } - ret = devm_request_irq(dev, irq, j721e_pcie_link_irq_handler, 0, "j721e-pcie-link-down-irq", pcie); if (ret < 0) { @@ -680,7 +704,7 @@ static int j721e_pcie_resume_noirq(struct device *dev) struct cdns_pcie *cdns_pcie = pcie->cdns_pcie; int ret; - ret = j721e_pcie_ctrl_init(pcie); + ret = j721e_pcie_ctrl_init(pcie, dev); if (ret < 0) return ret; -- 2.34.1

2 months, 1 week

1
0
0 0

[PATCH] memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()

by Nathan Chancellor

A new warning in clang [1] points out that id_reg is uninitialized then passed to memstick_init_req() as a const pointer: drivers/memstick/core/memstick.c:330:59: error: variable 'id_reg' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 330 | memstick_init_req(&card->current_mrq, MS_TPC_READ_REG, &id_reg, | ^~~~~~ Commit de182cc8e882 ("drivers/memstick/core/memstick.c: avoid -Wnonnull warning") intentionally passed this variable uninitialized to avoid an -Wnonnull warning from a NULL value that was previously there because id_reg is never read from the call to memstick_init_req() in h_memstick_read_dev_id(). Just zero initialize id_reg to avoid the warning, which is likely happening in the majority of builds using modern compilers that support '-ftrivial-auto-var-init=zero'. Cc: stable(a)vger.kernel.org Fixes: de182cc8e882 ("drivers/memstick/core/memstick.c: avoid -Wnonnull warning") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Closes: https://github.com/ClangBuiltLinux/linux/issues/2105 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/memstick/core/memstick.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c index 043b9ec756ff..7f3f47db4c98 100644 --- a/drivers/memstick/core/memstick.c +++ b/drivers/memstick/core/memstick.c @@ -324,7 +324,7 @@ EXPORT_SYMBOL(memstick_init_req); static int h_memstick_read_dev_id(struct memstick_dev *card, struct memstick_request **mrq) { - struct ms_id_register id_reg; + struct ms_id_register id_reg = {}; if (!(*mrq)) { memstick_init_req(&card->current_mrq, MS_TPC_READ_REG, &id_reg, --- base-commit: ff09b71bf9daeca4f21d6e5e449641c9fad75b53 change-id: 20250715-memstick-fix-uninit-const-pointer-ed6f138bf40d Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months, 1 week

2
1
0 0

[PATCH v2 3/3] bus: mhi: keep device context through suspend cycles

by Muhammad Usama Anjum

Don't deinitialize the device context while going into suspend or hibernation cycles. Otherwise the resume may fail if at resume time, the memory pressure is high and no dma memory is available. At resume, only reset the read/write ring pointers as rings may have stale data. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6 Fixes: 3000f85b8f47 ("bus: mhi: core: Add support for basic PM operations") Cc: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> Cc: stable(a)vger.kernel.org Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- Changes since v1: - Cc stable and fix tested on tag - Add logic to reset rings at resume --- drivers/bus/mhi/host/init.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/drivers/bus/mhi/host/init.c b/drivers/bus/mhi/host/init.c index 46ed0ae2ac285..6513012311ce3 100644 --- a/drivers/bus/mhi/host/init.c +++ b/drivers/bus/mhi/host/init.c @@ -474,6 +474,24 @@ static int mhi_init_dev_ctxt(struct mhi_controller *mhi_cntrl) return ret; } +static void mhi_reset_dev_rings(struct mhi_controller *mhi_cntrl) +{ + struct mhi_event *mhi_event = mhi_cntrl->mhi_event; + struct mhi_cmd *mhi_cmd = mhi_cntrl->mhi_cmd; + struct mhi_ring *ring; + int i; + + for (i = 0; i < mhi_cntrl->total_ev_rings; i++, mhi_event++) { + ring = &mhi_event->ring; + ring->rp = ring->wp = ring->base; + } + + for (i = 0; i < NR_OF_CMD_RINGS; i++, mhi_cmd++) { + ring = &mhi_cmd->ring; + ring->rp = ring->wp = ring->base; + } +} + int mhi_init_mmio(struct mhi_controller *mhi_cntrl) { u32 val; @@ -1133,9 +1151,13 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl) mutex_lock(&mhi_cntrl->pm_mutex); - ret = mhi_init_dev_ctxt(mhi_cntrl); - if (ret) - goto error_dev_ctxt; + if (!mhi_cntrl->mhi_ctxt) { + ret = mhi_init_dev_ctxt(mhi_cntrl); + if (ret) + goto error_dev_ctxt; + } else { + mhi_reset_dev_rings(mhi_cntrl); + } ret = mhi_read_reg(mhi_cntrl, mhi_cntrl->regs, BHIOFF, &bhi_off); if (ret) { @@ -1212,8 +1234,6 @@ void mhi_deinit_dev_ctxt(struct mhi_controller *mhi_cntrl) { mhi_cntrl->bhi = NULL; mhi_cntrl->bhie = NULL; - - __mhi_deinit_dev_ctxt(mhi_cntrl); } void mhi_unprepare_after_power_down(struct mhi_controller *mhi_cntrl) @@ -1239,6 +1259,7 @@ void mhi_unprepare_after_power_down(struct mhi_controller *mhi_cntrl) } mhi_deinit_dev_ctxt(mhi_cntrl); + __mhi_deinit_dev_ctxt(mhi_cntrl); } EXPORT_SYMBOL_GPL(mhi_unprepare_after_power_down); -- 2.39.5

2 months, 1 week

2
1
0 0

[PATCH v2 2/3] bus: mhi: host: keep bhie buffer through suspend cycle

by Muhammad Usama Anjum

When there is memory pressure, at resume time dma_alloc_coherent() returns error which in turn fails the loading of the firmware and hence the driver crashes. Fix it by allocating only once and then reuse the same allocated memory. As we'll allocate this memory only once, this memory will stays allocated. Fixes: f88f1d0998ea ("bus: mhi: host: Add a policy to enable image transfer via BHIe in PBL") Cc: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> Cc: stable(a)vger.kernel.org Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- Changes since v1: - Added in v2 --- drivers/bus/mhi/host/boot.c | 19 ++++++++++++------- drivers/bus/mhi/host/init.c | 5 +++++ include/linux/mhi.h | 1 + 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c index 9fc983bc12d49..9f35ce9d670e7 100644 --- a/drivers/bus/mhi/host/boot.c +++ b/drivers/bus/mhi/host/boot.c @@ -478,17 +478,22 @@ static int mhi_load_image_bhi(struct mhi_controller *mhi_cntrl, const u8 *fw_dat static int mhi_load_image_bhie(struct mhi_controller *mhi_cntrl, const u8 *fw_data, size_t size) { - struct image_info *image; + struct image_info **image = &mhi_cntrl->bhie_image; int ret; - ret = mhi_alloc_bhie_table(mhi_cntrl, &image, size); - if (ret) - return ret; + if (!(*image)) { + ret = mhi_alloc_bhie_table(mhi_cntrl, image, size); + if (ret) + return ret; - mhi_firmware_copy_bhie(mhi_cntrl, fw_data, size, image); + mhi_firmware_copy_bhie(mhi_cntrl, fw_data, size, *image); + } - ret = mhi_fw_load_bhie(mhi_cntrl, &image->mhi_buf[image->entries - 1]); - mhi_free_bhie_table(mhi_cntrl, image); + ret = mhi_fw_load_bhie(mhi_cntrl, &(*image)->mhi_buf[(*image)->entries - 1]); + if (ret) { + mhi_free_bhie_table(mhi_cntrl, *image); + *image = NULL; + } return ret; } diff --git a/drivers/bus/mhi/host/init.c b/drivers/bus/mhi/host/init.c index 2e0f18c939e68..46ed0ae2ac285 100644 --- a/drivers/bus/mhi/host/init.c +++ b/drivers/bus/mhi/host/init.c @@ -1228,6 +1228,11 @@ void mhi_unprepare_after_power_down(struct mhi_controller *mhi_cntrl) mhi_cntrl->rddm_image = NULL; } + if (mhi_cntrl->bhie_image) { + mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->bhie_image); + mhi_cntrl->bhie_image = NULL; + } + if (mhi_cntrl->bhi_image) { mhi_free_bhi_buffer(mhi_cntrl, mhi_cntrl->bhi_image); mhi_cntrl->bhi_image = NULL; diff --git a/include/linux/mhi.h b/include/linux/mhi.h index 593012f779d97..77986cd66fda3 100644 --- a/include/linux/mhi.h +++ b/include/linux/mhi.h @@ -391,6 +391,7 @@ struct mhi_controller { size_t reg_len; struct image_info *fbc_image; struct image_info *rddm_image; + struct image_info *bhie_image; struct image_info *bhi_image; struct mhi_chan *mhi_chan; struct list_head lpm_chans; -- 2.39.5

2 months, 1 week

2
1
0 0

[PATCH] wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()

by Nathan Chancellor

A new warning in clang [1] complains that diq_start in wlc_lcnphy_tx_iqlo_cal() is passed uninitialized as a const pointer to wlc_lcnphy_common_read_table(): drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c:2728:13: error: variable 'diq_start' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 2728 | &diq_start, 1, 16, 69); | ^~~~~~~~~ The table pointer passed to wlc_lcnphy_common_read_table() should not be considered constant, as wlc_phy_read_table() is ultimately going to update it. Remove the const qualifier from the tbl_ptr to clear up the warning. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/2108 Fixes: 5b435de0d786 ("net: wireless: add brcm80211 drivers") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c index d0faba240561..b4bba67a45ec 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c @@ -919,7 +919,7 @@ void wlc_lcnphy_read_table(struct brcms_phy *pi, struct phytbl_info *pti) static void wlc_lcnphy_common_read_table(struct brcms_phy *pi, u32 tbl_id, - const u16 *tbl_ptr, u32 tbl_len, + u16 *tbl_ptr, u32 tbl_len, u32 tbl_width, u32 tbl_offset) { struct phytbl_info tab; --- base-commit: bbc19fef578970158847a41d9b6b6b218034b8c2 change-id: 20250715-brcmsmac-fix-uninit-const-pointer-d35114a50936 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months, 1 week

2
1
0 0

[PATCH v4 2/3] drm/amdgpu: Reset the clear flag in buddy during resume

by Arunpravin Paneer Selvam

- Added a handler in DRM buddy manager to reset the cleared flag for the blocks in the freelist. - This is necessary because, upon resuming, the VRAM becomes cluttered with BIOS data, yet the VRAM backend manager believes that everything has been cleared. v2: - Add lock before accessing drm_buddy_clear_reset_blocks()(Matthew Auld) - Force merge the two dirty blocks.(Matthew Auld) - Add a new unit test case for this issue.(Matthew Auld) - Having this function being able to flip the state either way would be good. (Matthew Brost) v3(Matthew Auld): - Do merge step first to avoid the use of extra reset flag. Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Suggested-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: a68c7eaa7a8f ("drm/amdgpu: Enable clear page functionality") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 17 ++++++++ drivers/gpu/drm/drm_buddy.c | 43 ++++++++++++++++++++ include/drm/drm_buddy.h | 2 + 5 files changed, 65 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index 723ab95d8c48..ac92220f9fc3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -5327,6 +5327,8 @@ int amdgpu_device_resume(struct drm_device *dev, bool notify_clients) dev->dev->power.disable_depth--; #endif } + + amdgpu_vram_mgr_clear_reset_blocks(adev); adev->in_suspend = false; if (amdgpu_acpi_smart_shift_update(dev, AMDGPU_SS_DEV_D0)) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h index 215c198e4aff..2309df3f68a9 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h @@ -155,6 +155,7 @@ int amdgpu_vram_mgr_reserve_range(struct amdgpu_vram_mgr *mgr, uint64_t start, uint64_t size); int amdgpu_vram_mgr_query_page_status(struct amdgpu_vram_mgr *mgr, uint64_t start); +void amdgpu_vram_mgr_clear_reset_blocks(struct amdgpu_device *adev); bool amdgpu_res_cpu_visible(struct amdgpu_device *adev, struct ttm_resource *res); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c index abdc52b0895a..07c936e90d8e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c @@ -782,6 +782,23 @@ uint64_t amdgpu_vram_mgr_vis_usage(struct amdgpu_vram_mgr *mgr) return atomic64_read(&mgr->vis_usage); } +/** + * amdgpu_vram_mgr_clear_reset_blocks - reset clear blocks + * + * @adev: amdgpu device pointer + * + * Reset the cleared drm buddy blocks. + */ +void amdgpu_vram_mgr_clear_reset_blocks(struct amdgpu_device *adev) +{ + struct amdgpu_vram_mgr *mgr = &adev->mman.vram_mgr; + struct drm_buddy *mm = &mgr->mm; + + mutex_lock(&mgr->lock); + drm_buddy_reset_clear(mm, false); + mutex_unlock(&mgr->lock); +} + /** * amdgpu_vram_mgr_intersects - test each drm buddy block for intersection * diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index a1e652b7631d..a94061f373de 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -405,6 +405,49 @@ drm_get_buddy(struct drm_buddy_block *block) } EXPORT_SYMBOL(drm_get_buddy); +/** + * drm_buddy_reset_clear - reset blocks clear state + * + * @mm: DRM buddy manager + * @is_clear: blocks clear state + * + * Reset the clear state based on @is_clear value for each block + * in the freelist. + */ +void drm_buddy_reset_clear(struct drm_buddy *mm, bool is_clear) +{ + u64 root_size, size, start; + unsigned int order; + int i; + + size = mm->size; + for (i = 0; i < mm->n_roots; ++i) { + order = ilog2(size) - ilog2(mm->chunk_size); + start = drm_buddy_block_offset(mm->roots[i]); + __force_merge(mm, start, start + size, order); + + root_size = mm->chunk_size << order; + size -= root_size; + } + + for (i = 0; i <= mm->max_order; ++i) { + struct drm_buddy_block *block; + + list_for_each_entry_reverse(block, &mm->free_list[i], link) { + if (is_clear != drm_buddy_block_is_clear(block)) { + if (is_clear) { + mark_cleared(block); + mm->clear_avail += drm_buddy_block_size(mm, block); + } else { + clear_reset(block); + mm->clear_avail -= drm_buddy_block_size(mm, block); + } + } + } + } +} +EXPORT_SYMBOL(drm_buddy_reset_clear); + /** * drm_buddy_free_block - free a block * diff --git a/include/drm/drm_buddy.h b/include/drm/drm_buddy.h index 9689a7c5dd36..513837632b7d 100644 --- a/include/drm/drm_buddy.h +++ b/include/drm/drm_buddy.h @@ -160,6 +160,8 @@ int drm_buddy_block_trim(struct drm_buddy *mm, u64 new_size, struct list_head *blocks); +void drm_buddy_reset_clear(struct drm_buddy *mm, bool is_clear); + void drm_buddy_free_block(struct drm_buddy *mm, struct drm_buddy_block *block); void drm_buddy_free_list(struct drm_buddy *mm, -- 2.43.0

2 months, 1 week

3
2
0 0

[PATCH stable 6.12] selftests/bpf: Set test path for token/obj_priv_implicit_token_envvar

by Shung-Hsi Yu

From: Ihor Solodrai <ihor.solodrai(a)pm.me> Commit f01750aecdfb8bfb02842f60af3d805a3ae7267a upstream. token/obj_priv_implicit_token_envvar test may fail in an environment where the process executing tests can not write to the root path. Example: https://github.com/libbpf/libbpf/actions/runs/11844507007/job/33007897936 Change default path used by the test to /tmp/bpf-token-fs, and make it runtime configurable via an environment variable. Signed-off-by: Ihor Solodrai <ihor.solodrai(a)pm.me> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20241115003853.864397-1-ihor.solodrai@pm.me Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- Without this patch test_prog's token/obj_priv_implicit_token_envvar test will fail. --- .../testing/selftests/bpf/prog_tests/token.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/token.c b/tools/testing/selftests/bpf/prog_tests/token.c index fe86e4fdb89c..c3ab9b6fb069 100644 --- a/tools/testing/selftests/bpf/prog_tests/token.c +++ b/tools/testing/selftests/bpf/prog_tests/token.c @@ -828,8 +828,12 @@ static int userns_obj_priv_btf_success(int mnt_fd, struct token_lsm *lsm_skel) return validate_struct_ops_load(mnt_fd, true /* should succeed */); } +static const char *token_bpffs_custom_dir() +{ + return getenv("BPF_SELFTESTS_BPF_TOKEN_DIR") ?: "/tmp/bpf-token-fs"; +} + #define TOKEN_ENVVAR "LIBBPF_BPF_TOKEN_PATH" -#define TOKEN_BPFFS_CUSTOM "/bpf-token-fs" static int userns_obj_priv_implicit_token(int mnt_fd, struct token_lsm *lsm_skel) { @@ -892,6 +896,7 @@ static int userns_obj_priv_implicit_token(int mnt_fd, struct token_lsm *lsm_skel static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *lsm_skel) { + const char *custom_dir = token_bpffs_custom_dir(); LIBBPF_OPTS(bpf_object_open_opts, opts); struct dummy_st_ops_success *skel; int err; @@ -909,10 +914,10 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l * BPF token implicitly, unless pointed to it through * LIBBPF_BPF_TOKEN_PATH envvar */ - rmdir(TOKEN_BPFFS_CUSTOM); - if (!ASSERT_OK(mkdir(TOKEN_BPFFS_CUSTOM, 0777), "mkdir_bpffs_custom")) + rmdir(custom_dir); + if (!ASSERT_OK(mkdir(custom_dir, 0777), "mkdir_bpffs_custom")) goto err_out; - err = sys_move_mount(mnt_fd, "", AT_FDCWD, TOKEN_BPFFS_CUSTOM, MOVE_MOUNT_F_EMPTY_PATH); + err = sys_move_mount(mnt_fd, "", AT_FDCWD, custom_dir, MOVE_MOUNT_F_EMPTY_PATH); if (!ASSERT_OK(err, "move_mount_bpffs")) goto err_out; @@ -925,7 +930,7 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l goto err_out; } - err = setenv(TOKEN_ENVVAR, TOKEN_BPFFS_CUSTOM, 1 /*overwrite*/); + err = setenv(TOKEN_ENVVAR, custom_dir, 1 /*overwrite*/); if (!ASSERT_OK(err, "setenv_token_path")) goto err_out; @@ -951,11 +956,11 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l if (!ASSERT_ERR(err, "obj_empty_token_path_load")) goto err_out; - rmdir(TOKEN_BPFFS_CUSTOM); + rmdir(custom_dir); unsetenv(TOKEN_ENVVAR); return 0; err_out: - rmdir(TOKEN_BPFFS_CUSTOM); + rmdir(custom_dir); unsetenv(TOKEN_ENVVAR); return -EINVAL; } -- 2.50.1

2 months, 1 week

1
0
0 0

[PATCH] tracing/probes: Avoid using params uninitialized in parse_btf_arg()

by Nathan Chancellor

After a recent change in clang to strengthen uninitialized warnings [1], it points out that in one of the error paths in parse_btf_arg(), params is used uninitialized: kernel/trace/trace_probe.c:660:19: warning: variable 'params' is uninitialized when used here [-Wuninitialized] 660 | return PTR_ERR(params); | ^~~~~~ Match many other NO_BTF_ENTRY error cases and return -ENOENT, clearing up the warning. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/2110 Fixes: d157d7694460 ("tracing/probes: Support BTF field access from $retval") Link: https://github.com/llvm/llvm-project/commit/2464313eef01c5b1edf0eccf57a32cd… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- kernel/trace/trace_probe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c index 424751cdf31f..40830a3ecd96 100644 --- a/kernel/trace/trace_probe.c +++ b/kernel/trace/trace_probe.c @@ -657,7 +657,7 @@ static int parse_btf_arg(char *varname, ret = query_btf_context(ctx); if (ret < 0 || ctx->nr_params == 0) { trace_probe_log_err(ctx->offset, NO_BTF_ENTRY); - return PTR_ERR(params); + return -ENOENT; } } params = ctx->params; --- base-commit: 6921d1e07cb5eddec830801087b419194fde0803 change-id: 20250715-trace_probe-fix-const-uninit-warning-7dc3accce903 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months, 1 week

2
1
0 0

[PATCH net v2] net: libwx: fix multicast packets received count

by Jiawen Wu

Multicast good packets received by PF rings that pass ethternet MAC address filtering are counted for rtnl_link_stats64.multicast. The counter is not cleared on read. Fix the duplicate counting on updating statistics. Fixes: 46b92e10d631 ("net: libwx: support hardware statistics") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- v1 -> v2: - add code comment --- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_hw.c b/drivers/net/ethernet/wangxun/libwx/wx_hw.c index 0f4be72116b8..7ae3786d90b8 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_hw.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_hw.c @@ -2778,6 +2778,8 @@ void wx_update_stats(struct wx *wx) hwstats->fdirmiss += rd32(wx, WX_RDB_FDIR_MISS); } + /* qmprc is not cleared on read, manual reset it */ + hwstats->qmprc = 0; for (i = wx->num_vfs * wx->num_rx_queues_per_pool; i < wx->mac.max_rx_queues; i++) hwstats->qmprc += rd32(wx, WX_PX_MPRC(i)); -- 2.48.1

2 months, 1 week

3
2
0 0

[PATCH net 0/3] mptcp: fix fallback-related races

by Matthieu Baerts (NGI0)

This series contains 3 fixes somewhat related to various races we have while handling fallback. The root cause of the issues addressed here is that the check for "we can fallback to tcp now" and the related action are not atomic. That also applies to fallback due to MP_FAIL -- where the window race is even wider. Address the issue introducing an additional spinlock to bundle together all the relevant events, as per patch 1 and 2. These fixes can be backported up to v5.19 and v5.15. Note that mptcp_disconnect() unconditionally clears the fallback status (zeroing msk->flags) but don't touch the `allows_infinite_fallback` flag. Such issue is addressed in patch 3, and can be backported up to v5.17. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Paolo Abeni (3): mptcp: make fallback action and fallback decision atomic mptcp: plug races between subflow fail and subflow creation mptcp: reset fallback status gracefully at disconnect() time net/mptcp/options.c | 3 ++- net/mptcp/pm.c | 8 +++++++- net/mptcp/protocol.c | 56 ++++++++++++++++++++++++++++++++++++++++++++-------- net/mptcp/protocol.h | 29 ++++++++++++++++++++------- net/mptcp/subflow.c | 30 +++++++++++++++++----------- 5 files changed, 98 insertions(+), 28 deletions(-) --- base-commit: b640daa2822a39ff76e70200cb2b7b892b896dce change-id: 20250714-net-mptcp-fallback-races-a99f171cf5ca Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

2 months, 1 week

2
4
0 0

[PATCH] drm/msm/dpu: Initialize crtc_state to NULL in dpu_plane_virtual_atomic_check()

by Nathan Chancellor

After a recent change in clang to expose uninitialized warnings from const variables and pointers [1], there is a warning around crtc_state in dpu_plane_virtual_atomic_check(): drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1145:6: error: variable 'crtc_state' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] 1145 | if (plane_state->crtc) | ^~~~~~~~~~~~~~~~~ drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1149:58: note: uninitialized use occurs here 1149 | ret = dpu_plane_atomic_check_nosspp(plane, plane_state, crtc_state); | ^~~~~~~~~~ drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1145:2: note: remove the 'if' if its condition is always true 1145 | if (plane_state->crtc) | ^~~~~~~~~~~~~~~~~~~~~~ 1146 | crtc_state = drm_atomic_get_new_crtc_state(state, drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c:1139:35: note: initialize the variable 'crtc_state' to silence this warning 1139 | struct drm_crtc_state *crtc_state; | ^ | = NULL Initialize crtc_state to NULL like other places in the driver do, so that it is consistently initialized. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/2106 Fixes: 774bcfb73176 ("drm/msm/dpu: add support for virtual planes") Link: https://github.com/llvm/llvm-project/commit/2464313eef01c5b1edf0eccf57a32cd… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c index 421138bc3cb7..30ff21c01a36 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c @@ -1136,7 +1136,7 @@ static int dpu_plane_virtual_atomic_check(struct drm_plane *plane, struct drm_plane_state *old_plane_state = drm_atomic_get_old_plane_state(state, plane); struct dpu_plane_state *pstate = to_dpu_plane_state(plane_state); - struct drm_crtc_state *crtc_state; + struct drm_crtc_state *crtc_state = NULL; int ret; if (IS_ERR(plane_state)) --- base-commit: d3deabe4c619875714b9a844b1a3d9752dbae1dd change-id: 20250715-drm-msm-fix-const-uninit-warning-2b93cef9f1c6 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months, 1 week

2
1
0 0

[PATCH] wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data()

by Nathan Chancellor

A new warning in clang [1] points out a couple of places where a hdr variable is not initialized then passed along to skb_put_data(). drivers/net/wireless/mediatek/mt76/mt7996/mcu.c:1894:21: warning: variable 'hdr' is uninitialized when passed as a const pointer argument here [-Wuninitialized-const-pointer] 1894 | skb_put_data(skb, &hdr, sizeof(hdr)); | ^~~ drivers/net/wireless/mediatek/mt76/mt7996/mcu.c:3386:21: warning: variable 'hdr' is uninitialized when passed as a const pointer argument here [-Wuninitialized-const-pointer] 3386 | skb_put_data(skb, &hdr, sizeof(hdr)); | ^~~ Zero initialize these headers as done in other places in the driver when there is nothing stored in the header. Cc: stable(a)vger.kernel.org Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Closes: https://github.com/ClangBuiltLinux/linux/issues/2104 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c index 994526c65bfc..640abb4dce7f 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c @@ -1879,8 +1879,8 @@ mt7996_mcu_get_mmps_mode(enum ieee80211_smps_mode smps) int mt7996_mcu_set_fixed_rate_ctrl(struct mt7996_dev *dev, void *data, u16 version) { + struct uni_header hdr = {}; struct ra_fixed_rate *req; - struct uni_header hdr; struct sk_buff *skb; struct tlv *tlv; int len; @@ -3373,7 +3373,7 @@ int mt7996_mcu_set_hdr_trans(struct mt7996_dev *dev, bool hdr_trans) { struct { u8 __rsv[4]; - } __packed hdr; + } __packed hdr = {}; struct hdr_trans_blacklist *req_blacklist; struct hdr_trans_en *req_en; struct sk_buff *skb; --- base-commit: eb8352ee2d1e70f916fac02094dca2b435076fa4 change-id: 20250715-mt7996-fix-uninit-const-pointer-01e1dd03d444 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months, 1 week

1
0
0 0

[PATCH linux-6.12.y 1/2] selftests/bpf: Add a test for arena range tree algorithm

by Yifei Liu

From: Alexei Starovoitov <ast(a)kernel.org> Add a test that verifies specific behavior of arena range tree algorithm and adjust existing big_alloc1 test due to use of global data in arena. Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor(a)gmail.com> Link: https://lore.kernel.org/bpf/20241108025616.17625-3-alexei.starovoitov@gmail… (cherry picked from commit e58358afa84e8e271a296459d35d1715c7572013) [Yifei: This commit fixes the failure of verifier_arena_large test over 64k page size kernels. This commit also introduce some new tests targeting the new feature, arena range tree algorithm, which is not in linux-6.12.y, I just comment out the test headers so that it would not be run here. If this feature is introduced later, we can just uncomment those two lines.] Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com> --- .../bpf/progs/verifier_arena_large.c | 110 +++++++++++++++++- 1 file changed, 108 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/verifier_arena_large.c b/tools/testing/selftests/bpf/progs/verifier_arena_large.c index 6065f862d964..f318675814c6 100644 --- a/tools/testing/selftests/bpf/progs/verifier_arena_large.c +++ b/tools/testing/selftests/bpf/progs/verifier_arena_large.c @@ -29,12 +29,12 @@ int big_alloc1(void *ctx) if (!page1) return 1; *page1 = 1; - page2 = bpf_arena_alloc_pages(&arena, base + ARENA_SIZE - PAGE_SIZE, + page2 = bpf_arena_alloc_pages(&arena, base + ARENA_SIZE - PAGE_SIZE * 2, 1, NUMA_NO_NODE, 0); if (!page2) return 2; *page2 = 2; - no_page = bpf_arena_alloc_pages(&arena, base + ARENA_SIZE, + no_page = bpf_arena_alloc_pages(&arena, base + ARENA_SIZE - PAGE_SIZE, 1, NUMA_NO_NODE, 0); if (no_page) return 3; @@ -66,4 +66,110 @@ int big_alloc1(void *ctx) #endif return 0; } + +#if defined(__BPF_FEATURE_ADDR_SPACE_CAST) +#define PAGE_CNT 100 +__u8 __arena * __arena page[PAGE_CNT]; /* occupies the first page */ +__u8 __arena *base; + +/* + * Check that arena's range_tree algorithm allocates pages sequentially + * on the first pass and then fills in all gaps on the second pass. + */ +__noinline int alloc_pages(int page_cnt, int pages_atonce, bool first_pass, + int max_idx, int step) +{ + __u8 __arena *pg; + int i, pg_idx; + + for (i = 0; i < page_cnt; i++) { + pg = bpf_arena_alloc_pages(&arena, NULL, pages_atonce, + NUMA_NO_NODE, 0); + if (!pg) + return step; + pg_idx = (pg - base) / PAGE_SIZE; + if (first_pass) { + /* Pages must be allocated sequentially */ + if (pg_idx != i) + return step + 100; + } else { + /* Allocator must fill into gaps */ + if (pg_idx >= max_idx || (pg_idx & 1)) + return step + 200; + } + *pg = pg_idx; + page[pg_idx] = pg; + cond_break; + } + return 0; +} + +//SEC("syscall") +//__success __retval(0) +int big_alloc2(void *ctx) +{ + __u8 __arena *pg; + int i, err; + + base = bpf_arena_alloc_pages(&arena, NULL, 1, NUMA_NO_NODE, 0); + if (!base) + return 1; + bpf_arena_free_pages(&arena, (void __arena *)base, 1); + + err = alloc_pages(PAGE_CNT, 1, true, PAGE_CNT, 2); + if (err) + return err; + + /* Clear all even pages */ + for (i = 0; i < PAGE_CNT; i += 2) { + pg = page[i]; + if (*pg != i) + return 3; + bpf_arena_free_pages(&arena, (void __arena *)pg, 1); + page[i] = NULL; + cond_break; + } + + /* Allocate into freed gaps */ + err = alloc_pages(PAGE_CNT / 2, 1, false, PAGE_CNT, 4); + if (err) + return err; + + /* Free pairs of pages */ + for (i = 0; i < PAGE_CNT; i += 4) { + pg = page[i]; + if (*pg != i) + return 5; + bpf_arena_free_pages(&arena, (void __arena *)pg, 2); + page[i] = NULL; + page[i + 1] = NULL; + cond_break; + } + + /* Allocate 2 pages at a time into freed gaps */ + err = alloc_pages(PAGE_CNT / 4, 2, false, PAGE_CNT, 6); + if (err) + return err; + + /* Check pages without freeing */ + for (i = 0; i < PAGE_CNT; i += 2) { + pg = page[i]; + if (*pg != i) + return 7; + cond_break; + } + + pg = bpf_arena_alloc_pages(&arena, NULL, 1, NUMA_NO_NODE, 0); + + if (!pg) + return 8; + /* + * The first PAGE_CNT pages are occupied. The new page + * must be above. + */ + if ((pg - base) / PAGE_SIZE < PAGE_CNT) + return 9; + return 0; +} +#endif char _license[] SEC("license") = "GPL"; -- 2.46.0

2 months, 1 week

1
1
0 0

[PATCH] mm/ksm: Fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show()

by Nathan Chancellor

After a recent change in clang to expose uninitialized warnings from const variables [1], there is a warning from the if statement in advisor_mode_show(). mm/ksm.c:3687:11: error: variable 'output' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] 3687 | else if (ksm_advisor == KSM_ADVISOR_SCAN_TIME) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mm/ksm.c:3690:33: note: uninitialized use occurs here 3690 | return sysfs_emit(buf, "%s\n", output); | ^~~~~~ Rewrite the if statement to implicitly make KSM_ADVISOR_NONE the else branch so that it is obvious to the compiler that ksm_advisor can only be KSM_ADVISOR_NONE or KSM_ADVISOR_SCAN_TIME due to the assignments in advisor_mode_store(). Cc: stable(a)vger.kernel.org Fixes: 66790e9a735b ("mm/ksm: add sysfs knobs for advisor") Closes: https://github.com/ClangBuiltLinux/linux/issues/2100 Link: https://github.com/llvm/llvm-project/commit/2464313eef01c5b1edf0eccf57a32cd… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- mm/ksm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mm/ksm.c b/mm/ksm.c index 2b0210d41c55..160787bb121c 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -3682,10 +3682,10 @@ static ssize_t advisor_mode_show(struct kobject *kobj, { const char *output; - if (ksm_advisor == KSM_ADVISOR_NONE) - output = "[none] scan-time"; - else if (ksm_advisor == KSM_ADVISOR_SCAN_TIME) + if (ksm_advisor == KSM_ADVISOR_SCAN_TIME) output = "none [scan-time]"; + else + output = "[none] scan-time"; return sysfs_emit(buf, "%s\n", output); } --- base-commit: fed48693bdfeca666f7536ba88a05e9a4e5523b6 change-id: 20250715-ksm-fix-clang-21-uninit-warning-bea5a6b886ce Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 months, 1 week

3
2
0 0

+ mm-ksm-fix-wsometimes-uninitialized-from-clang-21-in-advisor_mode_show.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-ksm-fix-wsometimes-uninitialized-from-clang-21-in-advisor_mode_show.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Nathan Chancellor <nathan(a)kernel.org> Subject: mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() Date: Tue, 15 Jul 2025 12:56:16 -0700 After a recent change in clang to expose uninitialized warnings from const variables [1], there is a false positive warning from the if statement in advisor_mode_show(). mm/ksm.c:3687:11: error: variable 'output' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized] 3687 | else if (ksm_advisor == KSM_ADVISOR_SCAN_TIME) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mm/ksm.c:3690:33: note: uninitialized use occurs here 3690 | return sysfs_emit(buf, "%s\n", output); | ^~~~~~ Rewrite the if statement to implicitly make KSM_ADVISOR_NONE the else branch so that it is obvious to the compiler that ksm_advisor can only be KSM_ADVISOR_NONE or KSM_ADVISOR_SCAN_TIME due to the assignments in advisor_mode_store(). Link: https://lkml.kernel.org/r/20250715-ksm-fix-clang-21-uninit-warning-v1-1-f44… Fixes: 66790e9a735b ("mm/ksm: add sysfs knobs for advisor") Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Closes: https://github.com/ClangBuiltLinux/linux/issues/2100 Link: https://github.com/llvm/llvm-project/commit/2464313eef01c5b1edf0eccf57a32cd… [1] Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: David Hildenbrand <david(a)redhat.com> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: xu xin <xu.xin16(a)zte.com.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/ksm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/ksm.c~mm-ksm-fix-wsometimes-uninitialized-from-clang-21-in-advisor_mode_show +++ a/mm/ksm.c @@ -3669,10 +3669,10 @@ static ssize_t advisor_mode_show(struct { const char *output; - if (ksm_advisor == KSM_ADVISOR_NONE) - output = "[none] scan-time"; - else if (ksm_advisor == KSM_ADVISOR_SCAN_TIME) + if (ksm_advisor == KSM_ADVISOR_SCAN_TIME) output = "none [scan-time]"; + else + output = "[none] scan-time"; return sysfs_emit(buf, "%s\n", output); } _ Patches currently in -mm which might be from nathan(a)kernel.org are mm-ksm-fix-wsometimes-uninitialized-from-clang-21-in-advisor_mode_show.patch panic-add-panic_sys_info-sysctl-to-take-human-readable-string-parameter-fix.patch

2 months, 1 week

1
0
0 0

[PATCH V6] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") reuses TPM2 support code for the CC platforms, when launching a TDX virtual machine with coco measurement enabled, the following error log is generated: [Firmware Bug]: Failed to parse event in TPM Final Events Log Call Trace: efi_config_parse_tables() efi_tpm_eventlog_init() tpm2_calc_event_log_size() __calc_tpm2_event_size() The pcr_idx value in the Intel TDX log header is 1, causing the function __calc_tpm2_event_size() to fail to recognize the log header, ultimately leading to the "Failed to parse event in TPM Final Events Log" error. Intel misread the spec and wrongly sets pcrIndex to 1 in the header and since they did this, we fear others might, so we're relaxing the header check. There's no danger of this causing problems because we check for the TCG_SPECID_SIG signature as the next thing. Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: stable(a)vger.kernel.org --- V6: - improve commit message suggested by James V5: - remove the pcr_index check without adding any replacement checks suggested by James and Sathyanarayanan V4: - remove cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT) suggested by Ard V3: - fix build error V2: - limit the fix for CC only suggested by Jarkko and Sathyanarayanan include/linux/tpm_eventlog.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 891368e..05c0ae5 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -202,8 +202,7 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev event_type = event->event_type; /* Verify that it's the log header */ - if (event_header->pcr_idx != 0 || - event_header->event_type != NO_ACTION || + if (event_header->event_type != NO_ACTION || memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { size = 0; goto out; -- 2.7.4

2 months, 1 week

4
3
0 0

[PATCH 6.12] KVM: SVM: Set synthesized TSA CPUID flags

by Borislav Petkov

From: "Borislav Petkov (AMD)" <bp(a)alien8.de> VERW_CLEAR is supposed to be set only by the hypervisor to denote TSA mitigation support to a guest. SQ_NO and L1_NO are both synthesizable, and are going to be set by hw CPUID on future machines. So keep the kvm_cpu_cap_init_kvm_defined() invocation *and* set them when synthesized. This fix is stable-only. Co-developed-by: Jinpu Wang <jinpu.wang(a)ionos.com> Signed-off-by: Jinpu Wang <jinpu.wang(a)ionos.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> --- arch/x86/kvm/cpuid.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 02196db26a08..8f587c5bb6bc 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -822,6 +822,7 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_check_and_set(X86_FEATURE_SBPB); kvm_cpu_cap_check_and_set(X86_FEATURE_IBPB_BRTYPE); kvm_cpu_cap_check_and_set(X86_FEATURE_SRSO_NO); + kvm_cpu_cap_check_and_set(X86_FEATURE_VERW_CLEAR); kvm_cpu_cap_init_kvm_defined(CPUID_8000_0022_EAX, F(PERFMON_V2) @@ -831,6 +832,9 @@ void kvm_set_cpu_caps(void) F(TSA_SQ_NO) | F(TSA_L1_NO) ); + kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_SQ_NO); + kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_L1_NO); + /* * Synthesize "LFENCE is serializing" into the AMD-defined entry in * KVM's supported CPUID if the feature is reported as supported by the -- 2.43.0

2 months, 1 week

1
0
0 0

[PATCH] net: dpaa2: Fix device reference count leak in MAC endpoint handling

by Ma Ke

The fsl_mc_get_endpoint() function uses device_find_child() for localization, which implicitly calls get_device() to increment the device's reference count before returning the pointer. However, the caller dpaa2_switch_port_connect_mac() and dpaa2_eth_connect_mac() fails to properly release this reference in multiple scenarios. We should call put_device() to decrement reference count properly. As comment of device_find_child() says, 'NOTE: you will need to drop the reference with put_device() after use'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 719479230893 ("dpaa2-eth: add MAC/PHY support through phylink") Fixes: 84cba72956fd ("dpaa2-switch: integrate the MAC endpoint support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 15 ++++++++++++--- .../net/ethernet/freescale/dpaa2/dpaa2-switch.c | 15 ++++++++++++--- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c index b82f121cadad..f1543039a5b6 100644 --- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c +++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c @@ -4666,12 +4666,19 @@ static int dpaa2_eth_connect_mac(struct dpaa2_eth_priv *priv) return PTR_ERR(dpmac_dev); } - if (IS_ERR(dpmac_dev) || dpmac_dev->dev.type != &fsl_mc_bus_dpmac_type) + if (IS_ERR(dpmac_dev)) return 0; + if (dpmac_dev->dev.type != &fsl_mc_bus_dpmac_type) { + put_device(&dpmac_dev->dev); + return 0; + } + mac = kzalloc(sizeof(struct dpaa2_mac), GFP_KERNEL); - if (!mac) + if (!mac) { + put_device(&dpmac_dev->dev); return -ENOMEM; + } mac->mc_dev = dpmac_dev; mac->mc_io = priv->mc_io; @@ -4679,7 +4686,7 @@ static int dpaa2_eth_connect_mac(struct dpaa2_eth_priv *priv) err = dpaa2_mac_open(mac); if (err) - goto err_free_mac; + goto err_put_device; if (dpaa2_mac_is_type_phy(mac)) { err = dpaa2_mac_connect(mac); @@ -4703,6 +4710,8 @@ static int dpaa2_eth_connect_mac(struct dpaa2_eth_priv *priv) err_close_mac: dpaa2_mac_close(mac); +err_put_device: + put_device(&dpmac_dev->dev); err_free_mac: kfree(mac); return err; diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c index 147a93bf9fa9..6bf1c164129a 100644 --- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c +++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c @@ -1448,12 +1448,20 @@ static int dpaa2_switch_port_connect_mac(struct ethsw_port_priv *port_priv) if (PTR_ERR(dpmac_dev) == -EPROBE_DEFER) return PTR_ERR(dpmac_dev); - if (IS_ERR(dpmac_dev) || dpmac_dev->dev.type != &fsl_mc_bus_dpmac_type) + if (IS_ERR(dpmac_dev)) return 0; + + if (dpmac_dev->dev.type != &fsl_mc_bus_dpmac_type) { + put_device(&dpmac_dev->dev); + return 0; + } mac = kzalloc(sizeof(*mac), GFP_KERNEL); - if (!mac) + if (!mac) { + put_device(&dpmac_dev->dev); return -ENOMEM; + } mac->mc_dev = dpmac_dev; mac->mc_io = port_priv->ethsw_data->mc_io; @@ -1461,7 +1469,7 @@ static int dpaa2_switch_port_connect_mac(struct ethsw_port_priv *port_priv) err = dpaa2_mac_open(mac); if (err) - goto err_free_mac; + goto err_put_device; if (dpaa2_mac_is_type_phy(mac)) { err = dpaa2_mac_connect(mac); @@ -1481,6 +1489,8 @@ static int dpaa2_switch_port_connect_mac(struct ethsw_port_priv *port_priv) err_close_mac: dpaa2_mac_close(mac); +err_put_device: + put_device(&dpmac_dev->dev); err_free_mac: kfree(mac); return err; -- 2.25.1

2 months, 1 week

2
1
0 0

[PATCH v3 7/7] Revert "drm/gem-dma: Use dma_buf from GEM object instance"

by Thomas Zimmermann

This reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685. The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref. Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated. Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reviewed-by: Simona Vetter <simona.vetter(a)ffwll.ch> Acked-by: Christian König <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> # v6.15+ --- drivers/gpu/drm/drm_gem_dma_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_gem_dma_helper.c b/drivers/gpu/drm/drm_gem_dma_helper.c index b7f033d4352a..4f0320df858f 100644 --- a/drivers/gpu/drm/drm_gem_dma_helper.c +++ b/drivers/gpu/drm/drm_gem_dma_helper.c @@ -230,7 +230,7 @@ void drm_gem_dma_free(struct drm_gem_dma_object *dma_obj) if (drm_gem_is_imported(gem_obj)) { if (dma_obj->vaddr) - dma_buf_vunmap_unlocked(gem_obj->dma_buf, &map); + dma_buf_vunmap_unlocked(gem_obj->import_attach->dmabuf, &map); drm_prime_gem_destroy(gem_obj, dma_obj->sgt); } else if (dma_obj->vaddr) { if (dma_obj->map_noncoherent) -- 2.50.0

2 months, 1 week

1
0
0 0

[PATCH v3 6/7] Revert "drm/gem-shmem: Use dma_buf from GEM object instance"

by Thomas Zimmermann

This reverts commit 1a148af06000e545e714fe3210af3d77ff903c11. The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref. Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated. Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reviewed-by: Simona Vetter <simona.vetter(a)ffwll.ch> Acked-by: Christian König <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> # v6.15+ --- drivers/gpu/drm/drm_gem_shmem_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem_shmem_helper.c b/drivers/gpu/drm/drm_gem_shmem_helper.c index 8ac0b1fa5287..5d1349c34afd 100644 --- a/drivers/gpu/drm/drm_gem_shmem_helper.c +++ b/drivers/gpu/drm/drm_gem_shmem_helper.c @@ -351,7 +351,7 @@ int drm_gem_shmem_vmap_locked(struct drm_gem_shmem_object *shmem, dma_resv_assert_held(obj->resv); if (drm_gem_is_imported(obj)) { - ret = dma_buf_vmap(obj->dma_buf, map); + ret = dma_buf_vmap(obj->import_attach->dmabuf, map); } else { pgprot_t prot = PAGE_KERNEL; @@ -413,7 +413,7 @@ void drm_gem_shmem_vunmap_locked(struct drm_gem_shmem_object *shmem, dma_resv_assert_held(obj->resv); if (drm_gem_is_imported(obj)) { - dma_buf_vunmap(obj->dma_buf, map); + dma_buf_vunmap(obj->import_attach->dmabuf, map); } else { dma_resv_assert_held(shmem->base.resv); -- 2.50.0

2 months, 1 week

1
0
0 0

[PATCH v3 5/7] Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance"

by Thomas Zimmermann

This reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065. The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref. Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated. Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reviewed-by: Simona Vetter <simona.vetter(a)ffwll.ch> Acked-by: Christian König <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> # v6.15+ --- drivers/gpu/drm/drm_gem_framebuffer_helper.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_gem_framebuffer_helper.c b/drivers/gpu/drm/drm_gem_framebuffer_helper.c index 618ce725cd75..fefb2a0f6b40 100644 --- a/drivers/gpu/drm/drm_gem_framebuffer_helper.c +++ b/drivers/gpu/drm/drm_gem_framebuffer_helper.c @@ -420,6 +420,7 @@ EXPORT_SYMBOL(drm_gem_fb_vunmap); static void __drm_gem_fb_end_cpu_access(struct drm_framebuffer *fb, enum dma_data_direction dir, unsigned int num_planes) { + struct dma_buf_attachment *import_attach; struct drm_gem_object *obj; int ret; @@ -428,9 +429,10 @@ static void __drm_gem_fb_end_cpu_access(struct drm_framebuffer *fb, enum dma_dat obj = drm_gem_fb_get_obj(fb, num_planes); if (!obj) continue; + import_attach = obj->import_attach; if (!drm_gem_is_imported(obj)) continue; - ret = dma_buf_end_cpu_access(obj->dma_buf, dir); + ret = dma_buf_end_cpu_access(import_attach->dmabuf, dir); if (ret) drm_err(fb->dev, "dma_buf_end_cpu_access(%u, %d) failed: %d\n", ret, num_planes, dir); @@ -453,6 +455,7 @@ static void __drm_gem_fb_end_cpu_access(struct drm_framebuffer *fb, enum dma_dat */ int drm_gem_fb_begin_cpu_access(struct drm_framebuffer *fb, enum dma_data_direction dir) { + struct dma_buf_attachment *import_attach; struct drm_gem_object *obj; unsigned int i; int ret; @@ -463,9 +466,10 @@ int drm_gem_fb_begin_cpu_access(struct drm_framebuffer *fb, enum dma_data_direct ret = -EINVAL; goto err___drm_gem_fb_end_cpu_access; } + import_attach = obj->import_attach; if (!drm_gem_is_imported(obj)) continue; - ret = dma_buf_begin_cpu_access(obj->dma_buf, dir); + ret = dma_buf_begin_cpu_access(import_attach->dmabuf, dir); if (ret) goto err___drm_gem_fb_end_cpu_access; } -- 2.50.0

2 months, 1 week

1
0
0 0

[PATCH v3 4/7] Revert "drm/prime: Use dma_buf from GEM object instance"

by Thomas Zimmermann

This reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8. The dma_buf field in struct drm_gem_object is not stable over the object instance's lifetime. The field becomes NULL when user space releases the final GEM handle on the buffer object. This resulted in a NULL-pointer deref. Workarounds in commit 5307dce878d4 ("drm/gem: Acquire references on GEM handles for framebuffers") and commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on GEM handles") only solved the problem partially. They especially don't work for buffer objects without a DRM framebuffer associated. Hence, this revert to going back to using .import_attach->dmabuf. v3: - cc stable Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reviewed-by: Simona Vetter <simona.vetter(a)ffwll.ch> Acked-by: Christian König <christian.koenig(a)amd.com> Cc: <stable(a)vger.kernel.org> # v6.15+ --- drivers/gpu/drm/drm_prime.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_prime.c b/drivers/gpu/drm/drm_prime.c index b703f83874e1..a23fc712a8b7 100644 --- a/drivers/gpu/drm/drm_prime.c +++ b/drivers/gpu/drm/drm_prime.c @@ -453,7 +453,13 @@ struct dma_buf *drm_gem_prime_handle_to_dmabuf(struct drm_device *dev, } mutex_lock(&dev->object_name_lock); - /* re-export the original imported/exported object */ + /* re-export the original imported object */ + if (obj->import_attach) { + dmabuf = obj->import_attach->dmabuf; + get_dma_buf(dmabuf); + goto out_have_obj; + } + if (obj->dma_buf) { get_dma_buf(obj->dma_buf); dmabuf = obj->dma_buf; -- 2.50.0

2 months, 1 week

1
0
0 0

[PATCH v2 1/1] x86/fred: Remove ENDBR64 from FRED entry points

by Xin Li (Intel)

The FRED specification v9.0 states that there is no need for FRED event handlers to begin with ENDBR64, because in the presence of supervisor indirect branch tracking, FRED event delivery does not enter the WAIT_FOR_ENDBRANCH state. As a result, remove ENDBR64 from FRED entry points. Then add ANNOTATE_NOENDBR to indicate that FRED entry points will never be used for indirect calls to suppress an objtool warning. This change implies that any indirect CALL/JMP to FRED entry points causes #CP in the presence of supervisor indirect branch tracking. Credit goes to Jennifer Miller <jmill(a)asu.edu> and other contributors from Arizona State University whose work led to this change. Fixes: 14619d912b65 ("x86/fred: FRED entry/exit and dispatch code") Link: https://lore.kernel.org/linux-hardening/Z60NwR4w%2F28Z7XUa@ubun/ Reviewed-by: H. Peter Anvin (Intel) <hpa(a)zytor.com> Signed-off-by: Xin Li (Intel) <xin(a)zytor.com> Cc: Jennifer Miller <jmill(a)asu.edu> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Andrew Cooper <andrew.cooper3(a)citrix.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: stable(a)vger.kernel.org # v6.9+ --- Change in v2: *) CC stable and add a fixes tag (PeterZ). --- arch/x86/entry/entry_64_fred.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/entry/entry_64_fred.S b/arch/x86/entry/entry_64_fred.S index 29c5c32c16c3..907bd233c6c1 100644 --- a/arch/x86/entry/entry_64_fred.S +++ b/arch/x86/entry/entry_64_fred.S @@ -16,7 +16,7 @@ .macro FRED_ENTER UNWIND_HINT_END_OF_STACK - ENDBR + ANNOTATE_NOENDBR PUSH_AND_CLEAR_REGS movq %rsp, %rdi /* %rdi -> pt_regs */ .endm -- 2.50.1

2 months, 1 week

1
0
0 0

[PATCH net] hv_netvsc: Switch VF namespace in netvsc_open instead

by Haiyang Zhang

From: Haiyang Zhang <haiyangz(a)microsoft.com> The existing code move the VF NIC to new namespace when NETDEV_REGISTER is received on netvsc NIC. During deletion of the namespace, default_device_exit_batch() >> default_device_exit_net() is called. When netvsc NIC is moved back and registered to the default namespace, it automatically brings VF NIC back to the default namespace. This will cause the default_device_exit_net() >> for_each_netdev_safe loop unable to detect the list end, and hit NULL ptr: [ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0 [ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 231.450246] #PF: supervisor read access in kernel mode [ 231.450579] #PF: error_code(0x0000) - not-present page [ 231.450916] PGD 17b8a8067 P4D 0 [ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI [ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY [ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 231.452692] Workqueue: netns cleanup_net [ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0 [ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00 [ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246 [ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb [ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564 [ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000 [ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340 [ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340 [ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000 [ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0 [ 231.458434] Call Trace: [ 231.458600] <TASK> [ 231.458777] ops_undo_list+0x100/0x220 [ 231.459015] cleanup_net+0x1b8/0x300 [ 231.459285] process_one_work+0x184/0x340 To fix it, move the VF namespace switching code from the NETDEV_REGISTER event handler to netvsc_open(). Cc: stable(a)vger.kernel.org Fixes: 4c262801ea60 ("hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event") Reported-by: Cathy Avery <cavery(a)redhat.com> Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/hyperv/netvsc_drv.c | 43 ++++++++++----------------------- 1 file changed, 13 insertions(+), 30 deletions(-) diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 42d98e99566e..074ecc346108 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -135,6 +135,19 @@ static int netvsc_open(struct net_device *net) } if (vf_netdev) { + if (!net_eq(dev_net(net), dev_net(vf_netdev))) { + ret = dev_change_net_namespace(vf_netdev, dev_net(net), + "eth%d"); + if (ret) + netdev_err(vf_netdev, + "Cannot move to same ns as %s: %d\n", + net->name, ret); + else + netdev_info(vf_netdev, + "Moved VF to namespace with: %s\n", + net->name); + } + /* Setting synthetic device up transparently sets * slave as up. If open fails, then slave will be * still be offline (and not used). @@ -2772,31 +2785,6 @@ static struct hv_driver netvsc_drv = { }, }; -/* Set VF's namespace same as the synthetic NIC */ -static void netvsc_event_set_vf_ns(struct net_device *ndev) -{ - struct net_device_context *ndev_ctx = netdev_priv(ndev); - struct net_device *vf_netdev; - int ret; - - vf_netdev = rtnl_dereference(ndev_ctx->vf_netdev); - if (!vf_netdev) - return; - - if (!net_eq(dev_net(ndev), dev_net(vf_netdev))) { - ret = dev_change_net_namespace(vf_netdev, dev_net(ndev), - "eth%d"); - if (ret) - netdev_err(vf_netdev, - "Cannot move to same namespace as %s: %d\n", - ndev->name, ret); - else - netdev_info(vf_netdev, - "Moved VF to namespace with: %s\n", - ndev->name); - } -} - /* * On Hyper-V, every VF interface is matched with a corresponding * synthetic interface. The synthetic interface is presented first @@ -2809,11 +2797,6 @@ static int netvsc_netdev_event(struct notifier_block *this, struct net_device *event_dev = netdev_notifier_info_to_dev(ptr); int ret = 0; - if (event_dev->netdev_ops == &device_ops && event == NETDEV_REGISTER) { - netvsc_event_set_vf_ns(event_dev); - return NOTIFY_DONE; - } - ret = check_dev_is_matching_vf(event_dev); if (ret != 0) return NOTIFY_DONE; -- 2.34.1

2 months, 1 week

3
2
0 0

[PATCH net,v2] hv_netvsc: Switch VF namespace in netvsc_open instead

by Haiyang Zhang

From: Haiyang Zhang <haiyangz(a)microsoft.com> The existing code move the VF NIC to new namespace when NETDEV_REGISTER is received on netvsc NIC. During deletion of the namespace, default_device_exit_batch() >> default_device_exit_net() is called. When netvsc NIC is moved back and registered to the default namespace, it automatically brings VF NIC back to the default namespace. This will cause the default_device_exit_net() >> for_each_netdev_safe loop unable to detect the list end, and hit NULL ptr: [ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0 [ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010 [ 231.450246] #PF: supervisor read access in kernel mode [ 231.450579] #PF: error_code(0x0000) - not-present page [ 231.450916] PGD 17b8a8067 P4D 0 [ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI [ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY [ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 231.452692] Workqueue: netns cleanup_net [ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0 [ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00 [ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246 [ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb [ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564 [ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000 [ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340 [ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340 [ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000 [ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0 [ 231.458434] Call Trace: [ 231.458600] <TASK> [ 231.458777] ops_undo_list+0x100/0x220 [ 231.459015] cleanup_net+0x1b8/0x300 [ 231.459285] process_one_work+0x184/0x340 To fix it, move the VF namespace switching code from the NETDEV_REGISTER event handler to netvsc_open(). Cc: stable(a)vger.kernel.org Cc: cavery(a)redhat.com Fixes: 4c262801ea60 ("hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- v2: verified it's applicable to net, fixed cc list. --- drivers/net/hyperv/netvsc_drv.c | 43 ++++++++++----------------------- 1 file changed, 13 insertions(+), 30 deletions(-) diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 42d98e99566e..074ecc346108 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -135,6 +135,19 @@ static int netvsc_open(struct net_device *net) } if (vf_netdev) { + if (!net_eq(dev_net(net), dev_net(vf_netdev))) { + ret = dev_change_net_namespace(vf_netdev, dev_net(net), + "eth%d"); + if (ret) + netdev_err(vf_netdev, + "Cannot move to same ns as %s: %d\n", + net->name, ret); + else + netdev_info(vf_netdev, + "Moved VF to namespace with: %s\n", + net->name); + } + /* Setting synthetic device up transparently sets * slave as up. If open fails, then slave will be * still be offline (and not used). @@ -2772,31 +2785,6 @@ static struct hv_driver netvsc_drv = { }, }; -/* Set VF's namespace same as the synthetic NIC */ -static void netvsc_event_set_vf_ns(struct net_device *ndev) -{ - struct net_device_context *ndev_ctx = netdev_priv(ndev); - struct net_device *vf_netdev; - int ret; - - vf_netdev = rtnl_dereference(ndev_ctx->vf_netdev); - if (!vf_netdev) - return; - - if (!net_eq(dev_net(ndev), dev_net(vf_netdev))) { - ret = dev_change_net_namespace(vf_netdev, dev_net(ndev), - "eth%d"); - if (ret) - netdev_err(vf_netdev, - "Cannot move to same namespace as %s: %d\n", - ndev->name, ret); - else - netdev_info(vf_netdev, - "Moved VF to namespace with: %s\n", - ndev->name); - } -} - /* * On Hyper-V, every VF interface is matched with a corresponding * synthetic interface. The synthetic interface is presented first @@ -2809,11 +2797,6 @@ static int netvsc_netdev_event(struct notifier_block *this, struct net_device *event_dev = netdev_notifier_info_to_dev(ptr); int ret = 0; - if (event_dev->netdev_ops == &device_ops && event == NETDEV_REGISTER) { - netvsc_event_set_vf_ns(event_dev); - return NOTIFY_DONE; - } - ret = check_dev_is_matching_vf(event_dev); if (ret != 0) return NOTIFY_DONE; -- 2.34.1

2 months, 1 week

3
2
0 0

[PATCH 5.10 000/208] 5.10.240-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.240 release. There are 208 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 15:03:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.240-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.240-rc2 Borislav Petkov <bp(a)kernel.org> x86/process: Move the buffer clearing before MONITOR Borislav Petkov <bp(a)kernel.org> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov <bp(a)kernel.org> KVM: x86: add support for CPUID leaf 0x80000021 Borislav Petkov <bp(a)kernel.org> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov <bp(a)kernel.org> x86/bugs: Rename MDS machinery to something more generic Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: protect vq->log_used with vq->mutex Hans de Goede <hdegoede(a)redhat.com> Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Oleksij Rempel <linux(a)rempel-privat.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Vicki Pfau <vi(a)endrift.com> Input: xpad - add VID for Turtle Beach controllers Matt Reynolds <mattreynolds(a)chromium.org> Input: xpad - add support for Amazon Game Controller Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: lib_test: add MODULE_LICENSE Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Peter Zijlstra <peterz(a)infradead.org> x86/its: FineIBT-paranoid vs ITS Eric Biggers <ebiggers(a)google.com> x86/its: Fix build errors when CONFIG_MODULES=n Peter Zijlstra <peterz(a)infradead.org> x86/its: Use dynamic thunks for indirect branches Thomas Gleixner <tglx(a)linutronix.de> x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add "vmexit" option to skip mitigation on some CPUs Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Enable Indirect Target Selection mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Fix undefined reference to cpu_wants_rethunk_at() Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for ITS-safe return thunk Josh Poimboeuf <jpoimboe(a)kernel.org> x86/alternatives: Remove faulty optimization Borislav Petkov (AMD) <bp(a)alien8.de> x86/alternative: Optimize returns patching Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for ITS-safe indirect thunk Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Introduce int3_emulate_jcc() Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Enumerate Indirect Target Selection (ITS) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation: x86/bugs/its: Add ITS documentation David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use __for_each_thread() Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <linux(a)rempel-privat.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Andra Paraschiv <andraprs(a)amazon.com> af_vsock: Assign the vsock transport considering the vsock address flags Andra Paraschiv <andraprs(a)amazon.com> af_vsock: Set VMADDR_FLAG_TO_HOST flag on the receive path Andra Paraschiv <andraprs(a)amazon.com> vm_sockets: Add VMADDR_FLAG_TO_HOST vsock flag Andra Paraschiv <andraprs(a)amazon.com> vm_sockets: Add flags field in the vsock address data structure Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Send control events for partial succeeds Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Return the number of processed controls Seiji Nishikawa <snishika(a)redhat.com> ACPI: PAD: fix crash in exit_round_robin() Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Ioana Ciornei <ioana.ciornei(a)nxp.com> net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update SINGLE_STEP register access Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update dpni_get_single_step_cfg command Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: rename dpaa2_eth_xdp_release_buf into dpaa2_eth_recycle_buf Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Yue Hu <huyue2(a)yulong.com> mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Gustavo A. R. Silva <gustavoars(a)kernel.org> net: rose: Fix fall-through warnings for Clang Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Dexuan Cui <decui(a)microsoft.com> PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: reject invalid perturb period Niklas Cassel <cassel(a)kernel.org> PCI: cadence-ep: Correct PBA offset in .set_msix() callback Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Vitaly Kuznetsov <vkuznets(a)redhat.com> Drivers: hv: Rename 'alloced' to 'allocated' Haiyang Zhang <haiyangz(a)microsoft.com> Drivers: hv: vmbus: Fix duplicate CPU assignments within a device Alexandru Ardelean <alexandru.ardelean(a)analog.com> uio: uio_hv_generic: use devm_kzalloc() for private data alloc Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction Weihang Li <liweihang(a)huawei.com> RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Brett Werling <brett.werling(a)garmin.com> can: tcan4x5x: fix power regulator retrieval during probe Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Junlin Yang <yangjunlin(a)yulong.com> usb: typec: tcpci_maxim: add terminating newlines to logging Junlin Yang <yangjunlin(a)yulong.com> usb: typec: tcpci_maxim: remove redundant assignment Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpci_maxim: Fix uninitialized return variable Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify George Kennedy <george.kennedy(a)oracle.com> VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Dave Penkler <dpenkler(a)gmail.com> USB: usbtmc: Add USBTMC_IOCTL_GET_STB Dave Penkler <dpenkler(a)gmail.com> USB: usbtmc: Fix reading stale status byte Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 2 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 156 +++++++++++ .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 28 ++ Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/drivers/vector_kern.c | 42 +-- arch/um/include/asm/asm-prototypes.h | 5 + arch/x86/Kconfig | 22 +- arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/alternative.h | 26 ++ arch/x86/include/asm/cpu.h | 13 + arch/x86/include/asm/cpufeature.h | 5 +- arch/x86/include/asm/cpufeatures.h | 14 +- arch/x86/include/asm/disabled-features.h | 2 +- arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/msr-index.h | 13 +- arch/x86/include/asm/mwait.h | 19 +- arch/x86/include/asm/nospec-branch.h | 50 ++-- arch/x86/include/asm/required-features.h | 2 +- arch/x86/include/asm/text-patching.h | 31 +++ arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 272 +++++++++++++++++- arch/x86/kernel/cpu/common.c | 77 +++++- arch/x86/kernel/cpu/mce/amd.c | 15 +- arch/x86/kernel/cpu/mce/core.c | 8 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/kprobes/core.c | 39 +-- arch/x86/kernel/module.c | 14 +- arch/x86/kernel/process.c | 15 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 8 + arch/x86/kvm/cpuid.c | 31 ++- arch/x86/kvm/cpuid.h | 1 + arch/x86/kvm/svm/vmenter.S | 3 + arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 +++ arch/x86/net/bpf_jit_comp.c | 8 +- arch/x86/um/asm/checksum.h | 3 + drivers/acpi/acpi_pad.c | 7 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/acpi/battery.c | 19 +- drivers/ata/pata_cs5536.c | 2 +- drivers/atm/idt77252.c | 5 + drivers/base/cpu.c | 15 + drivers/dma-buf/dma-resv.c | 2 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- drivers/gpu/drm/bridge/cdns-dsi.c | 27 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/v3d/v3d_drv.h | 7 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 38 ++- drivers/hid/hid-ids.h | 5 + drivers/hid/hid-quirks.c | 3 + drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 121 +++++--- drivers/hv/hyperv_vmbus.h | 19 +- drivers/hv/vmbus_drv.c | 2 +- drivers/hwmon/pmbus/max34440.c | 48 +++- drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/core/iwcm.c | 38 +-- drivers/infiniband/core/iwcm.h | 2 +- drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 33 +++ drivers/input/joystick/xpad.c | 5 + drivers/input/keyboard/atkbd.c | 3 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/md/raid1.c | 1 + drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 61 ++-- drivers/mfd/max14577.c | 1 + drivers/misc/vmw_vmci/vmci_host.c | 9 +- drivers/mmc/host/mtk-sd.c | 39 ++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 ++ drivers/net/can/m_can/m_can.c | 2 +- drivers/net/can/m_can/tcan4x5x.c | 9 +- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 + drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++-- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 141 ++++++++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 20 +- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +- drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +- drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 + drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/sun/niu.c | 31 ++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 2 +- drivers/net/phy/smsc.c | 28 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pci/controller/cadence/pcie-cadence-ep.c | 5 +- drivers/pci/controller/pci-hyperv.c | 17 +- drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/pwm/pwm-mediatek.c | 15 +- drivers/regulator/gpio-regulator.c | 4 +- drivers/rtc/lib_test.c | 2 + drivers/rtc/rtc-cmos.c | 10 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 46 +-- drivers/target/target_core_pr.c | 4 +- drivers/tty/vt/vt.c | 1 + drivers/uio/uio_hv_generic.c | 18 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/class/usbtmc.c | 53 ++-- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 +- drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/gadget/function/u_serial.c | 6 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/usb/typec/tcpm/tcpci_maxim.c | 20 +- drivers/vhost/scsi.c | 7 +- fs/btrfs/inode.c | 36 +-- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 + fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 +-- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++--- fs/nfs/inode.c | 17 +- fs/nfs/nfs4proc.c | 12 +- fs/nfs/pnfs.c | 4 +- fs/overlayfs/util.c | 4 +- fs/proc/array.c | 6 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- include/drm/spsc_queue.h | 4 +- include/linux/cpu.h | 3 + include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/linux/module.h | 5 + include/linux/usb/typec_dp.h | 1 + include/uapi/linux/usb/tmc.h | 2 + include/uapi/linux/vm_sockets.h | 30 +- kernel/events/core.c | 2 +- kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 75 +++-- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/netlink/af_netlink.c | 90 +++--- net/rose/rose_route.c | 15 +- net/rxrpc/call_accept.c | 3 + net/sched/sch_api.c | 42 +-- net/sched/sch_sfq.c | 10 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 78 +++++- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 4 + sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/soc/fsl/fsl_asrc.c | 3 +- sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 203 files changed, 2702 insertions(+), 809 deletions(-)

2 months, 1 week

1
0
0 0

[PATCH] Revert "soundwire: qcom: Add set_channel_map api support"

by Amit Pundir

This reverts commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch broke Dragonboard 845c (sdm845). I see: Unexpected kernel BRK exception at EL1 Internal error: BRK handler: 00000000f20003e8 [#1] SMP pc : qcom_swrm_set_channel_map+0x7c/0x80 [soundwire_qcom] lr : snd_soc_dai_set_channel_map+0x34/0x78 Call trace: qcom_swrm_set_channel_map+0x7c/0x80 [soundwire_qcom] (P) sdm845_dai_init+0x18c/0x2e0 [snd_soc_sdm845] snd_soc_link_init+0x28/0x6c snd_soc_bind_card+0x5f4/0xb0c snd_soc_register_card+0x148/0x1a4 devm_snd_soc_register_card+0x50/0xb0 sdm845_snd_platform_probe+0x124/0x148 [snd_soc_sdm845] platform_probe+0x6c/0xd0 really_probe+0xc0/0x2a4 __driver_probe_device+0x7c/0x130 driver_probe_device+0x40/0x118 __device_attach_driver+0xc4/0x108 bus_for_each_drv+0x8c/0xf0 __device_attach+0xa4/0x198 device_initial_probe+0x18/0x28 bus_probe_device+0xb8/0xbc deferred_probe_work_func+0xac/0xfc process_one_work+0x244/0x658 worker_thread+0x1b4/0x360 kthread+0x148/0x228 ret_from_fork+0x10/0x20 Kernel panic - not syncing: BRK handler: Fatal exception Dan has also reported following issues with the original patch https://lore.kernel.org/all/33fe8fe7-719a-405a-9ed2-d9f816ce1d57@sabinyo.mo… Bug #1: The zeroeth element of ctrl->pconfig[] is supposed to be unused. We start counting at 1. However this code sets ctrl->pconfig[0].ch_mask = 128. Bug #2: There are SLIM_MAX_TX_PORTS (16) elements in tx_ch[] array but only QCOM_SDW_MAX_PORTS + 1 (15) in the ctrl->pconfig[] array so it corrupts memory like Yongqin Liu pointed out. Bug 3: Like Jie Gan pointed out, it erases all the tx information with the rx information. Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- drivers/soundwire/qcom.c | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/drivers/soundwire/qcom.c b/drivers/soundwire/qcom.c index 295a46dc2be7..0f45e3404756 100644 --- a/drivers/soundwire/qcom.c +++ b/drivers/soundwire/qcom.c @@ -156,7 +156,6 @@ struct qcom_swrm_port_config { u8 word_length; u8 blk_group_count; u8 lane_control; - u8 ch_mask; }; /* @@ -1049,13 +1048,9 @@ static int qcom_swrm_port_enable(struct sdw_bus *bus, { u32 reg = SWRM_DP_PORT_CTRL_BANK(enable_ch->port_num, bank); struct qcom_swrm_ctrl *ctrl = to_qcom_sdw(bus); - struct qcom_swrm_port_config *pcfg; u32 val; - pcfg = &ctrl->pconfig[enable_ch->port_num]; ctrl->reg_read(ctrl, reg, &val); - if (pcfg->ch_mask != SWR_INVALID_PARAM && pcfg->ch_mask != 0) - enable_ch->ch_mask = pcfg->ch_mask; if (enable_ch->enable) val |= (enable_ch->ch_mask << SWRM_DP_PORT_CTRL_EN_CHAN_SHFT); @@ -1275,26 +1270,6 @@ static void *qcom_swrm_get_sdw_stream(struct snd_soc_dai *dai, int direction) return ctrl->sruntime[dai->id]; } -static int qcom_swrm_set_channel_map(struct snd_soc_dai *dai, - unsigned int tx_num, const unsigned int *tx_slot, - unsigned int rx_num, const unsigned int *rx_slot) -{ - struct qcom_swrm_ctrl *ctrl = dev_get_drvdata(dai->dev); - int i; - - if (tx_slot) { - for (i = 0; i < tx_num; i++) - ctrl->pconfig[i].ch_mask = tx_slot[i]; - } - - if (rx_slot) { - for (i = 0; i < rx_num; i++) - ctrl->pconfig[i].ch_mask = rx_slot[i]; - } - - return 0; -} - static int qcom_swrm_startup(struct snd_pcm_substream *substream, struct snd_soc_dai *dai) { @@ -1331,7 +1306,6 @@ static const struct snd_soc_dai_ops qcom_swrm_pdm_dai_ops = { .shutdown = qcom_swrm_shutdown, .set_stream = qcom_swrm_set_sdw_stream, .get_stream = qcom_swrm_get_sdw_stream, - .set_channel_map = qcom_swrm_set_channel_map, }; static const struct snd_soc_component_driver qcom_swrm_dai_component = { -- 2.43.0

2 months, 1 week

3
2
0 0

[PATCH 6.12.y] arm64: Filter out SME hwcaps when FEAT_SME isn't implemented

by Mark Brown

[ Upstream commit a75ad2fc76a2ab70817c7eed3163b66ea84ca6ac ] We have a number of hwcaps for various SME subfeatures enumerated via ID_AA64SMFR0_EL1. Currently we advertise these without cross checking against the main SME feature, advertised in ID_AA64PFR1_EL1.SME which means that if the two are out of sync userspace can see a confusing situation where SME subfeatures are advertised without the base SME hwcap. This can be readily triggered by using the arm64.nosme override which only masks out ID_AA64PFR1_EL1.SME, and there have also been reports of VMMs which do the same thing. Fix this as we did previously for SVE in 064737920bdb ("arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented") by filtering out the SME subfeature hwcaps when FEAT_SME is not present. Fixes: 5e64b862c482 ("arm64/sme: Basic enumeration support") Reported-by: Yury Khrustalev <yury.khrustalev(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250620-arm64-sme-filter-hwcaps-v1-1-02b9d3c2d8e… Signed-off-by: Will Deacon <will(a)kernel.org> --- arch/arm64/kernel/cpufeature.c | 45 ++++++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 05ccf4ec278f..9ca5ffd8d817 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2959,6 +2959,13 @@ static bool has_sve_feature(const struct arm64_cpu_capabilities *cap, int scope) } #endif +#ifdef CONFIG_ARM64_SME +static bool has_sme_feature(const struct arm64_cpu_capabilities *cap, int scope) +{ + return system_supports_sme() && has_user_cpuid_feature(cap, scope); +} +#endif + static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR0_EL1, AES, PMULL, CAP_HWCAP, KERNEL_HWCAP_PMULL), HWCAP_CAP(ID_AA64ISAR0_EL1, AES, AES, CAP_HWCAP, KERNEL_HWCAP_AES), @@ -3037,25 +3044,25 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ISAR2_EL1, BC, IMP, CAP_HWCAP, KERNEL_HWCAP_HBC), #ifdef CONFIG_ARM64_SME HWCAP_CAP(ID_AA64PFR1_EL1, SME, IMP, CAP_HWCAP, KERNEL_HWCAP_SME), - HWCAP_CAP(ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), - HWCAP_CAP(ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), - HWCAP_CAP(ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), - HWCAP_CAP(ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), - HWCAP_CAP(ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), - HWCAP_CAP(ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), - HWCAP_CAP(ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), - HWCAP_CAP(ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, FA64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_FA64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, LUTv2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_LUTV2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2p1, CAP_HWCAP, KERNEL_HWCAP_SME2P1), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SMEver, SME2, CAP_HWCAP, KERNEL_HWCAP_SME2), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F64F64, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F64F64), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I16I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I16I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16B16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16B16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F16, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F16), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F8F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F8F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, I8I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_I8I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, B16F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_B16F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, BI32I32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_BI32I32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, F32F32, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_F32F32), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8FMA), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP4, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP4), + HWCAP_CAP_MATCH_ID(has_sme_feature, ID_AA64SMFR0_EL1, SF8DP2, IMP, CAP_HWCAP, KERNEL_HWCAP_SME_SF8DP2), #endif /* CONFIG_ARM64_SME */ HWCAP_CAP(ID_AA64FPFR0_EL1, F8CVT, IMP, CAP_HWCAP, KERNEL_HWCAP_F8CVT), HWCAP_CAP(ID_AA64FPFR0_EL1, F8FMA, IMP, CAP_HWCAP, KERNEL_HWCAP_F8FMA), --- base-commit: fbad404f04d758c52bae79ca20d0e7fe5fef91d3 change-id: 20250714-stable-6-12-sme-feat-filt-8e58f0a8c08d Best regards, -- Mark Brown <broonie(a)kernel.org>

2 months, 1 week

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror