- Linux-stable-mirror - lists.linaro.org

[PATCH V4] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") reuses TPM2 support code for the CC platforms, when launching a TDX virtual machine with coco measurement enabled, the following error log is generated: [Firmware Bug]: Failed to parse event in TPM Final Events Log Call Trace: efi_config_parse_tables() efi_tpm_eventlog_init() tpm2_calc_event_log_size() __calc_tpm2_event_size() The pcr_idx value in the Intel TDX log header is 1, causing the function __calc_tpm2_event_size() to fail to recognize the log header, ultimately leading to the "Failed to parse event in TPM Final Events Log" error. According to UEFI Specification 2.10, Section 38.4.1: For TDX, TPM PCR 0 maps to MRTD, so the log header uses TPM PCR 1 instead. To successfully parse the TDX event log header, the check for a pcr_idx value of 0 must be skipped. According to Table 6 in Section 10.2.1 of the TCG PC Client Specification, the index field does not require the PCR index to be fixed at zero. Therefore, skipping the check for a pcr_idx value of 0 for CC platforms is safe. Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#intel-trust… Link: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05… Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: stable(a)vger.kernel.org --- V4: - remove cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT) suggested by Ard V3: - fix build error V2: - limit the fix for CC only suggested by Jarkko and Sathyanarayanan drivers/char/tpm/eventlog/tpm2.c | 6 +++++- drivers/firmware/efi/efi.c | 8 ++++++-- drivers/firmware/efi/libstub/tpm.c | 13 +++++++++---- drivers/firmware/efi/tpm.c | 36 ++++++++++++++++++++---------------- include/linux/efi.h | 4 +++- include/linux/tpm_eventlog.h | 14 +++++++++++--- 6 files changed, 54 insertions(+), 27 deletions(-) diff --git a/drivers/char/tpm/eventlog/tpm2.c b/drivers/char/tpm/eventlog/tpm2.c index 37a0580..e9484fd 100644 --- a/drivers/char/tpm/eventlog/tpm2.c +++ b/drivers/char/tpm/eventlog/tpm2.c @@ -36,7 +36,11 @@ static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header) { - return __calc_tpm2_event_size(event, event_header, false); + /* + * This function is only used by TPM2 and will not be used by CC. + * Therefore, the argument is_cc_event is set to 0. + */ + return __calc_tpm2_event_size(event, event_header, false, 0); } static void *tpm2_bios_measurements_start(struct seq_file *m, loff_t *pos) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index e57bff7..954b8f7 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -45,6 +45,7 @@ struct efi __read_mostly efi = { .esrt = EFI_INVALID_TABLE_ADDR, .tpm_log = EFI_INVALID_TABLE_ADDR, .tpm_final_log = EFI_INVALID_TABLE_ADDR, + .cc_final_log = EFI_INVALID_TABLE_ADDR, #ifdef CONFIG_LOAD_UEFI_KEYS .mokvar_table = EFI_INVALID_TABLE_ADDR, #endif @@ -613,7 +614,7 @@ static const efi_config_table_type_t common_tables[] __initconst = { {LINUX_EFI_RANDOM_SEED_TABLE_GUID, &efi_rng_seed, "RNG" }, {LINUX_EFI_TPM_EVENT_LOG_GUID, &efi.tpm_log, "TPMEventLog" }, {EFI_TCG2_FINAL_EVENTS_TABLE_GUID, &efi.tpm_final_log, "TPMFinalLog" }, - {EFI_CC_FINAL_EVENTS_TABLE_GUID, &efi.tpm_final_log, "CCFinalLog" }, + {EFI_CC_FINAL_EVENTS_TABLE_GUID, &efi.cc_final_log, "CCFinalLog" }, {LINUX_EFI_MEMRESERVE_TABLE_GUID, &mem_reserve, "MEMRESERVE" }, {LINUX_EFI_INITRD_MEDIA_GUID, &initrd, "INITRD" }, {EFI_RT_PROPERTIES_TABLE_GUID, &rt_prop, "RTPROP" }, @@ -752,7 +753,10 @@ int __init efi_config_parse_tables(const efi_config_table_t *config_tables, if (!IS_ENABLED(CONFIG_X86_32) && efi_enabled(EFI_MEMMAP)) efi_memattr_init(); - efi_tpm_eventlog_init(); + if (efi.tpm_final_log != EFI_INVALID_TABLE_ADDR) + efi_tcg2_eventlog_init(&efi.tpm_log, &efi.tpm_final_log, 0); + else if (efi.cc_final_log != EFI_INVALID_TABLE_ADDR) + efi_tcg2_eventlog_init(&efi.tpm_log, &efi.cc_final_log, 1); if (mem_reserve != EFI_INVALID_TABLE_ADDR) { unsigned long prsv = mem_reserve; diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index a5c6c4f..9728060 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -50,7 +50,8 @@ void efi_enable_reset_attack_mitigation(void) static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_location, efi_physical_addr_t log_last_entry, efi_bool_t truncated, - struct efi_tcg2_final_events_table *final_events_table) + struct efi_tcg2_final_events_table *final_events_table, + bool is_cc_event) { efi_guid_t linux_eventlog_guid = LINUX_EFI_TPM_EVENT_LOG_GUID; efi_status_t status; @@ -87,7 +88,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca last_entry_size = __calc_tpm2_event_size((void *)last_entry_addr, (void *)(long)log_location, - false); + false, + is_cc_event); } else { last_entry_size = sizeof(struct tcpa_event) + ((struct tcpa_event *) last_entry_addr)->event_size; @@ -123,7 +125,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca header = data + offset + final_events_size; event_size = __calc_tpm2_event_size(header, (void *)(long)log_location, - false); + false, + is_cc_event); /* If calc fails this is a malformed log */ if (!event_size) break; @@ -157,6 +160,7 @@ void efi_retrieve_eventlog(void) efi_tcg2_protocol_t *tpm2 = NULL; efi_bool_t truncated; efi_status_t status; + bool is_cc_event = false; status = efi_bs_call(locate_protocol, &tpm2_guid, NULL, (void **)&tpm2); if (status == EFI_SUCCESS) { @@ -186,11 +190,12 @@ void efi_retrieve_eventlog(void) final_events_table = get_efi_config_table(EFI_CC_FINAL_EVENTS_TABLE_GUID); + is_cc_event = true; } if (status != EFI_SUCCESS || !log_location) return; efi_retrieve_tcg2_eventlog(version, log_location, log_last_entry, - truncated, final_events_table); + truncated, final_events_table, is_cc_event); } diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index cdd4310..d79291d 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -16,14 +16,16 @@ int efi_tpm_final_log_size; EXPORT_SYMBOL(efi_tpm_final_log_size); -static int __init tpm2_calc_event_log_size(void *data, int count, void *size_info) +static int __init tpm2_calc_event_log_size(void *data, int count, + void *size_info, bool is_cc_event) { struct tcg_pcr_event2_head *header; u32 event_size, size = 0; while (count > 0) { header = data + size; - event_size = __calc_tpm2_event_size(header, size_info, true); + event_size = __calc_tpm2_event_size(header, size_info, true, + is_cc_event); if (event_size == 0) return -1; size += event_size; @@ -36,7 +38,8 @@ static int __init tpm2_calc_event_log_size(void *data, int count, void *size_inf /* * Reserve the memory associated with the TPM Event Log configuration table. */ -int __init efi_tpm_eventlog_init(void) +int __init efi_tcg2_eventlog_init(unsigned long *log, unsigned long *final_log, + bool is_cc_event) { struct linux_efi_tpm_eventlog *log_tbl; struct efi_tcg2_final_events_table *final_tbl; @@ -44,7 +47,7 @@ int __init efi_tpm_eventlog_init(void) int final_tbl_size; int ret = 0; - if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) { + if (*log == EFI_INVALID_TABLE_ADDR) { /* * We can't calculate the size of the final events without the * first entry in the TPM log, so bail here. @@ -52,23 +55,23 @@ int __init efi_tpm_eventlog_init(void) return 0; } - log_tbl = early_memremap(efi.tpm_log, sizeof(*log_tbl)); + log_tbl = early_memremap(*log, sizeof(*log_tbl)); if (!log_tbl) { pr_err("Failed to map TPM Event Log table @ 0x%lx\n", - efi.tpm_log); - efi.tpm_log = EFI_INVALID_TABLE_ADDR; + *log); + *log = EFI_INVALID_TABLE_ADDR; return -ENOMEM; } tbl_size = sizeof(*log_tbl) + log_tbl->size; - if (memblock_reserve(efi.tpm_log, tbl_size)) { + if (memblock_reserve(*log, tbl_size)) { pr_err("TPM Event Log memblock reserve fails (0x%lx, 0x%x)\n", - efi.tpm_log, tbl_size); + *log, tbl_size); ret = -ENOMEM; goto out; } - if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR) { + if (*final_log == EFI_INVALID_TABLE_ADDR) { pr_info("TPM Final Events table not present\n"); goto out; } else if (log_tbl->version != EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { @@ -76,25 +79,26 @@ int __init efi_tpm_eventlog_init(void) goto out; } - final_tbl = early_memremap(efi.tpm_final_log, sizeof(*final_tbl)); + final_tbl = early_memremap(*final_log, sizeof(*final_tbl)); if (!final_tbl) { pr_err("Failed to map TPM Final Event Log table @ 0x%lx\n", - efi.tpm_final_log); - efi.tpm_final_log = EFI_INVALID_TABLE_ADDR; + *final_log); + *final_log = EFI_INVALID_TABLE_ADDR; ret = -ENOMEM; goto out; } final_tbl_size = 0; if (final_tbl->nr_events != 0) { - void *events = (void *)efi.tpm_final_log + void *events = (void *)*final_log + sizeof(final_tbl->version) + sizeof(final_tbl->nr_events); final_tbl_size = tpm2_calc_event_log_size(events, final_tbl->nr_events, - log_tbl->log); + log_tbl->log, + is_cc_event); } if (final_tbl_size < 0) { @@ -103,7 +107,7 @@ int __init efi_tpm_eventlog_init(void) goto out_calc; } - memblock_reserve(efi.tpm_final_log, + memblock_reserve(*final_log, final_tbl_size + sizeof(*final_tbl)); efi_tpm_final_log_size = final_tbl_size; diff --git a/include/linux/efi.h b/include/linux/efi.h index 7d63d1d..71efec0 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -642,6 +642,7 @@ extern struct efi { unsigned long esrt; /* ESRT table */ unsigned long tpm_log; /* TPM2 Event Log table */ unsigned long tpm_final_log; /* TPM2 Final Events Log table */ + unsigned long cc_final_log; /* CC Final Events Log table */ unsigned long mokvar_table; /* MOK variable config table */ unsigned long coco_secret; /* Confidential computing secret table */ unsigned long unaccepted; /* Unaccepted memory table */ @@ -1209,7 +1210,8 @@ struct linux_efi_tpm_eventlog { u8 log[]; }; -extern int efi_tpm_eventlog_init(void); +extern int efi_tcg2_eventlog_init(unsigned long *log, unsigned long *final_log, + bool is_cc_event); struct efi_tcg2_final_events_table { u64 version; diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 891368e..b3380c9 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -143,6 +143,7 @@ struct tcg_algorithm_info { * @event: Pointer to the event whose size should be calculated * @event_header: Pointer to the initial event containing the digest lengths * @do_mapping: Whether or not the event needs to be mapped + * @is_cc_event: Whether or not the event is from a CC platform * * The TPM2 event log format can contain multiple digests corresponding to * separate PCR banks, and also contains a variable length of the data that @@ -159,7 +160,8 @@ struct tcg_algorithm_info { static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header, - bool do_mapping) + bool do_mapping, + bool is_cc_event) { struct tcg_efi_specid_event_head *efispecid; struct tcg_event_field *event_field; @@ -201,8 +203,14 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev count = event->count; event_type = event->event_type; - /* Verify that it's the log header */ - if (event_header->pcr_idx != 0 || + /* + * Verify that it's the log header. According to the TCG PC Client + * Specification, when identifying a log header, the check for a + * pcr_idx value of 0 is not required. For CC platforms, skipping + * this check during log header is necessary; otherwise, the CC + * platform's log header may fail to be recognized. + */ + if ((!is_cc_event && event_header->pcr_idx != 0) || event_header->event_type != NO_ACTION || memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { size = 0; -- 2.7.4

2 months, 1 week

4
3
0 0

[PATCH v7 01/12] platform/x86/intel/pmt: fix a crashlog NULL pointer access

by Michael J. Ruhl

Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the crashlog usage causes the following NULL pointer exception: BUG: kernel NULL pointer dereference, address: 0000000000000000 Oops: Oops: 0000 [#1] SMP NOPTI RIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class] Code: Call Trace: <TASK> ? sysfs_kf_bin_read+0xc0/0xe0 kernfs_fop_read_iter+0xac/0x1a0 vfs_read+0x26d/0x350 ksys_read+0x6b/0xe0 __x64_sys_read+0x1d/0x30 x64_sys_call+0x1bc8/0x1d70 do_syscall_64+0x6d/0x110 Augment struct intel_pmt_entry with a pointer to the pcidev to avoid the NULL pointer exception. Reviewed-by: Tejas Upadhyay <tejas.upadhyay(a)intel.com> Fixes: 045a513040cc ("platform/x86/intel/pmt: Use PMT callbacks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Michael J. Ruhl <michael.j.ruhl(a)intel.com> --- drivers/platform/x86/intel/pmt/class.c | 3 ++- drivers/platform/x86/intel/pmt/class.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/intel/pmt/class.c b/drivers/platform/x86/intel/pmt/class.c index 7233b654bbad..d046e8752173 100644 --- a/drivers/platform/x86/intel/pmt/class.c +++ b/drivers/platform/x86/intel/pmt/class.c @@ -97,7 +97,7 @@ intel_pmt_read(struct file *filp, struct kobject *kobj, if (count > entry->size - off) count = entry->size - off; - count = pmt_telem_read_mmio(entry->ep->pcidev, entry->cb, entry->header.guid, buf, + count = pmt_telem_read_mmio(entry->pcidev, entry->cb, entry->header.guid, buf, entry->base, off, count); return count; @@ -252,6 +252,7 @@ static int intel_pmt_populate_entry(struct intel_pmt_entry *entry, return -EINVAL; } + entry->pcidev = pci_dev; entry->guid = header->guid; entry->size = header->size; entry->cb = ivdev->priv_data; diff --git a/drivers/platform/x86/intel/pmt/class.h b/drivers/platform/x86/intel/pmt/class.h index b2006d57779d..f6ce80c4e051 100644 --- a/drivers/platform/x86/intel/pmt/class.h +++ b/drivers/platform/x86/intel/pmt/class.h @@ -39,6 +39,7 @@ struct intel_pmt_header { struct intel_pmt_entry { struct telem_endpoint *ep; + struct pci_dev *pcidev; struct intel_pmt_header header; struct bin_attribute pmt_bin_attr; struct kobject *kobj; -- 2.50.0

2 months, 1 week

2
1
0 0

[PATCH v4] nvmem: imx-ocotp: fix MAC address byte length

by Steffen Bätz

The commit "13bcd440f2ff nvmem: core: verify cell's raw_len" caused an extension of the "mac-address" cell from 6 to 8 bytes due to word_size of 4 bytes. This led to a required byte swap of the full buffer length, which caused truncation of the mac-address when read. Previously, the mac-address was incorrectly truncated from 70:B3:D5:14:E9:0E to 00:00:70:B3:D5:14. Fix the issue by swapping only the first 6 bytes to correctly pass the mac-address to the upper layers. Fixes: 13bcd440f2ff ("nvmem: core: verify cell's raw_len") Cc: stable(a)vger.kernel.org Signed-off-by: Steffen Bätz <steffen(a)innosonix.de> Tested-by: Alexander Stein <alexander.stein(a)ew.tq-group.com> --- v4: - Adopted the commit message wording recommended by Frank.li(a)nxp.com to improve clarity. - Simplified byte count determination by using min() instead of an explicit conditional statement. - Kept the Tested-by tag from the previous patch as the change remains trivial but tested. v3: - replace magic number 6 with ETH_ALEN - Fix misleading indentation and properly group 'mac-address' statements v2: - Add Cc: stable(a)vger.kernel.org as requested by Greg KH's patch bot drivers/nvmem/imx-ocotp-ele.c | 5 ++++- drivers/nvmem/imx-ocotp.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/nvmem/imx-ocotp-ele.c b/drivers/nvmem/imx-ocotp-ele.c index ca6dd71d8a2e..7807ec0e2d18 100644 --- a/drivers/nvmem/imx-ocotp-ele.c +++ b/drivers/nvmem/imx-ocotp-ele.c @@ -12,6 +12,7 @@ #include <linux/of.h> #include <linux/platform_device.h> #include <linux/slab.h> +#include <linux/if_ether.h> /* ETH_ALEN */ enum fuse_type { FUSE_FSB = BIT(0), @@ -118,9 +119,11 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, int i; /* Deal with some post processing of nvmem cell data */ - if (id && !strcmp(id, "mac-address")) + if (id && !strcmp(id, "mac-address")) { + bytes = min(bytes, ETH_ALEN); for (i = 0; i < bytes / 2; i++) swap(buf[i], buf[bytes - i - 1]); + } return 0; } diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c index 79dd4fda0329..7bf7656d4f96 100644 --- a/drivers/nvmem/imx-ocotp.c +++ b/drivers/nvmem/imx-ocotp.c @@ -23,6 +23,7 @@ #include <linux/platform_device.h> #include <linux/slab.h> #include <linux/delay.h> +#include <linux/if_ether.h> /* ETH_ALEN */ #define IMX_OCOTP_OFFSET_B0W0 0x400 /* Offset from base address of the * OTP Bank0 Word0 @@ -227,9 +228,11 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, int i; /* Deal with some post processing of nvmem cell data */ - if (id && !strcmp(id, "mac-address")) + if (id && !strcmp(id, "mac-address")) { + bytes = min(bytes, ETH_ALEN); for (i = 0; i < bytes / 2; i++) swap(buf[i], buf[bytes - i - 1]); + } return 0; } -- 2.43.0 -- *innosonix GmbH* Hauptstr. 35 96482 Ahorn central: +49 9561 7459980 www.innosonix.de <http://www.innosonix.de> innosonix GmbH Geschäftsführer: Markus Bätz, Steffen Bätz USt.-IdNr / VAT-Nr.: DE266020313 EORI-Nr.: DE240121536680271 HRB 5192 Coburg WEEE-Reg.-Nr. DE88021242

2 months, 1 week

2
1
0 0

[PATCH] Revert "leds: trigger: netdev: Configure LED blink interval for HW offload"

by Daniel Golle

This reverts commit c629c972b310af41e9e072febb6dae9a299edde6. Fixes: c629c972b310a ("leds: trigger: netdev: Configure LED blink interval for HW offload") Suggested-by: Andrew Lunn <andrew(a)lunn.ch> Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Golle <daniel(a)makrotopia.org> --- drivers/leds/trigger/ledtrig-netdev.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/drivers/leds/trigger/ledtrig-netdev.c b/drivers/leds/trigger/ledtrig-netdev.c index 4e048e08c4fde..c15efe3e50780 100644 --- a/drivers/leds/trigger/ledtrig-netdev.c +++ b/drivers/leds/trigger/ledtrig-netdev.c @@ -68,7 +68,6 @@ struct led_netdev_data { unsigned int last_activity; unsigned long mode; - unsigned long blink_delay; int link_speed; __ETHTOOL_DECLARE_LINK_MODE_MASK(supported_link_modes); u8 duplex; @@ -87,10 +86,6 @@ static void set_baseline_state(struct led_netdev_data *trigger_data) /* Already validated, hw control is possible with the requested mode */ if (trigger_data->hw_control) { led_cdev->hw_control_set(led_cdev, trigger_data->mode); - if (led_cdev->blink_set) { - led_cdev->blink_set(led_cdev, &trigger_data->blink_delay, - &trigger_data->blink_delay); - } return; } @@ -459,11 +454,10 @@ static ssize_t interval_store(struct device *dev, size_t size) { struct led_netdev_data *trigger_data = led_trigger_get_drvdata(dev); - struct led_classdev *led_cdev = trigger_data->led_cdev; unsigned long value; int ret; - if (trigger_data->hw_control && !led_cdev->blink_set) + if (trigger_data->hw_control) return -EINVAL; ret = kstrtoul(buf, 0, &value); @@ -472,13 +466,9 @@ static ssize_t interval_store(struct device *dev, /* impose some basic bounds on the timer interval */ if (value >= 5 && value <= 10000) { - if (trigger_data->hw_control) { - trigger_data->blink_delay = value; - } else { - cancel_delayed_work_sync(&trigger_data->work); + cancel_delayed_work_sync(&trigger_data->work); - atomic_set(&trigger_data->interval, msecs_to_jiffies(value)); - } + atomic_set(&trigger_data->interval, msecs_to_jiffies(value)); set_baseline_state(trigger_data); /* resets timer */ } -- 2.50.0

2 months, 1 week

2
1
0 0

[PATCH 2/2] netfs: Fix race between cache write completion and ALL_QUEUED being set

by David Howells

When netfslib is issuing subrequests, the subrequests start processing immediately and may complete before we reach the end of the issuing function. At the end of the issuing function we set NETFS_RREQ_ALL_QUEUED to indicate to the collector that we aren't going to issue any more subreqs and that it can do the final notifications and cleanup. Now, this isn't a problem if the request is synchronous (NETFS_RREQ_OFFLOAD_COLLECTION is unset) as the result collection will be done in-thread and we're guaranteed an opportunity to run the collector. However, if the request is asynchronous, collection is primarily triggered by the termination of subrequests queuing it on a workqueue. Now, a race can occur here if the app thread sets ALL_QUEUED after the last subrequest terminates. This can happen most easily with the copy2cache code (as used by Ceph) where, in the collection routine of a read request, an asynchronous write request is spawned to copy data to the cache. Folios are added to the write request as they're unlocked, but there may be a delay before ALL_QUEUED is set as the write subrequests may complete before we get there. If all the write subreqs have finished by the ALL_QUEUED point, no further events happen and the collection never happens, leaving the request hanging. Fix this by queuing the collector after setting ALL_QUEUED. This is a bit heavy-handed and it may be sufficient to do it only if there are no extant subreqs. Also add a tracepoint to cross-reference both requests in a copy-to-request operation and add a trace to the netfs_rreq tracepoint to indicate the setting of ALL_QUEUED. Fixes: e2d46f2ec332 ("netfs: Change the read result collector to only use one work item") Reported-by: Max Kellermann <max.kellermann(a)ionos.com> Link: https://lore.kernel.org/r/CAKPOu+8z_ijTLHdiCYGU_Uk7yYD=shxyGLwfe-L7AV3DhebS… Signed-off-by: David Howells <dhowells(a)redhat.com> cc: Paulo Alcantara <pc(a)manguebit.org> cc: Viacheslav Dubeyko <slava(a)dubeyko.com> cc: Alex Markuze <amarkuze(a)redhat.com> cc: Ilya Dryomov <idryomov(a)gmail.com> cc: netfs(a)lists.linux.dev cc: ceph-devel(a)vger.kernel.org cc: linux-fsdevel(a)vger.kernel.org cc: stable(a)vger.kernel.org --- fs/netfs/read_pgpriv2.c | 4 ++++ include/trace/events/netfs.h | 30 ++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/fs/netfs/read_pgpriv2.c b/fs/netfs/read_pgpriv2.c index 080d2a6a51d9..8097bc069c1d 100644 --- a/fs/netfs/read_pgpriv2.c +++ b/fs/netfs/read_pgpriv2.c @@ -111,6 +111,7 @@ static struct netfs_io_request *netfs_pgpriv2_begin_copy_to_cache( goto cancel_put; __set_bit(NETFS_RREQ_OFFLOAD_COLLECTION, &creq->flags); + trace_netfs_copy2cache(rreq, creq); trace_netfs_write(creq, netfs_write_trace_copy_to_cache); netfs_stat(&netfs_n_wh_copy_to_cache); rreq->copy_to_cache = creq; @@ -155,6 +156,9 @@ void netfs_pgpriv2_end_copy_to_cache(struct netfs_io_request *rreq) netfs_issue_write(creq, &creq->io_streams[1]); smp_wmb(); /* Write lists before ALL_QUEUED. */ set_bit(NETFS_RREQ_ALL_QUEUED, &creq->flags); + trace_netfs_rreq(rreq, netfs_rreq_trace_end_copy_to_cache); + if (list_empty_careful(&creq->io_streams[1].subrequests)) + netfs_wake_collector(creq); netfs_put_request(creq, netfs_rreq_trace_put_return); creq->copy_to_cache = NULL; diff --git a/include/trace/events/netfs.h b/include/trace/events/netfs.h index 73e96ccbe830..64a382fbc31a 100644 --- a/include/trace/events/netfs.h +++ b/include/trace/events/netfs.h @@ -55,6 +55,7 @@ EM(netfs_rreq_trace_copy, "COPY ") \ EM(netfs_rreq_trace_dirty, "DIRTY ") \ EM(netfs_rreq_trace_done, "DONE ") \ + EM(netfs_rreq_trace_end_copy_to_cache, "END-C2C") \ EM(netfs_rreq_trace_free, "FREE ") \ EM(netfs_rreq_trace_ki_complete, "KI-CMPL") \ EM(netfs_rreq_trace_recollect, "RECLLCT") \ @@ -559,6 +560,35 @@ TRACE_EVENT(netfs_write, __entry->start, __entry->start + __entry->len - 1) ); +TRACE_EVENT(netfs_copy2cache, + TP_PROTO(const struct netfs_io_request *rreq, + const struct netfs_io_request *creq), + + TP_ARGS(rreq, creq), + + TP_STRUCT__entry( + __field(unsigned int, rreq) + __field(unsigned int, creq) + __field(unsigned int, cookie) + __field(unsigned int, ino) + ), + + TP_fast_assign( + struct netfs_inode *__ctx = netfs_inode(rreq->inode); + struct fscache_cookie *__cookie = netfs_i_cookie(__ctx); + __entry->rreq = rreq->debug_id; + __entry->creq = creq->debug_id; + __entry->cookie = __cookie ? __cookie->debug_id : 0; + __entry->ino = rreq->inode->i_ino; + ), + + TP_printk("R=%08x CR=%08x c=%08x i=%x ", + __entry->rreq, + __entry->creq, + __entry->cookie, + __entry->ino) + ); + TRACE_EVENT(netfs_collect, TP_PROTO(const struct netfs_io_request *wreq),

2 months, 1 week

1
0
0 0

[PATCH V3] efi/tpm: Fix the issue where the CC platforms event log header can't be correctly identified

by yangge1116＠126.com

From: Ge Yang <yangge1116(a)126.com> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") reuses TPM2 support code for the CC platforms, when launching a TDX virtual machine with coco measurement enabled, the following error log is generated: [Firmware Bug]: Failed to parse event in TPM Final Events Log Call Trace: efi_config_parse_tables() efi_tpm_eventlog_init() tpm2_calc_event_log_size() __calc_tpm2_event_size() The pcr_idx value in the Intel TDX log header is 1, causing the function __calc_tpm2_event_size() to fail to recognize the log header, ultimately leading to the "Failed to parse event in TPM Final Events Log" error. According to UEFI Specification 2.10, Section 38.4.1: For TDX, TPM PCR 0 maps to MRTD, so the log header uses TPM PCR 1 instead. To successfully parse the TDX event log header, the check for a pcr_idx value of 0 must be skipped. According to Table 6 in Section 10.2.1 of the TCG PC Client Specification, the index field does not require the PCR index to be fixed at zero. Therefore, skipping the check for a pcr_idx value of 0 for CC platforms is safe. Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#intel-trust… Link: https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05… Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms") Signed-off-by: Ge Yang <yangge1116(a)126.com> Cc: stable(a)vger.kernel.org --- V3: - fix build error V2: - limit the fix for CC only suggested by Jarkko and Sathyanarayanan drivers/char/tpm/eventlog/tpm2.c | 4 +++- drivers/firmware/efi/libstub/tpm.c | 13 +++++++++---- drivers/firmware/efi/tpm.c | 4 +++- include/linux/tpm_eventlog.h | 14 +++++++++++--- 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/drivers/char/tpm/eventlog/tpm2.c b/drivers/char/tpm/eventlog/tpm2.c index 37a0580..30ef47c 100644 --- a/drivers/char/tpm/eventlog/tpm2.c +++ b/drivers/char/tpm/eventlog/tpm2.c @@ -18,6 +18,7 @@ #include <linux/module.h> #include <linux/slab.h> #include <linux/tpm_eventlog.h> +#include <linux/cc_platform.h> #include "../tpm.h" #include "common.h" @@ -36,7 +37,8 @@ static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header) { - return __calc_tpm2_event_size(event, event_header, false); + return __calc_tpm2_event_size(event, event_header, false, + cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)); } static void *tpm2_bios_measurements_start(struct seq_file *m, loff_t *pos) diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index a5c6c4f..9728060 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -50,7 +50,8 @@ void efi_enable_reset_attack_mitigation(void) static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_location, efi_physical_addr_t log_last_entry, efi_bool_t truncated, - struct efi_tcg2_final_events_table *final_events_table) + struct efi_tcg2_final_events_table *final_events_table, + bool is_cc_event) { efi_guid_t linux_eventlog_guid = LINUX_EFI_TPM_EVENT_LOG_GUID; efi_status_t status; @@ -87,7 +88,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca last_entry_size = __calc_tpm2_event_size((void *)last_entry_addr, (void *)(long)log_location, - false); + false, + is_cc_event); } else { last_entry_size = sizeof(struct tcpa_event) + ((struct tcpa_event *) last_entry_addr)->event_size; @@ -123,7 +125,8 @@ static void efi_retrieve_tcg2_eventlog(int version, efi_physical_addr_t log_loca header = data + offset + final_events_size; event_size = __calc_tpm2_event_size(header, (void *)(long)log_location, - false); + false, + is_cc_event); /* If calc fails this is a malformed log */ if (!event_size) break; @@ -157,6 +160,7 @@ void efi_retrieve_eventlog(void) efi_tcg2_protocol_t *tpm2 = NULL; efi_bool_t truncated; efi_status_t status; + bool is_cc_event = false; status = efi_bs_call(locate_protocol, &tpm2_guid, NULL, (void **)&tpm2); if (status == EFI_SUCCESS) { @@ -186,11 +190,12 @@ void efi_retrieve_eventlog(void) final_events_table = get_efi_config_table(EFI_CC_FINAL_EVENTS_TABLE_GUID); + is_cc_event = true; } if (status != EFI_SUCCESS || !log_location) return; efi_retrieve_tcg2_eventlog(version, log_location, log_last_entry, - truncated, final_events_table); + truncated, final_events_table, is_cc_event); } diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index cdd4310..ca8535d 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -12,6 +12,7 @@ #include <linux/init.h> #include <linux/memblock.h> #include <linux/tpm_eventlog.h> +#include <linux/cc_platform.h> int efi_tpm_final_log_size; EXPORT_SYMBOL(efi_tpm_final_log_size); @@ -23,7 +24,8 @@ static int __init tpm2_calc_event_log_size(void *data, int count, void *size_inf while (count > 0) { header = data + size; - event_size = __calc_tpm2_event_size(header, size_info, true); + event_size = __calc_tpm2_event_size(header, size_info, true, + cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)); if (event_size == 0) return -1; size += event_size; diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 891368e..b3380c9 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -143,6 +143,7 @@ struct tcg_algorithm_info { * @event: Pointer to the event whose size should be calculated * @event_header: Pointer to the initial event containing the digest lengths * @do_mapping: Whether or not the event needs to be mapped + * @is_cc_event: Whether or not the event is from a CC platform * * The TPM2 event log format can contain multiple digests corresponding to * separate PCR banks, and also contains a variable length of the data that @@ -159,7 +160,8 @@ struct tcg_algorithm_info { static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header, - bool do_mapping) + bool do_mapping, + bool is_cc_event) { struct tcg_efi_specid_event_head *efispecid; struct tcg_event_field *event_field; @@ -201,8 +203,14 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev count = event->count; event_type = event->event_type; - /* Verify that it's the log header */ - if (event_header->pcr_idx != 0 || + /* + * Verify that it's the log header. According to the TCG PC Client + * Specification, when identifying a log header, the check for a + * pcr_idx value of 0 is not required. For CC platforms, skipping + * this check during log header is necessary; otherwise, the CC + * platform's log header may fail to be recognized. + */ + if ((!is_cc_event && event_header->pcr_idx != 0) || event_header->event_type != NO_ACTION || memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) { size = 0; -- 2.7.4

2 months, 1 week

4
5
0 0

[PATCH 2/2] nvmem: imx: Swap only the first 6 bytes of the MAC address

by Christian Eggers

Since commit 55d4980ce55b ("nvmem: core: support specifying both: cell raw data & post read lengths"), the aligned length (e.g. '8' instead of '6') is passed to the read_post_process callback. This causes that the 2 bytes following the MAC address in the ocotp are swapped to the beginning of the address. As a result, an invalid MAC address is returned and to make it even worse, this address can be equal on boards with the same OUI vendor prefix. Fixes: 55d4980ce55b ("nvmem: core: support specifying both: cell raw data & post read lengths") Signed-off-by: Christian Eggers <ceggers(a)arri.de> Cc: stable(a)vger.kernel.org --- Tested on i.MX6ULL, but I assume that this is also required for. imx-ocotp-ele.c (i.MX93). drivers/nvmem/imx-ocotp-ele.c | 5 +++-- drivers/nvmem/imx-ocotp.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/nvmem/imx-ocotp-ele.c b/drivers/nvmem/imx-ocotp-ele.c index 83617665c8d7..07830785ebf1 100644 --- a/drivers/nvmem/imx-ocotp-ele.c +++ b/drivers/nvmem/imx-ocotp-ele.c @@ -6,6 +6,7 @@ */ #include <linux/device.h> +#include <linux/if_ether.h> #include <linux/io.h> #include <linux/module.h> #include <linux/nvmem-provider.h> @@ -119,8 +120,8 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, /* Deal with some post processing of nvmem cell data */ if (id && !strcmp(id, "mac-address")) - for (i = 0; i < bytes / 2; i++) - swap(buf[i], buf[bytes - i - 1]); + for (i = 0; i < ETH_ALEN / 2; i++) + swap(buf[i], buf[ETH_ALEN - i - 1]); return 0; } diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c index 22cc77908018..4dd3b0f94de2 100644 --- a/drivers/nvmem/imx-ocotp.c +++ b/drivers/nvmem/imx-ocotp.c @@ -16,6 +16,7 @@ #include <linux/clk.h> #include <linux/device.h> +#include <linux/if_ether.h> #include <linux/io.h> #include <linux/module.h> #include <linux/nvmem-provider.h> @@ -228,8 +229,8 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, /* Deal with some post processing of nvmem cell data */ if (id && !strcmp(id, "mac-address")) - for (i = 0; i < bytes / 2; i++) - swap(buf[i], buf[bytes - i - 1]); + for (i = 0; i < ETH_ALEN / 2; i++) + swap(buf[i], buf[ETH_ALEN - i - 1]); return 0; } -- 2.43.0

2 months, 1 week

2
2
0 0

[PATCH 1/2] nvmem: imx: assign nvmem_cell_info::raw_len

by Christian Eggers

Avoid getting error messages at startup like the following on i.MX6ULL: nvmem imx-ocotp0: cell mac-addr raw len 6 unaligned to nvmem word size 4 nvmem imx-ocotp0: cell mac-addr raw len 6 unaligned to nvmem word size 4 This shouldn't cause any functional change as this alignment would otherwise be done in nvmem_cell_info_to_nvmem_cell_entry_nodup(). Fixes: 4327479e559c ("nvmem: core: verify cell's raw_len") Signed-off-by: Christian Eggers <ceggers(a)arri.de> Cc: stable(a)vger.kernel.org --- Tested on i.MX6ULL, but I assume that this is also required for imx-ocotp-ele.c (i.MX93). drivers/nvmem/imx-ocotp-ele.c | 1 + drivers/nvmem/imx-ocotp.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/nvmem/imx-ocotp-ele.c b/drivers/nvmem/imx-ocotp-ele.c index ca6dd71d8a2e..83617665c8d7 100644 --- a/drivers/nvmem/imx-ocotp-ele.c +++ b/drivers/nvmem/imx-ocotp-ele.c @@ -128,6 +128,7 @@ static int imx_ocotp_cell_pp(void *context, const char *id, int index, static void imx_ocotp_fixup_dt_cell_info(struct nvmem_device *nvmem, struct nvmem_cell_info *cell) { + cell->raw_len = round_up(cell->bytes, 4); cell->read_post_process = imx_ocotp_cell_pp; } diff --git a/drivers/nvmem/imx-ocotp.c b/drivers/nvmem/imx-ocotp.c index 79dd4fda0329..22cc77908018 100644 --- a/drivers/nvmem/imx-ocotp.c +++ b/drivers/nvmem/imx-ocotp.c @@ -586,6 +586,7 @@ MODULE_DEVICE_TABLE(of, imx_ocotp_dt_ids); static void imx_ocotp_fixup_dt_cell_info(struct nvmem_device *nvmem, struct nvmem_cell_info *cell) { + cell->raw_len = round_up(cell->bytes, 4); cell->read_post_process = imx_ocotp_cell_pp; } -- 2.43.0

2 months, 1 week

1
0
0 0

[PATCH] isofs: Verify inode mode when loading from disk

by Jan Kara

Verify that the inode mode is sane when loading it from the disk to avoid complaints from VFS about setting up invalid inodes. Reported-by: syzbot+895c23f6917da440ed0d(a)syzkaller.appspotmail.com CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/isofs/inode.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) I plan to merge this fix through my tree. diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c index d5da9817df9b..33e6a620c103 100644 --- a/fs/isofs/inode.c +++ b/fs/isofs/inode.c @@ -1440,9 +1440,16 @@ static int isofs_read_inode(struct inode *inode, int relocated) inode->i_op = &page_symlink_inode_operations; inode_nohighmem(inode); inode->i_data.a_ops = &isofs_symlink_aops; - } else + } else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) || + S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) { /* XXX - parse_rock_ridge_inode() had already set i_rdev. */ init_special_inode(inode, inode->i_mode, inode->i_rdev); + } else { + printk(KERN_DEBUG "ISOFS: Invalid file type 0%04o for inode %lu.\n", + inode->i_mode, inode->i_ino); + ret = -EIO; + goto fail; + } ret = 0; out: -- 2.43.0

2 months, 1 week

2
3
0 0

[PATCH v1 1/1] Documentation: ACPI: Fix parent device references

by Andy Shevchenko

The _CRS resources in many cases want to have ResourceSource field to be a type of ACPI String. This means that to compile properly we need to enclosure the name path into double quotes. This will in practice defer the interpretation to a run-time stage, However, this may be interpreted differently on different OSes and ACPI interpreter implementations. In particular ACPICA might not correctly recognize the leading '^' (caret) character and will not resolve the relative name path properly. On top of that, this piece may be used in SSDTs which are loaded after the DSDT and on itself may also not resolve relative name paths outside of their own scopes. With this all said, fix documentation to use fully-qualified name paths always to avoid any misinterpretations, which is proven to work. Fixes: 8eb5c87a92c0 ("i2c: add ACPI support for I2C mux ports") Reported-by: Yevhen Kondrashyn <e.kondrashyn(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> --- Rafael, I prefer, if no objections, to push this as v6.16-rc6 material since the reported issue was detected on old (v5.10.y) and still LTS kernel. Would be nice for people to not trap to it in older kernels. Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Documentation/firmware-guide/acpi/i2c-muxes.rst b/Documentation/firmware-guide/acpi/i2c-muxes.rst index 3a8997ccd7c4..f366539acd79 100644 --- a/Documentation/firmware-guide/acpi/i2c-muxes.rst +++ b/Documentation/firmware-guide/acpi/i2c-muxes.rst @@ -14,7 +14,7 @@ Consider this topology:: | | | 0x70 |--CH01--> i2c client B (0x50) +------+ +------+ -which corresponds to the following ASL:: +which corresponds to the following ASL (in the scope of \_SB):: Device (SMB1) { @@ -24,7 +24,7 @@ which corresponds to the following ASL:: Name (_HID, ...) Name (_CRS, ResourceTemplate () { I2cSerialBus (0x70, ControllerInitiated, I2C_SPEED, - AddressingMode7Bit, "^SMB1", 0x00, + AddressingMode7Bit, "\\_SB.SMB1", 0x00, ResourceConsumer,,) } @@ -37,7 +37,7 @@ which corresponds to the following ASL:: Name (_HID, ...) Name (_CRS, ResourceTemplate () { I2cSerialBus (0x50, ControllerInitiated, I2C_SPEED, - AddressingMode7Bit, "^CH00", 0x00, + AddressingMode7Bit, "\\_SB.SMB1.CH00", 0x00, ResourceConsumer,,) } } @@ -52,7 +52,7 @@ which corresponds to the following ASL:: Name (_HID, ...) Name (_CRS, ResourceTemplate () { I2cSerialBus (0x50, ControllerInitiated, I2C_SPEED, - AddressingMode7Bit, "^CH01", 0x00, + AddressingMode7Bit, "\\_SB.SMB1.CH01", 0x00, ResourceConsumer,,) } } -- 2.47.2

2 months, 1 week

2
1
0 0

[PATCH 1/7] arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed

by Tim Harvey

The IMX8M reference manuals indicate in the USDHC Clock generator section that the clock rate for DDR is 1/2 the input clock therefore HS400 rates clocked at 200Mhz require a 400Mhz SDHC clock. This showed about a 1.5x improvement in read performance for the eMMC's used on the various imx8m{m,n,p}-venice boards. Fixes: 6f30b27c5ef5 ("arm64: dts: imx8mm: Add Gateworks i.MX 8M Mini Development Kits") Signed-off-by: Tim Harvey <tharvey(a)gateworks.com> --- arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi b/arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi index 5a3b1142ddf4..37db4f0dd505 100644 --- a/arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi +++ b/arch/arm64/boot/dts/freescale/imx8mm-venice-gw700x.dtsi @@ -418,6 +418,8 @@ &usdhc3 { pinctrl-0 = <&pinctrl_usdhc3>; pinctrl-1 = <&pinctrl_usdhc3_100mhz>; pinctrl-2 = <&pinctrl_usdhc3_200mhz>; + assigned-clocks = <&clk IMX8MM_CLK_USDHC3>; + assigned-clock-rates = <400000000>; bus-width = <8>; non-removable; status = "okay"; -- 2.25.1

2 months, 1 week

3
8
0 0

[PATCH] arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1

by Bryan Brattlof

From: Hong Guan <hguan(a)ti.com> The &main_uart1, which is reserved for TIFS firmware traces, is routed to the onboard FT4232 via a FET swich which is connected to pin A21 and B21 of the SoC and not E17 and C17. Fix it. Fixes: cf39ff15cc01a ("arm64: dts: ti: k3-am62a7-sk: Describe main_uart1 and wkup_uart") Cc: stable(a)vger.kernel.org Signed-off-by: Hong Guan <hguan(a)ti.com> [bb(a)ti.com: expanded commit message] Signed-off-by: Bryan Brattlof <bb(a)ti.com> --- arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62a7-sk.dts b/arch/arm64/boot/dts/ti/k3-am62a7-sk.dts index 3a8b45272526037b364e6e39886fcc9199114105..f11284b3fe8e23b4c48d8d2f3a7202e80dc57370 100644 --- a/arch/arm64/boot/dts/ti/k3-am62a7-sk.dts +++ b/arch/arm64/boot/dts/ti/k3-am62a7-sk.dts @@ -301,8 +301,8 @@ AM62AX_IOPAD(0x1cc, PIN_OUTPUT, 0) /* (D15) UART0_TXD */ main_uart1_pins_default: main-uart1-default-pins { pinctrl-single,pins = < - AM62AX_IOPAD(0x01e8, PIN_INPUT, 1) /* (C17) I2C1_SCL.UART1_RXD */ - AM62AX_IOPAD(0x01ec, PIN_OUTPUT, 1) /* (E17) I2C1_SDA.UART1_TXD */ + AM62AX_IOPAD(0x01ac, PIN_INPUT, 2) /* (B21) MCASP0_AFSR.UART1_RXD */ + AM62AX_IOPAD(0x01b0, PIN_OUTPUT, 2) /* (A21) MCASP0_ACLKR.UART1_TXD */ AM62AX_IOPAD(0x0194, PIN_INPUT, 2) /* (C19) MCASP0_AXR3.UART1_CTSn */ AM62AX_IOPAD(0x0198, PIN_OUTPUT, 2) /* (B19) MCASP0_AXR2.UART1_RTSn */ >; --- base-commit: 036cc33070b35754f45da50d81f8c3c85191c8b7 change-id: 20250707-uart-fixes-6efe27a1afe4 Best regards, -- Bryan Brattlof <bb(a)ti.com>

2 months, 1 week

2
1
0 0

[PATCH v2] ext4: inline: convert when mmap is called, not when page is written

by Thadeu Lima de Souza Cascardo

inline data handling has a race between writing and writing to a memory map. When ext4_page_mkwrite is called, it calls ext4_convert_inline_data, which destroys the inline data, but if block allocation fails, restores the inline data. In that process, we could have: CPU1 CPU2 destroy_inline_data write_begin (does not see inline data) restory_inline_data write_end (sees inline data) This leads to bugs like the one below, as write_begin did not prepare for the case of inline data, which is expected by the write_end side of it. ------------[ cut here ]------------ kernel BUG at fs/ext4/inline.c:235! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 1 UID: 0 PID: 5838 Comm: syz-executor110 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:ext4_write_inline_data fs/ext4/inline.c:235 [inline] RIP: 0010:ext4_write_inline_data_end+0xdc7/0xdd0 fs/ext4/inline.c:774 Code: 47 1d 8c e8 4b 3a 91 ff 90 0f 0b e8 63 7a 47 ff 48 8b 7c 24 10 48 c7 c6 e0 47 1d 8c e8 32 3a 91 ff 90 0f 0b e8 4a 7a 47 ff 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc900031c7320 EFLAGS: 00010293 RAX: ffffffff8257f9a6 RBX: 000000000000005a RCX: ffff888012968000 RDX: 0000000000000000 RSI: 000000000000005a RDI: 000000000000005b RBP: ffffc900031c7448 R08: ffffffff8257ef87 R09: 1ffff11006806070 R10: dffffc0000000000 R11: ffffed1006806071 R12: 000000000000005a R13: dffffc0000000000 R14: ffff888076b65bd8 R15: 000000000000005b FS: 00007f5c6bacf6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000a00 CR3: 0000000073fb6000 CR4: 0000000000350ef0 Call Trace: <TASK> generic_perform_write+0x6f8/0x990 mm/filemap.c:4070 ext4_buffered_write_iter+0xc5/0x350 fs/ext4/file.c:299 ext4_file_write_iter+0x892/0x1c50 iter_file_splice_write+0xbfc/0x1510 fs/splice.c:743 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0x11d/0x220 fs/splice.c:1164 splice_direct_to_actor+0x588/0xc80 fs/splice.c:1108 do_splice_direct_actor fs/splice.c:1207 [inline] do_splice_direct+0x289/0x3e0 fs/splice.c:1233 do_sendfile+0x564/0x8a0 fs/read_write.c:1363 __do_sys_sendfile64 fs/read_write.c:1424 [inline] __se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1410 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5c6bb18d09 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5c6bacf218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007f5c6bba0708 RCX: 00007f5c6bb18d09 RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 RBP: 00007f5c6bba0700 R08: 0000000000000000 R09: 0000000000000000 R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007f5c6bb6d620 R13: 00007f5c6bb6d0c0 R14: 0031656c69662f2e R15: 8088e3ad122bc192 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- This happens because ext4_page_mkwrite is not protected by the inode_lock. The xattr semaphore is not sufficient to protect inline data handling in a sane way, so we need to rely on the inode_lock. Adding the inode_lock to ext4_page_mkwrite is not an option, otherwise lock-ordering problems with mmap_lock may arise. The conversion inside ext4_page_mkwrite was introduced at commit 7b4cc9787fe3 ("ext4: evict inline data when writing to memory map"). This fixes a documented bug in the commit message, which suggests some alternative fixes. Convert inline data when mmap is called, instead of doing it only when the mmapped page is written to. Using the inode_lock there does not lead to lock-ordering issues. The drawback is that inline conversion will happen when the file is mmapped, even though the page will not be written to. Fixes: 7b4cc9787fe3 ("ext4: evict inline data when writing to memory map") Reported-by: syzbot+0c89d865531d053abb2d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0c89d865531d053abb2d Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Cc: stable(a)vger.kernel.org --- Changes in v2: - Convert inline data at mmap time, avoiding data loss. - Link to v1: https://lore.kernel.org/r/20250519-ext4_inline_page_mkwrite-v1-1-865d9a62b5… --- fs/ext4/file.c | 6 ++++++ fs/ext4/inode.c | 4 ---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index beb078ee4811d6092e362e37307e7d87e5276cbc..f2380471df5d99500e49fdc639fa3e56143c328f 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -819,6 +819,12 @@ static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma) if (!daxdev_mapping_supported(vma, dax_dev)) return -EOPNOTSUPP; + inode_lock(inode); + ret = ext4_convert_inline_data(inode); + inode_unlock(inode); + if (ret) + return ret; + file_accessed(file); if (IS_DAX(file_inode(file))) { vma->vm_ops = &ext4_dax_vm_ops; diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 94c7d2d828a64e42ded09c82497ed7617071aa19..895ecda786194b29d32c9c49785d56a1a84e2096 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -6222,10 +6222,6 @@ vm_fault_t ext4_page_mkwrite(struct vm_fault *vmf) filemap_invalidate_lock_shared(mapping); - err = ext4_convert_inline_data(inode); - if (err) - goto out_ret; - /* * On data journalling we skip straight to the transaction handle: * there's no delalloc; page truncated will be checked later; the --- base-commit: 4a95bc121ccdaee04c4d72f84dbfa6b880a514b6 change-id: 20250519-ext4_inline_page_mkwrite-c42ca1f02295 Best regards, -- Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>

2 months, 1 week

3
2
0 0

[RFC V1 PATCH mm-hotfixes 2/3] x86/mm: define p*d_populate_kernel() and top-level page table sync

by Harry Yoo

During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable to handle page fault for address: ffffe70000000034 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: 0002 [#1] SMP NOPTI RIP: 0010:__init_single_page+0x9/0x6d Call Trace: <TASK> __init_zone_device_page+0x17/0x5d memmap_init_zone_device+0x154/0x1bb pagemap_range+0x2e0/0x40f memremap_pages+0x10b/0x2f0 devm_memremap_pages+0x1e/0x60 dev_dax_probe+0xce/0x2ec [device_dax] dax_bus_probe+0x6d/0xc9 [... snip ...] </TASK> It turns out that the kernel panics while initializing vmemmap (struct page array) when the vmemmap region spans two PGD entries, because the new PGD entry is only installed in init_mm.pgd, but not in the page tables of other tasks. And looking at __populate_section_memmap(): if (vmemmap_can_optimize(altmap, pgmap)) // does not sync top level page tables r = vmemmap_populate_compound_pages(pfn, start, end, nid, pgmap); else // sync top level page tables in x86 r = vmemmap_populate(start, end, nid, altmap); In the normal path, vmemmap_populate() in arch/x86/mm/init_64.c synchronizes the top level page table (See commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct mapping and vmemmap mapping changes")) so that all tasks in the system can see the new vmemmap area. However, when vmemmap_can_optimize() returns true, the optimized path skips synchronization of top-level page tables. This is because vmemmap_populate_compound_pages() is implemented in core MM code, which does not handle synchronization of the top-level page tables. Instead, the core MM has historically relied on each architecture to perform this synchronization manually. It turns out that current approach of relying on each arch to handle the page table sync manually is fragile because 1) it's easy to forget to sync the top level page table, and 2) it's also easy to overlook that the kernel should not access vmemmap / direct mapping area before the sync. As suggested by Dave Hansen, define x86_64 versions of {pgd,p4d}_populate_kernel() and arch_sync_kernel_pagetables(), and explicitly perform top-level page table synchronization in {pgd,p4d}_populate_kernel(). Top level page tables are synchronized in pgd_pouplate_kernel() for 5-level paging and in p4d_populate_kernel() for 4-level paging. arch_sync_kernel_pagetables(addr) synchronizes the top level page table entry for address. It calls sync_kernel_pagetables_{l4,l5} depending on the page table levels and installs the page entry in all page tables in the system to make it visible to all tasks. Note that sync_kernel_pagetables_{l4,l5} are simply versions of sync_global_pgds_{l4,l5} that synchronizes only a single page table entry for specified address, instead of for all page table entries corresponding to a range. No functional difference intended between sync_global_pgds_* and sync_kernel_pagetables_* other than that. This also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap before sync_global_pgds() [1]: BUG: unable to handle page fault for address: ffffeb3ff1200000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI Tainted: [W]=WARN RIP: 0010:vmemmap_set_pmd+0xff/0x230 <TASK> vmemmap_populate_hugepages+0x176/0x180 vmemmap_populate+0x34/0x80 __populate_section_memmap+0x41/0x90 sparse_add_section+0x121/0x3e0 __add_pages+0xba/0x150 add_pages+0x1d/0x70 memremap_pages+0x3dc/0x810 devm_memremap_pages+0x1c/0x60 xe_devm_add+0x8b/0x100 [xe] xe_tile_init_noalloc+0x6a/0x70 [xe] xe_device_probe+0x48c/0x740 [xe] [... snip ...] Cc: <stable(a)vger.kernel.org> Fixes: 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") Fixes: faf1c0008a33 ("x86/vmemmap: optimize for consecutive sections in partial populated PMDs") Closes: https://lore.kernel.org/linux-mm/20250311114420.240341-1-gwan-gyeong.mun@in… [1] Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- arch/x86/include/asm/pgalloc.h | 22 ++++++++++ arch/x86/mm/init_64.c | 80 ++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index c88691b15f3c..d66f2db54b16 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -10,6 +10,7 @@ #define __HAVE_ARCH_PTE_ALLOC_ONE #define __HAVE_ARCH_PGD_FREE +#define __HAVE_ARCH_SYNC_KERNEL_PGTABLE #include <asm-generic/pgalloc.h> static inline int __paravirt_pgd_alloc(struct mm_struct *mm) { return 0; } @@ -114,6 +115,17 @@ static inline void p4d_populate(struct mm_struct *mm, p4d_t *p4d, pud_t *pud) set_p4d(p4d, __p4d(_PAGE_TABLE | __pa(pud))); } +void arch_sync_kernel_pagetables(unsigned long addr); + +static inline void p4d_populate_kernel(unsigned long addr, + p4d_t *p4d, pud_t *pud) +{ + paravirt_alloc_pud(&init_mm, __pa(pud) >> PAGE_SHIFT); + set_p4d(p4d, __p4d(_PAGE_TABLE | __pa(pud))); + if (!pgtable_l5_enabled()) + arch_sync_kernel_pagetables(addr); +} + static inline void p4d_populate_safe(struct mm_struct *mm, p4d_t *p4d, pud_t *pud) { paravirt_alloc_pud(mm, __pa(pud) >> PAGE_SHIFT); @@ -137,6 +149,16 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, p4d_t *p4d) set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(p4d))); } +static inline void pgd_populate_kernel(unsigned long addr, + pgd_t *pgd, p4d_t *p4d) +{ + if (!pgtable_l5_enabled()) + return; + paravirt_alloc_p4d(&init_mm, __pa(p4d) >> PAGE_SHIFT); + set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(p4d))); + arch_sync_kernel_pagetables(addr); +} + static inline void pgd_populate_safe(struct mm_struct *mm, pgd_t *pgd, p4d_t *p4d) { if (!pgtable_l5_enabled()) diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index fdb6cab524f0..cbddbef434d5 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -223,6 +223,86 @@ static void sync_global_pgds(unsigned long start, unsigned long end) sync_global_pgds_l4(start, end); } +static void sync_kernel_pagetables_l4(unsigned long addr) +{ + pgd_t *pgd_ref = pgd_offset_k(addr); + const p4d_t *p4d_ref; + struct page *page; + + VM_WARN_ON_ONCE(pgtable_l5_enabled()); + /* + * With folded p4d, pgd_none() is always false, we need to + * handle synchronization on p4d level. + */ + MAYBE_BUILD_BUG_ON(pgd_none(*pgd_ref)); + p4d_ref = p4d_offset(pgd_ref, addr); + + if (p4d_none(*p4d_ref)) + return; + + spin_lock(&pgd_lock); + list_for_each_entry(page, &pgd_list, lru) { + pgd_t *pgd; + p4d_t *p4d; + spinlock_t *pgt_lock; + + pgd = (pgd_t *)page_address(page) + pgd_index(addr); + p4d = p4d_offset(pgd, addr); + /* the pgt_lock only for Xen */ + pgt_lock = &pgd_page_get_mm(page)->page_table_lock; + spin_lock(pgt_lock); + + if (!p4d_none(*p4d_ref) && !p4d_none(*p4d)) + BUG_ON(p4d_pgtable(*p4d) + != p4d_pgtable(*p4d_ref)); + + if (p4d_none(*p4d)) + set_p4d(p4d, *p4d_ref); + + spin_unlock(pgt_lock); + } + spin_unlock(&pgd_lock); +} + +static void sync_kernel_pagetables_l5(unsigned long addr) +{ + const pgd_t *pgd_ref = pgd_offset_k(addr); + struct page *page; + + VM_WARN_ON_ONCE(!pgtable_l5_enabled()); + + if (pgd_none(*pgd_ref)) + return; + + spin_lock(&pgd_lock); + list_for_each_entry(page, &pgd_list, lru) { + pgd_t *pgd; + spinlock_t *pgt_lock; + + pgd = (pgd_t *)page_address(page) + pgd_index(addr); + /* the pgt_lock only for Xen */ + pgt_lock = &pgd_page_get_mm(page)->page_table_lock; + spin_lock(pgt_lock); + + if (!pgd_none(*pgd_ref) && !pgd_none(*pgd)) + BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); + + if (pgd_none(*pgd)) + set_pgd(pgd, *pgd_ref); + + spin_unlock(pgt_lock); + } + spin_unlock(&pgd_lock); +} + +void arch_sync_kernel_pagetables(unsigned long addr) +{ + if (pgtable_l5_enabled()) + sync_kernel_pagetables_l5(addr); + else + sync_kernel_pagetables_l4(addr); +} + /* * NOTE: This function is marked __ref because it calls __init function * (alloc_bootmem_pages). It's safe to do it ONLY when after_bootmem == 0. -- 2.43.0

2 months, 1 week

2
4
0 0

+ mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery has been added to the -mm mm-new branch. Its filename is mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Subject: mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery Date: Thu, 10 Jul 2025 11:23:53 +0300 When pmd_to_hmm_pfn_flags() is unused, it prevents kernel builds with clang, `make W=1` and CONFIG_TRANSPARENT_HUGEPAGE=n: mm/hmm.c:186:29: warning: unused function 'pmd_to_hmm_pfn_flags' [-Wunused-function] Fix this by moving the function to the respective existing ifdeffery for its the only user. See also: 6863f5643dd7 ("kbuild: allow Clang to find unused static inline functions for W=1 build") Link: https://lkml.kernel.org/r/20250710082403.664093-1-andriy.shevchenko@linux.i… Fixes: 9d3973d60f0a ("mm/hmm: cleanup the hmm_vma_handle_pmd stub") Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Reviewed-by: Leon Romanovsky <leonro(a)nvidia.com> Cc: Andriy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Bill Wendling <morbo(a)google.com> Cc: Jerome Glisse <jglisse(a)redhat.com> Cc: Justin Stitt <justinstitt(a)google.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hmm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/hmm.c~mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery +++ a/mm/hmm.c @@ -183,6 +183,7 @@ static inline unsigned long hmm_pfn_flag return order << HMM_PFN_ORDER_SHIFT; } +#ifdef CONFIG_TRANSPARENT_HUGEPAGE static inline unsigned long pmd_to_hmm_pfn_flags(struct hmm_range *range, pmd_t pmd) { @@ -193,7 +194,6 @@ static inline unsigned long pmd_to_hmm_p hmm_pfn_flags_order(PMD_SHIFT - PAGE_SHIFT); } -#ifdef CONFIG_TRANSPARENT_HUGEPAGE static int hmm_vma_handle_pmd(struct mm_walk *walk, unsigned long addr, unsigned long end, unsigned long hmm_pfns[], pmd_t pmd) _ Patches currently in -mm which might be from andriy.shevchenko(a)linux.intel.com are mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery.patch panic-add-panic_sys_info-sysctl-to-take-human-readable-string-parameter-fix.patch

2 months, 1 week

1
0
0 0

+ nilfs2-reject-invalid-file-types-when-reading-inodes.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: reject invalid file types when reading inodes has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-reject-invalid-file-types-when-reading-inodes.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: reject invalid file types when reading inodes Date: Thu, 10 Jul 2025 22:49:08 +0900 To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when reading an inode from a block device. If the file type is not valid, treat it as a filesystem error. Link: https://lkml.kernel.org/r/20250710134952.29862-1-konishi.ryusuke@gmail.com Fixes: 05fe58fdc10d ("nilfs2: inode operations") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+895c23f6917da440ed0d(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/inode.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) --- a/fs/nilfs2/inode.c~nilfs2-reject-invalid-file-types-when-reading-inodes +++ a/fs/nilfs2/inode.c @@ -472,11 +472,18 @@ static int __nilfs_read_inode(struct sup inode->i_op = &nilfs_symlink_inode_operations; inode_nohighmem(inode); inode->i_mapping->a_ops = &nilfs_aops; - } else { + } else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) || + S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) { inode->i_op = &nilfs_special_inode_operations; init_special_inode( inode, inode->i_mode, huge_decode_dev(le64_to_cpu(raw_inode->i_device_code))); + } else { + nilfs_error(sb, + "invalid file type bits in mode 0%o for inode %lu", + inode->i_mode, ino); + err = -EIO; + goto failed_unmap; } nilfs_ifile_unmap_inode(raw_inode); brelse(bh); _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-reject-invalid-file-types-when-reading-inodes.patch

2 months, 1 week

1
0
0 0

Re: [PATCH 00/13] netfs, cifs: Fixes to retry-related code

by Max Kellermann

David Howells <dhowells(a)redhat.com> wrote: > Here are some miscellaneous fixes and changes for netfslib and cifs, if you > could consider pulling them. All the bugs fixed were observed in cifs, so > they should probably go through the cifs tree unless Christian would much > prefer for them to go through the VFS tree. Hi David, your commit 2b1424cd131c ("netfs: Fix wait/wake to be consistent about the waitqueue used") has given me serious headaches; it has caused outages in our web hosting clusters (yet again - all Linux versions since 6.9 had serious netfs regressions). Your patch was backported to 6.15 as commit 329ba1cb402a in 6.15.3 (why oh why??), and therefore the bugs it has caused will be "available" to all Linux stable users. The problem we had is that writing to certain files never finishes. It looks like it has to do with the cachefiles subrequest never reporting completion. (We use Ceph with cachefiles) I have tried applying the fixes in this pull request, which sounded promising, but the problem is still there. The only thing that helps is reverting 2b1424cd131c completely - everything is fine with 6.15.5 plus the revert. What do you need from me in order to analyze the bug? Max

2 months, 1 week

2
9
0 0

[PATCH 6.12.y] drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

by jetlan9＠163.com

From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> [ Upstream commit dc0297f3198bd60108ccbd167ee5d9fa4af31ed0 ] RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB flushes and register reads. When multiple threads or VFs try to access the same registers simultaneously, it can lead to race conditions. By using the RLCG interface, the driver can serialize access to the registers. This means that only one thread can access the registers at a time, preventing conflicts and ensuring that operations are performed correctly. Additionally, when a low-priority task holds a mutex that a high-priority task needs, ie., If a thread holding a spinlock tries to acquire a mutex, it can lead to priority inversion. register access in amdgpu_virt_rlcg_reg_rw especially in a fast code path is critical. The call stack shows that the function amdgpu_virt_rlcg_reg_rw is being called, which attempts to acquire the mutex. This function is invoked from amdgpu_sriov_wreg, which in turn is called from gmc_v11_0_flush_gpu_tlb. The [ BUG: Invalid wait context ] indicates that a thread is trying to acquire a mutex while it is in a context that does not allow it to sleep (like holding a spinlock). Fixes the below: [ 253.013423] ============================= [ 253.013434] [ BUG: Invalid wait context ] [ 253.013446] 6.12.0-amdstaging-drm-next-lol-050225 #14 Tainted: G U OE [ 253.013464] ----------------------------- [ 253.013475] kworker/0:1/10 is trying to lock: [ 253.013487] ffff9f30542e3cf8 (&adev->virt.rlcg_reg_lock){+.+.}-{3:3}, at: amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.013815] other info that might help us debug this: [ 253.013827] context-{4:4} [ 253.013835] 3 locks held by kworker/0:1/10: [ 253.013847] #0: ffff9f3040050f58 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x3f5/0x680 [ 253.013877] #1: ffffb789c008be40 ((work_completion)(&wfc.work)){+.+.}-{0:0}, at: process_one_work+0x1d6/0x680 [ 253.013905] #2: ffff9f3054281838 (&adev->gmc.invalidate_lock){+.+.}-{2:2}, at: gmc_v11_0_flush_gpu_tlb+0x198/0x4f0 [amdgpu] [ 253.014154] stack backtrace: [ 253.014164] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G U OE 6.12.0-amdstaging-drm-next-lol-050225 #14 [ 253.014189] Tainted: [U]=USER, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE [ 253.014203] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/18/2024 [ 253.014224] Workqueue: events work_for_cpu_fn [ 253.014241] Call Trace: [ 253.014250] <TASK> [ 253.014260] dump_stack_lvl+0x9b/0xf0 [ 253.014275] dump_stack+0x10/0x20 [ 253.014287] __lock_acquire+0xa47/0x2810 [ 253.014303] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.014321] lock_acquire+0xd1/0x300 [ 253.014333] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.014562] ? __lock_acquire+0xa6b/0x2810 [ 253.014578] __mutex_lock+0x85/0xe20 [ 253.014591] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.014782] ? sched_clock_noinstr+0x9/0x10 [ 253.014795] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.014808] ? local_clock_noinstr+0xe/0xc0 [ 253.014822] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.015012] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.015029] mutex_lock_nested+0x1b/0x30 [ 253.015044] ? mutex_lock_nested+0x1b/0x30 [ 253.015057] amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.015249] amdgpu_sriov_wreg+0xc5/0xd0 [amdgpu] [ 253.015435] gmc_v11_0_flush_gpu_tlb+0x44b/0x4f0 [amdgpu] [ 253.015667] gfx_v11_0_hw_init+0x499/0x29c0 [amdgpu] [ 253.015901] ? __pfx_smu_v13_0_update_pcie_parameters+0x10/0x10 [amdgpu] [ 253.016159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.016173] ? smu_hw_init+0x18d/0x300 [amdgpu] [ 253.016403] amdgpu_device_init+0x29ad/0x36a0 [amdgpu] [ 253.016614] amdgpu_driver_load_kms+0x1a/0xc0 [amdgpu] [ 253.017057] amdgpu_pci_probe+0x1c2/0x660 [amdgpu] [ 253.017493] local_pci_probe+0x4b/0xb0 [ 253.017746] work_for_cpu_fn+0x1a/0x30 [ 253.017995] process_one_work+0x21e/0x680 [ 253.018248] worker_thread+0x190/0x330 [ 253.018500] ? __pfx_worker_thread+0x10/0x10 [ 253.018746] kthread+0xe7/0x120 [ 253.018988] ? __pfx_kthread+0x10/0x10 [ 253.019231] ret_from_fork+0x3c/0x60 [ 253.019468] ? __pfx_kthread+0x10/0x10 [ 253.019701] ret_from_fork_asm+0x1a/0x30 [ 253.019939] </TASK> v2: s/spin_trylock/spin_lock_irqsave to be safe (Christian). Fixes: e864180ee49b ("drm/amdgpu: Add lock around VF RLCG interface") Cc: lin cao <lin.cao(a)amd.com> Cc: Jingwen Chen <Jingwen.Chen2(a)amd.com> Cc: Victor Skvortsov <victor.skvortsov(a)amd.com> Cc: Zhigang Luo <zhigang.luo(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> Suggested-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [ Minor context change fixed. ] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index a55e611605fc..24e41b42c638 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -4144,7 +4144,6 @@ int amdgpu_device_init(struct amdgpu_device *adev, mutex_init(&adev->grbm_idx_mutex); mutex_init(&adev->mn_lock); mutex_init(&adev->virt.vf_errors.lock); - mutex_init(&adev->virt.rlcg_reg_lock); hash_init(adev->mn_hash); mutex_init(&adev->psp.mutex); mutex_init(&adev->notifier_lock); @@ -4170,6 +4169,7 @@ int amdgpu_device_init(struct amdgpu_device *adev, spin_lock_init(&adev->se_cac_idx_lock); spin_lock_init(&adev->audio_endpt_idx_lock); spin_lock_init(&adev->mm_stats.lock); + spin_lock_init(&adev->virt.rlcg_reg_lock); spin_lock_init(&adev->wb.lock); INIT_LIST_HEAD(&adev->reset_list); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c index b6397d3229e1..01dccd489a80 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c @@ -1010,6 +1010,7 @@ u32 amdgpu_virt_rlcg_reg_rw(struct amdgpu_device *adev, u32 offset, u32 v, u32 f void *scratch_reg2; void *scratch_reg3; void *spare_int; + unsigned long flags; if (!adev->gfx.rlc.rlcg_reg_access_supported) { dev_err(adev->dev, @@ -1031,7 +1032,7 @@ u32 amdgpu_virt_rlcg_reg_rw(struct amdgpu_device *adev, u32 offset, u32 v, u32 f scratch_reg2 = (void __iomem *)adev->rmmio + 4 * reg_access_ctrl->scratch_reg2; scratch_reg3 = (void __iomem *)adev->rmmio + 4 * reg_access_ctrl->scratch_reg3; - mutex_lock(&adev->virt.rlcg_reg_lock); + spin_lock_irqsave(&adev->virt.rlcg_reg_lock, flags); if (reg_access_ctrl->spare_int) spare_int = (void __iomem *)adev->rmmio + 4 * reg_access_ctrl->spare_int; @@ -1090,7 +1091,7 @@ u32 amdgpu_virt_rlcg_reg_rw(struct amdgpu_device *adev, u32 offset, u32 v, u32 f ret = readl(scratch_reg0); - mutex_unlock(&adev->virt.rlcg_reg_lock); + spin_unlock_irqrestore(&adev->virt.rlcg_reg_lock, flags); return ret; } diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h index b650a2032c42..6a2087abfb7e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h @@ -275,7 +275,8 @@ struct amdgpu_virt { /* the ucode id to signal the autoload */ uint32_t autoload_ucode_id; - struct mutex rlcg_reg_lock; + /* Spinlock to protect access to the RLCG register interface */ + spinlock_t rlcg_reg_lock; }; struct amdgpu_video_codec_info; -- 2.34.1

2 months, 1 week

2
1
0 0

Re: [PATCH 5.15] fs/proc: do_task_stat: use __for_each_thread()

by Sasha Levin

[ Sasha's backport helper bot ] Hi, ✅ All tests passed successfully. No issues detected. No action required from the submitter. The upstream commit SHA1 provided is correct: 7904e53ed5a20fc678c01d5d1b07ec486425bb6a WARNING: Author mismatch between patch and upstream commit: Backport author: "Heyne, Maximilian"<mheyne(a)amazon.de> Commit author: Oleg Nesterov<oleg(a)redhat.com> Status in newer kernel trees: 6.15.y | Present (exact SHA1) 6.12.y | Present (exact SHA1) 6.6.y | Not found 6.1.y | Present (different SHA1: d95ef75162f4) Note: The patch differs from the upstream commit: --- 1: 7904e53ed5a20 < -: ------------- fs/proc: do_task_stat: use __for_each_thread() -: ------------- > 1: acb7f8c64955e fs/proc: do_task_stat: use __for_each_thread() --- Results of testing on various branches: | Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-5.15.y | Success | Success |

2 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: HCI: Set extended advertising data synchronously" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 89fb8acc38852116d38d721ad394aad7f2871670 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070625-wafer-speed-20c1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 89fb8acc38852116d38d721ad394aad7f2871670 Mon Sep 17 00:00:00 2001 From: Christian Eggers <ceggers(a)arri.de> Date: Fri, 27 Jun 2025 09:05:08 +0200 Subject: [PATCH] Bluetooth: HCI: Set extended advertising data synchronously Currently, for controllers with extended advertising, the advertising data is set in the asynchronous response handler for extended adverstising params. As most advertising settings are performed in a synchronous context, the (asynchronous) setting of the advertising data is done too late (after enabling the advertising). Move setting of adverstising data from asynchronous response handler into synchronous context to fix ordering of HCI commands. Signed-off-by: Christian Eggers <ceggers(a)arri.de> Fixes: a0fb3726ba55 ("Bluetooth: Use Set ext adv/scan rsp data if controller supports") Cc: stable(a)vger.kernel.org v2: https://lore.kernel.org/linux-bluetooth/20250626115209.17839-1-ceggers@arri… Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 66052d6aaa1d..4d5ace9d245d 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2150,40 +2150,6 @@ static u8 hci_cc_set_adv_param(struct hci_dev *hdev, void *data, return rp->status; } -static u8 hci_cc_set_ext_adv_param(struct hci_dev *hdev, void *data, - struct sk_buff *skb) -{ - struct hci_rp_le_set_ext_adv_params *rp = data; - struct hci_cp_le_set_ext_adv_params *cp; - struct adv_info *adv_instance; - - bt_dev_dbg(hdev, "status 0x%2.2x", rp->status); - - if (rp->status) - return rp->status; - - cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS); - if (!cp) - return rp->status; - - hci_dev_lock(hdev); - hdev->adv_addr_type = cp->own_addr_type; - if (!cp->handle) { - /* Store in hdev for instance 0 */ - hdev->adv_tx_power = rp->tx_power; - } else { - adv_instance = hci_find_adv_instance(hdev, cp->handle); - if (adv_instance) - adv_instance->tx_power = rp->tx_power; - } - /* Update adv data as tx power is known now */ - hci_update_adv_data(hdev, cp->handle); - - hci_dev_unlock(hdev); - - return rp->status; -} - static u8 hci_cc_read_rssi(struct hci_dev *hdev, void *data, struct sk_buff *skb) { @@ -4164,8 +4130,6 @@ static const struct hci_cc { HCI_CC(HCI_OP_LE_READ_NUM_SUPPORTED_ADV_SETS, hci_cc_le_read_num_adv_sets, sizeof(struct hci_rp_le_read_num_supported_adv_sets)), - HCI_CC(HCI_OP_LE_SET_EXT_ADV_PARAMS, hci_cc_set_ext_adv_param, - sizeof(struct hci_rp_le_set_ext_adv_params)), HCI_CC_STATUS(HCI_OP_LE_SET_EXT_ADV_ENABLE, hci_cc_le_set_ext_adv_enable), HCI_CC_STATUS(HCI_OP_LE_SET_ADV_SET_RAND_ADDR, diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 106862d47964..77b3691f3423 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -1205,9 +1205,126 @@ static int hci_set_adv_set_random_addr_sync(struct hci_dev *hdev, u8 instance, sizeof(cp), &cp, HCI_CMD_TIMEOUT); } +static int +hci_set_ext_adv_params_sync(struct hci_dev *hdev, struct adv_info *adv, + const struct hci_cp_le_set_ext_adv_params *cp, + struct hci_rp_le_set_ext_adv_params *rp) +{ + struct sk_buff *skb; + + skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, sizeof(*cp), + cp, HCI_CMD_TIMEOUT); + + /* If command return a status event, skb will be set to -ENODATA */ + if (skb == ERR_PTR(-ENODATA)) + return 0; + + if (IS_ERR(skb)) { + bt_dev_err(hdev, "Opcode 0x%4.4x failed: %ld", + HCI_OP_LE_SET_EXT_ADV_PARAMS, PTR_ERR(skb)); + return PTR_ERR(skb); + } + + if (skb->len != sizeof(*rp)) { + bt_dev_err(hdev, "Invalid response length for 0x%4.4x: %u", + HCI_OP_LE_SET_EXT_ADV_PARAMS, skb->len); + kfree_skb(skb); + return -EIO; + } + + memcpy(rp, skb->data, sizeof(*rp)); + kfree_skb(skb); + + if (!rp->status) { + hdev->adv_addr_type = cp->own_addr_type; + if (!cp->handle) { + /* Store in hdev for instance 0 */ + hdev->adv_tx_power = rp->tx_power; + } else if (adv) { + adv->tx_power = rp->tx_power; + } + } + + return rp->status; +} + +static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length, + HCI_MAX_EXT_AD_LENGTH); + u8 len; + struct adv_info *adv = NULL; + int err; + + if (instance) { + adv = hci_find_adv_instance(hdev, instance); + if (!adv || !adv->adv_data_changed) + return 0; + } + + len = eir_create_adv_data(hdev, instance, pdu->data, + HCI_MAX_EXT_AD_LENGTH); + + pdu->length = len; + pdu->handle = adv ? adv->handle : instance; + pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE; + pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG; + + err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, + struct_size(pdu, data, len), pdu, + HCI_CMD_TIMEOUT); + if (err) + return err; + + /* Update data if the command succeed */ + if (adv) { + adv->adv_data_changed = false; + } else { + memcpy(hdev->adv_data, pdu->data, len); + hdev->adv_data_len = len; + } + + return 0; +} + +static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + struct hci_cp_le_set_adv_data cp; + u8 len; + + memset(&cp, 0, sizeof(cp)); + + len = eir_create_adv_data(hdev, instance, cp.data, sizeof(cp.data)); + + /* There's nothing to do if the data hasn't changed */ + if (hdev->adv_data_len == len && + memcmp(cp.data, hdev->adv_data, len) == 0) + return 0; + + memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); + hdev->adv_data_len = len; + + cp.length = len; + + return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, + sizeof(cp), &cp, HCI_CMD_TIMEOUT); +} + +int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) +{ + if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) + return 0; + + if (ext_adv_capable(hdev)) + return hci_set_ext_adv_data_sync(hdev, instance); + + return hci_set_adv_data_sync(hdev, instance); +} + int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) { struct hci_cp_le_set_ext_adv_params cp; + struct hci_rp_le_set_ext_adv_params rp; bool connectable; u32 flags; bdaddr_t random_addr; @@ -1316,8 +1433,12 @@ int hci_setup_ext_adv_instance_sync(struct hci_dev *hdev, u8 instance) cp.secondary_phy = HCI_ADV_PHY_1M; } - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); + err = hci_set_ext_adv_params_sync(hdev, adv, &cp, &rp); + if (err) + return err; + + /* Update adv data as tx power is known now */ + err = hci_set_ext_adv_data_sync(hdev, cp.handle); if (err) return err; @@ -1822,79 +1943,6 @@ int hci_le_terminate_big_sync(struct hci_dev *hdev, u8 handle, u8 reason) sizeof(cp), &cp, HCI_CMD_TIMEOUT); } -static int hci_set_ext_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - DEFINE_FLEX(struct hci_cp_le_set_ext_adv_data, pdu, data, length, - HCI_MAX_EXT_AD_LENGTH); - u8 len; - struct adv_info *adv = NULL; - int err; - - if (instance) { - adv = hci_find_adv_instance(hdev, instance); - if (!adv || !adv->adv_data_changed) - return 0; - } - - len = eir_create_adv_data(hdev, instance, pdu->data, - HCI_MAX_EXT_AD_LENGTH); - - pdu->length = len; - pdu->handle = adv ? adv->handle : instance; - pdu->operation = LE_SET_ADV_DATA_OP_COMPLETE; - pdu->frag_pref = LE_SET_ADV_DATA_NO_FRAG; - - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_DATA, - struct_size(pdu, data, len), pdu, - HCI_CMD_TIMEOUT); - if (err) - return err; - - /* Update data if the command succeed */ - if (adv) { - adv->adv_data_changed = false; - } else { - memcpy(hdev->adv_data, pdu->data, len); - hdev->adv_data_len = len; - } - - return 0; -} - -static int hci_set_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - struct hci_cp_le_set_adv_data cp; - u8 len; - - memset(&cp, 0, sizeof(cp)); - - len = eir_create_adv_data(hdev, instance, cp.data, sizeof(cp.data)); - - /* There's nothing to do if the data hasn't changed */ - if (hdev->adv_data_len == len && - memcmp(cp.data, hdev->adv_data, len) == 0) - return 0; - - memcpy(hdev->adv_data, cp.data, sizeof(cp.data)); - hdev->adv_data_len = len; - - cp.length = len; - - return __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_ADV_DATA, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); -} - -int hci_update_adv_data_sync(struct hci_dev *hdev, u8 instance) -{ - if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED)) - return 0; - - if (ext_adv_capable(hdev)) - return hci_set_ext_adv_data_sync(hdev, instance); - - return hci_set_adv_data_sync(hdev, instance); -} - int hci_schedule_adv_instance_sync(struct hci_dev *hdev, u8 instance, bool force) { @@ -6273,6 +6321,7 @@ static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, struct hci_conn *conn) { struct hci_cp_le_set_ext_adv_params cp; + struct hci_rp_le_set_ext_adv_params rp; int err; bdaddr_t random_addr; u8 own_addr_type; @@ -6314,8 +6363,12 @@ static int hci_le_ext_directed_advertising_sync(struct hci_dev *hdev, if (err) return err; - err = __hci_cmd_sync_status(hdev, HCI_OP_LE_SET_EXT_ADV_PARAMS, - sizeof(cp), &cp, HCI_CMD_TIMEOUT); + err = hci_set_ext_adv_params_sync(hdev, NULL, &cp, &rp); + if (err) + return err; + + /* Update adv data as tx power is known now */ + err = hci_set_ext_adv_data_sync(hdev, cp.handle); if (err) return err;

2 months, 1 week

5
9
0 0

[PATCH v3 1/3] drm/amdgpu: Add WARN_ON to the resource clear function

by Arunpravin Paneer Selvam

Set the dirty bit when the memory resource is not cleared during BO release. v2(Christian): - Drop the cleared flag set to false. - Improve the amdgpu_vram_mgr_set_clear_state() function. v3: - Add back the resource clear flag set function call after being wiped during eviction (Christian). - Modified the patch subject name. Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Suggested-by: Christian König <christian.koenig(a)amd.com> Cc: stable(a)vger.kernel.org Fixes: a68c7eaa7a8f ("drm/amdgpu: Enable clear page functionality") --- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h index b256cbc2bc27..2c88d5fd87da 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.h @@ -66,7 +66,10 @@ to_amdgpu_vram_mgr_resource(struct ttm_resource *res) static inline void amdgpu_vram_mgr_set_cleared(struct ttm_resource *res) { - to_amdgpu_vram_mgr_resource(res)->flags |= DRM_BUDDY_CLEARED; + struct amdgpu_vram_mgr_resource *ares = to_amdgpu_vram_mgr_resource(res); + + WARN_ON(ares->flags & DRM_BUDDY_CLEARED); + ares->flags |= DRM_BUDDY_CLEARED; } #endif -- 2.43.0

2 months, 1 week

4
7
0 0

Linux 6.15.6

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.6 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Documentation/arch/x86/mds.rst | 8 Documentation/core-api/symbol-namespaces.rst | 22 Documentation/devicetree/bindings/i2c/realtek,rtl9301-i2c.yaml | 3 Documentation/devicetree/bindings/net/sophgo,sg2044-dwmac.yaml | 3 Makefile | 2 arch/arm64/boot/dts/apple/spi1-nvram.dtsi | 2 arch/arm64/boot/dts/apple/t8103-j293.dts | 2 arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 arch/arm64/boot/dts/apple/t8103.dtsi | 2 arch/arm64/boot/dts/apple/t8112-j493.dts | 2 arch/arm64/boot/dts/apple/t8112.dtsi | 2 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/riscv/kernel/cpu_ops_sbi.c | 6 arch/s390/pci/pci_event.c | 15 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpufeatures.h | 5 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/kvm_host.h | 1 arch/x86/include/asm/mwait.h | 28 - arch/x86/include/asm/nospec-branch.h | 37 - arch/x86/kernel/cpu/amd.c | 44 + arch/x86/kernel/cpu/bugs.c | 133 +++++ arch/x86/kernel/cpu/common.c | 14 arch/x86/kernel/cpu/microcode/amd_shas.c | 112 ++++ arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 16 arch/x86/kvm/cpuid.c | 15 arch/x86/kvm/reverse_cpuid.h | 7 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 drivers/acpi/acpica/dsmethod.c | 7 drivers/ata/libata-acpi.c | 24 drivers/ata/pata_cs5536.c | 2 drivers/ata/pata_via.c | 6 drivers/base/cpu.c | 3 drivers/block/aoe/aoe.h | 1 drivers/block/aoe/aoecmd.c | 8 drivers/block/aoe/aoedev.c | 5 drivers/dma-buf/dma-resv.c | 12 drivers/firmware/arm_ffa/driver.c | 71 +- drivers/firmware/samsung/exynos-acpm.c | 25 - drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 drivers/gpu/drm/bridge/panel.c | 5 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_gsc.c | 2 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 17 drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 37 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 drivers/gpu/drm/xe/Kconfig | 3 drivers/gpu/drm/xe/abi/guc_klvs_abi.h | 1 drivers/gpu/drm/xe/xe_device.c | 72 +- drivers/gpu/drm/xe/xe_guc_ads.c | 5 drivers/gpu/drm/xe/xe_guc_pc.c | 249 +++++++--- drivers/gpu/drm/xe/xe_guc_pc.h | 2 drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 drivers/gpu/drm/xe/xe_migrate.c | 18 drivers/gpu/drm/xe/xe_wa_oob.rules | 6 drivers/hid/hid-appletb-kbd.c | 14 drivers/i2c/busses/i2c-designware-master.c | 1 drivers/infiniband/hw/mlx5/counters.c | 4 drivers/infiniband/hw/mlx5/devx.c | 10 drivers/infiniband/hw/mlx5/main.c | 33 + drivers/infiniband/hw/mlx5/mr.c | 61 +- drivers/infiniband/hw/mlx5/odp.c | 8 drivers/input/joystick/xpad.c | 2 drivers/input/misc/cs40l50-vibra.c | 2 drivers/input/misc/iqs7222.c | 7 drivers/iommu/intel/cache.c | 5 drivers/iommu/intel/iommu.c | 11 drivers/iommu/intel/iommu.h | 2 drivers/iommu/rockchip-iommu.c | 3 drivers/mmc/core/quirks.h | 12 drivers/mmc/core/sd_uhs2.c | 4 drivers/mmc/host/mtk-sd.c | 21 drivers/mmc/host/sdhci-uhs2.c | 20 drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 drivers/mtd/nand/spi/core.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 79 ++- drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 - drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 drivers/net/ethernet/intel/idpf/idpf_controlq_api.h | 2 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 + drivers/net/ethernet/sun/niu.h | 4 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 drivers/net/usb/lan78xx.c | 2 drivers/net/virtio_net.c | 60 ++ drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/nvme/host/core.c | 2 drivers/nvme/host/multipath.c | 3 drivers/nvme/host/pci.c | 6 drivers/nvme/target/nvmet.h | 2 drivers/platform/mellanox/mlxbf-pmc.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/mellanox/mlxreg-lc.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 2 drivers/platform/x86/amd/hsmp/hsmp.c | 6 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 4 drivers/platform/x86/think-lmi.c | 94 +-- drivers/platform/x86/wmi.c | 16 drivers/powercap/intel_rapl_common.c | 18 drivers/regulator/fan53555.c | 14 drivers/regulator/gpio-regulator.c | 8 drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-pcf2127.c | 7 drivers/scsi/hosts.c | 18 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/sd.c | 2 drivers/spi/spi-fsl-dspi.c | 11 drivers/spi/spi-qpic-snand.c | 16 drivers/target/target_core_pr.c | 4 drivers/tee/optee/ffa_abi.c | 41 + drivers/tee/optee/optee_private.h | 2 drivers/ufs/core/ufs-sysfs.c | 4 drivers/usb/cdns3/cdnsp-debug.h | 5 drivers/usb/cdns3/cdnsp-ep0.c | 18 drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-ring.c | 7 drivers/usb/chipidea/udc.c | 7 drivers/usb/core/hub.c | 3 drivers/usb/core/quirks.c | 3 drivers/usb/core/usb-acpi.c | 4 drivers/usb/dwc3/core.c | 9 drivers/usb/dwc3/gadget.c | 24 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-pci.c | 25 + drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci-ring.c | 5 drivers/usb/host/xhci.c | 31 - drivers/usb/host/xhci.h | 3 drivers/usb/typec/altmodes/displayport.c | 5 fs/anon_inodes.c | 23 fs/btrfs/block-group.h | 2 fs/btrfs/free-space-tree.c | 40 + fs/btrfs/inode.c | 36 - fs/btrfs/ioctl.c | 4 fs/btrfs/tree-log.c | 137 ++--- fs/exec.c | 9 fs/libfs.c | 8 fs/namei.c | 2 fs/netfs/buffered_write.c | 2 fs/netfs/direct_write.c | 8 fs/netfs/misc.c | 26 - fs/netfs/write_retry.c | 2 fs/nfs/flexfilelayout/flexfilelayout.c | 120 +++- fs/nfs/inode.c | 17 fs/nfs/pnfs.c | 4 fs/smb/client/cifsglob.h | 2 fs/smb/client/cifsproto.h | 1 fs/smb/client/cifssmb.c | 2 fs/smb/client/connect.c | 15 fs/smb/client/fs_context.c | 17 fs/smb/client/misc.c | 6 fs/smb/client/readdir.c | 2 fs/smb/client/reparse.c | 22 fs/smb/client/smb2pdu.c | 11 fs/xfs/xfs_rtalloc.c | 2 include/linux/arm_ffa.h | 1 include/linux/cpu.h | 1 include/linux/export.h | 12 include/linux/fs.h | 2 include/linux/libata.h | 7 include/linux/usb.h | 2 include/linux/usb/typec_dp.h | 1 include/trace/events/netfs.h | 1 kernel/irq/irq_sim.c | 2 kernel/rcu/tree.c | 4 lib/test_objagg.c | 4 mm/secretmem.c | 9 mm/vmalloc.c | 63 +- net/bluetooth/hci_event.c | 36 - net/bluetooth/hci_sync.c | 227 +++++---- net/bluetooth/mgmt.c | 25 - net/ipv4/ip_input.c | 7 net/mac80211/rx.c | 4 net/rose/rose_route.c | 15 net/sched/sch_api.c | 19 net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 7 sound/soc/amd/yc/acp6x-mach.c | 14 tools/testing/selftests/iommu/iommufd.c | 32 - tools/testing/selftests/iommu/iommufd_utils.h | 9 212 files changed, 2310 insertions(+), 984 deletions(-) Ahmed Zaki (1): idpf: convert control queue mutex to a spinlock Alok Tiwari (5): platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message nvme: Fix incorrect cdw15 value in passthru error logging platform/mellanox: mlxreg-lc: Fix logic error in power state check enic: fix incorrect MTU comparison in enic_change_mtu() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Antoine Tenart (1): net: ipv4: fix stat increase when udp early demux drops the packet Armin Wolf (1): platform/x86: wmi: Fix WMI event enablement Arnd Bergmann (1): RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (1): KVM: x86: Sort CPUID_8000_0021_EAX leaf bits properly Borislav Petkov (AMD) (5): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/microcode/AMD: Add TSA microcode SHAs x86/process: Move the buffer clearing before MONITOR Bui Quang Minh (2): virtio-net: xsk: rx: fix the frame's length check virtio-net: ensure the received length does not exceed allocated size Christian Brauner (1): anon_inode: rework assertions Christian Eggers (4): Bluetooth: HCI: Set extended advertising data synchronously Bluetooth: hci_sync: revert some mesh modifications Bluetooth: MGMT: set_mesh: update LE scan interval and window Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Christoph Hellwig (1): scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() Darrick J. Wong (1): xfs: actually use the xfs_growfs_check_rtgeom tracepoint David Howells (5): netfs: Fix hang due to missing case in final DIO read result collection netfs: Fix looping in wait functions netfs: Fix ref leak on inserted extra subreq in write retry netfs: Fix i_size updating netfs: Fix double put of request David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Dmitry Baryshkov (2): drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed drm/bridge: aux-hpd-bridge: fix assignment of the of_node Dmitry Bogdanov (1): nvmet: fix memory leak of bio integrity Elena Popa (1): rtc: pcf2127: fix SPI command byte for PCF2131 Eugen Hristev (1): nvme-pci: refresh visible attrs after being checked Filipe Manana (7): btrfs: fix failure to rebuild free space tree using multiple transactions btrfs: fix missing error handling when searching for inode refs during log replay btrfs: fix iteration of extrefs during log replay btrfs: fix inode lookup error handling during log replay btrfs: record new subvolume in parent dir earlier to avoid dir logging races btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Gabor Juhos (1): spi: spi-qpic-snand: reallocate BAM transactions Gabriel Santese (1): ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Geliang Tang (1): nvme-multipath: fix suspicious RCU usage warning Greg Kroah-Hartman (1): Linux 6.15.6 Gyeyoung Baek (1): genirq/irq_sim: Initialize work context pointers properly Harry Austen (1): drm/xe: Allow dropping kunit dependency as built-in HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heikki Krogerus (1): usb: acpi: fix device link removal Heiko Stuebner (1): regulator: fan53555: add enable_time support and soft-start times Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Hugo Villeneuve (1): rtc: pcf2127: add missing semicolon after statement Jake Hillion (1): x86/platform/amd: move final timeout check to after final sleep James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janne Grunau (1): arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jeff LaBundy (1): Input: iqs7222 - explicitly define number of external channels Jens Wiklander (1): optee: ffa: fix sleep in atomic context Jeongjun Park (1): mm/vmalloc: fix data race in show_numa_info() Jia Yao (1): drm/xe: Fix out-of-bounds field write in MI_STORE_DATA_IMM Jiawen Wu (2): net: txgbe: request MISC IRQ in ndo_open net: libwx: fix the incorrect display of the queue number Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input John Harrison (1): drm/xe/guc: Enable w/a 16026508708 Junxiao Chang (1): drm/i915/gsc: mei interrupt top half should be in irq disabled context Justin Sanders (1): aoe: defer rexmit timer downdev work to workqueue Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (2): dt-bindings: net: sophgo,sg2044-dwmac: Drop status from the example dt-bindings: i2c: realtek,rtl9301: Fix missing 'reg' constraint Kuen-Han Tsai (1): usb: dwc3: Abort suspend on soft disconnect failure Kuniyuki Iwashima (1): nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Kurt Borja (7): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: hp-bioscfg: Fix class device unregistration platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup platform/x86: think-lmi: Fix sysfs group cleanup Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Lu Baolu (1): iommu/vt-d: Assign devtlb cache tag on ATS enablement Lucas De Marchi (2): drm/xe/guc_pc: Add _locked variant for min/max freq drm/xe: Split xe_device_td_flush() Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (1): drm/exynos: fimd: Guard display clock control with runtime PM calls Mario Limonciello (1): platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Marko Kiiskila (1): drm/vmwgfx: Fix guests running with TDX/SEV Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Michal Swiatkowski (1): idpf: return 0 size for RSS key if not supported Nicolin Chen (3): iommufd/selftest: Add missing close(mfd) in memfd_mmap() iommufd/selftest: Add asserts testing global mfd iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Niklas Schnelle (2): s390/pci: Fix stale function handles in error handling s390/pci: Do not try re-enabling load/store if device is disabled Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleksij Rempel (1): net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Oliver Neukum (1): Logitech C-270 even more broken Or Har-Toov (2): RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling IB/mlx5: Fix potential deadlock in MR deregistration Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Patrisious Haddad (3): RDMA/mlx5: Fix HW counters query for non-representor devices RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Paulo Alcantara (5): smb: client: fix warning when reconnecting channel smb: client: set missing retry flag in smb2_writev_callback() smb: client: set missing retry flag in cifs_readv_callback() smb: client: set missing retry flag in cifs_writev_callback() smb: client: fix native SMB symlink traversal Pawel Laszczak (1): usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot Peter Zijlstra (1): module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Philipp Kerling (1): smb: client: fix readdir returning wrong type with POSIX extensions Qasim Ijaz (2): HID: appletb-kbd: fix memory corruption of input_handler_list HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (3): amd-xgbe: align CL37 AN sequence as per databook amd-xgbe: do not double read link status usb: xhci: quirk for data loss in ISOC transfers Raven Black (1): ASoC: amd: yc: update quirk data for HP Victus Rob Clark (2): drm/msm: Fix a fence leak in submit error path drm/msm: Fix another leak in the submit error path Roy Luo (2): usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Revert "usb: xhci: Implement xhci_handshake_check_state() helper" SCHNEIDER Johannes (1): usb: dwc3: gadget: Fix TRB reclaim logic for short transfers and ZLPs Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shivank Garg (1): fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Shyam Prasad N (1): cifs: all initializations for tcon should happen in tcon_info_alloc Simon Xue (1): iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Sudeep Holla (3): firmware: arm_ffa: Fix memory leak by freeing notifier callback node firmware: arm_ffa: Move memory allocation outside the mutex locking firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Sven Peter (2): arm64: dts: apple: Drop {address,size}-cells from SPI NOR arm64: dts: apple: Move touchbar mipi {address,size}-cells from dtsi to dts Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Tasos Sahanidis (1): ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() ethernet: atl1: Add missing DMA mapping error checks and count errors nui: Fix dma_mapping_error() check Tigran Mkrtchyan (1): flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Tudor Ambarus (1): firmware: exynos-acpm: fix timeouts on xfers handling Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih (3): mmc: sdhci: Add a helper function for dump register in dynamic debug mode mmc: sdhci-uhs2: Adjust some error messages and register dump for SD UHS-II card mmc: core: Adjust some error messages for SD UHS-II cards Vinay Belgaumkar (2): drm/xe/bmg: Update Wa_14022085890 drm/xe/bmg: Update Wa_22019338487 Viresh Kumar (1): firmware: arm_ffa: Fix the missing entry in struct ffa_indirect_msg_hdr Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Vivian Wang (1): riscv: cpu_ops_sbi: Use static array for boot_data Wang Zhaolong (1): smb: client: fix race condition in negotiate timeout by using more precise timing Xu Yang (1): usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Yang Li (1): Bluetooth: Prevent unintended pause by checking if advertising is active Yunshui Jiang (1): Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Zhang Rui (1): powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed jackysliu (1): scsi: sd: Fix VPD page 0xb7 length check Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

2 months, 1 week

1
1
0 0

Linux 6.12.37

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.37 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Documentation/arch/x86/mds.rst | 8 Documentation/core-api/symbol-namespaces.rst | 22 Makefile | 2 arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 arch/arm64/boot/dts/qcom/sm8650.dtsi | 163 - arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 arch/arm64/boot/dts/renesas/beacon-renesom-som.dtsi | 3 arch/arm64/boot/dts/renesas/cat875.dtsi | 3 arch/arm64/boot/dts/renesas/condor-common.dtsi | 3 arch/arm64/boot/dts/renesas/draak.dtsi | 3 arch/arm64/boot/dts/renesas/ebisu.dtsi | 3 arch/arm64/boot/dts/renesas/hihope-rzg2-ex.dtsi | 3 arch/arm64/boot/dts/renesas/r8a77970-eagle.dts | 3 arch/arm64/boot/dts/renesas/r8a77970-v3msk.dts | 3 arch/arm64/boot/dts/renesas/r8a77980-v3hsk.dts | 3 arch/arm64/boot/dts/renesas/r8a779a0-falcon.dts | 3 arch/arm64/boot/dts/renesas/r8a779f0-spider-ethernet.dtsi | 9 arch/arm64/boot/dts/renesas/r8a779f4-s4sk.dts | 6 arch/arm64/boot/dts/renesas/r8a779g2-white-hawk-single.dts | 63 arch/arm64/boot/dts/renesas/r8a779h0-gray-hawk-single.dts | 3 arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi | 6 arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi | 3 arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi | 6 arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 6 arch/arm64/boot/dts/renesas/salvator-common.dtsi | 3 arch/arm64/boot/dts/renesas/ulcb.dtsi | 3 arch/arm64/boot/dts/renesas/white-hawk-cpu-common.dtsi | 3 arch/arm64/boot/dts/renesas/white-hawk-ethernet.dtsi | 6 arch/arm64/boot/dts/renesas/white-hawk-single.dtsi | 77 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 42 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/powerpc/kernel/Makefile | 2 arch/riscv/kernel/cpu_ops_sbi.c | 6 arch/s390/pci/pci_event.c | 15 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpu.h | 12 arch/x86/include/asm/cpufeatures.h | 6 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/mwait.h | 28 arch/x86/include/asm/nospec-branch.h | 37 arch/x86/kernel/cpu/amd.c | 60 arch/x86/kernel/cpu/bugs.c | 133 arch/x86/kernel/cpu/common.c | 14 arch/x86/kernel/cpu/microcode/amd.c | 12 arch/x86/kernel/cpu/microcode/amd_shas.c | 112 arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 16 arch/x86/kvm/cpuid.c | 8 arch/x86/kvm/reverse_cpuid.h | 8 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 drivers/acpi/acpica/dsmethod.c | 7 drivers/acpi/thermal.c | 12 drivers/ata/libata-acpi.c | 24 drivers/ata/pata_cs5536.c | 2 drivers/ata/pata_via.c | 6 drivers/base/cpu.c | 3 drivers/block/aoe/aoe.h | 1 drivers/block/aoe/aoecmd.c | 8 drivers/block/aoe/aoedev.c | 5 drivers/crypto/intel/iaa/iaa_crypto_main.c | 140 drivers/crypto/xilinx/zynqmp-sha.c | 18 drivers/dma-buf/dma-resv.c | 12 drivers/firmware/arm_ffa/driver.c | 59 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 10 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 6 drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 1624 ++++++++++ drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 35 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 8 drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/display/intel_dp.c | 18 drivers/gpu/drm/i915/gt/intel_gsc.c | 2 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 17 drivers/gpu/drm/tiny/simpledrm.c | 4 drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 37 drivers/gpu/drm/xe/Kconfig | 3 drivers/gpu/drm/xe/abi/guc_communication_ctb_abi.h | 1 drivers/gpu/drm/xe/compat-i915-headers/gem/i915_gem_stolen.h | 2 drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 18 drivers/gpu/drm/xe/display/xe_fb_pin.c | 17 drivers/gpu/drm/xe/regs/xe_reg_defs.h | 2 drivers/gpu/drm/xe/xe_bo.c | 78 drivers/gpu/drm/xe/xe_bo.h | 40 drivers/gpu/drm/xe/xe_bo_evict.c | 14 drivers/gpu/drm/xe/xe_bo_types.h | 10 drivers/gpu/drm/xe/xe_device.c | 55 drivers/gpu/drm/xe/xe_ggtt.c | 35 drivers/gpu/drm/xe/xe_guc.c | 4 drivers/gpu/drm/xe/xe_guc_ct.c | 350 +- drivers/gpu/drm/xe/xe_guc_ct.h | 2 drivers/gpu/drm/xe/xe_guc_ct_types.h | 23 drivers/gpu/drm/xe/xe_guc_pc.c | 144 drivers/gpu/drm/xe/xe_guc_pc.h | 2 drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 drivers/gpu/drm/xe/xe_irq.c | 4 drivers/gpu/drm/xe/xe_trace_bo.h | 2 drivers/i2c/busses/i2c-designware-master.c | 1 drivers/infiniband/hw/mlx5/counters.c | 4 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/infiniband/hw/mlx5/main.c | 33 drivers/infiniband/hw/mlx5/mr.c | 63 drivers/infiniband/hw/mlx5/odp.c | 8 drivers/infiniband/sw/rxe/rxe_qp.c | 7 drivers/input/joystick/xpad.c | 2 drivers/input/misc/cs40l50-vibra.c | 2 drivers/input/misc/iqs7222.c | 7 drivers/iommu/ipmmu-vmsa.c | 2 drivers/iommu/rockchip-iommu.c | 3 drivers/mfd/exynos-lpass.c | 25 drivers/mmc/core/quirks.h | 12 drivers/mmc/host/mtk-sd.c | 21 drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 drivers/mtd/nand/spi/core.c | 1 drivers/net/bonding/bond_main.c | 8 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 79 drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 drivers/net/ethernet/intel/idpf/idpf_controlq_api.h | 2 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 drivers/net/ethernet/sun/niu.h | 4 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 drivers/net/usb/lan78xx.c | 2 drivers/net/virtio_net.c | 60 drivers/net/wireless/ath/ath12k/dp_rx.c | 3 drivers/net/wireless/ath/ath12k/dp_rx.h | 3 drivers/net/wireless/ath/ath12k/dp_tx.c | 21 drivers/net/wireless/ath/ath12k/mac.c | 16 drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/nvme/host/core.c | 2 drivers/nvme/target/nvmet.h | 2 drivers/platform/mellanox/mlxbf-pmc.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/mellanox/mlxreg-lc.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 2 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 drivers/platform/x86/firmware_attributes_class.c | 41 drivers/platform/x86/firmware_attributes_class.h | 3 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 drivers/platform/x86/think-lmi.c | 103 drivers/powercap/intel_rapl_common.c | 18 drivers/regulator/fan53555.c | 14 drivers/regulator/gpio-regulator.c | 8 drivers/remoteproc/ti_k3_dsp_remoteproc.c | 6 drivers/remoteproc/ti_k3_m4_remoteproc.c | 6 drivers/remoteproc/ti_k3_r5_remoteproc.c | 180 - drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-pcf2127.c | 7 drivers/scsi/lpfc/lpfc_bsg.c | 6 drivers/scsi/lpfc/lpfc_crtn.h | 2 drivers/scsi/lpfc/lpfc_ct.c | 18 drivers/scsi/lpfc/lpfc_debugfs.c | 4 drivers/scsi/lpfc/lpfc_disc.h | 60 drivers/scsi/lpfc/lpfc_els.c | 437 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 305 - drivers/scsi/lpfc/lpfc_init.c | 58 drivers/scsi/lpfc/lpfc_nportdisc.c | 329 -- drivers/scsi/lpfc/lpfc_nvme.c | 9 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/lpfc/lpfc_scsi.c | 8 drivers/scsi/lpfc/lpfc_sli.c | 78 drivers/scsi/lpfc/lpfc_vport.c | 6 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/sd.c | 2 drivers/spi/spi-fsl-dspi.c | 11 drivers/target/target_core_pr.c | 4 drivers/tee/optee/ffa_abi.c | 41 drivers/tee/optee/optee_private.h | 2 drivers/ufs/core/ufs-sysfs.c | 4 drivers/usb/cdns3/cdnsp-debug.h | 5 drivers/usb/cdns3/cdnsp-ep0.c | 18 drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-ring.c | 7 drivers/usb/chipidea/udc.c | 7 drivers/usb/core/hub.c | 3 drivers/usb/core/quirks.c | 3 drivers/usb/core/usb-acpi.c | 4 drivers/usb/dwc3/core.c | 9 drivers/usb/dwc3/gadget.c | 22 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-pci.c | 25 drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci-ring.c | 5 drivers/usb/host/xhci.c | 31 drivers/usb/host/xhci.h | 3 drivers/usb/typec/altmodes/displayport.c | 5 drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 14 fs/anon_inodes.c | 27 fs/bcachefs/fsck.c | 2 fs/bcachefs/recovery.c | 2 fs/bcachefs/util.h | 2 fs/btrfs/file.c | 21 fs/btrfs/inode.c | 36 fs/btrfs/ioctl.c | 4 fs/btrfs/tree-log.c | 377 +- fs/erofs/xattr.c | 2 fs/f2fs/data.c | 2 fs/f2fs/f2fs.h | 35 fs/f2fs/file.c | 3 fs/f2fs/gc.h | 1 fs/f2fs/segment.c | 11 fs/f2fs/segment.h | 10 fs/f2fs/super.c | 42 fs/file_table.c | 4 fs/gfs2/aops.c | 54 fs/gfs2/aops.h | 3 fs/gfs2/bmap.c | 3 fs/gfs2/glock.c | 19 fs/gfs2/glops.c | 9 fs/gfs2/incore.h | 3 fs/gfs2/inode.c | 96 fs/gfs2/inode.h | 1 fs/gfs2/log.c | 7 fs/gfs2/super.c | 114 fs/gfs2/trace_gfs2.h | 9 fs/gfs2/trans.c | 21 fs/gfs2/trans.h | 2 fs/gfs2/xattr.c | 11 fs/gfs2/xattr.h | 2 fs/kernfs/file.c | 2 fs/netfs/buffered_write.c | 2 fs/netfs/direct_write.c | 8 fs/netfs/write_collect.c | 5 fs/nfs/flexfilelayout/flexfilelayout.c | 121 fs/nfs/inode.c | 17 fs/nfs/pnfs.c | 4 fs/smb/client/cifsglob.h | 2 fs/smb/client/cifsproto.h | 1 fs/smb/client/cifssmb.c | 2 fs/smb/client/connect.c | 15 fs/smb/client/misc.c | 6 fs/smb/client/readdir.c | 2 fs/smb/client/smb2pdu.c | 11 include/linux/bpf_verifier.h | 31 include/linux/cpu.h | 1 include/linux/dcache.h | 1 include/linux/export.h | 12 include/linux/fs.h | 2 include/linux/libata.h | 7 include/linux/spinlock.h | 13 include/linux/usb.h | 2 include/linux/usb/typec_dp.h | 1 kernel/bpf/verifier.c | 125 kernel/irq/irq_sim.c | 2 kernel/rcu/tree.c | 4 kernel/sched/core.c | 4 kernel/sched/debug.c | 7 kernel/sched/ext.c | 12 kernel/sched/fair.c | 117 kernel/sched/pelt.c | 4 kernel/sched/sched.h | 5 lib/Kconfig.ubsan | 2 lib/test_objagg.c | 4 mm/secretmem.c | 10 mm/userfaultfd.c | 33 mm/vmalloc.c | 63 net/bluetooth/hci_event.c | 36 net/bluetooth/hci_sync.c | 227 - net/bluetooth/mgmt.c | 25 net/mac80211/rx.c | 4 net/rose/rose_route.c | 15 net/sched/sch_api.c | 19 net/sunrpc/rpc_pipe.c | 14 net/vmw_vsock/vmci_transport.c | 4 security/selinux/ss/services.c | 16 sound/isa/sb/sb16_main.c | 7 sound/soc/amd/yc/acp6x-mach.c | 14 sound/soc/codecs/tas2764.c | 46 sound/soc/codecs/tas2764.h | 3 tools/testing/kunit/qemu_configs/sparc.py | 7 tools/testing/selftests/iommu/iommufd.c | 30 304 files changed, 5903 insertions(+), 2737 deletions(-) Ahmed Zaki (1): idpf: convert control queue mutex to a spinlock Al Viro (1): add a string-to-qstr constructor Alex Deucher (1): drm/amdgpu/mes: add missing locking in helper functions Alok Tiwari (5): platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message nvme: Fix incorrect cdw15 value in passthru error logging platform/mellanox: mlxreg-lc: Fix logic error in power state check enic: fix incorrect MTU comparison in enic_change_mtu() Andreas Gruenbacher (12): gfs2: Initialize gl_no_formal_ino earlier gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE gfs2: Rename dinode_demise to evict_behavior gfs2: Prevent inode creation race gfs2: Decode missing glock flags in tracepoints gfs2: Add GLF_PENDING_REPLY flag gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE gfs2: Move gfs2_dinode_dealloc gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc gfs2: deallocate inodes in gfs2_create_inode gfs2: Move gfs2_trans_add_databufs gfs2: Don't start unnecessary transactions during log flush Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Andrii Nakryiko (1): bpf: use common instruction history across all states Armin Wolf (1): ACPI: thermal: Execute _SCP before reading trip points Arnd Bergmann (1): iommu: ipmmu-vmsa: avoid Wformat-security warning Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Beleswar Padhi (5): remoteproc: k3-r5: Add devm action to release reserved memory remoteproc: k3-r5: Use devm_kcalloc() helper remoteproc: k3-r5: Use devm_ioremap_wc() helper remoteproc: k3-r5: Use devm_rproc_add() helper remoteproc: k3-r5: Refactor sequential core power up/down operations Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (AMD) (5): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/microcode/AMD: Add TSA microcode SHAs x86/process: Move the buffer clearing before MONITOR Bui Quang Minh (2): virtio-net: xsk: rx: fix the frame's length check virtio-net: ensure the received length does not exceed allocated size Chao Yu (2): f2fs: zone: introduce first_zoned_segno in f2fs_sb_info f2fs: zone: fix to calculate first_zoned_segno correctly Christian Eggers (4): Bluetooth: HCI: Set extended advertising data synchronously Bluetooth: hci_sync: revert some mesh modifications Bluetooth: MGMT: set_mesh: update LE scan interval and window Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Christian Marangi (1): spinlock: extend guard with spinlock_bh variants Christophe JAILLET (1): mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() Cosmin Ratiu (1): bonding: Mark active offloaded xfrm_states Daeho Jeong (1): f2fs: decrease spare area for pinned files for zoned devices Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() David Gow (1): kunit: qemu_configs: Disable faulting tests on 32-bit SPARC David Howells (2): netfs: Fix i_size updating netfs: Fix oops in write-retry from mis-resetting the subreq iterator David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Dmitry Baryshkov (1): drm/bridge: aux-hpd-bridge: fix assignment of the of_node Dmitry Bogdanov (1): nvmet: fix memory leak of bio integrity Elena Popa (1): rtc: pcf2127: fix SPI command byte for PCF2131 Ewan D. Milne (1): scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag Filipe Manana (10): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: fix iteration of extrefs during log replay btrfs: return a btrfs_inode from btrfs_iget_logging() btrfs: return a btrfs_inode from read_one_inode() btrfs: fix invalid inode pointer dereferences during log replay btrfs: fix inode lookup error handling during log replay btrfs: record new subvolume in parent dir earlier to avoid dir logging races btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir btrfs: fix wrong start offset for delalloc space release during mmap write Frank Min (1): drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Gabriel Santese (1): ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Geert Uytterhoeven (3): arm64: dts: renesas: Use interrupts-extended for Ethernet PHYs arm64: dts: renesas: Factor out White Hawk Single board support arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description Greg Kroah-Hartman (1): Linux 6.12.37 Gyeyoung Baek (1): genirq/irq_sim: Initialize work context pointers properly Harry Austen (1): drm/xe: Allow dropping kunit dependency as built-in HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heikki Krogerus (1): usb: acpi: fix device link removal Heiko Stuebner (1): regulator: fan53555: add enable_time support and soft-start times Herbert Xu (3): crypto: iaa - Remove dst_null support crypto: iaa - Do not clobber req->base.data crypto: zynqmp-sha - Add locking Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Hugo Villeneuve (1): rtc: pcf2127: add missing semicolon after statement Imre Deak (1): drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janne Grunau (1): arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jeff LaBundy (1): Input: iqs7222 - explicitly define number of external channels Jens Wiklander (1): optee: ffa: fix sleep in atomic context Jeongjun Park (1): mm/vmalloc: fix data race in show_numa_info() Jiawen Wu (2): net: txgbe: request MISC IRQ in ndo_open net: libwx: fix the incorrect display of the queue number Johan Hovold (1): arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input John Harrison (1): drm/xe/guc: Dead CT helper Juha-Pekka Heikkila (1): drm/xe: add interface to request physical alignment for buffer objects Junxiao Chang (1): drm/i915/gsc: mei interrupt top half should be in irq disabled context Justin Sanders (1): aoe: defer rexmit timer downdev work to workqueue Justin Tee (3): scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Kairui Song (1): mm: userfaultfd: fix race of userfaultfd_move and swap cache Kees Cook (1): ubsan: integer-overflow: depend on BROKEN to keep this out of CI Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (1): arm64: dts: qcom: sm8650: change labels to lower-case Kuen-Han Tsai (1): usb: dwc3: Abort suspend on soft disconnect failure Kuniyuki Iwashima (1): nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Kurt Borja (7): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: hp-bioscfg: Fix class device unregistration platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup platform/x86: think-lmi: Fix sysfs group cleanup Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Longfang Liu (2): hisi_acc_vfio_pci: bugfix cache write-back issue hisi_acc_vfio_pci: bugfix the problem of uninstalling driver Luca Weiss (1): arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 Lukasz Czechowski (1): arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma Maarten Lankhorst (2): drm/xe: Fix DSB buffer coherency drm/xe: Move DSB l2 flush to a more sensible place Madhavan Srinivasan (2): powerpc: Fix struct termio related ioctl macros powerpc/kernel: Fix ppc_save_regs inclusion in build Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (1): drm/exynos: fimd: Guard display clock control with runtime PM calls Mario Limonciello (1): platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Markus Elfring (1): remoteproc: k3: Call of_node_put(rmem_np) only once in three functions Martin Povišer (2): ASoC: tas2764: Extend driver to SN012776 ASoC: tas2764: Reinit cache on part reset Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Matthew Auld (1): drm/xe: move DPT l2 flush to a more sensible place Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael Guralnik (1): RDMA/mlx5: Fix cache entry update on dereg error Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Michal Swiatkowski (1): idpf: return 0 size for RSS key if not supported Michal Wajdeczko (1): drm/xe/guc: Explicitly exit CT safe mode on unwind Nicholas Kazlauskas (1): drm/amd/display: Add more checks for DSC / HUBP ONO guarantees Nicolas Escande (1): wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path Nicolin Chen (1): iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Niklas Schnelle (2): s390/pci: Fix stale function handles in error handling s390/pci: Do not try re-enabling load/store if device is disabled Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Niranjana Vishwanathapura (1): drm/xe: Allow bo mapping on multiple ggtts Nitin Gote (1): drm/xe: Replace double space with single space after comma Oleksij Rempel (1): net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Oliver Neukum (1): Logitech C-270 even more broken Or Har-Toov (2): RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling IB/mlx5: Fix potential deadlock in MR deregistration P Praneesh (1): wifi: ath12k: Handle error cases during extended skb allocation Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Patrisious Haddad (3): RDMA/mlx5: Fix HW counters query for non-representor devices RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Paulo Alcantara (4): smb: client: fix warning when reconnecting channel smb: client: set missing retry flag in smb2_writev_callback() smb: client: set missing retry flag in cifs_readv_callback() smb: client: set missing retry flag in cifs_writev_callback() Pawel Laszczak (1): usb: cdnsp: Fix issue with CV Bad Descriptor test Pengyu Luo (1): arm64: dts: qcom: sm8650: add the missing l2 cache node Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot Peter Zijlstra (1): module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Philipp Kerling (1): smb: client: fix readdir returning wrong type with POSIX extensions Qu Wenruo (1): btrfs: prepare btrfs_page_mkwrite() for large folios RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (3): amd-xgbe: align CL37 AN sequence as per databook amd-xgbe: do not double read link status usb: xhci: quirk for data loss in ISOC transfers Rameshkumar Sundaram (1): wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers Raven Black (1): ASoC: amd: yc: update quirk data for HP Victus Rob Clark (2): drm/msm: Fix a fence leak in submit error path drm/msm: Fix another leak in the submit error path Roy Luo (2): usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Revert "usb: xhci: Implement xhci_handshake_check_state() helper" Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shivank Garg (1): fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Shyam Prasad N (1): cifs: all initializations for tcon should happen in tcon_info_alloc Simon Xue (1): iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Sonny Jiang (1): drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause Stephen Smalley (1): selinux: change security_compute_sid to return the ssid or tsid on match Sudeep Holla (3): firmware: arm_ffa: Fix memory leak by freeing notifier callback node firmware: arm_ffa: Move memory allocation outside the mutex locking firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Tasos Sahanidis (1): ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Tejun Heo (1): sched_ext: Make scx_group_set_weight() always update tg->scx.weight Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() ethernet: atl1: Add missing DMA mapping error checks and count errors nui: Fix dma_mapping_error() check Thomas Weißschuh (7): platform/x86: hp-bioscfg: Directly use firmware_attributes_class platform/x86: firmware_attributes_class: Move include linux/device/class.h platform/x86: firmware_attributes_class: Simplify API platform/x86: think-lmi: Directly use firmware_attributes_class platform/x86: dell-sysman: Directly use firmware_attributes_class kunit: qemu_configs: sparc: use Zilog console kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y Thomas Zimmermann (1): drm/simpledrm: Do not upcast in release helpers Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vinay Belgaumkar (1): drm/xe/bmg: Update Wa_22019338487 Vincent Guittot (2): sched/fair: Rename h_nr_running into h_nr_queued sched/fair: Add new cfs_rq.h_nr_runnable Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Vivian Wang (1): riscv: cpu_ops_sbi: Use static array for boot_data Wang Zhaolong (1): smb: client: fix race condition in negotiate timeout by using more precise timing Xu Yang (1): usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Xuewen Yan (1): sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE Yang Li (1): Bluetooth: Prevent unintended pause by checking if advertising is active Yonghong Song (1): bpf: Do not include stack ptr register in precision backtracking bookkeeping Yunshui Jiang (1): Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Zhang Rui (1): powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Zhu Yanjun (1): RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug jackysliu (1): scsi: sd: Fix VPD page 0xb7 length check xueqin Luo (1): ACPI: thermal: Fix stale comment regarding trip points Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

2 months, 1 week

1
1
0 0

Linux 6.6.97

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.97 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Documentation/arch/x86/mds.rst | 8 Documentation/core-api/symbol-namespaces.rst | 22 + Makefile | 2 arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 arch/arm64/boot/dts/qcom/sm8550.dtsi | 30 + arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/powerpc/kernel/Makefile | 2 arch/s390/pci/pci_event.c | 4 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpu.h | 12 arch/x86/include/asm/cpufeatures.h | 6 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/mwait.h | 28 + arch/x86/include/asm/nospec-branch.h | 37 +- arch/x86/include/uapi/asm/debugreg.h | 21 + arch/x86/kernel/cpu/amd.c | 60 +++ arch/x86/kernel/cpu/bugs.c | 133 +++++++- arch/x86/kernel/cpu/common.c | 38 +- arch/x86/kernel/cpu/microcode/amd.c | 12 arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++ arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 16 - arch/x86/kernel/traps.c | 32 +- arch/x86/kvm/cpuid.c | 8 arch/x86/kvm/reverse_cpuid.h | 8 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 drivers/acpi/acpica/dsmethod.c | 7 drivers/ata/libata-acpi.c | 24 + drivers/ata/pata_cs5536.c | 2 drivers/ata/pata_via.c | 6 drivers/base/cpu.c | 3 drivers/block/aoe/aoe.h | 1 drivers/block/aoe/aoecmd.c | 8 drivers/block/aoe/aoedev.c | 5 drivers/dma-buf/dma-resv.c | 12 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 drivers/gpu/drm/i915/gt/intel_gsc.c | 2 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 - drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 17 - drivers/gpu/drm/tiny/simpledrm.c | 4 drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 37 +- drivers/i2c/busses/i2c-designware-master.c | 1 drivers/infiniband/hw/mlx5/counters.c | 4 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/infiniband/hw/mlx5/main.c | 33 ++ drivers/input/joystick/xpad.c | 2 drivers/input/misc/iqs7222.c | 7 drivers/iommu/rockchip-iommu.c | 3 drivers/mmc/core/quirks.h | 12 drivers/mmc/host/mtk-sd.c | 21 + drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 - drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 7 drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 + drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 + drivers/net/ethernet/sun/niu.h | 4 drivers/net/usb/lan78xx.c | 2 drivers/net/virtio_net.c | 38 ++ drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/mellanox/mlxreg-lc.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 2 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 - drivers/platform/x86/firmware_attributes_class.c | 43 -- drivers/platform/x86/firmware_attributes_class.h | 5 drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 drivers/platform/x86/think-lmi.c | 103 ++---- drivers/powercap/intel_rapl_common.c | 18 + drivers/regulator/fan53555.c | 14 drivers/regulator/gpio-regulator.c | 8 drivers/rtc/rtc-cmos.c | 10 drivers/rtc/rtc-pcf2127.c | 7 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/spi/spi-fsl-dspi.c | 11 drivers/target/target_core_pr.c | 4 drivers/ufs/core/ufs-sysfs.c | 4 drivers/ufs/core/ufshcd.c | 160 +++++++--- drivers/usb/cdns3/cdnsp-ring.c | 4 drivers/usb/chipidea/udc.c | 7 drivers/usb/core/quirks.c | 3 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/host/xhci-mem.c | 4 drivers/usb/host/xhci-pci.c | 25 + drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci.h | 1 drivers/usb/typec/altmodes/displayport.c | 5 fs/anon_inodes.c | 23 + fs/btrfs/inode.c | 56 +-- fs/btrfs/ordered-data.c | 12 fs/btrfs/tree-log.c | 8 fs/f2fs/file.c | 119 +++++-- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++-- fs/nfs/inode.c | 17 - fs/nfs/pnfs.c | 4 fs/smb/client/cifsglob.h | 2 fs/smb/client/connect.c | 7 fs/smb/client/readdir.c | 2 fs/smb/client/smb2pdu.c | 10 fs/smb/client/trace.h | 18 - include/linux/cpu.h | 1 include/linux/export.h | 12 include/linux/fs.h | 2 include/linux/libata.h | 7 include/linux/usb/typec_dp.h | 1 include/net/bluetooth/hci_core.h | 2 include/trace/events/f2fs.h | 39 +- include/ufs/ufshcd.h | 4 kernel/rcu/tree.c | 4 lib/test_objagg.c | 4 mm/secretmem.c | 11 net/bluetooth/hci_core.c | 34 +- net/bluetooth/hci_sync.c | 20 - net/bluetooth/mgmt.c | 25 + net/mac80211/chan.c | 6 net/mac80211/ieee80211_i.h | 9 net/mac80211/link.c | 15 net/mac80211/rx.c | 4 net/rose/rose_route.c | 15 net/sched/sch_api.c | 19 - net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 7 sound/soc/amd/yc/acp6x-mach.c | 14 149 files changed, 1745 insertions(+), 629 deletions(-) Alok Tiwari (3): platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message platform/mellanox: mlxreg-lc: Fix logic error in power state check enic: fix incorrect MTU comparison in enic_change_mtu() Anand Jain (1): btrfs: rename err to ret in btrfs_rmdir() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (AMD) (5): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/microcode/AMD: Add TSA microcode SHAs x86/process: Move the buffer clearing before MONITOR Bui Quang Minh (1): virtio-net: ensure the received length does not exceed allocated size Chao Yu (4): f2fs: add tracepoint for f2fs_vm_page_mkwrite() f2fs: convert f2fs_vm_page_mkwrite() to use folio f2fs: fix to zero post-eof page f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault Christian Eggers (3): Bluetooth: hci_sync: revert some mesh modifications Bluetooth: MGMT: set_mesh: update LE scan interval and window Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Daeho Jeong (1): f2fs: prevent writing without fallocate() for pinned files Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Elena Popa (1): rtc: pcf2127: fix SPI command byte for PCF2131 Filipe Manana (5): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: fix iteration of extrefs during log replay btrfs: propagate last_unlink_trans earlier when doing a rmdir btrfs: use btrfs_record_snapshot_destroy() during rmdir btrfs: fix qgroup reservation leak on failure to allocate ordered extent Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Gabriel Santese (1): ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Greg Kroah-Hartman (1): Linux 6.6.97 HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heiko Stuebner (1): regulator: fan53555: add enable_time support and soft-start times Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Hugo Villeneuve (1): rtc: pcf2127: add missing semicolon after statement James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janne Grunau (1): arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jeff LaBundy (1): Input: iqs7222 - explicitly define number of external channels Johannes Berg (5): wifi: mac80211: chan: chandef is non-NULL for reserved wifi: mac80211: finish link init before RCU publish ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Joonas Lahtinen (1): Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Junxiao Chang (1): drm/i915/gsc: mei interrupt top half should be in irq disabled context Justin Sanders (1): aoe: defer rexmit timer downdev work to workqueue Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Kuniyuki Iwashima (2): nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Bluetooth: hci_core: Fix use-after-free in vhci_flush() Kurt Borja (7): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: hp-bioscfg: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup platform/x86: think-lmi: Fix sysfs group cleanup Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Madhavan Srinivasan (2): powerpc: Fix struct termio related ioctl macros powerpc/kernel: Fix ppc_save_regs inclusion in build Manivannan Sadhasivam (2): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods scsi: ufs: core: Add OPP support for scaling clocks and regulators Marek Szyprowski (1): drm/exynos: fimd: Guard display clock control with runtime PM calls Mario Limonciello (1): platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Muna Sinada (1): wifi: mac80211: Add link iteration macro for link data Neil Armstrong (1): arm64: dts: qcom: sm8550: add UART14 nodes Niklas Schnelle (1): s390/pci: Do not try re-enabling load/store if device is disabled Nilton Perim Neto (1): Input: xpad - support Acer NGR 200 Controller Oleksij Rempel (1): net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Oliver Neukum (1): Logitech C-270 even more broken Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Patrisious Haddad (3): RDMA/mlx5: Fix HW counters query for non-representor devices RDMA/mlx5: Fix CC counters query for MPV RDMA/mlx5: Fix vport loopback for MPV device Paulo Alcantara (1): smb: client: fix warning when reconnecting channel Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot Peter Wang (1): scsi: ufs: core: Fix abnormal scale up after last cmd finish Peter Zijlstra (1): module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Philipp Kerling (1): smb: client: fix readdir returning wrong type with POSIX extensions RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (3): amd-xgbe: align CL37 AN sequence as per databook amd-xgbe: do not double read link status usb: xhci: quirk for data loss in ISOC transfers Raven Black (1): ASoC: amd: yc: update quirk data for HP Victus Ricardo B. Marliere (1): platform/x86: make fw_attr_class constant Rob Clark (2): drm/msm: Fix a fence leak in submit error path drm/msm: Fix another leak in the submit error path Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Shivank Garg (1): fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Simon Xue (1): iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Stefan Metzmacher (1): smb: client: remove \t from TP_printk statements Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Tasos Sahanidis (1): ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() ethernet: atl1: Add missing DMA mapping error checks and count errors nui: Fix dma_mapping_error() check Thomas Weißschuh (5): platform/x86: firmware_attributes_class: Move include linux/device/class.h platform/x86: firmware_attributes_class: Simplify API platform/x86: think-lmi: Directly use firmware_attributes_class platform/x86: dell-sysman: Directly use firmware_attributes_class platform/x86: hp-bioscfg: Directly use firmware_attributes_class Thomas Zimmermann (1): drm/simpledrm: Do not upcast in release helpers Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Wang Zhaolong (1): smb: client: fix race condition in negotiate timeout by using more precise timing Xin Li (Intel) (2): x86/traps: Initialize DR6 by writing its architectural reset value drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Xu Yang (1): usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Yan Zhai (1): bnxt: properly flush XDP redirect lists Yang Li (1): Bluetooth: Prevent unintended pause by checking if advertising is active Zhang Rui (1): powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed anvithdosapati (1): scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

2 months, 1 week

1
1
0 0

Linux 6.1.144

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.144 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Makefile | 2 arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/s390/pci/pci_event.c | 4 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpu.h | 12 arch/x86/include/asm/cpufeatures.h | 6 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/mwait.h | 19 - arch/x86/include/asm/nospec-branch.h | 39 +- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 133 +++++++++- arch/x86/kernel/cpu/common.c | 14 - arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 15 - arch/x86/kvm/cpuid.c | 9 arch/x86/kvm/reverse_cpuid.h | 8 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 drivers/acpi/acpica/dsmethod.c | 7 drivers/ata/libata-acpi.c | 24 + drivers/ata/pata_cs5536.c | 2 drivers/ata/pata_via.c | 6 drivers/base/cpu.c | 7 drivers/block/aoe/aoe.h | 1 drivers/block/aoe/aoecmd.c | 8 drivers/block/aoe/aoedev.c | 5 drivers/dma-buf/dma-resv.c | 12 drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_gsc.c | 2 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 - drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 17 + drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 37 ++ drivers/i2c/busses/i2c-designware-master.c | 1 drivers/infiniband/hw/mlx5/counters.c | 2 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/mmc/core/quirks.h | 12 drivers/mmc/host/mtk-sd.c | 21 + drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 79 ++++- drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 + drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 ++ drivers/net/ethernet/sun/niu.h | 4 drivers/net/usb/lan78xx.c | 2 drivers/net/virtio_net.c | 38 ++ drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/mellanox/mlxreg-lc.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 2 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 drivers/platform/x86/think-lmi.c | 53 ++- drivers/regulator/gpio-regulator.c | 8 drivers/rtc/rtc-cmos.c | 10 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/spi/spi-fsl-dspi.c | 11 drivers/target/target_core_pr.c | 4 drivers/ufs/core/ufs-sysfs.c | 4 drivers/usb/cdns3/cdnsp-ring.c | 4 drivers/usb/core/quirks.c | 3 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/host/xhci-plat.c | 3 drivers/usb/typec/altmodes/displayport.c | 5 fs/btrfs/inode.c | 7 fs/btrfs/tree-log.c | 8 fs/nfs/flexfilelayout/flexfilelayout.c | 121 ++++++--- fs/nfs/inode.c | 17 + fs/nfs/pnfs.c | 4 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 7 include/linux/cpu.h | 1 include/linux/libata.h | 7 include/linux/usb/typec_dp.h | 1 kernel/rcu/tree.c | 4 lib/test_objagg.c | 4 net/bluetooth/hci_sync.c | 20 - net/bluetooth/mgmt.c | 25 + net/mac80211/rx.c | 4 net/rose/rose_route.c | 15 - net/sched/sch_api.c | 19 - net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 7 sound/soc/amd/yc/acp6x-mach.c | 7 105 files changed, 970 insertions(+), 303 deletions(-) Alok Tiwari (3): platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message platform/mellanox: mlxreg-lc: Fix logic error in power state check enic: fix incorrect MTU comparison in enic_change_mtu() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (AMD) (4): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/process: Move the buffer clearing before MONITOR Bui Quang Minh (1): virtio-net: ensure the received length does not exceed allocated size Christian Eggers (3): Bluetooth: hci_sync: revert some mesh modifications Bluetooth: MGMT: set_mesh: update LE scan interval and window Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian König (1): dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Filipe Manana (3): btrfs: fix missing error handling when searching for inode refs during log replay btrfs: fix iteration of extrefs during log replay btrfs: use btrfs_record_snapshot_destroy() during rmdir Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Greg Kroah-Hartman (1): Linux 6.1.144 HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS James Clark (1): spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janne Grunau (1): arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Junxiao Chang (1): drm/i915/gsc: mei interrupt top half should be in irq disabled context Justin Sanders (1): aoe: defer rexmit timer downdev work to workqueue Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Kuniyuki Iwashima (1): nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Kurt Borja (5): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively platform/x86: think-lmi: Fix kobject cleanup Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (1): drm/exynos: fimd: Guard display clock control with runtime PM calls Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Niklas Schnelle (1): s390/pci: Do not try re-enabling load/store if device is disabled Oleksij Rempel (1): net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Oliver Neukum (1): Logitech C-270 even more broken Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Patrisious Haddad (1): RDMA/mlx5: Fix CC counters query for MPV Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (1): amd-xgbe: align CL37 AN sequence as per databook Raven Black (1): ASoC: amd: yc: update quirk data for HP Victus Rob Clark (2): drm/msm: Fix a fence leak in submit error path drm/msm: Fix another leak in the submit error path Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Tasos Sahanidis (1): ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() ethernet: atl1: Add missing DMA mapping error checks and count errors nui: Fix dma_mapping_error() check Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Wang Zhaolong (1): smb: client: fix race condition in negotiate timeout by using more precise timing Yang Li (1): Bluetooth: Prevent unintended pause by checking if advertising is active Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

2 months, 1 week

1
1
0 0

Linux 5.15.187

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.187 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/ABI/testing/sysfs-driver-ufs | 2 Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst | 4 Documentation/admin-guide/kernel-parameters.txt | 13 Documentation/devicetree/bindings/serial/8250.yaml | 2 Makefile | 2 arch/arm/include/asm/ptrace.h | 5 arch/arm64/mm/mmu.c | 3 arch/powerpc/include/uapi/asm/ioctls.h | 8 arch/s390/Makefile | 2 arch/s390/kernel/entry.S | 2 arch/s390/purgatory/Makefile | 2 arch/um/drivers/ubd_user.c | 2 arch/um/include/asm/asm-prototypes.h | 5 arch/x86/Kconfig | 9 arch/x86/entry/entry.S | 8 arch/x86/include/asm/cpu.h | 13 arch/x86/include/asm/cpufeatures.h | 6 arch/x86/include/asm/irqflags.h | 4 arch/x86/include/asm/mwait.h | 19 - arch/x86/include/asm/nospec-branch.h | 39 +- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 133 +++++++++- arch/x86/kernel/cpu/common.c | 14 - arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/process.c | 15 - arch/x86/kvm/cpuid.c | 25 + arch/x86/kvm/reverse_cpuid.h | 8 arch/x86/kvm/svm/vmenter.S | 6 arch/x86/kvm/vmx/vmx.c | 2 arch/x86/um/asm/checksum.h | 3 drivers/acpi/acpica/dsmethod.c | 7 drivers/ata/pata_cs5536.c | 2 drivers/base/cpu.c | 7 drivers/clk/ti/clk-43xx.c | 1 drivers/dma/xilinx/xilinx_dma.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/bridge/cdns-dsi.c | 27 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 drivers/gpu/drm/i915/selftests/i915_request.c | 20 - drivers/gpu/drm/i915/selftests/mock_request.c | 2 drivers/gpu/drm/msm/msm_gem_submit.c | 9 drivers/gpu/drm/tegra/dc.c | 17 - drivers/gpu/drm/tegra/hub.c | 4 drivers/gpu/drm/tegra/hub.h | 3 drivers/gpu/drm/udl/udl_drv.c | 2 drivers/gpu/drm/v3d/v3d_drv.h | 8 drivers/gpu/drm/v3d/v3d_gem.c | 2 drivers/gpu/drm/v3d/v3d_irq.c | 39 ++ drivers/hid/wacom_sys.c | 6 drivers/hv/channel_mgmt.c | 33 +- drivers/hv/hyperv_vmbus.h | 19 - drivers/hv/vmbus_drv.c | 2 drivers/hwmon/pmbus/max34440.c | 48 +++ drivers/hwtracing/coresight/coresight-core.c | 3 drivers/hwtracing/coresight/coresight-priv.h | 1 drivers/i2c/busses/i2c-designware-master.c | 1 drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 drivers/i2c/busses/i2c-tiny-usb.c | 6 drivers/iio/pressure/zpa2326.c | 2 drivers/infiniband/hw/mlx5/counters.c | 2 drivers/infiniband/hw/mlx5/devx.c | 2 drivers/leds/led-class-multicolor.c | 3 drivers/mailbox/mailbox.c | 2 drivers/md/bcache/super.c | 7 drivers/md/dm-raid.c | 2 drivers/md/md-bitmap.c | 2 drivers/media/platform/davinci/vpif.c | 4 drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 drivers/media/platform/omap3isp/ispccdc.c | 8 drivers/media/platform/omap3isp/ispstat.c | 6 drivers/media/usb/uvc/uvc_ctrl.c | 40 +-- drivers/mfd/max14577.c | 1 drivers/mmc/core/quirks.h | 16 - drivers/mmc/host/mtk-sd.c | 21 + drivers/mmc/host/sdhci.c | 9 drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 drivers/net/ethernet/amd/xgbe/xgbe.h | 4 drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++- drivers/net/ethernet/cisco/enic/enic_main.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 +++++++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 - drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 - drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 drivers/net/ethernet/intel/igc/igc_main.c | 10 drivers/net/ethernet/sun/niu.c | 31 ++ drivers/net/ethernet/sun/niu.h | 4 drivers/net/wireless/ath/ath6kl/bmi.c | 4 drivers/pci/controller/pci-hyperv.c | 17 - drivers/platform/mellanox/mlxbf-tmfifo.c | 3 drivers/platform/x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 drivers/platform/x86/dell/dell-wmi-sysman/enum-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/int-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/string-attributes.c | 5 drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 drivers/platform/x86/ideapad-laptop.c | 19 + drivers/platform/x86/think-lmi.c | 18 - drivers/regulator/gpio-regulator.c | 19 + drivers/rtc/rtc-cmos.c | 10 drivers/s390/crypto/pkey_api.c | 2 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/ufs/ufs-sysfs.c | 4 drivers/spi/spi-fsl-dspi.c | 11 drivers/staging/rtl8723bs/core/rtw_security.c | 44 +-- drivers/target/target_core_pr.c | 4 drivers/tty/serial/uartlite.c | 25 - drivers/tty/vt/consolemap.c | 47 ++- drivers/tty/vt/vt.c | 12 drivers/uio/uio_hv_generic.c | 10 drivers/usb/cdns3/cdnsp-ring.c | 4 drivers/usb/class/cdc-wdm.c | 23 - drivers/usb/common/usb-conn-gpio.c | 25 + drivers/usb/core/quirks.c | 3 drivers/usb/core/usb.c | 14 - drivers/usb/dwc2/gadget.c | 6 drivers/usb/gadget/function/f_tcm.c | 4 drivers/usb/host/xhci-dbgcap.c | 4 drivers/usb/host/xhci-dbgtty.c | 1 drivers/usb/typec/altmodes/displayport.c | 5 drivers/video/console/dummycon.c | 24 + drivers/video/console/mdacon.c | 21 - drivers/video/console/newport_con.c | 12 drivers/video/console/sticon.c | 14 - drivers/video/console/vgacon.c | 38 +- drivers/video/fbdev/core/fbcon.c | 57 +--- fs/btrfs/inode.c | 19 + fs/btrfs/tree-log.c | 4 fs/btrfs/volumes.c | 6 fs/ceph/file.c | 2 fs/cifs/misc.c | 8 fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 --- fs/ksmbd/smb2pdu.c | 53 ++- fs/namespace.c | 8 fs/nfs/flexfilelayout/flexfilelayout.c | 121 ++++++--- fs/nfs/inode.c | 19 + fs/nfs/nfs4proc.c | 12 fs/nfs/pnfs.c | 4 fs/overlayfs/util.c | 4 include/dt-bindings/clock/am4.h | 1 include/linux/console.h | 13 include/linux/console_struct.h | 6 include/linux/cpu.h | 1 include/linux/hyperv.h | 2 include/linux/ipv6.h | 1 include/linux/regulator/gpio-regulator.h | 2 include/linux/usb/typec_dp.h | 1 include/uapi/linux/vm_sockets.h | 4 kernel/rcu/tree.c | 4 lib/test_objagg.c | 4 net/atm/clip.c | 11 net/atm/resources.c | 3 net/bluetooth/l2cap_core.c | 9 net/core/selftests.c | 5 net/ipv6/ip6_output.c | 9 net/mac80211/rx.c | 4 net/mac80211/util.c | 2 net/rose/rose_route.c | 15 - net/sched/sch_api.c | 19 - net/unix/af_unix.c | 18 - net/vmw_vsock/vmci_transport.c | 4 sound/isa/sb/sb16_main.c | 7 sound/pci/hda/hda_bind.c | 2 sound/pci/hda/hda_intel.c | 3 sound/usb/quirks.c | 2 sound/usb/stream.c | 2 tools/lib/bpf/btf_dump.c | 3 177 files changed, 1582 insertions(+), 626 deletions(-) Al Viro (1): attach_recursive_mnt(): do not lock the covering tree when sliding something under it Alexis Czezar Torreno (1): hwmon: (pmbus/max34440) Fix support for max34451 Alok Tiwari (1): enic: fix incorrect MTU comparison in enic_change_mtu() Andrei Kuchynski (1): usb: typec: displayport: Fix potential deadlock Andy Shevchenko (1): usb: Add checks for snprintf() calls in usb_alloc_dev() Aradhya Bhatia (4): drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() drm/bridge: cdns-dsi: Fix connecting to next bridge drm/bridge: cdns-dsi: Check return value when getting default PHY config drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Avri Altman (1): mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Bart Van Assche (1): scsi: ufs: core: Fix spelling of a sysfs attribute name Benjamin Coddington (1): NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Borislav Petkov (AMD) (4): x86/bugs: Rename MDS machinery to something more generic x86/bugs: Add a Transient Scheduler Attacks mitigation KVM: SVM: Advertise TSA CPUID bits to guests x86/process: Move the buffer clearing before MONITOR Brett A C Sheffield (Librecast) (1): Revert "ipv6: save dontfrag in cork" Cezary Rojewski (1): ALSA: hda: Ignore unsol events for cards being shut down Chance Yang (1): usb: common: usb-conn-gpio: use a unique name for usb connector device Chao Yu (1): f2fs: don't over-report free space or inodes in statvfs Chen Yufeng (1): usb: potential integer overflow in usbg_make_tpg() Dan Carpenter (2): drm/i915/selftests: Change mock_request() to return error pointers lib: test_objagg: Set error message in check_expect_hints_stats() Daniel Vetter (1): fbcon: delete a few unneeded forward decl Dave Kleikamp (1): fs/jfs: consolidate sanity checking in dbMount David Thompson (1): platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Dev Jain (1): arm64: Restrict pagetable teardown to avoid false warning Dexuan Cui (1): PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Dmitry Kandybka (1): ceph: fix possible integer overflow in ceph_zero_objects() Dmitry Nikiforov (1): media: davinci: vpif: Fix memory leak in probe error path Eric Dumazet (1): atm: clip: prevent NULL deref in clip_push() Fedor Pchelkin (1): s390/pkey: Prevent overflow in size calculation for memdup_user() Filipe Manana (1): btrfs: fix missing error handling when searching for inode refs during log replay Frédéric Danis (1): Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fushuai Wang (1): dpaa2-eth: fix xdp_rxq_info leak Geert Uytterhoeven (1): ARM: 9354/1: ptrace: Use bitfield helpers Greg Kroah-Hartman (1): Linux 5.15.187 Han Young (1): NFSv4: Always set NLINK even if the server doesn't support it HarshaVardhana S A (1): vsock/vmci: Clear the vmci transport packet properly when initializing it Heiko Carstens (1): s390/entry: Fix last breaking event handling in case of stack corruption Heinz Mauelshagen (1): dm-raid: fix variable in journal device check Ioana Ciornei (1): net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Jakub Kicinski (1): net: selftests: fix TCP packet checksum Jakub Lewalski (1): tty: serial: uartlite: register uart driver in init James Clark (2): coresight: Only check bottom two claim bits spi: spi-fsl-dspi: Clear completion counter before initiating transfer Janusz Krzysztofik (1): drm/i915/gt: Fix timeline left held on VMA alloc error Jay Cornwall (1): drm/amdkfd: Fix race in GWS queue scheduling Jerome Neanne (1): regulator: gpio: Add input_supply support in gpio_regulator_config Jiri Slaby (1): tty/vt: consolemap: rename and document struct uni_pagedir Jiri Slaby (SUSE) (5): vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() vgacon: remove unneeded forward declarations tty: vt: make init parameter of consw::con_init() a bool tty: vt: sanitize arguments of consw::con_clear() tty: vt: make consw::con_switch() return a bool Johannes Berg (3): ata: pata_cs5536: fix build on 32-bit UML wifi: mac80211: drop invalid source address OCB frames wifi: ath6kl: remove WARN on bad firmware input Jonathan Cameron (1): iio: pressure: zpa2326: Use aligned_s64 for the timestamp Jos Wang (1): usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Josef Bacik (1): btrfs: don't drop extent_map for free space inode on write error Kees Cook (1): ovl: Check for NULL d_inode() in ovl_dentry_upper() Kohei Enju (1): rose: fix dangling neighbour pointers in rose_rt_device_down() Krzysztof Kozlowski (1): mfd: max14577: Fix wakeup source leaks on device unbind Kuniyuki Iwashima (3): af_unix: Don't set -ECONNRESET for consumed OOB skb. atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Kurt Borja (4): platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks platform/x86: think-lmi: Fix class device unregistration platform/x86: dell-wmi-sysman: Fix class device unregistration platform/x86: think-lmi: Create ksets consecutively Lachlan Hodges (1): wifi: mac80211: fix beacon interval calculation overflow Linggang Zeng (1): bcache: fix NULL pointer in cache_set_flush() Lion Ackermann (1): net/sched: Always pass notifications when child class becomes empty Long Li (1): uio_hv_generic: Align ring size to system page Madhavan Srinivasan (1): powerpc: Fix struct termio related ioctl macros Manivannan Sadhasivam (1): regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Marek Szyprowski (2): media: omap3isp: use sgtable-based scatterlist wrappers drm/exynos: fimd: Guard display clock control with runtime PM calls Mario Limonciello (1): ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Mark Harmstone (1): btrfs: update superblock's device bytes_used when dropping chunk Mark Zhang (1): RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Masami Hiramatsu (Google) (2): mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data mtk-sd: Prevent memory corruption from DMA map failure Mateusz Jończyk (1): rtc: cmos: use spin_lock_irqsave in cmos_interrupt Mathias Nyman (1): xhci: dbc: Flush queued requests before stopping dbc Maurizio Lombardi (1): scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Maíra Canal (1): drm/v3d: Disable interrupts before resetting the GPU Michael Grzeschik (1): usb: dwc2: also exit clock_gating when stopping udc while suspended Michael J. Ruhl (1): i2c/designware: Fix an initialization issue Ming Qian (1): media: imx-jpeg: Drop the first error frames Miquel Raynal (1): clk: ti: am43xx: Add clkctrl data for am43xx ADC1 Namjae Jeon (1): ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Nathan Chancellor (2): staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Olga Kornievskaia (1): NFSv4.2: fix listxattr to return selinux security label Oliver Neukum (1): Logitech C-270 even more broken Pablo Martin-Gomez (1): mtd: spinand: fix memory leak of ECC engine conf Pali Rohár (1): cifs: Fix cifs_query_path_info() for Windows NT servers Paolo Bonzini (1): KVM: x86: add support for CPUID leaf 0x80000021 Patrisious Haddad (1): RDMA/mlx5: Fix CC counters query for MPV Peng Fan (1): mailbox: Not protect module_put with spin_lock_irqsave Peter Chen (1): usb: cdnsp: do not disable slot for disabled slot Qasim Ijaz (3): HID: wacom: fix memory leak on kobject creation failure HID: wacom: fix memory leak on sysfs attribute creation failure HID: wacom: fix kobject reference count leak Qiu-ji Chen (1): drm/tegra: Fix a possible null pointer dereference RD Babiera (1): usb: typec: altmodes/displayport: do not index invalid pin_assignments Radu Bulie (2): dpaa2-eth: Update dpni_get_single_step_cfg command dpaa2-eth: Update SINGLE_STEP register access Rafael J. Wysocki (1): ACPICA: Refuse to evaluate a method if arguments are missing Raju Rangoju (1): amd-xgbe: align CL37 AN sequence as per databook Ricardo Ribalda (1): media: uvcvideo: Rollback non processed entities on error Rob Clark (1): drm/msm: Fix a fence leak in submit error path Robert Hodaszi (1): usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Rong Zhang (1): platform/x86: ideapad-laptop: use usleep_range() for EC polling Sami Tolvanen (1): um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Saurabh Sengar (2): Drivers: hv: vmbus: Add utility function for querying ring size uio_hv_generic: Query the ringbuffer size for device Sergey Senozhatsky (1): mtk-sd: reset host->mrq on prepare_data() error Simon Horman (1): net: enetc: Correct endianness handling in _enetc_rd_reg64 Stefano Garzarella (1): vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Sven Schwermer (1): leds: multicolor: Fix intensity setting while SW blinking Takashi Iwai (2): ALSA: sb: Don't allow changing the DMA mode during operations ALSA: sb: Force to disable DMAs once when DMA mode is changed Thierry Reding (1): drm/tegra: Assign plane type before registration Thomas Fourier (4): scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() nui: Fix dma_mapping_error() check ethernet: atl1: Add missing DMA mapping error checks and count errors Thomas Gessler (1): dmaengine: xilinx_dma: Set dma_device directions Thomas Zimmermann (2): dummycon: Trigger redraw when switching consoles with deferred takeover drm/udl: Unregister device before cleaning up on disconnect Tiwei Bie (1): um: ubd: Add missing error check in start_io_thread() Trond Myklebust (1): NFSv4/flexfiles: Fix handling of NFS level errors in I/O Uladzislau Rezki (Sony) (1): rcu: Return early if callback is not specified Ulf Hansson (1): Revert "mmc: sdhci: Disable SD card clock before changing parameters" Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Victor Shih (1): mmc: sdhci: Add a helper function for dump register in dynamic debug mode Vijendar Mukunda (1): ALSA: hda: Add new pci id for AMD GPU display HD audio controller Vitaly Kuznetsov (1): Drivers: hv: Rename 'alloced' to 'allocated' Vitaly Lifshits (1): igc: disable L1.2 PCI-E link substate to avoid performance issue Wentao Liang (1): drm/amd/display: Add null pointer check for get_first_active_display() Wolfram Sang (2): i2c: tiny-usb: disable zero-length read messages i2c: robotfuzz-osif: disable zero-length read messages Yao Zi (1): dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Youngjun Lee (1): ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Yu Kuai (1): md/md-bitmap: fix dm-raid max_write_behind setting Yuan Chen (1): libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Łukasz Bartosik (1): xhci: dbctty: disable ECHO flag by default

2 months, 1 week

1
1
0 0

[PATCH] USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition

by Fabio Porcedda

Add Telit Cinterion FE910C04 (ECM) composition: 0x10c7: ECM + tty (AT) + tty (AT) + tty (diag) usb-devices output: T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10c7 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE910 S: SerialNumber=f71b8b32 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/usb/serial/option.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index c0c44e594d36..58b02a09b315 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -627,6 +627,7 @@ static void option_instat_callback(struct urb *urb); /* Interface does not support modem-control requests */ #define NCTRL(ifnum) ((BIT(ifnum) & 0xff) << 8) +#define NCTRL_ALL (0xff << 8) /* Interface is reserved */ #define RSVD(ifnum) ((BIT(ifnum) & 0xff) << 0) @@ -1415,6 +1416,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(5) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x30), /* Telit FE910C04 (ECM) */ + .driver_info = NCTRL_ALL }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x30), /* Telit FN990B (MBIM) */ .driver_info = NCTRL(6) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x40) }, -- 2.49.0

2 months, 1 week

2
3
0 0

[PATCH] ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx

by edip＠medip.dev

From: Edip Hazuri <edip(a)medip.dev> The mute led on this laptop is using ALC245 but requires a quirk to work This patch enables the existing quirk for the device. Tested on Victus 16-r0xxx Laptop. The LED behaviour works as intended. Cc: <stable(a)vger.kernel.org> Signed-off-by: Edip Hazuri <edip(a)medip.dev> --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 060db37ea..132cef8fa 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10814,6 +10814,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8b97, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), SND_PCI_QUIRK(0x103c, 0x8bb3, "HP Slim OMEN", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x103c, 0x8bb4, "HP Slim OMEN", ALC287_FIXUP_CS35L41_I2C_2), + SND_PCI_QUIRK(0x103c, 0x8bbe, "HP Victus 16-r0xxx (MB 8BBE)", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bc8, "HP Victus 15-fa1xxx", ALC245_FIXUP_HP_MUTE_LED_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bcd, "HP Omen 16-xd0xxx", ALC245_FIXUP_HP_MUTE_LED_V1_COEFBIT), SND_PCI_QUIRK(0x103c, 0x8bdd, "HP Envy 17", ALC287_FIXUP_CS35L41_I2C_2), -- 2.50.1

2 months, 1 week

2
1
0 0

[PATCH net v2 1/2] net: ipv4: fix incorrect MTU in broadcast routes

by Oscar Maes

Currently, __mkroute_output overrules the MTU value configured for broadcast routes. This buggy behaviour can be reproduced with: ip link set dev eth1 mtu 9000 ip route del broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.2 ip route add broadcast 192.168.0.255 dev eth1 proto kernel scope link src 192.168.0.2 mtu 1500 The maximum packet size should be 1500, but it is actually 8000: ping -b 192.168.0.255 -s 8000 Fix __mkroute_output to allow MTU values to be configured for for broadcast routes (to support a mixed-MTU local-area-network). Signed-off-by: Oscar Maes <oscmaes92(a)gmail.com> --- net/ipv4/route.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index fccb05fb3..a2a3b6482 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2585,7 +2585,6 @@ static struct rtable *__mkroute_output(const struct fib_result *res, do_cache = true; if (type == RTN_BROADCAST) { flags |= RTCF_BROADCAST | RTCF_LOCAL; - fi = NULL; } else if (type == RTN_MULTICAST) { flags |= RTCF_MULTICAST | RTCF_LOCAL; if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, -- 2.39.5

2 months, 1 week

3
4
0 0

[PATCH v3] USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition

by Fabio Porcedda

Add Telit Cinterion FE910C04 (ECM) composition: 0x10c7: ECM + tty (AT) + tty (AT) + tty (diag) usb-devices output: T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10c7 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE910 S: SerialNumber=f71b8b32 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- v3: * Add missing change history v2: * https://lore.kernel.org/linux-usb/20250710115952.120835-1-fabio.porcedda@gm… * NCTRL_ALL -> NCTRL(4) v1: * https://lore.kernel.org/linux-usb/20250708120004.100254-1-fabio.porcedda@gm… drivers/usb/serial/option.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index c0c44e594d36..147ca50c94be 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1415,6 +1415,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(5) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x30), /* Telit FE910C04 (ECM) */ + .driver_info = NCTRL(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x30), /* Telit FN990B (MBIM) */ .driver_info = NCTRL(6) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x40) }, -- 2.49.0

2 months, 1 week

2
1
0 0

[RESEND PATCH 5.10] fs/proc: do_task_stat: use __for_each_thread()

by Heyne, Maximilian

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 7904e53ed5a20fc678c01d5d1b07ec486425bb6a ] do/while_each_thread should be avoided when possible. Link: https://lkml.kernel.org/r/20230909164501.GA11581@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Stable-dep-of: 7601df8031fd ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats") Cc: stable(a)vger.kernel.org [mheyne: adjusted context] Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> --- Compile-tested only. We're seeing soft lock-ups with 5.10.237 because of the backport of commit 4fe85bdaabd6 ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats"). --- fs/proc/array.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 8fba6d39e776..77b94c04e4af 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -512,18 +512,18 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, cgtime = sig->cgtime; if (whole) { - struct task_struct *t = task; + struct task_struct *t; min_flt = sig->min_flt; maj_flt = sig->maj_flt; gtime = sig->gtime; rcu_read_lock(); - do { + __for_each_thread(sig, t) { min_flt += t->min_flt; maj_flt += t->maj_flt; gtime += task_gtime(t); - } while_each_thread(task, t); + } rcu_read_unlock(); thread_group_cputime_adjusted(task, &utime, &stime); -- 2.47.1 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

2 months, 1 week

3
2
0 0

[PATCH 6.15 000/263] 6.15.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.5 release. There are 263 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 05 Jul 2025 14:39:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.5-rc1 Cyril Bur <cyrilbur(a)tenstorrent.com> riscv: uaccess: Only restore the CSR_STATUS SUM bit Jens Axboe <axboe(a)kernel.dk> io_uring: gate REQ_F_ISREG on !S_ANON_INODE as well Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: flag partial buffer mappings Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth() Chang S. Bae <chang.seok.bae(a)intel.com> x86/pkeys: Simplify PKRU update in signal frame Chang S. Bae <chang.seok.bae(a)intel.com> x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE Danilo Krummrich <dakr(a)kernel.org> rust: devres: do not dereference to the internal Revocable Danilo Krummrich <dakr(a)kernel.org> rust: devres: fix race in Devres::drop() Danilo Krummrich <dakr(a)kernel.org> rust: revocable: indicate whether `data` has been revoked already Danilo Krummrich <dakr(a)kernel.org> rust: completion: implement initial abstraction Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Export full brightness range to userspace Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Optimize custom brightness curve Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only read ACPI backlight caps once Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix default DC and AC levels Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Get LTTPR IEEE OUI/Device ID From Closest LTTPR To Host Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Add early 8b/10b channel equalization test pattern sequence Sasha Levin <sashal(a)kernel.org> sched_ext: Make scx_group_set_weight() always update tg->scx.weight Sasha Levin <sashal(a)kernel.org> arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add missing locking in helper functions Eric Biggers <ebiggers(a)google.com> crypto: powerpc/poly1305 - add depends on BROKEN for now Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage Sasha Levin <sashal(a)kernel.org> arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: Commonize X1 CRD DTSI Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix mpv playback corruption on weston Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: Add dc cap for dp tunneling Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for DSC / HUBP ONO guarantees Frank Min <Frank.Min(a)amd.com> drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: switch job hw_fence to amdgpu_fence Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe: Fix early wedge on GuC load failure Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix taking invalid lock on wedge Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix memset on iomem Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check dce_hwseq before dereferencing it Frank Min <Frank.Min(a)amd.com> drm/amdgpu: Add kicker device detection Sonny Jiang <sonny.jiang(a)amd.com> drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: Fix RMCM programming seq errors Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: add back fix Matthew Auld <matthew.auld(a)intel.com> drm/xe/sched: stop re-submitting signalled jobs Matthew Auld <matthew.auld(a)intel.com> drm/xe/vm: move rebind_work init earlier Zhongwei Zhang <Zhongwei.Zhang(a)amd.com> drm/amd/display: Correct non-OLED pre_T11_delay. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable workload profile switching when OD is enabled John Olender <john.olender(a)gmail.com> drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix phy de-init and flag it so Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Imre Deak <imre.deak(a)intel.com> drm/i915/ptl: Use everywhere the correct DDI port clock select mask Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/gpu: Fix crash when throttling GPU immediately during boot Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/panel: simple: Tianma TM070JDHG34-00: add delays Maíra Canal <mcanal(a)igalia.com> drm/etnaviv: Protect the scheduler's pending list with its lock Thomas Zimmermann <tzimmermann(a)suse.de> drm/cirrus-qemu: Fix pitch programming Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix comment on modeset lock Karan Tilak Kumar <kartilak(a)cisco.com> scsi: fnic: Turn off FDMI ACTIVE flags on link down Karan Tilak Kumar <kartilak(a)cisco.com> scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Chen Yu <yu.c.chen(a)intel.com> scsi: megaraid_sas: Fix invalid node index Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Iusico Maxim <iusico.maxim(a)libero.it> HID: lenovo: Restrict F7/9/11 mode to compact keyboards only Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page David Hildenbrand <david(a)redhat.com> mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" Kairui Song <kasong(a)tencent.com> mm/shmem, swap: fix softlockup with mTHP swapin Kairui Song <kasong(a)tencent.com> mm: userfaultfd: fix race of userfaultfd_move and swap cache Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the creation of page_pool Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> spi: spi-cadence-quadspi: Fix pm runtime unbalance Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: change security_compute_sid to return the ssid or tsid on match Kuan-Wei Chiu <visitorckw(a)gmail.com> Revert "bcache: remove heap-related macros and switch to generic min_heap" Kuan-Wei Chiu <visitorckw(a)gmail.com> Revert "bcache: update min_heap_callbacks to use default builtin swap" Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid inode pointer dereferences during log replay Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Filipe Manana <fdmanana(a)suse.com> btrfs: fix a race between renames and directory logging Kuan-Wei Chiu <visitorckw(a)gmail.com> bcache: remove unnecessary select MIN_HEAP Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fabio Estevam <festevam(a)gmail.com> serial: imx: Restore original RXTL for console to fix data loss Aidan Stewart <astewart(a)tektelic.com> serial: core: restore of_node information in sysfs Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Avadhut Naik <avadhut.naik(a)amd.com> EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs Paulo Alcantara <pc(a)manguebit.org> smb: client: fix potential deadlock when reconnecting channels Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Process deferred GGTT node removals on device unwind Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/guc: Explicitly exit CT safe mode on unwind Jayesh Choudhary <j-choudhary(a)ti.com> drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type Wolfram Sang <wsa+renesas(a)sang-engineering.com> drm/bridge: ti-sn65dsi86: make use of debugfs_init callback Arnd Bergmann <arnd(a)arndb.de> drm/i915: fix build error some more Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Adjust output for discovery error handling Louis Chauvet <louis.chauvet(a)bootlin.com> drm: writeback: Fix drm_writeback_connector_cleanup signature Charles Mirabile <cmirabil(a)redhat.com> riscv: fix runtime constant support for nommu kernels Christoph Hellwig <hch(a)lst.de> nvme: fix atomic write size validation Christoph Hellwig <hch(a)lst.de> nvme: refactor the atomic write unit detection Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Salvatore Bonaccorso <carnil(a)debian.org> ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: replace underscores with dashes in names Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Adin Scannell <amscanne(a)meta.com> libbpf: Fix possible use-after-free for externs Jens Axboe <axboe(a)kernel.dk> io_uring/net: mark iov as dynamically allocated even for single segments Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Al Viro <viro(a)zeniv.linux.org.uk> userns and mnt_idmap leak in open_tree_attr(2) Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Create separate links for VLAN interfaces Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Ido Schimmel <idosch(a)nvidia.com> bridge: mcast: Fix use-after-free during router port configuration Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: ionic: Fix DMA mapping tests Breno Leitao <leitao(a)debian.org> net: netpoll: Initialize UDP checksum field before checksumming Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: ps: fix for soundwire failures during hibernation exit sequence Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() Dan Williams <dan.j.williams(a)intel.com> cxl/ras: Fix CPER handler device confusion Thomas Zeitlhofer <thomas.zeitlhofer+lkml(a)ze-it.at> HID: wacom: fix crash in wacom_aes_battery_handler() Even Xu <even.xu(a)intel.com> HID: Intel-thc-hid: Intel-quicki2c: Enhance QuickI2C reset flow Matthew Auld <matthew.auld(a)intel.com> drm/xe: move DPT l2 flush to a more sensible place Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Move DSB l2 flush to a more sensible place Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64 Haoxiang Li <haoxiang_li2024(a)163.com> drm/xe/display: Add check for alloc_ordered_workqueue() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add compatibility checks for set_hw_resource_1 Takashi Iwai <tiwai(a)suse.de> drm/amd/display: Add sanity checks for drm_edid_raw() Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Nam Cao <namcao(a)linutronix.de> Revert "riscv: misaligned: fix sleeping function called during misaligned access handling" Nam Cao <namcao(a)linutronix.de> Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" Yu Kuai <yukuai3(a)huawei.com> lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't assume uaddr alignment in io_vec_fill_bvec Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: don't rely on user vaddr alignment Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: fix folio unpinning Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Klara Modin <klarasmodin(a)gmail.com> riscv: export boot_cpu_hartid Oliver Schramm <oliver.schramm97(a)gmail.com> ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 Han Gao <rabenda.cn(a)gmail.com> riscv: vector: Fix context save/restore with xtheadvector Paulo Alcantara <pc(a)manguebit.org> smb: client: fix regression with native SMB symlinks SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Niklas Cassel <cassel(a)kernel.org> ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix dentry_name() lookup Haiyue Wang <haiyuewa(a)163.com> fuse: fix runtime warning on truncate_folio_batch_exceptionals() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Check interrupt route from physical CPU Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix interrupt route update with EIOINTC Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add address alignment check for IOCSR emulation Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Disable updating of "num_cpu" and "feature" Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Check validity of "num_cpu" from user space Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Avoid overflow with array index Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Lukasz Kucharczyk <lukasz.kucharczyk(a)leica-geosystems.com> i2c: imx: fix emulated smbus block read Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: omap: Fix an error handling path in omap_i2c_probe() Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't leave consecutive consumed OOB skbs. Haoxiang Li <haoxiang_li2024(a)163.com> drm/i915/display: Add check for alloc_ordered_workqueue() and alloc_workqueue() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix area release on registration failure Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: split out memory holders from area Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: improve area validation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: move io_zcrx_iov_page Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Increase/decrease the PM counter per IOCTL Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Create uvc_pm_(get|put) functions Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Keep streaming state in the file handle Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent David Sterba <dsterba(a)suse.com> btrfs: use unsigned types for constants defined as bit shifts Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 Qu Wenruo <wqu(a)suse.com> btrfs: handle csum tree error with rescue=ibadroots correctly Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between async reclaim worker and close_ctree() Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Ben Dooks <ben.dooks(a)codethink.co.uk> riscv: save the SR_SUM status over switches Ziqi Chen <quic_ziqichen(a)quicinc.com> scsi: ufs: core: Don't perform UFS clkscaling during host async scan Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Shuming Fan <shumingf(a)realtek.com> ASoC: rt1320: fix speaker noise when volume bar is 100% Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Clément Léger <cleger(a)rivosinc.com> riscv: misaligned: declare misaligned_access_speed under CONFIG_RISCV_MISALIGNED Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix in_atomic() handling in do_secure_storage_access() Andy Chiu <andybnac(a)gmail.com> riscv: add a data fence for CMODX in the kernel mode Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: typec: tipd: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: typec: tcpci: Fix wakeup source leaks on device unbind Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: f_hid: wake up readers on disable/unbind Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Chenyuan Yang <chenyuan0y(a)gmail.com> misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Add support for 16-bit report size David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606_spi: check error in ad7606B_sw_mode_config() David Heidelberg <david(a)ixit.cz> iio: light: al3000a: Fix an error handling path in al3000a_probe() Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: add cntrl chan check Purva Yeshi <purvayeshi550(a)gmail.com> iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support for Rev C0 and later devices Benjamin Berg <benjamin.berg(a)intel.com> um: use proper care when taking mmap lock during segfault Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN920C04 modem support Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Lin.Cao <lincao12(a)amd.com> drm/scheduler: signal scheduled fence when kill job Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: seq64 memory unmap uses uninterruptible lock Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn2.5: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn3: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn4: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn5.0.1: read back register after written Yifan Zhang <yifan1.zhang(a)amd.com> amd/amdkfd: fix a kfd_process ref leak Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Hannes Reinecke <hare(a)kernel.org> nvme-tcp: sanitize request list handling Hannes Reinecke <hare(a)kernel.org> nvme-tcp: fix I/O stalls on congested sockets Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mld: Move regulatory domain initialization Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add workaround for errata ERR051624 Hector Martin <marcan(a)marcan.st> PCI: apple: Fix missing OF node reference in apple_pcie_setup_port Wenbin Yao <quic_wenbyao(a)quicinc.com> PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Lukas Wunner <lukas(a)wunner.de> Revert "iommu/amd: Prevent binding other PCI drivers to IOMMU PCI devices" Rudraksha Gupta <guptarud(a)gmail.com> rust: arm: fix unknown (to Clang) argument '-mno-fdpic' FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: module: place cleanup_module() in .exit.text section Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: provide zero as a unique ID to the Mac client Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Scott Mayhew <smayhew(a)redhat.com> NFSv4: xattr handlers should check for absent nfs filehandles Gregory Price <gourry(a)gourry.net> cxl: core/region - ignore interleave granularity when ways=1 Robert Richter <rrichter(a)amd.com> cxl/region: Add a dev_err() on missing target list entries Guang Yuan Wu <gwu(a)ddn.com> fuse: fix race between concurrent setattrs from multiple nodes Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Matthew Sakai <msakai(a)redhat.com> dm vdo indexer: don't read request structure after enqueuing Yikai Tsai <yikai.tsai.wiwynn(a)gmail.com> hwmon: (isl28022) Fix current reading calculation Nikhil Jha <njha(a)janestreet.com> sunrpc: don't immediately retransmit on seqno miss Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: sprd-sc27xx: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: 88pm886: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77705: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77541: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Sagi Grimberg <sagi(a)grimberg.me> NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when timestamps are delegated Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE mode Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers Pali Rohár <pali(a)kernel.org> cifs: Correctly set SMB1 SessionKey field in Session Setup Request ------------- Diffstat: Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Documentation/netlink/specs/tc.yaml | 4 +- Makefile | 4 +- arch/arm64/boot/dts/qcom/x1-crd.dtsi | 1277 ++++++++++++++++++++ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 45 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 1270 +------------------ arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- arch/loongarch/kvm/intc/eiointc.c | 89 +- arch/powerpc/crypto/Kconfig | 1 + arch/riscv/include/asm/cpufeature.h | 5 +- arch/riscv/include/asm/pgtable.h | 1 - arch/riscv/include/asm/processor.h | 1 + arch/riscv/include/asm/runtime-const.h | 2 +- arch/riscv/include/asm/vector.h | 12 +- arch/riscv/kernel/asm-offsets.c | 5 + arch/riscv/kernel/entry.S | 9 + arch/riscv/kernel/setup.c | 1 + arch/riscv/kernel/traps_misaligned.c | 6 +- arch/riscv/mm/cacheflush.c | 15 +- arch/s390/kernel/ptrace.c | 2 +- arch/s390/mm/fault.c | 2 + arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/um/kernel/trap.c | 129 +- arch/x86/include/uapi/asm/debugreg.h | 21 +- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/fpu/signal.c | 11 +- arch/x86/kernel/fpu/xstate.h | 22 +- arch/x86/kernel/traps.c | 34 +- arch/x86/um/asm/checksum.h | 3 + drivers/ata/ahci.c | 2 +- drivers/bus/mhi/host/pci_generic.c | 39 + drivers/cxl/core/ras.c | 47 +- drivers/cxl/core/region.c | 9 +- drivers/dma/idxd/cdev.c | 4 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/edac/amd64_edac.c | 57 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 28 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_seq64.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 17 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 5 + drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 9 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 10 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 6 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 19 + drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 20 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 20 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 21 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 97 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 + drivers/gpu/drm/amd/display/dc/core/dc.c | 33 + drivers/gpu/drm/amd/display/dc/dc.h | 8 +- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 4 +- .../dc/dml2/dml21/dml21_translation_helper.c | 1 + .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 5 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 1 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 9 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 28 + .../display/dc/link/protocols/link_dp_capability.c | 46 +- .../display/dc/link/protocols/link_dp_capability.h | 3 + .../display/dc/link/protocols/link_dp_training.c | 1 - .../dc/link/protocols/link_dp_training_8b_10b.c | 52 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 3 + .../display/dc/resource/dcn314/dcn314_resource.c | 3 + .../amd/display/dc/resource/dcn35/dcn35_resource.c | 3 + .../display/dc/resource/dcn351/dcn351_resource.c | 3 + .../amd/display/dc/resource/dcn36/dcn36_resource.c | 3 + .../drm/amd/display/include/link_service_types.h | 2 + .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/amdgpu_dpm.c | 22 + drivers/gpu/drm/amd/pm/inc/amdgpu_dpm.h | 1 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 12 +- drivers/gpu/drm/ast/ast_mode.c | 6 +- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 32 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 109 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/drm_writeback.c | 7 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 +- drivers/gpu/drm/i915/display/intel_cx0_phy.c | 27 +- drivers/gpu/drm/i915/display/intel_cx0_phy_regs.h | 15 +- .../gpu/drm/i915/display/intel_display_driver.c | 30 +- drivers/gpu/drm/i915/display/intel_dp.c | 17 + drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 4 +- drivers/gpu/drm/i915/display/vlv_dsi.c | 4 +- drivers/gpu/drm/i915/i915_pmu.c | 2 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 1 + drivers/gpu/drm/panel/panel-simple.c | 6 + drivers/gpu/drm/scheduler/sched_entity.c | 1 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/tiny/cirrus-qemu.c | 1 - drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/xe/display/xe_display.c | 2 + drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 11 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 +- drivers/gpu/drm/xe/xe_ggtt.c | 11 + drivers/gpu/drm/xe/xe_gpu_scheduler.h | 10 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 + drivers/gpu/drm/xe/xe_guc_ct.c | 17 +- drivers/gpu/drm/xe/xe_guc_ct.h | 5 + drivers/gpu/drm/xe/xe_guc_pc.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 23 + drivers/gpu/drm/xe/xe_guc_types.h | 5 + drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/hid/hid-appletb-kbd.c | 5 + drivers/hid/hid-lenovo.c | 11 +- .../intel-quicki2c/quicki2c-protocol.c | 26 +- drivers/hid/wacom_sys.c | 7 +- drivers/hwmon/isl28022.c | 6 +- drivers/hwmon/pmbus/max34440.c | 48 +- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-imx.c | 3 +- drivers/i2c/busses/i2c-omap.c | 7 +- drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/adc/ad7606_spi.c | 8 +- drivers/iio/adc/ad_sigma_delta.c | 4 + drivers/iio/dac/adi-axi-dac.c | 24 + drivers/iio/light/al3000a.c | 9 +- drivers/iio/light/hid-sensor-prox.c | 3 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/iommu/amd/init.c | 3 - drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/Kconfig | 1 - drivers/md/bcache/alloc.c | 57 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/bset.c | 116 +- drivers/md/bcache/bset.h | 40 +- drivers/md/bcache/btree.c | 69 +- drivers/md/bcache/extents.c | 43 +- drivers/md/bcache/movinggc.c | 33 +- drivers/md/bcache/super.c | 10 +- drivers/md/bcache/sysfs.c | 4 +- drivers/md/bcache/util.h | 67 +- drivers/md/bcache/writeback.c | 13 +- drivers/md/dm-raid.c | 2 +- drivers/md/dm-vdo/indexer/volume.c | 24 +- drivers/md/md-bitmap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 70 +- drivers/media/usb/uvc/uvc_v4l2.c | 93 +- drivers/media/usb/uvc/uvcvideo.h | 5 + drivers/mfd/88pm886.c | 6 +- drivers/mfd/max14577.c | 1 + drivers/mfd/max77541.c | 2 +- drivers/mfd/max77705.c | 4 +- drivers/mfd/sprd-sc27xx-spi.c | 5 +- drivers/misc/tps6594-pfsm.c | 3 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 +- drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 12 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/fw.c | 8 +- drivers/nvme/host/core.c | 83 +- drivers/nvme/host/nvme.h | 3 +- drivers/nvme/host/tcp.c | 22 +- drivers/pci/controller/dwc/pci-imx6.c | 15 + drivers/pci/controller/dwc/pcie-designware.c | 5 +- drivers/pci/controller/pcie-apple.c | 3 + drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/fnic/fdls_disc.c | 122 +- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fcs.c | 2 + drivers/scsi/fnic/fnic_fdls.h | 1 + drivers/scsi/megaraid/megaraid_sas_base.c | 6 +- drivers/spi/spi-cadence-quadspi.c | 12 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +- drivers/tty/serial/8250/8250_pci1xxxx.c | 10 + drivers/tty/serial/imx.c | 17 +- drivers/tty/serial/serial_base_bus.c | 1 + drivers/tty/serial/uartlite.c | 25 +- drivers/ufs/core/ufshcd.c | 6 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_hid.c | 19 +- drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/typec/altmodes/displayport.c | 4 + drivers/usb/typec/mux.c | 4 +- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 5 +- drivers/usb/typec/tipd/core.c | 2 +- fs/btrfs/backref.h | 4 +- fs/btrfs/direct-io.c | 4 +- fs/btrfs/disk-io.c | 25 +- fs/btrfs/extent_io.h | 2 +- fs/btrfs/inode.c | 95 +- fs/btrfs/ordered-data.c | 14 +- fs/btrfs/raid56.c | 5 +- fs/btrfs/tests/extent-io-tests.c | 6 +- fs/btrfs/tree-log.c | 14 +- fs/btrfs/volumes.c | 6 + fs/btrfs/zstd.c | 2 +- fs/ceph/file.c | 2 +- fs/f2fs/file.c | 38 + fs/f2fs/super.c | 30 +- fs/fuse/dir.c | 11 + fs/fuse/inode.c | 4 + fs/namespace.c | 18 +- fs/nfs/inode.c | 51 +- fs/nfs/nfs4proc.c | 25 +- fs/overlayfs/util.c | 4 +- fs/proc/task_mmu.c | 2 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifspdu.h | 6 +- fs/smb/client/cifssmb.c | 1 + fs/smb/client/connect.c | 58 +- fs/smb/client/misc.c | 8 + fs/smb/client/reparse.c | 20 +- fs/smb/client/sess.c | 21 +- fs/smb/client/trace.h | 24 +- fs/smb/server/connection.h | 1 + fs/smb/server/smb2pdu.c | 72 +- fs/smb/server/smb2pdu.h | 3 + include/net/bluetooth/hci_core.h | 2 + include/uapi/linux/vm_sockets.h | 4 + io_uring/io_uring.c | 3 +- io_uring/kbuf.c | 1 + io_uring/kbuf.h | 1 + io_uring/net.c | 34 +- io_uring/rsrc.c | 57 +- io_uring/rsrc.h | 3 +- io_uring/zcrx.c | 101 +- io_uring/zcrx.h | 11 +- kernel/sched/ext.c | 12 +- lib/group_cpus.c | 9 +- lib/maple_tree.c | 4 +- mm/damon/sysfs-schemes.c | 1 + mm/gup.c | 14 +- mm/memory.c | 20 - mm/shmem.c | 6 +- mm/swap.h | 23 + mm/userfaultfd.c | 33 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/hci_core.c | 34 +- net/bluetooth/l2cap_core.c | 9 +- net/bridge/br_multicast.c | 9 + net/core/netpoll.c | 2 +- net/core/selftests.c | 5 +- net/mac80211/chan.c | 3 + net/mac80211/ieee80211_i.h | 12 + net/mac80211/iface.c | 12 +- net/mac80211/link.c | 94 +- net/mac80211/util.c | 2 +- net/sunrpc/clnt.c | 9 +- net/unix/af_unix.c | 31 +- rust/Makefile | 2 +- rust/bindings/bindings_helper.h | 1 + rust/helpers/completion.c | 8 + rust/helpers/helpers.c | 1 + rust/kernel/devres.rs | 53 +- rust/kernel/revocable.rs | 18 +- rust/kernel/sync.rs | 2 + rust/kernel/sync/completion.rs | 112 ++ rust/macros/module.rs | 1 + scripts/gdb/linux/vfs.py | 2 +- security/selinux/ss/services.c | 16 +- sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/ps/acp63.h | 4 + sound/soc/amd/ps/ps-common.c | 18 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/rt1320-sdw.c | 17 +- sound/soc/codecs/wcd9335.c | 40 +- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + tools/lib/bpf/libbpf.c | 10 +- .../selftests/bpf/progs/test_global_map_resize.c | 16 + 289 files changed, 4527 insertions(+), 2538 deletions(-)

2 months, 1 week

17
285
0 0

[PATCH 6.6 000/132] 6.6.97-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.97 release. There are 132 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.97-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.97-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kernel: Fix ppc_save_regs inclusion in build Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Niklas Schnelle <schnelle(a)linux.ibm.com> iommu: Allow .iotlb_sync_map to fail and handle s390's -ENOMEM return Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Add IOMMU_DOMAIN_PLATFORM for S390 Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: hp-bioscfg: Directly use firmware_attributes_class Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Xin Li (Intel) <xin(a)zytor.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: core: Add OPP support for scaling clocks and regulators Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix abnormal scale up after last cmd finish Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page Chao Yu <chao(a)kernel.org> f2fs: convert f2fs_vm_page_mkwrite() to use folio Daeho Jeong <daehojeong(a)google.com> f2fs: prevent writing without fallocate() for pinned files Chao Yu <chao(a)kernel.org> f2fs: add tracepoint for f2fs_vm_page_mkwrite() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: chan: chandef is non-NULL for reserved Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: dell-sysman: Directly use firmware_attributes_class Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: think-lmi: Directly use firmware_attributes_class Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Simplify API Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Move include linux/device/class.h Ricardo B. Marliere <ricardo(a)marliere.net> platform/x86: make fw_attr_class constant Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8550: add UART14 nodes Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Anand Jain <anand.jain(a)oracle.com> btrfs: rename err to ret in btrfs_rmdir() Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 +++ Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8550.dtsi | 30 ++++ arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/powerpc/kernel/Makefile | 2 - arch/s390/pci/pci_event.c | 18 +++ arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 28 ++-- arch/x86/include/asm/nospec-branch.h | 37 +++-- arch/x86/include/uapi/asm/debugreg.h | 21 ++- arch/x86/kernel/cpu/amd.c | 60 ++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++- arch/x86/kernel/cpu/common.c | 38 +++-- arch/x86/kernel/cpu/microcode/amd.c | 12 -- arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++++++++++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 ++- arch/x86/kernel/traps.c | 32 +++-- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/libata-acpi.c | 24 ++-- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 +- drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 ++- drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 +++-- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 33 +++++ drivers/input/joystick/xpad.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/amd/iommu.c | 5 +- drivers/iommu/apple-dart.c | 5 +- drivers/iommu/intel/iommu.c | 5 +- drivers/iommu/iommu.c | 20 ++- drivers/iommu/msm_iommu.c | 5 +- drivers/iommu/mtk_iommu.c | 5 +- drivers/iommu/rockchip-iommu.c | 3 +- drivers/iommu/s390-iommu.c | 50 +++++-- drivers/iommu/sprd-iommu.c | 5 +- drivers/iommu/sun50i-iommu.c | 6 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 ++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 ++ drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 ++-- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++++++--- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 7 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +++- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 +++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 38 ++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++ .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 ++-- drivers/platform/x86/firmware_attributes_class.c | 41 ++---- drivers/platform/x86/firmware_attributes_class.h | 5 +- drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 +- drivers/platform/x86/think-lmi.c | 103 +++++-------- drivers/powercap/intel_rapl_common.c | 18 ++- drivers/regulator/fan53555.c | 14 ++ drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/ufs/core/ufshcd.c | 160 +++++++++++++++------ drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/quirks.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 ++++ drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci.h | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- fs/anon_inodes.c | 23 ++- fs/btrfs/inode.c | 56 ++++---- fs/btrfs/ordered-data.c | 12 +- fs/btrfs/tree-log.c | 8 +- fs/f2fs/file.c | 118 ++++++++++----- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++----- fs/nfs/inode.c | 17 ++- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/connect.c | 7 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/smb2pdu.c | 10 +- fs/smb/client/trace.h | 18 +-- include/linux/cpu.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/iommu.h | 4 +- include/linux/libata.h | 7 +- include/linux/usb/typec_dp.h | 1 + include/net/bluetooth/hci_core.h | 2 + include/trace/events/f2fs.h | 39 +++-- include/ufs/ufshcd.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- mm/secretmem.c | 11 +- net/bluetooth/hci_core.c | 34 ++++- net/bluetooth/hci_sync.c | 20 ++- net/bluetooth/mgmt.c | 25 +++- net/mac80211/chan.c | 6 +- net/mac80211/ieee80211_i.h | 9 ++ net/mac80211/link.c | 15 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +-- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ 159 files changed, 1840 insertions(+), 657 deletions(-)

2 months, 1 week

3
135
0 0

[PATCH 6.1 00/81] 6.1.144-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.144 release. There are 81 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.144-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.144-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/pci/pci_event.c | 20 ++++ arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 ++- arch/x86/include/asm/nospec-branch.h | 39 +++--- arch/x86/kernel/cpu/amd.c | 58 +++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 14 ++- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 ++- arch/x86/kvm/cpuid.c | 9 +- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 ++ drivers/ata/libata-acpi.c | 24 ++-- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 2 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 ++-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 ++- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 ++++-- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 +++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 ++ drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 ++++++++---- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +++- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 ++++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 38 +++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/think-lmi.c | 53 ++++---- drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- fs/btrfs/inode.c | 7 +- fs/btrfs/tree-log.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++++------ fs/nfs/inode.c | 17 ++- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 7 +- include/linux/cpu.h | 1 + include/linux/libata.h | 7 +- include/linux/usb/typec_dp.h | 1 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/bluetooth/hci_sync.c | 20 ++-- net/bluetooth/mgmt.c | 25 +++- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +-- net/sched/sch_api.c | 19 +-- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 ++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ 105 files changed, 982 insertions(+), 304 deletions(-)

2 months, 1 week

5
88
0 0

[RESEND PATCH 5.15] fs/proc: do_task_stat: use __for_each_thread()

by Heyne, Maximilian

From: Oleg Nesterov <oleg(a)redhat.com> [ Upstream commit 7904e53ed5a20fc678c01d5d1b07ec486425bb6a ] do/while_each_thread should be avoided when possible. Link: https://lkml.kernel.org/r/20230909164501.GA11581@redhat.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Cc: Eric W. Biederman <ebiederm(a)xmission.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Stable-dep-of: 7601df8031fd ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats") Cc: stable(a)vger.kernel.org [mheyne: adjusted context] Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> --- Compile-tested only. We're seeing soft lock-ups with 5.10.237 because of the backport of commit 4fe85bdaabd6 ("fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats"). I'm assuming this is broken on 5.15 too. --- fs/proc/array.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/proc/array.c b/fs/proc/array.c index 2cb01aaa6718..2ff568dc5838 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -530,18 +530,18 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, cgtime = sig->cgtime; if (whole) { - struct task_struct *t = task; + struct task_struct *t; min_flt = sig->min_flt; maj_flt = sig->maj_flt; gtime = sig->gtime; rcu_read_lock(); - do { + __for_each_thread(sig, t) { min_flt += t->min_flt; maj_flt += t->maj_flt; gtime += task_gtime(t); - } while_each_thread(task, t); + } rcu_read_unlock(); } } while (need_seqretry(&sig->stats_lock, seq)); -- 2.47.1 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

2 months, 1 week

2
1
0 0

[PATCH v4 1/8] drm/panfrost: Fix scheduler workqueue bug

by Philipp Stanner

When the GPU scheduler was ported to using a struct for its initialization parameters, it was overlooked that panfrost creates a distinct workqueue for timeout handling. The pointer to this new workqueue is not initialized to the struct, resulting in NULL being passed to the scheduler, which then uses the system_wq for timeout handling. Set the correct workqueue to the init args struct. Cc: stable(a)vger.kernel.org # 6.15+ Fixes: 796a9f55a8d1 ("drm/sched: Use struct for drm_sched_init() params") Reported-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Closes: https://lore.kernel.org/dri-devel/b5d0921c-7cbf-4d55-aa47-c35cd7861c02@igal… Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/gpu/drm/panfrost/panfrost_job.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/panfrost/panfrost_job.c b/drivers/gpu/drm/panfrost/panfrost_job.c index 5657106c2f7d..15e2d505550f 100644 --- a/drivers/gpu/drm/panfrost/panfrost_job.c +++ b/drivers/gpu/drm/panfrost/panfrost_job.c @@ -841,7 +841,6 @@ int panfrost_job_init(struct panfrost_device *pfdev) .num_rqs = DRM_SCHED_PRIORITY_COUNT, .credit_limit = 2, .timeout = msecs_to_jiffies(JOB_TIMEOUT_MS), - .timeout_wq = pfdev->reset.wq, .name = "pan_js", .dev = pfdev->dev, }; @@ -879,6 +878,7 @@ int panfrost_job_init(struct panfrost_device *pfdev) pfdev->reset.wq = alloc_ordered_workqueue("panfrost-reset", 0); if (!pfdev->reset.wq) return -ENOMEM; + args.timeout_wq = pfdev->reset.wq; for (j = 0; j < NUM_JOB_SLOTS; j++) { js->queue[j].fence_context = dma_fence_context_alloc(1); -- 2.49.0

2 months, 1 week

2
1
0 0

[PATCH v2] USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition

by Fabio Porcedda

Add Telit Cinterion FE910C04 (ECM) composition: 0x10c7: ECM + tty (AT) + tty (AT) + tty (diag) usb-devices output: T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10c7 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FE910 S: SerialNumber=f71b8b32 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether E: Ad=82(I) Atr=03(Int.) MxPS= 16 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Cc: stable(a)vger.kernel.org Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/usb/serial/option.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index c0c44e594d36..147ca50c94be 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1415,6 +1415,9 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(5) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d0, 0xff, 0xff, 0x60) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x30), /* Telit FE910C04 (ECM) */ + .driver_info = NCTRL(4) }, + { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10c7, 0xff, 0xff, 0x40) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x30), /* Telit FN990B (MBIM) */ .driver_info = NCTRL(6) }, { USB_DEVICE_AND_INTERFACE_INFO(TELIT_VENDOR_ID, 0x10d1, 0xff, 0xff, 0x40) }, -- 2.49.0

2 months, 1 week

2
1
0 0

[PATCH 2/2] mmc: core: sd: Fix and simplify SD card current limit handling

by Avri Altman

The SD spec says: "In UHS-I mode, after selecting one of SDR50, SDR104, or DDR50 mode by Function Group 1, host needs to change the Power Limit to enable the card to operate in higher performance". The driver previously determined SD card current limits incorrectly by checking capability bits before bus speed was established, and by using support bits in function group 4 (bytes 6 & 7) rather than the actual current requirement (bytes 0 & 1). This is wrong because the card responds for a given bus speed. This patch queries the card's current requirement after setting the bus speed, and uses the reported value to select the appropriate current limit. while at it, remove some unused constants and the misleading comment in the code. Fixes: d9812780a020 ("mmc: sd: limit SD card power limit according to cards capabilities") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 36 +++++++++++++----------------------- include/linux/mmc/card.h | 6 ------ 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index cf92c5b2059a..357edfb910df 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -365,7 +365,6 @@ static int mmc_read_switch(struct mmc_card *card) card->sw_caps.sd3_bus_mode = status[13]; /* Driver Strengths supported by the card */ card->sw_caps.sd3_drv_type = status[9]; - card->sw_caps.sd3_curr_limit = status[7] | status[6] << 8; } out: @@ -556,7 +555,7 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) { int current_limit = SD_SET_CURRENT_LIMIT_200; int err; - u32 max_current; + u32 max_current, card_needs; /* * Current limit switch is only defined for SDR50, SDR104, and DDR50 @@ -575,33 +574,24 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) max_current = sd_get_host_max_current(card->host); /* - * We only check host's capability here, if we set a limit that is - * higher than the card's maximum current, the card will be using its - * maximum current, e.g. if the card's maximum current is 300ma, and - * when we set current limit to 200ma, the card will draw 200ma, and - * when we set current limit to 400/600/800ma, the card will draw its - * maximum 300ma from the host. - * - * The above is incorrect: if we try to set a current limit that is - * not supported by the card, the card can rightfully error out the - * attempt, and remain at the default current limit. This results - * in a 300mA card being limited to 200mA even though the host - * supports 800mA. Failures seen with SanDisk 8GB UHS cards with - * an iMX6 host. --rmk + * query the card of its maximun current/power consumption given the + * bus speed mode */ - if (max_current >= 800 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_800) + err = mmc_sd_switch(card, 0, 0, card->sd_bus_speed, status); + if (err) + return err; + + card_needs = status[1] | status[0] << 8; + + if (max_current >= 800 && card_needs > 600) current_limit = SD_SET_CURRENT_LIMIT_800; - else if (max_current >= 600 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_600) + else if (max_current >= 600 && card_needs > 400) current_limit = SD_SET_CURRENT_LIMIT_600; - else if (max_current >= 400 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) + else if (max_current >= 400 && card_needs > 200) current_limit = SD_SET_CURRENT_LIMIT_400; if (current_limit != SD_SET_CURRENT_LIMIT_200) { - err = mmc_sd_switch(card, SD_SWITCH_SET, 3, - current_limit, status); + err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) return err; diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index e9e964c20e53..67c1386ca574 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -177,17 +177,11 @@ struct sd_switch_caps { #define SD_DRIVER_TYPE_A 0x02 #define SD_DRIVER_TYPE_C 0x04 #define SD_DRIVER_TYPE_D 0x08 - unsigned int sd3_curr_limit; #define SD_SET_CURRENT_LIMIT_200 0 #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) -#define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -#define SD_MAX_CURRENT_600 (1 << SD_SET_CURRENT_LIMIT_600) -#define SD_MAX_CURRENT_800 (1 << SD_SET_CURRENT_LIMIT_800) - #define SD4_SET_POWER_LIMIT_0_72W 0 #define SD4_SET_POWER_LIMIT_1_44W 1 #define SD4_SET_POWER_LIMIT_2_16W 2 -- 2.25.1

2 months, 1 week

3
6
0 0

[PATCH net] net: libwx: fix multicast packets received count

by Jiawen Wu

Multicast good packets received by PF rings that pass ethternet MAC address filtering are counted for rtnl_link_stats64.multicast. The counter is not cleared on read. Fix the duplicate counting on updating statistics. Fixes: 46b92e10d631 ("net: libwx: support hardware statistics") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_hw.c b/drivers/net/ethernet/wangxun/libwx/wx_hw.c index 0f4be72116b8..a9519997286b 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_hw.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_hw.c @@ -2778,6 +2778,7 @@ void wx_update_stats(struct wx *wx) hwstats->fdirmiss += rd32(wx, WX_RDB_FDIR_MISS); } + hwstats->qmprc = 0; for (i = wx->num_vfs * wx->num_rx_queues_per_pool; i < wx->mac.max_rx_queues; i++) hwstats->qmprc += rd32(wx, WX_PX_MPRC(i)); -- 2.48.1

2 months, 1 week

2
3
0 0

[PATCH 5.15 000/149] 5.15.187-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.187 release. There are 149 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 18:32:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.187-rc3 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: add support for CPUID leaf 0x80000021 Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Ioana Ciornei <ioana.ciornei(a)nxp.com> net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update SINGLE_STEP register access Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update dpni_get_single_step_cfg command Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Jerome Neanne <jneanne(a)baylibre.com> regulator: gpio: Add input_supply support in gpio_regulator_config Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: 9354/1: ptrace: Use bitfield helpers Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Fix last breaking event handling in case of stack corruption Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Dexuan Cui <decui(a)microsoft.com> PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Thomas Zimmermann <tzimmermann(a)suse.de> dummycon: Trigger redraw when switching consoles with deferred takeover Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make consw::con_switch() return a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: sanitize arguments of consw::con_clear() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make init parameter of consw::con_init() a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: remove unneeded forward declarations Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() Jiri Slaby <jirislaby(a)kernel.org> tty/vt: consolemap: rename and document struct uni_pagedir Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: delete a few unneeded forward decl Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Vitaly Kuznetsov <vkuznets(a)redhat.com> Drivers: hv: Rename 'alloced' to 'allocated' Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Drop the first error frames Miquel Raynal <miquel.raynal(a)bootlin.com> clk: ti: am43xx: Add clkctrl data for am43xx ADC1 Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> media: davinci: vpif: Fix memory leak in probe error path Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm/include/asm/ptrace.h | 5 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/kernel/entry.S | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 13 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 ++- arch/x86/include/asm/nospec-branch.h | 39 +++--- arch/x86/kernel/cpu/amd.c | 58 +++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 14 ++- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 ++- arch/x86/kvm/cpuid.c | 25 +++- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/um/asm/checksum.h | 3 + drivers/acpi/acpica/dsmethod.c | 7 ++ drivers/ata/pata_cs5536.c | 2 +- drivers/base/cpu.c | 7 ++ drivers/clk/ti/clk-43xx.c | 1 + drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/bridge/cdns-dsi.c | 27 ++++- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 ++-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 9 ++ drivers/gpu/drm/tegra/dc.c | 17 ++- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 39 ++++-- drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 33 +++-- drivers/hv/hyperv_vmbus.h | 19 +-- drivers/hv/vmbus_drv.c | 2 +- drivers/hwmon/pmbus/max34440.c | 48 +++++++- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/media/platform/davinci/vpif.c | 4 +- drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 +- drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 42 ++++--- drivers/mfd/max14577.c | 1 + drivers/mmc/core/quirks.h | 16 +-- drivers/mmc/host/mtk-sd.c | 21 +++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 ++ drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 ++++++++---- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 ++++++++++++++++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 ++- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 ++- drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +- drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 + drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 ++++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/pci/controller/pci-hyperv.c | 17 ++- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/ideapad-laptop.c | 19 ++- drivers/platform/x86/think-lmi.c | 18 +-- drivers/regulator/gpio-regulator.c | 19 ++- drivers/rtc/rtc-cmos.c | 10 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +++---- drivers/target/target_core_pr.c | 4 +- drivers/tty/serial/uartlite.c | 25 ++-- drivers/tty/vt/consolemap.c | 47 +++++--- drivers/tty/vt/vt.c | 12 +- drivers/uio/uio_hv_generic.c | 10 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/class/cdc-wdm.c | 23 ++-- drivers/usb/common/usb-conn-gpio.c | 25 +++- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 ++- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/video/console/dummycon.c | 24 ++-- drivers/video/console/mdacon.c | 21 ++-- drivers/video/console/newport_con.c | 12 +- drivers/video/console/sticon.c | 14 +-- drivers/video/console/vgacon.c | 38 +++--- drivers/video/fbdev/core/fbcon.c | 57 ++++----- fs/btrfs/inode.c | 19 ++- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 ++ fs/f2fs/super.c | 30 +++-- fs/jfs/jfs_dmap.c | 41 ++----- fs/ksmbd/smb2pdu.c | 53 ++++---- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++++------ fs/nfs/inode.c | 19 ++- fs/nfs/nfs4proc.c | 12 +- fs/nfs/pnfs.c | 4 +- fs/overlayfs/util.c | 4 +- include/dt-bindings/clock/am4.h | 1 + include/linux/console.h | 13 +- include/linux/console_struct.h | 6 +- include/linux/cpu.h | 1 + include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/linux/regulator/gpio-regulator.h | 2 + include/linux/usb/typec_dp.h | 1 + include/uapi/linux/vm_sockets.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/rose/rose_route.c | 15 +-- net/sched/sch_api.c | 19 +-- net/unix/af_unix.c | 18 ++- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 ++ sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 177 files changed, 1584 insertions(+), 628 deletions(-)

2 months, 1 week

6
5
0 0

[PATCH 6.1 00/81] 6.1.144-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.144 release. There are 81 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 18:08:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.144-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.144-rc2 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/pci/pci_event.c | 20 ++++ arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 ++- arch/x86/include/asm/nospec-branch.h | 39 +++--- arch/x86/kernel/cpu/amd.c | 58 +++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++++++- arch/x86/kernel/cpu/common.c | 14 ++- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 ++- arch/x86/kvm/cpuid.c | 9 +- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 ++ drivers/ata/libata-acpi.c | 24 ++-- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 7 ++ drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 ++-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 ++- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 ++++-- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 +++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 ++ drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 ++++++++---- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +++- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 ++++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 38 +++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/think-lmi.c | 53 ++++---- drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- fs/btrfs/inode.c | 7 +- fs/btrfs/tree-log.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++++------ fs/nfs/inode.c | 17 ++- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 7 +- include/linux/cpu.h | 1 + include/linux/libata.h | 7 +- include/linux/usb/typec_dp.h | 1 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/bluetooth/hci_sync.c | 20 ++-- net/bluetooth/mgmt.c | 25 +++- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +-- net/sched/sch_api.c | 19 +-- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 ++ sound/soc/amd/yc/acp6x-mach.c | 7 ++ 105 files changed, 987 insertions(+), 304 deletions(-)

2 months, 1 week

9
8
0 0

[merged mm-nonmm-stable] ocfs2-reset-folio-to-null-when-get-folio-fails.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: reset folio to NULL when get folio fails has been removed from the -mm tree. Its filename was ocfs2-reset-folio-to-null-when-get-folio-fails.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lizhi Xu <lizhi.xu(a)windriver.com> Subject: ocfs2: reset folio to NULL when get folio fails Date: Mon, 16 Jun 2025 09:31:40 +0800 The reproducer uses FAULT_INJECTION to make memory allocation fail, which causes __filemap_get_folio() to fail, when initializing w_folios[i] in ocfs2_grab_folios_for_write(), it only returns an error code and the value of w_folios[i] is the error code, which causes ocfs2_unlock_and_free_folios() to recycle the invalid w_folios[i] when releasing folios. Link: https://lkml.kernel.org/r/20250616013140.3602219-1-lizhi.xu@windriver.com Reported-by: syzbot+c2ea94ae47cd7e3881ec(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c2ea94ae47cd7e3881ec Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/aops.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ocfs2/aops.c~ocfs2-reset-folio-to-null-when-get-folio-fails +++ a/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(s if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; } } _ Patches currently in -mm which might be from lizhi.xu(a)windriver.com are

2 months, 1 week

1
0
0 0

[merged mm-stable] mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() has been removed from the -mm tree. Its filename was mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Anshuman Khandual <anshuman.khandual(a)arm.com> Subject: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Date: Fri, 20 Jun 2025 10:54:27 +0530 Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications of the kernel page tables. When leaf entries are modified concurrently, the dump code may log stale or inconsistent information for a VA range, but this is otherwise not harmful. But when intermediate levels of kernel page table are freed, the dump code will continue to use memory that has been freed and potentially reallocated for another purpose. In such cases, the ptdump code may dereference bogus addresses, leading to a number of potential problems. To avoid the above mentioned race condition, platforms such as arm64, riscv and s390 take memory hotplug lock, while dumping kernel page table via the sysfs interface /sys/kernel/debug/kernel_page_tables. Similar race condition exists while checking for pages that might have been marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages which in turn calls ptdump_check_wx(). Instead of solving this race condition again, let's just move the memory hotplug lock inside generic ptdump_check_wx() which will benefit both the scenarios. Drop get_online_mems() and put_online_mems() combination from all existing platform ptdump code paths. Link: https://lkml.kernel.org/r/20250620052427.2092093-1-anshuman.khandual@arm.com Fixes: bbd6ec605c0f ("arm64/mm: Enable memory hot remove") Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Dev Jain <dev.jain(a)arm.com> Acked-by: Alexander Gordeev <agordeev(a)linux.ibm.com> [s390] Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/mm/ptdump_debugfs.c | 3 --- arch/riscv/mm/ptdump.c | 3 --- arch/s390/mm/dump_pagetables.c | 2 -- mm/ptdump.c | 2 ++ 4 files changed, 2 insertions(+), 8 deletions(-) --- a/arch/arm64/mm/ptdump_debugfs.c~mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd +++ a/arch/arm64/mm/ptdump_debugfs.c @@ -1,6 +1,5 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/debugfs.h> -#include <linux/memory_hotplug.h> #include <linux/seq_file.h> #include <asm/ptdump.h> @@ -9,9 +8,7 @@ static int ptdump_show(struct seq_file * { struct ptdump_info *info = m->private; - get_online_mems(); ptdump_walk(m, info); - put_online_mems(); return 0; } DEFINE_SHOW_ATTRIBUTE(ptdump); --- a/arch/riscv/mm/ptdump.c~mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd +++ a/arch/riscv/mm/ptdump.c @@ -6,7 +6,6 @@ #include <linux/efi.h> #include <linux/init.h> #include <linux/debugfs.h> -#include <linux/memory_hotplug.h> #include <linux/seq_file.h> #include <linux/ptdump.h> @@ -413,9 +412,7 @@ bool ptdump_check_wx(void) static int ptdump_show(struct seq_file *m, void *v) { - get_online_mems(); ptdump_walk(m, m->private); - put_online_mems(); return 0; } --- a/arch/s390/mm/dump_pagetables.c~mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd +++ a/arch/s390/mm/dump_pagetables.c @@ -247,11 +247,9 @@ static int ptdump_show(struct seq_file * .marker = markers, }; - get_online_mems(); mutex_lock(&cpa_mutex); ptdump_walk_pgd(&st.ptdump, &init_mm, NULL); mutex_unlock(&cpa_mutex); - put_online_mems(); return 0; } DEFINE_SHOW_ATTRIBUTE(ptdump); --- a/mm/ptdump.c~mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_pgd +++ a/mm/ptdump.c @@ -176,6 +176,7 @@ void ptdump_walk_pgd(struct ptdump_state { const struct ptdump_range *range = st->range; + get_online_mems(); mmap_write_lock(mm); while (range->start != range->end) { walk_page_range_debug(mm, range->start, range->end, @@ -183,6 +184,7 @@ void ptdump_walk_pgd(struct ptdump_state range++; } mmap_write_unlock(mm); + put_online_mems(); /* Flush out the last page */ st->note_page_flush(st); _ Patches currently in -mm which might be from anshuman.khandual(a)arm.com are

2 months, 1 week

1
0
0 0

[merged mm-stable] mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() has been removed from the -mm tree. Its filename was mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Date: Fri, 13 Jun 2025 11:27:00 +0200 Patch series "mm/huge_memory: vmf_insert_folio_*() and vmf_insert_pfn_pud() fixes", v3. While working on improving vm_normal_page() and friends, I stumbled over this issues: refcounted "normal" folios must not be marked using pmd_special() / pud_special(). Otherwise, we're effectively telling the system that these folios are no "normal", violating the rules we documented for vm_normal_page(). Fortunately, there are not many pmd_special()/pud_special() users yet. So far there doesn't seem to be serious damage. Tested using the ndctl tests ("ndctl:dax" suite). This patch (of 3): We set up the cache mode but ... don't forward the updated pgprot to insert_pfn_pud(). Only a problem on x86-64 PAT when mapping PFNs using PUDs that require a special cachemode. Fix it by using the proper pgprot where the cachemode was setup. It is unclear in which configurations we would get the cachemode wrong: through vfio seems possible. Getting cachemodes wrong is usually ... bad. As the fix is easy, let's backport it to stable. Identified by code inspection. Link: https://lkml.kernel.org/r/20250613092702.1943533-1-david@redhat.com Link: https://lkml.kernel.org/r/20250613092702.1943533-2-david@redhat.com Fixes: 7b806d229ef1 ("mm: remove vmf_insert_pfn_xxx_prot() for huge page-table entries") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Tested-by: Dan Williams <dan.j.williams(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Mariano Pache <npache(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/huge_memory.c~mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud +++ a/mm/huge_memory.c @@ -1516,10 +1516,9 @@ static pud_t maybe_pud_mkwrite(pud_t pud } static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, - pud_t *pud, pfn_t pfn, bool write) + pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) { struct mm_struct *mm = vma->vm_mm; - pgprot_t prot = vma->vm_page_prot; pud_t entry; if (!pud_none(*pud)) { @@ -1581,7 +1580,7 @@ vm_fault_t vmf_insert_pfn_pud(struct vm_ pfnmap_setup_cachemode_pfn(pfn_t_to_pfn(pfn), &pgprot); ptl = pud_lock(vma->vm_mm, vmf->pud); - insert_pfn_pud(vma, addr, vmf->pud, pfn, write); + insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; @@ -1625,7 +1624,7 @@ vm_fault_t vmf_insert_folio_pud(struct v add_mm_counter(mm, mm_counter_file(folio), HPAGE_PUD_NR); } insert_pfn_pud(vma, addr, vmf->pud, pfn_to_pfn_t(folio_pfn(folio)), - write); + vma->vm_page_prot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; _ Patches currently in -mm which might be from david(a)redhat.com are mm-balloon_compaction-we-cannot-have-isolated-pages-in-the-balloon-list.patch mm-balloon_compaction-convert-balloon_page_delete-to-balloon_page_finalize.patch mm-zsmalloc-drop-pageisolated-related-vm_bug_ons.patch mm-page_alloc-let-page-freeing-clear-any-set-page-type.patch mm-balloon_compaction-make-pageoffline-sticky-until-the-page-is-freed.patch mm-zsmalloc-make-pagezsmalloc-sticky-until-the-page-is-freed.patch mm-migrate-rename-isolate_movable_page-to-isolate_movable_ops_page.patch mm-migrate-rename-putback_movable_folio-to-putback_movable_ops_page.patch mm-migrate-factor-out-movable_ops-page-handling-into-migrate_movable_ops_page.patch mm-migrate-remove-folio_test_movable-and-folio_movable_ops.patch mm-migrate-move-movable_ops-page-handling-out-of-move_to_new_folio.patch mm-zsmalloc-stop-using-__clearpagemovable.patch mm-balloon_compaction-stop-using-__clearpagemovable.patch mm-migrate-remove-__clearpagemovable.patch mm-migration-remove-pagemovable.patch mm-rename-__pagemovable-to-page_has_movable_ops.patch mm-page_isolation-drop-__folio_test_movable-check-for-large-folios.patch mm-remove-__folio_test_movable.patch mm-stop-storing-migration_ops-in-page-mapping.patch mm-convert-movable-flag-in-page-mapping-to-a-page-flag.patch mm-rename-pg_isolated-to-pg_movable_ops_isolated.patch mm-page-flags-rename-page_mapping_movable-to-page_mapping_anon_ksm.patch mm-page-alloc-remove-pagemappingflags.patch mm-page-flags-remove-folio_mapping_flags.patch mm-simplify-folio_expected_ref_count.patch mm-rename-page_mapping_-to-folio_mapping_.patch docs-mm-convert-from-non-lru-page-migration-to-movable_ops-page-migration.patch mm-balloon_compaction-movable_ops-doc-updates.patch mm-balloon_compaction-provide-single-balloon_page_insert-and-balloon_mapping_gfp_mask.patch mm-convert-fpb_ignore_-into-fpb_respect_.patch mm-smaller-folio_pte_batch-improvements.patch mm-split-folio_pte_batch-into-folio_pte_batch-and-folio_pte_batch_flags.patch mm-remove-boolean-output-parameters-from-folio_pte_batch_ext.patch mm-memory-introduce-is_huge_zero_pfn-and-use-it-in-vm_normal_page_pmd.patch

2 months, 1 week

1
0
0 0

[merged mm-stable] mm-memory-tier-fix-abstract-distance-calculation-overflow.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-tier: fix abstract distance calculation overflow has been removed from the -mm tree. Its filename was mm-memory-tier-fix-abstract-distance-calculation-overflow.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Li Zhijian <lizhijian(a)fujitsu.com> Subject: mm/memory-tier: fix abstract distance calculation overflow Date: Tue, 10 Jun 2025 14:27:51 +0800 In mt_perf_to_adistance(), the calculation of abstract distance (adist) involves multiplying several int values including MEMTIER_ADISTANCE_DRAM. *adist = MEMTIER_ADISTANCE_DRAM * (perf->read_latency + perf->write_latency) / (default_dram_perf.read_latency + default_dram_perf.write_latency) * (default_dram_perf.read_bandwidth + default_dram_perf.write_bandwidth) / (perf->read_bandwidth + perf->write_bandwidth); Since these values can be large, the multiplication may exceed the maximum value of an int (INT_MAX) and overflow (Our platform did), leading to an incorrect adist. User-visible impact: The memory tiering subsystem will misinterpret slow memory (like CXL) as faster than DRAM, causing inappropriate demotion of pages from CXL (slow memory) to DRAM (fast memory). For example, we will see the following demotion chains from the dmesg, where Node0,1 are DRAM, and Node2,3 are CXL node: Demotion targets for Node 0: null Demotion targets for Node 1: null Demotion targets for Node 2: preferred: 0-1, fallback: 0-1 Demotion targets for Node 3: preferred: 0-1, fallback: 0-1 Change MEMTIER_ADISTANCE_DRAM to be a long constant by writing it with the 'L' suffix. This prevents the overflow because the multiplication will then be done in the long type which has a larger range. Link: https://lkml.kernel.org/r/20250611023439.2845785-1-lizhijian@fujitsu.com Link: https://lkml.kernel.org/r/20250610062751.2365436-1-lizhijian@fujitsu.com Fixes: 3718c02dbd4c ("acpi, hmat: calculate abstract distance with HMAT") Signed-off-by: Li Zhijian <lizhijian(a)fujitsu.com> Reviewed-by: Huang Ying <ying.huang(a)linux.alibaba.com> Acked-by: Balbir Singh <balbirs(a)nvidia.com> Reviewed-by: Donet Tom <donettom(a)linux.ibm.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/memory-tiers.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/memory-tiers.h~mm-memory-tier-fix-abstract-distance-calculation-overflow +++ a/include/linux/memory-tiers.h @@ -18,7 +18,7 @@ * adistance value (slightly faster) than default DRAM adistance to be part of * the same memory tier. */ -#define MEMTIER_ADISTANCE_DRAM ((4 * MEMTIER_CHUNK_SIZE) + (MEMTIER_CHUNK_SIZE >> 1)) +#define MEMTIER_ADISTANCE_DRAM ((4L * MEMTIER_CHUNK_SIZE) + (MEMTIER_CHUNK_SIZE >> 1)) struct memory_tier; struct memory_dev_type { _ Patches currently in -mm which might be from lizhijian(a)fujitsu.com are

2 months, 1 week

1
0
0 0

[merged mm-stable] readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: readahead: fix return value of page_cache_next_miss() when no hole is found has been removed from the -mm tree. Its filename was readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Chi Zhiling <chizhiling(a)kylinos.cn> Subject: readahead: fix return value of page_cache_next_miss() when no hole is found Date: Thu, 5 Jun 2025 13:49:35 +0800 max_scan in page_cache_next_miss always decreases to zero when no hole is found, causing the return value to be index + 0. Fix this by preserving the max_scan value throughout the loop. Jan said "From what I know and have seen in the past, wrong responses from page_cache_next_miss() can lead to readahead window reduction and thus reduced read speeds." Link: https://lkml.kernel.org/r/20250605054935.2323451-1-chizhiling@163.com Fixes: 901a269ff3d5 ("filemap: fix page_cache_next_miss() when no hole found") Signed-off-by: Chi Zhiling <chizhiling(a)kylinos.cn> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: Josef Bacik <josef(a)toxicpanda.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/filemap.c~readahead-fix-return-value-of-page_cache_next_miss-when-no-hole-is-found +++ a/mm/filemap.c @@ -1778,8 +1778,9 @@ pgoff_t page_cache_next_miss(struct addr pgoff_t index, unsigned long max_scan) { XA_STATE(xas, &mapping->i_pages, index); + unsigned long nr = max_scan; - while (max_scan--) { + while (nr--) { void *entry = xas_next(&xas); if (!entry || xa_is_value(entry)) return xas.xa_index; _ Patches currently in -mm which might be from chizhiling(a)kylinos.cn are

2 months, 1 week

1
0
0 0

VMware Workstation Pro w/ recent Kernel-6.15.4

by Christopher Turcotte

Good morning I'm hoping for a resolution to an issue I'm currently having with the latest kernel release and Workstation Pro (Free Edition). Every time I try to open Workstation, it's prompting me to reinstall modules that ultimately fail (see screenshots). Also see the attached log file. After doing some research, I see the issue is that several header files are missing. I've tried to manually compile and install original modules, but with no success. I'm still faced with an incompatibility issue and the latest kernel. This problem does not occur when I switch back to kernel 6.14. I'm currently running the latest kernel (6.15.4) on Fedora 42. My hardware specs: CPU: AMD Ryzen 7840U Memory: Crucial 96 GB 5600 DDR5 [Screenshot From 2025-07-08 16-53-52.png][Screenshot From 2025-07-08 16-54-06.png],

2 months, 1 week

3
2
0 0

[PATCH 6.15 000/178] 6.15.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.6 release. There are 178 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.6-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov <bp(a)alien8.de> KVM: x86: Sort CPUID_8000_0021_EAX leaf bits properly Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Jeongjun Park <aha310510(a)gmail.com> mm/vmalloc: fix data race in show_numa_info() Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Vivian Wang <wangruikang(a)iscas.ac.cn> riscv: cpu_ops_sbi: Use static array for boot_data Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Assign devtlb cache tag on ATS enablement Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Jens Wiklander <jens.wiklander(a)linaro.org> optee: ffa: fix sleep in atomic context Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: i2c: realtek,rtl9301: Fix missing 'reg' constraint Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Shyam Prasad N <sprasad(a)microsoft.com> cifs: all initializations for tcon should happen in tcon_info_alloc Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: acpi: fix device link removal Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume SCHNEIDER Johannes <johannes.schneider(a)leica-geosystems.com> usb: dwc3: gadget: Fix TRB reclaim logic for short transfers and ZLPs Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix memory corruption of input_handler_list Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Roy Luo <royluo(a)google.com> Revert "usb: xhci: Implement xhci_handshake_check_state() helper" Roy Luo <royluo(a)google.com> usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Gyeyoung Baek <gye976(a)gmail.com> genirq/irq_sim: Initialize work context pointers properly Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Jake Hillion <jake(a)hillion.co.uk> x86/platform/amd: move final timeout check to after final sleep Harry Austen <hpausten(a)protonmail.com> drm/xe: Allow dropping kunit dependency as built-in David Howells <dhowells(a)redhat.com> netfs: Fix double put of request Paulo Alcantara <pc(a)manguebit.org> smb: client: fix native SMB symlink traversal Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Antoine Tenart <atenart(a)kernel.org> net: ipv4: fix stat increase when udp early demux drops the packet Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_22019338487 Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_14022085890 Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Split xe_device_td_flush() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/guc_pc: Add _locked variant for min/max freq John Harrison <John.C.Harrison(a)Intel.com> drm/xe/guc: Enable w/a 16026508708 David Howells <dhowells(a)redhat.com> netfs: Fix i_size updating Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_writev_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_readv_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in smb2_writev_callback() David Howells <dhowells(a)redhat.com> netfs: Fix ref leak on inserted extra subreq in write retry David Howells <dhowells(a)redhat.com> netfs: Fix looping in wait functions David Howells <dhowells(a)redhat.com> netfs: Fix hang due to missing case in final DIO read result collection Jia Yao <jia.yao(a)intel.com> drm/xe: Fix out-of-bounds field write in MI_STORE_DATA_IMM Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: convert control queue mutex to a spinlock Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> idpf: return 0 size for RSS key if not supported Geliang Tang <geliang(a)kernel.org> nvme-multipath: fix suspicious RCU usage warning Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Marko Kiiskila <marko.kiiskila(a)broadcom.com> drm/vmwgfx: Fix guests running with TDX/SEV Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: aux-hpd-bridge: fix assignment of the of_node Dmitry Baryshkov <lumag(a)kernel.org> drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Eugen Hristev <eugen.hristev(a)linaro.org> nvme-pci: refresh visible attrs after being checked Dmitry Bogdanov <d.bogdanov(a)yadro.com> nvmet: fix memory leak of bio integrity Alok Tiwari <alok.a.tiwari(a)oracle.com> nvme: Fix incorrect cdw15 value in passthru error logging Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: reallocate BAM transactions Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: record new subvolume in parent dir earlier to avoid dir logging races Filipe Manana <fdmanana(a)suse.com> btrfs: fix inode lookup error handling during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix failure to rebuild free space tree using multiple transactions Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes Armin Wolf <W_Armin(a)gmx.de> platform/x86: wmi: Fix WMI event enablement Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Or Har-Toov <ohartoov(a)nvidia.com> IB/mlx5: Fix potential deadlock in MR deregistration Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Christoph Hellwig <hch(a)lst.de> scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set jackysliu <1972843537(a)qq.com> scsi: sd: Fix VPD page 0xb7 length check Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Sven Peter <sven(a)kernel.org> arm64: dts: apple: Move touchbar mipi {address,size}-cells from dtsi to dts Sven Peter <sven(a)kernel.org> arm64: dts: apple: Drop {address,size}-cells from SPI NOR Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Arnd Bergmann <arnd(a)arndb.de> RDMA/mlx5: reduce stack usage in mlx5_ib_ufile_hw_cleanup Tudor Ambarus <tudor.ambarus(a)linaro.org> firmware: exynos-acpm: fix timeouts on xfers handling Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Fix the missing entry in struct ffa_indirect_msg_hdr Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Move memory allocation outside the mutex locking Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Fix memory leak by freeing notifier callback node Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Christian Brauner <brauner(a)kernel.org> anon_inode: rework assertions Yunshui Jiang <jiangyunshui(a)kylinos.cn> Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Christian Eggers <ceggers(a)arri.de> Bluetooth: HCI: Set extended advertising data synchronously Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: core: Adjust some error messages for SD UHS-II cards Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-uhs2: Adjust some error messages and register dump for SD UHS-II card Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Darrick J. Wong <djwong(a)kernel.org> xfs: actually use the xfs_growfs_check_rtgeom tracepoint Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the incorrect display of the queue number Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Add asserts testing global mfd Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Add missing close(mfd) in memfd_mmap() HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: request MISC IRQ in ndo_open Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: net: sophgo,sg2044-dwmac: Drop status from the example Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: xsk: rx: fix the frame's length check Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 ++ .../bindings/i2c/realtek,rtl9301-i2c.yaml | 3 +- .../bindings/net/sophgo,sg2044-dwmac.yaml | 3 +- Makefile | 4 +- arch/arm64/boot/dts/apple/spi1-nvram.dtsi | 2 - arch/arm64/boot/dts/apple/t8103-j293.dts | 2 + arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/apple/t8103.dtsi | 2 - arch/arm64/boot/dts/apple/t8112-j493.dts | 2 + arch/arm64/boot/dts/apple/t8112.dtsi | 2 - arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/riscv/kernel/cpu_ops_sbi.c | 6 +- arch/s390/pci/pci_event.c | 15 ++ arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpufeatures.h | 5 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/mwait.h | 28 ++- arch/x86/include/asm/nospec-branch.h | 37 +-- arch/x86/kernel/cpu/amd.c | 44 ++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 +- arch/x86/kvm/cpuid.c | 15 +- arch/x86/kvm/reverse_cpuid.h | 7 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/libata-acpi.c | 24 +- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/firmware/arm_ffa/driver.c | 71 +++--- drivers/firmware/samsung/exynos-acpm.c | 27 +-- drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 +- drivers/gpu/drm/bridge/panel.c | 5 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 ++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 +- drivers/gpu/drm/xe/Kconfig | 3 +- drivers/gpu/drm/xe/abi/guc_klvs_abi.h | 1 + drivers/gpu/drm/xe/xe_device.c | 72 +++--- drivers/gpu/drm/xe/xe_guc_ads.c | 5 + drivers/gpu/drm/xe/xe_guc_pc.c | 249 ++++++++++++++++----- drivers/gpu/drm/xe/xe_guc_pc.h | 2 + drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 + drivers/gpu/drm/xe/xe_migrate.c | 18 +- drivers/gpu/drm/xe/xe_wa_oob.rules | 6 + drivers/hid/hid-appletb-kbd.c | 14 +- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 10 +- drivers/infiniband/hw/mlx5/main.c | 33 +++ drivers/infiniband/hw/mlx5/mr.c | 61 +++-- drivers/infiniband/hw/mlx5/odp.c | 8 +- drivers/input/joystick/xpad.c | 2 + drivers/input/misc/cs40l50-vibra.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/intel/cache.c | 5 +- drivers/iommu/intel/iommu.c | 11 +- drivers/iommu/intel/iommu.h | 2 + drivers/iommu/rockchip-iommu.c | 3 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/core/sd_uhs2.c | 4 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci-uhs2.c | 20 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 ++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 ++ drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++++-- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 ++- drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 +- .../net/ethernet/intel/idpf/idpf_controlq_api.h | 2 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 ++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 + drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 +- drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 60 ++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/multipath.c | 3 +- drivers/nvme/host/pci.c | 6 +- drivers/nvme/target/nvmet.h | 2 + drivers/platform/mellanox/mlxbf-pmc.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/hsmp/hsmp.c | 6 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 4 +- drivers/platform/x86/think-lmi.c | 94 +++----- drivers/platform/x86/wmi.c | 16 +- drivers/powercap/intel_rapl_common.c | 18 +- drivers/regulator/fan53555.c | 14 ++ drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/hosts.c | 18 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/sd.c | 2 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/spi/spi-qpic-snand.c | 16 ++ drivers/target/target_core_pr.c | 4 +- drivers/tee/optee/ffa_abi.c | 41 +++- drivers/tee/optee/optee_private.h | 2 + drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-debug.h | 5 +- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.h | 6 + drivers/usb/cdns3/cdnsp-ring.c | 7 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/hub.c | 3 + drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb-acpi.c | 4 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 24 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 +++ drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/host/xhci.c | 31 +-- drivers/usb/host/xhci.h | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- fs/anon_inodes.c | 23 +- fs/btrfs/block-group.h | 2 + fs/btrfs/free-space-tree.c | 40 ++++ fs/btrfs/inode.c | 36 +-- fs/btrfs/ioctl.c | 4 +- fs/btrfs/tree-log.c | 137 ++++++------ fs/exec.c | 9 +- fs/libfs.c | 8 +- fs/namei.c | 2 +- fs/netfs/buffered_write.c | 2 + fs/netfs/direct_write.c | 8 +- fs/netfs/misc.c | 26 ++- fs/netfs/write_retry.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 120 +++++++--- fs/nfs/inode.c | 17 +- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifsproto.h | 1 + fs/smb/client/cifssmb.c | 2 + fs/smb/client/connect.c | 15 +- fs/smb/client/fs_context.c | 17 +- fs/smb/client/misc.c | 6 + fs/smb/client/readdir.c | 2 +- fs/smb/client/reparse.c | 22 +- fs/smb/client/smb2pdu.c | 11 +- fs/xfs/xfs_rtalloc.c | 2 + include/linux/arm_ffa.h | 1 + include/linux/cpu.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/libata.h | 7 +- include/linux/usb.h | 2 + include/linux/usb/typec_dp.h | 1 + include/trace/events/netfs.h | 1 + kernel/irq/irq_sim.c | 2 +- kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- mm/secretmem.c | 9 +- mm/vmalloc.c | 63 +++--- net/bluetooth/hci_event.c | 36 --- net/bluetooth/hci_sync.c | 227 +++++++++++-------- net/bluetooth/mgmt.c | 25 ++- net/ipv4/ip_input.c | 7 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ tools/testing/selftests/iommu/iommufd.c | 32 ++- tools/testing/selftests/iommu/iommufd_utils.h | 9 +- 212 files changed, 2312 insertions(+), 986 deletions(-)

2 months, 1 week

14
194
0 0

[merged mm-hotfixes-stable] mm-fix-the-inaccurate-memory-statistics-issue-for-users.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix the inaccurate memory statistics issue for users has been removed from the -mm tree. Its filename was mm-fix-the-inaccurate-memory-statistics-issue-for-users.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Subject: mm: fix the inaccurate memory statistics issue for users Date: Thu, 5 Jun 2025 20:58:29 +0800 On some large machines with a high number of CPUs running a 64K pagesize kernel, we found that the 'RES' field is always 0 displayed by the top command for some processes, which will cause a lot of confusion for users. PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 875525 root 20 0 12480 0 0 R 0.3 0.0 0:00.08 top 1 root 20 0 172800 0 0 S 0.0 0.0 0:04.52 systemd The main reason is that the batch size of the percpu counter is quite large on these machines, caching a significant percpu value, since converting mm's rss stats into percpu_counter by commit f1a7941243c1 ("mm: convert mm's rss stats into percpu_counter"). Intuitively, the batch number should be optimized, but on some paths, performance may take precedence over statistical accuracy. Therefore, introducing a new interface to add the percpu statistical count and display it to users, which can remove the confusion. In addition, this change is not expected to be on a performance-critical path, so the modification should be acceptable. In addition, the 'mm->rss_stat' is updated by using add_mm_counter() and dec/inc_mm_counter(), which are all wrappers around percpu_counter_add_batch(). In percpu_counter_add_batch(), there is percpu batch caching to avoid 'fbc->lock' contention. This patch changes task_mem() and task_statm() to get the accurate mm counters under the 'fbc->lock', but this should not exacerbate kernel 'mm->rss_stat' lock contention due to the percpu batch caching of the mm counters. The following test also confirm the theoretical analysis. I run the stress-ng that stresses anon page faults in 32 threads on my 32 cores machine, while simultaneously running a script that starts 32 threads to busy-loop pread each stress-ng thread's /proc/pid/status interface. From the following data, I did not observe any obvious impact of this patch on the stress-ng tests. w/o patch: stress-ng: info: [6848] 4,399,219,085,152 CPU Cycles 67.327 B/sec stress-ng: info: [6848] 1,616,524,844,832 Instructions 24.740 B/sec (0.367 instr. per cycle) stress-ng: info: [6848] 39,529,792 Page Faults Total 0.605 M/sec stress-ng: info: [6848] 39,529,792 Page Faults Minor 0.605 M/sec w/patch: stress-ng: info: [2485] 4,462,440,381,856 CPU Cycles 68.382 B/sec stress-ng: info: [2485] 1,615,101,503,296 Instructions 24.750 B/sec (0.362 instr. per cycle) stress-ng: info: [2485] 39,439,232 Page Faults Total 0.604 M/sec stress-ng: info: [2485] 39,439,232 Page Faults Minor 0.604 M/sec On comparing a very simple app which just allocates & touches some memory against v6.1 (which doesn't have f1a7941243c1) and latest Linus tree (4c06e63b9203) I can see that on latest Linus tree the values for VmRSS, RssAnon and RssFile from /proc/self/status are all zeroes while they do report values on v6.1 and a Linus tree with this patch. Link: https://lkml.kernel.org/r/f4586b17f66f97c174f7fd1f8647374fdb53de1c.17491190… Fixes: f1a7941243c1 ("mm: convert mm's rss stats into percpu_counter") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reviewed-by: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Tested-by: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Tested-by Donet Tom <donettom(a)linux.ibm.com> Acked-by: Shakeel Butt <shakeel.butt(a)linux.dev> Acked-by: SeongJae Park <sj(a)kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: David Hildenbrand <david(a)redhat.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 14 +++++++------- include/linux/mm.h | 5 +++++ 2 files changed, 12 insertions(+), 7 deletions(-) --- a/fs/proc/task_mmu.c~mm-fix-the-inaccurate-memory-statistics-issue-for-users +++ a/fs/proc/task_mmu.c @@ -36,9 +36,9 @@ void task_mem(struct seq_file *m, struct unsigned long text, lib, swap, anon, file, shmem; unsigned long hiwater_vm, total_vm, hiwater_rss, total_rss; - anon = get_mm_counter(mm, MM_ANONPAGES); - file = get_mm_counter(mm, MM_FILEPAGES); - shmem = get_mm_counter(mm, MM_SHMEMPAGES); + anon = get_mm_counter_sum(mm, MM_ANONPAGES); + file = get_mm_counter_sum(mm, MM_FILEPAGES); + shmem = get_mm_counter_sum(mm, MM_SHMEMPAGES); /* * Note: to minimize their overhead, mm maintains hiwater_vm and @@ -59,7 +59,7 @@ void task_mem(struct seq_file *m, struct text = min(text, mm->exec_vm << PAGE_SHIFT); lib = (mm->exec_vm << PAGE_SHIFT) - text; - swap = get_mm_counter(mm, MM_SWAPENTS); + swap = get_mm_counter_sum(mm, MM_SWAPENTS); SEQ_PUT_DEC("VmPeak:\t", hiwater_vm); SEQ_PUT_DEC(" kB\nVmSize:\t", total_vm); SEQ_PUT_DEC(" kB\nVmLck:\t", mm->locked_vm); @@ -92,12 +92,12 @@ unsigned long task_statm(struct mm_struc unsigned long *shared, unsigned long *text, unsigned long *data, unsigned long *resident) { - *shared = get_mm_counter(mm, MM_FILEPAGES) + - get_mm_counter(mm, MM_SHMEMPAGES); + *shared = get_mm_counter_sum(mm, MM_FILEPAGES) + + get_mm_counter_sum(mm, MM_SHMEMPAGES); *text = (PAGE_ALIGN(mm->end_code) - (mm->start_code & PAGE_MASK)) >> PAGE_SHIFT; *data = mm->data_vm + mm->stack_vm; - *resident = *shared + get_mm_counter(mm, MM_ANONPAGES); + *resident = *shared + get_mm_counter_sum(mm, MM_ANONPAGES); return mm->total_vm; } --- a/include/linux/mm.h~mm-fix-the-inaccurate-memory-statistics-issue-for-users +++ a/include/linux/mm.h @@ -2568,6 +2568,11 @@ static inline unsigned long get_mm_count return percpu_counter_read_positive(&mm->rss_stat[member]); } +static inline unsigned long get_mm_counter_sum(struct mm_struct *mm, int member) +{ + return percpu_counter_sum_positive(&mm->rss_stat[member]); +} + void mm_trace_rss_stat(struct mm_struct *mm, int member); static inline void add_mm_counter(struct mm_struct *mm, int member, long value) _ Patches currently in -mm which might be from baolin.wang(a)linux.alibaba.com are selftests-khugepaged-fix-the-shmem-collapse-failure.patch selftests-mm-add-shmem-collapse-as-a-default-test-item.patch mm-huge_memory-fix-the-check-for-allowed-huge-orders-in-shmem.patch khugepaged-allow-khugepaged-to-check-all-anonymous-mthp-orders.patch khugepaged-kick-khugepaged-for-enabling-none-pmd-sized-mthps.patch mm-fault-in-complete-folios-instead-of-individual-pages-for-tmpfs.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-fix-divide-by-zero-in-damon_get_intervals_score.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon: fix divide by zero in damon_get_intervals_score() has been removed from the -mm tree. Its filename was mm-damon-fix-divide-by-zero-in-damon_get_intervals_score.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: mm/damon: fix divide by zero in damon_get_intervals_score() Date: Wed, 2 Jul 2025 09:02:04 +0900 The current implementation allows having zero size regions with no special reasons, but damon_get_intervals_score() gets crashed by divide by zero when the region size is zero. [ 29.403950] Oops: divide error: 0000 [#1] SMP NOPTI This patch fixes the bug, but does not disallow zero size regions to keep the backward compatibility since disallowing zero size regions might be a breaking change for some users. In addition, the same crash can happen when intervals_goal.access_bp is zero so this should be fixed in stable trees as well. Link: https://lkml.kernel.org/r/20250702000205.1921-5-honggyu.kim@sk.com Fixes: f04b0fedbe71 ("mm/damon/core: implement intervals auto-tuning") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/core.c~mm-damon-fix-divide-by-zero-in-damon_get_intervals_score +++ a/mm/damon/core.c @@ -1449,6 +1449,7 @@ static unsigned long damon_get_intervals } } target_access_events = max_access_events * goal_bp / 10000; + target_access_events = target_access_events ? : 1; return access_events * 10000 / target_access_events; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-mtier-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample mtier for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-mtier-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample mtier for start failure Date: Wed, 2 Jul 2025 09:02:03 +0900 The damon_sample_mtier_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the similar crash with mtier because damon sample start failed but the "enable" stays as Y. Link: https://lkml.kernel.org/r/20250702000205.1921-4-honggyu.kim@sk.com Fixes: 82a08bde3cf7 ("samples/damon: implement a DAMON module for memory tiering") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/mtier.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/mtier.c~samples-damon-fix-damon-sample-mtier-for-start-failure +++ a/samples/damon/mtier.c @@ -164,8 +164,12 @@ static int damon_sample_mtier_enable_sto if (enable == enabled) return 0; - if (enable) - return damon_sample_mtier_start(); + if (enable) { + err = damon_sample_mtier_start(); + if (err) + enable = false; + return err; + } damon_sample_mtier_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-wsse-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample wsse for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-wsse-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample wsse for start failure Date: Wed, 2 Jul 2025 09:02:02 +0900 The damon_sample_wsse_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the similar crash with wsse because damon sample start failed but the "enable" stays as Y. Link: https://lkml.kernel.org/r/20250702000205.1921-3-honggyu.kim@sk.com Fixes: b757c6cfc696 ("samples/damon/wsse: start and stop DAMON as the user requests") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/wsse.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/wsse.c~samples-damon-fix-damon-sample-wsse-for-start-failure +++ a/samples/damon/wsse.c @@ -102,8 +102,12 @@ static int damon_sample_wsse_enable_stor if (enable == enabled) return 0; - if (enable) - return damon_sample_wsse_start(); + if (enable) { + err = damon_sample_wsse_start(); + if (err) + enable = false; + return err; + } damon_sample_wsse_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] samples-damon-fix-damon-sample-prcl-for-start-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: samples/damon: fix damon sample prcl for start failure has been removed from the -mm tree. Its filename was samples-damon-fix-damon-sample-prcl-for-start-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Honggyu Kim <honggyu.kim(a)sk.com> Subject: samples/damon: fix damon sample prcl for start failure Date: Wed, 2 Jul 2025 09:02:01 +0900 Patch series "mm/damon: fix divide by zero and its samples", v3. This series includes fixes against damon and its samples to make it safer when damon sample starting fails. It includes the following changes. - fix unexpected divide by zero crash for zero size regions - fix bugs for damon samples in case of start failures This patch (of 4): The damon_sample_prcl_start() can fail so we must reset the "enable" parameter to "false" again for proper rollback. In such cases, setting Y to "enable" then N triggers the following crash because damon sample start failed but the "enable" stays as Y. [ 2441.419649] damon_sample_prcl: start [ 2454.146817] damon_sample_prcl: stop [ 2454.146862] ------------[ cut here ]------------ [ 2454.146865] kernel BUG at mm/slub.c:546! [ 2454.148183] Oops: invalid opcode: 0000 [#1] SMP NOPTI ... [ 2454.167555] Call Trace: [ 2454.167822] <TASK> [ 2454.168061] damon_destroy_ctx+0x78/0x140 [ 2454.168454] damon_sample_prcl_enable_store+0x8d/0xd0 [ 2454.168932] param_attr_store+0xa1/0x120 [ 2454.169315] module_attr_store+0x20/0x50 [ 2454.169695] sysfs_kf_write+0x72/0x90 [ 2454.170065] kernfs_fop_write_iter+0x150/0x1e0 [ 2454.170491] vfs_write+0x315/0x440 [ 2454.170833] ksys_write+0x69/0xf0 [ 2454.171162] __x64_sys_write+0x19/0x30 [ 2454.171525] x64_sys_call+0x18b2/0x2700 [ 2454.171900] do_syscall_64+0x7f/0x680 [ 2454.172258] ? exit_to_user_mode_loop+0xf6/0x180 [ 2454.172694] ? clear_bhb_loop+0x30/0x80 [ 2454.173067] ? clear_bhb_loop+0x30/0x80 [ 2454.173439] entry_SYSCALL_64_after_hwframe+0x76/0x7e Link: https://lkml.kernel.org/r/20250702000205.1921-1-honggyu.kim@sk.com Link: https://lkml.kernel.org/r/20250702000205.1921-2-honggyu.kim@sk.com Fixes: 2aca254620a8 ("samples/damon: introduce a skeleton of a smaple DAMON module for proactive reclamation") Signed-off-by: Honggyu Kim <honggyu.kim(a)sk.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- samples/damon/prcl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/samples/damon/prcl.c~samples-damon-fix-damon-sample-prcl-for-start-failure +++ a/samples/damon/prcl.c @@ -122,8 +122,12 @@ static int damon_sample_prcl_enable_stor if (enable == enabled) return 0; - if (enable) - return damon_sample_prcl_start(); + if (enable) { + err = damon_sample_prcl_start(); + if (err) + enable = false; + return err; + } damon_sample_prcl_stop(); return 0; } _ Patches currently in -mm which might be from honggyu.kim(a)sk.com are samples-damon-change-enable-parameters-to-enabled.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kasan: remove kasan_find_vm_area() to prevent possible deadlock has been removed from the -mm tree. Its filename was kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yeoreum Yun <yeoreum.yun(a)arm.com> Subject: kasan: remove kasan_find_vm_area() to prevent possible deadlock Date: Thu, 3 Jul 2025 19:10:18 +0100 find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock! To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). Link: https://lkml.kernel.org/r/20250703181018.580833-1-yeoreum.yun@arm.com Fixes: c056a364e954 ("kasan: print virtual mapping info in reports") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Reported-by: Yunseong Kim <ysk(a)kzalloc.com> Reviewed-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Byungchul Park <byungchul(a)sk.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/report.c | 45 +------------------------------------------- 1 file changed, 2 insertions(+), 43 deletions(-) --- a/mm/kasan/report.c~kasan-remove-kasan_find_vm_area-to-prevent-possible-deadlock +++ a/mm/kasan/report.c @@ -370,36 +370,6 @@ static inline bool init_task_stack_addr( sizeof(init_thread_union.stack)); } -/* - * This function is invoked with report_lock (a raw_spinlock) held. A - * PREEMPT_RT kernel cannot call find_vm_area() as it will acquire a sleeping - * rt_spinlock. - * - * For !RT kernel, the PROVE_RAW_LOCK_NESTING config option will print a - * lockdep warning for this raw_spinlock -> spinlock dependency. This config - * option is enabled by default to ensure better test coverage to expose this - * kind of RT kernel problem. This lockdep splat, however, can be suppressed - * by using DEFINE_WAIT_OVERRIDE_MAP() if it serves a useful purpose and the - * invalid PREEMPT_RT case has been taken care of. - */ -static inline struct vm_struct *kasan_find_vm_area(void *addr) -{ - static DEFINE_WAIT_OVERRIDE_MAP(vmalloc_map, LD_WAIT_SLEEP); - struct vm_struct *va; - - if (IS_ENABLED(CONFIG_PREEMPT_RT)) - return NULL; - - /* - * Suppress lockdep warning and fetch vmalloc area of the - * offending address. - */ - lock_map_acquire_try(&vmalloc_map); - va = find_vm_area(addr); - lock_map_release(&vmalloc_map); - return va; -} - static void print_address_description(void *addr, u8 tag, struct kasan_report_info *info) { @@ -429,19 +399,8 @@ static void print_address_description(vo } if (is_vmalloc_addr(addr)) { - struct vm_struct *va = kasan_find_vm_area(addr); - - if (va) { - pr_err("The buggy address belongs to the virtual mapping at\n" - " [%px, %px) created by:\n" - " %pS\n", - va->addr, va->addr + va->size, va->caller); - pr_err("\n"); - - page = vmalloc_to_page(addr); - } else { - pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); - } + pr_err("The buggy address %px belongs to a vmalloc virtual mapping\n", addr); + page = vmalloc_to_page(addr); } if (page) { _ Patches currently in -mm which might be from yeoreum.yun(a)arm.com are

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-vfs-support-external-dentry-names.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts: gdb: vfs: support external dentry names has been removed from the -mm tree. Its filename was scripts-gdb-vfs-support-external-dentry-names.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Illia Ostapyshyn <illia(a)yshyn.com> Subject: scripts: gdb: vfs: support external dentry names Date: Sun, 29 Jun 2025 02:38:11 +0200 d_shortname of struct dentry only reserves D_NAME_INLINE_LEN characters and contains garbage for longer names. Use d_name instead, which always references the valid name. Link: https://lore.kernel.org/all/20250525213709.878287-2-illia@yshyn.com/ Link: https://lkml.kernel.org/r/20250629003811.2420418-1-illia@yshyn.com Fixes: 79300ac805b6 ("scripts/gdb: fix dentry_name() lookup") Signed-off-by: Illia Ostapyshyn <illia(a)yshyn.com> Tested-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Reviewed-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jan Kara <jack(a)suse.cz> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/vfs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/vfs.py~scripts-gdb-vfs-support-external-dentry-names +++ a/scripts/gdb/linux/vfs.py @@ -22,7 +22,7 @@ def dentry_name(d): if parent == d or parent == 0: return "" p = dentry_name(d['d_parent']) + "/" - return p + d['d_shortname']['string'].string() + return p + d['d_name']['name'].string() class DentryName(gdb.Function): """Return string of the full path of a dentry. _ Patches currently in -mm which might be from illia(a)yshyn.com are

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: handle damon_call_control as normal under kdmond deactivation has been removed from the -mm tree. Its filename was mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: handle damon_call_control as normal under kdmond deactivation Date: Sun, 29 Jun 2025 13:49:14 -0700 DAMON sysfs interface internally uses damon_call() to update DAMON parameters as users requested, online. However, DAMON core cancels any damon_call() requests when it is deactivated by DAMOS watermarks. As a result, users cannot change DAMON parameters online while DAMON is deactivated. Note that users can turn DAMON off and on with different watermarks to work around. Since deactivated DAMON is nearly same to stopped DAMON, the work around should have no big problem. Anyway, a bug is a bug. There is no real good reason to cancel the damon_call() request under DAMOS deactivation. Fix it by simply handling the request as normal, rather than cancelling under the situation. Link: https://lkml.kernel.org/r/20250629204914.54114-1-sj@kernel.org Fixes: 42b7491af14c ("mm/damon/core: introduce damon_call()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.14+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/damon/core.c~mm-damon-core-handle-damon_call_control-as-normal-under-kdmond-deactivation +++ a/mm/damon/core.c @@ -2355,9 +2355,8 @@ static void kdamond_usleep(unsigned long * * If there is a &struct damon_call_control request that registered via * &damon_call() on @ctx, do or cancel the invocation of the function depending - * on @cancel. @cancel is set when the kdamond is deactivated by DAMOS - * watermarks, or the kdamond is already out of the main loop and therefore - * will be terminated. + * on @cancel. @cancel is set when the kdamond is already out of the main loop + * and therefore will be terminated. */ static void kdamond_call(struct damon_ctx *ctx, bool cancel) { @@ -2405,7 +2404,7 @@ static int kdamond_wait_activation(struc if (ctx->callback.after_wmarks_check && ctx->callback.after_wmarks_check(ctx)) break; - kdamond_call(ctx, true); + kdamond_call(ctx, false); damos_walk_cancel(ctx); } return -EBUSY; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-introduce-damon_stat-module.patch mm-damon-introduce-damon_stat-module-fix.patch mm-damon-introduce-damon_stat-module-fix-2.patch mm-damon-stat-calculate-and-expose-estimated-memory-bandwidth.patch mm-damon-stat-calculate-and-expose-idle-time-percentiles.patch docs-admin-guide-mm-damon-add-damon_stat-usage-document.patch mm-damon-paddr-use-alloc_migartion_target-with-no-migration-fallback-nodemask.patch revert-mm-rename-alloc_demote_folio-to-alloc_migrate_folio.patch revert-mm-make-alloc_demote_folio-externally-invokable-for-migration.patch selftets-damon-add-a-test-for-memcg_path-leak.patch mm-damon-sysfs-schemes-decouple-from-damos_quota_goal_metric.patch mm-damon-sysfs-schemes-decouple-from-damos_action.patch mm-damon-sysfs-schemes-decouple-from-damos_wmark_metric.patch mm-damon-sysfs-schemes-decouple-from-damos_filter_type.patch mm-damon-sysfs-decouple-from-damon_ops_id.patch selftests-damon-add-drgn-script-for-extracting-damon-status.patch selftests-damon-_damon_sysfs-set-kdamondpid-in-start.patch selftests-damon-add-python-and-drgn-based-damon-sysfs-test.patch selftests-damon-sysfspy-test-monitoring-attribute-parameters.patch selftests-damon-sysfspy-test-adaptive-targets-parameter.patch selftests-damon-sysfspy-test-damos-schemes-parameters-setup.patch mm-damon-add-trace-event-for-auto-tuned-monitoring-intervals.patch mm-damon-add-trace-event-for-effective-size-quota.patch mm-damon-add-trace-event-for-effective-size-quota-fix.patch mm-damon-add-trace-event-for-effective-size-quota-fix-2.patch samples-damon-wsse-fix-boot-time-enable-handling.patch samples-damon-prcl-fix-boot-time-enable-crash.patch samples-damon-mtier-support-boot-time-enable-setup.patch mm-damon-reclaim-reset-enabled-when-damon-start-failed.patch mm-damon-lru_sort-reset-enabled-when-damon-start-failed.patch mm-damon-reclaim-use-parameter-context-correctly.patch samples-damon-wsse-rename-to-have-damon_sample_-prefix.patch samples-damon-prcl-rename-to-have-damon_sample_-prefix.patch samples-damon-mtier-rename-to-have-damon_sample_-prefix.patch mm-damon-sysfs-use-damon-core-api-damon_is_running.patch mm-damon-sysfs-dont-hold-kdamond_lock-in-before_terminate.patch docs-mm-damon-maintainer-profile-update-for-mm-new-tree.patch mm-damon-add-struct-damos_migrate_dests.patch mm-damon-core-add-damos-migrate_dests-field.patch mm-damon-sysfs-schemes-implement-damos-action-destinations-directory.patch mm-damon-sysfs-schemes-set-damos-migrate_dests.patch docs-abi-damon-document-schemes-dests-directory.patch docs-admin-guide-mm-damon-usage-document-dests-directory.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap has been removed from the -mm tree. Its filename was mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lance Yang <lance.yang(a)linux.dev> Subject: mm/rmap: fix potential out-of-bounds page table access during batched unmap Date: Fri, 27 Jun 2025 14:23:19 +0800 As pointed out by David[1], the batched unmap logic in try_to_unmap_one() may read past the end of a PTE table when a large folio's PTE mappings are not fully contained within a single page table. While this scenario might be rare, an issue triggerable from userspace must be fixed regardless of its likelihood. This patch fixes the out-of-bounds access by refactoring the logic into a new helper, folio_unmap_pte_batch(). The new helper correctly calculates the safe batch size by capping the scan at both the VMA and PMD boundaries. To simplify the code, it also supports partial batching (i.e., any number of pages from 1 up to the calculated safe maximum), as there is no strong reason to special-case for fully mapped folios. Link: https://lkml.kernel.org/r/20250701143100.6970-1-lance.yang@linux.dev Link: https://lkml.kernel.org/r/20250630011305.23754-1-lance.yang@linux.dev Link: https://lkml.kernel.org/r/20250627062319.84936-1-lance.yang@linux.dev Link: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… [1] Fixes: 354dffd29575 ("mm: support batched unmap for lazyfree large folios during reclamation") Signed-off-by: Lance Yang <lance.yang(a)linux.dev> Suggested-by: David Hildenbrand <david(a)redhat.com> Reported-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/linux-mm/a694398c-9f03-4737-81b9-7e49c857fcbe@redha… Suggested-by: Barry Song <baohua(a)kernel.org> Acked-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <huang.ying.caritas(a)gmail.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Lance Yang <lance.yang(a)linux.dev> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Mingzhe Yang <mingzhe.yang(a)ly.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Tangquan Zheng <zhengtangquan(a)oppo.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/rmap.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) --- a/mm/rmap.c~mm-rmap-fix-potential-out-of-bounds-page-table-access-during-batched-unmap +++ a/mm/rmap.c @@ -1845,23 +1845,32 @@ void folio_remove_rmap_pud(struct folio #endif } -/* We support batch unmapping of PTEs for lazyfree large folios */ -static inline bool can_batch_unmap_folio_ptes(unsigned long addr, - struct folio *folio, pte_t *ptep) +static inline unsigned int folio_unmap_pte_batch(struct folio *folio, + struct page_vma_mapped_walk *pvmw, + enum ttu_flags flags, pte_t pte) { const fpb_t fpb_flags = FPB_IGNORE_DIRTY | FPB_IGNORE_SOFT_DIRTY; - int max_nr = folio_nr_pages(folio); - pte_t pte = ptep_get(ptep); + unsigned long end_addr, addr = pvmw->address; + struct vm_area_struct *vma = pvmw->vma; + unsigned int max_nr; + + if (flags & TTU_HWPOISON) + return 1; + if (!folio_test_large(folio)) + return 1; + + /* We may only batch within a single VMA and a single page table. */ + end_addr = pmd_addr_end(addr, vma->vm_end); + max_nr = (end_addr - addr) >> PAGE_SHIFT; + /* We only support lazyfree batching for now ... */ if (!folio_test_anon(folio) || folio_test_swapbacked(folio)) - return false; + return 1; if (pte_unused(pte)) - return false; - if (pte_pfn(pte) != folio_pfn(folio)) - return false; + return 1; - return folio_pte_batch(folio, addr, ptep, pte, max_nr, fpb_flags, NULL, - NULL, NULL) == max_nr; + return folio_pte_batch(folio, addr, pvmw->pte, pte, max_nr, fpb_flags, + NULL, NULL, NULL); } /* @@ -2024,9 +2033,7 @@ static bool try_to_unmap_one(struct foli if (pte_dirty(pteval)) folio_mark_dirty(folio); } else if (likely(pte_present(pteval))) { - if (folio_test_large(folio) && !(flags & TTU_HWPOISON) && - can_batch_unmap_folio_ptes(address, folio, pvmw.pte)) - nr_pages = folio_nr_pages(folio); + nr_pages = folio_unmap_pte_batch(folio, &pvmw, flags, pteval); end_addr = address + nr_pages * PAGE_SIZE; flush_cache_range(vma, address, end_addr); @@ -2206,13 +2213,16 @@ discard: hugetlb_remove_rmap(folio); } else { folio_remove_rmap_ptes(folio, subpage, nr_pages, vma); - folio_ref_sub(folio, nr_pages - 1); } if (vma->vm_flags & VM_LOCKED) mlock_drain_local(); - folio_put(folio); - /* We have already batched the entire folio */ - if (nr_pages > 1) + folio_put_refs(folio, nr_pages); + + /* + * If we are sure that we batched the entire folio and cleared + * all PTEs, we can just optimize and stop right here. + */ + if (nr_pages == folio_nr_pages(folio)) goto walk_done; continue; walk_abort: _ Patches currently in -mm which might be from lance.yang(a)linux.dev are locking-rwsem-make-owner-helpers-globally-available.patch hung_task-extend-hung-task-blocker-tracking-to-rwsems.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-de-reference-per-cpu-mce-interrupts.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: de-reference per-CPU MCE interrupts has been removed from the -mm tree. Its filename was scripts-gdb-de-reference-per-cpu-mce-interrupts.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: de-reference per-CPU MCE interrupts Date: Mon, 23 Jun 2025 20:00:19 -0700 The per-CPU MCE interrupts are looked up by reference and need to be de-referenced before printing, otherwise we print the addresses of the variables instead of their contents: MCE: 18379471554386948492 Machine check exceptions MCP: 18379471554386948488 Machine check polls The corrected output looks like this instead now: MCE: 0 Machine check exceptions MCP: 1 Machine check polls Link: https://lkml.kernel.org/r/20250625021109.1057046-1-florian.fainelli@broadco… Link: https://lkml.kernel.org/r/20250624030020.882472-1-florian.fainelli@broadcom… Fixes: b0969d7687a7 ("scripts/gdb: print interrupts") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/interrupts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-de-reference-per-cpu-mce-interrupts +++ a/scripts/gdb/linux/interrupts.py @@ -110,7 +110,7 @@ def x86_show_mce(prec, var, pfx, desc): pvar = gdb.parse_and_eval(var) text = "%*s: " % (prec, pfx) for cpu in cpus.each_online_cpu(): - text += "%10u " % (cpus.per_cpu(pvar, cpu)) + text += "%10u " % (cpus.per_cpu(pvar, cpu).dereference()) text += " %s\n" % (desc) return text _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-fix-interruptspy-after-maple-tree-conversion.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: fix interrupts.py after maple tree conversion has been removed from the -mm tree. Its filename was scripts-gdb-fix-interruptspy-after-maple-tree-conversion.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix interrupts.py after maple tree conversion Date: Tue, 24 Jun 2025 19:10:20 -0700 In commit 721255b9826b ("genirq: Use a maple tree for interrupt descriptor management"), the irq_desc_tree was replaced with a sparse_irqs tree using a maple tree structure. Since the script looked for the irq_desc_tree symbol which is no longer available, no interrupts would be printed and the script output would not be useful anymore. In addition to looking up the correct symbol (sparse_irqs), a new module (mapletree.py) is added whose mtree_load() implementation is largely copied after the C version and uses the same variable and intermediate function names wherever possible to ensure that both the C and Python version be updated in the future. This restores the scripts' output to match that of /proc/interrupts. Link: https://lkml.kernel.org/r/20250625021020.1056930-1-florian.fainelli@broadco… Fixes: 721255b9826b ("genirq: Use a maple tree for interrupt descriptor management") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: Shanker Donthineni <sdonthineni(a)nvidia.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/constants.py.in | 7 scripts/gdb/linux/interrupts.py | 12 - scripts/gdb/linux/mapletree.py | 252 ++++++++++++++++++++++++++++ scripts/gdb/linux/xarray.py | 28 +++ 4 files changed, 293 insertions(+), 6 deletions(-) --- a/scripts/gdb/linux/constants.py.in~scripts-gdb-fix-interruptspy-after-maple-tree-conversion +++ a/scripts/gdb/linux/constants.py.in @@ -20,6 +20,7 @@ #include <linux/of_fdt.h> #include <linux/page_ext.h> #include <linux/radix-tree.h> +#include <linux/maple_tree.h> #include <linux/slab.h> #include <linux/threads.h> #include <linux/vmalloc.h> @@ -93,6 +94,12 @@ LX_GDBPARSED(RADIX_TREE_MAP_SIZE) LX_GDBPARSED(RADIX_TREE_MAP_SHIFT) LX_GDBPARSED(RADIX_TREE_MAP_MASK) +/* linux/maple_tree.h */ +LX_VALUE(MAPLE_NODE_SLOTS) +LX_VALUE(MAPLE_RANGE64_SLOTS) +LX_VALUE(MAPLE_ARANGE64_SLOTS) +LX_GDBPARSED(MAPLE_NODE_MASK) + /* linux/vmalloc.h */ LX_VALUE(VM_IOREMAP) LX_VALUE(VM_ALLOC) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-fix-interruptspy-after-maple-tree-conversion +++ a/scripts/gdb/linux/interrupts.py @@ -7,7 +7,7 @@ import gdb from linux import constants from linux import cpus from linux import utils -from linux import radixtree +from linux import mapletree irq_desc_type = utils.CachedType("struct irq_desc") @@ -23,12 +23,12 @@ def irqd_is_level(desc): def show_irq_desc(prec, irq): text = "" - desc = radixtree.lookup(gdb.parse_and_eval("&irq_desc_tree"), irq) + desc = mapletree.mtree_load(gdb.parse_and_eval("&sparse_irqs"), irq) if desc is None: return text - desc = desc.cast(irq_desc_type.get_type()) - if desc is None: + desc = desc.cast(irq_desc_type.get_type().pointer()) + if desc == 0: return text if irq_settings_is_hidden(desc): @@ -221,8 +221,8 @@ class LxInterruptList(gdb.Command): gdb.write("CPU%-8d" % cpu) gdb.write("\n") - if utils.gdb_eval_or_none("&irq_desc_tree") is None: - return + if utils.gdb_eval_or_none("&sparse_irqs") is None: + raise gdb.GdbError("Unable to find the sparse IRQ tree, is CONFIG_SPARSE_IRQ enabled?") for irq in range(nr_irqs): gdb.write(show_irq_desc(prec, irq)) diff --git a/scripts/gdb/linux/mapletree.py a/scripts/gdb/linux/mapletree.py new file mode 100644 --- /dev/null +++ a/scripts/gdb/linux/mapletree.py @@ -0,0 +1,252 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Maple tree helpers +# +# Copyright (c) 2025 Broadcom +# +# Authors: +# Florian Fainelli <florian.fainelli(a)broadcom.com> + +import gdb + +from linux import utils +from linux import constants +from linux import xarray + +maple_tree_root_type = utils.CachedType("struct maple_tree") +maple_node_type = utils.CachedType("struct maple_node") +maple_enode_type = utils.CachedType("void") + +maple_dense = 0 +maple_leaf_64 = 1 +maple_range_64 = 2 +maple_arange_64 = 3 + +class Mas(object): + ma_active = 0 + ma_start = 1 + ma_root = 2 + ma_none = 3 + ma_pause = 4 + ma_overflow = 5 + ma_underflow = 6 + ma_error = 7 + + def __init__(self, mt, first, end): + if mt.type == maple_tree_root_type.get_type().pointer(): + self.tree = mt.dereference() + elif mt.type != maple_tree_root_type.get_type(): + raise gdb.GdbError("must be {} not {}" + .format(maple_tree_root_type.get_type().pointer(), mt.type)) + self.tree = mt + self.index = first + self.last = end + self.node = None + self.status = self.ma_start + self.min = 0 + self.max = -1 + + def is_start(self): + # mas_is_start() + return self.status == self.ma_start + + def is_ptr(self): + # mas_is_ptr() + return self.status == self.ma_root + + def is_none(self): + # mas_is_none() + return self.status == self.ma_none + + def root(self): + # mas_root() + return self.tree['ma_root'].cast(maple_enode_type.get_type().pointer()) + + def start(self): + # mas_start() + if self.is_start() is False: + return None + + self.min = 0 + self.max = ~0 + + while True: + self.depth = 0 + root = self.root() + if xarray.xa_is_node(root): + self.depth = 0 + self.status = self.ma_active + self.node = mte_safe_root(root) + self.offset = 0 + if mte_dead_node(self.node) is True: + continue + + return None + + self.node = None + # Empty tree + if root is None: + self.status = self.ma_none + self.offset = constants.LX_MAPLE_NODE_SLOTS + return None + + # Single entry tree + self.status = self.ma_root + self.offset = constants.LX_MAPLE_NODE_SLOTS + + if self.index != 0: + return None + + return root + + return None + + def reset(self): + # mas_reset() + self.status = self.ma_start + self.node = None + +def mte_safe_root(node): + if node.type != maple_enode_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(mte_safe_root.__name__, maple_enode_type.get_type().pointer(), node.type)) + ulong_type = utils.get_ulong_type() + indirect_ptr = node.cast(ulong_type) & ~0x2 + val = indirect_ptr.cast(maple_enode_type.get_type().pointer()) + return val + +def mte_node_type(entry): + ulong_type = utils.get_ulong_type() + val = None + if entry.type == maple_enode_type.get_type().pointer(): + val = entry.cast(ulong_type) + elif entry.type == ulong_type: + val = entry + else: + raise gdb.GdbError("{} must be {} not {}" + .format(mte_node_type.__name__, maple_enode_type.get_type().pointer(), entry.type)) + return (val >> 0x3) & 0xf + +def ma_dead_node(node): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(ma_dead_node.__name__, maple_node_type.get_type().pointer(), node.type)) + ulong_type = utils.get_ulong_type() + parent = node['parent'] + indirect_ptr = node['parent'].cast(ulong_type) & ~constants.LX_MAPLE_NODE_MASK + return indirect_ptr == node + +def mte_to_node(enode): + ulong_type = utils.get_ulong_type() + if enode.type == maple_enode_type.get_type().pointer(): + indirect_ptr = enode.cast(ulong_type) + elif enode.type == ulong_type: + indirect_ptr = enode + else: + raise gdb.GdbError("{} must be {} not {}" + .format(mte_to_node.__name__, maple_enode_type.get_type().pointer(), enode.type)) + indirect_ptr = indirect_ptr & ~constants.LX_MAPLE_NODE_MASK + return indirect_ptr.cast(maple_node_type.get_type().pointer()) + +def mte_dead_node(enode): + if enode.type != maple_enode_type.get_type().pointer(): + raise gdb.GdbError("{} must be {} not {}" + .format(mte_dead_node.__name__, maple_enode_type.get_type().pointer(), enode.type)) + node = mte_to_node(enode) + return ma_dead_node(node) + +def ma_is_leaf(tp): + result = tp < maple_range_64 + return tp < maple_range_64 + +def mt_pivots(t): + if t == maple_dense: + return 0 + elif t == maple_leaf_64 or t == maple_range_64: + return constants.LX_MAPLE_RANGE64_SLOTS - 1 + elif t == maple_arange_64: + return constants.LX_MAPLE_ARANGE64_SLOTS - 1 + +def ma_pivots(node, t): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{}: must be {} not {}" + .format(ma_pivots.__name__, maple_node_type.get_type().pointer(), node.type)) + if t == maple_arange_64: + return node['ma64']['pivot'] + elif t == maple_leaf_64 or t == maple_range_64: + return node['mr64']['pivot'] + else: + return None + +def ma_slots(node, tp): + if node.type != maple_node_type.get_type().pointer(): + raise gdb.GdbError("{}: must be {} not {}" + .format(ma_slots.__name__, maple_node_type.get_type().pointer(), node.type)) + if tp == maple_arange_64: + return node['ma64']['slot'] + elif tp == maple_range_64 or tp == maple_leaf_64: + return node['mr64']['slot'] + elif tp == maple_dense: + return node['slot'] + else: + return None + +def mt_slot(mt, slots, offset): + ulong_type = utils.get_ulong_type() + return slots[offset].cast(ulong_type) + +def mtree_lookup_walk(mas): + ulong_type = utils.get_ulong_type() + n = mas.node + + while True: + node = mte_to_node(n) + tp = mte_node_type(n) + pivots = ma_pivots(node, tp) + end = mt_pivots(tp) + offset = 0 + while True: + if pivots[offset] >= mas.index: + break + if offset >= end: + break + offset += 1 + + slots = ma_slots(node, tp) + n = mt_slot(mas.tree, slots, offset) + if ma_dead_node(node) is True: + mas.reset() + return None + break + + if ma_is_leaf(tp) is True: + break + + return n + +def mtree_load(mt, index): + ulong_type = utils.get_ulong_type() + # MT_STATE(...) + mas = Mas(mt, index, index) + entry = None + + while True: + entry = mas.start() + if mas.is_none(): + return None + + if mas.is_ptr(): + if index != 0: + entry = None + return entry + + entry = mtree_lookup_walk(mas) + if entry is None and mas.is_start(): + continue + else: + break + + if xarray.xa_is_zero(entry): + return None + + return entry diff --git a/scripts/gdb/linux/xarray.py a/scripts/gdb/linux/xarray.py new file mode 100644 --- /dev/null +++ a/scripts/gdb/linux/xarray.py @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Xarray helpers +# +# Copyright (c) 2025 Broadcom +# +# Authors: +# Florian Fainelli <florian.fainelli(a)broadcom.com> + +import gdb + +from linux import utils +from linux import constants + +def xa_is_internal(entry): + ulong_type = utils.get_ulong_type() + return ((entry.cast(ulong_type) & 3) == 2) + +def xa_mk_internal(v): + return ((v << 2) | 2) + +def xa_is_zero(entry): + ulong_type = utils.get_ulong_type() + return entry.cast(ulong_type) == xa_mk_internal(257) + +def xa_is_node(entry): + ulong_type = utils.get_ulong_type() + return xa_is_internal(entry) and (entry.cast(ulong_type) > 4096) _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-fix-mt_destroy_walk-on-root-leaf-node.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: fix mt_destroy_walk() on root leaf node has been removed from the -mm tree. Its filename was maple_tree-fix-mt_destroy_walk-on-root-leaf-node.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wei Yang <richard.weiyang(a)gmail.com> Subject: maple_tree: fix mt_destroy_walk() on root leaf node Date: Tue, 24 Jun 2025 15:18:40 -0400 On destroy, we should set each node dead. But current code miss this when the maple tree has only the root node. The reason is mt_destroy_walk() leverage mte_destroy_descend() to set node dead, but this is skipped since the only root node is a leaf. Fixes this by setting the node dead if it is a leaf. Link: https://lore.kernel.org/all/20250407231354.11771-1-richard.weiyang@gmail.co… Link: https://lkml.kernel.org/r/20250624191841.64682-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reviewed-by: Dev Jain <dev.jain(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 1 + 1 file changed, 1 insertion(+) --- a/lib/maple_tree.c~maple_tree-fix-mt_destroy_walk-on-root-leaf-node +++ a/lib/maple_tree.c @@ -5319,6 +5319,7 @@ static void mt_destroy_walk(struct maple struct maple_enode *start; if (mte_is_leaf(enode)) { + mte_set_node_dead(enode); node->type = mte_node_type(enode); goto free_leaf; } _ Patches currently in -mm which might be from richard.weiyang(a)gmail.com are mm-migrate-remove-the-eexist-conversion-for-move_pages.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vmalloc: leave lazy MMU mode on PTE mapping error has been removed from the -mm tree. Its filename was mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: mm/vmalloc: leave lazy MMU mode on PTE mapping error Date: Mon, 23 Jun 2025 09:57:21 +0200 vmap_pages_pte_range() enters the lazy MMU mode, but fails to leave it in case an error is encountered. Link: https://lkml.kernel.org/r/20250623075721.2817094-1-agordeev@linux.ibm.com Fixes: 2ba3e6947aed ("mm/vmalloc: track which page-table levels were modified") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/r/202506132017.T1l1l6ME-lkp@intel.com/ Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-leave-lazy-mmu-mode-on-pte-mapping-error +++ a/mm/vmalloc.c @@ -514,6 +514,7 @@ static int vmap_pages_pte_range(pmd_t *p unsigned long end, pgprot_t prot, struct page **pages, int *nr, pgtbl_mod_mask *mask) { + int err = 0; pte_t *pte; /* @@ -530,12 +531,18 @@ static int vmap_pages_pte_range(pmd_t *p do { struct page *page = pages[*nr]; - if (WARN_ON(!pte_none(ptep_get(pte)))) - return -EBUSY; - if (WARN_ON(!page)) - return -ENOMEM; - if (WARN_ON(!pfn_valid(page_to_pfn(page)))) - return -EINVAL; + if (WARN_ON(!pte_none(ptep_get(pte)))) { + err = -EBUSY; + break; + } + if (WARN_ON(!page)) { + err = -ENOMEM; + break; + } + if (WARN_ON(!pfn_valid(page_to_pfn(page)))) { + err = -EINVAL; + break; + } set_pte_at(&init_mm, addr, pte, mk_pte(page, prot)); (*nr)++; @@ -543,7 +550,8 @@ static int vmap_pages_pte_range(pmd_t *p arch_leave_lazy_mmu_mode(); *mask |= PGTBL_PTE_MODIFIED; - return 0; + + return err; } static int vmap_pages_pmd_range(pud_t *pud, unsigned long addr, _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] scripts-gdb-fix-interrupts-display-after-mcp-on-x86.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: scripts/gdb: fix interrupts display after MCP on x86 has been removed from the -mm tree. Its filename was scripts-gdb-fix-interrupts-display-after-mcp-on-x86.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix interrupts display after MCP on x86 Date: Mon, 23 Jun 2025 09:41:52 -0700 The text line would not be appended to as it should have, it should have been a '+=' but ended up being a '==', fix that. Link: https://lkml.kernel.org/r/20250623164153.746359-1-florian.fainelli@broadcom… Fixes: b0969d7687a7 ("scripts/gdb: print interrupts") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/interrupts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/interrupts.py~scripts-gdb-fix-interrupts-display-after-mcp-on-x86 +++ a/scripts/gdb/linux/interrupts.py @@ -142,7 +142,7 @@ def x86_show_interupts(prec): if constants.LX_CONFIG_X86_MCE: text += x86_show_mce(prec, "&mce_exception_count", "MCE", "Machine check exceptions") - text == x86_show_mce(prec, "&mce_poll_count", "MCP", "Machine check polls") + text += x86_show_mce(prec, "&mce_poll_count", "MCP", "Machine check polls") text += show_irq_err_count(prec) _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() has been removed from the -mm tree. Its filename was lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Harry Yoo <harry.yoo(a)oracle.com> Subject: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Date: Sat, 21 Jun 2025 04:53:05 +0900 alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock even when the alloc_tag_cttype is not allocated because: 1) alloc tagging is disabled because mem profiling is disabled (!alloc_tag_cttype) 2) alloc tagging is enabled, but not yet initialized (!alloc_tag_cttype) 3) alloc tagging is enabled, but failed initialization (!alloc_tag_cttype or IS_ERR(alloc_tag_cttype)) In all cases, alloc_tag_cttype is not allocated, and therefore alloc_tag_top_users() should not attempt to acquire the semaphore. This leads to a crash on memory allocation failure by attempting to acquire a non-existent semaphore: Oops: general protection fault, probably for non-canonical address 0xdffffc000000001b: 0000 [#3] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df] CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G D 6.16.0-rc2 #1 VOLUNTARY Tainted: [D]=DIE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:down_read_trylock+0xaa/0x3b0 Code: d0 7c 08 84 d2 0f 85 a0 02 00 00 8b 0d df 31 dd 04 85 c9 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 6b 68 48 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 88 02 00 00 48 3b 5b 68 0f 85 53 01 00 00 65 ff RSP: 0000:ffff8881002ce9b8 EFLAGS: 00010016 RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000000 RDX: 000000000000001b RSI: 000000000000000a RDI: 0000000000000070 RBP: 00000000000000d8 R08: 0000000000000001 R09: ffffed107dde49d1 R10: ffff8883eef24e8b R11: ffff8881002cec20 R12: 1ffff11020059d37 R13: 00000000003fff7b R14: ffff8881002cec20 R15: dffffc0000000000 FS: 00007f963f21d940(0000) GS:ffff888458ca6000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f963f5edf71 CR3: 000000010672c000 CR4: 0000000000350ef0 Call Trace: <TASK> codetag_trylock_module_list+0xd/0x20 alloc_tag_top_users+0x369/0x4b0 __show_mem+0x1cd/0x6e0 warn_alloc+0x2b1/0x390 __alloc_frozen_pages_noprof+0x12b9/0x21a0 alloc_pages_mpol+0x135/0x3e0 alloc_slab_page+0x82/0xe0 new_slab+0x212/0x240 ___slab_alloc+0x82a/0xe00 </TASK> As David Wang points out, this issue became easier to trigger after commit 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init"). Before the commit, the issue occurred only when it failed to allocate and initialize alloc_tag_cttype or if a memory allocation fails before alloc_tag_init() is called. After the commit, it can be easily triggered when memory profiling is compiled but disabled at boot. To properly determine whether alloc_tag_init() has been called and its data structures initialized, verify that alloc_tag_cttype is a valid pointer before acquiring the semaphore. If the variable is NULL or an error value, it has not been properly initialized. In such a case, just skip and do not attempt to acquire the semaphore. [harry.yoo(a)oracle.com: v3] Link: https://lkml.kernel.org/r/20250624072513.84219-1-harry.yoo@oracle.com Link: https://lkml.kernel.org/r/20250620195305.1115151-1-harry.yoo@oracle.com Fixes: 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init") Fixes: 1438d349d16b ("lib: add memory allocations report in show_mem()") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202506181351.bba867dd-lkp@intel.com Acked-by: Suren Baghdasaryan <surenb(a)google.com> Tested-by: Raghavendra K T <raghavendra.kt(a)amd.com> Cc: Casey Chen <cachen(a)purestorage.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Yuanyuan Zhong <yzhong(a)purestorage.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/alloc_tag.c | 3 +++ 1 file changed, 3 insertions(+) --- a/lib/alloc_tag.c~lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users +++ a/lib/alloc_tag.c @@ -135,6 +135,9 @@ size_t alloc_tag_top_users(struct codeta struct codetag_bytes n; unsigned int i, nr = 0; + if (IS_ERR_OR_NULL(alloc_tag_cttype)) + return 0; + if (can_sleep) codetag_lock_module_list(alloc_tag_cttype, true); else if (!codetag_trylock_module_list(alloc_tag_cttype)) _ Patches currently in -mm which might be from harry.yoo(a)oracle.com are mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary.patch

2 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] kallsyms-fix-build-without-execinfo.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kallsyms: fix build without execinfo has been removed from the -mm tree. Its filename was kallsyms-fix-build-without-execinfo.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Achill Gilgenast <fossdd(a)pwned.life> Subject: kallsyms: fix build without execinfo Date: Sun, 22 Jun 2025 03:45:49 +0200 Some libc's like musl libc don't provide execinfo.h since it's not part of POSIX. In order to fix compilation on musl, only include execinfo.h if available (HAVE_BACKTRACE_SUPPORT) This was discovered with c104c16073b7 ("Kunit to check the longest symbol length") which starts to include linux/kallsyms.h with Alpine Linux' configs. Link: https://lkml.kernel.org/r/20250622014608.448718-1-fossdd@pwned.life Fixes: c104c16073b7 ("Kunit to check the longest symbol length") Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: Luis Henriques <luis(a)igalia.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) --- a/tools/include/linux/kallsyms.h~kallsyms-fix-build-without-execinfo +++ a/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_looku return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const ch free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif _ Patches currently in -mm which might be from fossdd(a)pwned.life are

2 months, 1 week

1
0
0 0

[folded-merged] lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 has been removed from the -mm tree. Its filename was lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3.patch This patch was dropped because it was folded into lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch ------------------------------------------------------ From: Harry Yoo <harry.yoo(a)oracle.com> Subject: lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 Date: Tue, 24 Jun 2025 16:25:13 +0900 Link: https://lkml.kernel.org/r/20250624072513.84219-1-harry.yoo@oracle.com Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202506181351.bba867dd-lkp@intel.com Closes: https://lore.kernel.org/oe-lkp/202506131711.5b41931c-lkp@intel.com Fixes: 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init") Fixes: 1438d349d16b ("lib: add memory allocations report in show_mem()") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> Cc: Casey Chen <cachen(a)purestorage.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Yuanyuan Zhong <yzhong(a)purestorage.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/alloc_tag.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/lib/alloc_tag.c~lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users-v3 +++ a/lib/alloc_tag.c @@ -137,7 +137,8 @@ size_t alloc_tag_top_users(struct codeta if (IS_ERR_OR_NULL(alloc_tag_cttype)) return 0; - else if (can_sleep) + + if (can_sleep) codetag_lock_module_list(alloc_tag_cttype, true); else if (!codetag_trylock_module_list(alloc_tag_cttype)) return 0; _ Patches currently in -mm which might be from harry.yoo(a)oracle.com are lib-alloc_tag-do-not-acquire-non-existent-lock-in-alloc_tag_top_users.patch mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction=n.patch mm-check-if-folio-has-valid-mapcount-before-folio_test_anonksm-when-necessary.patch

2 months, 1 week

1
0
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Thu, 10 Jul 2025 11:36:59 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in", v5. The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio), !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (24 samples each): Before: Avg: 10.67s, stddev: 0.04 After patch 1: Avg: 10.49s, stddev: 0.04 After patch 2: Avg: 10.42s, stddev: 0.05 After patch 3: Avg: 10.45s, stddev: 0.05 After patch 4: Avg: 10.49s, stddev: 0.04 After patch 5: Avg: 9.67s, stddev: 0.03 After patch 6: Avg: 9.67s, stddev: 0.04 After patch 7: Avg: 9.68s, stddev: 0.05 After patch 8: Avg: 9.66s, stddev: 0.04 Several patches improve the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j48 with defconfig in a 768M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 test runs): Before: avg: 3353.66s, stddev: 33.73 After patch 1: avg: 3354.19s, stddev: 42.54 After patch 2: avg: 3364.16s, stddev: 52.74 After patch 3: avg: 3355.73s, stddev: 36.17 After patch 4: avg: 3352.78s, stddev: 39.80 After patch 5: avg: 3355.19s, stddev: 50.78 After patch 6: avg: 3333.63s, stddev: 32.50 After patch 7: avg: 3297.70s, stddev: 38.93 After patch 8: avg: 3302.35s, stddev: 50.61 This patch (of 8): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250710033706.71042-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250710033706.71042-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Tested-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Dev Jain <dev.jain(a)arm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swap.val, 1 << folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-tidy-up-thp-swapin-checks.patch mm-shmem-swap-tidy-up-swap-entry-splitting.patch mm-shmem-swap-never-use-swap-cache-and-readahead-for-swp_synchronous_io.patch mm-shmem-swap-simplify-swapin-path-and-result-handling.patch mm-shmem-swap-rework-swap-entry-and-index-calculation-for-large-swapin.patch mm-shmem-swap-fix-major-fault-counting.patch

2 months, 1 week

1
0
0 0

[PATCH v2] zynq_fpga: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of statterlists related calls. dma_unmap_sg() function has to be called with the number of elements originally passed to the dma_map_sg() function, not the one returned in sgtable's nents. CC: stable(a)vger.kernel.org Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v2: - fixed build break (missing flags parameter) --- drivers/fpga/zynq-fpga.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git drivers/fpga/zynq-fpga.c drivers/fpga/zynq-fpga.c index f7e08f7ea9ef..0be0d569589d 100644 --- drivers/fpga/zynq-fpga.c +++ drivers/fpga/zynq-fpga.c @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) } priv->dma_nelms = - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); if (priv->dma_nelms == 0) { dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n"); return -ENOMEM; @@ -478,7 +478,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) clk_disable(priv->clk); out_free: - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); return err; } -- 2.34.1

2 months, 1 week

2
1
0 0

[PATCH v2 wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000

by Nick Morrow

From 17bf632a10e843af7a5f80d9e1449c5c26bb8486 Mon Sep 17 00:00:00 2001 From: Nick Morrow <morrownr(a)gmail.com> Date: Tue, 8 Jul 2025 16:40:42 -0500 Subject: [PATCH v2 wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 Add VID/PID 0846/9072 for recently released Netgear A9000. Signed-off-by: Nick Morrow <morrownr(a)gmail.com> Cc: stable(a)vger.kernel.org --- v2: - No change. --- drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c index 4dfbc1b6cfdd..bf040f34e4b9 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c @@ -12,6 +12,9 @@ static const struct usb_device_id mt7925u_device_table[] = { { USB_DEVICE_AND_INTERFACE_INFO(0x0e8d, 0x7925, 0xff, 0xff, 0xff), .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, + /* Netgear, Inc. A9000 */ + { USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9072, 0xff, 0xff, 0xff), + .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, { }, }; -- 2.48.1

2 months, 1 week

1
0
0 0

[PATCH 1/1] Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled

by mhkelley58＠gmail.com

From: Michael Kelley <mhklinux(a)outlook.com> Commit 96959283a58d ("Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests") selects CONFIG_SYSFB for Hyper-V guests so that screen_info is available to the VMBus driver to get the location of the framebuffer in Generation 2 VMs. However, if CONFIG_HYPERV is enabled but CONFIG_EFI is not, a kernel link error results in ARM64 builds because screen_info is provided by the EFI firmware interface. While configuring an ARM64 Hyper-V guest without EFI isn't useful since EFI is required to boot, the configuration is still possible and the link error should be prevented. Fix this by making the selection of CONFIG_SYSFB conditional on CONFIG_EFI being defined. For Generation 1 VMs on x86/x64, which don't use EFI, the additional condition is OK because such VMs get the framebuffer information via a mechanism that doesn't use screen_info. Fixes: 96959283a58d ("Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests") Reported-by: Arnd Bergmann <arnd(a)arndb.de> Closes: https://lore.kernel.org/linux-hyperv/20250610091810.2638058-1-arnd@kernel.o… Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202506080820.1wmkQufc-lkp@intel.com/ Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> --- drivers/hv/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig index 1cd188b73b74..57623ca7f350 100644 --- a/drivers/hv/Kconfig +++ b/drivers/hv/Kconfig @@ -9,7 +9,7 @@ config HYPERV select PARAVIRT select X86_HV_CALLBACK_VECTOR if X86 select OF_EARLY_FLATTREE if OF - select SYSFB if !HYPERV_VTL_MODE + select SYSFB if EFI && !HYPERV_VTL_MODE help Select this option to run Linux as a Hyper-V client operating system. -- 2.25.1

2 months, 1 week

5
4
0 0

[PATCH wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000

by Nick Morrow

From 17bf632a10e843af7a5f80d9e1449c5c26bb8486 Mon Sep 17 00:00:00 2001 From: Nick Morrow <morrownr(a)gmail.com> Date: Tue, 8 Jul 2025 16:40:42 -0500 Subject: [PATCH wireless-next] wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 Add VID/PID 0846/9072 for recently released Netgear A9000. Signed-off-by: Nick Morrow <morrownr(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c index 4dfbc1b6cfdd..bf040f34e4b9 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/usb.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/usb.c @@ -12,6 +12,9 @@ static const struct usb_device_id mt7925u_device_table[] = { { USB_DEVICE_AND_INTERFACE_INFO(0x0e8d, 0x7925, 0xff, 0xff, 0xff), .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, + /* Netgear, Inc. A9000 */ + { USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9072, 0xff, 0xff, 0xff), + .driver_info = (kernel_ulong_t)MT7925_FIRMWARE_WM }, { }, }; -- 2.48.1

2 months, 1 week

1
0
0 0

[PATCH 5.15 000/160] 5.15.187-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.187 release. There are 160 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.187-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.187-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: add support for CPUID leaf 0x80000021 Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Ioana Ciornei <ioana.ciornei(a)nxp.com> net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update SINGLE_STEP register access Radu Bulie <radu-andrei.bulie(a)nxp.com> dpaa2-eth: Update dpni_get_single_step_cfg command Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Jerome Neanne <jneanne(a)baylibre.com> regulator: gpio: Add input_supply support in gpio_regulator_config Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: 9354/1: ptrace: Use bitfield helpers Josef Bacik <josef(a)toxicpanda.com> btrfs: don't drop extent_map for free space inode on write error Dev Jain <dev.jain(a)arm.com> arm64: Restrict pagetable teardown to avoid false warning Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Fix last breaking event handling in case of stack corruption Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Dexuan Cui <decui(a)microsoft.com> PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Thomas Zimmermann <tzimmermann(a)suse.de> dummycon: Trigger redraw when switching consoles with deferred takeover Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make consw::con_switch() return a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: sanitize arguments of consw::con_clear() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make init parameter of consw::con_init() a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: remove unneeded forward declarations Jiri Slaby (SUSE) <jirislaby(a)kernel.org> vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen() Jiri Slaby <jirislaby(a)kernel.org> tty/vt: consolemap: rename and document struct uni_pagedir Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: delete a few unneeded forward decl Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Vitaly Kuznetsov <vkuznets(a)redhat.com> Drivers: hv: Rename 'alloced' to 'allocated' Murad Masimov <m.masimov(a)mt-integration.ru> fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Move console_lock for register/unlink/unregister Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: use lock_fb_info in fbcon_open/release Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: move more common code into fb_open() Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Extract fbcon_open/release helpers Daniel Vetter <daniel.vetter(a)ffwll.ch> fbcon: Use delayed work for cursor Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: Add devm helpers for get and enable Douglas Anderson <dianders(a)chromium.org> regulator: core: Allow drivers to define their init data as const Ming Qian <ming.qian(a)oss.nxp.com> media: imx-jpeg: Drop the first error frames Miquel Raynal <miquel.raynal(a)bootlin.com> clk: ti: am43xx: Add clkctrl data for am43xx ADC1 Marek Szyprowski <m.szyprowski(a)samsung.com> media: omap3isp: use sgtable-based scatterlist wrappers Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> media: davinci: vpif: Fix memory leak in probe error path Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 + Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/arm/include/asm/ptrace.h | 5 +- arch/arm64/mm/mmu.c | 3 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/s390/Makefile | 2 +- arch/s390/kernel/entry.S | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 13 + arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 19 +- arch/x86/include/asm/nospec-branch.h | 39 ++- arch/x86/kernel/cpu/amd.c | 58 ++++ arch/x86/kernel/cpu/bugs.c | 133 +++++++- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 15 +- arch/x86/kvm/cpuid.c | 25 +- arch/x86/kvm/reverse_cpuid.h | 8 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/um/asm/checksum.h | 3 + drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/pata_cs5536.c | 2 +- drivers/base/cpu.c | 2 + drivers/clk/ti/clk-43xx.c | 1 + drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/bridge/cdns-dsi.c | 27 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 9 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 39 ++- drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 33 +- drivers/hv/hyperv_vmbus.h | 19 +- drivers/hv/vmbus_drv.c | 2 +- drivers/hwmon/pmbus/max34440.c | 48 ++- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/infiniband/hw/mlx5/counters.c | 2 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/media/platform/davinci/vpif.c | 4 +- drivers/media/platform/imx-jpeg/mxc-jpeg.c | 12 +- drivers/media/platform/omap3isp/ispccdc.c | 8 +- drivers/media/platform/omap3isp/ispstat.c | 6 +- drivers/media/usb/uvc/uvc_ctrl.c | 42 ++- drivers/mfd/max14577.c | 1 + drivers/mmc/core/quirks.h | 16 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 9 + drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 78 +++-- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 115 ++++++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 14 +- .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 18 +- drivers/net/ethernet/freescale/dpaa2/dpni-cmd.h | 6 +- drivers/net/ethernet/freescale/dpaa2/dpni.c | 2 + drivers/net/ethernet/freescale/dpaa2/dpni.h | 6 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 +- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/pci/controller/pci-hyperv.c | 17 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 12 +- drivers/platform/x86/ideapad-laptop.c | 19 +- drivers/platform/x86/think-lmi.c | 18 +- drivers/regulator/devres.c | 192 ++++++++++++ drivers/regulator/gpio-regulator.c | 19 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/ufs/ufs-sysfs.c | 4 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +-- drivers/target/target_core_pr.c | 4 +- drivers/tty/serial/uartlite.c | 25 +- drivers/tty/vt/consolemap.c | 47 +-- drivers/tty/vt/vt.c | 12 +- drivers/uio/uio_hv_generic.c | 10 +- drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/video/console/dummycon.c | 24 +- drivers/video/console/mdacon.c | 21 +- drivers/video/console/newport_con.c | 12 +- drivers/video/console/sticon.c | 14 +- drivers/video/console/vgacon.c | 38 +-- drivers/video/fbdev/core/fbcon.c | 336 ++++++++++----------- drivers/video/fbdev/core/fbcon.h | 4 +- drivers/video/fbdev/core/fbmem.c | 43 +-- fs/btrfs/inode.c | 19 +- fs/btrfs/tree-log.c | 4 +- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/cifs/misc.c | 8 + fs/f2fs/super.c | 30 +- fs/jfs/jfs_dmap.c | 41 +-- fs/ksmbd/smb2pdu.c | 53 ++-- fs/namespace.c | 8 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++--- fs/nfs/inode.c | 19 +- fs/nfs/nfs4proc.c | 12 +- fs/nfs/pnfs.c | 4 +- fs/overlayfs/util.c | 4 +- include/dt-bindings/clock/am4.h | 1 + include/linux/console.h | 13 +- include/linux/console_struct.h | 6 +- include/linux/cpu.h | 1 + include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/linux/regulator/consumer.h | 31 ++ include/linux/regulator/gpio-regulator.h | 2 + include/linux/usb/typec_dp.h | 1 + include/uapi/linux/vm_sockets.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/rx.c | 4 + net/mac80211/util.c | 2 +- net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/unix/af_unix.c | 18 +- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/soc/codecs/wcd9335.c | 62 ++-- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + 182 files changed, 1971 insertions(+), 847 deletions(-)

2 months, 1 week

4
171
0 0

[PATCH 6.12 000/232] 6.12.37-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.37 release. There are 232 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 16:22:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.37-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.37-rc1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Kairui Song <kasong(a)tencent.com> mm: userfaultfd: fix race of userfaultfd_move and swap cache Jeongjun Park <aha310510(a)gmail.com> mm/vmalloc: fix data race in show_numa_info() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kernel: Fix ppc_save_regs inclusion in build Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Vivian Wang <wangruikang(a)iscas.ac.cn> riscv: cpu_ops_sbi: Use static array for boot_data Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Jens Wiklander <jens.wiklander(a)linaro.org> optee: ffa: fix sleep in atomic context Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Shyam Prasad N <sprasad(a)microsoft.com> cifs: all initializations for tcon should happen in tcon_info_alloc Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: acpi: fix device link removal Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Abort suspend on soft disconnect failure Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with CV Bad Descriptor test Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Roy Luo <royluo(a)google.com> Revert "usb: xhci: Implement xhci_handshake_check_state() helper" Roy Luo <royluo(a)google.com> usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Harry Austen <hpausten(a)protonmail.com> drm/xe: Allow dropping kunit dependency as built-in Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe/bmg: Update Wa_22019338487 Or Har-Toov <ohartoov(a)nvidia.com> IB/mlx5: Fix potential deadlock in MR deregistration Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix cache entry update on dereg error Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Al Viro <viro(a)zeniv.linux.org.uk> add a string-to-qstr constructor Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Gyeyoung Baek <gye976(a)gmail.com> genirq/irq_sim: Initialize work context pointers properly Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Ewan D. Milne <emilne(a)redhat.com> scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag Tejun Heo <tj(a)kernel.org> sched_ext: Make scx_group_set_weight() always update tg->scx.weight Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add missing locking in helper functions Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for DSC / HUBP ONO guarantees Frank Min <Frank.Min(a)amd.com> drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Sonny Jiang <sonny.jiang(a)amd.com> drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: change security_compute_sid to return the ssid or tsid on match Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/guc: Explicitly exit CT safe mode on unwind John Harrison <John.C.Harrison(a)Intel.com> drm/xe/guc: Dead CT helper Nitin Gote <nitin.r.gote(a)intel.com> drm/xe: Replace double space with single space after comma Matthew Auld <matthew.auld(a)intel.com> drm/xe: move DPT l2 flush to a more sensible place Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> drm/xe: Allow bo mapping on multiple ggtts Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/xe: add interface to request physical alignment for buffer objects Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Move DSB l2 flush to a more sensible place Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Fix DSB buffer coherency Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() David Howells <dhowells(a)redhat.com> netfs: Fix oops in write-retry from mis-resetting the subreq iterator Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Refactor sequential core power up/down operations Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Use devm_rproc_add() helper Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Use devm_ioremap_wc() helper Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Use devm_kcalloc() helper Beleswar Padhi <b-padhi(a)ti.com> remoteproc: k3-r5: Add devm action to release reserved memory Markus Elfring <elfring(a)users.sourceforge.net> remoteproc: k3: Call of_node_put(rmem_np) only once in three functions Kees Cook <kees(a)kernel.org> ubsan: integer-overflow: depend on BROKEN to keep this out of CI Pengyu Luo <mitltlatltl(a)gmail.com> arm64: dts: qcom: sm8650: add the missing l2 cache node Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: Factor out White Hawk Single board support Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: Use interrupts-extended for Ethernet PHYs Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: change labels to lower-case Yonghong Song <yonghong.song(a)linux.dev> bpf: Do not include stack ptr register in precision backtracking bookkeeping Andrii Nakryiko <andrii(a)kernel.org> bpf: use common instruction history across all states Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix the problem of uninstalling driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix cache write-back issue Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure Chao Yu <chao(a)kernel.org> f2fs: zone: fix to calculate first_zoned_segno correctly Chao Yu <chao(a)kernel.org> f2fs: zone: introduce first_zoned_segno in f2fs_sb_info Daeho Jeong <daehojeong(a)google.com> f2fs: decrease spare area for pinned files for zoned devices Arnd Bergmann <arnd(a)arndb.de> iommu: ipmmu-vmsa: avoid Wformat-security warning Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com> wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers P Praneesh <praneesh.p(a)oss.qualcomm.com> wifi: ath12k: Handle error cases during extended skb allocation Nicolas Escande <nico.escande(a)gmail.com> wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path Cosmin Ratiu <cratiu(a)nvidia.com> bonding: Mark active offloaded xfrm_states Armin Wolf <W_Armin(a)gmx.de> ACPI: thermal: Execute _SCP before reading trip points xueqin Luo <luoxueqin(a)kylinos.cn> ACPI: thermal: Fix stale comment regarding trip points Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Reinit cache on part reset Martin Povišer <povik+lin(a)cutebit.org> ASoC: tas2764: Extend driver to SN012776 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Don't start unnecessary transactions during log flush Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move gfs2_trans_add_databufs Xuewen Yan <xuewen.yan(a)unisoc.com> sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Add new cfs_rq.h_nr_runnable Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Rename h_nr_running into h_nr_queued Filipe Manana <fdmanana(a)suse.com> btrfs: fix wrong start offset for delalloc space release during mmap write Qu Wenruo <wqu(a)suse.com> btrfs: prepare btrfs_page_mkwrite() for large folios Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: deallocate inodes in gfs2_create_inode Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Move gfs2_dinode_dealloc Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Add GLF_PENDING_REPLY flag Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Decode missing glock flags in tracepoints Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Prevent inode creation race Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename dinode_demise to evict_behavior Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Initialize gl_no_formal_ino earlier David Gow <davidgow(a)google.com> kunit: qemu_configs: Disable faulting tests on 32-bit SPARC Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kunit: qemu_configs: sparc: use Zilog console Herbert Xu <herbert(a)gondor.apana.org.au> crypto: zynqmp-sha - Add locking Christian Marangi <ansuelsmth(a)gmail.com> spinlock: extend guard with spinlock_bh variants Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Do not clobber req->base.data Herbert Xu <herbert(a)gondor.apana.org.au> crypto: iaa - Remove dst_null support Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() David Howells <dhowells(a)redhat.com> netfs: Fix i_size updating Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_writev_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in cifs_readv_callback() Paulo Alcantara <pc(a)manguebit.org> smb: client: set missing retry flag in smb2_writev_callback() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Ahmed Zaki <ahmed.zaki(a)intel.com> idpf: convert control queue mutex to a spinlock Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> idpf: return 0 size for RSS key if not supported Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: aux-hpd-bridge: fix assignment of the of_node Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: dell-sysman: Directly use firmware_attributes_class Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: think-lmi: Directly use firmware_attributes_class Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Simplify API Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Move include linux/device/class.h Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: hp-bioscfg: Directly use firmware_attributes_class Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dmitry Bogdanov <d.bogdanov(a)yadro.com> nvmet: fix memory leak of bio integrity Alok Tiwari <alok.a.tiwari(a)oracle.com> nvme: Fix incorrect cdw15 value in passthru error logging Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: record new subvolume in parent dir earlier to avoid dir logging races Filipe Manana <fdmanana(a)suse.com> btrfs: fix inode lookup error handling during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid inode pointer dereferences during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: return a btrfs_inode from read_one_inode() Filipe Manana <fdmanana(a)suse.com> btrfs: return a btrfs_inode from btrfs_iget_logging() Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name jackysliu <1972843537(a)qq.com> scsi: sd: Fix VPD page 0xb7 length check Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Fix unsafe xarray access in implicit ODP handling David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Move memory allocation outside the mutex locking Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Add support for {un,}registration of framework notifications Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Stash ffa_device instead of notify_type in notifier_cb_info Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Refactoring to prepare for framework notification support Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Fix memory leak by freeing notifier callback node Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Yunshui Jiang <jiangyunshui(a)kylinos.cn> Input: cs40l50-vibra - fix potential NULL dereference in cs40l50_upload_owt() Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Nicolin Chen <nicolinc(a)nvidia.com> iommufd/selftest: Fix iommufd_dirty_tracking with large hugepage sizes Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Christian Eggers <ceggers(a)arri.de> Bluetooth: HCI: Set extended advertising data synchronously Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the incorrect display of the queue number HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: request MISC IRQ in ndo_open Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix stale function handles in error handling Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: xsk: rx: fix the frame's length check Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 + Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 + Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 163 +- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 + .../arm64/boot/dts/renesas/beacon-renesom-som.dtsi | 3 +- arch/arm64/boot/dts/renesas/cat875.dtsi | 3 +- arch/arm64/boot/dts/renesas/condor-common.dtsi | 3 +- arch/arm64/boot/dts/renesas/draak.dtsi | 3 +- arch/arm64/boot/dts/renesas/ebisu.dtsi | 3 +- arch/arm64/boot/dts/renesas/hihope-rzg2-ex.dtsi | 3 +- arch/arm64/boot/dts/renesas/r8a77970-eagle.dts | 3 +- arch/arm64/boot/dts/renesas/r8a77970-v3msk.dts | 3 +- arch/arm64/boot/dts/renesas/r8a77980-v3hsk.dts | 3 +- arch/arm64/boot/dts/renesas/r8a779a0-falcon.dts | 3 +- .../boot/dts/renesas/r8a779f0-spider-ethernet.dtsi | 9 +- arch/arm64/boot/dts/renesas/r8a779f4-s4sk.dts | 6 +- .../dts/renesas/r8a779g2-white-hawk-single.dts | 63 +- .../boot/dts/renesas/r8a779h0-gray-hawk-single.dts | 3 +- arch/arm64/boot/dts/renesas/rzg2l-smarc-som.dtsi | 6 +- arch/arm64/boot/dts/renesas/rzg2lc-smarc-som.dtsi | 3 +- arch/arm64/boot/dts/renesas/rzg2ul-smarc-som.dtsi | 6 +- arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 6 +- arch/arm64/boot/dts/renesas/salvator-common.dtsi | 3 +- arch/arm64/boot/dts/renesas/ulcb.dtsi | 3 +- .../boot/dts/renesas/white-hawk-cpu-common.dtsi | 3 +- .../boot/dts/renesas/white-hawk-ethernet.dtsi | 6 +- arch/arm64/boot/dts/renesas/white-hawk-single.dtsi | 77 + arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 42 +- arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/powerpc/kernel/Makefile | 2 - arch/riscv/kernel/cpu_ops_sbi.c | 6 +- arch/s390/pci/pci_event.c | 15 + arch/x86/Kconfig | 9 + arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 + arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 28 +- arch/x86/include/asm/nospec-branch.h | 37 +- arch/x86/kernel/cpu/amd.c | 60 + arch/x86/kernel/cpu/bugs.c | 133 +- arch/x86/kernel/cpu/common.c | 14 +- arch/x86/kernel/cpu/microcode/amd.c | 12 - arch/x86/kernel/cpu/microcode/amd_shas.c | 112 ++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 +- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/reverse_cpuid.h | 8 + arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/acpi/thermal.c | 12 +- drivers/ata/libata-acpi.c | 24 +- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 140 +- drivers/crypto/xilinx/zynqmp-sha.c | 18 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/firmware/arm_ffa/driver.c | 284 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 10 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 + drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 1624 ++++++++++++++++++++ .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 35 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 8 +- drivers/gpu/drm/bridge/aux-hpd-bridge.c | 3 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 + drivers/gpu/drm/i915/display/intel_dp.c | 18 + drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 +- drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 + drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 +- drivers/gpu/drm/xe/Kconfig | 3 +- drivers/gpu/drm/xe/abi/guc_communication_ctb_abi.h | 1 + .../xe/compat-i915-headers/gem/i915_gem_stolen.h | 2 +- drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 18 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 17 +- drivers/gpu/drm/xe/regs/xe_reg_defs.h | 2 +- drivers/gpu/drm/xe/xe_bo.c | 78 +- drivers/gpu/drm/xe/xe_bo.h | 40 +- drivers/gpu/drm/xe/xe_bo_evict.c | 14 +- drivers/gpu/drm/xe/xe_bo_types.h | 10 +- drivers/gpu/drm/xe/xe_device.c | 49 +- drivers/gpu/drm/xe/xe_ggtt.c | 35 +- drivers/gpu/drm/xe/xe_guc.c | 4 +- drivers/gpu/drm/xe/xe_guc_ct.c | 350 ++++- drivers/gpu/drm/xe/xe_guc_ct.h | 2 +- drivers/gpu/drm/xe/xe_guc_ct_types.h | 23 + drivers/gpu/drm/xe/xe_guc_pc.c | 144 ++ drivers/gpu/drm/xe/xe_guc_pc.h | 2 + drivers/gpu/drm/xe/xe_guc_pc_types.h | 2 + drivers/gpu/drm/xe/xe_irq.c | 4 +- drivers/gpu/drm/xe/xe_trace_bo.h | 2 +- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 33 + drivers/infiniband/hw/mlx5/mr.c | 95 +- drivers/infiniband/hw/mlx5/odp.c | 8 +- drivers/infiniband/sw/rxe/rxe_qp.c | 7 +- drivers/input/joystick/xpad.c | 2 + drivers/input/misc/cs40l50-vibra.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/ipmmu-vmsa.c | 2 +- drivers/iommu/rockchip-iommu.c | 3 +- drivers/mfd/exynos-lpass.c | 25 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 + drivers/mtd/nand/spi/core.c | 1 + drivers/net/bonding/bond_main.c | 8 +- drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 + drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 +- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +- drivers/net/ethernet/intel/idpf/idpf_controlq.c | 23 +- .../net/ethernet/intel/idpf/idpf_controlq_api.h | 2 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 4 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 12 +- drivers/net/ethernet/intel/igc/igc_main.c | 10 + drivers/net/ethernet/sun/niu.c | 31 +- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/ethernet/wangxun/libwx/wx_lib.c | 1 + drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 22 +- drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 60 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 3 +- drivers/net/wireless/ath/ath12k/dp_rx.h | 3 + drivers/net/wireless/ath/ath12k/dp_tx.c | 21 +- drivers/net/wireless/ath/ath12k/mac.c | 16 +- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/target/nvmet.h | 2 + drivers/platform/mellanox/mlxbf-pmc.c | 2 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 +- drivers/platform/x86/firmware_attributes_class.c | 41 +- drivers/platform/x86/firmware_attributes_class.h | 3 + drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 +- drivers/platform/x86/think-lmi.c | 103 +- drivers/powercap/intel_rapl_common.c | 18 +- drivers/regulator/fan53555.c | 14 + drivers/regulator/gpio-regulator.c | 8 +- drivers/remoteproc/ti_k3_dsp_remoteproc.c | 6 +- drivers/remoteproc/ti_k3_m4_remoteproc.c | 6 +- drivers/remoteproc/ti_k3_r5_remoteproc.c | 180 ++- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/lpfc/lpfc_bsg.c | 6 +- drivers/scsi/lpfc/lpfc_crtn.h | 2 +- drivers/scsi/lpfc/lpfc_ct.c | 18 +- drivers/scsi/lpfc/lpfc_debugfs.c | 4 +- drivers/scsi/lpfc/lpfc_disc.h | 60 +- drivers/scsi/lpfc/lpfc_els.c | 441 +++--- drivers/scsi/lpfc/lpfc_hbadisc.c | 305 ++-- drivers/scsi/lpfc/lpfc_init.c | 58 +- drivers/scsi/lpfc/lpfc_nportdisc.c | 329 ++-- drivers/scsi/lpfc/lpfc_nvme.c | 9 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/lpfc/lpfc_scsi.c | 8 +- drivers/scsi/lpfc/lpfc_sli.c | 78 +- drivers/scsi/lpfc/lpfc_vport.c | 6 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/sd.c | 2 +- drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/tee/optee/ffa_abi.c | 41 +- drivers/tee/optee/optee_private.h | 2 + drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/usb/cdns3/cdnsp-debug.h | 5 +- drivers/usb/cdns3/cdnsp-ep0.c | 18 +- drivers/usb/cdns3/cdnsp-gadget.h | 6 + drivers/usb/cdns3/cdnsp-ring.c | 7 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/hub.c | 3 + drivers/usb/core/quirks.c | 3 +- drivers/usb/core/usb-acpi.c | 4 +- drivers/usb/dwc3/core.c | 9 +- drivers/usb/dwc3/gadget.c | 22 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 + drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/host/xhci.c | 31 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/typec/altmodes/displayport.c | 5 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 14 +- fs/anon_inodes.c | 27 +- fs/bcachefs/fsck.c | 2 +- fs/bcachefs/recovery.c | 2 - fs/bcachefs/util.h | 2 - fs/btrfs/file.c | 21 +- fs/btrfs/inode.c | 36 +- fs/btrfs/ioctl.c | 4 +- fs/btrfs/tree-log.c | 377 +++-- fs/erofs/xattr.c | 2 +- fs/f2fs/data.c | 2 +- fs/f2fs/f2fs.h | 35 +- fs/f2fs/file.c | 3 +- fs/f2fs/gc.h | 1 + fs/f2fs/segment.c | 11 +- fs/f2fs/segment.h | 10 - fs/f2fs/super.c | 42 + fs/file_table.c | 4 +- fs/gfs2/aops.c | 54 +- fs/gfs2/aops.h | 3 +- fs/gfs2/bmap.c | 3 +- fs/gfs2/glock.c | 19 +- fs/gfs2/glops.c | 9 +- fs/gfs2/incore.h | 3 +- fs/gfs2/inode.c | 96 +- fs/gfs2/inode.h | 1 + fs/gfs2/log.c | 7 +- fs/gfs2/super.c | 114 +- fs/gfs2/trace_gfs2.h | 9 +- fs/gfs2/trans.c | 21 + fs/gfs2/trans.h | 2 + fs/gfs2/xattr.c | 11 +- fs/gfs2/xattr.h | 2 +- fs/kernfs/file.c | 2 +- fs/netfs/buffered_write.c | 2 + fs/netfs/direct_write.c | 8 +- fs/netfs/write_collect.c | 5 +- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +- fs/nfs/inode.c | 17 +- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifsproto.h | 1 + fs/smb/client/cifssmb.c | 2 + fs/smb/client/connect.c | 15 +- fs/smb/client/misc.c | 6 + fs/smb/client/readdir.c | 2 +- fs/smb/client/smb2pdu.c | 11 +- include/linux/arm_ffa.h | 5 + include/linux/bpf_verifier.h | 31 +- include/linux/cpu.h | 1 + include/linux/dcache.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/libata.h | 7 +- include/linux/spinlock.h | 13 + include/linux/usb.h | 2 + include/linux/usb/typec_dp.h | 1 + kernel/bpf/verifier.c | 125 +- kernel/irq/irq_sim.c | 2 +- kernel/rcu/tree.c | 4 + kernel/sched/core.c | 4 +- kernel/sched/debug.c | 7 +- kernel/sched/ext.c | 12 +- kernel/sched/fair.c | 117 +- kernel/sched/pelt.c | 4 +- kernel/sched/sched.h | 5 +- lib/Kconfig.ubsan | 2 + lib/test_objagg.c | 4 +- mm/secretmem.c | 10 +- mm/userfaultfd.c | 33 +- mm/vmalloc.c | 63 +- net/bluetooth/hci_event.c | 36 - net/bluetooth/hci_sync.c | 227 +-- net/bluetooth/mgmt.c | 25 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +- net/sunrpc/rpc_pipe.c | 14 +- net/vmw_vsock/vmci_transport.c | 4 +- security/selinux/ss/services.c | 16 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 + sound/soc/codecs/tas2764.c | 46 +- sound/soc/codecs/tas2764.h | 3 + tools/testing/kunit/qemu_configs/sparc.py | 7 +- tools/testing/selftests/iommu/iommufd.c | 30 +- 305 files changed, 6076 insertions(+), 2826 deletions(-)

2 months, 1 week

10
242
0 0

[PATCH 6.6 000/130] 6.6.97-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.97 release. There are 130 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 10 Jul 2025 18:32:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.97-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.97-rc2 Chao Yu <chao(a)kernel.org> f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault Borislav Petkov (AMD) <bp(a)alien8.de> x86/process: Move the buffer clearing before MONITOR Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Add TSA microcode SHAs Borislav Petkov (AMD) <bp(a)alien8.de> KVM: SVM: Advertise TSA CPUID bits to guests Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Add a Transient Scheduler Attacks mitigation Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Rename MDS machinery to something more generic Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kernel: Fix ppc_save_regs inclusion in build Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: displayport: Fix potential deadlock Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix sysfs group cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix kobject cleanup Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Create ksets consecutively Zhang Rui <rui.zhang(a)intel.com> powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Simon Xue <xxm(a)rock-chips.com> iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU Oliver Neukum <oneukum(a)suse.com> Logitech C-270 even more broken Michael J. Ruhl <michael.j.ruhl(a)intel.com> i2c/designware: Fix an initialization issue Christian König <christian.koenig(a)amd.com> dma-buf: fix timeout handling in dma_resv_wait_timeout v2 Philipp Kerling <pkerling(a)casix.org> smb: client: fix readdir returning wrong type with POSIX extensions Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Peter Chen <peter.chen(a)cixtech.com> usb: cdnsp: do not disable slot for disabled slot Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - explicitly define number of external channels Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - support Acer NGR 200 Controller Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Flush queued requests before stopping dbc Łukasz Bartosik <ukaszb(a)chromium.org> xhci: dbctty: disable ECHO flag by default Raju Rangoju <Raju.Rangoju(a)amd.com> usb: xhci: quirk for data loss in ISOC transfers Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/flexfiles: Fix handling of NFS level errors in I/O Shivank Garg <shivankg(a)amd.com> fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Peter Zijlstra <peterz(a)infradead.org> module: Provide EXPORT_SYMBOL_GPL_FOR_MODULES() helper Kurt Borja <kuurtb(a)gmail.com> platform/x86: hp-bioscfg: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: hp-bioscfg: Directly use firmware_attributes_class Maíra Canal <mcanal(a)igalia.com> drm/v3d: Disable interrupts before resetting the GPU Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu: Return early if callback is not specified Pablo Martin-Gomez <pmartin-gomez(a)freebox.fr> mtd: spinand: fix memory leak of ECC engine conf Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPICA: Refuse to evaluate a method if arguments are missing Johannes Berg <johannes.berg(a)intel.com> wifi: ath6kl: remove WARN on bad firmware input Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: drop invalid source address OCB frames Justin Sanders <jsanders.devel(a)gmail.com> aoe: defer rexmit timer downdev work to workqueue Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() Heiko Stuebner <heiko(a)sntech.de> regulator: fan53555: add enable_time support and soft-start times Raven Black <ravenblack(a)gmail.com> ASoC: amd: yc: update quirk data for HP Victus Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc: Fix struct termio related ioctl macros Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list Gabriel Santese <santesegabriel(a)gmail.com> ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic Johannes Berg <johannes.berg(a)intel.com> ata: pata_cs5536: fix build on 32-bit UML Tasos Sahanidis <tasos(a)tasossah.com> ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Force to disable DMAs once when DMA mode is changed Takashi Iwai <tiwai(a)suse.de> ALSA: sb: Don't allow changing the DMA mode during operations Rob Clark <robdclark(a)chromium.org> drm/msm: Fix another leak in the submit error path Rob Clark <robdclark(a)chromium.org> drm/msm: Fix a fence leak in submit error path Xin Li (Intel) <xin(a)zytor.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: core: Add OPP support for scaling clocks and regulators Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix abnormal scale up after last cmd finish Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page Chao Yu <chao(a)kernel.org> f2fs: convert f2fs_vm_page_mkwrite() to use folio Daeho Jeong <daehojeong(a)google.com> f2fs: prevent writing without fallocate() for pinned files Chao Yu <chao(a)kernel.org> f2fs: add tracepoint for f2fs_vm_page_mkwrite() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: chan: chandef is non-NULL for reserved Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix race condition in negotiate timeout by using more precise timing Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: do not double read link status Lion Ackermann <nnamrec(a)gmail.com> net/sched: Always pass notifications when child class becomes empty Thomas Fourier <fourier.thomas(a)gmail.com> nui: Fix dma_mapping_error() check Kohei Enju <enjuk(a)amazon.com> rose: fix dangling neighbour pointers in rose_rt_device_down() Alok Tiwari <alok.a.tiwari(a)oracle.com> enic: fix incorrect MTU comparison in enic_change_mtu() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: align CL37 AN sequence as per databook Dan Carpenter <dan.carpenter(a)linaro.org> lib: test_objagg: Set error message in check_expect_hints_stats() Vitaly Lifshits <vitaly.lifshits(a)intel.com> igc: disable L1.2 PCI-E link substate to avoid performance issue Junxiao Chang <junxiao.chang(a)intel.com> drm/i915/gsc: mei interrupt top half should be in irq disabled context Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915/gt: Fix timeline left held on VMA alloc error Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Paulo Alcantara <pc(a)manguebit.org> smb: client: fix warning when reconnecting channel Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: mlxreg-lc: Fix logic error in power state check Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: dell-sysman: Directly use firmware_attributes_class Kurt Borja <kuurtb(a)gmail.com> platform/x86: think-lmi: Fix class device unregistration Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: think-lmi: Directly use firmware_attributes_class Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Simplify API Thomas Weißschuh <linux(a)weissschuh.net> platform/x86: firmware_attributes_class: Move include linux/device/class.h Ricardo B. Marliere <ricardo(a)marliere.net> platform/x86: make fw_attr_class constant Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8550: add UART14 nodes Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks Dan Carpenter <dan.carpenter(a)linaro.org> drm/i915/selftests: Change mock_request() to return error pointers James Clark <james.clark(a)linaro.org> spi: spi-fsl-dspi: Clear completion counter before initiating transfer Marek Szyprowski <m.szyprowski(a)samsung.com> drm/exynos: fimd: Guard display clock control with runtime PM calls Fushuai Wang <wangfushuai(a)baidu.com> dpaa2-eth: fix xdp_rxq_info leak Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: atl1: Add missing DMA mapping error checks and count errors Filipe Manana <fdmanana(a)suse.com> btrfs: use btrfs_record_snapshot_destroy() during rmdir Filipe Manana <fdmanana(a)suse.com> btrfs: propagate last_unlink_trans earlier when doing a rmdir Anand Jain <anand.jain(a)oracle.com> btrfs: rename err to ret in btrfs_rmdir() Filipe Manana <fdmanana(a)suse.com> btrfs: fix iteration of extrefs during log replay Filipe Manana <fdmanana(a)suse.com> btrfs: fix missing error handling when searching for inode refs during log replay Yang Li <yang.li(a)amlogic.com> Bluetooth: Prevent unintended pause by checking if advertising is active Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback for MPV device Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix CC counters query for MPV Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix HW counters query for non-representor devices Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix spelling of a sysfs attribute name Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() Benjamin Coddington <bcodding(a)redhat.com> NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN Kuniyuki Iwashima <kuniyu(a)google.com> nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. Mark Zhang <markzhang(a)nvidia.com> RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename Sergey Senozhatsky <senozhatsky(a)chromium.org> mtk-sd: reset host->mrq on prepare_data() error Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Prevent memory corruption from DMA map failure Masami Hiramatsu (Google) <mhiramat(a)kernel.org> mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: do not index invalid pin_assignments Manivannan Sadhasivam <mani(a)kernel.org> regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: mesh_send: check instances prior disabling advertising Christian Eggers <ceggers(a)arri.de> Bluetooth: MGMT: set_mesh: update LE scan interval and window Christian Eggers <ceggers(a)arri.de> Bluetooth: hci_sync: revert some mesh modifications Avri Altman <avri.altman(a)sandisk.com> mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier Ulf Hansson <ulf.hansson(a)linaro.org> Revert "mmc: sdhci: Disable SD card clock before changing parameters" Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci: Add a helper function for dump register in dynamic debug mode HarshaVardhana S A <harshavardhana.sa(a)broadcom.com> vsock/vmci: Clear the vmci transport packet properly when initializing it Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Do not try re-enabling load/store if device is disabled Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Mateusz Jończyk <mat.jonczyk(a)o2.pl> rtc: cmos: use spin_lock_irqsave in cmos_interrupt Elena Popa <elena.popa(a)nxp.com> rtc: pcf2127: fix SPI command byte for PCF2131 Hugo Villeneuve <hvilleneuve(a)dimonoff.com> rtc: pcf2127: add missing semicolon after statement ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/ABI/testing/sysfs-driver-ufs | 2 +- .../hw-vuln/processor_mmio_stale_data.rst | 4 +- Documentation/admin-guide/kernel-parameters.txt | 13 ++ Documentation/arch/x86/mds.rst | 8 +- Documentation/core-api/symbol-namespaces.rst | 22 +++ Makefile | 4 +- arch/arm64/boot/dts/apple/t8103-jxxx.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8550.dtsi | 30 ++++ arch/powerpc/include/uapi/asm/ioctls.h | 8 +- arch/powerpc/kernel/Makefile | 2 - arch/s390/pci/pci_event.c | 4 + arch/x86/Kconfig | 9 ++ arch/x86/entry/entry.S | 8 +- arch/x86/include/asm/cpu.h | 12 ++ arch/x86/include/asm/cpufeatures.h | 6 + arch/x86/include/asm/irqflags.h | 4 +- arch/x86/include/asm/mwait.h | 28 ++-- arch/x86/include/asm/nospec-branch.h | 37 +++-- arch/x86/include/uapi/asm/debugreg.h | 21 ++- arch/x86/kernel/cpu/amd.c | 60 ++++++++ arch/x86/kernel/cpu/bugs.c | 133 ++++++++++++++++- arch/x86/kernel/cpu/common.c | 38 +++-- arch/x86/kernel/cpu/microcode/amd.c | 12 -- arch/x86/kernel/cpu/microcode/amd_shas.c | 112 +++++++++++++++ arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/process.c | 16 ++- arch/x86/kernel/traps.c | 32 +++-- arch/x86/kvm/cpuid.c | 8 +- arch/x86/kvm/reverse_cpuid.h | 8 ++ arch/x86/kvm/svm/vmenter.S | 6 + arch/x86/kvm/vmx/vmx.c | 2 +- drivers/acpi/acpica/dsmethod.c | 7 + drivers/ata/libata-acpi.c | 24 ++-- drivers/ata/pata_cs5536.c | 2 +- drivers/ata/pata_via.c | 6 +- drivers/base/cpu.c | 3 + drivers/block/aoe/aoe.h | 1 + drivers/block/aoe/aoecmd.c | 8 +- drivers/block/aoe/aoedev.c | 5 +- drivers/dma-buf/dma-resv.c | 12 +- drivers/gpu/drm/exynos/exynos_drm_fimd.c | 12 ++ drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 +- drivers/gpu/drm/i915/gt/intel_gsc.c | 2 +- drivers/gpu/drm/i915/gt/intel_ring_submission.c | 3 +- drivers/gpu/drm/i915/selftests/i915_request.c | 20 +-- drivers/gpu/drm/i915/selftests/mock_request.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 17 ++- drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/v3d/v3d_drv.h | 8 ++ drivers/gpu/drm/v3d/v3d_gem.c | 2 + drivers/gpu/drm/v3d/v3d_irq.c | 37 +++-- drivers/i2c/busses/i2c-designware-master.c | 1 + drivers/infiniband/hw/mlx5/counters.c | 4 +- drivers/infiniband/hw/mlx5/devx.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 33 +++++ drivers/input/joystick/xpad.c | 2 + drivers/input/misc/iqs7222.c | 7 +- drivers/iommu/rockchip-iommu.c | 3 +- drivers/mmc/core/quirks.h | 12 +- drivers/mmc/host/mtk-sd.c | 21 ++- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci.h | 16 +++ drivers/mtd/nand/spi/core.c | 1 + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 13 ++ drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 24 ++-- drivers/net/ethernet/amd/xgbe/xgbe.h | 4 +- drivers/net/ethernet/atheros/atlx/atl1.c | 79 +++++++--- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 7 +- drivers/net/ethernet/cisco/enic/enic_main.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 26 +++- drivers/net/ethernet/intel/igc/igc_main.c | 10 ++ drivers/net/ethernet/sun/niu.c | 31 +++- drivers/net/ethernet/sun/niu.h | 4 + drivers/net/usb/lan78xx.c | 2 - drivers/net/virtio_net.c | 38 ++++- drivers/net/wireless/ath/ath6kl/bmi.c | 4 +- drivers/platform/mellanox/mlxbf-tmfifo.c | 3 +- drivers/platform/mellanox/mlxreg-lc.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 2 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++ .../x86/dell/dell-wmi-sysman/dell-wmi-sysman.h | 5 + .../x86/dell/dell-wmi-sysman/enum-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/int-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 5 +- .../x86/dell/dell-wmi-sysman/string-attributes.c | 5 +- drivers/platform/x86/dell/dell-wmi-sysman/sysman.c | 25 ++-- drivers/platform/x86/firmware_attributes_class.c | 41 ++---- drivers/platform/x86/firmware_attributes_class.h | 5 +- drivers/platform/x86/hp/hp-bioscfg/bioscfg.c | 14 +- drivers/platform/x86/think-lmi.c | 103 +++++-------- drivers/powercap/intel_rapl_common.c | 18 ++- drivers/regulator/fan53555.c | 14 ++ drivers/regulator/gpio-regulator.c | 8 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-pcf2127.c | 7 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/spi/spi-fsl-dspi.c | 11 +- drivers/target/target_core_pr.c | 4 +- drivers/ufs/core/ufs-sysfs.c | 4 +- drivers/ufs/core/ufshcd.c | 160 +++++++++++++++------ drivers/usb/cdns3/cdnsp-ring.c | 4 +- drivers/usb/chipidea/udc.c | 7 + drivers/usb/core/quirks.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 4 + drivers/usb/host/xhci-dbgtty.c | 1 + drivers/usb/host/xhci-mem.c | 4 + drivers/usb/host/xhci-pci.c | 25 ++++ drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci.h | 1 + drivers/usb/typec/altmodes/displayport.c | 5 +- fs/anon_inodes.c | 23 ++- fs/btrfs/inode.c | 56 ++++---- fs/btrfs/ordered-data.c | 12 +- fs/btrfs/tree-log.c | 8 +- fs/f2fs/file.c | 119 ++++++++++----- fs/nfs/flexfilelayout/flexfilelayout.c | 121 +++++++++++----- fs/nfs/inode.c | 17 ++- fs/nfs/pnfs.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/connect.c | 7 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/smb2pdu.c | 10 +- fs/smb/client/trace.h | 18 +-- include/linux/cpu.h | 1 + include/linux/export.h | 12 +- include/linux/fs.h | 2 + include/linux/libata.h | 7 +- include/linux/usb/typec_dp.h | 1 + include/net/bluetooth/hci_core.h | 2 + include/trace/events/f2fs.h | 39 +++-- include/ufs/ufshcd.h | 4 + kernel/rcu/tree.c | 4 + lib/test_objagg.c | 4 +- mm/secretmem.c | 11 +- net/bluetooth/hci_core.c | 34 ++++- net/bluetooth/hci_sync.c | 20 ++- net/bluetooth/mgmt.c | 25 +++- net/mac80211/chan.c | 6 +- net/mac80211/ieee80211_i.h | 9 ++ net/mac80211/link.c | 15 +- net/mac80211/rx.c | 4 + net/rose/rose_route.c | 15 +- net/sched/sch_api.c | 19 +-- net/vmw_vsock/vmci_transport.c | 4 +- sound/isa/sb/sb16_main.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 14 ++ 149 files changed, 1745 insertions(+), 629 deletions(-)

2 months, 1 week

8
7
0 0

[PATCH AUTOSEL 6.15 1/8] Revert "ACPI: battery: negate current when discharging"

by Sasha Levin

From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> [ Upstream commit de1675de39aa945bad5937d1fde4df3682670639 ] Revert commit 234f71555019 ("ACPI: battery: negate current when discharging") breaks not one but several userspace implementations of battery monitoring: Steam and MangoHud. Perhaps it breaks more, but those are the two that have been tested. Reported-by: Matthew Schwartz <matthew.schwartz(a)linux.dev> Closes: https://lore.kernel.org/linux-acpi/87C1B2AF-D430-4568-B620-14B941A8ABA4@lin… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES**, this commit should be backported to stable kernel trees. ## Extensive Explanation: ### 1. **Critical Userspace Regression Fix** This revert fixes a critical regression that breaks userspace applications. The commit message explicitly states that the original change "breaks not one but several userspace implementations of battery monitoring: Steam and MangoHud." This is a clear violation of the kernel's "no userspace regressions" rule, which is one of the most fundamental principles in kernel development. ### 2. **Code Analysis Shows ABI Change** Looking at the code changes: ```c // The problematic code that was added (and is now being removed): if (psp == POWER_SUPPLY_PROP_CURRENT_NOW && (battery->state & ACPI_BATTERY_STATE_DISCHARGING) && acpi_battery_handle_discharging(battery) == POWER_SUPPLY_STATUS_DISCHARGING) val->intval = -val->intval; ``` This code was changing the sign of the current value when discharging, which altered the userspace-visible ABI. Even if the original behavior didn't match documentation, changing it broke existing applications that depended on the long-standing behavior. ### 3. **Simple and Safe Revert** The commit is a clean revert that: - Removes the problematic sign negation logic - Restores the original behavior that userspace applications expect - Is self-contained to the `acpi_battery_get_property()` function - Has minimal risk of introducing new issues ### 4. **Meets Stable Kernel Criteria** According to stable kernel rules, this commit qualifies because it: - **Fixes a real bug** that users are hitting (broken battery monitoring in Steam and MangoHud) - **Is obviously correct** (it's a revert of a change that broke userspace) - **Is small and contained** (only affects the ACPI battery property reporting) - **Has been tested** (the reporter confirmed the issue) - **Fixes a regression** (restores previous working behavior) ### 5. **Comparison to Similar Commits** Looking at the historical commits marked with "Backport Status: YES", they share similar characteristics: - Fix actual problems affecting users - Are relatively small and contained changes - Don't introduce new features or architectural changes - Focus on fixing specific issues This revert fits perfectly into this pattern as it's fixing a specific userspace compatibility issue without introducing any new functionality. ### 6. **Timing Considerations** The original problematic commit (234f71555019) was from May 8, 2025, and this revert is from July 3, 2025. If the original commit made it into any stable releases, those stable trees would need this revert to prevent userspace breakage. ### Conclusion: This is a textbook example of a commit that should be backported to stable kernels. It fixes a userspace regression, is minimal in scope, carries very low risk, and restores previously working behavior that applications depend on. The fact that it's a revert of a problematic change makes it even more suitable for stable backporting. drivers/acpi/battery.c | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index 93bb1f7d90986..6760330a8af55 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -243,23 +243,10 @@ static int acpi_battery_get_property(struct power_supply *psy, break; case POWER_SUPPLY_PROP_CURRENT_NOW: case POWER_SUPPLY_PROP_POWER_NOW: - if (battery->rate_now == ACPI_BATTERY_VALUE_UNKNOWN) { + if (battery->rate_now == ACPI_BATTERY_VALUE_UNKNOWN) ret = -ENODEV; - break; - } - - val->intval = battery->rate_now * 1000; - /* - * When discharging, the current should be reported as a - * negative number as per the power supply class interface - * definition. - */ - if (psp == POWER_SUPPLY_PROP_CURRENT_NOW && - (battery->state & ACPI_BATTERY_STATE_DISCHARGING) && - acpi_battery_handle_discharging(battery) - == POWER_SUPPLY_STATUS_DISCHARGING) - val->intval = -val->intval; - + else + val->intval = battery->rate_now * 1000; break; case POWER_SUPPLY_PROP_CHARGE_FULL_DESIGN: case POWER_SUPPLY_PROP_ENERGY_FULL_DESIGN: -- 2.39.5

2 months, 1 week

6
28
0 0

[tip: x86/urgent] x86/mm: Disable hugetlb page table sharing on 32-bit

by tip-bot2 for Jann Horn

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 76303ee8d54bff6d9a6d55997acd88a6c2ba63cf Gitweb: https://git.kernel.org/tip/76303ee8d54bff6d9a6d55997acd88a6c2ba63cf Author: Jann Horn <jannh(a)google.com> AuthorDate: Wed, 02 Jul 2025 10:32:04 +02:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Wed, 09 Jul 2025 07:46:36 -07:00 x86/mm: Disable hugetlb page table sharing on 32-bit Only select ARCH_WANT_HUGE_PMD_SHARE on 64-bit x86. Page table sharing requires at least three levels because it involves shared references to PMD tables; 32-bit x86 has either two-level paging (without PAE) or three-level paging (with PAE), but even with three-level paging, having a dedicated PGD entry for hugetlb is only barely possible (because the PGD only has four entries), and it seems unlikely anyone's actually using PMD sharing on 32-bit. Having ARCH_WANT_HUGE_PMD_SHARE enabled on non-PAE 32-bit X86 (which has 2-level paging) became particularly problematic after commit 59d9094df3d7 ("mm: hugetlb: independent PMD page table shared count"), since that changes `struct ptdesc` such that the `pt_mm` (for PGDs) and the `pt_share_count` (for PMDs) share the same union storage - and with 2-level paging, PMDs are PGDs. (For comparison, arm64 also gates ARCH_WANT_HUGE_PMD_SHARE on the configuration of page tables such that it is never enabled with 2-level paging.) Closes: https://lore.kernel.org/r/srhpjxlqfna67blvma5frmy3aa@altlinux.org Fixes: cfe28c5d63d8 ("x86: mm: Remove x86 version of huge_pmd_share.") Reported-by: Vitaly Chikunov <vt(a)altlinux.org> Suggested-by: Dave Hansen <dave.hansen(a)intel.com> Signed-off-by: Jann Horn <jannh(a)google.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Acked-by: David Hildenbrand <david(a)redhat.com> Tested-by: Vitaly Chikunov <vt(a)altlinux.org> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250702-x86-2level-hugetlb-v2-1-1a98096edf92%4… --- arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 71019b3..4e0fe68 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -147,7 +147,7 @@ config X86 select ARCH_WANTS_DYNAMIC_TASK_STRUCT select ARCH_WANTS_NO_INSTR select ARCH_WANT_GENERAL_HUGETLB - select ARCH_WANT_HUGE_PMD_SHARE + select ARCH_WANT_HUGE_PMD_SHARE if X86_64 select ARCH_WANT_LD_ORPHAN_WARN select ARCH_WANT_OPTIMIZE_DAX_VMEMMAP if X86_64 select ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP if X86_64

2 months, 2 weeks

1
0
0 0

[PATCH 0/3] HID: core: fix __hid_request when no report ID is used

by Benjamin Tissoires

[Ideally I'd like to have tests in selftests, but I couldn't extract them out of the syzbot reproducer, so sending that first series to check against syzbot] Followup of https://lore.kernel.org/linux-input/c75433e0-9b47-4072-bbe8-b1d14ea97b13@ro… This initial series attempt at fixing the various bugs discovered by Alan regarding __hid_request(). Syzbot managed to create a report descriptor which presents a feature request of size 0 (still trying to extract it) and this exposed the fact that __hid_request() was incorrectly handling the case when the report ID is not used. Send a first batch of fixes now so we get the feedback from syzbot ASAP. Note: in the series, I also mentioned that the report of size 0 should be stripped out of the HID device, but without a local reproducer this is going to be difficult to implement. Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> --- Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request drivers/hid/hid-core.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) --- base-commit: 1f988d0788f50d8464f957e793fab356e2937369 change-id: 20250709-report-size-null-37619ea20288 Best regards, -- Benjamin Tissoires <bentiss(a)kernel.org>

2 months, 2 weeks

2
4
0 0

[PATCH 1/2] drm/gem: Fix race in drm_gem_handle_create_tail()

by Simona Vetter

Object creation is a careful dance where we must guarantee that the object is fully constructed before it is visible to other threads, and GEM buffer objects are no difference. Final publishing happens by calling drm_gem_handle_create(). After that the only allowed thing to do is call drm_gem_object_put() because a concurrent call to the GEM_CLOSE ioctl with a correctly guessed id (which is trivial since we have a linear allocator) can already tear down the object again. Luckily most drivers get this right, the very few exceptions I've pinged the relevant maintainers for. Unfortunately we also need drm_gem_handle_create() when creating additional handles for an already existing object (e.g. GETFB ioctl or the various bo import ioctl), and hence we cannot have a drm_gem_handle_create_and_put() as the only exported function to stop these issues from happening. Now unfortunately the implementation of drm_gem_handle_create() isn't living up to standards: It does correctly finishe object initialization at the global level, and hence is safe against a concurrent tear down. But it also sets up the file-private aspects of the handle, and that part goes wrong: We fully register the object in the drm_file.object_idr before calling drm_vma_node_allow() or obj->funcs->open, which opens up races against concurrent removal of that handle in drm_gem_handle_delete(). Fix this with the usual two-stage approach of first reserving the handle id, and then only registering the object after we've completed the file-private setup. Jacek reported this with a testcase of concurrently calling GEM_CLOSE on a freshly-created object (which also destroys the object), but it should be possible to hit this with just additional handles created through import or GETFB without completed destroying the underlying object with the concurrent GEM_CLOSE ioctl calls. Note that the close-side of this race was fixed in f6cd7daecff5 ("drm: Release driver references to handle before making it available again"), which means a cool 9 years have passed until someone noticed that we need to make this symmetry or there's still gaps left :-/ Without the 2-stage close approach we'd still have a race, therefore that's an integral part of this bugfix. More importantly, this means we can have NULL pointers behind allocated id in our drm_file.object_idr. We need to check for that now: - drm_gem_handle_delete() checks for ERR_OR_NULL already - drm_gem.c:object_lookup() also chekcs for NULL - drm_gem_release() should never be called if there's another thread still existing that could call into an IOCTL that creates a new handle, so cannot race. For paranoia I added a NULL check to drm_gem_object_release_handle() though. - most drivers (etnaviv, i915, msm) are find because they use idr_find(), which maps both ENOENT and NULL to NULL. - drivers using idr_for_each_entry() should also be fine, because idr_get_next does filter out NULL entries and continues the iteration. - The same holds for drm_show_memory_stats(). v2: Use drm_WARN_ON (Thomas) Reported-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Tested-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: stable(a)vger.kernel.org Cc: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: David Airlie <airlied(a)gmail.com> Cc: Simona Vetter <simona(a)ffwll.ch> Signed-off-by: Simona Vetter <simona.vetter(a)intel.com> Signed-off-by: Simona Vetter <simona.vetter(a)ffwll.ch> --- drivers/gpu/drm/drm_gem.c | 10 +++++++++- include/drm/drm_file.h | 3 +++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index bc505d938b3e..1aa9192c4cc6 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -316,6 +316,9 @@ drm_gem_object_release_handle(int id, void *ptr, void *data) struct drm_file *file_priv = data; struct drm_gem_object *obj = ptr; + if (drm_WARN_ON(obj->dev, !data)) + return 0; + if (obj->funcs->close) obj->funcs->close(obj, file_priv); @@ -436,7 +439,7 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, idr_preload(GFP_KERNEL); spin_lock(&file_priv->table_lock); - ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); + ret = idr_alloc(&file_priv->object_idr, NULL, 1, 0, GFP_NOWAIT); spin_unlock(&file_priv->table_lock); idr_preload_end(); @@ -457,6 +460,11 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, goto err_revoke; } + /* mirrors drm_gem_handle_delete to avoid races */ + spin_lock(&file_priv->table_lock); + obj = idr_replace(&file_priv->object_idr, obj, handle); + WARN_ON(obj != NULL); + spin_unlock(&file_priv->table_lock); *handlep = handle; return 0; diff --git a/include/drm/drm_file.h b/include/drm/drm_file.h index eab7546aad79..115763799625 100644 --- a/include/drm/drm_file.h +++ b/include/drm/drm_file.h @@ -300,6 +300,9 @@ struct drm_file { * * Mapping of mm object handles to object pointers. Used by the GEM * subsystem. Protected by @table_lock. + * + * Note that allocated entries might be NULL as a transient state when + * creating or deleting a handle. */ struct idr object_idr; -- 2.49.0

2 months, 2 weeks

1
1
0 0

Backport perf makefile fix to linux-6.6.y

by Alexis Lothoré

Hello stable team, could you please backport commit 440cf77625e3 ("perf: build: Setup PKG_CONFIG_LIBDIR for cross compilation") to linux-6.6.y ? Its absence prevents some people from building the perf tool in cross-compile environment with this kernel. The patch applies cleanly on linux-6.6.y Thanks, Alexis -- Alexis Lothoré, Bootlin Embedded Linux and Kernel engineering https://bootlin.com

2 months, 2 weeks

2
3
0 0

[RFC V1 PATCH mm-hotfixes 3/3] x86/mm: convert {pgd,p4d}_populate{,_init} to _kernel variant

by Harry Yoo

Introduce {pgd,p4d}_populate_kernel_safe() and convert {pgd,p4d}_populate{,_init}() to {pgd,p4d}_populate_kernel{,_init}(). By converting them, we no longer need to worry about forgetting to synchronize top level page tables. With all {pgd,p4d}_populate{,_init}() converted to {pgd,p4d}_populate_kernel{,_init}(), it is now safe to drop sync_global_pgds(). Let's remove it. Cc: <stable(a)vger.kernel.org> Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- arch/x86/include/asm/pgalloc.h | 19 +++++ arch/x86/mm/init_64.c | 129 ++++++--------------------------- arch/x86/mm/kasan_init_64.c | 8 +- 3 files changed, 46 insertions(+), 110 deletions(-) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index d66f2db54b16..98439b9ca293 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -132,6 +132,15 @@ static inline void p4d_populate_safe(struct mm_struct *mm, p4d_t *p4d, pud_t *pu set_p4d_safe(p4d, __p4d(_PAGE_TABLE | __pa(pud))); } +static inline void p4d_populate_kernel_safe(unsigned long addr, + p4d_t *p4d, pud_t *pud) +{ + paravirt_alloc_pud(&init_mm, __pa(pud) >> PAGE_SHIFT); + set_p4d_safe(p4d, __p4d(_PAGE_TABLE | __pa(pud))); + if (!pgtable_l5_enabled()) + arch_sync_kernel_pagetables(addr); +} + extern void ___pud_free_tlb(struct mmu_gather *tlb, pud_t *pud); static inline void __pud_free_tlb(struct mmu_gather *tlb, pud_t *pud, @@ -167,6 +176,16 @@ static inline void pgd_populate_safe(struct mm_struct *mm, pgd_t *pgd, p4d_t *p4 set_pgd_safe(pgd, __pgd(_PAGE_TABLE | __pa(p4d))); } +static inline void pgd_populate_kernel_safe(unsigned long addr, + pgd_t *pgd, p4d_t *p4d) +{ + if (!pgtable_l5_enabled()) + return; + paravirt_alloc_p4d(&init_mm, __pa(p4d) >> PAGE_SHIFT); + set_pgd_safe(pgd, __pgd(_PAGE_TABLE | __pa(p4d))); + arch_sync_kernel_pagetables(addr); +} + extern void ___p4d_free_tlb(struct mmu_gather *tlb, p4d_t *p4d); static inline void __p4d_free_tlb(struct mmu_gather *tlb, p4d_t *p4d, diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index cbddbef434d5..00608ab36936 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,6 +75,19 @@ DEFINE_POPULATE(pgd_populate, pgd, p4d, init) DEFINE_POPULATE(pud_populate, pud, pmd, init) DEFINE_POPULATE(pmd_populate_kernel, pmd, pte, init) +#define DEFINE_POPULATE_KERNEL(fname, type1, type2, init) \ +static inline void fname##_init(unsigned long addr, \ + type1##_t *arg1, type2##_t *arg2, bool init) \ +{ \ + if (init) \ + fname##_safe(addr, arg1, arg2); \ + else \ + fname(addr, arg1, arg2); \ +} + +DEFINE_POPULATE_KERNEL(pgd_populate_kernel, pgd, p4d, init) +DEFINE_POPULATE_KERNEL(p4d_populate_kernel, p4d, pud, init) + #define DEFINE_ENTRY(type1, type2, init) \ static inline void set_##type1##_init(type1##_t *arg1, \ type2##_t arg2, bool init) \ @@ -130,99 +143,6 @@ static int __init nonx32_setup(char *str) } __setup("noexec32=", nonx32_setup); -static void sync_global_pgds_l5(unsigned long start, unsigned long end) -{ - unsigned long addr; - - for (addr = start; addr <= end; addr = ALIGN(addr + 1, PGDIR_SIZE)) { - const pgd_t *pgd_ref = pgd_offset_k(addr); - struct page *page; - - /* Check for overflow */ - if (addr < start) - break; - - if (pgd_none(*pgd_ref)) - continue; - - spin_lock(&pgd_lock); - list_for_each_entry(page, &pgd_list, lru) { - pgd_t *pgd; - spinlock_t *pgt_lock; - - pgd = (pgd_t *)page_address(page) + pgd_index(addr); - /* the pgt_lock only for Xen */ - pgt_lock = &pgd_page_get_mm(page)->page_table_lock; - spin_lock(pgt_lock); - - if (!pgd_none(*pgd_ref) && !pgd_none(*pgd)) - BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); - - if (pgd_none(*pgd)) - set_pgd(pgd, *pgd_ref); - - spin_unlock(pgt_lock); - } - spin_unlock(&pgd_lock); - } -} - -static void sync_global_pgds_l4(unsigned long start, unsigned long end) -{ - unsigned long addr; - - for (addr = start; addr <= end; addr = ALIGN(addr + 1, PGDIR_SIZE)) { - pgd_t *pgd_ref = pgd_offset_k(addr); - const p4d_t *p4d_ref; - struct page *page; - - /* - * With folded p4d, pgd_none() is always false, we need to - * handle synchronization on p4d level. - */ - MAYBE_BUILD_BUG_ON(pgd_none(*pgd_ref)); - p4d_ref = p4d_offset(pgd_ref, addr); - - if (p4d_none(*p4d_ref)) - continue; - - spin_lock(&pgd_lock); - list_for_each_entry(page, &pgd_list, lru) { - pgd_t *pgd; - p4d_t *p4d; - spinlock_t *pgt_lock; - - pgd = (pgd_t *)page_address(page) + pgd_index(addr); - p4d = p4d_offset(pgd, addr); - /* the pgt_lock only for Xen */ - pgt_lock = &pgd_page_get_mm(page)->page_table_lock; - spin_lock(pgt_lock); - - if (!p4d_none(*p4d_ref) && !p4d_none(*p4d)) - BUG_ON(p4d_pgtable(*p4d) - != p4d_pgtable(*p4d_ref)); - - if (p4d_none(*p4d)) - set_p4d(p4d, *p4d_ref); - - spin_unlock(pgt_lock); - } - spin_unlock(&pgd_lock); - } -} - -/* - * When memory was added make sure all the processes MM have - * suitable PGD entries in the local PGD level page. - */ -static void sync_global_pgds(unsigned long start, unsigned long end) -{ - if (pgtable_l5_enabled()) - sync_global_pgds_l5(start, end); - else - sync_global_pgds_l4(start, end); -} - static void sync_kernel_pagetables_l4(unsigned long addr) { pgd_t *pgd_ref = pgd_offset_k(addr); @@ -295,6 +215,10 @@ static void sync_kernel_pagetables_l5(unsigned long addr) spin_unlock(&pgd_lock); } +/* + * When memory was added make sure all the processes MM have + * suitable PGD entries in the local PGD level page. + */ void arch_sync_kernel_pagetables(unsigned long addr) { if (pgtable_l5_enabled()) @@ -330,7 +254,7 @@ static p4d_t *fill_p4d(pgd_t *pgd, unsigned long vaddr) { if (pgd_none(*pgd)) { p4d_t *p4d = (p4d_t *)spp_getpage(); - pgd_populate(&init_mm, pgd, p4d); + pgd_populate_kernel(vaddr, pgd, p4d); if (p4d != p4d_offset(pgd, 0)) printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", p4d, p4d_offset(pgd, 0)); @@ -342,7 +266,7 @@ static pud_t *fill_pud(p4d_t *p4d, unsigned long vaddr) { if (p4d_none(*p4d)) { pud_t *pud = (pud_t *)spp_getpage(); - p4d_populate(&init_mm, p4d, pud); + p4d_populate_kernel(vaddr, p4d, pud); if (pud != pud_offset(p4d, 0)) printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", pud, pud_offset(p4d, 0)); @@ -795,7 +719,7 @@ phys_p4d_init(p4d_t *p4d_page, unsigned long paddr, unsigned long paddr_end, page_size_mask, prot, init); spin_lock(&init_mm.page_table_lock); - p4d_populate_init(&init_mm, p4d, pud, init); + p4d_populate_kernel_init(vaddr, p4d, pud, init); spin_unlock(&init_mm.page_table_lock); } @@ -808,7 +732,6 @@ __kernel_physical_mapping_init(unsigned long paddr_start, unsigned long page_size_mask, pgprot_t prot, bool init) { - bool pgd_changed = false; unsigned long vaddr, vaddr_start, vaddr_end, vaddr_next, paddr_last; paddr_last = paddr_end; @@ -837,18 +760,14 @@ __kernel_physical_mapping_init(unsigned long paddr_start, spin_lock(&init_mm.page_table_lock); if (pgtable_l5_enabled()) - pgd_populate_init(&init_mm, pgd, p4d, init); + pgd_populate_kernel_init(vaddr, pgd, p4d, init); else - p4d_populate_init(&init_mm, p4d_offset(pgd, vaddr), - (pud_t *) p4d, init); + p4d_populate_kernel_init(vaddr, p4d_offset(pgd, vaddr), + (pud_t *) p4d, init); spin_unlock(&init_mm.page_table_lock); - pgd_changed = true; } - if (pgd_changed) - sync_global_pgds(vaddr_start, vaddr_end - 1); - return paddr_last; } @@ -1642,8 +1561,6 @@ int __meminit vmemmap_populate(unsigned long start, unsigned long end, int node, err = -ENOMEM; } else err = vmemmap_populate_basepages(start, end, node, NULL); - if (!err) - sync_global_pgds(start, end - 1); return err; } diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c index 0539efd0d216..e825952d25b2 100644 --- a/arch/x86/mm/kasan_init_64.c +++ b/arch/x86/mm/kasan_init_64.c @@ -108,7 +108,7 @@ static void __init kasan_populate_p4d(p4d_t *p4d, unsigned long addr, if (p4d_none(*p4d)) { void *p = early_alloc(PAGE_SIZE, nid, true); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } pud = pud_offset(p4d, addr); @@ -128,7 +128,7 @@ static void __init kasan_populate_pgd(pgd_t *pgd, unsigned long addr, if (pgd_none(*pgd)) { p = early_alloc(PAGE_SIZE, nid, true); - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } p4d = p4d_offset(pgd, addr); @@ -255,7 +255,7 @@ static void __init kasan_shallow_populate_p4ds(pgd_t *pgd, if (p4d_none(*p4d)) { p = early_alloc(PAGE_SIZE, NUMA_NO_NODE, true); - p4d_populate(&init_mm, p4d, p); + p4d_populate_kernel(addr, p4d, p); } } while (p4d++, addr = next, addr != end); } @@ -273,7 +273,7 @@ static void __init kasan_shallow_populate_pgds(void *start, void *end) if (pgd_none(*pgd)) { p = early_alloc(PAGE_SIZE, NUMA_NO_NODE, true); - pgd_populate(&init_mm, pgd, p); + pgd_populate_kernel(addr, pgd, p); } /* -- 2.43.0

2 months, 2 weeks

1
0
0 0

Re: [PATCH 5.15] fs/proc: do_task_stat: use __for_each_thread()

by Harshit Mogalapalli

Hi, + stable On 05/06/25 19:37, Heyne, Maximilian wrote: > From: Oleg Nesterov <oleg(a)redhat.com> > > [ Upstream commit 7904e53ed5a20fc678c01d5d1b07ec486425bb6a ] > > do/while_each_thread should be avoided when possible. > > Link: https://lkml.kernel.org/r/20230909164501.GA11581@redhat.com > Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> > Cc: Eric W. Biederman <ebiederm(a)xmission.com> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Stable-dep-of: 7601df8031fd ("fs/proc: do_task_stat: use sig->stats_lock to=ather the threads/children stats") > [mheyne: adjusted context] > Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> > --- > > Compile-tested only. > We're seeing soft lock-ups with 5.10.237 because of the backport of > commit 4fe85bdaabd6 ("fs/proc: do_task_stat: use sig->stats_lock to > gather the threads/children stats"). I'm assuming this is broken on 5.15 > too. > Note: We saw this as well after backporting the above mentioned commit from 5.15.y and your backport resolves it for us as well on 5.15.y based branch. Thanks, Harshit > --- > fs/proc/array.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/fs/proc/array.c b/fs/proc/array.c > index 2cb01aaa67187..2ff568dc58387 100644 > --- a/fs/proc/array.c > +++ b/fs/proc/array.c > @@ -530,18 +530,18 @@ static int do_task_stat(struct seq_file *m, struct pi=_namespace *ns, > cgtime = sig->cgtime; > = if (whole) { > - struct task_struct *t = task; > + struct task_struct *t; > = min_flt = sig->min_flt; > maj_flt = sig->maj_flt; > gtime = sig->gtime; > = rcu_read_lock(); > - do { > + __for_each_thread(sig, t) { > min_flt += t->min_flt; > maj_flt += t->maj_flt; > gtime += task_gtime(t); > - } while_each_thread(task, t); > + } > rcu_read_unlock(); > } > } while (need_seqretry(&sig->stats_lock, seq)); > -- =2.47.1 > > > > > Amazon Web Services Development Center Germany GmbH > Tamara-Danz-Str. 13 > 10243 Berlin > Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss > Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B > Sitz: Berlin > Ust-ID: DE 365 538 597 > >

2 months, 2 weeks

2
1
0 0

v6.16-rc5: ttys: auto login failed Login incorrect

by Naresh Kamboju

Approximately 20% of devices are experiencing intermittent boot failures with this kernel version. The issue appears to be related to auto login failures, where an incorrect password is being detected on the serial console during the login process. This intermittent regression is noticed on stable-rc 6.15.5-rc2 and Linux mainline master v6.16-rc5. This regressions is only specific to the devices not on the qemu's. Test environments: - dragonboard-410c - dragonboard-845c - e850-96 - juno-r2 - rk3399-rock-pi-4b - x86 Regression Analysis: - New regression? Yes - Reproducibility? 20% only Test regression: 6.15.5-rc2 v6.16-rc5 auto login failed Login incorrect Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> ## log in problem runner-ns46nmmj-project-40964107-concurrent-0 login: # Password: Login incorrect runner-ns46nmmj-project-40964107-concurrent-0 login: ## Investigation The following three patches were reverted and the system was re-tested. The previously reported issues are no longer observed after applying the reverts. serial: imx: Restore original RXTL for console to fix data loss commit f23c52aafb1675ab1d1f46914556d8e29cbbf7b3 upstream. serial: core: restore of_node information in sysfs commit d36f0e9a0002f04f4d6dd9be908d58fe5bd3a279 upstream. tty: serial: uartlite: register uart driver in init [ Upstream commit 6bd697b5fc39fd24e2aa418c7b7d14469f550a93 ] Reference bug report lore link, - https://lore.kernel.org/stable/CA+G9fYvidpyHTQ179dAJ4TSdhthC-Mtjuks5iQjMf+o… ## Test links * log 1: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.15.y/build/v6.15… * log 2: https://qa-reports.linaro.org/api/testruns/29021720/log_file/ * log 3: https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v6.16-rc5/te… * Boot test: https://regressions.linaro.org/lkft/linux-stable-rc-linux-6.15.y/v6.15.4-26… * LAVA jobs 1: https://lkft.validation.linaro.org/scheduler/job/8344153#L1186 * LAVA jobs 2: https://lkft.validation.linaro.org/scheduler/job/8343870#L1266 ## Build * kernel: 6.15.5-rc2 * git: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git * git commit: f6977c36decb0875e78bdb8599749bce1e84c753 * git describe: v6.15.4-264-gf6977c36decb * test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.15.y/build/v6.15… ## Test Regressions (compared to v6.15.3-590-gd93bc5feded1) * dragonboard-410c, boot - clang-20-lkftconfig - clang-nightly-lkftconfig-kselftest - gcc-13-lkftconfig-debug * dragonboard-845c, boot - clang-20-lkftconfig - korg-clang-20-lkftconfig-lto-thing * dragonboard-845c-compat, boot - gcc-13-lkftconfig-compat * e850-96, boot - gcc-13-lkftconfig-no-kselftest-frag * juno-r2, boot - clang-20-lkftconfig - gcc-13-lkftconfig-debug - gcc-13-lkftconfig-kselftest * rk3399-rock-pi-4b, boot - clang-20-lkftconfig * x86, boot - clang-20-lkftconfig - clang-20-lkftconfig-no-kselftest-frag - clang-nightly-lkftconfig-kselftest - clang-nightly-lkftconfig-lto-thing - gcc-13-defconfig-preempt_rt - gcc-13-lkftconfig-no-kselftest-frag -- Linaro LKFT https://lkft.linaro.org

2 months, 2 weeks

2
2
0 0

[PATCH v2 1/2] KVM: arm64: Fix enforcement of upper bound on MDCR_EL2.HPMN

by Ben Horgan

Previously, u64_replace_bits() was used to no effect as the return value was ignored. Convert to u64p_replace_bits() so the value is updated in place. Reviewed-by: Zenghui Yu <yuzenghui(a)huawei.com> Signed-off-by: Ben Horgan <ben.horgan(a)arm.com> Fixes: efff9dd2fee7 ("KVM: arm64: Handle out-of-bound write to MDCR_EL2.HPMN") Cc: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/sys_regs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 76c2f0da821f..c20bd6f21e60 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2624,7 +2624,7 @@ static bool access_mdcr(struct kvm_vcpu *vcpu, */ if (hpmn > vcpu->kvm->arch.nr_pmu_counters) { hpmn = vcpu->kvm->arch.nr_pmu_counters; - u64_replace_bits(val, hpmn, MDCR_EL2_HPMN); + u64p_replace_bits(&val, hpmn, MDCR_EL2_HPMN); } __vcpu_assign_sys_reg(vcpu, MDCR_EL2, val); -- 2.43.0

2 months, 2 weeks

2
1
0 0

[PATCH net 1/3] net: libwx: remove duplicate page_pool_put_full_page()

by Jiawen Wu

page_pool_put_full_page() should only be invoked when freeing Rx buffers or building a skb if the size is too short. At other times, the pages need to be reused. So remove the redundant page put. In the original code, double free pages cause kernel panic: [ 876.949834] __irq_exit_rcu+0xc7/0x130 [ 876.949836] common_interrupt+0xb8/0xd0 [ 876.949838] </IRQ> [ 876.949838] <TASK> [ 876.949840] asm_common_interrupt+0x22/0x40 [ 876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420 [ 876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246 [ 876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000 [ 876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e [ 876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed [ 876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580 [ 876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000 [ 876.949852] ? cpuidle_enter_state+0xb3/0x420 [ 876.949855] cpuidle_enter+0x29/0x40 [ 876.949857] cpuidle_idle_call+0xfd/0x170 [ 876.949859] do_idle+0x7a/0xc0 [ 876.949861] cpu_startup_entry+0x25/0x30 [ 876.949862] start_secondary+0x117/0x140 [ 876.949864] common_startup_64+0x13e/0x148 [ 876.949867] </TASK> [ 876.949868] ---[ end trace 0000000000000000 ]--- [ 876.949869] ------------[ cut here ]------------ [ 876.949870] list_del corruption, ffffead40445a348->next is NULL [ 876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120 [ 876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E) [ 876.949914] i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi [ 876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G W E 6.16.0-rc2+ #20 PREEMPT(voluntary) [ 876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE [ 876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120 [ 876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff <0f> 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8 [ 876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282 [ 876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000 [ 876.949942] RDX: 0000000000000105 RSI: 0000000000000001 RDI: 00000000ffffffff [ 876.949943] RBP: 0000000000000000 R08: 000000010006dfde R09: ffffffff8a47d150 [ 876.949944] R10: ffffffff8a47d150 R11: 0000000000000003 R12: dead000000000122 [ 876.949945] R13: ffff9e3e9e5af700 R14: ffffead40445a348 R15: ffff9e3e9e5af720 [ 876.949946] FS: 0000000000000000(0000) GS:ffff9e3f135be000(0000) knlGS:0000000000000000 [ 876.949947] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 876.949948] CR2: 00007fa58b480048 CR3: 0000000156724000 CR4: 0000000000750ef0 [ 876.949949] PKRU: 55555554 [ 876.949950] Call Trace: [ 876.949951] <IRQ> [ 876.949952] __rmqueue_pcplist+0x53/0x2c0 [ 876.949955] alloc_pages_bulk_noprof+0x2e0/0x660 [ 876.949958] __page_pool_alloc_pages_slow+0xa9/0x400 [ 876.949961] page_pool_alloc_pages+0xa/0x20 [ 876.949963] wx_alloc_rx_buffers+0xd7/0x110 [libwx] [ 876.949967] wx_clean_rx_irq+0x262/0x430 [libwx] [ 876.949971] wx_poll+0x92/0x130 [libwx] [ 876.949975] __napi_poll+0x28/0x190 [ 876.949977] net_rx_action+0x301/0x3f0 [ 876.949980] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949981] ? profile_tick+0x30/0x70 [ 876.949983] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949984] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949986] ? timerqueue_add+0xa3/0xc0 [ 876.949988] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949989] ? __raise_softirq_irqoff+0x16/0x70 [ 876.949991] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 876.949994] ? wx_msix_clean_rings+0x41/0x50 [libwx] [ 876.949998] handle_softirqs+0xf9/0x2c0 Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 55e252789db3..7e3d7fb61a52 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -174,10 +174,6 @@ static void wx_dma_sync_frag(struct wx_ring *rx_ring, skb_frag_off(frag), skb_frag_size(frag), DMA_FROM_DEVICE); - - /* If the page was released, just unmap it. */ - if (unlikely(WX_CB(skb)->page_released)) - page_pool_put_full_page(rx_ring->page_pool, rx_buffer->page, false); } static struct wx_rx_buffer *wx_get_rx_buffer(struct wx_ring *rx_ring, @@ -227,10 +223,6 @@ static void wx_put_rx_buffer(struct wx_ring *rx_ring, struct sk_buff *skb, int rx_buffer_pgcnt) { - if (!IS_ERR(skb) && WX_CB(skb)->dma == rx_buffer->dma) - /* the page has been released from the ring */ - WX_CB(skb)->page_released = true; - /* clear contents of rx_buffer */ rx_buffer->page = NULL; rx_buffer->skb = NULL; @@ -2423,9 +2415,6 @@ static void wx_clean_rx_ring(struct wx_ring *rx_ring) if (rx_buffer->skb) { struct sk_buff *skb = rx_buffer->skb; - if (WX_CB(skb)->page_released) - page_pool_put_full_page(rx_ring->page_pool, rx_buffer->page, false); - dev_kfree_skb(skb); } -- 2.48.1

2 months, 2 weeks

2
1
0 0

[PATCH net 3/3] net: libwx: properly reset Rx ring descriptor

by Jiawen Wu

When device reset is triggered by feature changes such as toggling Rx VLAN offload, wx->do_reset() is called to reinitialize Rx rings. The hardware descriptor ring may retain stale values from previous sessions. And only set the length to 0 in rx_desc[0] would result in building malformed SKBs. Fix it to ensure a clean slate after device reset. [ 549.186435] [ C16] ------------[ cut here ]------------ [ 549.186457] [ C16] kernel BUG at net/core/skbuff.c:2814! [ 549.186468] [ C16] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 549.186472] [ C16] CPU: 16 UID: 0 PID: 0 Comm: swapper/16 Kdump: loaded Not tainted 6.16.0-rc4+ #23 PREEMPT(voluntary) [ 549.186476] [ C16] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 549.186478] [ C16] RIP: 0010:__pskb_pull_tail+0x3ff/0x510 [ 549.186484] [ C16] Code: 06 f0 ff 4f 34 74 7b 4d 8b 8c 24 c8 00 00 00 45 8b 84 24 c0 00 00 00 e9 c8 fd ff ff 48 c7 44 24 08 00 00 00 00 e9 5e fe ff ff <0f> 0b 31 c0 e9 23 90 5b ff 41 f7 c6 ff 0f 00 00 75 bf 49 8b 06 a8 [ 549.186487] [ C16] RSP: 0018:ffffb391c0640d70 EFLAGS: 00010282 [ 549.186490] [ C16] RAX: 00000000fffffff2 RBX: ffff8fe7e4d40200 RCX: 00000000fffffff2 [ 549.186492] [ C16] RDX: ffff8fe7c3a4bf8e RSI: 0000000000000180 RDI: ffff8fe7c3a4bf40 [ 549.186494] [ C16] RBP: ffffb391c0640da8 R08: ffff8fe7c3a4c0c0 R09: 000000000000000e [ 549.186496] [ C16] R10: ffffb391c0640d88 R11: 000000000000000e R12: ffff8fe7e4d40200 [ 549.186497] [ C16] R13: 00000000fffffff2 R14: ffff8fe7fa01a000 R15: 00000000fffffff2 [ 549.186499] [ C16] FS: 0000000000000000(0000) GS:ffff8fef5ae40000(0000) knlGS:0000000000000000 [ 549.186502] [ C16] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 549.186503] [ C16] CR2: 00007f77d81d6000 CR3: 000000051a032000 CR4: 0000000000750ef0 [ 549.186505] [ C16] PKRU: 55555554 [ 549.186507] [ C16] Call Trace: [ 549.186510] [ C16] <IRQ> [ 549.186513] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186517] [ C16] __skb_pad+0xc7/0xf0 [ 549.186523] [ C16] wx_clean_rx_irq+0x355/0x3b0 [libwx] [ 549.186533] [ C16] wx_poll+0x92/0x120 [libwx] [ 549.186540] [ C16] __napi_poll+0x28/0x190 [ 549.186544] [ C16] net_rx_action+0x301/0x3f0 [ 549.186548] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186551] [ C16] ? __raw_spin_lock_irqsave+0x1e/0x50 [ 549.186554] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186557] [ C16] ? wake_up_nohz_cpu+0x35/0x160 [ 549.186559] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186563] [ C16] handle_softirqs+0xf9/0x2c0 [ 549.186568] [ C16] __irq_exit_rcu+0xc7/0x130 [ 549.186572] [ C16] common_interrupt+0xb8/0xd0 [ 549.186576] [ C16] </IRQ> [ 549.186577] [ C16] <TASK> [ 549.186579] [ C16] asm_common_interrupt+0x22/0x40 [ 549.186582] [ C16] RIP: 0010:cpuidle_enter_state+0xc2/0x420 [ 549.186585] [ C16] Code: 00 00 e8 11 0e 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 0d ed 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 549.186587] [ C16] RSP: 0018:ffffb391c0277e78 EFLAGS: 00000246 [ 549.186590] [ C16] RAX: ffff8fef5ae40000 RBX: 0000000000000003 RCX: 0000000000000000 [ 549.186591] [ C16] RDX: 0000007fde0faac5 RSI: ffffffff826e53f6 RDI: ffffffff826fa9b3 [ 549.186593] [ C16] RBP: ffff8fe7c3a20800 R08: 0000000000000002 R09: 0000000000000000 [ 549.186595] [ C16] R10: 0000000000000000 R11: 000000000000ffff R12: ffffffff82ed7a40 [ 549.186596] [ C16] R13: 0000007fde0faac5 R14: 0000000000000003 R15: 0000000000000000 [ 549.186601] [ C16] ? cpuidle_enter_state+0xb3/0x420 [ 549.186605] [ C16] cpuidle_enter+0x29/0x40 [ 549.186609] [ C16] cpuidle_idle_call+0xfd/0x170 [ 549.186613] [ C16] do_idle+0x7a/0xc0 [ 549.186616] [ C16] cpu_startup_entry+0x25/0x30 [ 549.186618] [ C16] start_secondary+0x117/0x140 [ 549.186623] [ C16] common_startup_64+0x13e/0x148 [ 549.186628] [ C16] </TASK> Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 7 +++---- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 5 +++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_hw.c b/drivers/net/ethernet/wangxun/libwx/wx_hw.c index a9519997286b..9002b97e148e 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_hw.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_hw.c @@ -1912,7 +1912,6 @@ static void wx_configure_rx_ring(struct wx *wx, struct wx_ring *ring) { u16 reg_idx = ring->reg_idx; - union wx_rx_desc *rx_desc; u64 rdba = ring->dma; u32 rxdctl; @@ -1942,9 +1941,9 @@ static void wx_configure_rx_ring(struct wx *wx, memset(ring->rx_buffer_info, 0, sizeof(struct wx_rx_buffer) * ring->count); - /* initialize Rx descriptor 0 */ - rx_desc = WX_RX_DESC(ring, 0); - rx_desc->wb.upper.length = 0; + /* reset ntu and ntc to place SW in sync with hardwdare */ + ring->next_to_clean = 0; + ring->next_to_use = 0; /* enable receive descriptor ring */ wr32m(wx, WX_PX_RR_CFG(reg_idx), diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index c91487909811..0213ad5a6ceb 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -357,6 +357,8 @@ void wx_alloc_rx_buffers(struct wx_ring *rx_ring, u16 cleaned_count) /* clear the status bits for the next_to_use descriptor */ rx_desc->wb.upper.status_error = 0; + /* clear the length for the next_to_use descriptor */ + rx_desc->wb.upper.length = 0; cleaned_count--; } while (cleaned_count); @@ -2438,6 +2440,9 @@ static void wx_clean_rx_ring(struct wx_ring *rx_ring) } } + /* Zero out the descriptor ring */ + memset(rx_ring->desc, 0, rx_ring->size); + rx_ring->next_to_alloc = 0; rx_ring->next_to_clean = 0; rx_ring->next_to_use = 0; -- 2.48.1

2 months, 2 weeks

2
1
0 0

[PATCH net 2/3] net: libwx: fix the using of Rx buffer DMA

by Jiawen Wu

The wx_rx_buffer structure contained two DMA address fields: 'dma' and 'page_dma'. However, only 'page_dma' was actually initialized and used to program the Rx descriptor. But 'dma' was uninitialized and used in some paths. This could lead to undefined behavior, including DMA errors or use-after-free, if the uninitialized 'dma' was used. Althrough such error has not yet occurred, it is worth fixing in the code. Fixes: 3c47e8ae113a ("net: libwx: Support to receive packets in NAPI") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 4 ++-- drivers/net/ethernet/wangxun/libwx/wx_type.h | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 7e3d7fb61a52..c91487909811 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -307,7 +307,7 @@ static bool wx_alloc_mapped_page(struct wx_ring *rx_ring, return false; dma = page_pool_get_dma_addr(page); - bi->page_dma = dma; + bi->dma = dma; bi->page = page; bi->page_offset = 0; @@ -344,7 +344,7 @@ void wx_alloc_rx_buffers(struct wx_ring *rx_ring, u16 cleaned_count) DMA_FROM_DEVICE); rx_desc->read.pkt_addr = - cpu_to_le64(bi->page_dma + bi->page_offset); + cpu_to_le64(bi->dma + bi->page_offset); rx_desc++; bi++; diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index c363379126c0..f5a8ce681a68 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -998,7 +998,6 @@ struct wx_tx_buffer { struct wx_rx_buffer { struct sk_buff *skb; dma_addr_t dma; - dma_addr_t page_dma; struct page *page; unsigned int page_offset; }; -- 2.48.1

2 months, 2 weeks

2
1
0 0

[PATCH 04/12] drm/amdkfd: fix MQD settings for GFX12

by Lijo Lazar

From: Alex Deucher <alexander.deucher(a)amd.com> User queues should not set the priv bit. Fixes: 48f0bdf4e38e ("drm/amdkfd: Added MQD manager files for GFX12.") Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c index 565858b9044d..2db0b78da294 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c @@ -123,7 +123,6 @@ static void init_mqd(struct mqd_manager *mm, void **mqd, m->cp_hqd_pq_control = 5 << CP_HQD_PQ_CONTROL__RPTR_BLOCK_SIZE__SHIFT; m->cp_hqd_pq_control |= CP_HQD_PQ_CONTROL__UNORD_DISPATCH_MASK; - m->cp_mqd_control = 1 << CP_MQD_CONTROL__PRIV_STATE__SHIFT; m->cp_mqd_base_addr_lo = lower_32_bits(addr); m->cp_mqd_base_addr_hi = upper_32_bits(addr); -- 2.49.0

2 months, 2 weeks

1
0
0 0

[BACKPORT][PATCH 6.12.y 1/2] firmware: arm_ffa: Move memory allocation outside the mutex locking

by Sudeep Holla

[ Upstream commit 27e850c88df0e25474a8caeb2903e2e90b62c1dc ] The notifier callback node allocation is currently done while holding the notify_lock mutex. While this is safe even if memory allocation may sleep, we need to move the allocation outside the locked region in preparation to move from using muxtes to rwlocks. Move the memory allocation to avoid potential sleeping in atomic context once the locks are moved from mutex to rwlocks. Fixes: e0573444edbf ("firmware: arm_ffa: Add interfaces to request notification callbacks") Message-Id: <20250528-ffa_notif_fix-v1-2-5ed7bc7f8437(a)arm.com> Reviewed-by: Jens Wiklander <jens.wiklander(a)linaro.org> Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> --- drivers/firmware/arm_ffa/driver.c | 40 ++++++++++++++++--------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c index c0f3b7cdb6ed..b0d92f411334 100644 --- a/drivers/firmware/arm_ffa/driver.c +++ b/drivers/firmware/arm_ffa/driver.c @@ -1141,12 +1141,11 @@ notifier_hash_node_get(u16 notify_id, enum notify_type type) return NULL; } -static int -update_notifier_cb(int notify_id, enum notify_type type, ffa_notifier_cb cb, - void *cb_data, bool is_registration) +static int update_notifier_cb(int notify_id, enum notify_type type, + struct notifier_cb_info *cb) { struct notifier_cb_info *cb_info = NULL; - bool cb_found; + bool cb_found, is_registration = !!cb; cb_info = notifier_hash_node_get(notify_id, type); cb_found = !!cb_info; @@ -1155,15 +1154,7 @@ update_notifier_cb(int notify_id, enum notify_type type, ffa_notifier_cb cb, return -EINVAL; if (is_registration) { - cb_info = kzalloc(sizeof(*cb_info), GFP_KERNEL); - if (!cb_info) - return -ENOMEM; - - cb_info->type = type; - cb_info->cb = cb; - cb_info->cb_data = cb_data; - - hash_add(drv_info->notifier_hash, &cb_info->hnode, notify_id); + hash_add(drv_info->notifier_hash, &cb->hnode, notify_id); } else { hash_del(&cb_info->hnode); kfree(cb_info); @@ -1193,7 +1184,7 @@ static int ffa_notify_relinquish(struct ffa_device *dev, int notify_id) mutex_lock(&drv_info->notify_lock); - rc = update_notifier_cb(notify_id, type, NULL, NULL, false); + rc = update_notifier_cb(notify_id, type, NULL); if (rc) { pr_err("Could not unregister notification callback\n"); mutex_unlock(&drv_info->notify_lock); @@ -1212,6 +1203,7 @@ static int ffa_notify_request(struct ffa_device *dev, bool is_per_vcpu, { int rc; u32 flags = 0; + struct notifier_cb_info *cb_info = NULL; enum notify_type type = ffa_notify_type_get(dev->vm_id); if (ffa_notifications_disabled()) @@ -1220,24 +1212,34 @@ static int ffa_notify_request(struct ffa_device *dev, bool is_per_vcpu, if (notify_id >= FFA_MAX_NOTIFICATIONS) return -EINVAL; + cb_info = kzalloc(sizeof(*cb_info), GFP_KERNEL); + if (!cb_info) + return -ENOMEM; + + cb_info->type = type; + cb_info->cb_data = cb_data; + cb_info->cb = cb; + mutex_lock(&drv_info->notify_lock); if (is_per_vcpu) flags = PER_VCPU_NOTIFICATION_FLAG; rc = ffa_notification_bind(dev->vm_id, BIT(notify_id), flags); - if (rc) { - mutex_unlock(&drv_info->notify_lock); - return rc; - } + if (rc) + goto out_unlock_free; - rc = update_notifier_cb(notify_id, type, cb, cb_data, true); + rc = update_notifier_cb(notify_id, type, cb_info); if (rc) { pr_err("Failed to register callback for %d - %d\n", notify_id, rc); ffa_notification_unbind(dev->vm_id, BIT(notify_id)); } + +out_unlock_free: mutex_unlock(&drv_info->notify_lock); + if (rc) + kfree(cb_info); return rc; } -- 2.34.1

2 months, 2 weeks

2
3
0 0

[PATCH 6.12,6.15] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2

by Eric Biggers

commit 68279380266a5fa70e664de754503338e2ec3f43 upstream. Commit 88c02b3f79a6 ("s390/sha3: Support sha3 performance enhancements") added the field s390_sha_ctx::first_message_part and made it be used by s390_sha_update() (now s390_sha_update_blocks()). At the time, s390_sha_update() was used by all the s390 SHA-1, SHA-2, and SHA-3 algorithms. However, only the initialization functions for SHA-3 were updated, leaving SHA-1 and SHA-2 using first_message_part uninitialized. This could cause e.g. the function code CPACF_KIMD_SHA_512 | CPACF_KIMD_NIP to be used instead of just CPACF_KIMD_SHA_512. This apparently was harmless, as the SHA-1 and SHA-2 function codes ignore CPACF_KIMD_NIP; it is recognized only by the SHA-3 function codes (https://lore.kernel.org/r/73477fe9-a1dc-4e38-98a6-eba9921e8afa@linux.ibm.co…). Therefore, this bug was found only when first_message_part was later converted to a boolean and UBSAN detected its uninitialized use. Regardless, let's fix this by just initializing to zero. Note: in 6.16, we need to patch SHA-1, SHA-384, and SHA-512. In 6.15 and earlier, we'll also need to patch SHA-224 and SHA-256, as they hadn't yet been librarified (which incidentally fixed this bug). Fixes: 88c02b3f79a6 ("s390/sha3: Support sha3 performance enhancements") Cc: stable(a)vger.kernel.org Reported-by: Ingo Franzki <ifranzki(a)linux.ibm.com> Closes: https://lore.kernel.org/r/12740696-595c-4604-873e-aefe8b405fbf@linux.ibm.com Acked-by: Heiko Carstens <hca(a)linux.ibm.com> Link: https://lore.kernel.org/r/20250703172316.7914-1-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> --- arch/s390/crypto/sha1_s390.c | 2 ++ arch/s390/crypto/sha256_s390.c | 3 +++ arch/s390/crypto/sha512_s390.c | 3 +++ 3 files changed, 8 insertions(+) diff --git a/arch/s390/crypto/sha1_s390.c b/arch/s390/crypto/sha1_s390.c index bc3a22704e09..10950953429e 100644 --- a/arch/s390/crypto/sha1_s390.c +++ b/arch/s390/crypto/sha1_s390.c @@ -36,10 +36,11 @@ static int s390_sha1_init(struct shash_desc *desc) sctx->state[2] = SHA1_H2; sctx->state[3] = SHA1_H3; sctx->state[4] = SHA1_H4; sctx->count = 0; sctx->func = CPACF_KIMD_SHA_1; + sctx->first_message_part = 0; return 0; } static int s390_sha1_export(struct shash_desc *desc, void *out) @@ -60,10 +61,11 @@ static int s390_sha1_import(struct shash_desc *desc, const void *in) sctx->count = ictx->count; memcpy(sctx->state, ictx->state, sizeof(ictx->state)); memcpy(sctx->buf, ictx->buffer, sizeof(ictx->buffer)); sctx->func = CPACF_KIMD_SHA_1; + sctx->first_message_part = 0; return 0; } static struct shash_alg alg = { .digestsize = SHA1_DIGEST_SIZE, diff --git a/arch/s390/crypto/sha256_s390.c b/arch/s390/crypto/sha256_s390.c index 6f1ccdf93d3e..0204d4bca340 100644 --- a/arch/s390/crypto/sha256_s390.c +++ b/arch/s390/crypto/sha256_s390.c @@ -29,10 +29,11 @@ static int s390_sha256_init(struct shash_desc *desc) sctx->state[5] = SHA256_H5; sctx->state[6] = SHA256_H6; sctx->state[7] = SHA256_H7; sctx->count = 0; sctx->func = CPACF_KIMD_SHA_256; + sctx->first_message_part = 0; return 0; } static int sha256_export(struct shash_desc *desc, void *out) @@ -53,10 +54,11 @@ static int sha256_import(struct shash_desc *desc, const void *in) sctx->count = ictx->count; memcpy(sctx->state, ictx->state, sizeof(ictx->state)); memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf)); sctx->func = CPACF_KIMD_SHA_256; + sctx->first_message_part = 0; return 0; } static struct shash_alg sha256_alg = { .digestsize = SHA256_DIGEST_SIZE, @@ -88,10 +90,11 @@ static int s390_sha224_init(struct shash_desc *desc) sctx->state[5] = SHA224_H5; sctx->state[6] = SHA224_H6; sctx->state[7] = SHA224_H7; sctx->count = 0; sctx->func = CPACF_KIMD_SHA_256; + sctx->first_message_part = 0; return 0; } static struct shash_alg sha224_alg = { diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c index 04f11c407763..b53a7793bd24 100644 --- a/arch/s390/crypto/sha512_s390.c +++ b/arch/s390/crypto/sha512_s390.c @@ -30,10 +30,11 @@ static int sha512_init(struct shash_desc *desc) *(__u64 *)&ctx->state[10] = SHA512_H5; *(__u64 *)&ctx->state[12] = SHA512_H6; *(__u64 *)&ctx->state[14] = SHA512_H7; ctx->count = 0; ctx->func = CPACF_KIMD_SHA_512; + ctx->first_message_part = 0; return 0; } static int sha512_export(struct shash_desc *desc, void *out) @@ -58,10 +59,11 @@ static int sha512_import(struct shash_desc *desc, const void *in) sctx->count = ictx->count[0]; memcpy(sctx->state, ictx->state, sizeof(ictx->state)); memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf)); sctx->func = CPACF_KIMD_SHA_512; + sctx->first_message_part = 0; return 0; } static struct shash_alg sha512_alg = { .digestsize = SHA512_DIGEST_SIZE, @@ -95,10 +97,11 @@ static int sha384_init(struct shash_desc *desc) *(__u64 *)&ctx->state[10] = SHA384_H5; *(__u64 *)&ctx->state[12] = SHA384_H6; *(__u64 *)&ctx->state[14] = SHA384_H7; ctx->count = 0; ctx->func = CPACF_KIMD_SHA_512; + ctx->first_message_part = 0; return 0; } static struct shash_alg sha384_alg = { base-commit: 7b59ab988c01c190f1b528cf750d6f33b738d1e2 -- 2.50.0.727.gbf7dc18ff4-goog

2 months, 2 weeks

2
1
0 0

[PATCH] arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C

by Siddharth Vadapalli

According to the "GPIO Expander Map / Table" section of the J722S EVM Schematic within the Evaluation Module Design Files package [0], the GPIO Pin P05 located on the GPIO Expander 1 (I2C0/0x23) has to be pulled down to select the Type-C interface. Since commit under Fixes claims to enable the Type-C interface, update the property within "p05-hog" from "output-high" to "output-low", thereby switching from the Type-A interface to the Type-C interface. [0]: https://www.ti.com/lit/zip/sprr495 Cc: <stable(a)vger.kernel.org> Fixes: 485705df5d5f ("arm64: dts: ti: k3-j722s: Enable PCIe and USB support on J722S-EVM") Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit 86731a2a651e Linux 6.16-rc3 of Mainline Linux. Regards, Siddharth. arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-j722s-evm.dts b/arch/arm64/boot/dts/ti/k3-j722s-evm.dts index a47852fdca70..d0533723412a 100644 --- a/arch/arm64/boot/dts/ti/k3-j722s-evm.dts +++ b/arch/arm64/boot/dts/ti/k3-j722s-evm.dts @@ -634,7 +634,7 @@ p05-hog { /* P05 - USB2.0_MUX_SEL */ gpio-hog; gpios = <5 GPIO_ACTIVE_LOW>; - output-high; + output-low; }; p01_hog: p01-hog { -- 2.34.1

2 months, 2 weeks

2
1
0 0

[PATCH] drm/panfrost: Fix scheduler workqueue bug

by Philipp Stanner

When the GPU scheduler was ported to using a struct for its initialization parameters, it was overlooked that panfrost creates a distinct workqueue for timeout handling. The pointer to this new workqueue is not initialized to the struct, resulting in NULL being passed to the scheduler, which then uses the system_wq for timeout handling. Set the correct workqueue to the init args struct. Cc: stable(a)vger.kernel.org # 6.15+ Fixes: 796a9f55a8d1 ("drm/sched: Use struct for drm_sched_init() params") Reported-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Closes: https://lore.kernel.org/dri-devel/b5d0921c-7cbf-4d55-aa47-c35cd7861c02@igal… Signed-off-by: Philipp Stanner <phasta(a)kernel.org> --- drivers/gpu/drm/panfrost/panfrost_job.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/panfrost/panfrost_job.c b/drivers/gpu/drm/panfrost/panfrost_job.c index 5657106c2f7d..15e2d505550f 100644 --- a/drivers/gpu/drm/panfrost/panfrost_job.c +++ b/drivers/gpu/drm/panfrost/panfrost_job.c @@ -841,7 +841,6 @@ int panfrost_job_init(struct panfrost_device *pfdev) .num_rqs = DRM_SCHED_PRIORITY_COUNT, .credit_limit = 2, .timeout = msecs_to_jiffies(JOB_TIMEOUT_MS), - .timeout_wq = pfdev->reset.wq, .name = "pan_js", .dev = pfdev->dev, }; @@ -879,6 +878,7 @@ int panfrost_job_init(struct panfrost_device *pfdev) pfdev->reset.wq = alloc_ordered_workqueue("panfrost-reset", 0); if (!pfdev->reset.wq) return -ENOMEM; + args.timeout_wq = pfdev->reset.wq; for (j = 0; j < NUM_JOB_SLOTS; j++) { js->queue[j].fence_context = dma_fence_context_alloc(1); -- 2.49.0

2 months, 2 weeks

3
2
0 0

[PATCH wireless v1] wifi: mwifiex: discard erroneous disassoc frames on STA interface

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> When operating in concurrent STA/AP mode with host MLME enabled, the firmware incorrectly sends disassociation frames to the STA interface when clients disconnect from the AP interface. This causes kernel warnings as the STA interface processes disconnect events that don't apply to it: [ 1303.240540] WARNING: CPU: 0 PID: 513 at net/wireless/mlme.c:141 cfg80211_process_disassoc+0x78/0xec [cfg80211] [ 1303.250861] Modules linked in: 8021q garp stp mrp llc rfcomm bnep btnxpuart nls_iso8859_1 nls_cp437 onboard_us [ 1303.327651] CPU: 0 UID: 0 PID: 513 Comm: kworker/u9:2 Not tainted 6.16.0-rc1+ #3 PREEMPT [ 1303.335937] Hardware name: Toradex Verdin AM62 WB on Verdin Development Board (DT) [ 1303.343588] Workqueue: MWIFIEX_RX_WORK_QUEUE mwifiex_rx_work_queue [mwifiex] [ 1303.350856] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1303.357904] pc : cfg80211_process_disassoc+0x78/0xec [cfg80211] [ 1303.364065] lr : cfg80211_process_disassoc+0x70/0xec [cfg80211] [ 1303.370221] sp : ffff800083053be0 [ 1303.373590] x29: ffff800083053be0 x28: 0000000000000000 x27: 0000000000000000 [ 1303.380855] x26: 0000000000000000 x25: 00000000ffffffff x24: ffff000002c5b8ae [ 1303.388120] x23: ffff000002c5b884 x22: 0000000000000001 x21: 0000000000000008 [ 1303.395382] x20: ffff000002c5b8ae x19: ffff0000064dd408 x18: 0000000000000006 [ 1303.402646] x17: 3a36333a61623a30 x16: 32206d6f72662063 x15: ffff800080bfe048 [ 1303.409910] x14: ffff000003625300 x13: 0000000000000001 x12: 0000000000000000 [ 1303.417173] x11: 0000000000000002 x10: ffff000003958600 x9 : ffff000003625300 [ 1303.424434] x8 : ffff00003fd9ef40 x7 : ffff0000039fc280 x6 : 0000000000000002 [ 1303.431695] x5 : ffff0000038976d4 x4 : 0000000000000000 x3 : 0000000000003186 [ 1303.438956] x2 : 000000004836ba20 x1 : 0000000000006986 x0 : 00000000d00479de [ 1303.446221] Call trace: [ 1303.448722] cfg80211_process_disassoc+0x78/0xec [cfg80211] (P) [ 1303.454894] cfg80211_rx_mlme_mgmt+0x64/0xf8 [cfg80211] [ 1303.460362] mwifiex_process_mgmt_packet+0x1ec/0x460 [mwifiex] [ 1303.466380] mwifiex_process_sta_rx_packet+0x1bc/0x2a0 [mwifiex] [ 1303.472573] mwifiex_handle_rx_packet+0xb4/0x13c [mwifiex] [ 1303.478243] mwifiex_rx_work_queue+0x158/0x198 [mwifiex] [ 1303.483734] process_one_work+0x14c/0x28c [ 1303.487845] worker_thread+0x2cc/0x3d4 [ 1303.491680] kthread+0x12c/0x208 [ 1303.495014] ret_from_fork+0x10/0x20 Add validation in the STA receive path to verify that disassoc/deauth frames originate from the connected AP. Frames that fail this check are discarded early, preventing them from reaching the MLME layer and triggering WARN_ON(). This filtering logic is similar with that used in the ieee80211_rx_mgmt_disassoc() function in mac80211, which drops disassoc frames that don't match the current BSSID (!ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)), ensuring only relevant frames are processed. Tested on: - 8997 with FW 16.68.1.p197 Fixes: 36995892c271 ("wifi: mwifiex: add host mlme for client mode") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- drivers/net/wireless/marvell/mwifiex/util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/marvell/mwifiex/util.c b/drivers/net/wireless/marvell/mwifiex/util.c index 4c5b1de0e936..6882e90e90b2 100644 --- a/drivers/net/wireless/marvell/mwifiex/util.c +++ b/drivers/net/wireless/marvell/mwifiex/util.c @@ -459,7 +459,9 @@ mwifiex_process_mgmt_packet(struct mwifiex_private *priv, "auth: receive authentication from %pM\n", ieee_hdr->addr3); } else { - if (!priv->wdev.connected) + if (!priv->wdev.connected || + !ether_addr_equal(ieee_hdr->addr3, + priv->curr_bss_params.bss_descriptor.mac_address)) return 0; if (ieee80211_is_deauth(ieee_hdr->frame_control)) { -- 2.34.1

2 months, 2 weeks

4
4
0 0

[PATCH 6.15 000/263] 6.15.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.5 release. There are 263 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 06 Jul 2025 12:55:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.5-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.5-rc2 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix AMDGPU_MAX_BL_LEVEL value Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Export full brightness range to userspace Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Optimize custom brightness curve Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only read ACPI backlight caps once Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix default DC and AC levels Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Add debugging message for brightness caps Cyril Bur <cyrilbur(a)tenstorrent.com> riscv: uaccess: Only restore the CSR_STATUS SUM bit Jens Axboe <axboe(a)kernel.dk> io_uring: gate REQ_F_ISREG on !S_ANON_INODE as well Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: flag partial buffer mappings Heiko Carstens <hca(a)linux.ibm.com> s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth() Chang S. Bae <chang.seok.bae(a)intel.com> x86/pkeys: Simplify PKRU update in signal frame Chang S. Bae <chang.seok.bae(a)intel.com> x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE Danilo Krummrich <dakr(a)kernel.org> rust: devres: do not dereference to the internal Revocable Danilo Krummrich <dakr(a)kernel.org> rust: devres: fix race in Devres::drop() Danilo Krummrich <dakr(a)kernel.org> rust: revocable: indicate whether `data` has been revoked already Danilo Krummrich <dakr(a)kernel.org> rust: completion: implement initial abstraction Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Get LTTPR IEEE OUI/Device ID From Closest LTTPR To Host Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Add early 8b/10b channel equalization test pattern sequence Sasha Levin <sashal(a)kernel.org> sched_ext: Make scx_group_set_weight() always update tg->scx.weight Sasha Levin <sashal(a)kernel.org> arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add missing locking in helper functions Eric Biggers <ebiggers(a)google.com> crypto: powerpc/poly1305 - add depends on BROKEN for now Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage Sasha Levin <sashal(a)kernel.org> arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: Commonize X1 CRD DTSI Alex Hung <alex.hung(a)amd.com> drm/amd/display: Fix mpv playback corruption on weston Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: Add dc cap for dp tunneling Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Add more checks for DSC / HUBP ONO guarantees Frank Min <Frank.Min(a)amd.com> drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: switch job hw_fence to amdgpu_fence Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe: Fix early wedge on GuC load failure Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix taking invalid lock on wedge Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix memset on iomem Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check dce_hwseq before dereferencing it Frank Min <Frank.Min(a)amd.com> drm/amdgpu: Add kicker device detection Sonny Jiang <sonny.jiang(a)amd.com> drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: Fix RMCM programming seq errors Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: add back fix Matthew Auld <matthew.auld(a)intel.com> drm/xe/sched: stop re-submitting signalled jobs Matthew Auld <matthew.auld(a)intel.com> drm/xe/vm: move rebind_work init earlier Zhongwei Zhang <Zhongwei.Zhang(a)amd.com> drm/amd/display: Correct non-OLED pre_T11_delay. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: disable workload profile switching when OD is enabled John Olender <john.olender(a)gmail.com> drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix phy de-init and flag it so Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read Imre Deak <imre.deak(a)intel.com> drm/i915/ptl: Use everywhere the correct DDI port clock select mask Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/gpu: Fix crash when throttling GPU immediately during boot Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Thomas Zimmermann <tzimmermann(a)suse.de> drm/simpledrm: Do not upcast in release helpers Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/panel: simple: Tianma TM070JDHG34-00: add delays Maíra Canal <mcanal(a)igalia.com> drm/etnaviv: Protect the scheduler's pending list with its lock Thomas Zimmermann <tzimmermann(a)suse.de> drm/cirrus-qemu: Fix pitch programming Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix comment on modeset lock Karan Tilak Kumar <kartilak(a)cisco.com> scsi: fnic: Turn off FDMI ACTIVE flags on link down Karan Tilak Kumar <kartilak(a)cisco.com> scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out anvithdosapati <anvithdosapati(a)google.com> scsi: ufs: core: Fix clk scaling to be conditional in reset and restore Chen Yu <yu.c.chen(a)intel.com> scsi: megaraid_sas: Fix invalid node index Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Iusico Maxim <iusico.maxim(a)libero.it> HID: lenovo: Restrict F7/9/11 mode to compact keyboards only Qasim Ijaz <qasdev00(a)gmail.com> HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting Chao Yu <chao(a)kernel.org> f2fs: fix to zero post-eof page David Hildenbrand <david(a)redhat.com> mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" Kairui Song <kasong(a)tencent.com> mm/shmem, swap: fix softlockup with mTHP swapin Kairui Song <kasong(a)tencent.com> mm: userfaultfd: fix race of userfaultfd_move and swap cache Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the creation of page_pool Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> spi: spi-cadence-quadspi: Fix pm runtime unbalance Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: change security_compute_sid to return the ssid or tsid on match Kuan-Wei Chiu <visitorckw(a)gmail.com> Revert "bcache: remove heap-related macros and switch to generic min_heap" Kuan-Wei Chiu <visitorckw(a)gmail.com> Revert "bcache: update min_heap_callbacks to use default builtin swap" Filipe Manana <fdmanana(a)suse.com> btrfs: fix invalid inode pointer dereferences during log replay Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Filipe Manana <fdmanana(a)suse.com> btrfs: fix a race between renames and directory logging Kuan-Wei Chiu <visitorckw(a)gmail.com> bcache: remove unnecessary select MIN_HEAP Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fabio Estevam <festevam(a)gmail.com> serial: imx: Restore original RXTL for console to fix data loss Aidan Stewart <astewart(a)tektelic.com> serial: core: restore of_node information in sysfs Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Xin Li (Intel) <xin(a)zytor.com> x86/traps: Initialize DR6 by writing its architectural reset value Avadhut Naik <avadhut.naik(a)amd.com> EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs Paulo Alcantara <pc(a)manguebit.org> smb: client: fix potential deadlock when reconnecting channels Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Process deferred GGTT node removals on device unwind Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/guc: Explicitly exit CT safe mode on unwind Jayesh Choudhary <j-choudhary(a)ti.com> drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type Wolfram Sang <wsa+renesas(a)sang-engineering.com> drm/bridge: ti-sn65dsi86: make use of debugfs_init callback Arnd Bergmann <arnd(a)arndb.de> drm/i915: fix build error some more Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Adjust output for discovery error handling Louis Chauvet <louis.chauvet(a)bootlin.com> drm: writeback: Fix drm_writeback_connector_cleanup signature Charles Mirabile <cmirabil(a)redhat.com> riscv: fix runtime constant support for nommu kernels Christoph Hellwig <hch(a)lst.de> nvme: fix atomic write size validation Christoph Hellwig <hch(a)lst.de> nvme: refactor the atomic write unit detection Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Salvatore Bonaccorso <carnil(a)debian.org> ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: replace underscores with dashes in names Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Adin Scannell <amscanne(a)meta.com> libbpf: Fix possible use-after-free for externs Jens Axboe <axboe(a)kernel.dk> io_uring/net: mark iov as dynamically allocated even for single segments Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Yan Zhai <yan(a)cloudflare.com> bnxt: properly flush XDP redirect lists Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Al Viro <viro(a)zeniv.linux.org.uk> userns and mnt_idmap leak in open_tree_attr(2) Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: finish link init before RCU publish Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Create separate links for VLAN interfaces Muna Sinada <muna.sinada(a)oss.qualcomm.com> wifi: mac80211: Add link iteration macro for link data Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Ido Schimmel <idosch(a)nvidia.com> bridge: mcast: Fix use-after-free during router port configuration Thomas Fourier <fourier.thomas(a)gmail.com> ethernet: ionic: Fix DMA mapping tests Breno Leitao <leitao(a)debian.org> net: netpoll: Initialize UDP checksum field before checksumming Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: hci_core: Fix use-after-free in vhci_flush() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: ps: fix for soundwire failures during hibernation exit sequence Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() Dan Williams <dan.j.williams(a)intel.com> cxl/ras: Fix CPER handler device confusion Thomas Zeitlhofer <thomas.zeitlhofer+lkml(a)ze-it.at> HID: wacom: fix crash in wacom_aes_battery_handler() Even Xu <even.xu(a)intel.com> HID: Intel-thc-hid: Intel-quicki2c: Enhance QuickI2C reset flow Matthew Auld <matthew.auld(a)intel.com> drm/xe: move DPT l2 flush to a more sensible place Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/xe: Move DSB l2 flush to a more sensible place Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64 Haoxiang Li <haoxiang_li2024(a)163.com> drm/xe/display: Add check for alloc_ordered_workqueue() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes: add compatibility checks for set_hw_resource_1 Takashi Iwai <tiwai(a)suse.de> drm/amd/display: Add sanity checks for drm_edid_raw() Nam Cao <namcao(a)linutronix.de> Revert "riscv: misaligned: fix sleeping function called during misaligned access handling" Nam Cao <namcao(a)linutronix.de> Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" Yu Kuai <yukuai3(a)huawei.com> lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't assume uaddr alignment in io_vec_fill_bvec Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: don't rely on user vaddr alignment Pavel Begunkov <asml.silence(a)gmail.com> io_uring/rsrc: fix folio unpinning Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Klara Modin <klarasmodin(a)gmail.com> riscv: export boot_cpu_hartid Oliver Schramm <oliver.schramm97(a)gmail.com> ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 Han Gao <rabenda.cn(a)gmail.com> riscv: vector: Fix context save/restore with xtheadvector Paulo Alcantara <pc(a)manguebit.org> smb: client: fix regression with native SMB symlinks SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Stefan Metzmacher <metze(a)samba.org> smb: client: remove \t from TP_printk statements Niklas Cassel <cassel(a)kernel.org> ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix dentry_name() lookup Haiyue Wang <haiyuewa(a)163.com> fuse: fix runtime warning on truncate_folio_batch_exceptionals() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Check interrupt route from physical CPU Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix interrupt route update with EIOINTC Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add address alignment check for IOCSR emulation Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Disable updating of "num_cpu" and "feature" Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Check validity of "num_cpu" from user space Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Avoid overflow with array index Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Lukasz Kucharczyk <lukasz.kucharczyk(a)leica-geosystems.com> i2c: imx: fix emulated smbus block read Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: omap: Fix an error handling path in omap_i2c_probe() Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't leave consecutive consumed OOB skbs. Haoxiang Li <haoxiang_li2024(a)163.com> drm/i915/display: Add check for alloc_ordered_workqueue() and alloc_workqueue() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix area release on registration failure Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: split out memory holders from area Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: improve area validation Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: move io_zcrx_iov_page Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Increase/decrease the PM counter per IOCTL Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Create uvc_pm_(get|put) functions Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Keep streaming state in the file handle Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent David Sterba <dsterba(a)suse.com> btrfs: use unsigned types for constants defined as bit shifts Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 Qu Wenruo <wqu(a)suse.com> btrfs: handle csum tree error with rescue=ibadroots correctly Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between async reclaim worker and close_ctree() Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Ben Dooks <ben.dooks(a)codethink.co.uk> riscv: save the SR_SUM status over switches Ziqi Chen <quic_ziqichen(a)quicinc.com> scsi: ufs: core: Don't perform UFS clkscaling during host async scan Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Shuming Fan <shumingf(a)realtek.com> ASoC: rt1320: fix speaker noise when volume bar is 100% Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Clément Léger <cleger(a)rivosinc.com> riscv: misaligned: declare misaligned_access_speed under CONFIG_RISCV_MISALIGNED Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix in_atomic() handling in do_secure_storage_access() Andy Chiu <andybnac(a)gmail.com> riscv: add a data fence for CMODX in the kernel mode Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: typec: tipd: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: typec: tcpci: Fix wakeup source leaks on device unbind Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: f_hid: wake up readers on disable/unbind Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Chenyuan Yang <chenyuan0y(a)gmail.com> misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Add support for 16-bit report size David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606_spi: check error in ad7606B_sw_mode_config() David Heidelberg <david(a)ixit.cz> iio: light: al3000a: Fix an error handling path in al3000a_probe() Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: add cntrl chan check Purva Yeshi <purvayeshi550(a)gmail.com> iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Rengarajan S <rengarajan.s(a)microchip.com> 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support for Rev C0 and later devices Benjamin Berg <benjamin.berg(a)intel.com> um: use proper care when taking mmap lock during segfault Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Daniele Palmas <dnlplm(a)gmail.com> bus: mhi: host: pci_generic: Add Telit FN920C04 modem support Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Lin.Cao <lincao12(a)amd.com> drm/scheduler: signal scheduled fence when kill job Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: seq64 memory unmap uses uninterruptible lock Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn2.5: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn3: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn4: read back register after written David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu/vcn5.0.1: read back register after written Yifan Zhang <yifan1.zhang(a)amd.com> amd/amdkfd: fix a kfd_process ref leak Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Hannes Reinecke <hare(a)kernel.org> nvme-tcp: sanitize request list handling Hannes Reinecke <hare(a)kernel.org> nvme-tcp: fix I/O stalls on congested sockets Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mld: Move regulatory domain initialization Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add workaround for errata ERR051624 Hector Martin <marcan(a)marcan.st> PCI: apple: Fix missing OF node reference in apple_pcie_setup_port Wenbin Yao <quic_wenbyao(a)quicinc.com> PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Rudraksha Gupta <guptarud(a)gmail.com> rust: arm: fix unknown (to Clang) argument '-mno-fdpic' FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: module: place cleanup_module() in .exit.text section Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: provide zero as a unique ID to the Mac client Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Scott Mayhew <smayhew(a)redhat.com> NFSv4: xattr handlers should check for absent nfs filehandles Gregory Price <gourry(a)gourry.net> cxl: core/region - ignore interleave granularity when ways=1 Robert Richter <rrichter(a)amd.com> cxl/region: Add a dev_err() on missing target list entries Guang Yuan Wu <gwu(a)ddn.com> fuse: fix race between concurrent setattrs from multiple nodes Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Matthew Sakai <msakai(a)redhat.com> dm vdo indexer: don't read request structure after enqueuing Yikai Tsai <yikai.tsai.wiwynn(a)gmail.com> hwmon: (isl28022) Fix current reading calculation Nikhil Jha <njha(a)janestreet.com> sunrpc: don't immediately retransmit on seqno miss Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: sprd-sc27xx: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: 88pm886: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77705: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max77541: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Sagi Grimberg <sagi(a)grimberg.me> NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when timestamps are delegated Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE mode Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers Pali Rohár <pali(a)kernel.org> cifs: Correctly set SMB1 SessionKey field in Session Setup Request ------------- Diffstat: Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Documentation/netlink/specs/tc.yaml | 4 +- Makefile | 4 +- arch/arm64/boot/dts/qcom/x1-crd.dtsi | 1277 ++++++++++++++++++++ .../dts/qcom/x1e78100-lenovo-thinkpad-t14s.dts | 45 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 1270 +------------------ arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- arch/loongarch/kvm/intc/eiointc.c | 89 +- arch/powerpc/crypto/Kconfig | 1 + arch/riscv/include/asm/cpufeature.h | 5 +- arch/riscv/include/asm/pgtable.h | 1 - arch/riscv/include/asm/processor.h | 1 + arch/riscv/include/asm/runtime-const.h | 2 +- arch/riscv/include/asm/vector.h | 12 +- arch/riscv/kernel/asm-offsets.c | 5 + arch/riscv/kernel/entry.S | 9 + arch/riscv/kernel/setup.c | 1 + arch/riscv/kernel/traps_misaligned.c | 6 +- arch/riscv/mm/cacheflush.c | 15 +- arch/s390/kernel/ptrace.c | 2 +- arch/s390/mm/fault.c | 2 + arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/um/kernel/trap.c | 129 +- arch/x86/include/uapi/asm/debugreg.h | 21 +- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/fpu/signal.c | 11 +- arch/x86/kernel/fpu/xstate.h | 22 +- arch/x86/kernel/traps.c | 34 +- arch/x86/um/asm/checksum.h | 3 + drivers/ata/ahci.c | 2 +- drivers/bus/mhi/host/pci_generic.c | 39 + drivers/cxl/core/ras.c | 47 +- drivers/cxl/core/region.c | 9 +- drivers/dma/idxd/cdev.c | 4 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/edac/amd64_edac.c | 57 +- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 28 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 16 + drivers/gpu/drm/amd/amdgpu/amdgpu_seq64.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 17 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 5 + drivers/gpu/drm/amd/amdgpu/imu_v11_0.c | 9 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 10 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 6 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 19 + drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 20 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 20 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 21 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 97 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 4 + drivers/gpu/drm/amd/display/dc/core/dc.c | 33 + drivers/gpu/drm/amd/display/dc/dc.h | 8 +- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 4 +- .../dc/dml2/dml21/dml21_translation_helper.c | 1 + .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 5 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 1 + .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 9 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 28 + .../display/dc/link/protocols/link_dp_capability.c | 46 +- .../display/dc/link/protocols/link_dp_capability.h | 3 + .../display/dc/link/protocols/link_dp_training.c | 1 - .../dc/link/protocols/link_dp_training_8b_10b.c | 52 +- .../amd/display/dc/resource/dcn31/dcn31_resource.c | 3 + .../display/dc/resource/dcn314/dcn314_resource.c | 3 + .../amd/display/dc/resource/dcn35/dcn35_resource.c | 3 + .../display/dc/resource/dcn351/dcn351_resource.c | 3 + .../amd/display/dc/resource/dcn36/dcn36_resource.c | 3 + .../drm/amd/display/include/link_service_types.h | 2 + .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/amdgpu_dpm.c | 22 + drivers/gpu/drm/amd/pm/inc/amdgpu_dpm.h | 1 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 12 +- drivers/gpu/drm/ast/ast_mode.c | 6 +- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 32 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 109 +- drivers/gpu/drm/drm_writeback.c | 7 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 +- drivers/gpu/drm/i915/display/intel_cx0_phy.c | 27 +- drivers/gpu/drm/i915/display/intel_cx0_phy_regs.h | 15 +- .../gpu/drm/i915/display/intel_display_driver.c | 30 +- drivers/gpu/drm/i915/display/intel_dp.c | 17 + drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 4 +- drivers/gpu/drm/i915/display/vlv_dsi.c | 4 +- drivers/gpu/drm/i915/i915_pmu.c | 2 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 1 + drivers/gpu/drm/panel/panel-simple.c | 6 + drivers/gpu/drm/scheduler/sched_entity.c | 1 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/tiny/cirrus-qemu.c | 1 - drivers/gpu/drm/tiny/simpledrm.c | 4 +- drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/gpu/drm/xe/display/xe_display.c | 2 + drivers/gpu/drm/xe/display/xe_dsb_buffer.c | 11 +- drivers/gpu/drm/xe/display/xe_fb_pin.c | 5 +- drivers/gpu/drm/xe/xe_ggtt.c | 11 + drivers/gpu/drm/xe/xe_gpu_scheduler.h | 10 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 + drivers/gpu/drm/xe/xe_guc_ct.c | 17 +- drivers/gpu/drm/xe/xe_guc_ct.h | 5 + drivers/gpu/drm/xe/xe_guc_pc.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 23 + drivers/gpu/drm/xe/xe_guc_types.h | 5 + drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/hid/hid-appletb-kbd.c | 5 + drivers/hid/hid-lenovo.c | 11 +- .../intel-quicki2c/quicki2c-protocol.c | 26 +- drivers/hid/wacom_sys.c | 7 +- drivers/hwmon/isl28022.c | 6 +- drivers/hwmon/pmbus/max34440.c | 48 +- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-imx.c | 3 +- drivers/i2c/busses/i2c-omap.c | 7 +- drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/adc/ad7606_spi.c | 8 +- drivers/iio/adc/ad_sigma_delta.c | 4 + drivers/iio/dac/adi-axi-dac.c | 24 + drivers/iio/light/al3000a.c | 9 +- drivers/iio/light/hid-sensor-prox.c | 3 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/Kconfig | 1 - drivers/md/bcache/alloc.c | 57 +- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/bset.c | 116 +- drivers/md/bcache/bset.h | 40 +- drivers/md/bcache/btree.c | 69 +- drivers/md/bcache/extents.c | 43 +- drivers/md/bcache/movinggc.c | 33 +- drivers/md/bcache/super.c | 10 +- drivers/md/bcache/sysfs.c | 4 +- drivers/md/bcache/util.h | 67 +- drivers/md/bcache/writeback.c | 13 +- drivers/md/dm-raid.c | 2 +- drivers/md/dm-vdo/indexer/volume.c | 24 +- drivers/md/md-bitmap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 70 +- drivers/media/usb/uvc/uvc_v4l2.c | 93 +- drivers/media/usb/uvc/uvcvideo.h | 5 + drivers/mfd/88pm886.c | 6 +- drivers/mfd/max14577.c | 1 + drivers/mfd/max77541.c | 2 +- drivers/mfd/max77705.c | 4 +- drivers/mfd/sprd-sc27xx-spi.c | 5 +- drivers/misc/tps6594-pfsm.c | 3 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 +- drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 12 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- drivers/net/wireless/intel/iwlwifi/mld/fw.c | 8 +- drivers/nvme/host/core.c | 83 +- drivers/nvme/host/nvme.h | 3 +- drivers/nvme/host/tcp.c | 22 +- drivers/pci/controller/dwc/pci-imx6.c | 15 + drivers/pci/controller/dwc/pcie-designware.c | 5 +- drivers/pci/controller/pcie-apple.c | 3 + drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/fnic/fdls_disc.c | 122 +- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fcs.c | 2 + drivers/scsi/fnic/fnic_fdls.h | 1 + drivers/scsi/megaraid/megaraid_sas_base.c | 6 +- drivers/spi/spi-cadence-quadspi.c | 12 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 +- drivers/tty/serial/8250/8250_pci1xxxx.c | 10 + drivers/tty/serial/imx.c | 17 +- drivers/tty/serial/serial_base_bus.c | 1 + drivers/tty/serial/uartlite.c | 25 +- drivers/ufs/core/ufshcd.c | 6 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 +- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_hid.c | 19 +- drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/typec/altmodes/displayport.c | 4 + drivers/usb/typec/mux.c | 4 +- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 5 +- drivers/usb/typec/tipd/core.c | 2 +- fs/btrfs/backref.h | 4 +- fs/btrfs/direct-io.c | 4 +- fs/btrfs/disk-io.c | 25 +- fs/btrfs/extent_io.h | 2 +- fs/btrfs/inode.c | 95 +- fs/btrfs/ordered-data.c | 14 +- fs/btrfs/raid56.c | 5 +- fs/btrfs/tests/extent-io-tests.c | 6 +- fs/btrfs/tree-log.c | 14 +- fs/btrfs/volumes.c | 6 + fs/btrfs/zstd.c | 2 +- fs/ceph/file.c | 2 +- fs/f2fs/file.c | 38 + fs/f2fs/super.c | 30 +- fs/fuse/dir.c | 11 + fs/fuse/inode.c | 4 + fs/namespace.c | 18 +- fs/nfs/inode.c | 51 +- fs/nfs/nfs4proc.c | 25 +- fs/overlayfs/util.c | 4 +- fs/proc/task_mmu.c | 2 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifspdu.h | 6 +- fs/smb/client/cifssmb.c | 1 + fs/smb/client/connect.c | 58 +- fs/smb/client/misc.c | 8 + fs/smb/client/reparse.c | 20 +- fs/smb/client/sess.c | 21 +- fs/smb/client/trace.h | 24 +- fs/smb/server/connection.h | 1 + fs/smb/server/smb2pdu.c | 72 +- fs/smb/server/smb2pdu.h | 3 + include/net/bluetooth/hci_core.h | 2 + include/uapi/linux/vm_sockets.h | 4 + io_uring/io_uring.c | 3 +- io_uring/kbuf.c | 1 + io_uring/kbuf.h | 1 + io_uring/net.c | 34 +- io_uring/rsrc.c | 57 +- io_uring/rsrc.h | 3 +- io_uring/zcrx.c | 101 +- io_uring/zcrx.h | 11 +- kernel/sched/ext.c | 12 +- lib/group_cpus.c | 9 +- lib/maple_tree.c | 4 +- mm/damon/sysfs-schemes.c | 1 + mm/gup.c | 14 +- mm/memory.c | 20 - mm/shmem.c | 6 +- mm/swap.h | 23 + mm/userfaultfd.c | 33 +- net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/hci_core.c | 34 +- net/bluetooth/l2cap_core.c | 9 +- net/bridge/br_multicast.c | 9 + net/core/netpoll.c | 2 +- net/core/selftests.c | 5 +- net/mac80211/chan.c | 3 + net/mac80211/ieee80211_i.h | 12 + net/mac80211/iface.c | 12 +- net/mac80211/link.c | 94 +- net/mac80211/util.c | 2 +- net/sunrpc/clnt.c | 9 +- net/unix/af_unix.c | 31 +- rust/Makefile | 2 +- rust/bindings/bindings_helper.h | 1 + rust/helpers/completion.c | 8 + rust/helpers/helpers.c | 1 + rust/kernel/devres.rs | 53 +- rust/kernel/revocable.rs | 18 +- rust/kernel/sync.rs | 2 + rust/kernel/sync/completion.rs | 112 ++ rust/macros/module.rs | 1 + scripts/gdb/linux/vfs.py | 2 +- security/selinux/ss/services.c | 16 +- sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/ps/acp63.h | 4 + sound/soc/amd/ps/ps-common.c | 18 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/rt1320-sdw.c | 17 +- sound/soc/codecs/wcd9335.c | 40 +- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + tools/lib/bpf/libbpf.c | 10 +- .../selftests/bpf/progs/test_global_map_resize.c | 16 + 287 files changed, 4526 insertions(+), 2534 deletions(-)

2 months, 2 weeks

13
15
0 0

[PATCH 1/2] mmc: core sd: Simplify current limit logic for 200mA default

by Avri Altman

The SD current limit logic is updated to avoid explicitly setting the current limit when the maximum power is 200mA (0.72W) or less, as this is already the default value. The code now only issues a current limit switch if a higher limit is required, and the unused SD_SET_CURRENT_NO_CHANGE constant is removed. This reduces unnecessary commands and simplifies the logic. Fixes: 0aa6770000ba ("mmc: sdhci: only set 200mA support for 1.8v if 200mA is available") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 7 ++----- include/linux/mmc/card.h | 1 - 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index ec02067f03c5..cf92c5b2059a 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -554,7 +554,7 @@ static u32 sd_get_host_max_current(struct mmc_host *host) static int sd_set_current_limit(struct mmc_card *card, u8 *status) { - int current_limit = SD_SET_CURRENT_NO_CHANGE; + int current_limit = SD_SET_CURRENT_LIMIT_200; int err; u32 max_current; @@ -598,11 +598,8 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) else if (max_current >= 400 && card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) current_limit = SD_SET_CURRENT_LIMIT_400; - else if (max_current >= 200 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_200) - current_limit = SD_SET_CURRENT_LIMIT_200; - if (current_limit != SD_SET_CURRENT_NO_CHANGE) { + if (current_limit != SD_SET_CURRENT_LIMIT_200) { err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index ddcdf23d731c..e9e964c20e53 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -182,7 +182,6 @@ struct sd_switch_caps { #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_SET_CURRENT_NO_CHANGE (-1) #define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) #define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -- 2.25.1

2 months, 2 weeks

3
2
0 0

[PATCH v4 2/2] PCI: imx6: Align EP link start behavior with documentation

by Richard Zhu

According to PCI/endpoint/pci-endpoint-cfs.rst, the endpoint (EP) should only link up after `echo 1 > start` is executed. To match the documented behavior, do not start the link automatically when adding the EP controller. Fixes: 75c2f26da03f ("PCI: imx6: Add i.MX PCIe EP mode support") Cc: stable(a)vger.kernel.org Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> --- drivers/pci/controller/dwc/pci-imx6.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index f5f2ac638f4b..fda03512944d 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -1468,9 +1468,6 @@ static int imx_add_pcie_ep(struct imx_pcie *imx_pcie, pci_epc_init_notify(ep->epc); - /* Start LTSSM. */ - imx_pcie_ltssm_enable(dev); - return 0; } -- 2.37.1

2 months, 2 weeks

1
0
0 0

[PATCH v4 1/2] PCI: imx6: Remove apps_reset toggle in _core_reset functions

by Richard Zhu

apps_reset is LTSSM_EN on i.MX7, i.MX8MQ, i.MX8MM and i.MX8MP platforms. Since the assertion/de-assertion of apps_reset(LTSSM_EN bit) had been wrappered in imx_pcie_ltssm_enable() and imx_pcie_ltssm_disable(); Remove apps_reset toggle in imx_pcie_assert_core_reset() and imx_pcie_deassert_core_reset() functions. Use imx_pcie_ltssm_enable() and imx_pcie_ltssm_disable() to configure apps_reset directly. Fix fail to enumerate reliably PI7C9X2G608GP (hotplug) at i.MX8MM, which reported By Tim. Only i.MX7D, i.MX8MQ, i.MX8MM, and i.MX8MP have the apps_reset. With this change, the assertion/deassertion of LTSSM_EN bit are unified into imx_pcie_ltssm_enable() and imx_pcie_ltssm_disable() functions, and aligned with other i.MX platforms. Reported-by: Tim Harvey <tharvey(a)gateworks.com> Closes: https://lore.kernel.org/all/CAJ+vNU3ohR2YKTwC4xoYrc1z-neDoH2TTZcMHDy+poj9=j… Fixes: ef61c7d8d032 ("PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset()") Cc: stable(a)vger.kernel.org Signed-off-by: Richard Zhu <hongxing.zhu(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Tested-by: Tim Harvey <tharvey(a)gateworks.com> # imx8mp-venice-gw74xx (i.MX8MP + hotplug capable switch) --- drivers/pci/controller/dwc/pci-imx6.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c index 9754cc6e09b9..f5f2ac638f4b 100644 --- a/drivers/pci/controller/dwc/pci-imx6.c +++ b/drivers/pci/controller/dwc/pci-imx6.c @@ -860,7 +860,6 @@ static int imx95_pcie_core_reset(struct imx_pcie *imx_pcie, bool assert) static void imx_pcie_assert_core_reset(struct imx_pcie *imx_pcie) { reset_control_assert(imx_pcie->pciephy_reset); - reset_control_assert(imx_pcie->apps_reset); if (imx_pcie->drvdata->core_reset) imx_pcie->drvdata->core_reset(imx_pcie, true); @@ -872,7 +871,6 @@ static void imx_pcie_assert_core_reset(struct imx_pcie *imx_pcie) static int imx_pcie_deassert_core_reset(struct imx_pcie *imx_pcie) { reset_control_deassert(imx_pcie->pciephy_reset); - reset_control_deassert(imx_pcie->apps_reset); if (imx_pcie->drvdata->core_reset) imx_pcie->drvdata->core_reset(imx_pcie, false); @@ -1247,6 +1245,9 @@ static int imx_pcie_host_init(struct dw_pcie_rp *pp) } } + /* Make sure that PCIe LTSSM is cleared */ + imx_pcie_ltssm_disable(dev); + ret = imx_pcie_deassert_core_reset(imx_pcie); if (ret < 0) { dev_err(dev, "pcie deassert core reset failed: %d\n", ret); -- 2.37.1

2 months, 2 weeks

1
0
0 0

+ mm-damon-core-commit-damos-target_nid.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/damon/core: commit damos->target_nid has been added to the -mm mm-new branch. Its filename is mm-damon-core-commit-damos-target_nid.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Bijan Tabatabai <bijantabatab(a)micron.com> Subject: mm/damon/core: commit damos->target_nid Date: Tue, 8 Jul 2025 19:47:29 -0500 When committing new scheme parameters from the sysfs, the target_nid field of the damos struct would not be copied. This would result in the target_nid field to retain its original value, despite being updated in the sysfs interface. This patch fixes this issue by copying target_nid in damos_commit(). Link: https://lkml.kernel.org/r/20250709004729.17252-1-bijan311@gmail.com Fixes: 83dc7bbaecae ("mm/damon/sysfs: use damon_commit_ctx()") Signed-off-by: Bijan Tabatabai <bijantabatab(a)micron.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Ravi Shankar Jonnalagadda <ravis.opensrc(a)micron.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/core.c~mm-damon-core-commit-damos-target_nid +++ a/mm/damon/core.c @@ -978,6 +978,7 @@ static int damos_commit(struct damos *ds return err; dst->wmarks = src->wmarks; + dst->target_nid = src->target_nid; err = damos_commit_filters(dst, src); return err; _ Patches currently in -mm which might be from bijantabatab(a)micron.com are mm-damon-core-commit-damos-target_nid.patch mm-damon-core-commit-damos-migrate_dests.patch mm-damon-move-migration-helpers-from-paddr-to-ops-common.patch mm-damon-vaddr-add-vaddr-versions-of-migrate_hotcold.patch docs-mm-damon-design-document-vaddr-support-for-migrate_hotcold.patch mm-damon-vaddr-use-damos-migrate_dests-in-migrate_hotcold.patch mm-damon-move-folio-filtering-from-paddr-to-ops-common.patch mm-damon-vaddr-apply-filters-in-migrate_hot-cold.patch

2 months, 2 weeks

1
0
0 0

[PATCH] mm/damon/core: Commit damos->target_nid

by Bijan Tabatabai

From: Bijan Tabatabai <bijantabatab(a)micron.com> When committing new scheme parameters from the sysfs, the target_nid field of the damos struct would not be copied. This would result in the target_nid field to retain its original value, despite being updated in the sysfs interface. This patch fixes this issue by copying target_nid in damos_commit(). Cc: stable(a)vger.kernel.org Fixes: 83dc7bbaecae ("mm/damon/sysfs: use damon_commit_ctx()") Signed-off-by: Bijan Tabatabai <bijantabatab(a)micron.com> --- mm/damon/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/damon/core.c b/mm/damon/core.c index 5357a18066b0..ab28ab5d08f6 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -978,6 +978,7 @@ static int damos_commit(struct damos *dst, struct damos *src) return err; dst->wmarks = src->wmarks; + dst->target_nid = src->target_nid; err = damos_commit_filters(dst, src); return err; -- 2.43.0

2 months, 2 weeks

2
1
0 0

+ selftests-mm-fix-split_huge_page_test-for-folio_split-tests.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix split_huge_page_test for folio_split() tests. has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-split_huge_page_test-for-folio_split-tests.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zi Yan <ziy(a)nvidia.com> Subject: selftests/mm: fix split_huge_page_test for folio_split() tests. Date: Tue, 8 Jul 2025 21:27:59 -0400 PID_FMT does not have an offset field, so folio_split() tests are not performed. Add PID_FMT_OFFSET with an offset field and use it to perform folio_split() tests. Link: https://lkml.kernel.org/r/20250709012800.3225727-1-ziy@nvidia.com Fixes: 80a5c494c89f ("selftests/mm: add tests for folio_split(), buddy allocator like split") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mariano Pache <npache(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/split_huge_page_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/tools/testing/selftests/mm/split_huge_page_test.c~selftests-mm-fix-split_huge_page_test-for-folio_split-tests +++ a/tools/testing/selftests/mm/split_huge_page_test.c @@ -31,6 +31,7 @@ uint64_t pmd_pagesize; #define INPUT_MAX 80 #define PID_FMT "%d,0x%lx,0x%lx,%d" +#define PID_FMT_OFFSET "%d,0x%lx,0x%lx,%d,%d" #define PATH_FMT "%s,0x%lx,0x%lx,%d" #define PFN_MASK ((1UL<<55)-1) @@ -483,7 +484,7 @@ void split_thp_in_pagecache_to_order_at( write_debugfs(PID_FMT, getpid(), (uint64_t)addr, (uint64_t)addr + fd_size, order); else - write_debugfs(PID_FMT, getpid(), (uint64_t)addr, + write_debugfs(PID_FMT_OFFSET, getpid(), (uint64_t)addr, (uint64_t)addr + fd_size, order, offset); for (i = 0; i < fd_size; i++) _ Patches currently in -mm which might be from ziy(a)nvidia.com are selftests-mm-fix-split_huge_page_test-for-folio_split-tests.patch mm-rename-config_page_block_order-to-config_page_block_max_order.patch mm-page_alloc-pageblock-flags-functions-clean-up.patch mm-page_isolation-make-page-isolation-a-standalone-bit.patch mm-page_alloc-add-support-for-initializing-pageblock-as-isolated.patch mm-page_isolation-remove-migratetype-from-move_freepages_block_isolate.patch mm-page_isolation-remove-migratetype-from-undo_isolate_page_range.patch mm-page_isolation-remove-migratetype-parameter-from-more-functions.patch

2 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm: userfaultfd: fix race of userfaultfd_move and swap cache" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 0ea148a799198518d8ebab63ddd0bb6114a103bc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025063052-strive-fabulous-239b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea148a799198518d8ebab63ddd0bb6114a103bc Mon Sep 17 00:00:00 2001 From: Kairui Song <kasong(a)tencent.com> Date: Wed, 4 Jun 2025 23:10:38 +0800 Subject: [PATCH] mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the same BUG_ON if the filemap lookup returned NULL and folio is added to swap cache after that. If another kind of race is triggered (folio changed after lookup) we may see RSS counter is corrupted: [ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_ANONPAGES val:-1 [ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_SHMEMPAGES val:1 Because the folio is being accounted to the wrong VMA. I'm not sure if there will be any data corruption though, seems no. The issues above are critical already. On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and tries to move the found folio to the faulting vma. Currently, it relies on checking the PTE value to ensure that the moved folio still belongs to the src swap entry and that no new folio has been added to the swap cache, which turns out to be unreliable. While working and reviewing the swap table series with Barry, following existing races are observed and reproduced [1]: In the example below, move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 is not in the swap cache: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B can use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry PTE // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced easily. This can be fixed by checking if the folio returned by filemap is the valid swap cache folio after acquiring the folio lock. Another similar race is possible: filemap_get_folio may return NULL, but folio (A) could be swapped in and then swapped out again using the same swap entry after the lookup. In such a case, folio (A) may remain in the swap cache, so it must be moved too: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1, and S1 is not in swap cache folio = filemap_get_folio(S1) // Got NULL ... < interrupted again> ... <swapin folio A and free S1> <swapout folio A re-using S1> move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // folio A is ignored !!! Fix this by checking the swap cache again after acquiring the src_pte lock. And to avoid the filemap overhead, we check swap_map directly [2]. The SWP_SYNCHRONOUS_IO path does make the problem more complex, but so far we don't need to worry about that, since folios can only be exposed to the swap cache in the swap out path, and this is covered in this patch by checking the swap cache again after acquiring the src_pte lock. Testing with a simple C program that allocates and moves several GB of memory did not show any observable performance change. Link: https://lkml.kernel.org/r/20250604151038.21968-1-ryncsn@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Kairui Song <kasong(a)tencent.com> Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Link: https://lore.kernel.org/all/CAGsJ_4yJhJBo16XhiC-nUzSheyX-V3-nFE+tAi=8Y560K8… [2] Reviewed-by: Lokesh Gidra <lokeshgidra(a)google.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chris Li <chrisl(a)kernel.org> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index bc473ad21202..8253978ee0fb 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1084,8 +1084,18 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, + struct swap_info_struct *si, swp_entry_t entry) { + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (src_folio && unlikely(!folio_test_swapcache(src_folio) || + entry.val != src_folio->swap.val)) + return -EAGAIN; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1112,25 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check if the swap entry is cached after acquiring the src_pte + * lock. Otherwise, we might miss a newly loaded swap cache folio. + * + * Check swap_map directly to minimize overhead, READ_ONCE is sufficient. + * We are trying to catch newly added swap cache, the only possible case is + * when a folio is swapped in and out again staying in swap cache, using the + * same entry before the PTE check above. The PTL is acquired and released + * twice, each time after updating the swap_map's flag. So holding + * the PTL here ensures we see the updated value. False positive is possible, + * e.g. SWP_SYNCHRONOUS_IO swapin may set the flag without touching the + * cache, or during the tiny synchronization window between swap cache and + * swap_map, but it will be gone very quickly, worst result is retry jitters. + */ + if (READ_ONCE(si->swap_map[swp_offset(entry)]) & SWAP_HAS_CACHE) { + double_pt_unlock(dst_ptl, src_ptl); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1412,7 +1441,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si, entry); } out:

2 months, 2 weeks

3
2
0 0

Online support team

by hdhdjsgshsjs222＠gmail.com

Hello stable(a)vger.kernel.org Here is your Invoice details.

2 months, 2 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror