- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] media: imx-jpeg: Reset slot data pointers when freed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x faa8051b128f4b34277ea8a026d02d83826f8122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062056-upcoming-numerator-2955@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From faa8051b128f4b34277ea8a026d02d83826f8122 Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:53 +0800 Subject: [PATCH] media: imx-jpeg: Reset slot data pointers when freed Ensure that the slot data pointers are reset to NULL and handles are set to 0 after freeing the coherent memory. This makes he function mxc_jpeg_alloc_slot_data() and mxc_jpeg_free_slot_data() safe to be called multiple times. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index ad2284e87985..29d3d4b08dd1 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -758,16 +758,22 @@ static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), jpeg->slot_data.desc, jpeg->slot_data.desc_handle); + jpeg->slot_data.desc = NULL; + jpeg->slot_data.desc_handle = 0; /* free descriptor for encoder configuration phase / decoder DHT */ dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), jpeg->slot_data.cfg_desc, jpeg->slot_data.cfg_desc_handle); + jpeg->slot_data.cfg_desc_handle = 0; + jpeg->slot_data.cfg_desc = NULL; /* free configuration stream */ dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, jpeg->slot_data.cfg_stream_vaddr, jpeg->slot_data.cfg_stream_handle); + jpeg->slot_data.cfg_stream_vaddr = NULL; + jpeg->slot_data.cfg_stream_handle = 0; jpeg->slot_data.used = false; }

3 months

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 46e9c092f850bd7b4d06de92d3d21877f49a3fcb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-diabetic-antiquity-da83@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46e9c092f850bd7b4d06de92d3d21877f49a3fcb Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:52 +0800 Subject: [PATCH] media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead Move function mxc_jpeg_free_slot_data() above mxc_jpeg_alloc_slot_data() allowing to call that function during allocation failures. No functional changes are made. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index 840dd62c2531..ad2284e87985 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -752,6 +752,26 @@ static int mxc_get_free_slot(struct mxc_jpeg_slot_data *slot_data) return -1; } +static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) +{ + /* free descriptor for decoding/encoding phase */ + dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), + jpeg->slot_data.desc, + jpeg->slot_data.desc_handle); + + /* free descriptor for encoder configuration phase / decoder DHT */ + dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), + jpeg->slot_data.cfg_desc, + jpeg->slot_data.cfg_desc_handle); + + /* free configuration stream */ + dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, + jpeg->slot_data.cfg_stream_vaddr, + jpeg->slot_data.cfg_stream_handle); + + jpeg->slot_data.used = false; +} + static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) { struct mxc_jpeg_desc *desc; @@ -798,26 +818,6 @@ static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) return false; } -static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) -{ - /* free descriptor for decoding/encoding phase */ - dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), - jpeg->slot_data.desc, - jpeg->slot_data.desc_handle); - - /* free descriptor for encoder configuration phase / decoder DHT */ - dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), - jpeg->slot_data.cfg_desc, - jpeg->slot_data.cfg_desc_handle); - - /* free configuration stream */ - dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, - jpeg->slot_data.cfg_stream_vaddr, - jpeg->slot_data.cfg_stream_handle); - - jpeg->slot_data.used = false; -} - static void mxc_jpeg_check_and_set_last_buffer(struct mxc_jpeg_ctx *ctx, struct vb2_v4l2_buffer *src_buf, struct vb2_v4l2_buffer *dst_buf)

3 months

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 46e9c092f850bd7b4d06de92d3d21877f49a3fcb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-reemerge-pastel-e344@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46e9c092f850bd7b4d06de92d3d21877f49a3fcb Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 16:12:52 +0800 Subject: [PATCH] media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead Move function mxc_jpeg_free_slot_data() above mxc_jpeg_alloc_slot_data() allowing to call that function during allocation failures. No functional changes are made. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index 840dd62c2531..ad2284e87985 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -752,6 +752,26 @@ static int mxc_get_free_slot(struct mxc_jpeg_slot_data *slot_data) return -1; } +static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) +{ + /* free descriptor for decoding/encoding phase */ + dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), + jpeg->slot_data.desc, + jpeg->slot_data.desc_handle); + + /* free descriptor for encoder configuration phase / decoder DHT */ + dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), + jpeg->slot_data.cfg_desc, + jpeg->slot_data.cfg_desc_handle); + + /* free configuration stream */ + dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, + jpeg->slot_data.cfg_stream_vaddr, + jpeg->slot_data.cfg_stream_handle); + + jpeg->slot_data.used = false; +} + static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) { struct mxc_jpeg_desc *desc; @@ -798,26 +818,6 @@ static bool mxc_jpeg_alloc_slot_data(struct mxc_jpeg_dev *jpeg) return false; } -static void mxc_jpeg_free_slot_data(struct mxc_jpeg_dev *jpeg) -{ - /* free descriptor for decoding/encoding phase */ - dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), - jpeg->slot_data.desc, - jpeg->slot_data.desc_handle); - - /* free descriptor for encoder configuration phase / decoder DHT */ - dma_free_coherent(jpeg->dev, sizeof(struct mxc_jpeg_desc), - jpeg->slot_data.cfg_desc, - jpeg->slot_data.cfg_desc_handle); - - /* free configuration stream */ - dma_free_coherent(jpeg->dev, MXC_JPEG_MAX_CFG_STREAM, - jpeg->slot_data.cfg_stream_vaddr, - jpeg->slot_data.cfg_stream_handle); - - jpeg->slot_data.used = false; -} - static void mxc_jpeg_check_and_set_last_buffer(struct mxc_jpeg_ctx *ctx, struct vb2_v4l2_buffer *src_buf, struct vb2_v4l2_buffer *dst_buf)

3 months

1
0
0 0

FAILED: patch "[PATCH] media: imx-jpeg: Drop the first error frames" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d52b9b7e2f10d22a49468128540533e8d76910cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062028-nylon-scoff-dcd4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d52b9b7e2f10d22a49468128540533e8d76910cd Mon Sep 17 00:00:00 2001 From: Ming Qian <ming.qian(a)oss.nxp.com> Date: Mon, 21 Apr 2025 15:06:12 +0800 Subject: [PATCH] media: imx-jpeg: Drop the first error frames When an output buffer contains error frame header, v4l2_jpeg_parse_header() will return error, then driver will mark this buffer and a capture buffer done with error flag in device_run(). But if the error occurs in the first frames, before setup the capture queue, there is no chance to schedule device_run(), and there may be no capture to mark error. So we need to drop this buffer with error flag, and make the decoding can continue. Fixes: 2db16c6ed72c ("media: imx-jpeg: Add V4L2 driver for i.MX8 JPEG Encoder/Decoder") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Qian <ming.qian(a)oss.nxp.com> Reviewed-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Nicolas Dufresne <nicolas.dufresne(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c index 1221b309a916..840dd62c2531 100644 --- a/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c +++ b/drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c @@ -1918,9 +1918,19 @@ static void mxc_jpeg_buf_queue(struct vb2_buffer *vb) jpeg_src_buf = vb2_to_mxc_buf(vb); jpeg_src_buf->jpeg_parse_error = false; ret = mxc_jpeg_parse(ctx, vb); - if (ret) + if (ret) { jpeg_src_buf->jpeg_parse_error = true; + /* + * if the capture queue is not setup, the device_run() won't be scheduled, + * need to drop the error buffer, so that the decoding can continue + */ + if (!vb2_is_streaming(v4l2_m2m_get_dst_vq(ctx->fh.m2m_ctx))) { + v4l2_m2m_buf_done(vbuf, VB2_BUF_STATE_ERROR); + return; + } + } + end: v4l2_m2m_buf_queue(ctx->fh.m2m_ctx, vbuf); }

3 months

1
0
0 0

FAILED: patch "[PATCH] media: vivid: Change the siize of the composing" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f83ac8d30c43fd902af7c84c480f216157b60ef0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062008-parabola-bacteria-dd6b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f83ac8d30c43fd902af7c84c480f216157b60ef0 Mon Sep 17 00:00:00 2001 From: Denis Arefev <arefev(a)swemel.ru> Date: Tue, 15 Apr 2025 11:27:21 +0300 Subject: [PATCH] media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 Write of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304 CPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705 vivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline] vivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629 vivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> The composition size cannot be larger than the size of fmt_cap_rect. So execute v4l2_rect_map_inside() even if has_compose_cap == 0. Fixes: 94a7ad928346 ("media: vivid: fix compose size exceed boundary") Cc: stable(a)vger.kernel.org Reported-by: syzbot+365005005522b70a36f2(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?id=8ed8e8cc30cbe0d86c9a25bd1d6a5775129b8e… Signed-off-by: Denis Arefev <arefev(a)swemel.ru> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c index df726961222b..84e9155b5815 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c @@ -948,8 +948,8 @@ int vivid_vid_cap_s_selection(struct file *file, void *fh, struct v4l2_selection if (dev->has_compose_cap) { v4l2_rect_set_min_size(compose, &min_rect); v4l2_rect_set_max_size(compose, &max_rect); - v4l2_rect_map_inside(compose, &fmt); } + v4l2_rect_map_inside(compose, &fmt); dev->fmt_cap_rect = fmt; tpg_s_buf_height(&dev->tpg, fmt.height); } else if (dev->has_compose_cap) {

3 months

1
0
0 0

FAILED: patch "[PATCH] media: omap3isp: use sgtable-based scatterlist wrappers" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 3de572fe2189a4a0bd80295e1f478401e739498e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062044-outlast-galley-2623@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3de572fe2189a4a0bd80295e1f478401e739498e Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 7 May 2025 18:09:13 +0200 Subject: [PATCH] media: omap3isp: use sgtable-based scatterlist wrappers Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: d33186d0be18 ("[media] omap3isp: ccdc: Use the DMA API for LSC") Fixes: 0e24e90f2ca7 ("[media] omap3isp: stat: Use the DMA API") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/ti/omap3isp/ispccdc.c b/drivers/media/platform/ti/omap3isp/ispccdc.c index dd375c4e180d..7d0c723dcd11 100644 --- a/drivers/media/platform/ti/omap3isp/ispccdc.c +++ b/drivers/media/platform/ti/omap3isp/ispccdc.c @@ -446,8 +446,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, if (ret < 0) goto done; - dma_sync_sg_for_cpu(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_cpu(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); if (copy_from_user(req->table.addr, config->lsc, req->config.size)) { @@ -455,8 +455,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, goto done; } - dma_sync_sg_for_device(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_device(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); } spin_lock_irqsave(&ccdc->lsc.req_lock, flags); diff --git a/drivers/media/platform/ti/omap3isp/ispstat.c b/drivers/media/platform/ti/omap3isp/ispstat.c index 359a846205b0..d3da68408ecb 100644 --- a/drivers/media/platform/ti/omap3isp/ispstat.c +++ b/drivers/media/platform/ti/omap3isp/ispstat.c @@ -161,8 +161,7 @@ static void isp_stat_buf_sync_for_device(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_device(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_device(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, @@ -171,8 +170,7 @@ static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_cpu(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_cpu(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_clear(struct ispstat *stat)

3 months

1
0
0 0

FAILED: patch "[PATCH] media: omap3isp: use sgtable-based scatterlist wrappers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3de572fe2189a4a0bd80295e1f478401e739498e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-penny-clanking-183f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3de572fe2189a4a0bd80295e1f478401e739498e Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 7 May 2025 18:09:13 +0200 Subject: [PATCH] media: omap3isp: use sgtable-based scatterlist wrappers Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: d33186d0be18 ("[media] omap3isp: ccdc: Use the DMA API for LSC") Fixes: 0e24e90f2ca7 ("[media] omap3isp: stat: Use the DMA API") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/ti/omap3isp/ispccdc.c b/drivers/media/platform/ti/omap3isp/ispccdc.c index dd375c4e180d..7d0c723dcd11 100644 --- a/drivers/media/platform/ti/omap3isp/ispccdc.c +++ b/drivers/media/platform/ti/omap3isp/ispccdc.c @@ -446,8 +446,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, if (ret < 0) goto done; - dma_sync_sg_for_cpu(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_cpu(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); if (copy_from_user(req->table.addr, config->lsc, req->config.size)) { @@ -455,8 +455,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, goto done; } - dma_sync_sg_for_device(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_device(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); } spin_lock_irqsave(&ccdc->lsc.req_lock, flags); diff --git a/drivers/media/platform/ti/omap3isp/ispstat.c b/drivers/media/platform/ti/omap3isp/ispstat.c index 359a846205b0..d3da68408ecb 100644 --- a/drivers/media/platform/ti/omap3isp/ispstat.c +++ b/drivers/media/platform/ti/omap3isp/ispstat.c @@ -161,8 +161,7 @@ static void isp_stat_buf_sync_for_device(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_device(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_device(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, @@ -171,8 +170,7 @@ static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_cpu(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_cpu(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_clear(struct ispstat *stat)

3 months

1
0
0 0

FAILED: patch "[PATCH] media: omap3isp: use sgtable-based scatterlist wrappers" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3de572fe2189a4a0bd80295e1f478401e739498e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062043-unaltered-handwoven-3d41@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3de572fe2189a4a0bd80295e1f478401e739498e Mon Sep 17 00:00:00 2001 From: Marek Szyprowski <m.szyprowski(a)samsung.com> Date: Wed, 7 May 2025 18:09:13 +0200 Subject: [PATCH] media: omap3isp: use sgtable-based scatterlist wrappers Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: d33186d0be18 ("[media] omap3isp: ccdc: Use the DMA API for LSC") Fixes: 0e24e90f2ca7 ("[media] omap3isp: stat: Use the DMA API") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/ti/omap3isp/ispccdc.c b/drivers/media/platform/ti/omap3isp/ispccdc.c index dd375c4e180d..7d0c723dcd11 100644 --- a/drivers/media/platform/ti/omap3isp/ispccdc.c +++ b/drivers/media/platform/ti/omap3isp/ispccdc.c @@ -446,8 +446,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, if (ret < 0) goto done; - dma_sync_sg_for_cpu(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_cpu(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); if (copy_from_user(req->table.addr, config->lsc, req->config.size)) { @@ -455,8 +455,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, goto done; } - dma_sync_sg_for_device(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_device(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); } spin_lock_irqsave(&ccdc->lsc.req_lock, flags); diff --git a/drivers/media/platform/ti/omap3isp/ispstat.c b/drivers/media/platform/ti/omap3isp/ispstat.c index 359a846205b0..d3da68408ecb 100644 --- a/drivers/media/platform/ti/omap3isp/ispstat.c +++ b/drivers/media/platform/ti/omap3isp/ispstat.c @@ -161,8 +161,7 @@ static void isp_stat_buf_sync_for_device(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_device(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_device(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, @@ -171,8 +170,7 @@ static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_cpu(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_cpu(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_clear(struct ispstat *stat)

3 months

1
0
0 0

FAILED: patch "[PATCH] media: davinci: vpif: Fix memory leak in probe error path" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 024bf40edf1155e7a587f0ec46294049777d9b02 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062033-navigator-observant-8f41@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 024bf40edf1155e7a587f0ec46294049777d9b02 Mon Sep 17 00:00:00 2001 From: Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> Date: Wed, 16 Apr 2025 23:51:19 +0300 Subject: [PATCH] media: davinci: vpif: Fix memory leak in probe error path If an error occurs during the initialization of `pdev_display`, the allocated platform device `pdev_capture` is not released properly, leading to a memory leak. Adjust error path handling to fix the leak. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 43acb728bbc4 ("media: davinci: vpif: fix use-after-free on driver unbind") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Nikiforov <Dm1tryNk(a)yandex.ru> Reviewed-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/platform/ti/davinci/vpif.c b/drivers/media/platform/ti/davinci/vpif.c index a81719702a22..969d623fc842 100644 --- a/drivers/media/platform/ti/davinci/vpif.c +++ b/drivers/media/platform/ti/davinci/vpif.c @@ -504,7 +504,7 @@ static int vpif_probe(struct platform_device *pdev) pdev_display = kzalloc(sizeof(*pdev_display), GFP_KERNEL); if (!pdev_display) { ret = -ENOMEM; - goto err_put_pdev_capture; + goto err_del_pdev_capture; } pdev_display->name = "vpif_display"; @@ -527,6 +527,8 @@ static int vpif_probe(struct platform_device *pdev) err_put_pdev_display: platform_device_put(pdev_display); +err_del_pdev_capture: + platform_device_del(pdev_capture); err_put_pdev_capture: platform_device_put(pdev_capture); err_put_rpm:

3 months

1
0
0 0

FAILED: patch "[PATCH] media: cxusb: no longer judge rbuf when the write fails" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 73fb3b92da84637e3817580fa205d48065924e15 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-fleshed-wildcard-a434@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73fb3b92da84637e3817580fa205d48065924e15 Mon Sep 17 00:00:00 2001 From: Edward Adam Davis <eadavis(a)qq.com> Date: Sat, 5 Apr 2025 19:56:41 +0800 Subject: [PATCH] media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() succeeds and rlen is greater than 0, the read operation of usb_bulk_msg() will be executed to read rlen bytes of data from the dvb device into the rbuf. In this case, although rlen is 1, the write operation failed which resulted in the dvb read operation not being executed, and ultimately variable i was not initialized. [1] BUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline] BUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196 cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline] cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196 __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1 i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315 i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343 i2c_master_send include/linux/i2c.h:109 [inline] i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183 do_loop_readv_writev fs/read_write.c:848 [inline] vfs_writev+0x963/0x14e0 fs/read_write.c:1057 do_writev+0x247/0x5c0 fs/read_write.c:1101 __do_sys_writev fs/read_write.c:1169 [inline] __se_sys_writev fs/read_write.c:1166 [inline] __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166 x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Reported-by: syzbot+526bd95c0ec629993bf3(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=526bd95c0ec629993bf3 Tested-by: syzbot+526bd95c0ec629993bf3(a)syzkaller.appspotmail.com Fixes: 22c6d93a7310 ("[PATCH] dvb: usb: support Medion hybrid USB2.0 DVB-T/analogue box") Cc: stable(a)vger.kernel.org Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c index f44529b40989..d0501c1e81d6 100644 --- a/drivers/media/usb/dvb-usb/cxusb.c +++ b/drivers/media/usb/dvb-usb/cxusb.c @@ -119,9 +119,8 @@ static void cxusb_gpio_tuner(struct dvb_usb_device *d, int onoff) o[0] = GPIO_TUNER; o[1] = onoff; - cxusb_ctrl_msg(d, CMD_GPIO_WRITE, o, 2, &i, 1); - if (i != 0x01) + if (!cxusb_ctrl_msg(d, CMD_GPIO_WRITE, o, 2, &i, 1) && i != 0x01) dev_info(&d->udev->dev, "gpio_write failed.\n"); st->gpio_write_state[GPIO_TUNER] = onoff;

3 months

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062020-trace-goggles-c401@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

3 months

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062019-wrinkly-unblended-0fce@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

3 months

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062018-desktop-childhood-1515@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

3 months

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062017-flashily-tidings-7e64@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

3 months

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062017-dolphin-qualify-c051@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

3 months

1
0
0 0

FAILED: patch "[PATCH] jfs: validate AG parameters in dbMount() to prevent crashes" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 37bfb464ddca87f203071b5bd562cd91ddc0b40a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062016-hardener-favoring-2b01@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 37bfb464ddca87f203071b5bd562cd91ddc0b40a Mon Sep 17 00:00:00 2001 From: Vasiliy Kovalev <kovalev(a)altlinux.org> Date: Mon, 10 Mar 2025 11:56:02 +0300 Subject: [PATCH] jfs: validate AG parameters in dbMount() to prevent crashes Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE: - agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift (L2LPERCTL - 2*agheight) >= 0. - agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight)) ensures agperlev >= 1. - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5). - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG; 2^(10 - 2*agheight) prevents division to 0. - agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within stree (size 1365). - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8). UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9 shift exponent -335544310 is negative CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+fe8264911355151c487f(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 26e89d0c69b6..35e063c9f3a4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -194,7 +194,11 @@ int dbMount(struct inode *ipbmap) !bmp->db_numag || (bmp->db_numag > MAXAG) || (bmp->db_maxag >= MAXAG) || (bmp->db_maxag < 0) || (bmp->db_agpref >= MAXAG) || (bmp->db_agpref < 0) || - !bmp->db_agwidth || + (bmp->db_agheight < 0) || (bmp->db_agheight > (L2LPERCTL >> 1)) || + (bmp->db_agwidth < 1) || (bmp->db_agwidth > (LPERCTL / MAXAG)) || + (bmp->db_agwidth > (1 << (L2LPERCTL - (bmp->db_agheight << 1)))) || + (bmp->db_agstart < 0) || + (bmp->db_agstart > (CTLTREESIZE - 1 - bmp->db_agwidth * (MAXAG - 1))) || (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) || (bmp->db_agl2size < 0) || ((bmp->db_mapsize - 1) >> bmp->db_agl2size) > MAXAG) {

3 months

1
0
0 0

FAILED: patch "[PATCH] net: qede: Initialize qede_ll_ops with designated initializer" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 960013ec5b5e86c2c096e79ce6e08bce970650b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-unmanned-whinny-0ada@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 960013ec5b5e86c2c096e79ce6e08bce970650b3 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 7 May 2025 21:47:45 +0100 Subject: [PATCH] net: qede: Initialize qede_ll_ops with designated initializer After a recent change [1] in clang's randstruct implementation to randomize structures that only contain function pointers, there is an error because qede_ll_ops get randomized but does not use a designated initializer for the first member: drivers/net/ethernet/qlogic/qede/qede_main.c:206:2: error: a randomized struct can only be initialized with a designated initializer 206 | { | ^ Explicitly initialize the common member using a designated initializer to fix the build. Cc: stable(a)vger.kernel.org Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Link: https://github.com/llvm/llvm-project/commit/04364fb888eea6db9811510607bed4b… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Kees Cook <kees(a)kernel.org> Link: https://lore.kernel.org/r/20250507-qede-fix-clang-randstruct-v1-1-5ccc15626… Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index 99df00c30b8c..b5d744d2586f 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -203,7 +203,7 @@ static struct pci_driver qede_pci_driver = { }; static struct qed_eth_cb_ops qede_ll_ops = { - { + .common = { #ifdef CONFIG_RFS_ACCEL .arfs_filter_op = qede_arfs_filter_op, #endif

3 months

1
0
0 0

FAILED: patch "[PATCH] net: qede: Initialize qede_ll_ops with designated initializer" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 960013ec5b5e86c2c096e79ce6e08bce970650b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-reattach-unroasted-deb0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 960013ec5b5e86c2c096e79ce6e08bce970650b3 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 7 May 2025 21:47:45 +0100 Subject: [PATCH] net: qede: Initialize qede_ll_ops with designated initializer After a recent change [1] in clang's randstruct implementation to randomize structures that only contain function pointers, there is an error because qede_ll_ops get randomized but does not use a designated initializer for the first member: drivers/net/ethernet/qlogic/qede/qede_main.c:206:2: error: a randomized struct can only be initialized with a designated initializer 206 | { | ^ Explicitly initialize the common member using a designated initializer to fix the build. Cc: stable(a)vger.kernel.org Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Link: https://github.com/llvm/llvm-project/commit/04364fb888eea6db9811510607bed4b… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Kees Cook <kees(a)kernel.org> Link: https://lore.kernel.org/r/20250507-qede-fix-clang-randstruct-v1-1-5ccc15626… Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index 99df00c30b8c..b5d744d2586f 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -203,7 +203,7 @@ static struct pci_driver qede_pci_driver = { }; static struct qed_eth_cb_ops qede_ll_ops = { - { + .common = { #ifdef CONFIG_RFS_ACCEL .arfs_filter_op = qede_arfs_filter_op, #endif

3 months

1
0
0 0

FAILED: patch "[PATCH] net: qede: Initialize qede_ll_ops with designated initializer" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 960013ec5b5e86c2c096e79ce6e08bce970650b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062021-jump-puppet-aa00@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 960013ec5b5e86c2c096e79ce6e08bce970650b3 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 7 May 2025 21:47:45 +0100 Subject: [PATCH] net: qede: Initialize qede_ll_ops with designated initializer After a recent change [1] in clang's randstruct implementation to randomize structures that only contain function pointers, there is an error because qede_ll_ops get randomized but does not use a designated initializer for the first member: drivers/net/ethernet/qlogic/qede/qede_main.c:206:2: error: a randomized struct can only be initialized with a designated initializer 206 | { | ^ Explicitly initialize the common member using a designated initializer to fix the build. Cc: stable(a)vger.kernel.org Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Link: https://github.com/llvm/llvm-project/commit/04364fb888eea6db9811510607bed4b… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Kees Cook <kees(a)kernel.org> Link: https://lore.kernel.org/r/20250507-qede-fix-clang-randstruct-v1-1-5ccc15626… Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index 99df00c30b8c..b5d744d2586f 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -203,7 +203,7 @@ static struct pci_driver qede_pci_driver = { }; static struct qed_eth_cb_ops qede_ll_ops = { - { + .common = { #ifdef CONFIG_RFS_ACCEL .arfs_filter_op = qede_arfs_filter_op, #endif

3 months

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix ring-buffer corruption" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6d037a372f817e9fcb56482f37917545596bd776 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062014-matriarch-atrocious-4abd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6d037a372f817e9fcb56482f37917545596bd776 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 21 Mar 2025 10:49:16 +0100 Subject: [PATCH] wifi: ath11k: fix ring-buffer corruption Users of the Lenovo ThinkPad X13s have reported that Wi-Fi sometimes breaks and the log fills up with errors like: ath11k_pci 0006:01:00.0: HTC Rx: insufficient length, got 1484, expected 1492 ath11k_pci 0006:01:00.0: HTC Rx: insufficient length, got 1460, expected 1484 which based on a quick look at the driver seemed to indicate some kind of ring-buffer corruption. Miaoqing Pan tracked it down to the host seeing the updated destination ring head pointer before the updated descriptor, and the error handling for that in turn leaves the ring buffer in an inconsistent state. Add the missing memory barrier to make sure that the descriptor is read after the head pointer to address the root cause of the corruption while fixing up the error handling in case there are ever any (ordering) bugs on the device side. Note that the READ_ONCE() are only needed to avoid compiler mischief in case the ring-buffer helpers are ever inlined. Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218623 Link: https://lore.kernel.org/20250310010217.3845141-3-quic_miaoqing@quicinc.com Cc: Miaoqing Pan <quic_miaoqing(a)quicinc.com> Cc: stable(a)vger.kernel.org # 5.6 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Miaoqing Pan <quic_miaoqing(a)quicinc.com> Tested-by: Steev Klimaszewski <steev(a)kali.org> Tested-by: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://patch.msgid.link/20250321094916.19098-1-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..9d8efec46508 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -393,11 +393,10 @@ static int ath11k_ce_completed_recv_next(struct ath11k_ce_pipe *pipe, goto err; } + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + *nbytes = ath11k_hal_ce_dst_status_get_length(desc); - if (*nbytes == 0) { - ret = -EIO; - goto err; - } *skb = pipe->dest_ring->skb[sw_index]; pipe->dest_ring->skb[sw_index] = NULL; @@ -430,8 +429,8 @@ static void ath11k_ce_recv_process_cb(struct ath11k_ce_pipe *pipe) dma_unmap_single(ab->dev, ATH11K_SKB_RXCB(skb)->paddr, max_nbytes, DMA_FROM_DEVICE); - if (unlikely(max_nbytes < nbytes)) { - ath11k_warn(ab, "rxed more than expected (nbytes %d, max %d)", + if (unlikely(max_nbytes < nbytes || nbytes == 0)) { + ath11k_warn(ab, "unexpected rx length (nbytes %d, max %d)", nbytes, max_nbytes); dev_kfree_skb_any(skb); continue; diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index 61f4b6dd5380..8cb1505a5a0c 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -599,7 +599,7 @@ u32 ath11k_hal_ce_dst_status_get_length(void *buf) struct hal_ce_srng_dst_status_desc *desc = buf; u32 len; - len = FIELD_GET(HAL_CE_DST_STATUS_DESC_FLAGS_LEN, desc->flags); + len = FIELD_GET(HAL_CE_DST_STATUS_DESC_FLAGS_LEN, READ_ONCE(desc->flags)); desc->flags &= ~HAL_CE_DST_STATUS_DESC_FLAGS_LEN; return len; @@ -829,7 +829,7 @@ void ath11k_hal_srng_access_begin(struct ath11k_base *ab, struct hal_srng *srng) srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; } else { - srng->u.dst_ring.cached_hp = *srng->u.dst_ring.hp_addr; + srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); /* Try to prefetch the next descriptor in the ring */ if (srng->flags & HAL_SRNG_FLAGS_CACHED)

3 months

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix ring-buffer corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6d037a372f817e9fcb56482f37917545596bd776 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062013-defender-designing-8c76@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6d037a372f817e9fcb56482f37917545596bd776 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 21 Mar 2025 10:49:16 +0100 Subject: [PATCH] wifi: ath11k: fix ring-buffer corruption Users of the Lenovo ThinkPad X13s have reported that Wi-Fi sometimes breaks and the log fills up with errors like: ath11k_pci 0006:01:00.0: HTC Rx: insufficient length, got 1484, expected 1492 ath11k_pci 0006:01:00.0: HTC Rx: insufficient length, got 1460, expected 1484 which based on a quick look at the driver seemed to indicate some kind of ring-buffer corruption. Miaoqing Pan tracked it down to the host seeing the updated destination ring head pointer before the updated descriptor, and the error handling for that in turn leaves the ring buffer in an inconsistent state. Add the missing memory barrier to make sure that the descriptor is read after the head pointer to address the root cause of the corruption while fixing up the error handling in case there are ever any (ordering) bugs on the device side. Note that the READ_ONCE() are only needed to avoid compiler mischief in case the ring-buffer helpers are ever inlined. Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218623 Link: https://lore.kernel.org/20250310010217.3845141-3-quic_miaoqing@quicinc.com Cc: Miaoqing Pan <quic_miaoqing(a)quicinc.com> Cc: stable(a)vger.kernel.org # 5.6 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Miaoqing Pan <quic_miaoqing(a)quicinc.com> Tested-by: Steev Klimaszewski <steev(a)kali.org> Tested-by: Jens Glathe <jens.glathe(a)oldschoolsolutions.biz> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://patch.msgid.link/20250321094916.19098-1-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/ce.c b/drivers/net/wireless/ath/ath11k/ce.c index e66e86bdec20..9d8efec46508 100644 --- a/drivers/net/wireless/ath/ath11k/ce.c +++ b/drivers/net/wireless/ath/ath11k/ce.c @@ -393,11 +393,10 @@ static int ath11k_ce_completed_recv_next(struct ath11k_ce_pipe *pipe, goto err; } + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + *nbytes = ath11k_hal_ce_dst_status_get_length(desc); - if (*nbytes == 0) { - ret = -EIO; - goto err; - } *skb = pipe->dest_ring->skb[sw_index]; pipe->dest_ring->skb[sw_index] = NULL; @@ -430,8 +429,8 @@ static void ath11k_ce_recv_process_cb(struct ath11k_ce_pipe *pipe) dma_unmap_single(ab->dev, ATH11K_SKB_RXCB(skb)->paddr, max_nbytes, DMA_FROM_DEVICE); - if (unlikely(max_nbytes < nbytes)) { - ath11k_warn(ab, "rxed more than expected (nbytes %d, max %d)", + if (unlikely(max_nbytes < nbytes || nbytes == 0)) { + ath11k_warn(ab, "unexpected rx length (nbytes %d, max %d)", nbytes, max_nbytes); dev_kfree_skb_any(skb); continue; diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index 61f4b6dd5380..8cb1505a5a0c 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -599,7 +599,7 @@ u32 ath11k_hal_ce_dst_status_get_length(void *buf) struct hal_ce_srng_dst_status_desc *desc = buf; u32 len; - len = FIELD_GET(HAL_CE_DST_STATUS_DESC_FLAGS_LEN, desc->flags); + len = FIELD_GET(HAL_CE_DST_STATUS_DESC_FLAGS_LEN, READ_ONCE(desc->flags)); desc->flags &= ~HAL_CE_DST_STATUS_DESC_FLAGS_LEN; return len; @@ -829,7 +829,7 @@ void ath11k_hal_srng_access_begin(struct ath11k_base *ab, struct hal_srng *srng) srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; } else { - srng->u.dst_ring.cached_hp = *srng->u.dst_ring.hp_addr; + srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); /* Try to prefetch the next descriptor in the ring */ if (srng->flags & HAL_SRNG_FLAGS_CACHED)

3 months

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix rx completion meta data corruption" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ab52e3e44fe9b666281752e2481d11e25b0e3fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062045-defrost-explode-6eec@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab52e3e44fe9b666281752e2481d11e25b0e3fdd Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 21 Mar 2025 15:53:02 +0100 Subject: [PATCH] wifi: ath11k: fix rx completion meta data corruption Add the missing memory barrier to make sure that the REO dest ring descriptor is read after the head pointer to avoid using stale data on weakly ordered architectures like aarch64. This may fix the ring-buffer corruption worked around by commit f9fff67d2d7c ("wifi: ath11k: Fix SKB corruption in REO destination ring") by silently discarding data, and may possibly also address user reported errors like: ath11k_pci 0006:01:00.0: msdu_done bit in attention is not set Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org # 5.6 Link: https://bugzilla.kernel.org/show_bug.cgi?id=218005 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://patch.msgid.link/20250321145302.4775-1-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c index 218ab41c0f3c..ea2959305dec 100644 --- a/drivers/net/wireless/ath/ath11k/dp_rx.c +++ b/drivers/net/wireless/ath/ath11k/dp_rx.c @@ -2637,7 +2637,7 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, struct ath11k *ar; struct hal_reo_dest_ring *desc; enum hal_reo_dest_ring_push_reason push_reason; - u32 cookie; + u32 cookie, info0, rx_msdu_info0, rx_mpdu_info0; int i; for (i = 0; i < MAX_RADIOS; i++) @@ -2650,11 +2650,14 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, try_again: ath11k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while (likely(desc = (struct hal_reo_dest_ring *)ath11k_hal_srng_dst_get_next_entry(ab, srng))) { cookie = FIELD_GET(BUFFER_ADDR_INFO1_SW_COOKIE, - desc->buf_addr_info.info1); + READ_ONCE(desc->buf_addr_info.info1)); buf_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_BUF_ID, cookie); mac_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_PDEV_ID, cookie); @@ -2683,8 +2686,9 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, num_buffs_reaped[mac_id]++; + info0 = READ_ONCE(desc->info0); push_reason = FIELD_GET(HAL_REO_DEST_RING_INFO0_PUSH_REASON, - desc->info0); + info0); if (unlikely(push_reason != HAL_REO_DEST_RING_PUSH_REASON_ROUTING_INSTRUCTION)) { dev_kfree_skb_any(msdu); @@ -2692,18 +2696,21 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, continue; } - rxcb->is_first_msdu = !!(desc->rx_msdu_info.info0 & + rx_msdu_info0 = READ_ONCE(desc->rx_msdu_info.info0); + rx_mpdu_info0 = READ_ONCE(desc->rx_mpdu_info.info0); + + rxcb->is_first_msdu = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_FIRST_MSDU_IN_MPDU); - rxcb->is_last_msdu = !!(desc->rx_msdu_info.info0 & + rxcb->is_last_msdu = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_LAST_MSDU_IN_MPDU); - rxcb->is_continuation = !!(desc->rx_msdu_info.info0 & + rxcb->is_continuation = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_MSDU_CONTINUATION); rxcb->peer_id = FIELD_GET(RX_MPDU_DESC_META_DATA_PEER_ID, - desc->rx_mpdu_info.meta_data); + READ_ONCE(desc->rx_mpdu_info.meta_data)); rxcb->seq_no = FIELD_GET(RX_MPDU_DESC_INFO0_SEQ_NUM, - desc->rx_mpdu_info.info0); + rx_mpdu_info0); rxcb->tid = FIELD_GET(HAL_REO_DEST_RING_INFO0_RX_QUEUE_NUM, - desc->info0); + info0); rxcb->mac_id = mac_id; __skb_queue_tail(&msdu_list[mac_id], msdu);

3 months

1
0
0 0

FAILED: patch "[PATCH] wifi: ath11k: fix rx completion meta data corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ab52e3e44fe9b666281752e2481d11e25b0e3fdd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062044-setback-catchable-ac30@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab52e3e44fe9b666281752e2481d11e25b0e3fdd Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 21 Mar 2025 15:53:02 +0100 Subject: [PATCH] wifi: ath11k: fix rx completion meta data corruption Add the missing memory barrier to make sure that the REO dest ring descriptor is read after the head pointer to avoid using stale data on weakly ordered architectures like aarch64. This may fix the ring-buffer corruption worked around by commit f9fff67d2d7c ("wifi: ath11k: Fix SKB corruption in REO destination ring") by silently discarding data, and may possibly also address user reported errors like: ath11k_pci 0006:01:00.0: msdu_done bit in attention is not set Tested-on: WCN6855 hw2.1 WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org # 5.6 Link: https://bugzilla.kernel.org/show_bug.cgi?id=218005 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Clayton Craft <clayton(a)craftyguy.net> Link: https://patch.msgid.link/20250321145302.4775-1-johan+linaro@kernel.org Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/dp_rx.c b/drivers/net/wireless/ath/ath11k/dp_rx.c index 218ab41c0f3c..ea2959305dec 100644 --- a/drivers/net/wireless/ath/ath11k/dp_rx.c +++ b/drivers/net/wireless/ath/ath11k/dp_rx.c @@ -2637,7 +2637,7 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, struct ath11k *ar; struct hal_reo_dest_ring *desc; enum hal_reo_dest_ring_push_reason push_reason; - u32 cookie; + u32 cookie, info0, rx_msdu_info0, rx_mpdu_info0; int i; for (i = 0; i < MAX_RADIOS; i++) @@ -2650,11 +2650,14 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, try_again: ath11k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while (likely(desc = (struct hal_reo_dest_ring *)ath11k_hal_srng_dst_get_next_entry(ab, srng))) { cookie = FIELD_GET(BUFFER_ADDR_INFO1_SW_COOKIE, - desc->buf_addr_info.info1); + READ_ONCE(desc->buf_addr_info.info1)); buf_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_BUF_ID, cookie); mac_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_PDEV_ID, cookie); @@ -2683,8 +2686,9 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, num_buffs_reaped[mac_id]++; + info0 = READ_ONCE(desc->info0); push_reason = FIELD_GET(HAL_REO_DEST_RING_INFO0_PUSH_REASON, - desc->info0); + info0); if (unlikely(push_reason != HAL_REO_DEST_RING_PUSH_REASON_ROUTING_INSTRUCTION)) { dev_kfree_skb_any(msdu); @@ -2692,18 +2696,21 @@ int ath11k_dp_process_rx(struct ath11k_base *ab, int ring_id, continue; } - rxcb->is_first_msdu = !!(desc->rx_msdu_info.info0 & + rx_msdu_info0 = READ_ONCE(desc->rx_msdu_info.info0); + rx_mpdu_info0 = READ_ONCE(desc->rx_mpdu_info.info0); + + rxcb->is_first_msdu = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_FIRST_MSDU_IN_MPDU); - rxcb->is_last_msdu = !!(desc->rx_msdu_info.info0 & + rxcb->is_last_msdu = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_LAST_MSDU_IN_MPDU); - rxcb->is_continuation = !!(desc->rx_msdu_info.info0 & + rxcb->is_continuation = !!(rx_msdu_info0 & RX_MSDU_DESC_INFO0_MSDU_CONTINUATION); rxcb->peer_id = FIELD_GET(RX_MPDU_DESC_META_DATA_PEER_ID, - desc->rx_mpdu_info.meta_data); + READ_ONCE(desc->rx_mpdu_info.meta_data)); rxcb->seq_no = FIELD_GET(RX_MPDU_DESC_INFO0_SEQ_NUM, - desc->rx_mpdu_info.info0); + rx_mpdu_info0); rxcb->tid = FIELD_GET(HAL_REO_DEST_RING_INFO0_RX_QUEUE_NUM, - desc->info0); + info0); rxcb->mac_id = mac_id; __skb_queue_tail(&msdu_list[mac_id], msdu);

3 months

1
0
0 0

[PATCH] HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting

by Qasim Ijaz

During appletb_kbd_probe, probe attempts to get the backlight device by name. When this happens backlight_device_get_by_name looks for a device in the backlight class which has name "appletb_backlight" and upon finding a match it increments the reference count for the device and returns it to the caller. However this reference is never released leading to a reference leak. Fix this by decrementing the backlight device reference count on removal via put_device and on probe failure. Fixes: 93a0fc489481 ("HID: hid-appletb-kbd: add support for automatic brightness control while using the touchbar") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/hid/hid-appletb-kbd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/hid/hid-appletb-kbd.c b/drivers/hid/hid-appletb-kbd.c index ef51b2c06872..e06567886e50 100644 --- a/drivers/hid/hid-appletb-kbd.c +++ b/drivers/hid/hid-appletb-kbd.c @@ -438,6 +438,8 @@ static int appletb_kbd_probe(struct hid_device *hdev, const struct hid_device_id return 0; close_hw: + if (kbd->backlight_dev) + put_device(&kbd->backlight_dev->dev); hid_hw_close(hdev); stop_hw: hid_hw_stop(hdev); @@ -453,6 +455,9 @@ static void appletb_kbd_remove(struct hid_device *hdev) input_unregister_handler(&kbd->inp_handler); timer_delete_sync(&kbd->inactivity_timer); + if (kbd->backlight_dev) + put_device(&kbd->backlight_dev->dev); + hid_hw_close(hdev); hid_hw_stop(hdev); } -- 2.39.5

3 months

3
2
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062054-antiques-mangy-118b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_4xxx" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 845bc952024dbf482c7434daeac66f764642d52d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062041-tarnish-puma-e164@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 845bc952024dbf482c7434daeac66f764642d52d Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:46 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_4xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: 4xxx 0000:01:00.0: Failed to power up the device 4xxx 0000:01:00.0: Failed to initialize device 4xxx 0000:01:00.0: Resetting device qat_dev0 4xxx 0000:01:00.0: probe with driver 4xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver") Link: https://lore.kernel.org/all/Z-DGQrhRj9niR9iZ@gondor.apana.org.au/ Reported-by: Randy Wright <rwright(a)hpe.com> Closes: https://issues.redhat.com/browse/RHEL-84366 Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c index 5537a9991e4e..1ac415ef3c31 100644 --- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c @@ -188,11 +188,19 @@ static void adf_remove(struct pci_dev *pdev) adf_cleanup_accel(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static struct pci_driver adf_driver = { .id_table = adf_pci_tbl, .name = ADF_4XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062029-banister-throng-eb24@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] ASoC: meson: meson-card-utils: use of_property_present() for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 171eb6f71e9e3ba6a7410a1d93f3ac213f39dae2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062024-swimming-dawdler-bce4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 171eb6f71e9e3ba6a7410a1d93f3ac213f39dae2 Mon Sep 17 00:00:00 2001 From: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Date: Sat, 19 Apr 2025 23:34:48 +0200 Subject: [PATCH] ASoC: meson: meson-card-utils: use of_property_present() for DT parsing Commit c141ecc3cecd ("of: Warn when of_property_read_bool() is used on non-boolean properties") added a warning when trying to parse a property with a value (boolean properties are defined as: absent = false, present without any value = true). This causes a warning from meson-card-utils. meson-card-utils needs to know about the existence of the "audio-routing" and/or "audio-widgets" properties in order to properly parse them. Switch to of_property_present() in order to silence the following warning messages during boot: OF: /sound: Read of boolean property 'audio-routing' with a value. OF: /sound: Read of boolean property 'audio-widgets' with a value. Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support") Tested-by: Christian Hewitt <christianshewitt(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Link: https://patch.msgid.link/20250419213448.59647-1-martin.blumenstingl@googlem… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/meson/meson-card-utils.c b/sound/soc/meson/meson-card-utils.c index cfc7f6e41ab5..68531183fb60 100644 --- a/sound/soc/meson/meson-card-utils.c +++ b/sound/soc/meson/meson-card-utils.c @@ -231,7 +231,7 @@ static int meson_card_parse_of_optional(struct snd_soc_card *card, const char *p)) { /* If property is not provided, don't fail ... */ - if (!of_property_read_bool(card->dev->of_node, propname)) + if (!of_property_present(card->dev->of_node, propname)) return 0; /* ... but do fail if it is provided and the parsing fails */

3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062055-rejoice-overcook-b18f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062054-stopping-boil-ca87@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062053-huff-down-519c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062053-yearning-gains-f4ef@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix qgroup reservation leak on failure to allocate" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 1f2889f5594a2bc4c6a52634c4a51b93e785def5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062052-chair-rancidity-cf1d@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f2889f5594a2bc4c6a52634c4a51b93e785def5 Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Wed, 7 May 2025 13:05:36 +0100 Subject: [PATCH] btrfs: fix qgroup reservation leak on failure to allocate ordered extent If we fail to allocate an ordered extent for a COW write we end up leaking a qgroup data reservation since we called btrfs_qgroup_release_data() but we didn't call btrfs_qgroup_free_refroot() (which would happen when running the respective data delayed ref created by ordered extent completion or when finishing the ordered extent in case an error happened). So make sure we call btrfs_qgroup_free_refroot() if we fail to allocate an ordered extent for a COW write. Fixes: 7dbeaad0af7d ("btrfs: change timing for qgroup reserved space for ordered extents to fix reserved space leak") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index ae49f87b27e8..e44d3dd17caf 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -153,9 +153,10 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( struct btrfs_ordered_extent *entry; int ret; u64 qgroup_rsv = 0; + const bool is_nocow = (flags & + ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))); - if (flags & - ((1U << BTRFS_ORDERED_NOCOW) | (1U << BTRFS_ORDERED_PREALLOC))) { + if (is_nocow) { /* For nocow write, we can release the qgroup rsv right now */ ret = btrfs_qgroup_free_data(inode, NULL, file_offset, num_bytes, &qgroup_rsv); if (ret < 0) @@ -170,8 +171,13 @@ static struct btrfs_ordered_extent *alloc_ordered_extent( return ERR_PTR(ret); } entry = kmem_cache_zalloc(btrfs_ordered_extent_cache, GFP_NOFS); - if (!entry) + if (!entry) { + if (!is_nocow) + btrfs_qgroup_free_refroot(inode->root->fs_info, + btrfs_root_id(inode->root), + qgroup_rsv, BTRFS_QGROUP_RSV_DATA); return ERR_PTR(-ENOMEM); + } entry->file_offset = file_offset; entry->num_bytes = num_bytes;

3 months

1
0
0 0

FAILED: patch "[PATCH] net/mlx5: Add error handling in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c6bb8a21cdad8c975a3a646b9e5c8df01ad29783 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-sassy-perm-01be@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c6bb8a21cdad8c975a3a646b9e5c8df01ad29783 Mon Sep 17 00:00:00 2001 From: Wentao Liang <vulab(a)iscas.ac.cn> Date: Sun, 25 May 2025 00:34:25 +0800 Subject: [PATCH] net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() The function mlx5_query_nic_vport_node_guid() calls the function mlx5_query_nic_vport_context() but does not check its return value. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> Reviewed-by: Tariq Toukan <tariqt(a)nvidia.com> Link: https://patch.msgid.link/20250524163425.1695-1-vulab@iscas.ac.cn Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index a3c57bb8b521..da5c24fc7b30 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -465,19 +465,22 @@ int mlx5_query_nic_vport_node_guid(struct mlx5_core_dev *mdev, u64 *node_guid) { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int err; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + err = mlx5_query_nic_vport_context(mdev, 0, out); + if (err) + goto out; *node_guid = MLX5_GET64(query_nic_vport_context_out, out, nic_vport_context.node_guid); - +out: kvfree(out); - return 0; + return err; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_node_guid);

3 months

1
0
0 0

FAILED: patch "[PATCH] net/mlx5_core: Add error handling" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f0b50730bdd8f2734e548de541e845c0d40dceb6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062056-duct-nurture-9a3b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0b50730bdd8f2734e548de541e845c0d40dceb6 Mon Sep 17 00:00:00 2001 From: Wentao Liang <vulab(a)iscas.ac.cn> Date: Wed, 21 May 2025 21:36:20 +0800 Subject: [PATCH] net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() The function mlx5_query_nic_vport_qkey_viol_cntr() calls the function mlx5_query_nic_vport_context() but does not check its return value. This could lead to undefined behavior if the query fails. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> Reviewed-by: Tariq Toukan <tariqt(a)nvidia.com> Link: https://patch.msgid.link/20250521133620.912-1-vulab@iscas.ac.cn Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index d10d4c396040..a3c57bb8b521 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -519,19 +519,22 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev, { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int err; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + err = mlx5_query_nic_vport_context(mdev, 0, out); + if (err) + goto out; *qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out, nic_vport_context.qkey_violation_counter); - +out: kvfree(out); - return 0; + return err; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr);

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Serialize device addition and removal" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 774a1fa880bc949d88b5ddec9494a13be733dfa8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062022-powdered-flint-7c7b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 774a1fa880bc949d88b5ddec9494a13be733dfa8 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:15 +0200 Subject: [PATCH] s390/pci: Serialize device addition and removal Prior changes ensured that when zpci_release_device() is called and it removed the zdev from the zpci_list this instance can not be found via the zpci_list anymore even while allowing re-add of reserved devices. This only accounts for the overall lifetime and zpci_list addition and removal, it does not yet prevent concurrent add of a new instance for the same underlying device. Such concurrent add would subsequently cause issues such as attempted re-use of the same IOMMU sysfs directory and is generally undesired. Introduce a new zpci_add_remove_lock mutex to serialize adding a new device with removal. Together this ensures that if a struct zpci_dev is not found in the zpci_list it was either already removed and torn down, or its removal and tear down is in progress with the zpci_add_remove_lock held. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4602abd0c6f1..cd6676c2d602 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -45,6 +45,7 @@ /* list of all detected zpci devices */ static LIST_HEAD(zpci_list); static DEFINE_SPINLOCK(zpci_list_lock); +static DEFINE_MUTEX(zpci_add_remove_lock); static DECLARE_BITMAP(zpci_domain, ZPCI_DOMAIN_BITMAP_SIZE); static DEFINE_SPINLOCK(zpci_domain_lock); @@ -74,7 +75,9 @@ void zpci_zdev_put(struct zpci_dev *zdev) { if (!zdev) return; + mutex_lock(&zpci_add_remove_lock); kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); } struct zpci_dev *get_zdev_by_fid(u32 fid) @@ -844,6 +847,7 @@ int zpci_add_device(struct zpci_dev *zdev) { int rc; + mutex_lock(&zpci_add_remove_lock); zpci_dbg(1, "add fid:%x, fh:%x, c:%d\n", zdev->fid, zdev->fh, zdev->state); rc = zpci_init_iommu(zdev); if (rc) @@ -857,12 +861,14 @@ int zpci_add_device(struct zpci_dev *zdev) spin_lock(&zpci_list_lock); list_add_tail(&zdev->entry, &zpci_list); spin_unlock(&zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); return 0; error_destroy_iommu: zpci_destroy_iommu(zdev); error: zpci_dbg(0, "add fid:%x, rc:%d\n", zdev->fid, rc); + mutex_unlock(&zpci_add_remove_lock); return rc; } @@ -953,6 +959,7 @@ void zpci_release_device(struct kref *kref) { struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); + lockdep_assert_held(&zpci_add_remove_lock); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); /* * We already hold zpci_list_lock thanks to kref_put_lock().

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Serialize device addition and removal" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 774a1fa880bc949d88b5ddec9494a13be733dfa8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062021-uneasily-garbage-7a12@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 774a1fa880bc949d88b5ddec9494a13be733dfa8 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:15 +0200 Subject: [PATCH] s390/pci: Serialize device addition and removal Prior changes ensured that when zpci_release_device() is called and it removed the zdev from the zpci_list this instance can not be found via the zpci_list anymore even while allowing re-add of reserved devices. This only accounts for the overall lifetime and zpci_list addition and removal, it does not yet prevent concurrent add of a new instance for the same underlying device. Such concurrent add would subsequently cause issues such as attempted re-use of the same IOMMU sysfs directory and is generally undesired. Introduce a new zpci_add_remove_lock mutex to serialize adding a new device with removal. Together this ensures that if a struct zpci_dev is not found in the zpci_list it was either already removed and torn down, or its removal and tear down is in progress with the zpci_add_remove_lock held. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4602abd0c6f1..cd6676c2d602 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -45,6 +45,7 @@ /* list of all detected zpci devices */ static LIST_HEAD(zpci_list); static DEFINE_SPINLOCK(zpci_list_lock); +static DEFINE_MUTEX(zpci_add_remove_lock); static DECLARE_BITMAP(zpci_domain, ZPCI_DOMAIN_BITMAP_SIZE); static DEFINE_SPINLOCK(zpci_domain_lock); @@ -74,7 +75,9 @@ void zpci_zdev_put(struct zpci_dev *zdev) { if (!zdev) return; + mutex_lock(&zpci_add_remove_lock); kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); } struct zpci_dev *get_zdev_by_fid(u32 fid) @@ -844,6 +847,7 @@ int zpci_add_device(struct zpci_dev *zdev) { int rc; + mutex_lock(&zpci_add_remove_lock); zpci_dbg(1, "add fid:%x, fh:%x, c:%d\n", zdev->fid, zdev->fh, zdev->state); rc = zpci_init_iommu(zdev); if (rc) @@ -857,12 +861,14 @@ int zpci_add_device(struct zpci_dev *zdev) spin_lock(&zpci_list_lock); list_add_tail(&zdev->entry, &zpci_list); spin_unlock(&zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); return 0; error_destroy_iommu: zpci_destroy_iommu(zdev); error: zpci_dbg(0, "add fid:%x, rc:%d\n", zdev->fid, rc); + mutex_unlock(&zpci_add_remove_lock); return rc; } @@ -953,6 +959,7 @@ void zpci_release_device(struct kref *kref) { struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); + lockdep_assert_held(&zpci_add_remove_lock); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); /* * We already hold zpci_list_lock thanks to kref_put_lock().

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Serialize device addition and removal" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 774a1fa880bc949d88b5ddec9494a13be733dfa8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062020-cornhusk-copy-3cd0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 774a1fa880bc949d88b5ddec9494a13be733dfa8 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:15 +0200 Subject: [PATCH] s390/pci: Serialize device addition and removal Prior changes ensured that when zpci_release_device() is called and it removed the zdev from the zpci_list this instance can not be found via the zpci_list anymore even while allowing re-add of reserved devices. This only accounts for the overall lifetime and zpci_list addition and removal, it does not yet prevent concurrent add of a new instance for the same underlying device. Such concurrent add would subsequently cause issues such as attempted re-use of the same IOMMU sysfs directory and is generally undesired. Introduce a new zpci_add_remove_lock mutex to serialize adding a new device with removal. Together this ensures that if a struct zpci_dev is not found in the zpci_list it was either already removed and torn down, or its removal and tear down is in progress with the zpci_add_remove_lock held. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4602abd0c6f1..cd6676c2d602 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -45,6 +45,7 @@ /* list of all detected zpci devices */ static LIST_HEAD(zpci_list); static DEFINE_SPINLOCK(zpci_list_lock); +static DEFINE_MUTEX(zpci_add_remove_lock); static DECLARE_BITMAP(zpci_domain, ZPCI_DOMAIN_BITMAP_SIZE); static DEFINE_SPINLOCK(zpci_domain_lock); @@ -74,7 +75,9 @@ void zpci_zdev_put(struct zpci_dev *zdev) { if (!zdev) return; + mutex_lock(&zpci_add_remove_lock); kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); } struct zpci_dev *get_zdev_by_fid(u32 fid) @@ -844,6 +847,7 @@ int zpci_add_device(struct zpci_dev *zdev) { int rc; + mutex_lock(&zpci_add_remove_lock); zpci_dbg(1, "add fid:%x, fh:%x, c:%d\n", zdev->fid, zdev->fh, zdev->state); rc = zpci_init_iommu(zdev); if (rc) @@ -857,12 +861,14 @@ int zpci_add_device(struct zpci_dev *zdev) spin_lock(&zpci_list_lock); list_add_tail(&zdev->entry, &zpci_list); spin_unlock(&zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); return 0; error_destroy_iommu: zpci_destroy_iommu(zdev); error: zpci_dbg(0, "add fid:%x, rc:%d\n", zdev->fid, rc); + mutex_unlock(&zpci_add_remove_lock); return rc; } @@ -953,6 +959,7 @@ void zpci_release_device(struct kref *kref) { struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); + lockdep_assert_held(&zpci_add_remove_lock); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); /* * We already hold zpci_list_lock thanks to kref_put_lock().

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Serialize device addition and removal" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 774a1fa880bc949d88b5ddec9494a13be733dfa8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062020-oxygen-print-635f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 774a1fa880bc949d88b5ddec9494a13be733dfa8 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:15 +0200 Subject: [PATCH] s390/pci: Serialize device addition and removal Prior changes ensured that when zpci_release_device() is called and it removed the zdev from the zpci_list this instance can not be found via the zpci_list anymore even while allowing re-add of reserved devices. This only accounts for the overall lifetime and zpci_list addition and removal, it does not yet prevent concurrent add of a new instance for the same underlying device. Such concurrent add would subsequently cause issues such as attempted re-use of the same IOMMU sysfs directory and is generally undesired. Introduce a new zpci_add_remove_lock mutex to serialize adding a new device with removal. Together this ensures that if a struct zpci_dev is not found in the zpci_list it was either already removed and torn down, or its removal and tear down is in progress with the zpci_add_remove_lock held. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 4602abd0c6f1..cd6676c2d602 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -45,6 +45,7 @@ /* list of all detected zpci devices */ static LIST_HEAD(zpci_list); static DEFINE_SPINLOCK(zpci_list_lock); +static DEFINE_MUTEX(zpci_add_remove_lock); static DECLARE_BITMAP(zpci_domain, ZPCI_DOMAIN_BITMAP_SIZE); static DEFINE_SPINLOCK(zpci_domain_lock); @@ -74,7 +75,9 @@ void zpci_zdev_put(struct zpci_dev *zdev) { if (!zdev) return; + mutex_lock(&zpci_add_remove_lock); kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); } struct zpci_dev *get_zdev_by_fid(u32 fid) @@ -844,6 +847,7 @@ int zpci_add_device(struct zpci_dev *zdev) { int rc; + mutex_lock(&zpci_add_remove_lock); zpci_dbg(1, "add fid:%x, fh:%x, c:%d\n", zdev->fid, zdev->fh, zdev->state); rc = zpci_init_iommu(zdev); if (rc) @@ -857,12 +861,14 @@ int zpci_add_device(struct zpci_dev *zdev) spin_lock(&zpci_list_lock); list_add_tail(&zdev->entry, &zpci_list); spin_unlock(&zpci_list_lock); + mutex_unlock(&zpci_add_remove_lock); return 0; error_destroy_iommu: zpci_destroy_iommu(zdev); error: zpci_dbg(0, "add fid:%x, rc:%d\n", zdev->fid, rc); + mutex_unlock(&zpci_add_remove_lock); return rc; } @@ -953,6 +959,7 @@ void zpci_release_device(struct kref *kref) { struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); + lockdep_assert_held(&zpci_add_remove_lock); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); /* * We already hold zpci_list_lock thanks to kref_put_lock().

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Allow re-add of a reserved but not yet removed" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062012-sublease-shivering-12da@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:14 +0200 Subject: [PATCH] s390/pci: Allow re-add of a reserved but not yet removed device The architecture assumes that PCI functions can be removed synchronously as PCI events are processed. This however clashes with the reference counting of struct pci_dev which allows device drivers to hold on to a struct pci_dev reference even as the underlying device is removed. To bridge this gap commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev") keeps the struct zpci_dev in ZPCI_FN_STATE_RESERVED state until common code releases the struct pci_dev. Only when all references are dropped, the struct zpci_dev can be removed and freed. Later commit a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") moved the deletion of the struct zpci_dev from the zpci_list in zpci_release_device() to the point where the device is reserved. This was done to prevent handling events for a device that is already being removed, e.g. when the platform generates both PCI event codes 0x304 and 0x308. In retrospect, deletion from the zpci_list in the release function without holding the zpci_list_lock was also racy. A side effect of this handling is that if the underlying device re-appears while the struct zpci_dev is in the ZPCI_FN_STATE_RESERVED state, the new and old instances of the struct zpci_dev and/or struct pci_dev may clash. For example when trying to create the IOMMU sysfs files for the new instance. In this case, re-adding the new instance is aborted. The old instance is removed, and the device will remain absent until the platform issues another event. Fix this by allowing the struct zpci_dev to be brought back up right until it is finally removed. To this end also keep the struct zpci_dev in the zpci_list until it is finally released when all references have been dropped. Deletion from the zpci_list from within the release function is made safe by using kref_put_lock() with the zpci_list_lock. This ensures that the releasing code holds the last reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 9fcc6d3180f2..4602abd0c6f1 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -70,6 +70,13 @@ EXPORT_SYMBOL_GPL(zpci_aipb); struct airq_iv *zpci_aif_sbv; EXPORT_SYMBOL_GPL(zpci_aif_sbv); +void zpci_zdev_put(struct zpci_dev *zdev) +{ + if (!zdev) + return; + kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); +} + struct zpci_dev *get_zdev_by_fid(u32 fid) { struct zpci_dev *tmp, *zdev = NULL; @@ -925,21 +932,20 @@ int zpci_deconfigure_device(struct zpci_dev *zdev) * @zdev: the zpci_dev that was reserved * * Handle the case that a given zPCI function was reserved by another system. - * After a call to this function the zpci_dev can not be found via - * get_zdev_by_fid() anymore but may still be accessible via existing - * references though it will not be functional anymore. */ void zpci_device_reserved(struct zpci_dev *zdev) { - /* - * Remove device from zpci_list as it is going away. This also - * makes sure we ignore subsequent zPCI events for this device. - */ - spin_lock(&zpci_list_lock); - list_del(&zdev->entry); - spin_unlock(&zpci_list_lock); + lockdep_assert_held(&zdev->state_lock); + /* We may declare the device reserved multiple times */ + if (zdev->state == ZPCI_FN_STATE_RESERVED) + return; zdev->state = ZPCI_FN_STATE_RESERVED; zpci_dbg(3, "rsv fid:%x\n", zdev->fid); + /* + * The underlying device is gone. Allow the zdev to be freed + * as soon as all other references are gone by accounting for + * the removal as a dropped reference. + */ zpci_zdev_put(zdev); } @@ -948,6 +954,12 @@ void zpci_release_device(struct kref *kref) struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); + /* + * We already hold zpci_list_lock thanks to kref_put_lock(). + * This makes sure no new reference can be taken from the list. + */ + list_del(&zdev->entry); + spin_unlock(&zpci_list_lock); if (zdev->has_hp_slot) zpci_exit_slot(zdev); diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h index e86a9419d233..ae3d7a9159bd 100644 --- a/arch/s390/pci/pci_bus.h +++ b/arch/s390/pci/pci_bus.h @@ -21,11 +21,8 @@ int zpci_bus_scan_device(struct zpci_dev *zdev); void zpci_bus_remove_device(struct zpci_dev *zdev, bool set_error); void zpci_release_device(struct kref *kref); -static inline void zpci_zdev_put(struct zpci_dev *zdev) -{ - if (zdev) - kref_put(&zdev->kref, zpci_release_device); -} + +void zpci_zdev_put(struct zpci_dev *zdev); static inline void zpci_zdev_get(struct zpci_dev *zdev) { diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 7bd7721c1239..2fbee3887d13 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -335,6 +335,22 @@ static void zpci_event_hard_deconfigured(struct zpci_dev *zdev, u32 fh) zdev->state = ZPCI_FN_STATE_STANDBY; } +static void zpci_event_reappear(struct zpci_dev *zdev) +{ + lockdep_assert_held(&zdev->state_lock); + /* + * The zdev is in the reserved state. This means that it was presumed to + * go away but there are still undropped references. Now, the platform + * announced its availability again. Bring back the lingering zdev + * to standby. This is safe because we hold a temporary reference + * now so that it won't go away. Account for the re-appearance of the + * underlying device by incrementing the reference count. + */ + zdev->state = ZPCI_FN_STATE_STANDBY; + zpci_zdev_get(zdev); + zpci_dbg(1, "rea fid:%x, fh:%x\n", zdev->fid, zdev->fh); +} + static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) { struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); @@ -358,8 +374,10 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); /* the configuration request may be stale */ - if (zdev->state != ZPCI_FN_STATE_STANDBY) + else if (zdev->state != ZPCI_FN_STATE_STANDBY) break; zdev->state = ZPCI_FN_STATE_CONFIGURED; } @@ -375,6 +393,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); zpci_update_fh(zdev, ccdf->fh); } break;

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Allow re-add of a reserved but not yet removed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062010-easter-choosing-e03b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:14 +0200 Subject: [PATCH] s390/pci: Allow re-add of a reserved but not yet removed device The architecture assumes that PCI functions can be removed synchronously as PCI events are processed. This however clashes with the reference counting of struct pci_dev which allows device drivers to hold on to a struct pci_dev reference even as the underlying device is removed. To bridge this gap commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev") keeps the struct zpci_dev in ZPCI_FN_STATE_RESERVED state until common code releases the struct pci_dev. Only when all references are dropped, the struct zpci_dev can be removed and freed. Later commit a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") moved the deletion of the struct zpci_dev from the zpci_list in zpci_release_device() to the point where the device is reserved. This was done to prevent handling events for a device that is already being removed, e.g. when the platform generates both PCI event codes 0x304 and 0x308. In retrospect, deletion from the zpci_list in the release function without holding the zpci_list_lock was also racy. A side effect of this handling is that if the underlying device re-appears while the struct zpci_dev is in the ZPCI_FN_STATE_RESERVED state, the new and old instances of the struct zpci_dev and/or struct pci_dev may clash. For example when trying to create the IOMMU sysfs files for the new instance. In this case, re-adding the new instance is aborted. The old instance is removed, and the device will remain absent until the platform issues another event. Fix this by allowing the struct zpci_dev to be brought back up right until it is finally removed. To this end also keep the struct zpci_dev in the zpci_list until it is finally released when all references have been dropped. Deletion from the zpci_list from within the release function is made safe by using kref_put_lock() with the zpci_list_lock. This ensures that the releasing code holds the last reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 9fcc6d3180f2..4602abd0c6f1 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -70,6 +70,13 @@ EXPORT_SYMBOL_GPL(zpci_aipb); struct airq_iv *zpci_aif_sbv; EXPORT_SYMBOL_GPL(zpci_aif_sbv); +void zpci_zdev_put(struct zpci_dev *zdev) +{ + if (!zdev) + return; + kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); +} + struct zpci_dev *get_zdev_by_fid(u32 fid) { struct zpci_dev *tmp, *zdev = NULL; @@ -925,21 +932,20 @@ int zpci_deconfigure_device(struct zpci_dev *zdev) * @zdev: the zpci_dev that was reserved * * Handle the case that a given zPCI function was reserved by another system. - * After a call to this function the zpci_dev can not be found via - * get_zdev_by_fid() anymore but may still be accessible via existing - * references though it will not be functional anymore. */ void zpci_device_reserved(struct zpci_dev *zdev) { - /* - * Remove device from zpci_list as it is going away. This also - * makes sure we ignore subsequent zPCI events for this device. - */ - spin_lock(&zpci_list_lock); - list_del(&zdev->entry); - spin_unlock(&zpci_list_lock); + lockdep_assert_held(&zdev->state_lock); + /* We may declare the device reserved multiple times */ + if (zdev->state == ZPCI_FN_STATE_RESERVED) + return; zdev->state = ZPCI_FN_STATE_RESERVED; zpci_dbg(3, "rsv fid:%x\n", zdev->fid); + /* + * The underlying device is gone. Allow the zdev to be freed + * as soon as all other references are gone by accounting for + * the removal as a dropped reference. + */ zpci_zdev_put(zdev); } @@ -948,6 +954,12 @@ void zpci_release_device(struct kref *kref) struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); + /* + * We already hold zpci_list_lock thanks to kref_put_lock(). + * This makes sure no new reference can be taken from the list. + */ + list_del(&zdev->entry); + spin_unlock(&zpci_list_lock); if (zdev->has_hp_slot) zpci_exit_slot(zdev); diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h index e86a9419d233..ae3d7a9159bd 100644 --- a/arch/s390/pci/pci_bus.h +++ b/arch/s390/pci/pci_bus.h @@ -21,11 +21,8 @@ int zpci_bus_scan_device(struct zpci_dev *zdev); void zpci_bus_remove_device(struct zpci_dev *zdev, bool set_error); void zpci_release_device(struct kref *kref); -static inline void zpci_zdev_put(struct zpci_dev *zdev) -{ - if (zdev) - kref_put(&zdev->kref, zpci_release_device); -} + +void zpci_zdev_put(struct zpci_dev *zdev); static inline void zpci_zdev_get(struct zpci_dev *zdev) { diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 7bd7721c1239..2fbee3887d13 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -335,6 +335,22 @@ static void zpci_event_hard_deconfigured(struct zpci_dev *zdev, u32 fh) zdev->state = ZPCI_FN_STATE_STANDBY; } +static void zpci_event_reappear(struct zpci_dev *zdev) +{ + lockdep_assert_held(&zdev->state_lock); + /* + * The zdev is in the reserved state. This means that it was presumed to + * go away but there are still undropped references. Now, the platform + * announced its availability again. Bring back the lingering zdev + * to standby. This is safe because we hold a temporary reference + * now so that it won't go away. Account for the re-appearance of the + * underlying device by incrementing the reference count. + */ + zdev->state = ZPCI_FN_STATE_STANDBY; + zpci_zdev_get(zdev); + zpci_dbg(1, "rea fid:%x, fh:%x\n", zdev->fid, zdev->fh); +} + static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) { struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); @@ -358,8 +374,10 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); /* the configuration request may be stale */ - if (zdev->state != ZPCI_FN_STATE_STANDBY) + else if (zdev->state != ZPCI_FN_STATE_STANDBY) break; zdev->state = ZPCI_FN_STATE_CONFIGURED; } @@ -375,6 +393,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); zpci_update_fh(zdev, ccdf->fh); } break;

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Allow re-add of a reserved but not yet removed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062009-passover-legibly-3a57@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:14 +0200 Subject: [PATCH] s390/pci: Allow re-add of a reserved but not yet removed device The architecture assumes that PCI functions can be removed synchronously as PCI events are processed. This however clashes with the reference counting of struct pci_dev which allows device drivers to hold on to a struct pci_dev reference even as the underlying device is removed. To bridge this gap commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev") keeps the struct zpci_dev in ZPCI_FN_STATE_RESERVED state until common code releases the struct pci_dev. Only when all references are dropped, the struct zpci_dev can be removed and freed. Later commit a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") moved the deletion of the struct zpci_dev from the zpci_list in zpci_release_device() to the point where the device is reserved. This was done to prevent handling events for a device that is already being removed, e.g. when the platform generates both PCI event codes 0x304 and 0x308. In retrospect, deletion from the zpci_list in the release function without holding the zpci_list_lock was also racy. A side effect of this handling is that if the underlying device re-appears while the struct zpci_dev is in the ZPCI_FN_STATE_RESERVED state, the new and old instances of the struct zpci_dev and/or struct pci_dev may clash. For example when trying to create the IOMMU sysfs files for the new instance. In this case, re-adding the new instance is aborted. The old instance is removed, and the device will remain absent until the platform issues another event. Fix this by allowing the struct zpci_dev to be brought back up right until it is finally removed. To this end also keep the struct zpci_dev in the zpci_list until it is finally released when all references have been dropped. Deletion from the zpci_list from within the release function is made safe by using kref_put_lock() with the zpci_list_lock. This ensures that the releasing code holds the last reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 9fcc6d3180f2..4602abd0c6f1 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -70,6 +70,13 @@ EXPORT_SYMBOL_GPL(zpci_aipb); struct airq_iv *zpci_aif_sbv; EXPORT_SYMBOL_GPL(zpci_aif_sbv); +void zpci_zdev_put(struct zpci_dev *zdev) +{ + if (!zdev) + return; + kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); +} + struct zpci_dev *get_zdev_by_fid(u32 fid) { struct zpci_dev *tmp, *zdev = NULL; @@ -925,21 +932,20 @@ int zpci_deconfigure_device(struct zpci_dev *zdev) * @zdev: the zpci_dev that was reserved * * Handle the case that a given zPCI function was reserved by another system. - * After a call to this function the zpci_dev can not be found via - * get_zdev_by_fid() anymore but may still be accessible via existing - * references though it will not be functional anymore. */ void zpci_device_reserved(struct zpci_dev *zdev) { - /* - * Remove device from zpci_list as it is going away. This also - * makes sure we ignore subsequent zPCI events for this device. - */ - spin_lock(&zpci_list_lock); - list_del(&zdev->entry); - spin_unlock(&zpci_list_lock); + lockdep_assert_held(&zdev->state_lock); + /* We may declare the device reserved multiple times */ + if (zdev->state == ZPCI_FN_STATE_RESERVED) + return; zdev->state = ZPCI_FN_STATE_RESERVED; zpci_dbg(3, "rsv fid:%x\n", zdev->fid); + /* + * The underlying device is gone. Allow the zdev to be freed + * as soon as all other references are gone by accounting for + * the removal as a dropped reference. + */ zpci_zdev_put(zdev); } @@ -948,6 +954,12 @@ void zpci_release_device(struct kref *kref) struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); + /* + * We already hold zpci_list_lock thanks to kref_put_lock(). + * This makes sure no new reference can be taken from the list. + */ + list_del(&zdev->entry); + spin_unlock(&zpci_list_lock); if (zdev->has_hp_slot) zpci_exit_slot(zdev); diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h index e86a9419d233..ae3d7a9159bd 100644 --- a/arch/s390/pci/pci_bus.h +++ b/arch/s390/pci/pci_bus.h @@ -21,11 +21,8 @@ int zpci_bus_scan_device(struct zpci_dev *zdev); void zpci_bus_remove_device(struct zpci_dev *zdev, bool set_error); void zpci_release_device(struct kref *kref); -static inline void zpci_zdev_put(struct zpci_dev *zdev) -{ - if (zdev) - kref_put(&zdev->kref, zpci_release_device); -} + +void zpci_zdev_put(struct zpci_dev *zdev); static inline void zpci_zdev_get(struct zpci_dev *zdev) { diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 7bd7721c1239..2fbee3887d13 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -335,6 +335,22 @@ static void zpci_event_hard_deconfigured(struct zpci_dev *zdev, u32 fh) zdev->state = ZPCI_FN_STATE_STANDBY; } +static void zpci_event_reappear(struct zpci_dev *zdev) +{ + lockdep_assert_held(&zdev->state_lock); + /* + * The zdev is in the reserved state. This means that it was presumed to + * go away but there are still undropped references. Now, the platform + * announced its availability again. Bring back the lingering zdev + * to standby. This is safe because we hold a temporary reference + * now so that it won't go away. Account for the re-appearance of the + * underlying device by incrementing the reference count. + */ + zdev->state = ZPCI_FN_STATE_STANDBY; + zpci_zdev_get(zdev); + zpci_dbg(1, "rea fid:%x, fh:%x\n", zdev->fid, zdev->fh); +} + static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) { struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); @@ -358,8 +374,10 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); /* the configuration request may be stale */ - if (zdev->state != ZPCI_FN_STATE_STANDBY) + else if (zdev->state != ZPCI_FN_STATE_STANDBY) break; zdev->state = ZPCI_FN_STATE_CONFIGURED; } @@ -375,6 +393,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); zpci_update_fh(zdev, ccdf->fh); } break;

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Allow re-add of a reserved but not yet removed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062008-fading-headphone-4c02@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:14 +0200 Subject: [PATCH] s390/pci: Allow re-add of a reserved but not yet removed device The architecture assumes that PCI functions can be removed synchronously as PCI events are processed. This however clashes with the reference counting of struct pci_dev which allows device drivers to hold on to a struct pci_dev reference even as the underlying device is removed. To bridge this gap commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev") keeps the struct zpci_dev in ZPCI_FN_STATE_RESERVED state until common code releases the struct pci_dev. Only when all references are dropped, the struct zpci_dev can be removed and freed. Later commit a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") moved the deletion of the struct zpci_dev from the zpci_list in zpci_release_device() to the point where the device is reserved. This was done to prevent handling events for a device that is already being removed, e.g. when the platform generates both PCI event codes 0x304 and 0x308. In retrospect, deletion from the zpci_list in the release function without holding the zpci_list_lock was also racy. A side effect of this handling is that if the underlying device re-appears while the struct zpci_dev is in the ZPCI_FN_STATE_RESERVED state, the new and old instances of the struct zpci_dev and/or struct pci_dev may clash. For example when trying to create the IOMMU sysfs files for the new instance. In this case, re-adding the new instance is aborted. The old instance is removed, and the device will remain absent until the platform issues another event. Fix this by allowing the struct zpci_dev to be brought back up right until it is finally removed. To this end also keep the struct zpci_dev in the zpci_list until it is finally released when all references have been dropped. Deletion from the zpci_list from within the release function is made safe by using kref_put_lock() with the zpci_list_lock. This ensures that the releasing code holds the last reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 9fcc6d3180f2..4602abd0c6f1 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -70,6 +70,13 @@ EXPORT_SYMBOL_GPL(zpci_aipb); struct airq_iv *zpci_aif_sbv; EXPORT_SYMBOL_GPL(zpci_aif_sbv); +void zpci_zdev_put(struct zpci_dev *zdev) +{ + if (!zdev) + return; + kref_put_lock(&zdev->kref, zpci_release_device, &zpci_list_lock); +} + struct zpci_dev *get_zdev_by_fid(u32 fid) { struct zpci_dev *tmp, *zdev = NULL; @@ -925,21 +932,20 @@ int zpci_deconfigure_device(struct zpci_dev *zdev) * @zdev: the zpci_dev that was reserved * * Handle the case that a given zPCI function was reserved by another system. - * After a call to this function the zpci_dev can not be found via - * get_zdev_by_fid() anymore but may still be accessible via existing - * references though it will not be functional anymore. */ void zpci_device_reserved(struct zpci_dev *zdev) { - /* - * Remove device from zpci_list as it is going away. This also - * makes sure we ignore subsequent zPCI events for this device. - */ - spin_lock(&zpci_list_lock); - list_del(&zdev->entry); - spin_unlock(&zpci_list_lock); + lockdep_assert_held(&zdev->state_lock); + /* We may declare the device reserved multiple times */ + if (zdev->state == ZPCI_FN_STATE_RESERVED) + return; zdev->state = ZPCI_FN_STATE_RESERVED; zpci_dbg(3, "rsv fid:%x\n", zdev->fid); + /* + * The underlying device is gone. Allow the zdev to be freed + * as soon as all other references are gone by accounting for + * the removal as a dropped reference. + */ zpci_zdev_put(zdev); } @@ -948,6 +954,12 @@ void zpci_release_device(struct kref *kref) struct zpci_dev *zdev = container_of(kref, struct zpci_dev, kref); WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); + /* + * We already hold zpci_list_lock thanks to kref_put_lock(). + * This makes sure no new reference can be taken from the list. + */ + list_del(&zdev->entry); + spin_unlock(&zpci_list_lock); if (zdev->has_hp_slot) zpci_exit_slot(zdev); diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h index e86a9419d233..ae3d7a9159bd 100644 --- a/arch/s390/pci/pci_bus.h +++ b/arch/s390/pci/pci_bus.h @@ -21,11 +21,8 @@ int zpci_bus_scan_device(struct zpci_dev *zdev); void zpci_bus_remove_device(struct zpci_dev *zdev, bool set_error); void zpci_release_device(struct kref *kref); -static inline void zpci_zdev_put(struct zpci_dev *zdev) -{ - if (zdev) - kref_put(&zdev->kref, zpci_release_device); -} + +void zpci_zdev_put(struct zpci_dev *zdev); static inline void zpci_zdev_get(struct zpci_dev *zdev) { diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 7bd7721c1239..2fbee3887d13 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -335,6 +335,22 @@ static void zpci_event_hard_deconfigured(struct zpci_dev *zdev, u32 fh) zdev->state = ZPCI_FN_STATE_STANDBY; } +static void zpci_event_reappear(struct zpci_dev *zdev) +{ + lockdep_assert_held(&zdev->state_lock); + /* + * The zdev is in the reserved state. This means that it was presumed to + * go away but there are still undropped references. Now, the platform + * announced its availability again. Bring back the lingering zdev + * to standby. This is safe because we hold a temporary reference + * now so that it won't go away. Account for the re-appearance of the + * underlying device by incrementing the reference count. + */ + zdev->state = ZPCI_FN_STATE_STANDBY; + zpci_zdev_get(zdev); + zpci_dbg(1, "rea fid:%x, fh:%x\n", zdev->fid, zdev->fh); +} + static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) { struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); @@ -358,8 +374,10 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); /* the configuration request may be stale */ - if (zdev->state != ZPCI_FN_STATE_STANDBY) + else if (zdev->state != ZPCI_FN_STATE_STANDBY) break; zdev->state = ZPCI_FN_STATE_CONFIGURED; } @@ -375,6 +393,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf) break; } } else { + if (zdev->state == ZPCI_FN_STATE_RESERVED) + zpci_event_reappear(zdev); zpci_update_fh(zdev, ccdf->fh); } break;

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Prevent self deletion in disable_slot()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 47c397844869ad0e6738afb5879c7492f4691122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062055-throttle-abide-0845@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c397844869ad0e6738afb5879c7492f4691122 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:13 +0200 Subject: [PATCH] s390/pci: Prevent self deletion in disable_slot() As disable_slot() takes a struct zpci_dev from the Configured to the Standby state. In Standby there is still a hotplug slot so this is not usually a case of sysfs self deletion. This is important because self deletion gets very hairy in terms of locking (see for example recover_store() in arch/s390/pci/pci_sysfs.c). Because the pci_dev_put() is not within the critical section of the zdev->state_lock however, disable_slot() can turn into a case of self deletion if zPCI device event handling slips between the mutex_unlock() and the pci_dev_put(). If the latter is the last put and zpci_release_device() is called this then tries to remove the hotplug slot via zpci_exit_slot() which will try to remove the hotplug slot directory the disable_slot() is part of i.e. self deletion. Prevent this by widening the zdev->state_lock critical section to include the pci_dev_put() which is then guaranteed to happen with the struct zpci_dev still in Standby state ensuring it will not lead to a zpci_release_device() call as at least the zPCI event handling code still holds a reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index 055518ee354d..3d26d273f29d 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -66,9 +66,9 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) rc = zpci_deconfigure_device(zdev); out: - mutex_unlock(&zdev->state_lock); if (pdev) pci_dev_put(pdev); + mutex_unlock(&zdev->state_lock); return rc; }

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Prevent self deletion in disable_slot()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 47c397844869ad0e6738afb5879c7492f4691122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062054-emotion-defiling-38ce@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c397844869ad0e6738afb5879c7492f4691122 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:13 +0200 Subject: [PATCH] s390/pci: Prevent self deletion in disable_slot() As disable_slot() takes a struct zpci_dev from the Configured to the Standby state. In Standby there is still a hotplug slot so this is not usually a case of sysfs self deletion. This is important because self deletion gets very hairy in terms of locking (see for example recover_store() in arch/s390/pci/pci_sysfs.c). Because the pci_dev_put() is not within the critical section of the zdev->state_lock however, disable_slot() can turn into a case of self deletion if zPCI device event handling slips between the mutex_unlock() and the pci_dev_put(). If the latter is the last put and zpci_release_device() is called this then tries to remove the hotplug slot via zpci_exit_slot() which will try to remove the hotplug slot directory the disable_slot() is part of i.e. self deletion. Prevent this by widening the zdev->state_lock critical section to include the pci_dev_put() which is then guaranteed to happen with the struct zpci_dev still in Standby state ensuring it will not lead to a zpci_release_device() call as at least the zPCI event handling code still holds a reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index 055518ee354d..3d26d273f29d 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -66,9 +66,9 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) rc = zpci_deconfigure_device(zdev); out: - mutex_unlock(&zdev->state_lock); if (pdev) pci_dev_put(pdev); + mutex_unlock(&zdev->state_lock); return rc; }

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Prevent self deletion in disable_slot()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 47c397844869ad0e6738afb5879c7492f4691122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062053-bubble-plausible-db18@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c397844869ad0e6738afb5879c7492f4691122 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:13 +0200 Subject: [PATCH] s390/pci: Prevent self deletion in disable_slot() As disable_slot() takes a struct zpci_dev from the Configured to the Standby state. In Standby there is still a hotplug slot so this is not usually a case of sysfs self deletion. This is important because self deletion gets very hairy in terms of locking (see for example recover_store() in arch/s390/pci/pci_sysfs.c). Because the pci_dev_put() is not within the critical section of the zdev->state_lock however, disable_slot() can turn into a case of self deletion if zPCI device event handling slips between the mutex_unlock() and the pci_dev_put(). If the latter is the last put and zpci_release_device() is called this then tries to remove the hotplug slot via zpci_exit_slot() which will try to remove the hotplug slot directory the disable_slot() is part of i.e. self deletion. Prevent this by widening the zdev->state_lock critical section to include the pci_dev_put() which is then guaranteed to happen with the struct zpci_dev still in Standby state ensuring it will not lead to a zpci_release_device() call as at least the zPCI event handling code still holds a reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index 055518ee354d..3d26d273f29d 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -66,9 +66,9 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) rc = zpci_deconfigure_device(zdev); out: - mutex_unlock(&zdev->state_lock); if (pdev) pci_dev_put(pdev); + mutex_unlock(&zdev->state_lock); return rc; }

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Prevent self deletion in disable_slot()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 47c397844869ad0e6738afb5879c7492f4691122 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062052-deviate-fetal-1fef@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47c397844869ad0e6738afb5879c7492f4691122 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:13 +0200 Subject: [PATCH] s390/pci: Prevent self deletion in disable_slot() As disable_slot() takes a struct zpci_dev from the Configured to the Standby state. In Standby there is still a hotplug slot so this is not usually a case of sysfs self deletion. This is important because self deletion gets very hairy in terms of locking (see for example recover_store() in arch/s390/pci/pci_sysfs.c). Because the pci_dev_put() is not within the critical section of the zdev->state_lock however, disable_slot() can turn into a case of self deletion if zPCI device event handling slips between the mutex_unlock() and the pci_dev_put(). If the latter is the last put and zpci_release_device() is called this then tries to remove the hotplug slot via zpci_exit_slot() which will try to remove the hotplug slot directory the disable_slot() is part of i.e. self deletion. Prevent this by widening the zdev->state_lock critical section to include the pci_dev_put() which is then guaranteed to happen with the struct zpci_dev still in Standby state ensuring it will not lead to a zpci_release_device() call as at least the zPCI event handling code still holds a reference. Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index 055518ee354d..3d26d273f29d 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -66,9 +66,9 @@ static int disable_slot(struct hotplug_slot *hotplug_slot) rc = zpci_deconfigure_device(zdev); out: - mutex_unlock(&zdev->state_lock); if (pdev) pci_dev_put(pdev); + mutex_unlock(&zdev->state_lock); return rc; }

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-width-famished-433f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-unnerving-tasting-63f1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-ligament-subtract-d8af@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

3 months

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062038-popcorn-lure-f2f1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062041-mutiny-civil-2bce@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-preaching-lance-8408@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-twentieth-uniformed-032e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-stinging-clad-50a8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062030-rely-movable-fb97@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062029-crayfish-robotics-60e2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062028-rumble-ebony-e250@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062028-pegboard-reaffirm-313f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_4xxx" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 845bc952024dbf482c7434daeac66f764642d52d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062013-oversight-paced-887b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 845bc952024dbf482c7434daeac66f764642d52d Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:46 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_4xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: 4xxx 0000:01:00.0: Failed to power up the device 4xxx 0000:01:00.0: Failed to initialize device 4xxx 0000:01:00.0: Resetting device qat_dev0 4xxx 0000:01:00.0: probe with driver 4xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver") Link: https://lore.kernel.org/all/Z-DGQrhRj9niR9iZ@gondor.apana.org.au/ Reported-by: Randy Wright <rwright(a)hpe.com> Closes: https://issues.redhat.com/browse/RHEL-84366 Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c index 5537a9991e4e..1ac415ef3c31 100644 --- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c @@ -188,11 +188,19 @@ static void adf_remove(struct pci_dev *pdev) adf_cleanup_accel(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static struct pci_driver adf_driver = { .id_table = adf_pci_tbl, .name = ADF_4XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_4xxx" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 845bc952024dbf482c7434daeac66f764642d52d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062013-ferris-purr-2823@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 845bc952024dbf482c7434daeac66f764642d52d Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:46 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_4xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: 4xxx 0000:01:00.0: Failed to power up the device 4xxx 0000:01:00.0: Failed to initialize device 4xxx 0000:01:00.0: Resetting device qat_dev0 4xxx 0000:01:00.0: probe with driver 4xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver") Link: https://lore.kernel.org/all/Z-DGQrhRj9niR9iZ@gondor.apana.org.au/ Reported-by: Randy Wright <rwright(a)hpe.com> Closes: https://issues.redhat.com/browse/RHEL-84366 Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c index 5537a9991e4e..1ac415ef3c31 100644 --- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c @@ -188,11 +188,19 @@ static void adf_remove(struct pci_dev *pdev) adf_cleanup_accel(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static struct pci_driver adf_driver = { .id_table = adf_pci_tbl, .name = ADF_4XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-depress-slit-c249@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-setback-bulgur-2550@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062038-unsavory-overrun-ecbc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-crier-richly-f55f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x bc8169003b41e89fe7052e408cf9fdbecb4017fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-slinging-salvaging-1638@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8169003b41e89fe7052e408cf9fdbecb4017fe Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 20 May 2025 10:39:29 +0800 Subject: [PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5d..3f9e1bbd9905 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -10,6 +10,7 @@ config CRYPTO_CHACHA20_P10 config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC

3 months

1
0
0 0

FAILED: patch "[PATCH] crypto: marvell/cesa - Do not chain submitted requests" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0413bcf0fc460a68a2a7a8354aee833293d7d693 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062023-fidgety-landslide-5061@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0413bcf0fc460a68a2a7a8354aee833293d7d693 Mon Sep 17 00:00:00 2001 From: Herbert Xu <herbert(a)gondor.apana.org.au> Date: Thu, 8 May 2025 13:22:16 +0800 Subject: [PATCH] crypto: marvell/cesa - Do not chain submitted requests This driver tries to chain requests together before submitting them to hardware in order to reduce completion interrupts. However, it even extends chains that have already been submitted to hardware. This is dangerous because there is no way of knowing whether the hardware has already read the DMA memory in question or not. Fix this by splitting the chain list into two. One for submitted requests and one for requests that have not yet been submitted. Only extend the latter. Reported-by: Klaus Kudielka <klaus.kudielka(a)gmail.com> Fixes: 85030c5168f1 ("crypto: marvell - Add support for chaining crypto requests in TDMA mode") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/marvell/cesa/cesa.c b/drivers/crypto/marvell/cesa/cesa.c index fa08f10e6f3f..9c21f5d835d2 100644 --- a/drivers/crypto/marvell/cesa/cesa.c +++ b/drivers/crypto/marvell/cesa/cesa.c @@ -94,7 +94,7 @@ static int mv_cesa_std_process(struct mv_cesa_engine *engine, u32 status) static int mv_cesa_int_process(struct mv_cesa_engine *engine, u32 status) { - if (engine->chain.first && engine->chain.last) + if (engine->chain_hw.first && engine->chain_hw.last) return mv_cesa_tdma_process(engine, status); return mv_cesa_std_process(engine, status); diff --git a/drivers/crypto/marvell/cesa/cesa.h b/drivers/crypto/marvell/cesa/cesa.h index d215a6bed6bc..50ca1039fdaa 100644 --- a/drivers/crypto/marvell/cesa/cesa.h +++ b/drivers/crypto/marvell/cesa/cesa.h @@ -440,8 +440,10 @@ struct mv_cesa_dev { * SRAM * @queue: fifo of the pending crypto requests * @load: engine load counter, useful for load balancing - * @chain: list of the current tdma descriptors being processed - * by this engine. + * @chain_hw: list of the current tdma descriptors being processed + * by the hardware. + * @chain_sw: list of the current tdma descriptors that will be + * submitted to the hardware. * @complete_queue: fifo of the processed requests by the engine * * Structure storing CESA engine information. @@ -463,7 +465,8 @@ struct mv_cesa_engine { struct gen_pool *pool; struct crypto_queue queue; atomic_t load; - struct mv_cesa_tdma_chain chain; + struct mv_cesa_tdma_chain chain_hw; + struct mv_cesa_tdma_chain chain_sw; struct list_head complete_queue; int irq; }; diff --git a/drivers/crypto/marvell/cesa/tdma.c b/drivers/crypto/marvell/cesa/tdma.c index 388a06e180d6..243305354420 100644 --- a/drivers/crypto/marvell/cesa/tdma.c +++ b/drivers/crypto/marvell/cesa/tdma.c @@ -38,6 +38,15 @@ void mv_cesa_dma_step(struct mv_cesa_req *dreq) { struct mv_cesa_engine *engine = dreq->engine; + spin_lock_bh(&engine->lock); + if (engine->chain_sw.first == dreq->chain.first) { + engine->chain_sw.first = NULL; + engine->chain_sw.last = NULL; + } + engine->chain_hw.first = dreq->chain.first; + engine->chain_hw.last = dreq->chain.last; + spin_unlock_bh(&engine->lock); + writel_relaxed(0, engine->regs + CESA_SA_CFG); mv_cesa_set_int_mask(engine, CESA_SA_INT_ACC0_IDMA_DONE); @@ -96,25 +105,27 @@ void mv_cesa_dma_prepare(struct mv_cesa_req *dreq, void mv_cesa_tdma_chain(struct mv_cesa_engine *engine, struct mv_cesa_req *dreq) { - if (engine->chain.first == NULL && engine->chain.last == NULL) { - engine->chain.first = dreq->chain.first; - engine->chain.last = dreq->chain.last; - } else { - struct mv_cesa_tdma_desc *last; + struct mv_cesa_tdma_desc *last = engine->chain_sw.last; - last = engine->chain.last; + /* + * Break the DMA chain if the request being queued needs the IV + * regs to be set before lauching the request. + */ + if (!last || dreq->chain.first->flags & CESA_TDMA_SET_STATE) + engine->chain_sw.first = dreq->chain.first; + else { last->next = dreq->chain.first; - engine->chain.last = dreq->chain.last; - - /* - * Break the DMA chain if the CESA_TDMA_BREAK_CHAIN is set on - * the last element of the current chain, or if the request - * being queued needs the IV regs to be set before lauching - * the request. - */ - if (!(last->flags & CESA_TDMA_BREAK_CHAIN) && - !(dreq->chain.first->flags & CESA_TDMA_SET_STATE)) - last->next_dma = cpu_to_le32(dreq->chain.first->cur_dma); + last->next_dma = cpu_to_le32(dreq->chain.first->cur_dma); + } + last = dreq->chain.last; + engine->chain_sw.last = last; + /* + * Break the DMA chain if the CESA_TDMA_BREAK_CHAIN is set on + * the last element of the current chain. + */ + if (last->flags & CESA_TDMA_BREAK_CHAIN) { + engine->chain_sw.first = NULL; + engine->chain_sw.last = NULL; } } @@ -127,7 +138,7 @@ int mv_cesa_tdma_process(struct mv_cesa_engine *engine, u32 status) tdma_cur = readl(engine->regs + CESA_TDMA_CUR); - for (tdma = engine->chain.first; tdma; tdma = next) { + for (tdma = engine->chain_hw.first; tdma; tdma = next) { spin_lock_bh(&engine->lock); next = tdma->next; spin_unlock_bh(&engine->lock); @@ -149,12 +160,12 @@ int mv_cesa_tdma_process(struct mv_cesa_engine *engine, u32 status) &backlog); /* Re-chaining to the next request */ - engine->chain.first = tdma->next; + engine->chain_hw.first = tdma->next; tdma->next = NULL; /* If this is the last request, clear the chain */ - if (engine->chain.first == NULL) - engine->chain.last = NULL; + if (engine->chain_hw.first == NULL) + engine->chain_hw.last = NULL; spin_unlock_bh(&engine->lock); ctx = crypto_tfm_ctx(req->tfm);

3 months

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() has been removed from the -mm tree. Its filename was maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Date: Mon, 16 Jun 2025 14:45:20 -0400 Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_PREALLOC flag should also always be set on zero allocations so that detection of underflow allocations will print a WARN_ON() during consumption. User visible effect of this flaw is a WARN_ON() followed by a null pointer dereference when subsequent requests for larger number of nodes is ignored, such as the vma merge retry in mmap_region() caused by drivers altering the vma flags (which happens in v6.6, at least) Link: https://lkml.kernel.org/r/20250616184521.3382795-3-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Reported-by: Hailong Liu <hailong.liu(a)oppo.com> Link: https://lore.kernel.org/all/1652f7eb-a51b-4fee-8058-c73af63bacd1@oppo.com/ Link: https://lore.kernel.org/all/20250428184058.1416274-1-Liam.Howlett@oracle.co… Link: https://lore.kernel.org/all/20250429014754.1479118-1-Liam.Howlett@oracle.co… Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Hailong Liu <hailong.liu(a)oppo.com> Cc: zhangpeng.00(a)bytedance.com <zhangpeng.00(a)bytedance.com> Cc: Steve Kang <Steve.Kang(a)unisoc.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/lib/maple_tree.c~maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate +++ a/lib/maple_tree.c @@ -5527,8 +5527,9 @@ int mas_preallocate(struct ma_state *mas mas->store_type = mas_wr_store_type(&wr_mas); request = mas_prealloc_calc(&wr_mas, entry); if (!request) - return ret; + goto set_flag; + mas->mas_flags &= ~MA_STATE_PREALLOC; mas_node_count_gfp(mas, request, gfp); if (mas_is_err(mas)) { mas_set_alloc_req(mas, 0); @@ -5538,6 +5539,7 @@ int mas_preallocate(struct ma_state *mas return ret; } +set_flag: mas->mas_flags |= MA_STATE_PREALLOC; return ret; } _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are tools-testing-radix-tree-test-maple-tree-chaining-mas_preallocate-calls.patch

3 months

1
0
0 0

[merged mm-hotfixes-stable] bcache-remove-unnecessary-select-min_heap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bcache: remove unnecessary select MIN_HEAP has been removed from the -mm tree. Its filename was bcache-remove-unnecessary-select-min_heap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: bcache: remove unnecessary select MIN_HEAP Date: Sun, 15 Jun 2025 04:23:53 +0800 After reverting the transition to the generic min heap library, bcache no longer depends on MIN_HEAP. The select entry can be removed to reduce code size and shrink the kernel's attack surface. This change effectively reverts the bcache-related part of commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"). This is part of a series of changes to address a performance regression caused by the use of the generic min_heap implementation. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-4-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/Kconfig | 1 - 1 file changed, 1 deletion(-) --- a/drivers/md/bcache/Kconfig~bcache-remove-unnecessary-select-min_heap +++ a/drivers/md/bcache/Kconfig @@ -5,7 +5,6 @@ config BCACHE select BLOCK_HOLDER_DEPRECATED if SYSFS select CRC64 select CLOSURES - select MIN_HEAP help Allows a block device to be used as cache for other devices; uses a btree for indexing and the layout is optimized for SSDs. _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

3 months

1
0
0 0

[merged mm-hotfixes-stable] revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" has been removed from the -mm tree. Its filename was revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" Date: Sun, 15 Jun 2025 04:23:52 +0800 This reverts commit 866898efbb25bb44fd42848318e46db9e785973a. The generic bottom-up min_heap implementation causes performance regression in invalidate_buckets_lru(), a hot path in bcache. Before the cache is fully populated, new_bucket_prio() often returns zero, leading to many equal comparisons. In such cases, bottom-up sift_down performs up to 2 * log2(n) comparisons, while the original top-down approach completes with just O() comparisons, resulting in a measurable performance gap. The performance degradation is further worsened by the non-inlined min_heap API functions introduced in commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), adding function call overhead to this critical path. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert aims to restore bcache's original low-latency behavior. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-3-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 64 ++++------------ drivers/md/bcache/bcache.h | 2 drivers/md/bcache/bset.c | 124 +++++++++++--------------------- drivers/md/bcache/bset.h | 42 ++++++---- drivers/md/bcache/btree.c | 69 +++++++---------- drivers/md/bcache/extents.c | 51 ++++--------- drivers/md/bcache/movinggc.c | 41 ++-------- drivers/md/bcache/super.c | 3 drivers/md/bcache/sysfs.c | 4 - drivers/md/bcache/util.h | 67 ++++++++++++++++- drivers/md/bcache/writeback.c | 13 +-- 11 files changed, 217 insertions(+), 263 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/alloc.c @@ -164,68 +164,40 @@ static void bch_invalidate_one_bucket(st * prio is worth 1/8th of what INITIAL_PRIO is worth. */ -static inline unsigned int new_bucket_prio(struct cache *ca, struct bucket *b) -{ - unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; - - return (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); -} - -static inline bool new_bucket_max_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) > new_bucket_prio(ca, *rhs); -} - -static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); -} - -static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **lhs = l, **rhs = r; +#define bucket_prio(b) \ +({ \ + unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; \ + \ + (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); \ +}) - swap(*lhs, *rhs); -} +#define bucket_max_cmp(l, r) (bucket_prio(l) < bucket_prio(r)) +#define bucket_min_cmp(l, r) (bucket_prio(l) > bucket_prio(r)) static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; - const struct min_heap_callbacks bucket_max_cmp_callback = { - .less = new_bucket_max_cmp, - .swp = new_bucket_swap, - }; - const struct min_heap_callbacks bucket_min_cmp_callback = { - .less = new_bucket_min_cmp, - .swp = new_bucket_swap, - }; + ssize_t i; - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (!bch_can_invalidate_bucket(ca, b)) continue; - if (!min_heap_full(&ca->heap)) - min_heap_push(&ca->heap, &b, &bucket_max_cmp_callback, ca); - else if (!new_bucket_max_cmp(&b, min_heap_peek(&ca->heap), ca)) { + if (!heap_full(&ca->heap)) + heap_add(&ca->heap, b, bucket_max_cmp); + else if (bucket_max_cmp(b, heap_peek(&ca->heap))) { ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &bucket_max_cmp_callback, ca); + heap_sift(&ca->heap, 0, bucket_max_cmp); } } - min_heapify_all(&ca->heap, &bucket_min_cmp_callback, ca); + for (i = ca->heap.used / 2 - 1; i >= 0; --i) + heap_sift(&ca->heap, i, bucket_min_cmp); while (!fifo_full(&ca->free_inc)) { - if (!ca->heap.nr) { + if (!heap_pop(&ca->heap, b, bucket_min_cmp)) { /* * We don't want to be calling invalidate_buckets() * multiple times when it can't do anything @@ -234,8 +206,6 @@ static void invalidate_buckets_lru(struc wake_up_gc(ca->set); return; } - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &bucket_min_cmp_callback, ca); bch_invalidate_one_bucket(ca, b); } --- a/drivers/md/bcache/bcache.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bcache.h @@ -458,7 +458,7 @@ struct cache { /* Allocation stuff: */ struct bucket *buckets; - DEFINE_MIN_HEAP(struct bucket *, cache_heap) heap; + DECLARE_HEAP(struct bucket *, heap); /* * If nonzero, we know we aren't going to find any buckets to invalidate --- a/drivers/md/bcache/bset.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.c @@ -54,11 +54,9 @@ void bch_dump_bucket(struct btree_keys * int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - if (b->ops->is_extents) for_each_key(b, k, &iter) ret += KEY_SIZE(k); @@ -69,11 +67,9 @@ void __bch_check_keys(struct btree_keys { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key(b, k, &iter) { if (b->ops->is_extents) { err = "Keys out of order"; @@ -114,9 +110,9 @@ bug: static void bch_btree_iter_next_check(struct btree_iter *iter) { - struct bkey *k = iter->heap.data->k, *next = bkey_next(k); + struct bkey *k = iter->data->k, *next = bkey_next(k); - if (next < iter->heap.data->end && + if (next < iter->data->end && bkey_cmp(k, iter->b->ops->is_extents ? &START_KEY(next) : next) > 0) { bch_dump_bucket(iter->b); @@ -883,14 +879,12 @@ unsigned int bch_btree_insert_key(struct unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* * If k has preceding key, preceding_key_p will be set to address * of k's preceding key; otherwise preceding_key_p will be set @@ -901,9 +895,9 @@ unsigned int bch_btree_insert_key(struct else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1083,102 +1077,79 @@ struct bkey *__bch_bset_search(struct bt /* Btree iterator */ -typedef bool (new_btree_iter_cmp_fn)(const void *, const void *, void *); - -static inline bool new_btree_iter_cmp(const void *l, const void *r, void __always_unused *args) -{ - const struct btree_iter_set *_l = l; - const struct btree_iter_set *_r = r; - - return bkey_cmp(_l->k, _r->k) <= 0; -} +typedef bool (btree_iter_cmp_fn)(struct btree_iter_set, + struct btree_iter_set); -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static inline bool btree_iter_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; - - swap(*_iter1, *_iter2); + return bkey_cmp(l.k, r.k) > 0; } static inline bool btree_iter_end(struct btree_iter *iter) { - return !iter->heap.nr; + return !iter->used; } void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end) { - const struct min_heap_callbacks callbacks = { - .less = new_btree_iter_cmp, - .swp = new_btree_iter_swap, - }; - if (k != end) - BUG_ON(!min_heap_push(&iter->heap, - &((struct btree_iter_set) { k, end }), - &callbacks, - NULL)); + BUG_ON(!heap_add(iter, + ((struct btree_iter_set) { k, end }), + btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->heap.size = ARRAY_SIZE(iter->heap.preallocated); - iter->heap.nr = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, - new_btree_iter_cmp_fn *cmp) + btree_iter_cmp_fn *cmp) { struct btree_iter_set b __maybe_unused; struct bkey *ret = NULL; - const struct min_heap_callbacks callbacks = { - .less = cmp, - .swp = new_btree_iter_swap, - }; if (!btree_iter_end(iter)) { bch_btree_iter_next_check(iter); - ret = iter->heap.data->k; - iter->heap.data->k = bkey_next(iter->heap.data->k); + ret = iter->data->k; + iter->data->k = bkey_next(iter->data->k); - if (iter->heap.data->k > iter->heap.data->end) { + if (iter->data->k > iter->data->end) { WARN_ONCE(1, "bset was corrupt!\n"); - iter->heap.data->k = iter->heap.data->end; + iter->data->k = iter->data->end; } - if (iter->heap.data->k == iter->heap.data->end) { - if (iter->heap.nr) { - b = min_heap_peek(&iter->heap)[0]; - min_heap_pop(&iter->heap, &callbacks, NULL); - } - } + if (iter->data->k == iter->data->end) + heap_pop(iter, b, cmp); else - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, cmp); } return ret; @@ -1186,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *bch_btree_iter_next(struct btree_iter *iter) { - return __bch_btree_iter_next(iter, new_btree_iter_cmp); + return __bch_btree_iter_next(iter, btree_iter_cmp); } @@ -1224,18 +1195,16 @@ static void btree_mergesort(struct btree struct btree_iter *iter, bool fixup, bool remove_stale) { + int i; struct bkey *k, *last = NULL; BKEY_PADDED(k) tmp; bool (*bad)(struct btree_keys *, const struct bkey *) = remove_stale ? bch_ptr_bad : bch_ptr_invalid; - const struct min_heap_callbacks callbacks = { - .less = b->ops->sort_cmp, - .swp = new_btree_iter_swap, - }; /* Heapify the iterator, using our comparison function */ - min_heapify_all(&iter->heap, &callbacks, NULL); + for (i = iter->used / 2 - 1; i >= 0; --i) + heap_sift(iter, i, b->ops->sort_cmp); while (!btree_iter_end(iter)) { if (b->ops->sort_fixup && fixup) @@ -1324,11 +1293,10 @@ void bch_btree_sort_partial(struct btree struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1339,7 +1307,7 @@ void bch_btree_sort_partial(struct btree order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1355,13 +1323,11 @@ void bch_btree_sort_into(struct btree_ke struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); --- a/drivers/md/bcache/bset.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.h @@ -187,9 +187,8 @@ struct bset_tree { }; struct btree_keys_ops { - bool (*sort_cmp)(const void *l, - const void *r, - void *args); + bool (*sort_cmp)(struct btree_iter_set l, + struct btree_iter_set r); struct bkey *(*sort_fixup)(struct btree_iter *iter, struct bkey *tmp); bool (*insert_fixup)(struct btree_keys *b, @@ -313,17 +312,23 @@ enum { BTREE_INSERT_STATUS_FRONT_MERGE, }; -struct btree_iter_set { - struct bkey *k, *end; -}; - /* Btree key iteration */ struct btree_iter { + size_t size, used; #ifdef CONFIG_BCACHE_DEBUG struct btree_keys *b; #endif - MIN_HEAP_PREALLOCATED(struct btree_iter_set, btree_iter_heap, MAX_BSETS) heap; + struct btree_iter_set { + struct bkey *k, *end; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -335,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter( void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -352,13 +357,14 @@ static inline struct bkey *bch_bset_sear return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) - -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) + +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ --- a/drivers/md/bcache/btree.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/btree.c @@ -148,19 +148,19 @@ void bch_btree_node_read_done(struct btr { const char *err = "bad btree header"; struct bset *i = btree_bset_first(b); - struct btree_iter iter; + struct btree_iter *iter; /* * c->fill_iter can allocate an iterator with more memory space * than static MAX_BSETS. * See the comment arount cache_set->fill_iter. */ - iter.heap.data = mempool_alloc(&b->c->fill_iter, GFP_NOIO); - iter.heap.size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; - iter.heap.nr = 0; + iter = mempool_alloc(&b->c->fill_iter, GFP_NOIO); + iter->size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; + iter->used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter.b = &b->keys; + iter->b = &b->keys; #endif if (!i->seq) @@ -198,7 +198,7 @@ void bch_btree_node_read_done(struct btr if (i != b->keys.set[0].data && !i->keys) goto err; - bch_btree_iter_push(&iter, i->start, bset_bkey_last(i)); + bch_btree_iter_push(iter, i->start, bset_bkey_last(i)); b->written += set_blocks(i, block_bytes(b->c->cache)); } @@ -210,7 +210,7 @@ void bch_btree_node_read_done(struct btr if (i->seq == b->keys.set[0].data->seq) goto err; - bch_btree_sort_and_fix_extents(&b->keys, &iter, &b->c->sort); + bch_btree_sort_and_fix_extents(&b->keys, iter, &b->c->sort); i = b->keys.set[0].data; err = "short btree key"; @@ -222,7 +222,7 @@ void bch_btree_node_read_done(struct btr bch_bset_init_next(&b->keys, write_block(b), bset_magic(&b->c->cache->sb)); out: - mempool_free(iter.heap.data, &b->c->fill_iter); + mempool_free(iter, &b->c->fill_iter); return; err: set_btree_node_io_error(b); @@ -1306,11 +1306,9 @@ static bool btree_gc_mark_node(struct bt uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - gc->nodes++; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) { @@ -1569,11 +1567,9 @@ static int btree_gc_rewrite_node(struct static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) ret += bkey_u64s(k); @@ -1612,18 +1608,18 @@ static int btree_gc_recurse(struct btree int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1918,9 +1914,7 @@ static int bch_btree_check_recurse(struc { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1928,10 +1922,10 @@ static int bch_btree_check_recurse(struc bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1959,7 +1953,7 @@ static int bch_btree_check_thread(void * struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1967,11 +1961,9 @@ static int bch_btree_check_thread(void * cur_idx = prev_idx = 0; ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1989,7 +1981,7 @@ static int bch_btree_check_thread(void * skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2062,11 +2054,9 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* check and mark root node keys */ for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(c, c->root->level, k); @@ -2560,12 +2550,11 @@ static int bch_btree_map_nodes_recurse(s if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2594,12 +2583,12 @@ int bch_btree_map_keys_recurse(struct bt { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, --- a/drivers/md/bcache/extents.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/extents.c @@ -33,16 +33,15 @@ static void sort_key_next(struct btree_i i->k = bkey_next(i->k); if (i->k == i->end) - *i = iter->heap.data[--iter->heap.nr]; + *i = iter->data[--iter->used]; } -static bool new_bch_key_sort_cmp(const void *l, const void *r, void *args) +static bool bch_key_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(_l->k, _r->k); + int64_t c = bkey_cmp(l.k, r.k); - return !(c ? c > 0 : _l->k < _r->k); + return c ? c > 0 : l.k < r.k; } static bool __ptr_invalid(struct cache_set *c, const struct bkey *k) @@ -239,7 +238,7 @@ static bool bch_btree_ptr_insert_fixup(s } const struct btree_keys_ops bch_btree_keys_ops = { - .sort_cmp = new_bch_key_sort_cmp, + .sort_cmp = bch_key_sort_cmp, .insert_fixup = bch_btree_ptr_insert_fixup, .key_invalid = bch_btree_ptr_invalid, .key_bad = bch_btree_ptr_bad, @@ -256,36 +255,22 @@ const struct btree_keys_ops bch_btree_ke * Necessary for btree_sort_fixup() - if there are multiple keys that compare * equal in different sets, we have to process them newest to oldest. */ - -static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_unused *args) -{ - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(&START_KEY(_l->k), &START_KEY(_r->k)); - - return !(c ? c > 0 : _l->k < _r->k); -} - -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static bool bch_extent_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; + int64_t c = bkey_cmp(&START_KEY(l.k), &START_KEY(r.k)); - swap(*_iter1, *_iter2); + return c ? c > 0 : l.k < r.k; } static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { - const struct min_heap_callbacks callbacks = { - .less = new_bch_extent_sort_cmp, - .swp = new_btree_iter_swap, - }; - while (iter->heap.nr > 1) { - struct btree_iter_set *top = iter->heap.data, *i = top + 1; + while (iter->used > 1) { + struct btree_iter_set *top = iter->data, *i = top + 1; - if (iter->heap.nr > 2 && - !new_bch_extent_sort_cmp(&i[0], &i[1], NULL)) + if (iter->used > 2 && + bch_extent_sort_cmp(i[0], i[1])) i++; if (bkey_cmp(top->k, &START_KEY(i->k)) <= 0) @@ -293,7 +278,7 @@ static struct bkey *bch_extent_sort_fixu if (!KEY_SIZE(i->k)) { sort_key_next(iter, i); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); continue; } @@ -303,7 +288,7 @@ static struct bkey *bch_extent_sort_fixu else bch_cut_front(top->k, i->k); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); } else { /* can't happen because of comparison func */ BUG_ON(!bkey_cmp(&START_KEY(top->k), &START_KEY(i->k))); @@ -313,7 +298,7 @@ static struct bkey *bch_extent_sort_fixu bch_cut_back(&START_KEY(i->k), tmp); bch_cut_front(i->k, top->k); - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, bch_extent_sort_cmp); return tmp; } else { @@ -633,7 +618,7 @@ static bool bch_extent_merge(struct btre } const struct btree_keys_ops bch_extent_keys_ops = { - .sort_cmp = new_bch_extent_sort_cmp, + .sort_cmp = bch_extent_sort_cmp, .sort_fixup = bch_extent_sort_fixup, .insert_fixup = bch_extent_insert_fixup, .key_invalid = bch_extent_invalid, --- a/drivers/md/bcache/movinggc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/movinggc.c @@ -182,27 +182,16 @@ err: if (!IS_ERR_OR_NULL(w->private)) closure_sync(&cl); } -static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *args) +static bool bucket_cmp(struct bucket *l, struct bucket *r) { - struct bucket **_l = (struct bucket **)l; - struct bucket **_r = (struct bucket **)r; - - return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); -} - -static void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **_l = l; - struct bucket **_r = r; - - swap(*_l, *_r); + return GC_SECTORS_USED(l) < GC_SECTORS_USED(r); } static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; - return (b = min_heap_peek(&ca->heap)[0]) ? GC_SECTORS_USED(b) : 0; + return (b = heap_peek(&ca->heap)) ? GC_SECTORS_USED(b) : 0; } void bch_moving_gc(struct cache_set *c) @@ -210,10 +199,6 @@ void bch_moving_gc(struct cache_set *c) struct cache *ca = c->cache; struct bucket *b; unsigned long sectors_to_move, reserve_sectors; - const struct min_heap_callbacks callbacks = { - .less = new_bucket_cmp, - .swp = new_bucket_swap, - }; if (!c->copy_gc_enabled) return; @@ -224,7 +209,7 @@ void bch_moving_gc(struct cache_set *c) reserve_sectors = ca->sb.bucket_size * fifo_used(&ca->free[RESERVE_MOVINGGC]); - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (GC_MARK(b) == GC_MARK_METADATA || @@ -233,31 +218,25 @@ void bch_moving_gc(struct cache_set *c) atomic_read(&b->pin)) continue; - if (!min_heap_full(&ca->heap)) { + if (!heap_full(&ca->heap)) { sectors_to_move += GC_SECTORS_USED(b); - min_heap_push(&ca->heap, &b, &callbacks, NULL); - } else if (!new_bucket_cmp(&b, min_heap_peek(&ca->heap), ca)) { + heap_add(&ca->heap, b, bucket_cmp); + } else if (bucket_cmp(b, heap_peek(&ca->heap))) { sectors_to_move -= bucket_heap_top(ca); sectors_to_move += GC_SECTORS_USED(b); ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &callbacks, NULL); + heap_sift(&ca->heap, 0, bucket_cmp); } } while (sectors_to_move > reserve_sectors) { - if (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); - } + heap_pop(&ca->heap, b, bucket_cmp); sectors_to_move -= GC_SECTORS_USED(b); } - while (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); + while (heap_pop(&ca->heap, b, bucket_cmp)) SET_GC_MOVE(b, 1); - } mutex_unlock(&c->bucket_lock); --- a/drivers/md/bcache/super.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/super.c @@ -1912,7 +1912,8 @@ struct cache_set *bch_cache_set_alloc(st INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); --- a/drivers/md/bcache/sysfs.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/sysfs.c @@ -660,9 +660,7 @@ static unsigned int bch_root_usage(struc unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; goto lock_root; --- a/drivers/md/bcache/util.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/util.h @@ -9,7 +9,6 @@ #include <linux/kernel.h> #include <linux/sched/clock.h> #include <linux/llist.h> -#include <linux/min_heap.h> #include <linux/ratelimit.h> #include <linux/vmalloc.h> #include <linux/workqueue.h> @@ -31,10 +30,16 @@ struct closure; #endif +#define DECLARE_HEAP(type, name) \ + struct { \ + size_t size, used; \ + type *data; \ + } name + #define init_heap(heap, _size, gfp) \ ({ \ size_t _bytes; \ - (heap)->nr = 0; \ + (heap)->used = 0; \ (heap)->size = (_size); \ _bytes = (heap)->size * sizeof(*(heap)->data); \ (heap)->data = kvmalloc(_bytes, (gfp) & GFP_KERNEL); \ @@ -47,6 +52,64 @@ do { \ (heap)->data = NULL; \ } while (0) +#define heap_swap(h, i, j) swap((h)->data[i], (h)->data[j]) + +#define heap_sift(h, i, cmp) \ +do { \ + size_t _r, _j = i; \ + \ + for (; _j * 2 + 1 < (h)->used; _j = _r) { \ + _r = _j * 2 + 1; \ + if (_r + 1 < (h)->used && \ + cmp((h)->data[_r], (h)->data[_r + 1])) \ + _r++; \ + \ + if (cmp((h)->data[_r], (h)->data[_j])) \ + break; \ + heap_swap(h, _r, _j); \ + } \ +} while (0) + +#define heap_sift_down(h, i, cmp) \ +do { \ + while (i) { \ + size_t p = (i - 1) / 2; \ + if (cmp((h)->data[i], (h)->data[p])) \ + break; \ + heap_swap(h, i, p); \ + i = p; \ + } \ +} while (0) + +#define heap_add(h, d, cmp) \ +({ \ + bool _r = !heap_full(h); \ + if (_r) { \ + size_t _i = (h)->used++; \ + (h)->data[_i] = d; \ + \ + heap_sift_down(h, _i, cmp); \ + heap_sift(h, _i, cmp); \ + } \ + _r; \ +}) + +#define heap_pop(h, d, cmp) \ +({ \ + bool _r = (h)->used; \ + if (_r) { \ + (d) = (h)->data[0]; \ + (h)->used--; \ + heap_swap(h, 0, (h)->used); \ + heap_sift(h, 0, cmp); \ + } \ + _r; \ +}) + +#define heap_peek(h) ((h)->used ? (h)->data[0] : NULL) + +#define heap_full(h) ((h)->used == (h)->size) + #define DECLARE_FIFO(type, name) \ struct { \ size_t front, back, size, mask; \ --- a/drivers/md/bcache/writeback.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/writeback.c @@ -908,16 +908,15 @@ static int bch_dirty_init_thread(void *a struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -931,7 +930,7 @@ static int bch_dirty_init_thread(void *a skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -980,13 +979,11 @@ void bch_sectors_dirty_init(struct bcach int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - retry_lock: b = c->root; rw_lock(0, b, b->level); _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

3 months

1
0
0 0

[merged mm-hotfixes-stable] revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" has been removed from the -mm tree. Its filename was revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" Date: Sun, 15 Jun 2025 04:23:51 +0800 Patch series "bcache: Revert min_heap migration due to performance regression". This patch series reverts the migration of bcache from its original heap implementation to the generic min_heap library. While the original change aimed to simplify the code and improve maintainability, it introduced a severe performance regression in real-world scenarios. As reported by Robert, systems using bcache now suffer from periodic latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. This degrades bcache's value as a low-latency caching layer, and leads to frequent timeouts and application stalls in production environments. The primary cause of this regression is the behavior of the generic min_heap implementation's bottom-up sift_down, which performs up to 2 * log2(n) comparisons when many elements are equal. The original top-down variant used by bcache only required O(1) comparisons in such cases. The issue was further exacerbated by commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), which introduced non-inlined versions of the min_heap API, adding function call overhead to a performance-critical hot path. This patch (of 3): This reverts commit 3d8a9a1c35227c3f1b0bd132c9f0a80dbda07b65. Although removing the custom swap function simplified the code, this change is part of a broader migration to the generic min_heap API that introduced significant performance regressions in bcache. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert is part of a series of changes to restore previous performance by undoing the min_heap transition. Link: https://lkml.kernel.org/r/20250614202353.1632957-1-visitorckw@gmail.com Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-2-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 11 +++++++++-- drivers/md/bcache/bset.c | 14 +++++++++++--- drivers/md/bcache/extents.c | 10 +++++++++- drivers/md/bcache/movinggc.c | 10 +++++++++- 4 files changed, 38 insertions(+), 7 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/alloc.c @@ -189,16 +189,23 @@ static inline bool new_bucket_min_cmp(co return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); } +static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **lhs = l, **rhs = r; + + swap(*lhs, *rhs); +} + static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; const struct min_heap_callbacks bucket_max_cmp_callback = { .less = new_bucket_max_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; const struct min_heap_callbacks bucket_min_cmp_callback = { .less = new_bucket_min_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; ca->heap.nr = 0; --- a/drivers/md/bcache/bset.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/bset.c @@ -1093,6 +1093,14 @@ static inline bool new_btree_iter_cmp(co return bkey_cmp(_l->k, _r->k) <= 0; } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static inline bool btree_iter_end(struct btree_iter *iter) { return !iter->heap.nr; @@ -1103,7 +1111,7 @@ void bch_btree_iter_push(struct btree_it { const struct min_heap_callbacks callbacks = { .less = new_btree_iter_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (k != end) @@ -1149,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *ret = NULL; const struct min_heap_callbacks callbacks = { .less = cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (!btree_iter_end(iter)) { @@ -1223,7 +1231,7 @@ static void btree_mergesort(struct btree : bch_ptr_invalid; const struct min_heap_callbacks callbacks = { .less = b->ops->sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; /* Heapify the iterator, using our comparison function */ --- a/drivers/md/bcache/extents.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/extents.c @@ -266,12 +266,20 @@ static bool new_bch_extent_sort_cmp(cons return !(c ? c > 0 : _l->k < _r->k); } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { const struct min_heap_callbacks callbacks = { .less = new_bch_extent_sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; while (iter->heap.nr > 1) { struct btree_iter_set *top = iter->heap.data, *i = top + 1; --- a/drivers/md/bcache/movinggc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/movinggc.c @@ -190,6 +190,14 @@ static bool new_bucket_cmp(const void *l return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); } +static void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **_l = l; + struct bucket **_r = r; + + swap(*_l, *_r); +} + static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; @@ -204,7 +212,7 @@ void bch_moving_gc(struct cache_set *c) unsigned long sectors_to_move, reserve_sectors; const struct min_heap_callbacks callbacks = { .less = new_bucket_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; if (!c->copy_gc_enabled) _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: userfaultfd: fix race of userfaultfd_move and swap cache has been removed from the -mm tree. Its filename was mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm: userfaultfd: fix race of userfaultfd_move and swap cache Date: Wed, 4 Jun 2025 23:10:38 +0800 This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the same BUG_ON if the filemap lookup returned NULL and folio is added to swap cache after that. If another kind of race is triggered (folio changed after lookup) we may see RSS counter is corrupted: [ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_ANONPAGES val:-1 [ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_SHMEMPAGES val:1 Because the folio is being accounted to the wrong VMA. I'm not sure if there will be any data corruption though, seems no. The issues above are critical already. On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and tries to move the found folio to the faulting vma. Currently, it relies on checking the PTE value to ensure that the moved folio still belongs to the src swap entry and that no new folio has been added to the swap cache, which turns out to be unreliable. While working and reviewing the swap table series with Barry, following existing races are observed and reproduced [1]: In the example below, move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 is not in the swap cache: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B can use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry PTE // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced easily. This can be fixed by checking if the folio returned by filemap is the valid swap cache folio after acquiring the folio lock. Another similar race is possible: filemap_get_folio may return NULL, but folio (A) could be swapped in and then swapped out again using the same swap entry after the lookup. In such a case, folio (A) may remain in the swap cache, so it must be moved too: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1, and S1 is not in swap cache folio = filemap_get_folio(S1) // Got NULL ... < interrupted again> ... <swapin folio A and free S1> <swapout folio A re-using S1> move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // folio A is ignored !!! Fix this by checking the swap cache again after acquiring the src_pte lock. And to avoid the filemap overhead, we check swap_map directly [2]. The SWP_SYNCHRONOUS_IO path does make the problem more complex, but so far we don't need to worry about that, since folios can only be exposed to the swap cache in the swap out path, and this is covered in this patch by checking the swap cache again after acquiring the src_pte lock. Testing with a simple C program that allocates and moves several GB of memory did not show any observable performance change. Link: https://lkml.kernel.org/r/20250604151038.21968-1-ryncsn@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Kairui Song <kasong(a)tencent.com> Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Link: https://lore.kernel.org/all/CAGsJ_4yJhJBo16XhiC-nUzSheyX-V3-nFE+tAi=8Y560K8… [2] Reviewed-by: Lokesh Gidra <lokeshgidra(a)google.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chris Li <chrisl(a)kernel.org> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) --- a/mm/userfaultfd.c~mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache +++ a/mm/userfaultfd.c @@ -1084,8 +1084,18 @@ static int move_swap_pte(struct mm_struc pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, + struct swap_info_struct *si, swp_entry_t entry) { + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (src_folio && unlikely(!folio_test_swapcache(src_folio) || + entry.val != src_folio->swap.val)) + return -EAGAIN; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1112,25 @@ static int move_swap_pte(struct mm_struc if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check if the swap entry is cached after acquiring the src_pte + * lock. Otherwise, we might miss a newly loaded swap cache folio. + * + * Check swap_map directly to minimize overhead, READ_ONCE is sufficient. + * We are trying to catch newly added swap cache, the only possible case is + * when a folio is swapped in and out again staying in swap cache, using the + * same entry before the PTE check above. The PTL is acquired and released + * twice, each time after updating the swap_map's flag. So holding + * the PTL here ensures we see the updated value. False positive is possible, + * e.g. SWP_SYNCHRONOUS_IO swapin may set the flag without touching the + * cache, or during the tiny synchronization window between swap cache and + * swap_map, but it will be gone very quickly, worst result is retry jitters. + */ + if (READ_ONCE(si->swap_map[swp_offset(entry)]) & SWAP_HAS_CACHE) { + double_pt_unlock(dst_ptl, src_ptl); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1412,7 +1441,7 @@ retry: } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si, entry); } out: _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" has been removed from the -mm tree. Its filename was mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" Date: Wed, 11 Jun 2025 15:13:14 +0200 After commit 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") we are able to longterm pin folios that are not supposed to get longterm pinned, simply because they temporarily have the LRU flag cleared (esp. temporarily isolated). For example, two __get_longterm_locked() callers can race, or __get_longterm_locked() can race with anything else that temporarily isolates folios. The introducing commit mentions the use case of a driver that uses vm_ops->fault to insert pages allocated through cma_alloc() into the page tables, assuming they can later get longterm pinned. These pages/ folios would never have the LRU flag set and consequently cannot get isolated. There is no known in-tree user making use of that so far, fortunately. To handle that in the future -- and avoid retrying forever to isolate/migrate them -- we will need a different mechanism for the CMA area *owner* to indicate that it actually already allocated the page and is fine with longterm pinning it. The LRU flag is not suitable for that. Probably we can lookup the relevant CMA area and query the bitmap; we only have have to care about some races, probably. If already allocated, we could just allow longterm pinning) Anyhow, let's fix the "must not be longterm pinned" problem first by reverting the original commit. Link: https://lkml.kernel.org/r/20250611131314.594529-1-david@redhat.com Fixes: 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") Signed-off-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/all/20250522092755.GA3277597@tiffany/ Reported-by: Hyesoo Yu <hyesoo.yu(a)samsung.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Peter Xu <peterx(a)redhat.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) --- a/mm/gup.c~mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked +++ a/mm/gup.c @@ -2303,13 +2303,13 @@ static void pofs_unpin(struct pages_or_f /* * Returns the number of collected folios. Return value is always >= 0. */ -static void collect_longterm_unpinnable_folios( +static unsigned long collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { + unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; - unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2321,6 +2321,8 @@ static void collect_longterm_unpinnable_ if (folio_is_longterm_pinnable(folio)) continue; + collected++; + if (folio_is_device_coherent(folio)) continue; @@ -2342,6 +2344,8 @@ static void collect_longterm_unpinnable_ NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } + + return collected; } /* @@ -2418,9 +2422,11 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); + unsigned long collected; - collect_longterm_unpinnable_folios(&movable_folio_list, pofs); - if (list_empty(&movable_folio_list)) + collected = collect_longterm_unpinnable_folios(&movable_folio_list, + pofs); + if (!collected) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs); _ Patches currently in -mm which might be from david(a)redhat.com are fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/shmem, swap: fix softlockup with mTHP swapin has been removed from the -mm tree. Its filename was mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: fix softlockup with mTHP swapin Date: Tue, 10 Jun 2025 01:17:51 +0800 Following softlockup can be easily reproduced on my test machine with: echo always > /sys/kernel/mm/transparent_hugepage/hugepages-64kB/enabled swapon /dev/zram0 # zram0 is a 48G swap device mkdir -p /sys/fs/cgroup/memory/test echo 1G > /sys/fs/cgroup/test/memory.max echo $BASHPID > /sys/fs/cgroup/test/cgroup.procs while true; do dd if=/dev/zero of=/tmp/test.img bs=1M count=5120 cat /tmp/test.img > /dev/null rm /tmp/test.img done Then after a while: watchdog: BUG: soft lockup - CPU#0 stuck for 763s! [cat:5787] Modules linked in: zram virtiofs CPU: 0 UID: 0 PID: 5787 Comm: cat Kdump: loaded Tainted: G L 6.15.0.orig-gf3021d9246bc-dirty #118 PREEMPT(voluntary)�� Tainted: [L]=SOFTLOCKUP Hardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015 RIP: 0010:mpol_shared_policy_lookup+0xd/0x70 Code: e9 b8 b4 ff ff 31 c0 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 41 54 55 53 <48> 8b 1f 48 85 db 74 41 4c 8d 67 08 48 89 fb 48 89 f5 4c 89 e7 e8 RSP: 0018:ffffc90002b1fc28 EFLAGS: 00000202 RAX: 00000000001c20ca RBX: 0000000000724e1e RCX: 0000000000000001 RDX: ffff888118e214c8 RSI: 0000000000057d42 RDI: ffff888118e21518 RBP: 000000000002bec8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000bf4 R11: 0000000000000000 R12: 0000000000000001 R13: 00000000001c20ca R14: 00000000001c20ca R15: 0000000000000000 FS: 00007f03f995c740(0000) GS:ffff88a07ad9a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f03f98f1000 CR3: 0000000144626004 CR4: 0000000000770eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> shmem_alloc_folio+0x31/0xc0 shmem_swapin_folio+0x309/0xcf0 ? filemap_get_entry+0x117/0x1e0 ? xas_load+0xd/0xb0 ? filemap_get_entry+0x101/0x1e0 shmem_get_folio_gfp+0x2ed/0x5b0 shmem_file_read_iter+0x7f/0x2e0 vfs_read+0x252/0x330 ksys_read+0x68/0xf0 do_syscall_64+0x4c/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f03f9a46991 Code: 00 48 8b 15 81 14 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 20 ad 01 00 f3 0f 1e fa 80 3d 35 97 10 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007fff3c52bd28 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f03f9a46991 RDX: 0000000000040000 RSI: 00007f03f98ba000 RDI: 0000000000000003 RBP: 00007fff3c52bd50 R08: 0000000000000000 R09: 00007f03f9b9a380 R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000 R13: 00007f03f98ba000 R14: 0000000000000003 R15: 0000000000000000 </TASK> The reason is simple, readahead brought some order 0 folio in swap cache, and the swapin mTHP folio being allocated is in conflict with it, so swapcache_prepare fails and causes shmem_swap_alloc_folio to return -EEXIST, and shmem simply retries again and again causing this loop. Fix it by applying a similar fix for anon mTHP swapin. The performance change is very slight, time of swapin 10g zero folios with shmem (test for 12 times): Before: 2.47s After: 2.48s [kasong(a)tencent.com: add comment] Link: https://lkml.kernel.org/r/20250610181645.45922-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250610181645.45922-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250609171751.36305-1-ryncsn@gmail.com Fixes: 1dd44c0af4fa ("mm: shmem: skip swapcache for swapin of synchronous swap device") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Usama Arif <usamaarif642(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 20 -------------------- mm/shmem.c | 6 +++++- mm/swap.h | 23 +++++++++++++++++++++++ 3 files changed, 28 insertions(+), 21 deletions(-) --- a/mm/memory.c~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/memory.c @@ -4315,26 +4315,6 @@ static struct folio *__alloc_swap_folio( } #ifdef CONFIG_TRANSPARENT_HUGEPAGE -static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) -{ - struct swap_info_struct *si = swp_swap_info(entry); - pgoff_t offset = swp_offset(entry); - int i; - - /* - * While allocating a large folio and doing swap_read_folio, which is - * the case the being faulted pte doesn't have swapcache. We need to - * ensure all PTEs have no cache as well, otherwise, we might go to - * swap devices while the content is in swapcache. - */ - for (i = 0; i < max_nr; i++) { - if ((si->swap_map[offset + i] & SWAP_HAS_CACHE)) - return i; - } - - return i; -} - /* * Check if the PTEs within a range are contiguous swap entries * and have consistent swapcache, zeromap. --- a/mm/shmem.c~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/shmem.c @@ -2259,6 +2259,7 @@ static int shmem_swapin_folio(struct ino folio = swap_cache_get_folio(swap, NULL, 0); order = xa_get_order(&mapping->i_pages, index); if (!folio) { + int nr_pages = 1 << order; bool fallback_order0 = false; /* Or update major stats only when swapin succeeds?? */ @@ -2272,9 +2273,12 @@ static int shmem_swapin_folio(struct ino * If uffd is active for the vma, we need per-page fault * fidelity to maintain the uffd semantics, then fallback * to swapin order-0 folio, as well as for zswap case. + * Any existing sub folio in the swap cache also blocks + * mTHP swapin. */ if (order > 0 && ((vma && unlikely(userfaultfd_armed(vma))) || - !zswap_never_enabled())) + !zswap_never_enabled() || + non_swapcache_batch(swap, nr_pages) != nr_pages)) fallback_order0 = true; /* Skip swapcache for synchronous device. */ --- a/mm/swap.h~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/swap.h @@ -106,6 +106,25 @@ static inline int swap_zeromap_batch(swp return find_next_bit(sis->zeromap, end, start) - start; } +static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) +{ + struct swap_info_struct *si = swp_swap_info(entry); + pgoff_t offset = swp_offset(entry); + int i; + + /* + * While allocating a large folio and doing mTHP swapin, we need to + * ensure all entries are not cached, otherwise, the mTHP folio will + * be in conflict with the folio in swap cache. + */ + for (i = 0; i < max_nr; i++) { + if ((si->swap_map[offset + i] & SWAP_HAS_CACHE)) + return i; + } + + return i; +} + #else /* CONFIG_SWAP */ struct swap_iocb; static inline void swap_read_folio(struct folio *folio, struct swap_iocb **plug) @@ -199,6 +218,10 @@ static inline int swap_zeromap_batch(swp return 0; } +static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) +{ + return 0; +} #endif /* CONFIG_SWAP */ /** _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

3 months

1
0
0 0

[PATCH v6 1/4] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v5 and v6: - Incorporate review comments from John: - Rebase patches on 6.17/scsi-queue Changes between v4 and v5: - Incorporate review comments from John: - Refactor patches Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fdls.h | 1 + 3 files changed, 87 insertions(+), 29 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index f8ab69c51dab..36b498ad55b4 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2245,6 +2267,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = timer_container_of(fabric, t, @@ -2291,14 +2328,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3716,11 +3746,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3730,10 +3781,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic.h b/drivers/scsi/fnic/fnic.h index 6c5f6046b1f5..86e293ce530d 100644 --- a/drivers/scsi/fnic/fnic.h +++ b/drivers/scsi/fnic/fnic.h @@ -30,7 +30,7 @@ #define DRV_NAME "fnic" #define DRV_DESCRIPTION "Cisco FCoE HBA Driver" -#define DRV_VERSION "1.8.0.0" +#define DRV_VERSION "1.8.0.1" #define PFX DRV_NAME ": " #define DFX DRV_NAME "%d: " diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

3 months

4
5
0 0

[PATCH] scsi: mpt3sas: drop unused variable in mpt3sas_send_mctp_passthru_req()

by André Draszik

With W=1, gcc complains correctly: mpt3sas_ctl.c: In function ‘mpt3sas_send_mctp_passthru_req’: mpt3sas_ctl.c:2917:29: error: variable ‘mpi_reply’ set but not used [-Werror=unused-but-set-variable] 2917 | MPI2DefaultReply_t *mpi_reply; | ^~~~~~~~~ Drop the unused assignment and variable. Fixes: c72be4b5bb7c ("scsi: mpt3sas: Add support for MCTP Passthrough commands") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c index 02fc204b9bf7b276115bf6db52746155381799fd..3b951589feeb6c13094ea44b494ca3050a309b15 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c +++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c @@ -2914,7 +2914,6 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command) { struct MPT3SAS_ADAPTER *ioc; MPI2RequestHeader_t *mpi_request = NULL, *request; - MPI2DefaultReply_t *mpi_reply; Mpi26MctpPassthroughRequest_t *mctp_passthru_req; u16 smid; unsigned long timeout; @@ -3022,8 +3021,6 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command) goto issue_host_reset; } - mpi_reply = ioc->ctl_cmds.reply; - /* copy out xdata to user */ if (data_in_sz) memcpy(command->data_in_buf_ptr, data_in, data_in_sz); --- base-commit: a0bea9e39035edc56a994630e6048c8a191a99d8 change-id: 20250606-mpt3sas-15563809f705 Best regards, -- André Draszik <andre.draszik(a)linaro.org>

3 months

2
2
0 0

[PATCH] ARM: Use an absolute path to unified.h in KBUILD_AFLAGS

by Nathan Chancellor

After commit d5c8d6e0fa61 ("kbuild: Update assembler calls to use proper flags and language target"), which updated as-instr to use the 'assembler-with-cpp' language option, the Kbuild version of as-instr always fails internally for arch/arm with <command-line>: fatal error: asm/unified.h: No such file or directory compilation terminated. because '-include' flags are now taken into account by the compiler driver and as-instr does not have '$(LINUXINCLUDE)', so unified.h is not found. This went unnoticed at the time of the Kbuild change because the last use of as-instr in Kbuild that arch/arm could reach was removed in 5.7 by commit 541ad0150ca4 ("arm: Remove 32bit KVM host support") but a stable backport of the Kbuild change to before that point exposed this potential issue if one were to be reintroduced. Follow the general pattern of '-include' paths throughout the tree and make unified.h absolute using '$(srctree)' to ensure KBUILD_AFLAGS can be used independently. Cc: stable(a)vger.kernel.org Fixes: d5c8d6e0fa61 ("kbuild: Update assembler calls to use proper flags and language target") Reported-by: KernelCI bot <bot(a)kernelci.org> Closes: https://lore.kernel.org/CACo-S-1qbCX4WAVFA63dWfHtrRHZBTyyr2js8Lx=Az03XHTTHg… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- arch/arm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/Makefile b/arch/arm/Makefile index 4808d3ed98e4..e31e95ffd33f 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -149,7 +149,7 @@ endif # Need -Uarm for gcc < 3.x KBUILD_CPPFLAGS +=$(cpp-y) KBUILD_CFLAGS +=$(CFLAGS_ABI) $(CFLAGS_ISA) $(arch-y) $(tune-y) $(call cc-option,-mshort-load-bytes,$(call cc-option,-malignment-traps,)) -msoft-float -Uarm -KBUILD_AFLAGS +=$(CFLAGS_ABI) $(AFLAGS_ISA) -Wa,$(arch-y) $(tune-y) -include asm/unified.h -msoft-float +KBUILD_AFLAGS +=$(CFLAGS_ABI) $(AFLAGS_ISA) -Wa,$(arch-y) $(tune-y) -include $(srctree)/arch/arm/include/asm/unified.h -msoft-float KBUILD_RUSTFLAGS += --target=arm-unknown-linux-gnueabi CHECKFLAGS += -D__arm__ --- base-commit: e04c78d86a9699d136910cfc0bdcf01087e3267e change-id: 20250618-arm-expand-include-unified-h-path-60e65adcda1e Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

3 months

2
1
0 0

[PATCH 6.1/6.6] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys

by WangYuli

From: Renato Caldas <renato(a)calgera.com> [ Upstream commit 36e66be874a7ea9d28fb9757629899a8449b8748 ] The scancodes for the Mic Mute and Airplane keys on the Ideapad Pro 5 (14AHP9 at least, probably the other variants too) are different and were not being picked up by the driver. This adds them to the keymap. Apart from what is already supported, the remaining fn keys are unfortunately producing windows-specific key-combos. Signed-off-by: Renato Caldas <renato(a)calgera.com> Link: https://lore.kernel.org/r/20241102183116.30142-1-renato@calgera.com Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/platform/x86/ideapad-laptop.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c index 88eefccb6ed2..50013af0537c 100644 --- a/drivers/platform/x86/ideapad-laptop.c +++ b/drivers/platform/x86/ideapad-laptop.c @@ -1101,6 +1101,9 @@ static const struct key_entry ideapad_keymap[] = { { KE_KEY, 0x27 | IDEAPAD_WMI_KEY, { KEY_HELP } }, /* Refresh Rate Toggle */ { KE_KEY, 0x0a | IDEAPAD_WMI_KEY, { KEY_DISPLAYTOGGLE } }, + /* Specific to some newer models */ + { KE_KEY, 0x3e | IDEAPAD_WMI_KEY, { KEY_MICMUTE } }, + { KE_KEY, 0x3f | IDEAPAD_WMI_KEY, { KEY_RFKILL } }, { KE_END }, }; -- 2.50.0

3 months

2
1
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061738-circus-skipping-ed0c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

3 months

3
2
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061739-tiger-fritter-acf8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

3 months

3
2
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061739-jersey-sneak-9ecf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

3 months

3
2
0 0

[PATCH 5.4~6.12] Input: sparcspkr - avoid unannotated fall-through

by WangYuli

[ Upstream commit 8b1d858cbd4e1800e9336404ba7892b5a721230d ] Fix follow warnings with clang-21i (and reformat for clarity): drivers/input/misc/sparcspkr.c:78:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] 78 | case SND_TONE: break; | ^ drivers/input/misc/sparcspkr.c:78:3: note: insert 'break;' to avoid fall-through 78 | case SND_TONE: break; | ^ | break; drivers/input/misc/sparcspkr.c:113:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] 113 | case SND_TONE: break; | ^ drivers/input/misc/sparcspkr.c:113:3: note: insert 'break;' to avoid fall-through 113 | case SND_TONE: break; | ^ | break; 2 warnings generated. Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Link: https://lore.kernel.org/r/6730E40353C76908+20250415052439.155051-1-wangyuli… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> --- drivers/input/misc/sparcspkr.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c index 20020cbc0752..a94699f2bbc6 100644 --- a/drivers/input/misc/sparcspkr.c +++ b/drivers/input/misc/sparcspkr.c @@ -75,9 +75,14 @@ static int bbc_spkr_event(struct input_dev *dev, unsigned int type, unsigned int return -1; switch (code) { - case SND_BELL: if (value) value = 1000; - case SND_TONE: break; - default: return -1; + case SND_BELL: + if (value) + value = 1000; + break; + case SND_TONE: + break; + default: + return -1; } if (value > 20 && value < 32767) @@ -113,9 +118,14 @@ static int grover_spkr_event(struct input_dev *dev, unsigned int type, unsigned return -1; switch (code) { - case SND_BELL: if (value) value = 1000; - case SND_TONE: break; - default: return -1; + case SND_BELL: + if (value) + value = 1000; + break; + case SND_TONE: + break; + default: + return -1; } if (value > 20 && value < 32767) -- 2.50.0

3 months

2
1
0 0

FAILED: patch "[PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051203-thrift-spool-ebc8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 Mon Sep 17 00:00:00 2001 From: Gavin Guo <gavinguo(a)igalia.com> Date: Mon, 21 Apr 2025 19:35:36 +0800 Subject: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. Link: https://lkml.kernel.org/r/20250421113536.3682201-1-gavinguo@igalia.com Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@igalia.com/ Link: https://lore.kernel.org/all/20250418085802.2973519-1-gavinguo@igalia.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Cc: Florent Revest <revest(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2a47682d1ab7..47d76d03ce30 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, bool freeze, struct folio *folio) { + bool pmd_migration = is_pmd_migration_entry(*pmd); + VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); @@ -3085,9 +3087,12 @@ void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, * require a folio to check the PMD against. Otherwise, there * is a risk of replacing the wrong folio. */ - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || - is_pmd_migration_entry(*pmd)) { - if (folio && folio != pmd_folio(*pmd)) + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { + /* + * Do not apply pmd_folio() to a migration entry; and folio lock + * guarantees that it must be of the wrong folio anyway. + */ + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) return; __split_huge_pmd_locked(vma, pmd, address, freeze); }

3 months

4
4
0 0

[PATCH 6.6 000/356] 6.6.94-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.94 release. There are 356 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Jun 2025 15:22:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.94-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.94-rc1 I Hsin Cheng <richard120310(a)gmail.com> drm/meson: Use 1000ULL when operating with mode->clock Oliver Neukum <oneukum(a)suse.com> net: usb: aqc111: debug info before sanitation Nícolas F. R. A. Prado <nfraprado(a)collabora.com> regulator: dt-bindings: mt6357: Drop fixed compatible requirement Eric Dumazet <edumazet(a)google.com> calipso: unlock rcu before returning -EAFNOSUPPORT Thomas Gleixner <tglx(a)linutronix.de> x86/iopl: Cure TIF_IO_BITMAP inconsistencies Stefano Stabellini <stefano.stabellini(a)amd.com> xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Flush altsetting 0 endpoints before reinitializating them after reset. Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting USB 3.2 speed Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting command completion event Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Oleg Nesterov <oleg(a)redhat.com> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "io_uring: ensure deferred completions are posted for multishot" Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix wrong NOWAIT check in io_rw_init_file() Jens Axboe <axboe(a)kernel.dk> io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT Jens Axboe <axboe(a)kernel.dk> io_uring: add io_file_can_poll() helper Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() David Heimann <d(a)dmeh.net> ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Suleiman Souhlal <suleiman(a)google.com> tools/resolve_btfids: Fix build when cross compiling kernel with clang. Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Fix bvec_set_folio() for very large folios Matthew Wilcox (Oracle) <willy(a)infradead.org> bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP Peter Zijlstra <peterz(a)infradead.org> perf: Ensure bpf_perf_link path is properly serialized Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: access fcpreq only when holding reqlock Zijun Hu <quic_zijuhu(a)quicinc.com> fs/filesystems: Fix potential unsigned integer underflow in fs_name() Eric Dumazet <edumazet(a)google.com> net_sched: ets: fix a race in ets_qdisc_change() Eric Dumazet <edumazet(a)google.com> net_sched: tbf: fix a race in tbf_change() Eric Dumazet <edumazet(a)google.com> net_sched: red: fix a race in __red_change() Eric Dumazet <edumazet(a)google.com> net_sched: prio: fix a race in prio_tune() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix leak of Geneve TLV option object Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix return value when searching for existing flow group Amir Tzin <amirtz(a)nvidia.com> net/mlx5: Fix ECVF vports unload on shutdown flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Ensure fw pages are always allocated on same NUMA Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix sparse errors Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix NULL pointer deference on eir_get_service_data Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds read/write access Carlos Fernandez <carlos.fernandez(a)technica-engineering.de> macsec: MACsec SCI assignment for ES = 0 Michal Luczaj <mhal(a)rbox.co> net: Fix TOCTOU issue in sk_is_readable() Yunhui Cui <cuiyunhui(a)bytedance.com> ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Robert Malz <robert.malz(a)canonical.com> i40e: retry VFLR handling if there is ongoing VF reset Robert Malz <robert.malz(a)canonical.com> i40e: return false from i40e_reset_vf if reset is in progress Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix more rounding issues with 59.94Hz modes Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use vclk_freq instead of pixel_freq in debug print Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix debug log statement when setting the HDMI clocks Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use unsigned long long / Hz for frequency types Haren Myneni <haren(a)linux.ibm.com> powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: fix a potential crash on gso_skb handling Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: iscsi: Fix incorrect error path labels for flashnode operations Wojciech Slenska <wojciech.slenska(a)gmail.com> pinctrl: qcom: pinctrl-qcm2290: Add missing pins Dan Carpenter <dan.carpenter(a)linaro.org> regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't wait when there is no vdev started Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() Easwar Hariharan <eahariha(a)linux.microsoft.com> wifi: ath11k: convert timeouts to secs_to_jiffies() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: fix soc_dp_stats debugfs file permission Caleb Connolly <caleb.connolly(a)linaro.org> ath10k: snoc: fix unbalanced IRQ enable in crash recovery Jeongjun Park <aha310510(a)gmail.com> ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Protect mgmt_pending list with its own lock Dr. David Alan Gilbert <linux(a)treblig.org> Bluetooth: MGMT: Remove unused mgmt_pending_find_data Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_core: fix list_for_each_entry_rcu usage Sanjeev Yadav <sanjeev.y(a)mediatek.com> scsi: core: ufs: Fix a hang in the error handler Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check if TX data was written to device in .tx_empty() Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Beleswar Padhi <b-padhi(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add support for multiple CAN instances Vaishnav Achath <vaishnav.a(a)ti.com> arm64: dts: ti: k3-j721e-sk: Model CSI2RX connector mux Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Fix sdhci node properties Andrey Konovalov <andreyknvl(a)gmail.com> kasan: use unchecked __memset internally Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics-rmi - fix crash with unsupported versions of F34 Dan Carpenter <dan.carpenter(a)linaro.org> pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Jakob Unterwurzacher <jakobunt(a)gmail.com> net: dsa: microchip: linearize skb for tail-tagging switches Pieter Van Trappen <pieter.van.trappen(a)cern.ch> net: dsa: microchip: update tag_ksz masks for KSZ9477 family Al Viro <viro(a)zeniv.linux.org.uk> do_change_type(): refuse to operate on unmounted/not ours mounts Al Viro <viro(a)zeniv.linux.org.uk> fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) Al Viro <viro(a)zeniv.linux.org.uk> path_overmount(): avoid false negatives Yuuki NAGAO <wf.yn386(a)gmail.com> ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Verify content returned by parse_int_array() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: hda: Fix RPM usage count underflow Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Ido Schimmel <idosch(a)nvidia.com> seg6: Fix validation of nexthop addresses Mirco Barone <mirco.barone(a)polito.it> wireguard: device: enable threaded NAPI Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not enable RGMII delay on bcm63xx Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: also check reverse tuple to obtain clashing entry Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo_avx2: fix initial map fill Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Ronak Doshi <ronak.doshi(a)broadcom.com> vmxnet3: correctly report gso type for UDP tunnels Jinjian Song <jinjian.song(a)fibocom.com> net: wwan: t7xx: Fix napi rx poll issue Shiming Cheng <shiming.cheng(a)mediatek.com> net: fix udp gso skb_segment after pull from frag_list Paul Chaignon <paul.chaignon(a)gmail.com> net: Fix checksum update for ILA adj-transport Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: tag_brcm: legacy: fix pskb_may_pull length Michal Kubiak <michal.kubiak(a)intel.com> ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Kubiak <michal.kubiak(a)intel.com> ice: create new Tx scheduler nodes for new queues only Michal Kubiak <michal.kubiak(a)intel.com> ice: fix Tx scheduler error handling in XDP callback Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-hsspi: fix shared reset Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-spi: fix shared reset Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Make sure to insert the vlan tags also in host mode Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4_en: Prevent potential integer overflow calculating Hz Yanqing Wang <ot_yanqing.wang(a)mediatek.com> driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Charalampos Mitrodimas <charmitro(a)posteo.net> net: tipc: fix refcount warning in tipc_aead_encrypt Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt Quentin Schulz <quentin.schulz(a)cherry.de> net: stmmac: platform: guarantee uniqueness of bus_id Nicolas Pitre <npitre(a)baylibre.com> vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: prevent deactivate active config while enabling the config Qasim Ijaz <qasdev00(a)gmail.com> fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> counter: interrupt-cnt: Protect enable/disable OPs with mutex WangYuli <wangyuli(a)uniontech.com> MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix 3dB filter frequency reading Brian Pellegrino <bpellegrino(a)arka.org> iio: filter: admv8818: Support frequencies >= 2^32 Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix range calculation Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix integer overflow Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix band 4, state 15 Mario Limonciello <mario.limonciello(a)amd.com> thunderbolt: Fix a logic error in wake on connect Henry Martin <bsdhenrymartin(a)gmail.com> serial: Fix potential null-ptr-deref in mlb_usio_probe() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> usb: renesas_usbhs: Reorder clock handling and power management in probe Liu Dalin <liudalin(a)kylinsec.com.cn> rtc: loongson: Add missing alarm notifications for ACPI RTC events Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Initialize aer_err_info before using it Henry Martin <bsdhenrymartin(a)gmail.com> dmaengine: ti: Add NULL check in udma_probe() Chenyuan Yang <chenyuan0y(a)gmail.com> phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Mario Limonciello <mario.limonciello(a)amd.com> PCI: Explicitly put devices into D0 when initializing Hector Martin <marcan(a)marcan.st> PCI: apple: Use gpiod_set_value_cansleep in probe flow Hans Zhang <18255117159(a)163.com> PCI: cadence: Fix runtime atomic count underflow Wilfred Mallawa <wilfred.mallawa(a)wdc.com> PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: sh: assign correct interrupts with DT Pali Rohár <pali(a)kernel.org> cifs: Fix validation of SMB1 query reparse point response Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when remounting nfs Li Lingfeng <lilingfeng3(a)huawei.com> nfs: clear SB_RDONLY before getting superblock Anubhav Shelat <ashelat(a)redhat.com> perf trace: Always print return value for syscalls returning a pid Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf record: Fix incorrect --user-regs comments Leo Yan <leo.yan(a)arm.com> perf tests switch-tracking: Fix timestamp comparison Alexey Gladkov <legion(a)kernel.org> mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Dan Carpenter <dan.carpenter(a)linaro.org> rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() Siddharth Vadapalli <s-vadapalli(a)ti.com> remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Dan Carpenter <dan.carpenter(a)linaro.org> remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe Adrian Hunter <adrian.hunter(a)intel.com> perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix PEBS-via-PT data_src Namhyung Kim <namhyung(a)kernel.org> perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: make corrupting read bios work Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: error all IOs when num_features is absent Alexei Safin <a.safin(a)rosa.ru> hwmon: (asus-ec-sensors) check sensor index in read_string() Mikhail Arkhipov <m.arhipov(a)rosa.ru> mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Henry Martin <bsdhenrymartin(a)gmail.com> backlight: pm8941: Add NULL check in wled_configure() Benjamin Marzinski <bmarzins(a)redhat.com> dm: free table mempools if not used in __bind Benjamin Marzinski <bmarzins(a)redhat.com> dm: don't change md if dm_table_set_restrictions() fails Arnaldo Carvalho de Melo <acme(a)redhat.com> perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Warn when libdebuginfod devel files are not available Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Fix attribute addition Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Remove bogus void member Sergey Shtylyov <s.shtylyov(a)omp.ru> fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Henry Martin <bsdhenrymartin(a)gmail.com> soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() Su Hui <suhui(a)nfschina.com> soc: aspeed: lpc: Fix impossible judgment condition Joel Stanley <joel(a)jms.id.au> ARM: aspeed: Don't select SRAM Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Rename RTC node to match binding expectations Thuan Nguyen <thuan.nguyen-hong(a)banvien.com.vn> arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou Vignesh Raman <vignesh.raman(a)collabora.com> arm64: defconfig: mediatek: enable PHY drivers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064: add missing clocks to the timer node Andre Przywara <andre.przywara(a)arm.com> dt-bindings: vendor-prefixes: Add Liontron name Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: fix double-free on mc_dev Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Wentao Liang <vulab(a)iscas.ac.cn> nilfs2: add pointer check for nilfs_direct_propagate() Murad Masimov <m.masimov(a)mt-integration.ru> ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check return result of sb_min_blocksize Prasanth Babu Mantena <p-mantena(a)ti.com> arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Aaron Kling <webgeek1234(a)gmail.com> arm64: tegra: Drop remaining serial clock-names and reset-names Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: rockchip: Update eMMC for NanoPi R5 series Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Add missing 'compatible' property to regulators node Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Fix RTC capacitive load Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: at91sam9263: fix NAND chip selects Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Xilin Wu <wuxilin123(a)gmail.com> arm64: dts: qcom: sm8250: Fix CPU7 opp table Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: refactor node order Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove wifi Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to correct check conditions in f2fs_cross_rename Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: use d_inode(dentry) cleanup dentry->d_inode Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Faicker Mo <faicker.mo(a)zenlayer.com> net: openvswitch: Fix the dead loop of MPLS parse Kuniyuki Iwashima <kuniyu(a)amazon.com> calipso: Don't call calipso functions for AF_INET sk. Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Fix memory leak when using one step timestamping Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> net: phy: fix up const issues in to_mdio_device() and to_phy_device() Wei Fang <wei.fang(a)nxp.com> net: phy: clear phydev->devlink when the link is deleted KaFai Wan <mannkafai(a)gmail.com> bpf: Avoid __bpf_prog_ret0_warn when jit fails Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 Jack Morgenstein <jackm(a)nvidia.com> RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: aqc111: fix error handling of usbnet read calls Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: lock the correct mp_state during reset Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_tunnel: fix geneve_opt dump Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Avoid using sk_socket after free when sending Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Li RongQing <lirongqing(a)baidu.com> vfio/type1: Fix error unwind in migration dirty bitmap allocation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix RX buffer size of MCU event Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: set EHT max ampdu length capability Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() Michal Koutný <mkoutny(a)suse.com> kernfs: Relax constraint in draining guard ping.gao <ping.gao(a)samsung.com> scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Toke Høiland-Jørgensen <toke(a)toke.dk> wifi: ath9k_htc: Abort software beacon handling if disabled Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix live migration function without VF device driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: add eq and aeq interruption restore Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: fix XQE dma address error Rajat Soni <quic_rajson(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Rolf Eike Beer <eb(a)emlix.com> iommu: remove duplicate selection of DMAR_TABLE Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Store backchain even for leaf progs Vincent Knecht <vincent.knecht(a)mailoo.org> clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Tao Chen <chen.dylane(a)linux.dev> bpf: Fix WARN() in get_bpf_raw_tp_regs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: at91: Fix possible out-of-boundary access Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in nlattr Jiayuan Chen <jiayuan.chen(a)linux.dev> ktls, sockmap: Fix missing uncharge operation Miaoqian Lin <linmq006(a)gmail.com> tracing: Fix error handling in event_trigger_parse() Steven Rostedt <rostedt(a)goodmis.org> tracing: Rename event_trigger_alloc() to trigger_data_alloc() Hans Zhang <18255117159(a)163.com> efi/libstub: Describe missing 'out' parameter in efi_load_initrd Henry Martin <bsdhenrymartin(a)gmail.com> clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs Steven Rostedt <rostedt(a)goodmis.org> tracing: Move histogram trigger variables from stack to per CPU structure Anton Protopopov <a.s.protopopov(a)gmail.com> bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Zhongqiu Duan <dzq.aishenghu0(a)gmail.com> netfilter: nft_quota: match correctly when the quota just depleted Huajian Yang <huajianyang(a)asrmicro.com> netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Lorenzo Bianconi <lorenzo(a)kernel.org> bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in linker Chao Yu <chao(a)kernel.org> f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Chao Yu <chao(a)kernel.org> f2fs: clean up w/ fscrypt_is_bounce_page() Hangbin Liu <liuhangbin(a)gmail.com> bonding: assign random address if device address is same as bond Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Protect against overflow in iommu_pgsize() Jonathan Wiepert <jonathan.wiepert(a)gmail.com> Use thread-safe function pointer in libbpf_print Tao Chen <chen.dylane(a)linux.dev> libbpf: Remove sample_period init in perf_buffer Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Maharaja Kennadyrajan <maharaja.kennadyrajan(a)oss.qualcomm.com> wifi: ath12k: fix node corruption in ar->arvifs list P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Add MSDU length validation for TKIP MIC error Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: do not ignore hardware read error during DPK Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT Cosmin Ratiu <cratiu(a)nvidia.com> xfrm: Use xdo.dev instead of xdo.real_dev Viktor Malik <vmalik(a)redhat.com> libbpf: Fix buffer overflow in bpf_object__init_prog Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix GCPS 64-bit member variables Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sbi->total_valid_block_count Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Fix panic when calling skb_linearize Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: fix duplicated data transmission Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf: fix ktls panic with sockmap Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix bpf_nf selftest failure Jacob Moroni <jmoroni(a)google.com> IB/cm: use rwlock for MAD agent lock Stone Zhang <quic_stonez(a)quicinc.com> wifi: ath11k: fix node corruption in ar->arvifs list Roger Pau Monne <roger.pau(a)citrix.com> xen/x86: fix initial memory balloon target AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: Fix kobject put for component sub-drivers AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr Anand Moon <linux.amoon(a)gmail.com> perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Kees Cook <kees(a)kernel.org> scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Do not discard modified SVE state Huang Yiwei <quic_hyiwei(a)quicinc.com> firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Biju Das <biju.das.jz(a)bp.renesas.com> drm/tegra: rgb: Fix the unbound reference count Kees Cook <kees(a)kernel.org> drm/vkms: Adjust vkms_state->active_planes allocation type Biju Das <biju.das.jz(a)bp.renesas.com> drm: rcar-du: Fix memory leak in rcar_du_vsps_init() Neill Kapron <nkapron(a)google.com> selftests/seccomp: fix syscall_restart test for arm compat Kornel Dulęba <korneld(a)google.com> arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Miaoqian Lin <linmq006(a)gmail.com> firmware: psci: Fix refcount leak in psci_dt_init Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix macintosh_config for Mac II Kees Cook <kees(a)kernel.org> watchdog: exar: Shorten identity name to fit correctly Andrey Vatoropin <a.vatoropin(a)crpt.ru> fs/ntfs3: handle hdr_first_de() return value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Fix merging of FPSIMD state during signal return Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid RES0 bits in the SME trap handler Jonas Karlman <jonas(a)kwiboo.se> media: rkvdec: Fix frame size enumeration Charles Han <hanchunchao(a)inspur.com> drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Maxime Ripard <mripard(a)kernel.org> drm/vc4: tests: Use return instead of assert Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Add seqno waiter for sync_files Martin Povišer <povik+lin(a)cutebit.org> ASoC: apple: mca: Constrain channels according to TDM mask Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix maximum DMA transfer size Armin Wolf <W_Armin(a)gmx.de> ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Print PM debug messages during hibernation Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Zijun Hu <quic_zijuhu(a)quicinc.com> PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() Kees Cook <kees(a)kernel.org> ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type Alexander Shiyan <eagle.alexander923(a)gmail.com> power: reset: at91-reset: Optimize at91_reset() Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: modify chip select (CS) deactivation Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: remove redundant error handling code Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: fix integer overflow in i{64,}toa_r() and Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Fix general protection fault Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Enable main IRQs Jemmy Wong <jemmywong512(a)gmail.com> tools/nolibc/types.h: fix mismatched parenthesis in minor() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Tzung-Bi Shih <tzungbi(a)kernel.org> kunit: Fix wrong parameter to kunit_deactivate_static_stub() Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - move fallback ahash_request to the end of the struct Herbert Xu <herbert(a)gondor.apana.org.au> crypto: xts - Only add ecb if it is not already there Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lrw - Only add ecb if it is not already there Yongliang Gao <leonylgao(a)tencent.com> rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Qu Wenruo <wqu(a)suse.com> btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Qu Wenruo <wqu(a)suse.com> btrfs: scrub: update device stats when an error is detected Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Avoid empty transfer descriptor Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Handle zero-length skcipher requests Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Sanitize CPUID(0x80000000) output Annie Li <jiayanli(a)google.com> x86/microcode/AMD: Do not return error when microcode update is not necessary Eddie James <eajames(a)linux.ibm.com> powerpc/crash: Fix non-smp kexec preparation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> powerpc: do not build ppc_save_regs.o always Corentin Labbe <clabbe.montjoie(a)gmail.com> crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Qing Wang <wangqing7171(a)gmail.com> perf/core: Fix broken throttling when max_samples_per_tick=1 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: gfs2_create_inode error handling fix Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() Andrew Cooper <andrew.cooper3(a)citrix.com> x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Fix error handling Aurabindo Pillai <aurabindo.pillai(a)amd.com> Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> dt-bindings: usb: cypress,hx3: Add support for all variants Sergey Senozhatsky <senozhatsky(a)chromium.org> thunderbolt: Do not double dequeue a configuration request Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix timeout value in get_stb Dustin Lundquist <dustin(a)null-ptr.net> serial: jsm: fix NPE during jsm_uart_port_init Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: hci_qca: move the SoC type check to the right place Qasim Ijaz <qasdev00(a)gmail.com> usb: typec: ucsi: fix Clang -Wsign-conversion warning Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li <lijiayi(a)kylinos.cn> usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Fix offset calculation for .start_secs < 0 Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Make rtc_time64_to_tm() support dates before 1970 Gautham R. Shenoy <gautham.shenoy(a)amd.com> acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: set GPIO output value before setting direction Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 Pan Taixi <pantaixi(a)huaweicloud.com> tracing: Fix compilation warning on arm32 ------------- Diffstat: .../bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 +- .../regulator/mediatek,mt6357-regulator.yaml | 12 +- .../devicetree/bindings/usb/cypress,hx3.yaml | 19 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 +- arch/arm/boot/dts/microchip/tny_a9263.dts | 2 +- arch/arm/boot/dts/microchip/usb_a9263.dts | 4 +- arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 15 +- arch/arm/mach-aspeed/Kconfig | 1 - arch/arm64/Kconfig | 6 +- .../arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 + .../arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 + .../boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 - arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 ++--- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 -- arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 -- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 - .../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 + .../arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 + .../boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 +- .../r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 +- .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 - .../arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 +- arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 19 +- .../boot/dts/ti/k3-j721e-common-proc-board.dts | 1 + arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 166 ++++++++++++++- arch/arm64/configs/defconfig | 3 + arch/arm64/include/asm/esr.h | 12 +- arch/arm64/include/asm/fpsimd.h | 3 + arch/arm64/kernel/entry-common.c | 46 ++++- arch/arm64/kernel/fpsimd.c | 21 +- arch/arm64/xen/hypercall.S | 21 +- arch/m68k/mac/config.c | 2 +- .../boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 + arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kexec/crash.c | 5 +- arch/powerpc/platforms/book3s/vas-api.c | 9 + arch/powerpc/platforms/powernv/memtrace.c | 8 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/net/bpf_jit_comp.c | 12 +- arch/x86/include/asm/mwait.h | 9 +- arch/x86/kernel/cpu/common.c | 17 +- arch/x86/kernel/cpu/microcode/core.c | 2 + arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/ioport.c | 13 +- arch/x86/kernel/process.c | 15 +- crypto/lrw.c | 4 +- crypto/xts.c | 4 +- drivers/acpi/acpica/exserial.c | 6 + drivers/acpi/apei/Kconfig | 1 + drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/cppc_acpi.c | 2 +- drivers/acpi/osi.c | 1 - drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 3 +- drivers/bluetooth/hci_qca.c | 14 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 6 +- drivers/clk/bcm/clk-raspberrypi.c | 2 + drivers/clk/qcom/camcc-sm6350.c | 18 ++ drivers/clk/qcom/dispcc-sm6350.c | 3 + drivers/clk/qcom/gcc-msm8939.c | 4 +- drivers/clk/qcom/gcc-sm6350.c | 6 + drivers/clk/qcom/gpucc-sm6350.c | 6 + drivers/counter/interrupt-cnt.c | 9 + drivers/cpufreq/acpi-cpufreq.c | 2 +- .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 +-- drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +- .../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +- drivers/crypto/marvell/cesa/cipher.c | 3 + drivers/crypto/marvell/cesa/hash.c | 2 +- drivers/dma/ti/k3-udma.c | 3 +- drivers/edac/i10nm_base.c | 35 ++-- drivers/edac/skx_common.c | 1 + drivers/edac/skx_common.h | 11 +- drivers/firmware/Kconfig | 1 - drivers/firmware/arm_sdei.c | 11 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 1 + drivers/firmware/psci/psci.c | 4 +- drivers/fpga/tests/fpga-mgr-test.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 + drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 ++- drivers/gpu/drm/meson/meson_drv.c | 2 +- drivers/gpu/drm/meson/meson_drv.h | 2 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 +-- drivers/gpu/drm/meson/meson_vclk.c | 226 +++++++++++--------- drivers/gpu/drm/meson/meson_vclk.h | 13 +- drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 +- drivers/gpu/drm/tegra/rgb.c | 14 +- drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 ++-- drivers/gpu/drm/vkms/vkms_crtc.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 +++ drivers/hid/hid-hyperv.c | 4 +- drivers/hid/usbhid/hid-core.c | 25 ++- drivers/hwmon/asus-ec-sensors.c | 4 + drivers/hwtracing/coresight/coresight-config.h | 2 +- drivers/hwtracing/coresight/coresight-syscfg.c | 49 +++-- drivers/iio/adc/ad7124.c | 4 +- drivers/iio/filter/admv8818.c | 230 ++++++++++++++++----- drivers/infiniband/core/cm.c | 16 +- drivers/infiniband/core/cma.c | 3 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 + drivers/infiniband/hw/hns/hns_roce_main.c | 1 - drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 - drivers/infiniband/hw/mlx5/qpc.c | 30 ++- drivers/input/rmi4/rmi_f34.c | 133 ++++++------ drivers/iommu/Kconfig | 1 - drivers/iommu/iommu.c | 4 +- drivers/md/dm-flakey.c | 70 ++++--- drivers/md/dm.c | 30 +-- drivers/mfd/exynos-lpass.c | 1 - drivers/mfd/stmpe-spi.c | 2 +- drivers/misc/vmw_vmci/vmci_host.c | 11 +- drivers/mtd/nand/ecc-mxic.c | 2 +- drivers/net/bonding/bond_main.c | 25 ++- drivers/net/dsa/b53/b53_common.c | 23 +-- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 +- drivers/net/ethernet/intel/ice/ice_main.c | 47 +++-- drivers/net/ethernet/intel/ice/ice_sched.c | 181 +++++++++++++--- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 + drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +- .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 +- drivers/net/ethernet/microchip/lan743x_main.c | 4 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 7 + .../net/ethernet/microchip/lan966x/lan966x_main.h | 6 + .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +++-- .../ethernet/microchip/lan966x/lan966x_switchdev.c | 1 + .../net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 +- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 +- drivers/net/macsec.c | 40 +++- drivers/net/phy/mdio_bus.c | 12 ++ drivers/net/phy/mscc/mscc_ptp.c | 20 +- drivers/net/phy/phy_device.c | 4 +- drivers/net/usb/aqc111.c | 10 +- drivers/net/vmxnet3/vmxnet3_drv.c | 26 +++ drivers/net/wireguard/device.c | 1 + drivers/net/wireless/ath/ath10k/snoc.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 37 ++-- drivers/net/wireless/ath/ath11k/core.h | 4 +- drivers/net/wireless/ath/ath11k/debugfs.c | 62 +++--- drivers/net/wireless/ath/ath11k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 2 +- drivers/net/wireless/ath/ath12k/core.c | 8 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 9 + drivers/net/wireless/ath/ath12k/wmi.c | 3 +- drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 + drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 + drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 + drivers/net/wireless/realtek/rtw88/coex.c | 2 +- drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 +- drivers/net/wireless/realtek/rtw88/sdio.c | 10 +- drivers/net/wwan/t7xx/t7xx_netdev.c | 11 +- drivers/nvme/target/fcloop.c | 31 +-- drivers/pci/controller/cadence/pcie-cadence-host.c | 11 +- drivers/pci/controller/pcie-apple.c | 4 +- drivers/pci/pci-driver.c | 6 - drivers/pci/pci.c | 15 +- drivers/pci/pci.h | 1 + drivers/pci/pcie/dpc.c | 2 +- drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 +- drivers/pinctrl/pinctrl-at91.c | 6 +- drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 + drivers/power/reset/at91-reset.c | 5 +- drivers/ptp/ptp_private.h | 12 +- drivers/regulator/max20086-regulator.c | 6 +- drivers/remoteproc/qcom_wcnss_iris.c | 2 + drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 - drivers/rpmsg/qcom_smd.c | 2 +- drivers/rtc/class.c | 2 +- drivers/rtc/lib.c | 24 ++- drivers/rtc/rtc-loongson.c | 8 + drivers/rtc/rtc-sh.c | 12 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 29 +-- drivers/scsi/qedf/qedf_main.c | 2 +- drivers/scsi/scsi_transport_iscsi.c | 11 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 +- drivers/spi/spi-bcm63xx-hsspi.c | 2 +- drivers/spi/spi-bcm63xx.c | 2 +- drivers/spi/spi-sh-msiof.c | 13 +- drivers/spi/spi-tegra210-quad.c | 24 +-- drivers/staging/media/rkvdec/rkvdec.c | 10 +- drivers/thunderbolt/ctl.c | 5 + drivers/thunderbolt/usb4.c | 4 +- drivers/tty/serial/jsm/jsm_tty.c | 1 + drivers/tty/serial/milbeaut_usio.c | 5 +- drivers/tty/serial/sh-sci.c | 81 ++++++-- drivers/tty/vt/vt_ioctl.c | 2 - drivers/ufs/core/ufs-mcq.c | 6 - drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-qcom.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 21 +- drivers/usb/cdns3/cdnsp-gadget.h | 4 + drivers/usb/class/usbtmc.c | 21 +- drivers/usb/core/hub.c | 16 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/function/f_hid.c | 12 +- drivers/usb/renesas_usbhs/common.c | 50 +++-- drivers/usb/serial/pl2303.c | 2 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 +- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 +++++-- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 +- drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/qcom-wled.c | 6 +- drivers/video/fbdev/core/fbcvt.c | 2 +- drivers/watchdog/exar_wdt.c | 2 +- drivers/xen/balloon.c | 13 +- fs/btrfs/scrub.c | 34 ++- fs/f2fs/data.c | 4 +- fs/f2fs/f2fs.h | 10 +- fs/f2fs/namei.c | 10 +- fs/f2fs/super.c | 4 +- fs/filesystems.c | 14 +- fs/gfs2/inode.c | 3 +- fs/kernfs/dir.c | 5 +- fs/kernfs/file.c | 3 +- fs/namespace.c | 25 ++- fs/nfs/super.c | 19 ++ fs/nilfs2/btree.c | 4 +- fs/nilfs2/direct.c | 3 + fs/ntfs3/index.c | 8 + fs/ocfs2/quota_local.c | 2 +- fs/smb/client/cifssmb.c | 20 +- fs/squashfs/super.c | 5 + include/linux/arm_sdei.h | 4 +- include/linux/bio.h | 2 +- include/linux/bvec.h | 7 +- include/linux/hid.h | 3 +- include/linux/io_uring_types.h | 3 + include/linux/mdio.h | 5 +- include/linux/mlx5/driver.h | 1 + include/linux/phy.h | 5 +- include/net/bluetooth/hci_core.h | 2 +- include/net/checksum.h | 2 +- include/net/sock.h | 7 +- io_uring/io_uring.c | 10 +- io_uring/io_uring.h | 12 ++ io_uring/kbuf.c | 3 +- io_uring/poll.c | 2 +- io_uring/rw.c | 26 ++- kernel/bpf/core.c | 29 +-- kernel/events/core.c | 50 +++-- kernel/power/hibernate.c | 5 + kernel/power/main.c | 3 +- kernel/power/power.h | 4 + kernel/power/wakelock.c | 3 + kernel/rcu/tree.c | 10 +- kernel/rcu/tree.h | 2 +- kernel/rcu/tree_stall.h | 4 +- kernel/time/posix-cpu-timers.c | 9 + kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace.c | 2 +- kernel/trace/trace.h | 8 +- kernel/trace/trace_events_hist.c | 122 +++++++++-- kernel/trace/trace_events_trigger.c | 20 +- lib/kunit/static_stub.c | 2 +- mm/kasan/report.c | 4 +- mm/kasan/shadow.c | 2 +- net/bluetooth/eir.c | 10 +- net/bluetooth/hci_core.c | 16 +- net/bluetooth/hci_sync.c | 20 +- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/mgmt.c | 140 ++++++------- net/bluetooth/mgmt_util.c | 51 ++--- net/bluetooth/mgmt_util.h | 8 +- net/bridge/netfilter/nf_conntrack_bridge.c | 12 +- net/core/filter.c | 2 +- net/core/skmsg.c | 53 +++-- net/core/utils.c | 4 +- net/dsa/tag_brcm.c | 2 +- net/dsa/tag_ksz.c | 22 +- net/ipv4/udp_offload.c | 5 + net/ipv6/ila/ila_common.c | 6 +- net/ipv6/netfilter.c | 12 +- net/ipv6/netfilter/nft_fib_ipv6.c | 13 +- net/ipv6/seg6_local.c | 6 +- net/ncsi/internal.h | 21 +- net/ncsi/ncsi-pkt.h | 23 +-- net/ncsi/ncsi-rsp.c | 21 +- net/netfilter/nf_nat_core.c | 12 +- net/netfilter/nft_quota.c | 20 +- net/netfilter/nft_set_pipapo_avx2.c | 21 +- net/netfilter/nft_tunnel.c | 8 +- net/netlabel/netlabel_kapi.c | 5 + net/openvswitch/flow.c | 2 +- net/sched/sch_ets.c | 2 +- net/sched/sch_prio.c | 2 +- net/sched/sch_red.c | 2 +- net/sched/sch_sfq.c | 5 +- net/sched/sch_tbf.c | 2 +- net/tipc/crypto.c | 6 +- net/tls/tls_sw.c | 15 +- net/xfrm/xfrm_device.c | 2 - net/xfrm/xfrm_state.c | 2 - scripts/Makefile.extrawarn | 12 ++ scripts/gcc-plugins/gcc-common.h | 32 +++ scripts/gcc-plugins/randomize_layout_plugin.c | 40 ++-- sound/soc/apple/mca.c | 23 +++ sound/soc/codecs/hda.c | 4 +- sound/soc/codecs/tas2764.c | 2 +- sound/soc/intel/avs/debugfs.c | 6 +- sound/soc/intel/avs/ipc.c | 4 +- sound/soc/sof/ipc4-pcm.c | 3 +- sound/soc/ti/omap-hdmi.c | 7 +- sound/usb/implicit.c | 1 + tools/arch/x86/kcpuid/kcpuid.c | 47 +++-- tools/bpf/resolve_btfids/Makefile | 2 +- tools/include/nolibc/stdlib.h | 4 +- tools/include/nolibc/types.h | 2 +- tools/lib/bpf/bpf_core_read.h | 6 + tools/lib/bpf/libbpf.c | 5 +- tools/lib/bpf/linker.c | 4 +- tools/lib/bpf/nlattr.c | 15 +- tools/perf/Makefile.config | 2 + tools/perf/builtin-record.c | 2 +- tools/perf/builtin-trace.c | 5 +- tools/perf/scripts/python/exported-sql-viewer.py | 5 +- tools/perf/tests/switch-tracking.c | 2 +- tools/perf/ui/browsers/hists.c | 2 +- tools/perf/util/intel-pt.c | 205 +++++++++++++++++- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 + tools/testing/selftests/seccomp/seccomp_bpf.c | 7 +- 347 files changed, 3285 insertions(+), 1551 deletions(-)

3 months

17
377
0 0

+ scripts-gdb-fix-dentry_name-lookup.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: scripts/gdb: fix dentry_name() lookup has been added to the -mm mm-hotfixes-unstable branch. Its filename is scripts-gdb-fix-dentry_name-lookup.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix dentry_name() lookup Date: Thu, 19 Jun 2025 15:51:05 -0700 The "d_iname" member was replaced with "d_shortname.string" in the commit referenced in the Fixes tag. This prevented the GDB script "lx-mount" command to properly function: (gdb) lx-mounts mount super_block devname pathname fstype options 0xff11000002d21180 0xff11000002d24800 rootfs / rootfs rw 0 0 0xff11000002e18a80 0xff11000003713000 /dev/root / ext4 rw,relatime 0 0 Python Exception <class 'gdb.error'>: There is no member named d_iname. Error occurred in Python: There is no member named d_iname. Link: https://lkml.kernel.org/r/20250619225105.320729-1-florian.fainelli@broadcom… Fixes: 58cf9c383c5c ("dcache: back inline names with a struct-wrapped array of unsigned long") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Jan Kara <jack(a)suse.cz> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Jeff Layton <jlayton(a)kernel.org> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/vfs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/vfs.py~scripts-gdb-fix-dentry_name-lookup +++ a/scripts/gdb/linux/vfs.py @@ -22,7 +22,7 @@ def dentry_name(d): if parent == d or parent == 0: return "" p = dentry_name(d['d_parent']) + "/" - return p + d['d_iname'].string() + return p + d['d_shortname']['string'].string() class DentryName(gdb.Function): """Return string of the full path of a dentry. _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are scripts-gdb-fix-dentry_name-lookup.patch

3 months

1
0
0 0

+ mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Date: Thu, 19 Jun 2025 11:36:07 -0700 memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating the previously allocated and assigned memory buffer. As a result, users can leak kernel memory by continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak by deallocating the previously set memory buffer. Link: https://lkml.kernel.org/r/20250619183608.6647-2-sj@kernel.org Fixes: 7ee161f18b5d ("mm/damon/sysfs-schemes: implement filter directory") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.3.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs-schemes.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/sysfs-schemes.c~mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write +++ a/mm/damon/sysfs-schemes.c @@ -472,6 +472,7 @@ static ssize_t memcg_path_store(struct k return -ENOMEM; strscpy(path, buf, count + 1); + kfree(filter->memcg_path); filter->memcg_path = path; return count; } _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch mm-damon-introduce-damon_stat-module.patch mm-damon-introduce-damon_stat-module-fix.patch mm-damon-stat-calculate-and-expose-estimated-memory-bandwidth.patch mm-damon-stat-calculate-and-expose-idle-time-percentiles.patch docs-admin-guide-mm-damon-add-damon_stat-usage-document.patch mm-damon-paddr-use-alloc_migartion_target-with-no-migration-fallback-nodemask.patch revert-mm-rename-alloc_demote_folio-to-alloc_migrate_folio.patch revert-mm-make-alloc_demote_folio-externally-invokable-for-migration.patch selftets-damon-add-a-test-for-memcg_path-leak.patch

3 months

1
0
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Fri, 20 Jun 2025 01:55:35 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in", v2. The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio) and added more sanity checks and comments. !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (36 samples each): Before: avg: 11.23s, stddev: 0.06 After patch 1: avg: 10.92s, stddev: 0.05 After patch 2: avg: 10.93s, stddev: 0.15 After patch 3: avg: 10.07s, stddev: 0.09 After patch 4: avg: 10.09s, stddev: 0.08 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 samples each): Before: system time avg: 3945.25s After patch 1: system time avg: 3903.21s After patch 2: system time avg: 3914.76s After patch 3: system time avg: 3907.41s After patch 4: system time avg: 3876.24s Slightly better than noise level given the number of samples. This patch (of 4): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250619175538.15799-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250619175538.15799-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch mm-shmem-swap-fix-softlockup-with-mthp-swapin-v3.patch mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

3 months

1
0
0 0

+ lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Kuai <yukuai3(a)huawei.com> Subject: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() Date: Thu, 19 Jun 2025 21:26:55 +0800 While testing null_blk with configfs, echo 0 > poll_queues will trigger following panic: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 27 UID: 0 PID: 920 Comm: bash Not tainted 6.15.0-02023-gadbdb95c8696-dirty #1238 PREEMPT(undef) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:__bitmap_or+0x48/0x70 Call Trace: <TASK> __group_cpus_evenly+0x822/0x8c0 group_cpus_evenly+0x2d9/0x490 blk_mq_map_queues+0x1e/0x110 null_map_queues+0xc9/0x170 [null_blk] blk_mq_update_queue_map+0xdb/0x160 blk_mq_update_nr_hw_queues+0x22b/0x560 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_poll_queues_store+0xa4/0x130 [null_blk] configfs_write_iter+0x109/0x1d0 vfs_write+0x26e/0x6f0 ksys_write+0x79/0x180 __x64_sys_write+0x1d/0x30 x64_sys_call+0x45c4/0x45f0 do_syscall_64+0xa5/0x240 entry_SYSCALL_64_after_hwframe+0x76/0x7e Root cause is that numgrps is set to 0, and ZERO_SIZE_PTR is returned from kcalloc(), then __group_cpus_evenly() will deference the ZERO_SIZE_PTR. Fix the problem by checking numgrps first in group_cpus_evenly(), and return NULL directly if numgrps is zero. Link: https://lkml.kernel.org/r/20250619132655.3318883-1-yukuai1@huaweicloud.com Fixes: 6a6dcae8f486 ("blk-mq: Build default queue map via group_cpus_evenly()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Reviewed-by: Jens Axboe <axboe(a)kernel.dk> Cc: ErKun Yang <yangerkun(a)huawei.com> Cc: John Garry <john.g.garry(a)oracle.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: "zhangyi (F)" <yi.zhang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/group_cpus.c | 3 +++ 1 file changed, 3 insertions(+) --- a/lib/group_cpus.c~lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly +++ a/lib/group_cpus.c @@ -352,6 +352,9 @@ struct cpumask *group_cpus_evenly(unsign int ret = -ENOMEM; struct cpumask *masks = NULL; + if (numgrps == 0) + return NULL; + if (!zalloc_cpumask_var(&nmsk, GFP_KERNEL)) return NULL; _ Patches currently in -mm which might be from yukuai3(a)huawei.com are lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch

3 months

1
0
0 0

[PATCH v2] thunderbolt: Fix wake on connect at runtime

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> commit 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") fixated on the USB4 port sysfs wakeup file not working properly to control policy, but it had an unintended side effect that the sysfs file controls policy both at runtime and at suspend time. The sysfs file is supposed to only control behavior while system is suspended. Pass whether programming a port for runtime into usb4_switch_set_wake() and if runtime then ignore the value in the sysfs file. Cc: stable(a)vger.kernel.org Reported-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Tested-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Fixes: 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- v2: * Fix kdoc issue reported by lkp robot --- drivers/thunderbolt/switch.c | 8 ++++---- drivers/thunderbolt/tb.h | 2 +- drivers/thunderbolt/usb4.c | 10 +++++----- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index 28febb95f8fa1..e9809fb57c354 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -3437,7 +3437,7 @@ void tb_sw_set_unplugged(struct tb_switch *sw) } } -static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) +static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { if (flags) tb_sw_dbg(sw, "enabling wakeup: %#x\n", flags); @@ -3445,7 +3445,7 @@ static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) tb_sw_dbg(sw, "disabling wakeup\n"); if (tb_switch_is_usb4(sw)) - return usb4_switch_set_wake(sw, flags); + return usb4_switch_set_wake(sw, flags, runtime); return tb_lc_set_wake(sw, flags); } @@ -3521,7 +3521,7 @@ int tb_switch_resume(struct tb_switch *sw, bool runtime) tb_switch_check_wakes(sw); /* Disable wakes */ - tb_switch_set_wake(sw, 0); + tb_switch_set_wake(sw, 0, true); err = tb_switch_tmu_init(sw); if (err) @@ -3603,7 +3603,7 @@ void tb_switch_suspend(struct tb_switch *sw, bool runtime) flags |= TB_WAKE_ON_USB4 | TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE; } - tb_switch_set_wake(sw, flags); + tb_switch_set_wake(sw, flags, runtime); if (tb_switch_is_usb4(sw)) usb4_switch_set_sleep(sw); diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h index 87afd5a7c504b..f503bad864130 100644 --- a/drivers/thunderbolt/tb.h +++ b/drivers/thunderbolt/tb.h @@ -1317,7 +1317,7 @@ int usb4_switch_read_uid(struct tb_switch *sw, u64 *uid); int usb4_switch_drom_read(struct tb_switch *sw, unsigned int address, void *buf, size_t size); bool usb4_switch_lane_bonding_possible(struct tb_switch *sw); -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags); +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime); int usb4_switch_set_sleep(struct tb_switch *sw); int usb4_switch_nvm_sector_size(struct tb_switch *sw); int usb4_switch_nvm_read(struct tb_switch *sw, unsigned int address, void *buf, diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index fce3c0f2354a7..d46d9434933c4 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -403,10 +403,11 @@ bool usb4_switch_lane_bonding_possible(struct tb_switch *sw) * usb4_switch_set_wake() - Enabled/disable wake * @sw: USB4 router * @flags: Wakeup flags (%0 to disable) + * @runtime: Wake is being programmed during system runtime * * Enables/disables router to wake up from sleep. */ -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { struct usb4_port *usb4; struct tb_port *port; @@ -438,13 +439,12 @@ int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) val |= PORT_CS_19_WOU4; } else { bool configured = val & PORT_CS_19_PC; + bool wakeup = runtime || device_may_wakeup(&usb4->dev); usb4 = port->usb4; - if (((flags & TB_WAKE_ON_CONNECT) && - device_may_wakeup(&usb4->dev)) && !configured) + if ((flags & TB_WAKE_ON_CONNECT) && wakeup && !configured) val |= PORT_CS_19_WOC; - if (((flags & TB_WAKE_ON_DISCONNECT) && - device_may_wakeup(&usb4->dev)) && configured) + if ((flags & TB_WAKE_ON_DISCONNECT) && wakeup && configured) val |= PORT_CS_19_WOD; if ((flags & TB_WAKE_ON_USB4) && configured) val |= PORT_CS_19_WOU4; -- 2.43.0

3 months

2
1
0 0

[PATCH 0/2] mm/damon: fix memory leak in memcg_path sysfs file

by SeongJae Park

Users can leak memory by repeatedly writing a string to DAMOS sysfs memcg_path file. Fix it (patch 1) and add a selftest (patch 2) to avoid reoccurrance of the bug. SeongJae Park (2): mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write selftets/damon: add a test for memcg_path leak mm/damon/sysfs-schemes.c | 1 + tools/testing/selftests/damon/Makefile | 1 + .../selftests/damon/sysfs_memcg_path_leak.sh | 43 +++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100755 tools/testing/selftests/damon/sysfs_memcg_path_leak.sh base-commit: 05b89e828eb4f791f721cbdc65f36e1a8287a9d3 -- 2.39.5

3 months

1
1
0 0

[PATCH] NFC: nci: uart: Set tty->disc_data only in success path

by Krzysztof Kozlowski

Setting tty->disc_data before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before NCIUARTSETDRIVER IOCTL succeeded (broken hardware?). Close the window by exposing tty->disc_data only on the success path, when opening of the NCI device and try_module_get() succeeds. The code differs in error path in one aspect: tty->disc_data won't be ever assigned thus NULL-ified. This however should not be relevant difference, because of "tty->disc_data=NULL" in nci_uart_tty_open(). Cc: Greg KH <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linuxfoundation.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Fixes: 9961127d4bce ("NFC: nci: add generic uart support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- net/nfc/nci/uart.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/nfc/nci/uart.c b/net/nfc/nci/uart.c index ed1508a9e093..aab107727f18 100644 --- a/net/nfc/nci/uart.c +++ b/net/nfc/nci/uart.c @@ -119,22 +119,22 @@ static int nci_uart_set_driver(struct tty_struct *tty, unsigned int driver) memcpy(nu, nci_uart_drivers[driver], sizeof(struct nci_uart)); nu->tty = tty; - tty->disc_data = nu; skb_queue_head_init(&nu->tx_q); INIT_WORK(&nu->write_work, nci_uart_write_work); spin_lock_init(&nu->rx_lock); ret = nu->ops.open(nu); if (ret) { - tty->disc_data = NULL; kfree(nu); + return ret; } else if (!try_module_get(nu->owner)) { nu->ops.close(nu); - tty->disc_data = NULL; kfree(nu); return -ENOENT; } - return ret; + tty->disc_data = nu; + + return 0; } /* ------ LDISC part ------ */ -- 2.45.2

3 months

3
2
0 0

Google's 1st page*%$!

by James Charles

Hi, I have checked your website and I feel that you need to make some improvements in your website. We can place your website on the 1st page of Google, Yahoo and a better presence on Facebook, LinkedIn, YouTube, Instagram, Pinterest etc. which you can charge me some amount. Thanks and regards

3 months

1
0
0 0

[REGRESSION] e1000e heavy packet loss on Meteor Lake - 6.14.2

by Marek Marczykowski-Górecki

Hi, After updating to 6.14.2, the ethernet adapter is almost unusable, I get over 30% packet loss. Bisect says it's this commit: commit 85f6414167da39e0da30bf370f1ecda5a58c6f7b Author: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Thu Mar 13 16:05:56 2025 +0200 e1000e: change k1 configuration on MTP and later platforms [ Upstream commit efaaf344bc2917cbfa5997633bc18a05d3aed27f ] Starting from Meteor Lake, the Kumeran interface between the integrated MAC and the I219 PHY works at a different frequency. This causes sporadic MDI errors when accessing the PHY, and in rare circumstances could lead to packet corruption. To overcome this, introduce minor changes to the Kumeran idle state (K1) parameters during device initialization. Hardware reset reverts this configuration, therefore it needs to be applied in a few places. Fixes: cc23f4f0b6b9 ("e1000e: Add support for Meteor Lake") Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Avigail Dahan <avigailx.dahan(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> drivers/net/ethernet/intel/e1000e/defines.h | 3 ++ drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++++++++++++++++++++++++++-- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 ++ 3 files changed, 82 insertions(+), 5 deletions(-) My system is Novacustom V540TU laptop with Intel Core Ultra 5 125H. And the e1000e driver is running in a Xen HVM (with PCI passthrough). Interestingly, I have also another one with Intel Core Ultra 7 155H where the issue does not happen. I don't see what is different about network adapter there, they look identical on lspci (but there are differences about other devices)... I see the commit above was already backported to other stable branches too... #regzbot introduced: 85f6414167da39e0da30bf370f1ecda5a58c6f7b -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

3 months

4
19
0 0

Linux 6.15.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.3 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/soc/fsl/fsl,qman-fqd.yaml | 4 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/gpu/xe/index.rst | 1 Documentation/gpu/xe/xe_gt_freq.rst | 14 Documentation/misc-devices/lis3lv02d.rst | 6 Documentation/netlink/specs/rt_link.yaml | 68 + Documentation/networking/xfrm_device.rst | 10 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 82 +- arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/allwinner/sun50i-a100.dtsi | 3 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 10 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 - arch/arm64/boot/dts/mediatek/mt8390-genio-common.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 1 arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 arch/arm64/boot/dts/qcom/ipq9574.dtsi | 16 arch/arm64/boot/dts/qcom/msm8998.dtsi | 19 arch/arm64/boot/dts/qcom/qcm2290.dtsi | 16 arch/arm64/boot/dts/qcom/qcs615.dtsi | 17 arch/arm64/boot/dts/qcom/qcs8300.dtsi | 12 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 11 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/qcom/sm8550.dtsi | 391 ++++++---- arch/arm64/boot/dts/qcom/sm8650.dtsi | 82 +- arch/arm64/boot/dts/qcom/sm8750.dtsi | 26 arch/arm64/boot/dts/qcom/x1e001de-devkit.dts | 44 + arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 arch/arm64/boot/dts/renesas/white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/renesas/white-hawk-single.dtsi | 8 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3528.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 15 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/kernel/fpsimd.c | 21 arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/powerpc/platforms/pseries/iommu.c | 2 arch/riscv/kernel/traps_misaligned.c | 4 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/kernel/uv.c | 85 +- arch/s390/net/bpf_jit_comp.c | 12 arch/um/os-Linux/sigio.c | 3 arch/x86/events/amd/uncore.c | 36 arch/x86/hyperv/hv_init.c | 33 arch/x86/hyperv/hv_vtl.c | 44 - arch/x86/hyperv/ivm.c | 22 arch/x86/include/asm/mshyperv.h | 6 arch/x86/include/asm/mwait.h | 9 arch/x86/include/asm/sighandling.h | 22 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/irq.c | 2 arch/x86/kernel/process.c | 15 arch/x86/kernel/signal_32.c | 4 arch/x86/kernel/signal_64.c | 4 arch/x86/lib/x86-opcode-map.txt | 50 - block/blk-integrity.c | 7 block/blk-throttle.c | 22 block/blk-zoned.c | 7 block/elevator.c | 3 crypto/api.c | 13 crypto/asymmetric_keys/public_key.c | 13 crypto/ecdsa-p1363.c | 6 crypto/ecdsa-x962.c | 5 crypto/ecdsa.c | 2 crypto/ecrdsa.c | 2 crypto/krb5/rfc3961_simplified.c | 1 crypto/lrw.c | 4 crypto/rsassa-pkcs1.c | 2 crypto/sig.c | 9 crypto/xts.c | 4 drivers/accel/amdxdna/aie2_message.c | 6 drivers/accel/amdxdna/aie2_msg_priv.h | 10 drivers/accel/amdxdna/aie2_psp.c | 4 drivers/accel/ivpu/ivpu_job.c | 8 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/acpi/platform_profile.c | 3 drivers/acpi/resource.c | 2 drivers/acpi/thermal.c | 10 drivers/base/power/main.c | 3 drivers/base/power/runtime.c | 44 + drivers/block/brd.c | 11 drivers/block/loop.c | 8 drivers/bluetooth/btintel.c | 10 drivers/bluetooth/btintel_pcie.c | 31 drivers/bluetooth/btintel_pcie.h | 10 drivers/bus/fsl-mc/fsl-mc-bus.c | 12 drivers/char/Kconfig | 2 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 17 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/intel/iaa/iaa_crypto_main.c | 6 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/crypto/xilinx/zynqmp-sha.c | 18 drivers/dma/ti/k3-udma.c | 3 drivers/edac/bluefield_edac.c | 20 drivers/edac/i10nm_base.c | 35 drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/firmware/samsung/exynos-acpm-pmic.c | 16 drivers/firmware/samsung/exynos-acpm.c | 11 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v10_0_cleaner_shader.h | 6 drivers/gpu/drm/amd/amdgpu/gfx_v10_1_10_cleaner_shader.asm | 13 drivers/gpu/drm/amd/display/dc/basics/fixpt31_32.c | 5 drivers/gpu/drm/amd/display/dc/sspl/spl_fixpt31_32.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 58 - drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/ci/gitlab-ci.yml | 19 drivers/gpu/drm/display/drm_hdmi_audio_helper.c | 3 drivers/gpu/drm/drm_panic_qr.rs | 71 + drivers/gpu/drm/i915/display/intel_dp.c | 7 drivers/gpu/drm/i915/display/intel_dp.h | 1 drivers/gpu/drm/i915/display/intel_dp_mst.c | 5 drivers/gpu/drm/i915/display/intel_psr_regs.h | 4 drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 16 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 19 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 2 drivers/gpu/drm/meson/meson_vclk.c | 55 - drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_14_msm8937.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_15_msm8917.h | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_16_msm8953.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 16 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 16 drivers/gpu/drm/msm/dp/dp_display.c | 27 drivers/gpu/drm/msm/dp/dp_link.h | 4 drivers/gpu/drm/msm/dp/dp_panel.c | 12 drivers/gpu/drm/panel/panel-samsung-sofef00.c | 34 drivers/gpu/drm/panel/panel-simple.c | 5 drivers/gpu/drm/panthor/panthor_device.c | 8 drivers/gpu/drm/panthor/panthor_mmu.c | 1 drivers/gpu/drm/panthor/panthor_regs.h | 4 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/v3d/v3d_debugfs.c | 126 +-- drivers/gpu/drm/v3d/v3d_drv.c | 22 drivers/gpu/drm/v3d/v3d_drv.h | 11 drivers/gpu/drm/v3d/v3d_gem.c | 10 drivers/gpu/drm/v3d/v3d_irq.c | 64 + drivers/gpu/drm/v3d/v3d_perfmon.c | 4 drivers/gpu/drm/v3d/v3d_sched.c | 6 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 drivers/gpu/drm/vc4/tests/vc4_test_pv_muxing.c | 154 +++ drivers/gpu/drm/vc4/vc4_hdmi.c | 16 drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 10 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 34 drivers/gpu/drm/xe/Kconfig | 3 drivers/gpu/drm/xe/xe_bo.c | 48 - drivers/gpu/drm/xe/xe_gt_freq.c | 5 drivers/gpu/drm/xe/xe_guc_debugfs.c | 159 ++-- drivers/gpu/drm/xe/xe_lrc.c | 24 drivers/gpu/drm/xe/xe_pci.c | 1 drivers/gpu/drm/xe/xe_pxp.c | 8 drivers/gpu/drm/xe/xe_vm.c | 19 drivers/gpu/drm/xe/xe_vm.h | 69 + drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/gpu/drm/xlnx/Kconfig | 1 drivers/hid/Kconfig | 2 drivers/hid/hid-hyperv.c | 4 drivers/hid/intel-thc-hid/intel-quicki2c/pci-quicki2c.c | 7 drivers/hid/usbhid/hid-core.c | 25 drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 27 drivers/hwtracing/coresight/coresight-catu.h | 1 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-core.c | 21 drivers/hwtracing/coresight/coresight-cpu-debug.c | 3 drivers/hwtracing/coresight/coresight-etm4x-core.c | 5 drivers/hwtracing/coresight/coresight-etm4x-sysfs.c | 4 drivers/hwtracing/coresight/coresight-funnel.c | 3 drivers/hwtracing/coresight/coresight-replicator.c | 3 drivers/hwtracing/coresight/coresight-stm.c | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 51 - drivers/hwtracing/coresight/coresight-tmc-core.c | 2 drivers/hwtracing/coresight/coresight-tmc-etf.c | 11 drivers/hwtracing/coresight/coresight-tpiu.c | 2 drivers/iio/adc/ad4851.c | 14 drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/mcp3911.c | 39 drivers/iio/adc/pac1934.c | 2 drivers/iio/dac/adi-axi-dac.c | 8 drivers/iio/filter/admv8818.c | 224 ++++- drivers/infiniband/core/cm.c | 19 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/bnxt_re/debugfs.c | 20 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 drivers/infiniband/sw/rxe/rxe_qp.c | 7 drivers/iommu/Kconfig | 1 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 drivers/iommu/io-pgtable-arm.c | 13 drivers/iommu/iommu.c | 4 drivers/iommu/ipmmu-vmsa.c | 3 drivers/mailbox/Kconfig | 4 drivers/mailbox/imx-mailbox.c | 21 drivers/mailbox/mtk-cmdq-mailbox.c | 51 - drivers/md/dm-core.h | 1 drivers/md/dm-flakey.c | 70 - drivers/md/dm-table.c | 67 + drivers/md/dm-zone.c | 86 +- drivers/md/dm.c | 36 drivers/md/dm.h | 6 drivers/md/raid1-10.c | 10 drivers/md/raid1.c | 19 drivers/md/raid10.c | 11 drivers/media/platform/synopsys/hdmirx/snps_hdmirx.c | 14 drivers/media/platform/verisilicon/hantro_postproc.c | 4 drivers/mfd/exynos-lpass.c | 31 drivers/mfd/stmpe-spi.c | 2 drivers/misc/lis3lv02d/Kconfig | 4 drivers/misc/mei/vsc-tp.c | 4 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 144 +-- drivers/net/dsa/b53/b53_common.c | 92 +- drivers/net/dsa/b53/b53_priv.h | 1 drivers/net/dsa/b53/b53_regs.h | 7 drivers/net/dsa/bcm_sf2.c | 1 drivers/net/ethernet/airoha/airoha_eth.c | 23 drivers/net/ethernet/airoha/airoha_eth.h | 10 drivers/net/ethernet/airoha/airoha_ppe.c | 32 drivers/net/ethernet/airoha/airoha_regs.h | 10 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 20 drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 18 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/e1000/e1000_main.c | 8 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/iavf/iavf.h | 1 drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 29 drivers/net/ethernet/intel/iavf/iavf_main.c | 300 ++----- drivers/net/ethernet/intel/iavf/iavf_virtchnl.c | 17 drivers/net/ethernet/intel/ice/ice_main.c | 47 - drivers/net/ethernet/intel/ice/ice_ptp.c | 1 drivers/net/ethernet/intel/ice/ice_sched.c | 181 +++- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c | 9 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 45 - drivers/net/ethernet/intel/idpf/idpf_txrx.h | 8 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 2 drivers/net/ethernet/intel/idpf/idpf_virtchnl.h | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 41 - drivers/net/ethernet/intel/ixgbevf/ipsec.c | 21 drivers/net/ethernet/marvell/octeontx2/af/mcs_rvu_if.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_rep.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c | 18 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/qos_sq.c | 22 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 28 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/action.c | 14 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 55 + drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 9 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c | 3 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/fs_hws.c | 3 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c | 48 - drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.h | 4 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws.h | 6 drivers/net/ethernet/microchip/lan743x_main.c | 15 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 - drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/ethernet/ti/icssg/icssg_stats.c | 8 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/macsec.c | 40 - drivers/net/mctp/mctp-usb.c | 2 drivers/net/netconsole.c | 3 drivers/net/netdevsim/ipsec.c | 15 drivers/net/netdevsim/netdev.c | 3 drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mediatek/Kconfig | 3 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_caps.c | 18 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 148 --- drivers/net/wireless/ath/ath11k/debugfs.h | 10 drivers/net/wireless/ath/ath11k/mac.c | 92 ++ drivers/net/wireless/ath/ath11k/mac.h | 4 drivers/net/wireless/ath/ath11k/wmi.c | 47 + drivers/net/wireless/ath/ath12k/core.c | 28 drivers/net/wireless/ath/ath12k/core.h | 19 drivers/net/wireless/ath/ath12k/debugfs.c | 4 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 drivers/net/wireless/ath/ath12k/dp.h | 2 drivers/net/wireless/ath/ath12k/dp_mon.c | 351 +++++++- drivers/net/wireless/ath/ath12k/dp_mon.h | 4 drivers/net/wireless/ath/ath12k/dp_rx.c | 234 +++-- drivers/net/wireless/ath/ath12k/dp_rx.h | 29 drivers/net/wireless/ath/ath12k/dp_tx.c | 23 drivers/net/wireless/ath/ath12k/hal.c | 103 +- drivers/net/wireless/ath/ath12k/hal.h | 64 - drivers/net/wireless/ath/ath12k/hal_desc.h | 3 drivers/net/wireless/ath/ath12k/hal_rx.h | 15 drivers/net/wireless/ath/ath12k/hw.c | 35 drivers/net/wireless/ath/ath12k/hw.h | 12 drivers/net/wireless/ath/ath12k/mac.c | 86 +- drivers/net/wireless/ath/ath12k/mhi.c | 7 drivers/net/wireless/ath/ath12k/pci.c | 17 drivers/net/wireless/ath/ath12k/pci.h | 4 drivers/net/wireless/ath/ath12k/reg.c | 4 drivers/net/wireless/ath/ath12k/wmi.c | 39 drivers/net/wireless/ath/ath12k/wmi.h | 16 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 1 drivers/net/wireless/intel/iwlwifi/mld/mld.c | 3 drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 2 drivers/net/wireless/marvell/mwifiex/11n.c | 6 drivers/net/wireless/mediatek/mt76/channel.c | 4 drivers/net/wireless/mediatek/mt76/mac80211.c | 6 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 21 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/eeprom.c | 1 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 14 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 23 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 4 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wireless/realtek/rtw89/fw.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 36 drivers/net/wwan/mhi_wwan_mbim.c | 9 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/host/constants.c | 2 drivers/nvme/host/core.c | 1 drivers/nvme/host/ioctl.c | 2 drivers/nvme/host/pr.c | 2 drivers/nvme/target/core.c | 9 drivers/nvme/target/fcloop.c | 31 drivers/nvme/target/io-cmd-bdev.c | 9 drivers/nvmem/zynqmp_nvmem.c | 1 drivers/of/unittest.c | 10 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/dwc/pci-imx6.c | 47 + drivers/pci/controller/dwc/pcie-rcar-gen4.c | 1 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/controller/pcie-rockchip.h | 7 drivers/pci/endpoint/pci-epf-core.c | 22 drivers/pci/hotplug/pci_hotplug_core.c | 69 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 29 drivers/pci/hotplug/pciehp_hpc.c | 78 + drivers/pci/pci-acpi.c | 23 drivers/pci/pci.c | 2 drivers/pci/pci.h | 3 drivers/pci/pcie/dpc.c | 68 - drivers/pci/pwrctrl/core.c | 2 drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/perf/arm-ni.c | 40 - drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/phy/qualcomm/phy-qcom-qusb2.c | 27 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 13 drivers/pinctrl/mediatek/mtk-eint.c | 4 drivers/pinctrl/mediatek/mtk-eint.h | 2 drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 7 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/pinctrl/qcom/pinctrl-qcs615.c | 2 drivers/pinctrl/qcom/pinctrl-qcs8300.c | 2 drivers/pinctrl/qcom/tlmm-test.c | 1 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 - drivers/pinctrl/samsung/pinctrl-exynos.c | 260 +++--- drivers/pinctrl/samsung/pinctrl-exynos.h | 8 drivers/pinctrl/samsung/pinctrl-samsung.c | 21 drivers/pinctrl/samsung/pinctrl-samsung.h | 8 drivers/pinctrl/sunxi/pinctrl-sunxi-dt.c | 8 drivers/platform/chrome/cros_ec_typec.c | 6 drivers/power/reset/at91-reset.c | 5 drivers/power/supply/max77705_charger.c | 20 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_dsp_remoteproc.c | 8 drivers/remoteproc/ti_k3_r5_remoteproc.c | 118 +-- drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 drivers/scsi/lpfc/lpfc_hbadisc.c | 32 drivers/scsi/mpt3sas/mpt3sas_ctl.c | 3 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/smartpqi/smartpqi_init.c | 4 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/soc/qcom/smp2p.c | 2 drivers/soundwire/generic_bandwidth_allocation.c | 7 drivers/spi/atmel-quadspi.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-omap2-mcspi.c | 30 drivers/spi/spi-qpic-snand.c | 44 - drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 drivers/staging/gpib/ines/ines_gpib.c | 2 drivers/staging/gpib/uapi/gpib_user.h | 2 drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thermal/mediatek/lvts_thermal.c | 18 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/8250/8250_omap.c | 25 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 92 +- drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 17 drivers/usb/core/hub.c | 16 drivers/usb/core/usb-acpi.c | 2 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/gadget/udc/core.c | 2 drivers/usb/misc/onboard_usb_dev.c | 107 ++ drivers/usb/renesas_usbhs/common.c | 50 - drivers/usb/typec/bus.c | 2 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/tcpm/tcpm.c | 91 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 94 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/virtio/virtio_pci_modern.c | 13 drivers/watchdog/exar_wdt.c | 2 drivers/watchdog/lenovo_se30_wdt.c | 2 drivers/xen/balloon.c | 13 fs/9p/vfs_addr.c | 6 fs/afs/write.c | 9 fs/btrfs/extent-io-tree.c | 6 fs/btrfs/file.c | 2 fs/btrfs/inode.c | 7 fs/btrfs/scrub.c | 34 fs/btrfs/tree-log.c | 24 fs/cachefiles/io.c | 16 fs/ceph/addr.c | 6 fs/dax.c | 2 fs/erofs/fscache.c | 6 fs/erofs/super.c | 49 + fs/f2fs/data.c | 6 fs/f2fs/f2fs.h | 46 - fs/f2fs/gc.c | 3 fs/f2fs/namei.c | 10 fs/f2fs/segment.c | 12 fs/f2fs/segment.h | 45 - fs/f2fs/super.c | 45 - fs/filesystems.c | 14 fs/gfs2/aops.c | 54 - fs/gfs2/aops.h | 3 fs/gfs2/bmap.c | 3 fs/gfs2/glock.c | 3 fs/gfs2/glops.c | 4 fs/gfs2/incore.h | 9 fs/gfs2/inode.c | 98 ++ fs/gfs2/inode.h | 1 fs/gfs2/log.c | 7 fs/gfs2/meta_io.c | 2 fs/gfs2/meta_io.h | 4 fs/gfs2/ops_fstype.c | 35 fs/gfs2/super.c | 90 -- fs/gfs2/sys.c | 1 fs/gfs2/trans.c | 21 fs/gfs2/trans.h | 2 fs/gfs2/xattr.c | 11 fs/gfs2/xattr.h | 2 fs/iomap/buffered-io.c | 2 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/mount.h | 5 fs/namespace.c | 118 +-- fs/netfs/buffered_read.c | 32 fs/netfs/buffered_write.c | 2 fs/netfs/direct_read.c | 13 fs/netfs/direct_write.c | 12 fs/netfs/fscache_io.c | 10 fs/netfs/internal.h | 42 - fs/netfs/main.c | 1 fs/netfs/misc.c | 219 +++++ fs/netfs/objects.c | 48 - fs/netfs/read_collect.c | 185 ---- fs/netfs/read_pgpriv2.c | 4 fs/netfs/read_retry.c | 26 fs/netfs/read_single.c | 6 fs/netfs/write_collect.c | 81 -- fs/netfs/write_issue.c | 38 fs/netfs/write_retry.c | 19 fs/nfs/fscache.c | 1 fs/nfs/localio.c | 45 - fs/nfs/nfs4proc.c | 32 fs/nfs/super.c | 19 fs/nfs_common/nfslocalio.c | 99 +- fs/nfsd/filecache.c | 32 fs/nfsd/filecache.h | 3 fs/nfsd/localio.c | 70 + fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 5 fs/ocfs2/quota_local.c | 2 fs/pidfs.c | 2 fs/pnode.c | 4 fs/smb/client/cifsproto.h | 3 fs/smb/client/cifssmb.c | 24 fs/smb/client/file.c | 19 fs/smb/client/smb2pdu.c | 4 fs/squashfs/super.c | 5 fs/xfs/xfs_aops.c | 22 fs/xfs/xfs_discard.c | 17 include/crypto/sig.h | 2 include/hyperv/hvgdk_mini.h | 2 include/kunit/clk.h | 1 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bpf_verifier.h | 12 include/linux/bvec.h | 7 include/linux/coresight.h | 2 include/linux/exportfs.h | 10 include/linux/fscache.h | 2 include/linux/hid.h | 3 include/linux/ieee80211.h | 79 +- include/linux/iomap.h | 5 include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 58 + include/linux/mount.h | 88 +- include/linux/netdevice.h | 10 include/linux/netfs.h | 15 include/linux/nfslocalio.h | 26 include/linux/nvme.h | 2 include/linux/overflow.h | 27 include/linux/pci-epf.h | 3 include/linux/pci.h | 8 include/linux/phy.h | 5 include/linux/pm_runtime.h | 4 include/linux/poison.h | 4 include/linux/virtio_vsock.h | 1 include/net/bluetooth/hci.h | 3 include/net/bluetooth/hci_core.h | 50 - include/net/checksum.h | 2 include/net/netfilter/nft_fib.h | 9 include/net/page_pool/types.h | 6 include/net/sock.h | 7 include/net/xfrm.h | 11 include/sound/hdaudio.h | 4 include/sound/hdaudio_ext.h | 6 include/trace/events/netfs.h | 8 include/uapi/drm/xe_drm.h | 5 include/uapi/linux/bits.h | 4 include/uapi/linux/bpf.h | 4 io_uring/fdinfo.c | 12 io_uring/io_uring.c | 18 io_uring/register.c | 7 io_uring/sqpoll.c | 43 - io_uring/sqpoll.h | 8 kernel/bpf/core.c | 29 kernel/bpf/verifier.c | 18 kernel/events/core.c | 50 - kernel/power/energy_model.c | 4 kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/sched/core.c | 12 kernel/sched/ext_idle.c | 8 kernel/sched/fair.c | 13 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 10 kernel/trace/ring_buffer.c | 41 - kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 ++- kernel/trace/trace_events_trigger.c | 20 lib/Kconfig.ubsan | 2 lib/iov_iter.c | 2 lib/kunit/static_stub.c | 2 lib/tests/usercopy_kunit.c | 1 mm/filemap.c | 20 mm/page_alloc.c | 8 net/9p/client.c | 6 net/bluetooth/eir.c | 17 net/bluetooth/eir.h | 2 net/bluetooth/hci_conn.c | 46 - net/bluetooth/hci_core.c | 50 - net/bluetooth/hci_event.c | 40 - net/bluetooth/hci_sync.c | 88 +- net/bluetooth/iso.c | 13 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 146 +-- net/bluetooth/mgmt_util.c | 34 net/bluetooth/mgmt_util.h | 4 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/dev.c | 2 net/core/filter.c | 5 net/core/net_namespace.c | 4 net/core/netmem_priv.h | 33 net/core/page_pool.c | 108 ++ net/core/rtnetlink.c | 2 net/core/skbuff.c | 16 net/core/skmsg.c | 53 - net/core/sock.c | 8 net/core/utils.c | 4 net/core/xdp.c | 4 net/dsa/tag_brcm.c | 2 net/ethtool/ioctl.c | 3 net/ipv4/netfilter/nft_fib_ipv4.c | 11 net/ipv4/udp_offload.c | 5 net/ipv6/ila/ila_common.c | 6 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 17 net/ipv6/seg6_local.c | 6 net/mac80211/mlme.c | 7 net/mac80211/scan.c | 11 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo.c | 58 + net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netfilter/xt_TCPOPTSTRIP.c | 4 net/netfilter/xt_mark.c | 2 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/packet/af_packet.c | 21 net/packet/internal.h | 1 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/sunrpc/xprtrdma/svc_rdma_transport.c | 14 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/vmw_vsock/virtio_transport_common.c | 26 net/wireless/scan.c | 18 net/xfrm/xfrm_device.c | 6 net/xfrm/xfrm_state.c | 16 rust/Makefile | 14 rust/kernel/alloc/kvec.rs | 3 rust/kernel/fs/file.rs | 1 rust/kernel/list/arc.rs | 2 rust/kernel/miscdevice.rs | 2 rust/kernel/pci.rs | 15 scripts/gcc-plugins/gcc-common.h | 32 scripts/gcc-plugins/randomize_layout_plugin.c | 40 - scripts/generate_rust_analyzer.py | 13 scripts/genksyms/genksyms.c | 27 sound/core/seq_device.c | 2 sound/hda/ext/hdac_ext_controller.c | 19 sound/hda/hda_bus_type.c | 6 sound/pci/hda/hda_bind.c | 4 sound/soc/apple/mca.c | 23 sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 5 sound/soc/intel/avs/avs.h | 4 sound/soc/intel/avs/core.c | 51 - sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/intel/avs/loader.c | 11 sound/soc/intel/avs/path.c | 8 sound/soc/intel/avs/pcm.c | 129 ++- sound/soc/intel/avs/registers.h | 2 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 4 sound/soc/sof/amd/pci-acp70.c | 1 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 sound/usb/midi.c | 3 tools/arch/x86/kcpuid/kcpuid.c | 47 - tools/arch/x86/lib/x86-opcode-map.txt | 50 - tools/bpf/bpftool/cgroup.c | 2 tools/bpf/resolve_btfids/Makefile | 2 tools/build/Makefile.feature | 4 tools/include/uapi/linux/bpf.h | 4 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 57 - tools/lib/bpf/libbpf_internal.h | 9 tools/lib/bpf/linker.c | 6 tools/lib/bpf/nlattr.c | 15 tools/objtool/check.c | 3 tools/perf/MANIFEST | 6 tools/perf/Makefile.config | 6 tools/perf/Makefile.perf | 3 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 11 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/shell/lib/stat_output.sh | 5 tools/perf/tests/shell/stat+json_output.sh | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 +++++ tools/perf/util/machine.c | 6 tools/perf/util/pmu.c | 3 tools/perf/util/symbol-minimal.c | 160 +--- tools/perf/util/thread.c | 8 tools/perf/util/thread.h | 2 tools/perf/util/tool_pmu.c | 8 tools/power/x86/turbostat/turbostat.c | 41 - tools/testing/kunit/qemu_configs/sparc.py | 2 tools/testing/selftests/Makefile | 2 tools/testing/selftests/arm64/fp/fp-ptrace.c | 14 tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c | 2 tools/testing/selftests/bpf/progs/verifier_load_acquire.c | 40 - tools/testing/selftests/bpf/progs/verifier_store_release.c | 32 tools/testing/selftests/bpf/test_loader.c | 14 tools/testing/selftests/coredump/stackdump_test.c | 10 tools/testing/selftests/cpufreq/cpufreq.sh | 3 tools/testing/selftests/drivers/net/hw/tso.py | 4 tools/testing/selftests/seccomp/seccomp_bpf.c | 13 tools/tracing/rtla/src/timerlat_bpf.c | 1 801 files changed, 9798 insertions(+), 5378 deletions(-) Aaradhana Sahu (1): wifi: ath12k: Resolve multicast packet drop by populating key_cipher in ath12k_install_key() Aaron Kling (2): arm64: tegra: Drop remaining serial clock-names and reset-names arm64: tegra: Add uartd serial alias for Jetson TX1 module Abel Vesa (2): arm64: dts: qcom: x1e001de-devkit: Describe USB retimers resets pin configs arm64: dts: qcom: x1e001de-devkit: Fix pin config for USB0 retimer vregs Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Aditya Kumar Singh (2): wifi: ath12k: fix SLUB BUG - Object already free in ath12k_reg_free() wifi: ath12k: fix ATH12K_FLAG_REGISTERED flag handling Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Ahmed Zaki (1): iavf: fix reset_task for early reset event Al Viro (8): fs/fhandle.c: fix a race in call of has_locked_children() path_overmount(): avoid false negatives finish_automount(): don't leak MNT_LOCKED from parent to child fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns do_change_type(): refuse to operate on unmounted/not ours mounts Don't propagate mounts into detached trees do_move_mount(): split the checks in subtree-of-our-ns and entire-anon cases Aleksandrs Vinarskis (3): drm/msm/dp: Fix support of LTTPR initialization drm/msm/dp: Account for LTTPRs capabilities drm/msm/dp: Prepare for link training per-segment for LTTPRs Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexandre Ghiti (1): ACPI: platform_profile: Avoid initializing on non-ACPI platforms Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (2): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alistair Popple (1): fs/dax: Fix "don't skip locked entries when scanning entries" Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amadeusz Sławiński (1): ASoC: Intel: avs: Fix paths in MODULE_FIRMWARE hints Amir Goldstein (1): exportfs: require ->fh_to_parent() to encode connectable file handles Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (2): arm64: dts: allwinner: a100: set maximum MMC frequency dt-bindings: vendor-prefixes: Add Liontron name Andrea Righi (1): sched_ext: idle: Skip cross-node search with !CONFIG_NUMA Andreas Gruenbacher (7): gfs2: replace sd_aspace with sd_inode gfs2: gfs2_create_inode error handling fix gfs2: Move gfs2_dinode_dealloc gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc gfs2: deallocate inodes in gfs2_create_inode gfs2: Move gfs2_trans_add_databufs gfs2: Don't start unnecessary transactions during log flush Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrew Price (1): gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value André Draszik (2): firmware: exynos-acpm: fix reading longer results firmware: exynos-acpm: silence EPROBE_DEFER error on boot Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access Angelo Dureghello (1): iio: dac: adi-axi-dac: fix bus read AngeloGioacchino Del Regno (5): thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Nadezhdin (1): ice/ptp: fix crosstimestamp reporting Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Antoniu Miclaus (1): iio: adc: ad4851: fix ad4858 chan pointer handling Anubhav Shelat (2): perf trace: Always print return value for syscalls returning a pid perf trace: Set errpid to false for rseq and set_robust_list Aradhya Bhatia (1): drm/xe/guc: Make creation of SLPC debugfs files conditional Armin Wolf (2): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" ACPI: thermal: Execute _SCP before reading trip points Arnaldo Carvalho de Melo (5): tools build: Don't set libunwind as available if test-all.c build succeeds tools build: Don't show libunwind build status as it is opt-in perf build: Warn when libdebuginfod devel files are not available tools build: Don't show libbfd build status as it is opt-in perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (6): drm: xlnx: zynqmp_dpsub: fix Kconfig dependencies for ASoC iommu: ipmmu-vmsa: avoid Wformat-security warning iommu/io-pgtable-arm: dynamically allocate selftest device struct drm/xe/vsec: fix CONFIG_INTEL_VSEC dependency usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit Badal Nilawar (1): drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 Baochen Qiang (5): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started wifi: ath11k: move some firmware stats related functions outside of debugfs wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 Bard Liao (1): soundwire: only compute port params in specific stream states Barnabás Czémán (1): soc: qcom: smp2p: Fix fallback to qcom,ipc parse Beleswar Padhi (1): remoteproc: k3-r5: Refactor sequential core power up/down operations Bence Csókás (2): PM: runtime: Add new devm functions spi: atmel-quadspi: Fix unbalanced pm_runtime by using devm_ API Benjamin Marzinski (7): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm: handle failures in dm_table_set_restrictions dm: fix dm_blk_report_zones dm: limit swapping tables for devices with zone write plugs dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Benno Lossin (1): rust: list: fix path of `assert_pinned!` Benson Leung (1): platform/chrome: cros_ec_typec: Set Pin Assignment E in DP PORT VDO Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (2): PCI/DPC: Initialize aer_err_info before using it PCI/DPC: Log Error Source ID only when valid Boris Brezillon (4): drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions drm/panthor: Call panthor_gpu_coherency_init() after PM resume() drm/panthor: Update panthor_mmu::irq::mask when needed drm/panthor: Fix the panthor_gpu_coherency_init() error path Brian Norris (1): PCI/pwrctrl: Cancel outstanding rescan work when unregistering Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Brian Vazquez (1): idpf: fix a race in txq wakeup Bui Quang Minh (1): selftests: net: build net/lib dependency in all target Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Caleb Sander Mateos (1): block: flip iter directions in blk_rq_integrity_map_user() Can Guo (1): scsi: ufs: qcom: Map devfreq OPP freq to UniPro Core Clock freq Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Carlos Llamas (1): libbpf: Fix implicit memfd_create() for bionic Casey Connolly (1): drm/panel: samsung-sofef00: Drop s6e3fc2x01 support Cezary Rojewski (11): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ALSA: hda: Allow to fetch hlink by ID ASoC: Intel: avs: PCM operations for LNL-based platforms ASoC: Intel: avs: Fix PPLCxFMT calculation ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw ASoC: Intel: avs: Ignore Vendor-space manipulation for ACE ASoC: Intel: avs: Read HW capabilities when possible ASoC: Intel: avs: Relocate DSP status registers ASoC: Intel: avs: Verify kcalloc() status when setting constraints ASoC: Intel: avs: Verify content returned by parse_int_array() Chandrashekar Devegowda (2): Bluetooth: btintel_pcie: Increase the tx and rx descriptor count Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition Chao Yu (6): f2fs: zone: fix to avoid inconsistence in between SIT and SSA f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() f2fs: zone: fix to calculate first_zoned_segno correctly f2fs: fix to skip f2fs_balance_fs() if checkpoint is disabled Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (3): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table pinctrl: qcom: tlmm-test: Fix potential null dereference in tlmm kunit test wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init Chen-Yu Tsai (2): arm64: dts: mediatek: mt8188: Fix IOMMU device for rdma0 pinctrl: sunxi: dt: Consider pin base when calculating bank number from pin Chenyuan Yang (2): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() Chin-Yen Lee (1): wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips Christian Brauner (1): gfs2: pass through holder from the VFS for freeze/thaw Christian Marangi (1): net: phy: mediatek: permit to compile test GE SOC PHY driver Christian Schrefl (1): rust: miscdevice: fix typo in MiscDevice::ioctl documentation Christoph Hellwig (1): block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Christophe JAILLET (5): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() net: airoha: Fix an error handling path in airoha_alloc_gdm_port() mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() Chuck Lever (1): svcrdma: Reduce the number of rdma_rw contexts per-QP Chukun Pan (2): arm64: dts: rockchip: Add missing uart3 interrupt for RK3528 arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (5): net/mlx5: Avoid using xso.real_dev unnecessarily xfrm: Use xdo.dev instead of xdo.real_dev xfrm: Add explicit dev to .xdo_dev_state_{add,delete,free} bonding: Mark active offloaded xfrm_states bonding: Fix multiple long standing offload races Cristian Ciocaltea (2): phy: rockchip: samsung-hdptx: Fix clock ratio setup phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors Damon Ding (3): drm/bridge: analogix_dp: Remove the unnecessary calls to clk_disable_unprepare() during probing drm/bridge: analogix_dp: Remove CONFIG_PM related check in analogix_dp_bind()/analogix_dp_unbind() drm/bridge: analogix_dp: Add support to get panel from the DP AUX bus Dan Carpenter (8): power: supply: max77705: Fix workqueue error handling in probe wifi: ath12k: Fix buffer overflow in debugfs of: unittest: Unlock on error in unittest_data_add() wifi: mt76: mt7925: Fix logical vs bitwise typo remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniele Ceraolo Spurio (2): drm/xe/pxp: Use the correct define in the set_property_funcs array drm/xe/pxp: Clarify PXP queue creation behavior if PXP is not ready Daniele Palmas (1): net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Danilo Krummrich (1): rust: alloc: add missing invariant in Vec::set_len() Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Chinner (1): xfs: don't assume perags are initialised when trimming AGs Dave Penkler (3): staging: gpib: Fix PCMCIA config identifier staging: gpib: Fix secondary address restriction usb: usbtmc: Fix read_stb function and get_stb ioctl David Gow (1): kunit: qemu_configs: Disable faulting tests on 32-bit SPARC David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 David Hildenbrand (3): s390/uv: Don't return 0 from make_hva_secure() if the operation was not successful s390/uv: Always return 0 from s390_wiggle_split_folio() if successful s390/uv: Improve splitting of large folios that cannot be split while dirty David Howells (5): crypto/krb5: Fix change to use SG miter to use offset netfs: Fix oops in write-retry from mis-resetting the subreq iterator netfs: Fix the request's work item to not require a ref netfs: Fix wait/wake to be consistent about the waitqueue used netfs: Fix undifferentiation of DIO reads from unbuffered reads David Thompson (1): EDAC/bluefield: Don't use bluefield_edac_readl() result on error Detlev Casanova (1): media: verisilicon: Free post processor buffers on error Di Shen (1): bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" Dibin Moolakadan Subrahmanian (1): drm/i915/display: Fix u32 overflow in SNPS PHY HDMI PLL setup Dmitry Antipov (4): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Dmitry Baryshkov (9): drm/msm/dpu: enable SmartDMA on SM8150 drm/msm/dpu: enable SmartDMA on SC8180X drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8937 drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8917 drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8953 ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device ARM: dts: qcom: apq8064: move replicator out of soc node arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Emil Tantilov (1): idpf: avoid mailbox timeout delays during reset Eric Dumazet (8): net: annotate data-races around cleanup_net_task net: prevent a NULL deref in rtnl_create_link() net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Feng Jiang (1): wifi: mt76: scan: Fix 'mlink' dereferenced before IS_ERR_OR_NULL check Feng Yang (1): libbpf: Fix event name too long error Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Filipe Manana (5): btrfs: fix invalid data space release when truncating block in NOCOW mode btrfs: fix wrong start offset for delalloc space release during mmap write btrfs: exit after state insertion failure at btrfs_convert_extent_bit() btrfs: fix fsync of files with no hard links not persisting deletion btrfs: exit after state split error at set_extent_bit() Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (5): netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_tables: nft_fib: consistent l3mdev handling netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Francesco Dolcini (1): Revert "wifi: mwifiex: Fix HT40 bandwidth issue." Félix Piédallu (2): spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted Gabor Juhos (2): spi: spi-qpic-snand: use kmalloc() for OOB buffer allocation spi: spi-qpic-snand: validate user/chip specific ECC properties Gabriel Dalimonte (1): drm/vc4: fix infinite EPROBE_DEFER loop Gal Pressman (1): net: ethtool: Don't check if RSS context exists in case of context 0 Gary Guo (1): rust: compile libcore with edition 2024 for 1.87+ Gaurav Batra (1): powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view Gautam R A (2): RDMA/bnxt_re: Fix incorrect display of inactivity_cp in debugfs output RDMA/bnxt_re: Fix missing error handling for tx_queue Gautham R. Shenoy (1): tools/power turbostat: Fix AMD package-energy reporting Geert Uytterhoeven (4): spi: sh-msiof: Fix maximum DMA transfer size arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description HID: HID_APPLETB_KBD should depend on X86 HID: HID_APPLETB_BL should depend on X86 Greg Kroah-Hartman (5): ALSA: core: fix up bus match const issues. net: phy: fix up const issues in to_mdio_device() and to_phy_device() USB: gadget: udc: fix const issue in gadget_match_driver() USB: typec: fix const issue in typec_match() Linux 6.15.3 Gustavo A. R. Silva (1): overflow: Fix direct struct member initialization in _DEFINE_FLEX() Gustavo Luiz Duarte (1): netconsole: fix appending sysdata when sysdata_fields == SYSDATA_RELEASE Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Hans de Goede (1): mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Hao Chang (1): pinctrl: mediatek: Fix the invalid conditions Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (2): octeontx2-pf: QOS: Perform cache sync on send queue teardown octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Harry Wentland (1): drm/amd/display: Don't check for NULL divisor in fixpt code Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Heiko Stuebner (1): drm/bridge: analogix_dp: Fix clk-disable removal Henry Martin (8): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() watchdog: lenovo_se30_wdt: Fix possible devm_ioremap() NULL pointer dereference in lenovo_se30_wdt_probe() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (7): crypto: iaa - Do not clobber req->base.data crypto: zynqmp-sha - Add locking crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: api - Redo lookup on EEXIST Hongbo Li (1): erofs: fix file handle encoding for 64-bit NIDs Hongbo Yao (2): perf: arm-ni: Unregister PMUs on probe failure perf: arm-ni: Fix missing platform_set_drvdata() Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Howard Hsu (1): wifi: mt76: mt7996: fix beamformee SS field Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Ian Forbes (2): drm/vmwgfx: Add seqno waiter for sync_files drm/vmwgfx: Fix dumb buffer leak Ian Rogers (5): perf tool_pmu: Fix aggregation on duration_time perf symbol-minimal: Fix double free in filename__read_build_id perf pmu: Avoid segv for missing name/alias_name in wildcarding perf symbol: Fix use-after-free in filename__read_build_id perf callchain: Always populate the addr_location map when adding IP Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilan Peer (1): wifi: iwlfiwi: mvm: Fix the rate reporting Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Imre Deak (1): drm/i915/dp_mst: Use the correct connector while computing the link BPP limit on MST Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Israel Rukshin (1): virtio-pci: Fix result size returned for the admin command completion Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jaegeuk Kim (1): f2fs: clean up unnecessary indentation Jakub Kicinski (5): netlink: specs: rt-link: add missing byte-order properties netlink: specs: rt-link: decode ip6gre selftests: drv-net: tso: fix the GRE device name selftests: drv-net: tso: make bkg() wait for socat to quit net: drv: netdevsim: don't napi_complete() from netpoll Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access James Clark (1): perf tools: Fix arm64 source package build Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jason-JH Lin (1): mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting Jens Axboe (3): iomap: don't lose folio dropbehind state for overwrites mm/filemap: gate dropbehind invalidate on folio !dirty && !writeback mm/filemap: use filemap_end_dropbehind() for read invalidation Jensen Huang (1): PCI: rockchip: Fix order of rockchip_pci_core_rsts Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jeremy Kerr (1): net: mctp: start tx queue on netdev open Jerome Brunet (2): PCI: rcar-gen4: set ep BAR4 fixed size PCI: endpoint: Retain fixed-size BAR size as well as aligned size Jesus Narvaez (2): drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h drm/i915/guc: Handle race condition where wakeref count drops below 0 Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (2): powerpc: do not build ppc_save_regs.o always tty: serial: 8250_omap: fix TX with DMA for am33xx Jocelyn Falempe (1): drm/panic: Use a decimal fifo to avoid u64 by u64 divide Joe Damato (1): e1000: Move cancel_work_sync to avoid deadlock Joel Stanley (1): ARM: aspeed: Don't select SRAM John Stultz (1): sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks Jonas Gorski (7): net: dsa: b53: do not enable EEE on bcm63xx net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: implement setting ageing time net: dsa: b53: do not configure bcm63xx's IMP port interface net: dsa: b53: allow RGMII for bcm63xx RGMII ports net: dsa: b53: do not touch DLL_IQQD on bcm53115 net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0 Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Stroud (1): usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Jose Maria Casanova Crespo (2): drm/v3d: fix client obtained from axi_ids on V3D 4.1 drm/v3d: client ranges from axi_ids are different with V3D 7.1 Jouni Högander (1): drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP Julien Massot (3): ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junhao He (1): coresight: Fixes device's owner field for registered using coresight_init_driver() Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Justin Tee (1): scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Jyothi Kumar Seerapu (1): arm64: dts: qcom: sm8750: Correct clocks property for uart14 node KONDO KAZUMA(近藤　和真) (1): fs: allow clone_private_mount() for a path on real rootfs KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kalesh AP (1): RDMA/bnxt_re: Fix return code of bnxt_re_configure_cc Karol Wachowski (1): accel/ivpu: Reorder Doorbell Unregister and Command Queue Destruction Karthikeyan Periyasamy (2): wifi: ath12k: fix NULL access in assign channel context handler wifi: ath12k: Replace band define G with GHZ where appropriate Kathiravan Thirumoorthy (2): Revert "phy: qcom-qusb2: add QUSB2 support for IPQ5424" phy: qcom-qusb2: reuse the IPQ6018 settings for IPQ5424 Kees Cook (9): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Bluetooth: btintel: Check dsbr size from EFI variable ubsan: integer-overflow: depend on BROKEN to keep this out of CI randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition overflow: Introduce __DEFINE_FLEX for having no initializer Keisuke Nishimura (1): drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource Keith Busch (2): nvme: fix command limits status code io_uring: consistently use rcu semantics with sqpoll thread Kiran K (1): Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers Konrad Dybcio (4): drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on arm64: dts: qcom: msm8998: Remove mdss_hdmi_phy phandle argument arm64: dts: qcom: qcs615: Fix up UFS clocks Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Krzysztof Kozlowski (3): arm64: dts: qcom: sa8775p: Partially revert "arm64: dts: qcom: sa8775p: add QCrypto nodes" arm64: dts: qcom: qcs8300: Partially revert "arm64: dts: qcom: qcs8300: add QCrypto nodes" arm64: dts: qcom: msm8998: Use the header with DSI phy clock IDs Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lachlan Hodges (1): wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (2): perf tests switch-tracking: Fix timestamp comparison coresight: etm4x: Fix timestamp bit field handling Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Lijuan Gao (2): pinctrl: qcom: correct the ngpios entry for QCS615 pinctrl: qcom: correct the ngpios entry for QCS8300 Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Lizhi Hou (2): accel/amdxdna: Fix incorrect size of ERT_START_NPU commands accel/amdxdna: Fix incorrect PSP firmware size Lizhi Xu (1): fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr Longfang Liu (5): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix cache write-back issue hisi_acc_vfio_pci: bugfix the problem of uninstalling driver hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (3): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps net: airoha: Add the capability to allocate hfwd descriptors in SRAM net: airoha: Initialize PPE UPDMEM source-mac table Louis-Alexis Eyraud (1): arm64: dts: mediatek: mt8390-genio-common: Set ssusb2 default dual role mode to host Luca Weiss (6): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 Lucas De Marchi (1): drm/xe/lrc: Use a temporary buffer for WA BB Luis Gerhorst (1): selftests/bpf: Fix caps for __xlated/jited_unpriv Luiz Augusto von Dentz (8): Bluetooth: ISO: Fix not using SID from adv report Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: eir: Fix possible crashes on eir_create_adv_data Bluetooth: MGMT: Fix sparse errors Lukas Wunner (4): crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY PCI: pciehp: Ignore Presence Detect Changed caused by DPC PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset Madhavan Srinivasan (1): powerpc/kernel: Fix ppc_save_regs inclusion in build Maharaja Kennadyrajan (2): wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash wifi: ath12k: fix node corruption in ar->arvifs list Manikanta Mylavarapu (1): arm64: dts: qcom: ipq9574: fix the msi interrupt numbers of pcie3 Mao Jinlong (1): coresight: tmc: fix failure to disable/enable ETF after reading Marcus Folkesson (1): iio: adc: mcp3911: fix device dependent mappings for conversion result registers Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Marius Cristea (1): iio: adc: PAC1934: fix typo in documentation link Mark Brown (2): arm64/fpsimd: Discard stale CPU state when handling SME traps arm64/fpsimd: Don't corrupt FPMR when streaming mode changes Mark Kettenis (1): arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent Mark Rutland (6): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP arm64/fpsimd: Reset FPMR upon exec() arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused kselftest/arm64: fp-ptrace: Fix expected FPMR value when PSTATE.SM is changed Martin Blumenstingl (3): drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (2): ASoC: tas2764: Reinit cache on part reset ASoC: apple: mca: Constrain channels according to TDM mask Masami Hiramatsu (Google) (1): x86/insn: Fix opcode map (!REX2) superscript tags Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Auld (1): drm/xe/vm: move xe_svm_init() earlier Matthew Wilcox (Oracle) (3): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios 9p: Add a migrate_folio method Maulik Shah (1): arm64: dts: qcom: sm8750: Fix cluster hierarchy for idle states Maxime Chevallier (1): net: phy: phy_caps: Don't skip better duplex macth on non-exact match Maxime Ripard (3): drm/vc4: tests: Use return instead of assert drm/vc4: tests: Stop allocating the state in test init drm/vc4: tests: Retry pv-muxing tests when EDEADLK Maíra Canal (1): drm/v3d: Associate a V3D tech revision to all supported devices Meghana Malladi (1): net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces. Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Miaoqing Pan (1): wifi: ath12k: fix uaf in ath12k_core_init() Michael Lo (1): wifi: mt76: mt7925: ensure all MCU commands wait for response Michael Petlan (1): perf tests: Fix 'perf report' tests installation Michael Walle (1): drm/panel-simple: fix the warnings for the Evervision VGG644804 Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Michal Wajdeczko (2): drm/xe/guc: Refactor GuC debugfs initialization drm/xe/guc: Don't expose GuC privileged debugfs files if VF Miguel Ojeda (3): drm/panic: clean Clippy warning rust: pci: fix docs related to missing Markdown code spans objtool/rust: relax slice condition to cover more `noreturn` Rust functions Mike Yuan (1): pidfs: never refuse ppid == 0 in PIDFD_GET_INFO Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Ming Lei (2): loop: add file_start_write() and file_end_write() block: use q->elevator with ->elevator_lock held in elv_iosched_show() Ming Yen Hsieh (2): wifi: mt76: mt7925: prevent multiple scan commands wifi: mt76: mt7925: refine the sniffer commnad Mingcong Bai (1): ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[] Mirco Barone (1): wireguard: device: enable threaded NAPI Miri Korenblit (2): wifi: iwlwifi: re-add IWL_AMSDU_8K case wifi: iwlwifi: mld: avoid panic on init failure Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Nam Cao (3): selftests: coredump: Properly initialize pointer selftests: coredump: Fix test failure for slow machines selftests: coredump: Raise timeout to 2 minutes Namhyung Kim (2): perf trace: Fix leaks of 'struct thread' in fprintf_sys_enter() perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Neil Armstrong (4): arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures arm64: dts: qcom: sm8550: use ICC tag for all interconnect phandles arm64: dts: qcom: sm8550: add missing cpu-cfg interconnect path in the mdss node arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node NeilBrown (7): nfs: fix incorrect handling of large-number NFS errors in nfs4_do_mkdir() nfs_localio: use cmpxchg() to install new nfs_file_localio nfs_localio: always hold nfsd net ref with nfsd_file ref nfs_localio: simplify interface to nfsd for getting nfsd_file nfs_localio: duplicate nfs_close_local_fh() nfs_localio: protect race between nfs_uuid_put() and nfs_close_local_fh() nfs_localio: change nfsd_file_put_local() to take a pointer to __rcu pointer Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Dufresne (2): media: synopsys: hdmirx: Renamed frame_idx to sequence media: synopsys: hdmirx: Count dropped frames Nicolas Frattaroli (1): drm/connector: only call HDMI audio helper plugged cb if non-null Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitesh Shetty (1): iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nylon Chen (1): riscv: misaligned: fix sleeping function called during misaligned access handling Nícolas F. R. A. Prado (3): kselftest: cpufreq: Get rid of double suspend in rtcwake case arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (4): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - undo runtime PM changes during driver removal crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (12): wifi: ath12k: Fix memory leak during vdev_id mismatch wifi: ath12k: Fix memory corruption during MLO multicast tx wifi: ath12k: Fix invalid memory access while forming 802.11 header wifi: ath12k: Handle error cases during extended skb allocation wifi: ath12k: Add MSDU length validation for TKIP MIC error wifi: ath12k: Add extra TLV tag parsing support in monitor Rx path wifi: ath12k: Avoid fetch Error bitmap and decap format from Rx TLV wifi: ath12k: change the status update in the monitor Rx wifi: ath12k: add rx_info to capture required field from rx descriptor wifi: ath12k: replace the usage of rx desc with rx_info wifi: ath12k: Fix invalid RSSI values in station dump wifi: ath12k: refactor ath12k_hw_regs structure Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: prevent overflow in lookup table allocation Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Paul Chaignon (3): net: Fix checksum update for ILA adj-transport bpf: Clarify the meaning of BPF_F_PSEUDO_HDR bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Pauli Virtanen (2): Bluetooth: separate CIS_LINK and BIS_LINK link types Bluetooth: hci_core: fix list_for_each_entry_rcu usage Paulo Alcantara (2): netfs: Fix setting of transferred bytes with short DIO reads smb: client: fix perf regression with deferred closes Pavel Begunkov (2): nvme: fix implicit bool to flags conversion io_uring: fix spurious drain flushing Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peilin Ye (1): selftests/bpf: Avoid passing out-of-range values to __retval() Pekka Ristola (1): rust: file: mark `LocalFile` as `repr(transparent)` Peng Fan (1): mailbox: imx: Fix TXDB_V2 sending Penglei Jiang (1): io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() Pengyu Luo (1): arm64: dts: qcom: sm8650: add the missing l2 cache node Peter Chiu (2): wifi: mt76: mt7996: set EHT max ampdu length capability wifi: mt76: mt7996: fix invalid NSS setting when TX path differs from NSS Peter Griffin (3): pinctrl: samsung: refactor drvdata suspend & resume callbacks pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks Peter Korsgaard (1): nvmem: zynqmp_nvmem: unbreak driver after cleanup Peter Robinson (2): arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (2): sched: Fix trace_sched_switch(.prev_state) perf: Ensure bpf_perf_link path is properly serialized Petr Pavlu (1): genksyms: Fix enum consts from a reference affecting new values Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Pin-yen Lin (1): arm64: dts: mt8183: Add port node to mt8183.dtsi Ping-Ke Shih (2): wifi: rtw89: pci: configure manual DAC mode via PCI config API only wifi: rtw89: pci: enlarge retry times of RX tag to 1000 Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Przemek Kitszel (6): iavf: iavf_suspend(): take RTNL before netdev_lock() iavf: centralize watchdog requeueing itself iavf: simplify watchdog_task in terms of adminq task scheduling iavf: extract iavf_watchdog_step() out of iavf_watchdog_task() iavf: sprinkle netdev_assert_locked() annotations iavf: get rid of the crit lock Qasim Ijaz (4): wifi: mt76: mt7996: prevent uninit return in mt7996_mac_sta_add_links wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() wifi: mt76: mt7996: avoid null deref in mt7996_stop_phy() fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qinxin Xia (1): iommu/arm-smmu-v3: Fix incorrect return in arm_smmu_attach_dev Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (3): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id RD Babiera (1): usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Raj Kumar Bhagat (1): wifi: ath12k: fix cleanup path after mhi init Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramasamy Kaliappan (1): wifi: ath12k: Fix the QoS control field offset to build QoS header Rameshkumar Sundaram (1): wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Richard Fitzgerald (1): clk: test: Forward-declare struct of_phandle_args in kunit/clk.h Richard Zhu (1): PCI: imx6: Save and restore the LUT setting during suspend/resume for i.MX95 SoC Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Rob Herring (Arm) (1): dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Robin Murphy (1): bus: fsl_mc: Fix driver_managed_dma check Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Rodrigo Vivi (2): drm/xe: Make xe_gt_freq part of the Documentation drm/xe: Add missing documentation of rpa_freq Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Roman Kisel (1): x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Roxana Nicolescu (2): misc: lis3lv02d: Fix correct sysfs directory path for lis3lv02d char: tlclk: Fix correct sysfs directory path for tlclk Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sandipan Das (2): perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member perf/x86/amd/uncore: Prevent UMC counters from saturating Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sarika Sharma (1): wifi: ath12k: fix invalid access to memory Sean Christopherson (1): x86/irq: Ensure initial PIR loads are performed exactly once Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shahar Shitrit (1): net/mlx5e: Fix number of lanes to UNKNOWN when using data_rate_oper Shayne Chen (2): wifi: mt76: mt7996: fix RX buffer size of MCU event wifi: mt76: fix available_antennas setting Sheng Yong (1): erofs: avoid using multiple devices with different type Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Shivasharan S (1): scsi: mpt3sas: Fix _ctl_get_mpt_mctp_passthru_adapter() to return IOC pointer Siddharth Vadapalli (2): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick} Srinivasan Shanmugam (1): drm/amdgpu: Refine Cleaner Shader MEC firmware version for GFX10.1.x GPUs Stanislav Fomichev (1): af_packet: move notifier's packet_dev_mc out of rcu critical section Stefan Wahren (1): drm/vc4: hdmi: Call HDMI hotplug helper on disconnect Stefano Garzarella (1): vsock/virtio: fix `rx_bytes` accounting for stream sockets Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (1): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Stephen Brennan (1): fs: convert mount flags to enum Steven Rostedt (4): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() ring-buffer: Do not trigger WARN_ON() due to a commit_overrun ring-buffer: Move cpus_read_lock() outside of buffer->mutex Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Subbaraya Sundeep (1): octeontx2-af: Send Link events one by one Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Suraj Gupta (1): net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit T.J. Mercier (1): selftests/bpf: Fix kmem_cache iterator draining Takashi Iwai (1): ALSA: usb-audio: Kill timer properly at removal Tao Chen (4): bpf: Check link_create.flags parameter for multi_kprobe bpf: Check link_create.flags parameter for multi_uprobe libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Tengteng Yang (1): Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Terry Tritton (1): selftests/seccomp: fix negative_ENOSYS tracer tests on arm32 Thangaraj Samynathan (2): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy net: lan743x: Fix PHY reset handling during initialization and WOL Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Hellström (1): drm/xe: Rework eviction rejection of bound external bos Thomas Richter (1): perf tests metric-only perf stat: Fix tests 84 and 86 s390 Thomas Weißschuh (3): kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y kunit/usercopy: Disable u64 test on 32-bit SPARC uapi: bitops: use UAPI-safe variant of BITS_PER_LONG again Thorsten Blum (1): ASoC: Intel: avs: Fix kcalloc() sizes Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Tingguo Cheng (1): arm64: dts: qcom: qcs615: remove disallowed property in spmi bus node Toke Høiland-Jørgensen (3): page_pool: Move pp_magic check into helper functions page_pool: Track DMA-mapped pages and unmap them when destroying the pool wifi: ath9k_htc: Abort software beacon handling if disabled Tomas Glozar (1): rtla: Define _GNU_SOURCE in timerlat_bpf.c Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Varadarajan Narayanan (1): arm64: dts: qcom: ipq9574: Fix USB vdd info Vignesh Raman (2): drm/ci: fix merge request rules arm64: defconfig: mediatek: enable PHY drivers Vijendar Mukunda (1): ASoC: SOF: amd: add missing acp descriptor field Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation Vitaly Prosyak (1): drm/amdgpu/gfx10: Refine Cleaner Shader for GFX10.1.10 Vlad Dogaru (2): net/mlx5: HWS, Fix matcher action template attach net/mlx5: HWS, make sure the uplink is the last destination Vlad Dumitrescu (1): IB/cm: Drop lockdep assert and WARN when freeing old msg WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Guan (1): HID: intel-thc-hid: intel-quicki2c: pass correct arguments to acpi_evaluate_object Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xin Li (Intel) (1): x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler Xuewen Yan (1): sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE Yabin Cui (2): coresight: catu: Introduce refcount and spinlock for enabling/disabling coresight: core: Disable helpers for devices that fail to enable Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yaxiong Tian (1): PM: EM: Fix potential division-by-zero error in em_compute_costs() Yeoreum Yun (3): coresight/etm4: fix missing disable active config coresight: holding cscfg_csdev_lock while removing cscfg from csdev coresight: prevent deactivate active config while enabling the config Yevgeny Kliteynik (1): net/mlx5: HWS, fix missing ip_version handling in definer Yi Zhang (1): scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels YiFei Zhu (1): bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yingying Tang (1): wifi: ath12k: Reorder and relocate the release of resources in ath12k_core_deinit() Yonghong Song (1): bpf: Do not include stack ptr register in precision backtracking bookkeeping Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yongting Lin (1): um: Fix tgkill compile error on old host OSes Yu Kuai (3): brd: fix aligned_sector from brd_do_discard() brd: fix discard end sector md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT Yue Haibing (1): mailbox: mchp-ipc-sbi: Fix COMPILE_TEST build error Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhe Qiao (1): PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zhu Yanjun (1): RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() Ziqi Chen (1): scsi: ufs: qcom: Check gear against max gear in vop freq_to_gear() Zizhi Wo (1): blk-throttle: Fix wrong tg->[bytes/io]_disp update in __tg_update_carryover() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() yohan.joung (1): f2fs: prevent the current section from being selected as a victim during GC Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

3 months

1
1
0 0

Linux 6.12.34

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.34 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 21 Documentation/devicetree/bindings/pwm/brcm,bcm7038-pwm.yaml | 8 Documentation/devicetree/bindings/pwm/brcm,kona-pwm.yaml | 8 Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/soc/fsl/fsl,qman-fqd.yaml | 4 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/gpu/xe/index.rst | 1 Documentation/gpu/xe/xe_gt_freq.rst | 14 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 82 +- arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 10 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 - arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 1 arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 arch/arm64/boot/dts/qcom/qcm2290.dtsi | 16 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/qcom/sm8650.dtsi | 71 +- arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 299 +++++----- arch/arm64/boot/dts/renesas/r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 15 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/include/asm/fpsimd.h | 3 arch/arm64/kernel/entry-common.c | 46 + arch/arm64/kernel/fpsimd.c | 36 - arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/powerpc/platforms/pseries/iommu.c | 2 arch/riscv/kernel/traps_misaligned.c | 4 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/net/bpf_jit_comp.c | 12 arch/x86/events/amd/uncore.c | 36 + arch/x86/include/asm/mwait.h | 9 arch/x86/include/asm/sighandling.h | 22 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/irq.c | 2 arch/x86/kernel/process.c | 15 arch/x86/kernel/signal_32.c | 4 arch/x86/kernel/signal_64.c | 4 arch/x86/lib/x86-opcode-map.txt | 50 - block/blk-zoned.c | 7 block/elevator.c | 3 crypto/api.c | 13 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/acpi/resource.c | 2 drivers/base/power/main.c | 3 drivers/block/brd.c | 11 drivers/block/loop.c | 8 drivers/bluetooth/btintel.c | 10 drivers/bluetooth/btintel_pcie.c | 31 - drivers/bluetooth/btintel_pcie.h | 10 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 17 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/dma/ti/k3-udma.c | 3 drivers/edac/i10nm_base.c | 35 - drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/i915/display/intel_psr_regs.h | 4 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 19 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 - drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 drivers/gpu/drm/meson/meson_vclk.c | 226 ++++--- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 16 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 16 drivers/gpu/drm/panel/panel-samsung-sofef00.c | 34 - drivers/gpu/drm/panel/panel-simple.c | 5 drivers/gpu/drm/panthor/panthor_mmu.c | 1 drivers/gpu/drm/panthor/panthor_regs.h | 4 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 - drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 10 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 34 - drivers/gpu/drm/xe/xe_gt_freq.c | 2 drivers/gpu/drm/xe/xe_pci.c | 1 drivers/hid/hid-hyperv.c | 4 drivers/hid/usbhid/hid-core.c | 25 drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 27 drivers/hwtracing/coresight/coresight-catu.h | 1 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-core.c | 6 drivers/hwtracing/coresight/coresight-cpu-debug.c | 3 drivers/hwtracing/coresight/coresight-funnel.c | 3 drivers/hwtracing/coresight/coresight-replicator.c | 3 drivers/hwtracing/coresight/coresight-stm.c | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 49 + drivers/hwtracing/coresight/coresight-tmc-core.c | 2 drivers/hwtracing/coresight/coresight-tpiu.c | 2 drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/mcp3911.c | 39 + drivers/iio/adc/pac1934.c | 2 drivers/iio/filter/admv8818.c | 224 +++++-- drivers/infiniband/core/cm.c | 16 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 - drivers/input/rmi4/rmi_f34.c | 135 ++-- drivers/iommu/Kconfig | 1 drivers/iommu/iommu.c | 4 drivers/mailbox/imx-mailbox.c | 21 drivers/mailbox/mtk-cmdq-mailbox.c | 51 - drivers/md/dm-core.h | 1 drivers/md/dm-flakey.c | 70 +- drivers/md/dm-zone.c | 25 drivers/md/dm.c | 30 - drivers/media/platform/verisilicon/hantro_postproc.c | 4 drivers/mfd/exynos-lpass.c | 6 drivers/mfd/stmpe-spi.c | 2 drivers/misc/mei/vsc-tp.c | 4 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mmc/host/sdhci-of-dwcmshc.c | 40 + drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 25 drivers/net/dsa/b53/b53_common.c | 37 - drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_main.c | 47 + drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++-- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c | 9 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 45 - drivers/net/ethernet/intel/idpf/idpf_txrx.h | 8 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 2 drivers/net/ethernet/intel/idpf/idpf_virtchnl.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/qos_sq.c | 22 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 18 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_definer.c | 3 drivers/net/ethernet/microchip/lan743x_main.c | 15 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 + drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/ethernet/ti/icssg/icssg_stats.c | 8 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/macsec.c | 40 + drivers/net/netdevsim/netdev.c | 3 drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 - drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 148 ---- drivers/net/wireless/ath/ath11k/debugfs.h | 10 drivers/net/wireless/ath/ath11k/mac.c | 92 ++- drivers/net/wireless/ath/ath11k/mac.h | 4 drivers/net/wireless/ath/ath11k/wmi.c | 47 + drivers/net/wireless/ath/ath12k/core.c | 8 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 drivers/net/wireless/ath/ath12k/dp_rx.c | 54 - drivers/net/wireless/ath/ath12k/dp_tx.c | 1 drivers/net/wireless/ath/ath12k/hal.c | 103 +-- drivers/net/wireless/ath/ath12k/hal.h | 64 +- drivers/net/wireless/ath/ath12k/hal_desc.h | 3 drivers/net/wireless/ath/ath12k/hw.c | 35 + drivers/net/wireless/ath/ath12k/hw.h | 12 drivers/net/wireless/ath/ath12k/pci.c | 12 drivers/net/wireless/ath/ath12k/pci.h | 4 drivers/net/wireless/ath/ath12k/wmi.c | 3 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 2 drivers/net/wireless/marvell/mwifiex/11n.c | 6 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 21 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wireless/realtek/rtw89/fw.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 2 drivers/net/wwan/mhi_wwan_mbim.c | 9 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/host/constants.c | 2 drivers/nvme/host/core.c | 1 drivers/nvme/host/pr.c | 2 drivers/nvme/target/core.c | 9 drivers/nvme/target/fcloop.c | 31 - drivers/nvme/target/io-cmd-bdev.c | 9 drivers/nvmem/zynqmp_nvmem.c | 1 drivers/of/unittest.c | 10 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/dwc/pcie-rcar-gen4.c | 1 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/endpoint/pci-epf-core.c | 22 drivers/pci/pci-acpi.c | 23 drivers/pci/pci.c | 2 drivers/pci/pcie/dpc.c | 68 +- drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/perf/arm-ni.c | 40 - drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 13 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 - drivers/pinctrl/samsung/pinctrl-exynos.c | 260 ++++---- drivers/pinctrl/samsung/pinctrl-exynos.h | 8 drivers/pinctrl/samsung/pinctrl-samsung.c | 21 drivers/pinctrl/samsung/pinctrl-samsung.h | 8 drivers/pmdomain/core.c | 35 + drivers/power/reset/at91-reset.c | 5 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_dsp_remoteproc.c | 8 drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/smartpqi/smartpqi_init.c | 4 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/soc/qcom/smp2p.c | 2 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-omap2-mcspi.c | 30 - drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thermal/mediatek/lvts_thermal.c | 18 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/8250/8250_omap.c | 25 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 24 drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 17 drivers/usb/core/hub.c | 16 drivers/usb/core/usb-acpi.c | 2 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/gadget/udc/core.c | 2 drivers/usb/misc/onboard_usb_dev.c | 107 +++ drivers/usb/renesas_usbhs/common.c | 50 + drivers/usb/typec/bus.c | 2 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/tcpm/tcpm.c | 91 ++- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 ++ drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/watchdog/exar_wdt.c | 2 drivers/xen/balloon.c | 13 fs/9p/vfs_addr.c | 1 fs/btrfs/extent-io-tree.c | 6 fs/btrfs/inode.c | 7 fs/btrfs/scrub.c | 34 + fs/erofs/super.c | 49 + fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/gc.c | 3 fs/f2fs/namei.c | 10 fs/f2fs/segment.h | 45 - fs/f2fs/super.c | 4 fs/filesystems.c | 14 fs/gfs2/glock.c | 3 fs/gfs2/glops.c | 4 fs/gfs2/incore.h | 9 fs/gfs2/inode.c | 3 fs/gfs2/meta_io.c | 2 fs/gfs2/meta_io.h | 4 fs/gfs2/ops_fstype.c | 35 - fs/gfs2/super.c | 16 fs/gfs2/sys.c | 1 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/namespace.c | 25 fs/nfs/super.c | 19 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 5 fs/ocfs2/quota_local.c | 2 fs/smb/client/cifssmb.c | 20 fs/squashfs/super.c | 5 fs/xfs/xfs_discard.c | 17 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bvec.h | 7 include/linux/coresight.h | 2 include/linux/hid.h | 3 include/linux/ieee80211.h | 79 ++ include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 58 + include/linux/nvme.h | 2 include/linux/overflow.h | 27 include/linux/pci-epf.h | 3 include/linux/phy.h | 5 include/linux/pm_domain.h | 7 include/linux/poison.h | 4 include/linux/virtio_vsock.h | 1 include/net/bluetooth/hci_core.h | 2 include/net/netfilter/nft_fib.h | 9 include/net/page_pool/types.h | 6 include/net/sock.h | 7 include/sound/hdaudio.h | 4 io_uring/fdinfo.c | 12 io_uring/io_uring.c | 4 io_uring/register.c | 7 io_uring/sqpoll.c | 43 - io_uring/sqpoll.h | 8 kernel/bpf/core.c | 29 kernel/events/core.c | 50 + kernel/power/energy_model.c | 4 kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/sched/core.c | 12 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 7 kernel/trace/ring_buffer.c | 41 - kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 +++- kernel/trace/trace_events_trigger.c | 20 lib/iov_iter.c | 2 lib/kunit/static_stub.c | 2 lib/usercopy_kunit.c | 1 mm/page_alloc.c | 8 net/bluetooth/eir.c | 17 net/bluetooth/eir.h | 2 net/bluetooth/hci_conn.c | 2 net/bluetooth/hci_core.c | 29 net/bluetooth/hci_event.c | 16 net/bluetooth/hci_sync.c | 74 ++ net/bluetooth/iso.c | 9 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 140 ++-- net/bluetooth/mgmt_util.c | 49 - net/bluetooth/mgmt_util.h | 8 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/netmem_priv.h | 33 + net/core/page_pool.c | 108 ++- net/core/skbuff.c | 16 net/core/skmsg.c | 53 + net/core/sock.c | 8 net/core/xdp.c | 4 net/dsa/tag_brcm.c | 2 net/ipv4/netfilter/nft_fib_ipv4.c | 11 net/ipv4/udp_offload.c | 5 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 17 net/ipv6/seg6_local.c | 6 net/mac80211/mlme.c | 7 net/mac80211/scan.c | 11 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo.c | 58 + net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netfilter/xt_TCPOPTSTRIP.c | 4 net/netfilter/xt_mark.c | 2 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/sunrpc/xprtrdma/svc_rdma_transport.c | 14 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/vmw_vsock/virtio_transport_common.c | 26 net/wireless/scan.c | 18 net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_state.c | 2 rust/kernel/alloc/kvec.rs | 3 scripts/gcc-plugins/gcc-common.h | 32 + scripts/gcc-plugins/randomize_layout_plugin.c | 40 - sound/core/seq_device.c | 2 sound/hda/hda_bus_type.c | 6 sound/pci/hda/hda_bind.c | 4 sound/pci/hda/patch_realtek.c | 68 ++ sound/soc/apple/mca.c | 23 sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 2 sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 4 sound/soc/sof/amd/pci-acp70.c | 1 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 tools/arch/x86/kcpuid/kcpuid.c | 47 - tools/arch/x86/lib/x86-opcode-map.txt | 50 - tools/bpf/bpftool/cgroup.c | 2 tools/bpf/resolve_btfids/Makefile | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 48 - tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 tools/objtool/check.c | 3 tools/perf/Makefile.config | 2 tools/perf/Makefile.perf | 3 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 9 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 ++++++ tools/perf/util/machine.c | 6 tools/perf/util/symbol-minimal.c | 160 ++--- tools/perf/util/thread.c | 8 tools/perf/util/thread.h | 2 tools/power/x86/turbostat/turbostat.c | 41 + tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/bpf/test_loader.c | 14 tools/testing/selftests/cpufreq/cpufreq.sh | 3 tools/testing/selftests/seccomp/seccomp_bpf.c | 13 515 files changed, 5502 insertions(+), 3052 deletions(-) Aaron Kling (2): arm64: tegra: Drop remaining serial clock-names and reset-names arm64: tegra: Add uartd serial alias for Jetson TX1 module Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Al Viro (3): path_overmount(): avoid false negatives fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (2): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (1): dt-bindings: vendor-prefixes: Add Liontron name Andreas Gruenbacher (2): gfs2: replace sd_aspace with sd_inode gfs2: gfs2_create_inode error handling fix Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrew Price (1): gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access AngeloGioacchino Del Regno (5): thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Anubhav Shelat (2): perf trace: Always print return value for syscalls returning a pid perf trace: Set errpid to false for rseq and set_robust_list Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (2): usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit Badal Nilawar (1): drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 Baochen Qiang (5): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started wifi: ath11k: move some firmware stats related functions outside of debugfs wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 Barnabás Czémán (1): soc: qcom: smp2p: Fix fallback to qcom,ipc parse Benjamin Marzinski (5): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm: fix dm_blk_report_zones dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (2): PCI/DPC: Initialize aer_err_info before using it PCI/DPC: Log Error Source ID only when valid Boris Brezillon (2): drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions drm/panthor: Update panthor_mmu::irq::mask when needed Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Brian Vazquez (1): idpf: fix a race in txq wakeup Bui Quang Minh (1): selftests: net: build net/lib dependency in all target Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Casey Connolly (1): drm/panel: samsung-sofef00: Drop s6e3fc2x01 support Cezary Rojewski (3): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ASoC: Intel: avs: Verify content returned by parse_int_array() Chandrashekar Devegowda (2): Bluetooth: btintel_pcie: Increase the tx and rx descriptor count Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition Chao Yu (4): f2fs: zone: fix to avoid inconsistence in between SIT and SSA f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Chenyuan Yang (2): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() Chin-Yen Lee (1): wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips Chris Chiu (3): ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247 ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup Christian Brauner (1): gfs2: pass through holder from the VFS for freeze/thaw Christoph Hellwig (1): block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Christophe JAILLET (3): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Chuck Lever (1): svcrdma: Reduce the number of rdma_rw contexts per-QP Chukun Pan (1): arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 Claudiu Beznea (1): serial: sh-sci: Move runtime PM enable to sci_probe_single() Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (2): net/mlx5: Avoid using xso.real_dev unnecessarily xfrm: Use xdo.dev instead of xdo.real_dev Cristian Ciocaltea (2): phy: rockchip: samsung-hdptx: Fix clock ratio setup phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors Dan Carpenter (6): wifi: ath12k: Fix buffer overflow in debugfs of: unittest: Unlock on error in unittest_data_add() remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniele Palmas (1): net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Danilo Krummrich (1): rust: alloc: add missing invariant in Vec::set_len() Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Chinner (1): xfs: don't assume perags are initialised when trimming AGs Dave Penkler (1): usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 David Lechner (1): dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Detlev Casanova (1): media: verisilicon: Free post processor buffers on error Di Shen (1): bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" Dmitry Antipov (3): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Dmitry Baryshkov (6): drm/msm/dpu: enable SmartDMA on SM8150 drm/msm/dpu: enable SmartDMA on SC8180X ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device ARM: dts: qcom: apq8064: move replicator out of soc node arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dr. David Alan Gilbert (1): Bluetooth: MGMT: Remove unused mgmt_pending_find_data Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Easwar Hariharan (1): wifi: ath11k: convert timeouts to secs_to_jiffies() Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Emil Tantilov (1): idpf: avoid mailbox timeout delays during reset Eric Dumazet (6): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Feng Yang (1): libbpf: Fix event name too long error Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Filipe Manana (3): btrfs: fix invalid data space release when truncating block in NOCOW mode btrfs: exit after state insertion failure at btrfs_convert_extent_bit() btrfs: exit after state split error at set_extent_bit() Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (5): netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_tables: nft_fib: consistent l3mdev handling netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Francesco Dolcini (1): Revert "wifi: mwifiex: Fix HT40 bandwidth issue." Félix Piédallu (2): spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted Gaurav Batra (1): powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view Gautham R. Shenoy (1): tools/power turbostat: Fix AMD package-energy reporting Geert Uytterhoeven (1): spi: sh-msiof: Fix maximum DMA transfer size Greg Kroah-Hartman (5): ALSA: core: fix up bus match const issues. net: phy: fix up const issues in to_mdio_device() and to_phy_device() USB: gadget: udc: fix const issue in gadget_match_driver() USB: typec: fix const issue in typec_match() Linux 6.12.34 Gustavo A. R. Silva (1): overflow: Fix direct struct member initialization in _DEFINE_FLEX() Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Hans de Goede (1): mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (2): octeontx2-pf: QOS: Perform cache sync on send queue teardown octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Henry Martin (7): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (5): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: api - Redo lookup on EEXIST Hongbo Li (1): erofs: fix file handle encoding for 64-bit NIDs Hongbo Yao (2): perf: arm-ni: Unregister PMUs on probe failure perf: arm-ni: Fix missing platform_set_drvdata() Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ian Forbes (2): drm/vmwgfx: Add seqno waiter for sync_files drm/vmwgfx: Fix dumb buffer leak Ian Rogers (3): perf symbol-minimal: Fix double free in filename__read_build_id perf symbol: Fix use-after-free in filename__read_build_id perf callchain: Always populate the addr_location map when adding IP Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilan Peer (1): wifi: iwlfiwi: mvm: Fix the rate reporting Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jaegeuk Kim (1): f2fs: clean up unnecessary indentation Jakub Kicinski (1): net: drv: netdevsim: don't napi_complete() from netpoll Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jason-JH Lin (1): mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jerome Brunet (2): PCI: rcar-gen4: set ep BAR4 fixed size PCI: endpoint: Retain fixed-size BAR size as well as aligned size Jesus Narvaez (2): drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h drm/i915/guc: Handle race condition where wakeref count drops below 0 Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (2): powerpc: do not build ppc_save_regs.o always tty: serial: 8250_omap: fix TX with DMA for am33xx Joel Stanley (1): ARM: aspeed: Don't select SRAM John Stultz (1): sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks Jonas Gorski (4): net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: allow RGMII for bcm63xx RGMII ports net: dsa: b53: do not touch DLL_IQQD on bcm53115 net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0 Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Stroud (1): usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Jouni Högander (1): drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP Julien Massot (3): ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junhao He (1): coresight: Fixes device's owner field for registered using coresight_init_driver() Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kailang Yang (1): ALSA: hda/realtek - Support mute led function for HP platform Kees Cook (8): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Bluetooth: btintel: Check dsbr size from EFI variable randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition overflow: Introduce __DEFINE_FLEX for having no initializer Keisuke Nishimura (1): drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource Keith Busch (2): nvme: fix command limits status code io_uring: consistently use rcu semantics with sqpoll thread Kiran K (1): Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers Konrad Dybcio (2): drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Krzysztof Kozlowski (1): dt-bindings: pwm: Correct indentation and style in DTS example Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lachlan Hodges (1): wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Lizhi Xu (1): fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr Longfang Liu (3): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (1): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Luca Weiss (5): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Luis Gerhorst (1): selftests/bpf: Fix caps for __xlated/jited_unpriv Luiz Augusto von Dentz (8): Bluetooth: ISO: Fix not using SID from adv report Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: eir: Fix possible crashes on eir_create_adv_data Bluetooth: MGMT: Fix sparse errors Maharaja Kennadyrajan (1): wifi: ath12k: fix node corruption in ar->arvifs list Marcus Folkesson (1): iio: adc: mcp3911: fix device dependent mappings for conversion result registers Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Marius Cristea (1): iio: adc: PAC1934: fix typo in documentation link Mark Brown (2): arm64/fpsimd: Discard stale CPU state when handling SME traps arm64/fpsimd: Don't corrupt FPMR when streaming mode changes Mark Kettenis (1): arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent Mark Rutland (6): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP arm64/fpsimd: Reset FPMR upon exec() arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused arm64/fpsimd: Do not discard modified SVE state Martin Blumenstingl (4): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (1): ASoC: apple: mca: Constrain channels according to TDM mask Masami Hiramatsu (Google) (1): x86/insn: Fix opcode map (!REX2) superscript tags Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Wilcox (Oracle) (3): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios 9p: Add a migrate_folio method Maxime Ripard (1): drm/vc4: tests: Use return instead of assert Meghana Malladi (1): net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces. Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Michael Lo (1): wifi: mt76: mt7925: ensure all MCU commands wait for response Michael Petlan (1): perf tests: Fix 'perf report' tests installation Michael Walle (1): drm/panel-simple: fix the warnings for the Evervision VGG644804 Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Miguel Ojeda (1): objtool/rust: relax slice condition to cover more `noreturn` Rust functions Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Ming Lei (2): loop: add file_start_write() and file_end_write() block: use q->elevator with ->elevator_lock held in elv_iosched_show() Ming Yen Hsieh (2): wifi: mt76: mt7925: prevent multiple scan commands wifi: mt76: mt7925: refine the sniffer commnad Mingcong Bai (1): ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[] Mirco Barone (1): wireguard: device: enable threaded NAPI Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Namhyung Kim (1): perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Neil Armstrong (2): arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Frattaroli (1): mmc: sdhci-of-dwcmshc: add PD workaround on RK3576 Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitesh Shetty (1): iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nylon Chen (1): riscv: misaligned: fix sleeping function called during misaligned access handling Nícolas F. R. A. Prado (3): kselftest: cpufreq: Get rid of double suspend in rtcwake case arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (4): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - undo runtime PM changes during driver removal crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (4): wifi: ath12k: Fix memory leak during vdev_id mismatch wifi: ath12k: Fix invalid memory access while forming 802.11 header wifi: ath12k: Add MSDU length validation for TKIP MIC error wifi: ath12k: refactor ath12k_hw_regs structure Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: prevent overflow in lookup table allocation Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Pauli Virtanen (1): Bluetooth: hci_core: fix list_for_each_entry_rcu usage Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peng Fan (1): mailbox: imx: Fix TXDB_V2 sending Penglei Jiang (1): io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() Peter Chiu (1): wifi: mt76: mt7996: set EHT max ampdu length capability Peter Griffin (3): pinctrl: samsung: refactor drvdata suspend & resume callbacks pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks Peter Korsgaard (1): nvmem: zynqmp_nvmem: unbreak driver after cleanup Peter Robinson (2): arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (2): sched: Fix trace_sched_switch(.prev_state) perf: Ensure bpf_perf_link path is properly serialized Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Pin-yen Lin (1): arm64: dts: mt8183: Add port node to mt8183.dtsi Ping-Ke Shih (1): wifi: rtw89: pci: enlarge retry times of RX tag to 1000 Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Qasim Ijaz (1): fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id RD Babiera (1): usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Raj Kumar Bhagat (1): wifi: ath12k: fix cleanup path after mhi init Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramasamy Kaliappan (1): wifi: ath12k: Fix the QoS control field offset to build QoS header Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Rob Herring (Arm) (1): dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Rodrigo Vivi (1): drm/xe: Make xe_gt_freq part of the Documentation Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sandipan Das (2): perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member perf/x86/amd/uncore: Prevent UMC counters from saturating Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sarika Sharma (1): wifi: ath12k: fix invalid access to memory Sean Christopherson (1): x86/irq: Ensure initial PIR loads are performed exactly once Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shayne Chen (1): wifi: mt76: mt7996: fix RX buffer size of MCU event Sheng Yong (1): erofs: avoid using multiple devices with different type Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Siddharth Vadapalli (2): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick} Stefan Binding (2): ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA Stefano Garzarella (1): vsock/virtio: fix `rx_bytes` accounting for stream sockets Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (3): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown arm64: dts: qcom: x1e80100: Add GPU cooling Steven Rostedt (4): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() ring-buffer: Do not trigger WARN_ON() due to a commit_overrun ring-buffer: Move cpus_read_lock() outside of buffer->mutex Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Suraj Gupta (1): net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit Tao Chen (3): bpf: Check link_create.flags parameter for multi_kprobe libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Tengteng Yang (1): Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Terry Tritton (1): selftests/seccomp: fix negative_ENOSYS tracer tests on arm32 Thangaraj Samynathan (2): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy net: lan743x: Fix PHY reset handling during initialization and WOL Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Weißschuh (1): kunit/usercopy: Disable u64 test on 32-bit SPARC Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Toke Høiland-Jørgensen (3): page_pool: Move pp_magic check into helper functions page_pool: Track DMA-mapped pages and unmap them when destroying the pool wifi: ath9k_htc: Abort software beacon handling if disabled Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Ulf Hansson (1): pmdomain: core: Introduce dev_pm_genpd_rpm_always_on() Uwe Kleine-König (2): iio: adc: ad7124: Fix 3dB filter frequency reading dt-bindings: pwm: adi,axi-pwmgen: Increase #pwm-cells to 3 Varadarajan Narayanan (1): arm64: dts: qcom: ipq9574: Fix USB vdd info Vignesh Raman (1): arm64: defconfig: mediatek: enable PHY drivers Vijendar Mukunda (1): ASoC: SOF: amd: add missing acp descriptor field Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xin Li (Intel) (1): x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler Yabin Cui (1): coresight: catu: Introduce refcount and spinlock for enabling/disabling Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yaxiong Tian (1): PM: EM: Fix potential division-by-zero error in em_compute_costs() Yeoreum Yun (1): coresight: prevent deactivate active config while enabling the config Yevgeny Kliteynik (1): net/mlx5: HWS, fix missing ip_version handling in definer Yi Zhang (1): scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels YiFei Zhu (1): bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yu Kuai (2): brd: fix aligned_sector from brd_do_discard() brd: fix discard end sector Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhe Qiao (1): PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() yohan.joung (1): f2fs: prevent the current section from being selected as a victim during GC Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

3 months

1
1
0 0

Linux 6.6.94

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.94 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/usb/cypress,hx3.yaml | 19 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 15 arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 +- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/renesas/r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 19 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 166 +++++++ arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/include/asm/fpsimd.h | 3 arch/arm64/kernel/entry-common.c | 46 +- arch/arm64/kernel/fpsimd.c | 21 arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/net/bpf_jit_comp.c | 12 arch/x86/include/asm/mwait.h | 9 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/process.c | 15 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/base/power/domain.c | 2 drivers/base/power/main.c | 3 drivers/bluetooth/hci_qca.c | 14 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/dma/ti/k3-udma.c | 3 drivers/edac/i10nm_base.c | 35 - drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 + drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 - drivers/gpu/drm/meson/meson_vclk.c | 226 +++++----- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 + drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 + drivers/hid/hid-hyperv.c | 4 drivers/hid/usbhid/hid-core.c | 25 - drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 49 +- drivers/iio/adc/ad7124.c | 4 drivers/iio/filter/admv8818.c | 224 +++++++-- drivers/infiniband/core/cm.c | 16 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 + drivers/input/rmi4/rmi_f34.c | 135 +++-- drivers/iommu/Kconfig | 1 drivers/iommu/iommu.c | 4 drivers/md/dm-flakey.c | 70 +-- drivers/md/dm.c | 30 - drivers/mfd/exynos-lpass.c | 1 drivers/mfd/stmpe-spi.c | 2 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 25 - drivers/net/dsa/b53/b53_common.c | 23 - drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_main.c | 47 +- drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++++-- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/microchip/lan743x_main.c | 4 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +- drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/macsec.c | 40 + drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 + drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 - drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 62 +- drivers/net/wireless/ath/ath11k/mac.c | 4 drivers/net/wireless/ath/ath11k/wmi.c | 2 drivers/net/wireless/ath/ath12k/core.c | 8 drivers/net/wireless/ath/ath12k/dp_rx.c | 9 drivers/net/wireless/ath/ath12k/wmi.c | 3 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/target/fcloop.c | 31 - drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/pci.c | 2 drivers/pci/pcie/dpc.c | 2 drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/power/reset/at91-reset.c | 5 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 - drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 - drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 - drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thunderbolt/ctl.c | 5 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/jsm/jsm_tty.c | 1 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 81 ++- drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 21 drivers/usb/core/hub.c | 16 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/renesas_usbhs/common.c | 50 +- drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 ++- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/watchdog/exar_wdt.c | 2 drivers/xen/balloon.c | 13 fs/btrfs/scrub.c | 34 + fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/namei.c | 10 fs/f2fs/super.c | 4 fs/filesystems.c | 14 fs/gfs2/inode.c | 3 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/namespace.c | 25 - fs/nfs/super.c | 19 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ocfs2/quota_local.c | 2 fs/smb/client/cifssmb.c | 20 fs/squashfs/super.c | 5 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bvec.h | 7 include/linux/hid.h | 3 include/linux/io_uring_types.h | 3 include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/phy.h | 5 include/net/bluetooth/hci_core.h | 2 include/net/sock.h | 7 io_uring/io_uring.c | 10 io_uring/io_uring.h | 12 io_uring/kbuf.c | 3 io_uring/poll.c | 2 io_uring/rw.c | 26 - kernel/bpf/core.c | 29 - kernel/events/core.c | 50 +- kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 2 kernel/trace/trace.c | 2 kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 ++++- kernel/trace/trace_events_trigger.c | 20 lib/kunit/static_stub.c | 2 mm/kasan/report.c | 4 mm/kasan/shadow.c | 2 net/bluetooth/eir.c | 10 net/bluetooth/hci_core.c | 16 net/bluetooth/hci_sync.c | 20 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 140 ++---- net/bluetooth/mgmt_util.c | 49 +- net/bluetooth/mgmt_util.h | 8 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/skmsg.c | 53 +- net/dsa/tag_brcm.c | 2 net/ipv4/udp_offload.c | 5 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 13 net/ipv6/seg6_local.c | 6 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 - net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_state.c | 2 scripts/Makefile.extrawarn | 12 scripts/gcc-plugins/gcc-common.h | 32 + scripts/gcc-plugins/randomize_layout_plugin.c | 40 - sound/soc/apple/mca.c | 23 + sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 2 sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 tools/arch/x86/kcpuid/kcpuid.c | 47 +- tools/bpf/resolve_btfids/Makefile | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 5 tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 tools/perf/Makefile.config | 2 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 5 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 ++++++++- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/seccomp/seccomp_bpf.c | 7 338 files changed, 3244 insertions(+), 1524 deletions(-) Aaron Kling (1): arm64: tegra: Drop remaining serial clock-names and reset-names Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Al Viro (3): path_overmount(): avoid false negatives fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (1): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (1): dt-bindings: vendor-prefixes: Add Liontron name Andreas Gruenbacher (1): gfs2: gfs2_create_inode error handling fix Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrey Konovalov (1): kasan: use unchecked __memset internally Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access AngeloGioacchino Del Regno (4): drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Anubhav Shelat (1): perf trace: Always print return value for syscalls returning a pid Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Aurabindo Pillai (1): Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Baochen Qiang (3): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started Bartosz Golaszewski (1): Bluetooth: hci_qca: move the SoC type check to the right place Beleswar Padhi (1): arm64: dts: ti: k3-j721e-sk: Add support for multiple CAN instances Benjamin Marzinski (4): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (1): PCI/DPC: Initialize aer_err_info before using it Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Cezary Rojewski (3): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ASoC: Intel: avs: Verify content returned by parse_int_array() Chao Yu (3): f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Chenyuan Yang (1): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Christophe JAILLET (2): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Claudiu Beznea (3): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (1): xfrm: Use xdo.dev instead of xdo.real_dev Dan Carpenter (5): remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Penkler (2): usb: usbtmc: Fix timeout value in get_stb usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Dmitry Antipov (2): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Dmitry Baryshkov (2): ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dr. David Alan Gilbert (1): Bluetooth: MGMT: Remove unused mgmt_pending_find_data Dustin Lundquist (1): serial: jsm: fix NPE during jsm_uart_port_init Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Easwar Hariharan (1): wifi: ath11k: convert timeouts to secs_to_jiffies() Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Eric Dumazet (6): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (3): netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Gabor Juhos (2): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Geert Uytterhoeven (1): spi: sh-msiof: Fix maximum DMA transfer size Greg Kroah-Hartman (3): net: phy: fix up const issues in to_mdio_device() and to_phy_device() Revert "io_uring: ensure deferred completions are posted for multishot" Linux 6.6.94 Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (1): octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Henry Martin (6): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (4): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ian Forbes (1): drm/vmwgfx: Add seqno waiter for sync_files Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jeff Johnson (1): wifi: ath11k: fix soc_dp_stats debugfs file permission Jens Axboe (3): io_uring: add io_file_can_poll() helper io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT io_uring/rw: fix wrong NOWAIT check in io_rw_init_file() Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (1): powerpc: do not build ppc_save_regs.o always Joel Stanley (1): ARM: aspeed: Don't select SRAM Jonas Gorski (2): net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Judith Mendez (2): arm64: dts: ti: k3-am65-main: Fix sdhci node properties arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Julien Massot (2): arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kees Cook (6): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Longfang Liu (3): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (1): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Luca Weiss (5): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Luiz Augusto von Dentz (6): Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: MGMT: Fix sparse errors Lukasz Czechowski (1): dt-bindings: usb: cypress,hx3: Add support for all variants Maharaja Kennadyrajan (1): wifi: ath12k: fix node corruption in ar->arvifs list Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Mark Brown (1): arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland (3): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Do not discard modified SVE state Martin Blumenstingl (4): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (1): ASoC: apple: mca: Constrain channels according to TDM mask Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Wilcox (Oracle) (2): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios Maxime Ripard (1): drm/vc4: tests: Use return instead of assert Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Mirco Barone (1): wireguard: device: enable threaded NAPI Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Namhyung Kim (1): perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Nathan Chancellor (1): kbuild: Disable -Wdefault-const-init-unsafe Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nícolas F. R. A. Prado (2): arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (3): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (1): wifi: ath12k: Add MSDU length validation for TKIP MIC error Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Pan Taixi (1): tracing: Fix compilation warning on arm32 Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Pauli Virtanen (1): Bluetooth: hci_core: fix list_for_each_entry_rcu usage Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peter Chiu (1): wifi: mt76: mt7996: set EHT max ampdu length capability Peter Robinson (1): arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (1): perf: Ensure bpf_perf_link path is properly serialized Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Qasim Ijaz (2): usb: typec: ucsi: fix Clang -Wsign-conversion warning fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shayne Chen (1): wifi: mt76: mt7996: fix RX buffer size of MCU event Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Siddharth Vadapalli (1): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (1): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Steven Rostedt (2): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Tao Chen (2): libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Thangaraj Samynathan (1): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Abort software beacon handling if disabled Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Vaishnav Achath (1): arm64: dts: ti: k3-j721e-sk: Model CSI2RX connector mux Vignesh Raman (1): arm64: defconfig: mediatek: enable PHY drivers Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xu Yang (1): dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yemike Abhilash Chandra (1): arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Yeoreum Yun (1): coresight: prevent deactivate active config while enabling the config Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

3 months

1
1
0 0

[PATCH] sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

by Jeff Layton

tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash. Cc: stable(a)vger.kernel.org Fixes: 29cd2927fb91 ("SUNRPC: Fix encoding of accepted but unsuccessful RPC replies") Reported-by: tianshuo han <hantianshuo233(a)gmail.com> Reviewed-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Jeff Layton <jlayton(a)kernel.org> --- This should be more correct. Unfortunately, I don't know of any testcases for low-level RPC error handling. That seems like something that would be nice to do with pynfs or similar though. --- net/sunrpc/svc.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index 939b6239df8ab6229ce34836d77d3a6b983fbbb7..99050ab1435148ac5d52b697ab1a771b9e948143 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -1375,7 +1375,8 @@ svc_process_common(struct svc_rqst *rqstp) case SVC_OK: break; case SVC_GARBAGE: - goto err_garbage_args; + rqstp->rq_auth_stat = rpc_autherr_badcred; + goto err_bad_auth; case SVC_SYSERR: goto err_system_err; case SVC_DENIED: @@ -1516,14 +1517,6 @@ svc_process_common(struct svc_rqst *rqstp) *rqstp->rq_accept_statp = rpc_proc_unavail; goto sendit; -err_garbage_args: - svc_printk(rqstp, "failed to decode RPC header\n"); - - if (serv->sv_stats) - serv->sv_stats->rpcbadfmt++; - *rqstp->rq_accept_statp = rpc_garbage_args; - goto sendit; - err_system_err: if (serv->sv_stats) serv->sv_stats->rpcbadfmt++; --- base-commit: 9afe652958c3ee88f24df1e4a97f298afce89407 change-id: 20250617-rpc-6-16-cc7a23e9c961 Best regards, -- Jeff Layton <jlayton(a)kernel.org>

3 months

2
1
0 0

[PATCH v1 1/2] usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed

by Roy Luo

xhci_reset() currently returns -ENODEV if XHCI_STATE_REMOVING is set, without completing the xhci handshake, unless the reset completes exceptionally quickly. This behavior causes a regression on Synopsys DWC3 USB controllers with dual-role capabilities. Specifically, when a DWC3 controller exits host mode and removes xhci while a reset is still in progress, and then attempts to configure its hardware for device mode, the ongoing, incomplete reset leads to critical register access issues. All register reads return zero, not just within the xHCI register space (which might be expected during a reset), but across the entire DWC3 IP block. This patch addresses the issue by preventing xhci_reset() from being called in xhci_resume() and bailing out early in the reinit flow when XHCI_STATE_REMOVING is set. Cc: stable(a)vger.kernel.org Fixes: 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") Suggested-by: Mathias Nyman <mathias.nyman(a)intel.com> Signed-off-by: Roy Luo <royluo(a)google.com> --- drivers/usb/host/xhci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 90eb491267b5..244b12eafd95 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1084,7 +1084,10 @@ int xhci_resume(struct xhci_hcd *xhci, bool power_lost, bool is_auto_resume) xhci_dbg(xhci, "Stop HCD\n"); xhci_halt(xhci); xhci_zero_64b_regs(xhci); - retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); + if (xhci->xhc_state & XHCI_STATE_REMOVING) + retval = -ENODEV; + else + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); spin_unlock_irq(&xhci->lock); if (retval) return retval; -- 2.49.0.1204.g71687c7c1d-goog

3 months

4
8
0 0

[PATCH 0/7] KVM: arm64: trap fixes and cleanup

by Mark Rutland

This series fixes some issues with the way KVM manages traps in VHE mode, with some cleanups/simplifications atop. Patch 1 fixes a theoretical issue with debug register manipulation, which has been around forever. This was found by inspection while working on other fixes. Patch 2 fixes an issue with NV where a host may take unexpected traps as a result of a guest hypervisor's configuration of CPTR_EL2. Patch 5 fixes an issue with NV where a guest hypervisor's configuration of CPTR_EL2 may not be taken into account when running a guest guest, incorrectly permitting usage of SVE when this should be trapped to the guest hypervisor. The other patches in the series are prepartory work and cleanup. Originally I intended to simplify/cleanup to kvm_hyp_handle_fpsimd() and kvm_hyp_save_fpsimd_host(), as discussed with Will on an earlier series: https://lore.kernel.org/linux-arm-kernel/20250210161242.GC7568@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6owjEPNaJ55e9LM@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/20250210180637.GA7926@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6pbeIsIMWexiDta@J2N7QTR9R3/ In the process of implementing that, I realised that the CPTR trap management wasn't quite right for NV, and found the potential issue with debug register configuration. I've given the series some light testing on a fast model so far; any further testing and/or review would be much appreciated. The series is based on the 'kvmarm-fixes-6.16-2' tag from the kvmarm tree. Mark. Mark Rutland (7): KVM: arm64: VHE: Synchronize restore of host debug registers KVM: arm64: VHE: Synchronize CPTR trap deactivation KVM: arm64: Reorganise CPTR trap manipulation KVM: arm64: Remove ad-hoc CPTR manipulation from fpsimd_sve_sync() KVM: arm64: Remove ad-hoc CPTR manipulation from kvm_hyp_handle_fpsimd() KVM: arm64: Remove cpacr_clear_set() KVM: arm64: VHE: Centralize ISBs when returning to host arch/arm64/include/asm/kvm_emulate.h | 62 ---------- arch/arm64/include/asm/kvm_host.h | 6 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 147 ++++++++++++++++++++++-- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 5 +- arch/arm64/kvm/hyp/nvhe/switch.c | 59 ---------- arch/arm64/kvm/hyp/vhe/switch.c | 107 +++-------------- 6 files changed, 158 insertions(+), 228 deletions(-) -- 2.30.2

3 months

2
8
0 0

[PATCH V3 2/2] PCI: Prevent LS7A Bus Master clearing on kexec

by Huacai Chen

This is similar to commit 62b6dee1b44a ("PCI/portdrv: Prevent LS7A Bus Master clearing on shutdown"), which prevents LS7A Bus Master clearing on kexec. The key point of this is to work around the LS7A defect that clearing PCI_COMMAND_MASTER prevents MMIO requests from going downstream, and we may need to do that even after .shutdown(), e.g., to print console messages. And in this case we rely on .shutdown() for the downstream devices to disable interrupts and DMA. Only skip Bus Master clearing on bridges because endpoint devices still need it. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ming Wang <wangming01(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index 602838416e6a..8a1e32367a06 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -517,7 +517,7 @@ static void pci_device_shutdown(struct device *dev) * If it is not a kexec reboot, firmware will hit the PCI * devices with big hammer and stop their DMA any way. */ - if (kexec_in_progress && (pci_dev->current_state <= PCI_D3hot)) + if (kexec_in_progress && !pci_is_bridge(pci_dev) && (pci_dev->current_state <= PCI_D3hot)) pci_clear_master(pci_dev); } -- 2.47.1

3 months

3
2
0 0