- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.56 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 Makefile | 6 arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 3 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/mm/copypage.c | 9 arch/arm64/tools/sysreg | 4 arch/m68k/include/asm/bitops.h | 25 - arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 arch/powerpc/include/asm/pgtable.h | 12 arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/cpu.c | 4 arch/riscv/kernel/sys_hwprobe.c | 6 arch/s390/mm/pgalloc.c | 13 arch/x86/kernel/cpu/microcode/amd.c | 2 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 +++-- drivers/block/nbd.c | 15 drivers/bluetooth/btintel.c | 28 - drivers/bluetooth/btintel.h | 3 drivers/comedi/comedi_buf.c | 2 drivers/cpuidle/governors/menu.c | 21 drivers/firmware/arm_scmi/common.h | 24 - drivers/firmware/arm_scmi/driver.c | 47 -- drivers/gpio/gpio-104-idio-16.c | 1 drivers/gpio/gpio-ljca.c | 14 drivers/gpio/gpio-pci-idio-16.c | 1 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h | 8 drivers/gpu/drm/drm_panic.c | 8 drivers/gpu/drm/panthor/panthor_mmu.c | 10 drivers/hwmon/sht3x.c | 27 - drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 drivers/net/bonding/bond_main.c | 40 - drivers/net/can/bxcan.c | 2 drivers/net/can/dev/netlink.c | 6 drivers/net/can/esd/esdacc.c | 2 drivers/net/can/rockchip/rockchip_canfd-tx.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.c | 25 - drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en.h | 7 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h | 6 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 5 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 25 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 128 +++-- drivers/net/ethernet/renesas/ravb_main.c | 24 - drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/ethernet/ti/am65-cpts.c | 63 +- drivers/net/phy/micrel.c | 4 drivers/net/usb/rtl8150.c | 11 drivers/pci/pci.c | 6 drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 drivers/platform/x86/amd/hsmp.c | 5 drivers/ptp/ptp_ocp.c | 2 drivers/spi/spi-airoha-snfi.c | 280 +++++++----- drivers/spi/spi-nxp-fspi.c | 6 drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/8250/8250_mtk.c | 6 drivers/tty/serial/sc16is7xx.c | 7 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/xhci-dbgcap.c | 15 drivers/usb/serial/option.c | 10 drivers/usb/typec/tcpm/tcpm.c | 4 fs/btrfs/super.c | 8 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/gfs2/lock_dlm.c | 11 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 - fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 - fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 + fs/hfsplus/super.c | 25 - fs/notify/fdinfo.c | 6 fs/ocfs2/move_extents.c | 5 fs/smb/client/cifsglob.h | 2 fs/smb/server/transport_ipc.c | 8 fs/smb/server/transport_rdma.c | 11 fs/xfs/scrub/nlinks.c | 34 + fs/xfs/xfs_super.c | 33 - io_uring/fdinfo.c | 8 io_uring/filetable.c | 2 io_uring/sqpoll.c | 65 +- io_uring/sqpoll.h | 1 kernel/dma/debug.c | 5 kernel/power/energy_model.c | 58 +- kernel/sched/sched.h | 2 mm/huge_memory.c | 3 mm/migrate.c | 3 mm/slub.c | 23 net/core/rtnetlink.c | 3 net/sctp/inqueue.c | 13 net/smc/smc_inet.c | 13 net/vmw_vsock/af_vsock.c | 38 - tools/objtool/check.c | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 tools/testing/selftests/net/sctp_hello.c | 17 tools/testing/selftests/net/sctp_vrf.sh | 73 +-- 114 files changed, 1176 insertions(+), 688 deletions(-) Akash Goel (1): drm/panthor: Fix kernel panic on partial unmap of a GPU VA region Aksh Garg (1): net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (1): sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (1): io_uring: correct __must_hold annotation in io_install_fixed_file Amery Hung (2): net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Andreas Gruenbacher (1): gfs2: Fix unlikely race in gdlm_put_lock Andrew Cooper (1): x86/microcode: Fix Entrysign revision check for Zen1/Naples Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (1): sched: Remove never used code in mm_cid_get() Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (2): firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode serial: 8250_dw: handle reset control deassert error Carolina Jubran (1): net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead Catalin Marinas (1): arm64: mte: Do not warn if the page is already tagged in copy_highpage() Charlene Liu (1): drm/amd/display: increase max link count and fix link->enc NULL pointer access Christian Loehle (1): PM: EM: Fix late boot with holes in CPU topology Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Cristian Marussi (1): firmware: arm_scmi: Account for failed debug initialization Daniel Golle (1): serial: 8250_mtk: Enable baud clock and manage in runtime PM Darrick J. Wong (2): xfs: fix locking in xchk_nlinks_collect_dir xfs: always warn about deprecated mount options David Howells (1): cifs: Fix TCP_Server_Info::credits to be signed Deepanshu Kartikey (2): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dewei Meng (1): btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Fuad Tabba (1): arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 6.12.56 Guenter Roeck (1): hwmon: (sht3x) Fix error handling Han Xu (1): spi: spi-nxp-fspi: add extra delay after dll locked Hao Ge (2): slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts slab: Fix obj_ext mistakenly considered NULL due to race condition Haotian Zhang (1): gpio: ljca: Fix duplicated IRQ mapping Heiko Carstens (1): s390/mm: Use __GFP_ACCOUNT for user page table allocations Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Hugo Villeneuve (1): serial: sc16is7xx: remove useless enable of enhanced features Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jakub Acs (1): fs/notify: call exportfs_encode_fid with s_umount Jens Axboe (2): io_uring/sqpoll: switch away from getrusage() for CPU accounting io_uring/sqpoll: be smarter on when to update the stime usage Jianpeng Chang (1): net: enetc: fix the deadlock of enetc_mdio_lock Jiasheng Jiang (1): ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop Jocelyn Falempe (2): drm/panic: Fix drawing the logo on a small narrow screen drm/panic: Fix qr_code, ensure vmargin is positive Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kees Cook (1): PCI: Test for bit underflow in pcie_set_readrq() Kiran K (1): Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP Krzysztof Kozlowski (1): arm64: dts: broadcom: bcm2712: Add default GIC address cells LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Linus Torvalds (1): Unbreak 'make tools/*' for user-space targets Lorenzo Bianconi (1): spi: airoha: do not keep {tx,rx} dma buffer always mapped Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (4): can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: netlink: can_changelink(): allow disabling of automatic restart Marek Szyprowski (1): dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Mathias Nyman (2): xhci: dbc: enable back DbC in resume if it was enabled before suspend xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Matthieu Baerts (NGI0) (2): selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported Michael Grzeschik (1): tcpm: switch check for role_sw device with fw_node Michal Pecio (1): net: usb: rtl8150: Fix frame padding Miguel Ojeda (1): objtool/rust: add one more `noreturn` Rust function Mikhail Kshevetskiy (4): spi: airoha: return an error for continuous mode dirmap creation cases spi: airoha: add support of dual/quad wires spi modes to exec_op() handler spi: airoha: switch back to non-dma mode in the case of error spi: airoha: fix reading/writing of flashes with more than one plane per lun Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Ondrej Mosnacek (1): nbd: override creds to kernel when calling sock_{send,recv}msg() Patrisious Haddad (1): net/mlx5: Fix IPsec cleanup over MPV device Paul Walmsley (1): riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id() Peter Robinson (1): arm64: dts: broadcom: bcm2712: Define VGIC interrupt Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Qiuxu Zhuo (1): mm: prevent poison consumption when splitting THP Rafael J. Wysocki (4): PM: EM: Drop unused parameter from em_adjust_new_capacity() PM: EM: Slightly reduce em_check_capacity_update() overhead PM: EM: Move CPU capacity check to em_adjust_new_capacity() Revert "cpuidle: menu: Avoid discarding useful information" Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Robert Marko (1): net: phy: micrel: always set shared->phydev for LAN8814 Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (1): smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Suma Hegde (1): platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (5): hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Wang Liang (1): net/smc: fix general protection fault in __smc_diag_dump Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Breathitt Gray (2): gpio: pci-idio-16: Define maximum valid register address offset gpio: 104-idio-16: Define maximum valid register address offset Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xichao Zhao (1): exec: Fix incorrect type for ret Xin Long (1): selftests: net: fix server bind failure in sctp_vrf.sh Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yicong Yang (1): drivers/perf: hisi: Relax the event ID check in the framework

6 days, 15 hours

1
1
0 0

Linux 6.6.115

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.115 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 Makefile | 6 arch/arm64/include/asm/pgtable.h | 3 arch/m68k/include/asm/bitops.h | 25 - arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 arch/powerpc/include/asm/pgtable.h | 12 arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/cpu.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/cpu/resctrl/monitor.c | 8 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 ++++--- drivers/comedi/comedi_buf.c | 2 drivers/cpuidle/governors/menu.c | 21 - drivers/firmware/arm_scmi/common.h | 24 + drivers/firmware/arm_scmi/driver.c | 47 -- drivers/gpio/Kconfig | 4 drivers/gpio/gpio-104-idio-16.c | 1 drivers/gpio/gpio-ljca.c | 250 +++++++------ drivers/gpio/gpio-pci-idio-16.c | 1 drivers/hwmon/sht3x.c | 27 - drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 drivers/net/bonding/bond_main.c | 40 -- drivers/net/can/bxcan.c | 2 drivers/net/can/dev/netlink.c | 6 drivers/net/ethernet/amazon/ena/ena_netdev.c | 2 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.c | 27 + drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/freescale/fec_main.c | 2 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 drivers/net/ethernet/intel/ice/ice_txrx_lib.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 2 drivers/net/ethernet/marvell/mvneta.c | 2 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en.h | 7 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h | 6 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 128 ++++-- drivers/net/ethernet/netronome/nfp/nfd3/xsk.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 24 + drivers/net/ethernet/sfc/efx_channels.c | 2 drivers/net/ethernet/sfc/siena/efx_channels.c | 2 drivers/net/ethernet/socionext/netsec.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/ethernet/ti/cpsw_priv.c | 2 drivers/net/usb/rtl8150.c | 11 drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 drivers/s390/cio/device.c | 37 + drivers/spi/spi-nxp-fspi.c | 6 drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/8250/8250_mtk.c | 6 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/xhci-dbgcap.c | 9 drivers/usb/serial/option.c | 10 drivers/usb/typec/tcpm/tcpm.c | 4 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/fuse/dir.c | 2 fs/fuse/file.c | 75 ++- fs/fuse/fuse_i.h | 2 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 + fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 -- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 ++ fs/hfsplus/super.c | 25 - fs/notify/fdinfo.c | 6 fs/ocfs2/move_extents.c | 5 fs/smb/client/cifsglob.h | 2 fs/smb/server/transport_ipc.c | 8 fs/smb/server/transport_rdma.c | 11 fs/xfs/xfs_super.c | 33 + io_uring/filetable.c | 2 kernel/dma/debug.c | 5 kernel/sched/sched.h | 2 net/core/rtnetlink.c | 3 net/sctp/inqueue.c | 13 net/vmw_vsock/af_vsock.c | 38 - tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 tools/testing/selftests/net/sctp_hello.c | 17 tools/testing/selftests/net/sctp_vrf.sh | 85 ++-- 99 files changed, 922 insertions(+), 603 deletions(-) Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (1): sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (1): io_uring: correct __must_hold annotation in io_install_fixed_file Amery Hung (2): net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amir Goldstein (1): fuse: allocate ff->release_args only if release is needed Andrew Cooper (1): x86/microcode: Fix Entrysign revision check for Zen1/Naples Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (1): sched: Remove never used code in mm_cid_get() Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (2): firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode serial: 8250_dw: handle reset control deassert error Babu Moger (1): x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Carolina Jubran (1): net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Cristian Marussi (1): firmware: arm_scmi: Account for failed debug initialization Daniel Golle (1): serial: 8250_mtk: Enable baud clock and manage in runtime PM Darrick J. Wong (2): xfs: always warn about deprecated mount options fuse: fix livelock in synchronous file put from fuseblk workers David Howells (1): cifs: Fix TCP_Server_Info::credits to be signed Deepanshu Kartikey (2): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 6.6.115 Guenter Roeck (1): hwmon: (sht3x) Fix error handling Han Xu (1): spi: spi-nxp-fspi: add extra delay after dll locked Hangbin Liu (1): selftests/net: convert sctp_vrf.sh to run it in unique namespace Haotian Zhang (1): gpio: ljca: Fix duplicated IRQ mapping Haoyu Li (1): gpio: ljca: Initialize num before accessing item in ljca_gpio_config Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jakub Acs (1): fs/notify: call exportfs_encode_fid with s_umount Jianpeng Chang (1): net: enetc: fix the deadlock of enetc_mdio_lock Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Linus Torvalds (1): Unbreak 'make tools/*' for user-space targets Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (2): can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() can: netlink: can_changelink(): allow disabling of automatic restart Marek Szyprowski (1): dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Matthieu Baerts (NGI0) (2): selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported Michael Grzeschik (1): tcpm: switch check for role_sw device with fw_node Michal Pecio (1): net: usb: rtl8150: Fix frame padding Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Rafael J. Wysocki (1): Revert "cpuidle: menu: Avoid discarding useful information" Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Sebastian Andrzej Siewior (1): net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (1): smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (5): hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE Wentong Wu (1): gpio: update Intel LJCA USB GPIO driver William Breathitt Gray (2): gpio: pci-idio-16: Define maximum valid register address offset gpio: 104-idio-16: Define maximum valid register address offset Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xichao Zhao (1): exec: Fix incorrect type for ret Xin Long (1): selftests: net: fix server bind failure in sctp_vrf.sh Xu Yang (1): dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yicong Yang (1): drivers/perf: hisi: Relax the event ID check in the framework

6 days, 15 hours

1
1
0 0

Linux 6.1.158

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.158 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/RCU/Design/Requirements/Requirements.rst | 2 Documentation/arm64/silicon-errata.rst | 2 Documentation/core-api/local_ops.rst | 2 Documentation/kernel-hacking/locking.rst | 17 Documentation/networking/seg6-sysctl.rst | 3 Documentation/timers/hrtimers.rst | 2 Documentation/translations/it_IT/kernel-hacking/locking.rst | 14 Documentation/translations/zh_CN/core-api/local_ops.rst | 2 Makefile | 2 arch/arm/mach-spear/time.c | 8 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/arm64/kernel/cpufeature.c | 10 arch/arm64/kernel/mte.c | 2 arch/m68k/include/asm/bitops.h | 25 arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 arch/powerpc/include/asm/pgtable.h | 12 arch/powerpc/mm/book3s32/mmu.c | 4 arch/powerpc/mm/pgtable_32.c | 2 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/kernel/cpu.c | 4 arch/riscv/kernel/probes/kprobes.c | 13 arch/x86/kernel/cpu/resctrl/monitor.c | 8 drivers/acpi/acpica/tbprint.c | 6 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 +++-- drivers/base/power/runtime.c | 44 + drivers/bluetooth/hci_qca.c | 10 drivers/clocksource/arm_arch_timer.c | 12 drivers/clocksource/timer-sp804.c | 6 drivers/comedi/comedi_buf.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/bridge/lontium-lt9211.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 +-- drivers/gpu/drm/rcar-du/rcar_mipi_dsi.c | 5 drivers/gpu/drm/rcar-du/rcar_mipi_dsi_regs.h | 8 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 drivers/gpu/drm/scheduler/sched_main.c | 13 drivers/hid/hid-input.c | 5 drivers/hid/hid-multitouch.c | 28 - drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 drivers/misc/fastrpc.c | 2 drivers/misc/lkdtm/fortify.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 drivers/net/bonding/bond_main.c | 40 - drivers/net/can/dev/netlink.c | 6 drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/intel/ixgbevf/defines.h | 6 drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 13 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 46 + drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 drivers/net/ethernet/intel/ixgbevf/vf.c | 194 ++++++- drivers/net/ethernet/intel/ixgbevf/vf.h | 5 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/renesas/ravb_main.c | 24 drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 drivers/net/usb/lan78xx.c | 38 + drivers/net/usb/r8152.c | 7 drivers/net/usb/rtl8150.c | 11 drivers/pci/controller/cadence/pci-j721e.c | 64 ++ drivers/pci/controller/dwc/pcie-tegra194.c | 10 drivers/pci/pci-sysfs.c | 10 drivers/phy/cadence/cdns-dphy.c | 131 +++-- drivers/s390/cio/device.c | 37 - drivers/tty/serial/8250/8250_dw.c | 4 drivers/tty/serial/8250/8250_exar.c | 11 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/function/f_acm.c | 42 - drivers/usb/gadget/function/f_ecm.c | 48 - drivers/usb/gadget/function/f_ncm.c | 78 +-- drivers/usb/gadget/function/f_rndis.c | 85 +-- drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/host/xhci-dbgcap.c | 9 drivers/usb/serial/option.c | 10 fs/btrfs/free-space-tree.c | 15 fs/btrfs/relocation.c | 13 fs/dax.c | 2 fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/ext4/ext4_jbd2.c | 11 fs/ext4/inode.c | 8 fs/ext4/super.c | 17 fs/f2fs/data.c | 108 ++-- fs/f2fs/f2fs.h | 6 fs/f2fs/file.c | 16 fs/fuse/dir.c | 2 fs/fuse/file.c | 75 +- fs/fuse/fuse_i.h | 2 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 - fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 - fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 + fs/hfsplus/super.c | 25 fs/hfsplus/unicode.c | 24 fs/jbd2/transaction.c | 13 fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 - fs/nfsd/nfs4xdr.c | 14 fs/nfsd/xdr4.h | 36 + fs/ocfs2/move_extents.c | 5 fs/smb/client/inode.c | 6 fs/smb/client/misc.c | 17 fs/smb/client/smb2ops.c | 8 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/server.h | 1 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_ipc.c | 9 fs/smb/server/transport_rdma.c | 11 fs/smb/server/transport_tcp.c | 69 +- fs/smb/server/transport_tcp.h | 1 fs/xfs/libxfs/xfs_log_format.h | 30 + fs/xfs/xfs_log.c | 8 fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 - fs/xfs/xfs_ondisk.h | 2 fs/xfs/xfs_super.c | 33 - include/linux/cpufreq.h | 3 include/linux/mm.h | 2 include/linux/pci.h | 14 include/linux/pm_runtime.h | 4 include/linux/timer.h | 2 include/linux/usb/gadget.h | 25 include/net/ip_tunnels.h | 15 include/trace/events/f2fs.h | 11 io_uring/filetable.c | 2 kernel/padata.c | 6 kernel/sched/fair.c | 38 - kernel/time/timer.c | 311 +++++++++--- net/core/rtnetlink.c | 3 net/ipv4/ip_tunnel.c | 14 net/ipv4/tcp_output.c | 19 net/ipv6/ip6_tunnel.c | 3 net/sctp/inqueue.c | 13 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 28 - net/vmw_vsock/af_vsock.c | 38 - rust/bindings/bindings_helper.h | 2 rust/bindings/lib.rs | 1 sound/firewire/amdtp-stream.h | 2 sound/soc/codecs/nau8821.c | 53 +- sound/usb/card.c | 10 tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 tools/testing/selftests/vm/map_hugetlb.c | 7 175 files changed, 2091 insertions(+), 1070 deletions(-) Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (2): drm/rockchip: vop2: use correct destination rectangle height check io_uring: correct __must_hold annotation in io_install_fixed_file Amir Goldstein (1): fuse: allocate ff->release_args only if release is needed Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Anup Patel (2): RISC-V: Define pgprot_dmacoherent() for non-coherent devices RISC-V: Don't print details of CPUs disabled in DT Artem Shimko (1): serial: 8250_dw: handle reset control deassert error Babu Moger (1): x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Catalin Marinas (1): arm64: mte: Do not flag the zero page as PG_mte_tagged Christoph Hellwig (5): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures f2fs: add a f2fs_get_block_locked helper f2fs: remove the create argument to f2fs_map_blocks f2fs: factor a f2fs_map_blocks_cached helper Christophe Leroy (1): powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Cristian Ciocaltea (3): ASoC: nau8821: Cancel jdet_work before handling jack ejection ASoC: nau8821: Generalize helper to clear IRQ status ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit Darrick J. Wong (2): fuse: fix livelock in synchronous file put from fuseblk workers xfs: always warn about deprecated mount options David Lechner (1): iio: imu: inv_icm42600: use = { } instead of memset() Deepanshu Kartikey (3): ext4: detect invalid INLINE_DATA + EXTENTS flag combination ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Devarsh Thakkar (2): phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling phy: cadence: cdns-dphy: Update calibration wait time for startup state machine Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Dmitry Torokhov (1): HID: hid-input: only ignore 0 battery events for digitizers Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Eugene Korenevsky (1): cifs: parse_dfs_referrals: prevent oob on malformed input Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (2): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running btrfs: do not assert we found block group item when creating free space tree Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 6.1.158 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Acs (1): mm/ksm: fix flag-dropping behavior in ksm_madvise Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jedrzej Jagielski (2): ixgbevf: fix getting link speed data for E610 devices ixgbevf: fix mailbox API compatibility by negotiating supported features Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Junhao Xie (1): misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Junjie Cao (1): lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kuen-Han Tsai (6): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_rndis: Refactor bind path to use __free() usb: gadget: f_ecm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() usb: gadget: f_ncm: Refactor bind path to use __free() LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (2): net: ravb: Enforce descriptor type ordering net: ravb: Ensure memory write completes before ringing TX doorbell Leon Hwang (1): Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (2): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() can: netlink: can_changelink(): allow disabling of automatic restart Marek Vasut (2): drm/rcar-du: dsi: Fix 1/2/3 lane support drm/bridge: lt9211: Drop check for last nibble of version register Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Matthieu Baerts (NGI0) (2): selftests: mptcp: join: mark 'flush re-add' as skipped if not supported selftests: mptcp: join: mark implicit tests as skipped if not supported Michal Pecio (1): net: usb: rtl8150: Fix frame padding Namjae Jeon (1): ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Nathan Chancellor (1): net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Piotr Kwapulinski (2): PCI: Add PCI_VDEVICE_SUB helper macro ixgbevf: Add support for Intel(R) E610 device Qianchang Zhao (1): ksmbd: transport_ipc: validate payload size before reading handle Rafael J. Wysocki (2): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Sabrina Dubroca (4): tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: wait for pending async decryptions if tls_strp_msg_hold fails tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Sean Nyekjaer (2): iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sebastian Reichel (1): net: stmmac: dwmac-rk: Fix disabling set_clock_selection Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): smb: client: Fix refcount leak for cifs_sb_tlink Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefan Metzmacher (1): smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Steven Rostedt (Google) (4): ARM: spear: Do not use timer namespace for timer_shutdown() function clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function timers: Update the documentation to reflect on the new timer_shutdown() API Thadeu Lima de Souza Cascardo (1): HID: multitouch: fix name of Stylus input devices Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Thomas Fourier (1): crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Gleixner (8): Documentation: Remove bogus claim about del_timer_sync() timers: Replace BUG_ON()s Documentation: Replace del_timer/del_timer_sync() timers: Silently ignore timers with a NULL function timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode timers: Add shutdown mechanism to the internal functions timers: Provide timer_shutdown[_sync]() Bluetooth: hci_qca: Fix the teardown problem for real Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tomi Valkeinen (1): phy: cdns-dphy: Store hs_clk_rate and return it Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Tvrtko Ursulin (1): drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE Xi Ruoyao (1): ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xichao Zhao (1): exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (2): jbd2: ensure that all ongoing I/O complete before freeing blocks ext4: wait for ongoing I/O to complete before freeing blocks

6 days, 15 hours

1
1
0 0

Linux 5.15.196

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.196 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/m68k/include/asm/bitops.h | 25 ++- arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 ++ arch/riscv/kernel/probes/kprobes.c | 13 + block/blk-crypto-fallback.c | 3 drivers/android/binder.c | 11 - drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 ++++++++++++-------- drivers/base/power/runtime.c | 44 ++++++ drivers/comedi/comedi_buf.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpuidle/governors/menu.c | 21 +-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 - drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 - drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++++---------- drivers/hid/hid-multitouch.c | 27 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +---- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 - drivers/net/bonding/bond_main.c | 40 ++--- drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 ++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/usb/aqc111.c | 2 drivers/net/usb/lan78xx.c | 42 ++++-- drivers/net/usb/r8152.c | 9 + drivers/net/usb/rndis_host.c | 2 drivers/net/usb/rtl8150.c | 13 + drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 ++ drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/pci/controller/cadence/pci-j721e.c | 64 +++++++++ drivers/pci/controller/dwc/pcie-designware-ep.c | 1 drivers/pci/controller/dwc/pcie-tegra194.c | 28 +++- drivers/pci/controller/pcie-rcar-host.c | 83 ++++++------ drivers/pci/pci-sysfs.c | 10 + drivers/s390/cio/device.c | 37 +++-- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/usb/core/quirks.c | 2 drivers/usb/gadget/function/f_acm.c | 42 ++---- drivers/usb/gadget/function/f_ncm.c | 78 ++++------- drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/host/xhci-dbgcap.c | 9 + drivers/usb/serial/option.c | 10 + fs/btrfs/relocation.c | 13 + fs/dax.c | 2 fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 fs/fuse/dir.c | 2 fs/fuse/file.c | 75 ++++++---- fs/fuse/fuse_i.h | 2 fs/hfs/bfind.c | 8 + fs/hfs/brec.c | 27 +++ fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 + fs/hfsplus/bnode.c | 41 ----- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 ++++++ fs/hfsplus/super.c | 25 ++- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 + fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 - fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 ++-- fs/nfsd/nfs4xdr.c | 14 -- fs/nfsd/xdr4.h | 36 +++++ fs/ocfs2/move_extents.c | 5 fs/splice.c | 31 ++++ fs/xfs/libxfs/xfs_log_format.h | 30 ++++ fs/xfs/xfs_log.c | 8 - fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 +++- fs/xfs/xfs_ondisk.h | 2 fs/xfs/xfs_super.c | 33 +++- include/linux/cpufreq.h | 3 include/linux/fs.h | 1 include/linux/net.h | 1 include/linux/netdevice.h | 9 + include/linux/pm_runtime.h | 4 include/linux/splice.h | 1 include/linux/usb/gadget.h | 25 +++ include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 9 + include/net/sock.h | 1 include/uapi/linux/netlink.h | 1 kernel/padata.c | 6 kernel/sched/fair.c | 38 ++--- net/core/rtnetlink.c | 81 ++++++++--- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp_output.c | 19 ++ net/ipv6/ip6_tunnel.c | 3 net/sctp/inqueue.c | 13 + net/socket.c | 10 + net/tls/tls_main.c | 7 - net/tls/tls_sw.c | 22 ++- net/vmw_vsock/af_vsock.c | 38 ++--- sound/firewire/amdtp-stream.h | 2 sound/usb/card.c | 10 + tools/perf/tests/perf-record.c | 4 128 files changed, 1304 insertions(+), 727 deletions(-) Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Amir Goldstein (1): fuse: allocate ff->release_args only if release is needed Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Darrick J. Wong (2): fuse: fix livelock in synchronous file put from fuseblk workers xfs: always warn about deprecated mount options David Howells (1): splice, net: Add a splice_eof op to file-ops and socket-ops David Lechner (1): iio: imu: inv_icm42600: use = { } instead of memset() Deepanshu Kartikey (3): ext4: detect invalid INLINE_DATA + EXTENTS flag combination ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (1): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 5.15.196 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Kicinski (1): net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kuen-Han Tsai (4): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (1): net: ravb: Ensure memory write completes before ringing TX doorbell Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Ma Ke (1): media: lirc: Fix error handling in lirc_register() Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (1): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Marek Vasut (4): PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() PCI: rcar-host: Drop PMSR spinlock PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Michal Pecio (1): net: usb: rtl8150: Fix frame padding Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Niko Mauno (1): Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" Nikolay Aleksandrov (6): net: rtnetlink: add helper to extract msg type's kind net: rtnetlink: use BIT for flag values net: netlink: add NLM_F_BULK delete request modifier net: rtnetlink: add bulk delete support flag net: add ndo_fdb_del_bulk net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Rafael J. Wysocki (2): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Sabrina Dubroca (3): tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Sean Nyekjaer (2): iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended iio: imu: inv_icm42600: Simplify pm_runtime setup Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Thomas Fourier (1): crypto: rockchip - Fix dma_unmap_sg() nents value Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xichao Zhao (1): exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (1): jbd2: ensure that all ongoing I/O complete before freeing blocks Zhengchao Shao (1): net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg keliu (1): media: rc: Directly use ida_free()

6 days, 15 hours

1
1
0 0

Linux 5.15.196

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.196 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/arm64/silicon-errata.rst | 2 Documentation/networking/seg6-sysctl.rst | 3 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/m68k/include/asm/bitops.h | 25 ++- arch/mips/mti-malta/malta-setup.c | 2 arch/nios2/kernel/setup.c | 15 ++ arch/riscv/kernel/probes/kprobes.c | 13 + block/blk-crypto-fallback.c | 3 drivers/android/binder.c | 11 - drivers/base/arch_topology.c | 2 drivers/base/devcoredump.c | 138 ++++++++++++-------- drivers/base/power/runtime.c | 44 ++++++ drivers/comedi/comedi_buf.c | 2 drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpuidle/governors/menu.c | 21 +-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 - drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 - drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 ++++---------- drivers/hid/hid-multitouch.c | 27 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 +---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +---- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/most/most_usb.c | 13 - drivers/net/bonding/bond_main.c | 40 ++--- drivers/net/can/m_can/m_can_platform.c | 2 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 23 ++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/usb/aqc111.c | 2 drivers/net/usb/lan78xx.c | 42 ++++-- drivers/net/usb/r8152.c | 9 + drivers/net/usb/rndis_host.c | 2 drivers/net/usb/rtl8150.c | 13 + drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 ++ drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/pci/controller/cadence/pci-j721e.c | 64 +++++++++ drivers/pci/controller/dwc/pcie-designware-ep.c | 1 drivers/pci/controller/dwc/pcie-tegra194.c | 28 +++- drivers/pci/controller/pcie-rcar-host.c | 83 ++++++------ drivers/pci/pci-sysfs.c | 10 + drivers/s390/cio/device.c | 37 +++-- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/usb/core/quirks.c | 2 drivers/usb/gadget/function/f_acm.c | 42 ++---- drivers/usb/gadget/function/f_ncm.c | 78 ++++------- drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/gadget/udc/core.c | 3 drivers/usb/host/xhci-dbgcap.c | 9 + drivers/usb/serial/option.c | 10 + fs/btrfs/relocation.c | 13 + fs/dax.c | 2 fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/ext4/inode.c | 8 + fs/f2fs/data.c | 2 fs/fuse/dir.c | 2 fs/fuse/file.c | 75 ++++++---- fs/fuse/fuse_i.h | 2 fs/hfs/bfind.c | 8 + fs/hfs/brec.c | 27 +++ fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 + fs/hfsplus/bnode.c | 41 ----- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 ++++++ fs/hfsplus/super.c | 25 ++- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 + fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 - fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 34 ++-- fs/nfsd/nfs4xdr.c | 14 -- fs/nfsd/xdr4.h | 36 +++++ fs/ocfs2/move_extents.c | 5 fs/splice.c | 31 ++++ fs/xfs/libxfs/xfs_log_format.h | 30 ++++ fs/xfs/xfs_log.c | 8 - fs/xfs/xfs_log_priv.h | 4 fs/xfs/xfs_log_recover.c | 34 +++- fs/xfs/xfs_ondisk.h | 2 fs/xfs/xfs_super.c | 33 +++- include/linux/cpufreq.h | 3 include/linux/fs.h | 1 include/linux/net.h | 1 include/linux/netdevice.h | 9 + include/linux/pm_runtime.h | 4 include/linux/splice.h | 1 include/linux/usb/gadget.h | 25 +++ include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 9 + include/net/sock.h | 1 include/uapi/linux/netlink.h | 1 kernel/padata.c | 6 kernel/sched/fair.c | 38 ++--- net/core/rtnetlink.c | 81 ++++++++--- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp_output.c | 19 ++ net/ipv6/ip6_tunnel.c | 3 net/sctp/inqueue.c | 13 + net/socket.c | 10 + net/tls/tls_main.c | 7 - net/tls/tls_sw.c | 22 ++- net/vmw_vsock/af_vsock.c | 38 ++--- sound/firewire/amdtp-stream.h | 2 sound/usb/card.c | 10 + tools/perf/tests/perf-record.c | 4 128 files changed, 1304 insertions(+), 727 deletions(-) Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Amir Goldstein (1): fuse: allocate ff->release_args only if release is needed Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads (part 2) Christoph Hellwig (2): xfs: rename the old_crc variable in xlog_recover_process xfs: fix log CRC mismatches between i386 and other architectures Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Darrick J. Wong (2): fuse: fix livelock in synchronous file put from fuseblk workers xfs: always warn about deprecated mount options David Howells (1): splice, net: Add a splice_eof op to file-ops and socket-ops David Lechner (1): iio: imu: inv_icm42600: use = { } instead of memset() Deepanshu Kartikey (3): ext4: detect invalid INLINE_DATA + EXTENTS flag combination ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Eric Dumazet (1): tcp: fix tcp_tso_should_defer() vs large RTT Fabian Vogt (1): riscv: kprobes: Fix probe address validation Filipe Manana (1): btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (1): m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 5.15.196 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() I Viswanath (1): net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jaegeuk Kim (1): f2fs: fix wrong block mapping for multi-devices Jakub Kicinski (1): net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jiaming Zhang (1): ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kaustabh Chakraborty (3): drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions drm/exynos: exynos7_drm_decon: properly clear channels during bind drm/exynos: exynos7_drm_decon: remove ctx->suspended Kuen-Han Tsai (4): usb: gadget: Store endpoint pointer in usb_request usb: gadget: Introduce free_usb_request helper usb: gadget: f_ncm: Refactor bind path to use __free() usb: gadget: f_acm: Refactor bind path to use __free() LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (1): net: ravb: Ensure memory write completes before ringing TX doorbell Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Ma Ke (1): media: lirc: Fix error handling in lirc_register() Maarten Lankhorst (1): devcoredump: Fix circular locking dependency with devcd->mutex. Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marc Kleine-Budde (1): can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Marek Vasut (4): PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() PCI: rcar-host: Drop PMSR spinlock PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Michal Pecio (1): net: usb: rtl8150: Fix frame padding Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nicolas Dichtel (1): doc: fix seg6_flowlabel path Niklas Cassel (1): PCI: tegra194: Reset BARs when running in PCIe endpoint mode Niko Mauno (1): Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" Nikolay Aleksandrov (6): net: rtnetlink: add helper to extract msg type's kind net: rtnetlink: use BIT for flag values net: netlink: add NLM_F_BULK delete request modifier net: rtnetlink: add bulk delete support flag net: add ndo_fdb_del_bulk net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Rafael J. Wysocki (2): cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Sabrina Dubroca (3): tls: wait for async encrypt in case of error during latter iterations of sendmsg tls: always set record_type in tls_process_cmsg tls: don't rely on tx_work during send() Sascha Hauer (1): net: tls: wait for async completion on last message Sean Nyekjaer (2): iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended iio: imu: inv_icm42600: Simplify pm_runtime setup Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Siddharth Vadapalli (2): PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists PCI: j721e: Fix programming sequence of "strap" settings Simon Schuster (1): nios2: ensure that memblock.current_limit is set when setting pfn limits Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Thomas Fourier (1): crypto: rockchip - Fix dma_unmap_sg() nents value Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Timur Kristóf (1): drm/amd/powerplay: Fix CIK shutdown temperature Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xichao Zhao (1): exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yi Cong (1): r8152: add error handling in rtl8152_driver_init Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Zhang Yi (1): jbd2: ensure that all ongoing I/O complete before freeing blocks Zhengchao Shao (1): net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg keliu (1): media: rc: Directly use ida_free()

6 days, 15 hours

1
1
0 0

Linux 5.10.246

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.246 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-bus-pci | 9 Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/arm64/silicon-errata.rst | 2 Documentation/trace/histogram-design.rst | 4 Makefile | 2 arch/arm/mach-omap2/pm33xx-core.c | 6 arch/arm/mm/pageattr.c | 6 arch/arm64/Kconfig | 1 arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/arm64/kernel/cpufeature.c | 10 arch/arm64/kernel/mte.c | 3 arch/m68k/include/asm/bitops.h | 25 arch/mips/mti-malta/malta-setup.c | 2 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/lib/M7memcpy.S | 20 arch/sparc/lib/Memcpy_utils.S | 9 arch/sparc/lib/NG4memcpy.S | 2 arch/sparc/lib/NGmemcpy.S | 29 - arch/sparc/lib/U1memcpy.S | 19 arch/sparc/lib/U3memcpy.S | 2 arch/sparc/mm/hugetlbpage.c | 20 arch/um/drivers/mconsole_user.c | 2 arch/x86/include/asm/segment.h | 8 arch/x86/kernel/umip.c | 15 arch/x86/kvm/emulate.c | 11 arch/x86/kvm/kvm_emulate.h | 2 arch/x86/kvm/x86.c | 9 arch/x86/mm/pgtable.c | 2 block/blk-crypto-fallback.c | 3 block/blk-mq-sysfs.c | 6 block/blk-settings.c | 3 crypto/essiv.c | 14 crypto/rng.c | 8 drivers/acpi/acpi_dbg.c | 26 drivers/acpi/acpi_tad.c | 3 drivers/acpi/nfit/core.c | 2 drivers/acpi/processor_idle.c | 3 drivers/android/binder.c | 11 drivers/base/arch_topology.c | 2 drivers/base/node.c | 4 drivers/base/power/main.c | 14 drivers/base/power/runtime.c | 44 + drivers/base/regmap/regmap.c | 2 drivers/bus/fsl-mc/fsl-mc-bus.c | 3 drivers/bus/mhi/host/init.c | 5 drivers/char/hw_random/ks-sa-rng.c | 4 drivers/char/tpm/tpm_tis_core.c | 4 drivers/clk/at91/clk-peripheral.c | 7 drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 drivers/clocksource/clps711x-timer.c | 23 drivers/cpufreq/intel_pstate.c | 8 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/atmel-tdes.c | 2 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 drivers/dma/ioat/dma.c | 12 drivers/edac/sb_edac.c | 4 drivers/edac/skx_common.h | 1 drivers/firmware/meson/meson_sm.c | 7 drivers/gpio/gpio-wcd934x.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 drivers/gpu/drm/arm/display/include/malidp_utils.h | 2 drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c | 24 drivers/gpu/drm/drm_color_mgmt.c | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 - drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/radeon/evergreen_cs.c | 2 drivers/gpu/drm/radeon/r600_cs.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 drivers/hid/hid-mcp2221.c | 4 drivers/hid/hid-multitouch.c | 27 - drivers/hwmon/adt7475.c | 24 drivers/i2c/busses/i2c-designware-platdrv.c | 1 drivers/i2c/busses/i2c-mt65xx.c | 17 drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 39 - drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 drivers/iio/inkern.c | 2 drivers/infiniband/core/addr.c | 10 drivers/infiniband/core/cm.c | 4 drivers/infiniband/core/sa_query.c | 6 drivers/infiniband/sw/siw/siw_verbs.c | 25 drivers/input/misc/uinput.c | 1 drivers/input/touchscreen/atmel_mxt_ts.c | 2 drivers/input/touchscreen/cyttsp4_core.c | 2 drivers/mailbox/zynqmp-ipi-mailbox.c | 7 drivers/md/dm-integrity.c | 8 drivers/md/dm.c | 7 drivers/media/dvb-frontends/stv0367_priv.h | 3 drivers/media/i2c/mt9v111.c | 2 drivers/media/i2c/rj54n1cb0c.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/mc/mc-devnode.c | 6 drivers/media/pci/b2c2/flexcop-pci.c | 2 drivers/media/pci/cx18/cx18-queue.c | 12 drivers/media/pci/ivtv/ivtv-driver.c | 2 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-queue.c | 18 drivers/media/pci/ivtv/ivtv-streams.c | 22 drivers/media/pci/ivtv/ivtv-udma.c | 27 - drivers/media/pci/ivtv/ivtv-yuv.c | 24 drivers/media/pci/ivtv/ivtvfb.c | 6 drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 - drivers/media/rc/imon.c | 27 - drivers/media/rc/lirc_dev.c | 15 drivers/media/rc/rc-main.c | 6 drivers/media/tuners/xc5000.c | 41 - drivers/memory/samsung/exynos-srom.c | 10 drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 drivers/mfd/vexpress-sysreg.c | 6 drivers/misc/genwqe/card_ddcb.c | 2 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/sdio.c | 6 drivers/most/most_usb.c | 13 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/net/bonding/bond_main.c | 40 - drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 drivers/net/ethernet/dlink/dl2k.c | 30 - drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 5 drivers/net/ethernet/renesas/ravb_main.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/fjes/fjes_main.c | 4 drivers/net/usb/aqc111.c | 2 drivers/net/usb/lan78xx.c | 42 + drivers/net/usb/r8152.c | 2 drivers/net/usb/rndis_host.c | 2 drivers/net/usb/rtl8150.c | 15 drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 drivers/net/wireless/ralink/rt2x00/rt2400pci.c | 8 drivers/net/wireless/ralink/rt2x00/rt2400pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt2500pci.c | 8 drivers/net/wireless/ralink/rt2x00/rt2500pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 8 drivers/net/wireless/ralink/rt2x00/rt2500usb.h | 2 drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 36 - drivers/net/wireless/ralink/rt2x00/rt2800lib.h | 8 drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 drivers/net/wireless/ralink/rt2x00/rt61pci.c | 4 drivers/net/wireless/ralink/rt2x00/rt61pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt73usb.c | 4 drivers/net/wireless/ralink/rt2x00/rt73usb.h | 2 drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 drivers/nfc/pn544/i2c.c | 2 drivers/pci/controller/cadence/pci-j721e.c | 25 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/dwc/pcie-tegra194.c | 22 drivers/pci/controller/pci-tegra.c | 2 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/pci/pci-label.c | 10 drivers/pci/pci-sysfs.c | 98 ++- drivers/pci/pcie/aer.c | 12 drivers/pci/pcie/err.c | 8 drivers/perf/arm_spe_pmu.c | 3 drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 drivers/pinctrl/pinmux.c | 2 drivers/pinctrl/renesas/pinctrl.c | 3 drivers/platform/x86/sony-laptop.c | 1 drivers/pps/kapi.c | 5 drivers/pps/pps.c | 5 drivers/pwm/pwm-berlin.c | 4 drivers/pwm/pwm-tiehrpwm.c | 4 drivers/remoteproc/qcom_q6v5.c | 3 drivers/rtc/interface.c | 27 + drivers/rtc/rtc-x1205.c | 2 drivers/scsi/hpsa.c | 21 drivers/scsi/isci/init.c | 6 drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 drivers/scsi/mvsas/mv_defs.h | 1 drivers/scsi/mvsas/mv_init.c | 13 drivers/scsi/mvsas/mv_sas.c | 42 - drivers/scsi/mvsas/mv_sas.h | 8 drivers/scsi/myrs.c | 8 drivers/scsi/pm8001/pm8001_sas.c | 9 drivers/soc/qcom/rpmh-rsc.c | 7 drivers/spi/spi-cadence-quadspi.c | 5 drivers/staging/axis-fifo/axis-fifo.c | 32 - drivers/staging/comedi/comedi_buf.c | 2 drivers/staging/media/atomisp/pci/hive_isp_css_include/math_support.h | 5 drivers/target/target_core_configfs.c | 2 drivers/tty/serial/8250/8250_exar.c | 11 drivers/tty/serial/Kconfig | 2 drivers/tty/serial/max310x.c | 2 drivers/uio/uio_hv_generic.c | 7 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/configfs.c | 2 drivers/usb/gadget/legacy/raw_gadget.c | 2 drivers/usb/host/max3421-hcd.c | 2 drivers/usb/host/xhci-dbgcap.c | 9 drivers/usb/phy/phy-twl6030-usb.c | 3 drivers/usb/serial/option.c | 16 drivers/usb/usbip/vhci_hcd.c | 22 drivers/watchdog/mpc8xxx_wdt.c | 2 drivers/xen/events/events_base.c | 20 drivers/xen/manage.c | 3 fs/btrfs/ctree.h | 2 fs/btrfs/export.c | 8 fs/btrfs/extent_io.c | 1 fs/btrfs/file-item.c | 1 fs/btrfs/misc.h | 2 fs/btrfs/raid56.c | 1 fs/btrfs/tree-checker.c | 2 fs/cramfs/inode.c | 11 fs/dax.c | 54 +- fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/erofs/zdata.h | 2 fs/exec.c | 2 fs/ext2/balloc.c | 2 fs/ext4/ext4.h | 2 fs/ext4/fsmap.c | 14 fs/ext4/inode.c | 18 fs/ext4/super.c | 10 fs/ext4/xattr.c | 15 fs/file.c | 5 fs/fsopen.c | 70 +- fs/fuse/file.c | 8 fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 - fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 - fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 + fs/hfsplus/super.c | 25 fs/hfsplus/unicode.c | 24 fs/iomap/apply.c | 74 ++ fs/iomap/trace.h | 37 + fs/jbd2/transaction.c | 13 fs/minix/inode.c | 8 fs/namei.c | 8 fs/namespace.c | 11 fs/nfs/nfs4proc.c | 2 fs/nfsd/blocklayout.c | 5 fs/nfsd/blocklayoutxdr.c | 7 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/flexfilelayoutxdr.c | 3 fs/nfsd/lockd.c | 15 fs/nfsd/nfs4layouts.c | 1 fs/nfsd/nfs4proc.c | 36 - fs/nfsd/nfs4xdr.c | 14 fs/nfsd/xdr4.h | 36 + fs/ocfs2/move_extents.c | 5 fs/ocfs2/stack_user.c | 1 fs/squashfs/inode.c | 31 + fs/squashfs/squashfs_fs_i.h | 2 fs/udf/inode.c | 12 fs/ufs/util.h | 6 include/linux/cleanup.h | 171 ++++++ include/linux/compiler-clang.h | 9 include/linux/compiler.h | 15 include/linux/compiler_attributes.h | 6 include/linux/device.h | 10 include/linux/file.h | 6 include/linux/iio/frequency/adf4350.h | 2 include/linux/iomap.h | 56 ++ include/linux/irqflags.h | 7 include/linux/minmax.h | 267 +++++++--- include/linux/mutex.h | 4 include/linux/netdevice.h | 9 include/linux/overflow.h | 1 include/linux/percpu.h | 4 include/linux/pm_runtime.h | 4 include/linux/preempt.h | 5 include/linux/rcupdate.h | 3 include/linux/rwsem.h | 9 include/linux/sched/task.h | 2 include/linux/slab.h | 3 include/linux/spinlock.h | 32 + include/linux/srcu.h | 5 include/linux/trace_events.h | 2 include/net/ip_tunnels.h | 15 include/net/rtnetlink.h | 16 include/scsi/libsas.h | 18 include/trace/events/filelock.h | 3 include/uapi/linux/netlink.h | 1 init/main.c | 14 kernel/fork.c | 2 kernel/padata.c | 6 kernel/pid.c | 2 kernel/sched/fair.c | 38 - kernel/trace/preemptirq_delay_test.c | 2 kernel/trace/trace_kprobe.c | 11 kernel/trace/trace_probe.h | 9 kernel/trace/trace_uprobe.c | 12 lib/btree.c | 1 lib/crypto/Makefile | 4 lib/decompress_unlzma.c | 2 lib/genalloc.c | 5 lib/logic_pio.c | 3 lib/vsprintf.c | 2 lib/zstd/zstd_internal.h | 2 mm/hugetlb.c | 2 mm/zsmalloc.c | 1 net/9p/trans_fd.c | 8 net/bluetooth/mgmt.c | 10 net/core/filter.c | 18 net/core/rtnetlink.c | 87 ++- net/ipv4/ip_tunnel.c | 14 net/ipv4/proc.c | 2 net/ipv4/tcp.c | 9 net/ipv4/tcp_input.c | 1 net/ipv4/tcp_output.c | 19 net/ipv4/udp.c | 16 net/ipv6/ip6_tunnel.c | 3 net/ipv6/proc.c | 2 net/netfilter/ipset/ip_set_hash_gen.h | 8 net/netfilter/ipvs/ip_vs_ftp.c | 4 net/netfilter/nf_nat_core.c | 6 net/sctp/inqueue.c | 13 net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 net/tipc/core.h | 2 net/tipc/link.c | 10 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 13 net/vmw_vsock/af_vsock.c | 38 - scripts/checkpatch.pl | 2 security/keys/trusted-keys/trusted_tpm1.c | 7 sound/firewire/amdtp-stream.h | 2 sound/pci/lx6464es/lx_core.c | 4 sound/soc/codecs/wcd934x.c | 30 - sound/soc/intel/boards/bytcht_es8316.c | 20 sound/soc/intel/boards/bytcr_rt5640.c | 7 sound/soc/intel/boards/bytcr_rt5651.c | 26 tools/build/feature/Makefile | 4 tools/lib/bpf/libbpf.c | 10 tools/lib/perf/include/perf/event.h | 1 tools/lib/subcmd/help.c | 3 tools/perf/util/lzma.c | 2 tools/perf/util/session.c | 2 tools/perf/util/zlib.c | 2 tools/testing/selftests/arm64/pauth/exec_target.c | 7 tools/testing/selftests/rseq/rseq.c | 8 tools/testing/selftests/watchdog/watchdog-test.c | 6 372 files changed, 2798 insertions(+), 1320 deletions(-) Abdun Nihaal (1): wifi: mt76: fix potential memory leak in mt76_wmac_probe() Adam Xue (1): bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Akhilesh Patil (1): selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Aleksa Sarai (1): fscontext: do not consume log entries when returning -EMSGSIZE Alex Deucher (1): drm/amdgpu: Add additional DCE6 SCL registers Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexander Usyskin (1): mei: me: add wildcat lake P DID Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (2): PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Andrey Konovalov (1): usb: raw-gadget: do not limit transfer length Andy Shevchenko (4): gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type minmax: deduplicate __unconst_integer_typeof() minmax: fix header inclusions AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible Anthony Iliopoulos (1): NFSv4.1: fix backchannel max_resp_sz verification check Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Arnaud Lecomte (1): hid: fix I2C read buffer overflow in raw_event() for mcp2221 Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Askar Safin (1): openat2: don't trigger automounts with RESOLVE_NO_XDEV Bagas Sanjaya (1): Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Bala-Vignesh-Reddy (1): selftests: arm64: Check fread return value in exec_target Barry Song (1): sched/fair: Trivial correction of the newidle_balance() comment Bart Van Assche (1): overflow, tracing: Define the is_signed_type() macro once Bartosz Golaszewski (3): mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() pinctrl: check the return value of pinmux_ops::get_function_name() gpio: wcd934x: mark the GPIO controller as sleeping Bence Csókás (1): PM: runtime: Add new devm functions Benjamin Tissoires (1): HID: multitouch: fix sticky fingers Bernard Metzler (1): RDMA/siw: Always report immediate post SQ errors Bitterblue Smith (1): wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Brahmajit Das (1): drm/radeon/r600_cs: clean up of dead code in r600_cs Brian Masney (2): clk: at91: peripheral: fix return value clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads Catalin Marinas (1): arm64: mte: Do not flag the zero page as PG_mte_tagged Christoph Hellwig (2): iomap: add the new iomap_iter model fsdax: switch dax_iomap_rw to use iomap_iter Christophe JAILLET (1): media: pci/ivtv: switch from 'pci_' to 'dma_' API Christophe Leroy (1): watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Colin Ian King (2): misc: genwqe: Fix incorrect cmd field being reported in error ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Cristian Ciocaltea (1): usb: vhci-hcd: Prevent suspending virtually attached devices Da Xue (1): pinctrl: meson-gxl: add missing i2c_d pinmux Dan Carpenter (5): usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup serial: max310x: Add error checking in probe() ocfs2: fix double free in user_cluster_connect() net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() mm/slab: make __free(kfree) accept error pointers Daniel Borkmann (1): bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Darrick J. Wong (1): fuse: fix livelock in synchronous file put from fuseblk workers David Laight (11): minmax: allow min()/max()/clamp() if the arguments have the same signedness. minmax: fix indentation of __cmp_once() and __clamp_once() minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: relax check to allow comparison between unsigned arguments and signed constants minmax.h: add whitespace around operators and after commas minmax.h: update some comments minmax.h: reduce the #define expansion of min(), max() and clamp() minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() minmax.h: move all the clamp() definitions after the min/max() ones minmax.h: simplify the variants of clamp() minmax.h: remove some #defines that are only expanded once David Lechner (1): iio: imu: inv_icm42600: use = { } instead of memset() Deepanshu Kartikey (3): ext4: detect invalid INLINE_DATA + EXTENTS flag combination ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Donet Tom (2): drivers/base/node: handle error properly in register_one_node() drivers/base/node: fix double free in register_one_node() Duoming Zhou (4): media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove media: tuner: xc5000: Fix use-after-free in xc5000_release media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Edward Adam Davis (1): media: mc: Clear minor number before put device Eric Biggers (2): sctp: Fix MAC comparison to be constant-time KEYS: trusted_tpm1: Compare HMAC values in constant time Eric Dumazet (2): tcp: fix __tcp_close() to only send RST when required tcp: fix tcp_tso_should_defer() vs large RTT Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (2): rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Florian Eckert (1): serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Geert Uytterhoeven (2): regmap: Remove superfluous check for !config in __regmap_init() m68k: bitops: Fix find_*_bit() signatures Gianfranco Trad (1): udf: fix uninit-value use in udf_get_fileshortad Greg Kroah-Hartman (1): Linux 5.10.246 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Hans de Goede (3): iio: consumers: Fix offset handling in iio_convert_raw_to_processed() mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Harini T (2): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Herbert Xu (2): crypto: rng - Ensure set_ent is always present crypto: essiv - Check ssize for decryption and in-place encryption Herve Codina (1): minmax: Introduce {min,max}_array() Huacai Chen (1): init: handle bootloader identifier in kernel parameters Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Huisong Li (1): ACPI: processor: idle: Fix memory leak when register cpuidle device failed Håkon Bugge (1): RDMA/cm: Rate limit destroy CM ID timeout error message I Viswanath (2): net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Ian Forbes (1): drm/vmwgfx: Fix Use-after-free in validation Ian Rogers (1): libperf event: Ensure tracing data is multiple of 8 sized Igor Artemiev (1): drm/amd/display: Fix potential null dereference Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Ioana Ciornei (1): dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Jakub Kicinski (2): Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jason A. Donenfeld (3): minmax: sanity check constant bounds when clamping minmax: clamp more efficiently by avoiding extra comparison wifi: rt2x00: use explicitly signed or unsigned types Jason Andryuk (2): xen/events: Cleanup find_virq() return codes xen/events: Update virq_to_irq on migration Jeff Layton (1): filelock: add FL_RECLAIM to show_fl_flags() macro Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (2): firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() Johannes Thumshirn (1): btrfs: remove duplicated in_range() macro Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace John Garry (3): scsi: libsas: Add sas_task_find_rq() scsi: mvsas: Delete mvs_tag_init() scsi: mvsas: Use sas_task_find_rq() for tagging Kaushlendra Kumar (1): arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: remove ctx->suspended Kohei Enju (2): nfp: fix RSS hash key size when RSS is not supported net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Krzysztof Kozlowski (1): ASoC: codecs: wcd934x: Simplify with dev_err_probe Krzysztof Wilczyński (1): PCI/sysfs: Use sysfs_emit() and sysfs_emit_at() in "show" functions Kunihiko Hayashi (1): i2c: designware: Add disabling clocks when probe fails Kuniyuki Iwashima (2): udp: Fix memory accounting leak. tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (1): net: ravb: Ensure memory write completes before ringing TX doorbell Larshin Sergey (2): media: rc: fix races with imon_disconnect() fs: udf: fix OOB read in lengthAllocDescs handling Leilk.Liu (1): i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Leo Yan (3): perf: arm_spe: Prevent overflow in PERF_IDX2OFF() perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf Li Jinlin (1): fsdax: Fix infinite loop in dax_iomap_rw() Li Nan (1): blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Linmao Li (1): r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Linus Torvalds (8): minmax: avoid overly complicated constant expressions in VM code minmax: add a few more MIN_T/MAX_T users minmax: simplify and clarify min_t()/max_t() implementation minmax: make generic MIN() and MAX() macros available everywhere minmax: don't use max() in situations that want a C constant expression minmax: simplify min()/max()/clamp() implementation minmax: improve macro expansion and type checking minmax: fix up min3() and max3() too Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO Lukas Wunner (3): xen/manage: Fix suspend error path PCI/ERR: Fix uevent on failure to recover PCI/AER: Support errors introduced by PCIe r6.0 Ma Ke (3): sparc: fix error handling in scan_one_device() ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() media: lirc: Fix error handling in lirc_register() Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Marek Vasut (1): Input: atmel_mxt_ts - allow reset GPIO to sleep Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Matthew Wilcox (Oracle) (1): minmax: add in_range() macro Maximilian Luz (1): PCI: Add sysfs attribute for device power state Miaoqian Lin (1): ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Karcher (5): sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara sparc: fix accurate exception reporting in copy_to_user for Niagara 4 sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michal Pecio (1): net: usb: rtl8150: Fix frame padding Mikhail Kobuk (1): media: pci: ivtv: Add check for DMA map result Mikulas Patocka (1): dm-integrity: limit MAX_TAG_SIZE to 255 Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nalivayko Sergey (1): net/9p: fix double req put in p9_fd_cancelled Naman Jain (1): uio_hv_generic: Let userspace take care of interrupt mask Nathan Chancellor (1): lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Niklas Cassel (2): scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Nikolay Aleksandrov (7): net: rtnetlink: add msg kind names net: rtnetlink: add helper to extract msg type's kind net: rtnetlink: use BIT for flag values net: netlink: add NLM_F_BULK delete request modifier net: rtnetlink: add bulk delete support flag net: add ndo_fdb_del_bulk net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nishanth Menon (1): hwrng: ks-sa - fix division by zero in ks_sa_rng_init Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Oleksij Rempel (1): net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Olga Kornievskaia (1): nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Ovidiu Panait (2): staging: axis-fifo: fix maximum TX packet length check staging: axis-fifo: flush RX FIFO on read errors Parav Pandit (1): RDMA/core: Resolve MAC of next-hop device without ARP support Paul Chaignon (1): bpf: Explicitly check accesses to bpf_sock_addr Peter Zijlstra (1): locking: Introduce __cleanup() based infrastructure Phillip Lougher (3): Squashfs: fix uninit-value in squashfs_get_parent Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pratyush Yadav (2): spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (6): block: use int to store blk_stack_limits() return value pinctrl: renesas: Use int type to store negative error codes ALSA: lx_core: use int type to store negative error codes media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Rafael J. Wysocki (4): driver core/PM: Set power.no_callbacks along with power.no_pm PM: sleep: core: Clear power.must_resume in noirq suspend error path cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Ranjan Kumar (1): scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Raphael Gallais-Pou (1): serial: stm32: allow selecting console when the driver is module Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Rex Chen (1): mmc: core: SPI mode remove cmd7 Ricardo Ribalda (1): media: tunner: xc5000: Refactor firmware load Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Roman Li (1): drm/amd/display: Remove redundant safeguards for dmub-srv destroy() Sabrina Dubroca (2): tls: always set record_type in tls_process_cmsg tls: don't rely on tx_work during send() Salah Triki (1): bus: fsl-mc: Check return value of platform_get_resource() Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Sean Christopherson (4): rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Sean Nyekjaer (3): iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended iio: imu: inv_icm42600: Simplify pm_runtime setup Sergey Bashirov (3): NFSD: Rework encoding and decoding of nfsd4_deviceid NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Siddharth Vadapalli (2): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit PCI: j721e: Fix programming sequence of "strap" settings Simon Schuster (1): copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Slavin Liu (1): ipvs: Defer ip_vs_ftp unregister during netns cleanup Sneh Mankad (1): soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Stefan Kerkmann (1): wifi: mwifiex: send world regulatory domain to driver Stefano Garzarella (1): vsock: fix lock inversion in vsock_assign_transport() Stephan Gerhold (3): remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice arm64: dts: qcom: msm8916: Add missing MDSS reset arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Takashi Iwai (3): ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Tetsuo Handa (2): minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Thomas Fourier (5): scsi: myrs: Fix dma_alloc_coherent() error check crypto: atmel - Fix dma_unmap_sg() direction media: pci: ivtv: Add missing check after DMA map media: cx18: Add missing check after DMA map crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Weißschuh (1): fs: always return zero on success from replace_fd() Thorsten Blum (2): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Timur Kristóf (5): drm/amdgpu: Power up UVD 3 for FW validation (v2) drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 drm/amd/display: Properly disable scaling on DCE6 drm/amd/powerplay: Fix CIK shutdown temperature Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Uros Bizjak (1): x86/vdso: Fix output operand size of RDPID Uwe Kleine-König (1): pwm: tiehrpwm: Fix corner case in clock divisor calculation Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Victoria Votokina (2): most: usb: Fix use-after-free in hdm_disconnect most: usb: hdm_probe: Fix calling put_device() before device initialization Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vlad Dumitrescu (1): IB/sa: Fix sa_local_svc_timeout_ms read race Wang Haoran (1): scsi: target: target_core_configfs: Add length check to avoid buffer overflow Wang Liang (1): pps: fix warning in pps_register_cdev when register device fail Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Wu (1): usb: gadget: configfs: Correctly set use_os_string at bind Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xiaowei Li (1): USB: serial: option: add SIMCom 8230C compositions Xichao Zhao (2): usb: phy: twl6030: Fix incorrect type for ret exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yang Shi (1): mm: hugetlb: avoid soft lockup when mprotect to large memory area Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (2): net: dlink: handle copy_thresh allocation failure net: dlink: handle dma_map_single() failure properly Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuan Chen (1): tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Yuezhang Mo (1): dax: skip read lock assertion for read-only filesystems Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Yureka Lilian (1): libbpf: Fix reuse of DEVMAP Zhang Shurong (1): media: rj54n1cb0c: Fix memleak in rj54n1_probe() Zhang Yi (1): jbd2: ensure that all ongoing I/O complete before freeing blocks Zhen Ni (4): netfilter: ipset: Remove unused htable_bits in macro ahash_region Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Zheng Qixing (1): dm: fix NULL pointer dereference in __dm_suspend() Zhengchao Shao (1): net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns hupu (1): perf subcmd: avoid crash in exclude_cmds when excludes is empty keliu (1): media: rc: Directly use ida_free()

6 days, 15 hours

1
1
0 0

Linux 5.4.301

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.301 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/arm64/silicon-errata.rst | 2 Makefile | 2 arch/arm64/Kconfig | 1 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/pgtable.h | 3 arch/arm64/kernel/cpu_errata.c | 1 arch/m68k/include/asm/bitops.h | 25 + arch/mips/mti-malta/malta-setup.c | 2 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/lib/M7memcpy.S | 20 - arch/sparc/lib/Memcpy_utils.S | 9 arch/sparc/lib/NG4memcpy.S | 2 arch/sparc/lib/NGmemcpy.S | 29 +- arch/sparc/lib/U1memcpy.S | 19 - arch/sparc/lib/U3memcpy.S | 2 arch/sparc/mm/hugetlbpage.c | 20 + arch/x86/include/asm/kvm_emulate.h | 2 arch/x86/include/asm/segment.h | 8 arch/x86/kernel/umip.c | 15 + arch/x86/kvm/emulate.c | 10 arch/x86/kvm/x86.c | 9 block/blk-mq-sysfs.c | 6 block/blk-settings.c | 3 crypto/essiv.c | 14 - drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 drivers/acpi/processor_idle.c | 3 drivers/android/binder.c | 11 drivers/base/node.c | 4 drivers/base/regmap/regmap.c | 2 drivers/char/tpm/tpm_tis_core.c | 24 + drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 - drivers/clocksource/clps711x-timer.c | 23 + drivers/cpufreq/intel_pstate.c | 8 drivers/cpuidle/governors/menu.c | 21 - drivers/crypto/atmel-tdes.c | 2 drivers/firmware/meson/meson_sm.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 -- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/radeon/r600_cs.c | 4 drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 drivers/i2c/busses/i2c-designware-platdrv.c | 1 drivers/i2c/busses/i2c-mt65xx.c | 17 - drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 + drivers/iio/inkern.c | 2 drivers/infiniband/core/addr.c | 10 drivers/infiniband/core/sa_query.c | 6 drivers/infiniband/sw/siw/siw_verbs.c | 25 + drivers/input/misc/uinput.c | 1 drivers/mailbox/zynqmp-ipi-mailbox.c | 7 drivers/md/dm-integrity.c | 2 drivers/md/dm.c | 7 drivers/media/i2c/mt9v111.c | 2 drivers/media/i2c/rj54n1cb0c.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/mc/mc-devnode.c | 6 drivers/media/pci/b2c2/flexcop-pci.c | 2 drivers/media/pci/cx18/cx18-queue.c | 12 drivers/media/pci/ivtv/ivtv-driver.c | 2 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-queue.c | 18 - drivers/media/pci/ivtv/ivtv-streams.c | 22 - drivers/media/pci/ivtv/ivtv-udma.c | 19 - drivers/media/pci/ivtv/ivtv-yuv.c | 18 + drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +- drivers/media/rc/imon.c | 189 +++++++++------ drivers/media/rc/lirc_dev.c | 15 - drivers/media/rc/rc-main.c | 6 drivers/media/tuners/xc5000.c | 41 +-- drivers/memory/samsung/exynos-srom.c | 32 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 drivers/mfd/vexpress-sysreg.c | 6 drivers/misc/genwqe/card_ddcb.c | 2 drivers/mmc/core/sdio.c | 6 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/mtd/spi-nor/cadence-quadspi.c | 5 drivers/net/bonding/bond_main.c | 40 +-- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 drivers/net/ethernet/broadcom/tg3.c | 5 drivers/net/ethernet/dlink/dl2k.c | 99 ++++--- drivers/net/ethernet/freescale/enetc/enetc.h | 2 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 - drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 8 drivers/net/usb/rtl8150.c | 13 - drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/pci-tegra.c | 2 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/perf/arm_spe_pmu.c | 3 drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 drivers/pinctrl/pinmux.c | 2 drivers/pps/kapi.c | 5 drivers/pps/pps.c | 5 drivers/pwm/pwm-berlin.c | 4 drivers/pwm/pwm-tiehrpwm.c | 4 drivers/remoteproc/qcom_q6v5.c | 3 drivers/rtc/interface.c | 27 ++ drivers/rtc/rtc-x1205.c | 2 drivers/scsi/hpsa.c | 21 - drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 drivers/scsi/mvsas/mv_defs.h | 1 drivers/scsi/mvsas/mv_init.c | 13 - drivers/scsi/mvsas/mv_sas.c | 42 +-- drivers/scsi/mvsas/mv_sas.h | 8 drivers/scsi/myrs.c | 8 drivers/scsi/pm8001/pm8001_sas.c | 9 drivers/soc/qcom/rpmh-rsc.c | 7 drivers/staging/axis-fifo/axis-fifo.c | 32 +- drivers/staging/comedi/comedi_buf.c | 2 drivers/target/target_core_configfs.c | 2 drivers/tty/serial/max310x.c | 2 drivers/uio/uio_hv_generic.c | 7 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/configfs.c | 2 drivers/usb/host/max3421-hcd.c | 2 drivers/usb/host/xhci-dbgcap.c | 9 drivers/usb/phy/phy-twl6030-usb.c | 3 drivers/usb/serial/option.c | 16 + drivers/usb/usbip/vhci_hcd.c | 22 + drivers/watchdog/mpc8xxx_wdt.c | 2 drivers/xen/events/events_base.c | 25 + drivers/xen/manage.c | 3 fs/btrfs/export.c | 8 fs/cramfs/inode.c | 11 fs/dcache.c | 2 fs/dlm/lockspace.c | 2 fs/exec.c | 2 fs/ext4/fsmap.c | 14 - fs/ext4/inode.c | 18 + fs/ext4/super.c | 10 fs/ext4/xattr.c | 15 - fs/hfs/bfind.c | 8 fs/hfs/brec.c | 27 +- fs/hfs/mdb.c | 2 fs/hfsplus/bfind.c | 8 fs/hfsplus/bnode.c | 41 --- fs/hfsplus/btree.c | 6 fs/hfsplus/hfsplus_fs.h | 42 +++ fs/hfsplus/super.c | 25 + fs/hfsplus/unicode.c | 24 + fs/jbd2/transaction.c | 13 - fs/minix/inode.c | 8 fs/namespace.c | 11 fs/nfs/nfs4proc.c | 2 fs/nfsd/blocklayout.c | 5 fs/nfsd/flexfilelayout.c | 8 fs/nfsd/lockd.c | 15 + fs/nfsd/nfs4proc.c | 34 +- fs/ocfs2/move_extents.c | 5 fs/ocfs2/stack_user.c | 1 fs/squashfs/inode.c | 31 ++ fs/squashfs/squashfs_fs_i.h | 2 fs/udf/inode.c | 3 include/linux/device.h | 3 include/linux/iio/frequency/adf4350.h | 2 include/linux/netdevice.h | 9 include/net/ip_tunnels.h | 15 + include/net/rtnetlink.h | 16 + include/scsi/libsas.h | 18 + include/uapi/linux/netlink.h | 1 kernel/padata.c | 6 kernel/pid.c | 2 kernel/sched/fair.c | 38 +-- kernel/sched/sched.h | 4 kernel/trace/trace_kprobe.c | 11 kernel/trace/trace_probe.h | 9 kernel/trace/trace_uprobe.c | 12 lib/genalloc.c | 5 mm/hugetlb.c | 2 net/9p/trans_fd.c | 8 net/core/filter.c | 16 - net/core/rtnetlink.c | 89 ++++--- net/ipv4/ip_tunnel.c | 14 - net/ipv4/tcp.c | 9 net/ipv4/tcp_input.c | 1 net/ipv4/tcp_output.c | 19 + net/ipv4/udp.c | 16 - net/ipv6/ip6_tunnel.c | 3 net/netfilter/ipset/ip_set_hash_gen.h | 8 net/netfilter/ipvs/ip_vs_ftp.c | 4 net/sctp/inqueue.c | 13 - net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 net/tls/tls_main.c | 7 net/tls/tls_sw.c | 13 + security/keys/trusted.c | 7 sound/firewire/amdtp-stream.h | 2 sound/pci/lx6464es/lx_core.c | 4 sound/soc/intel/boards/bytcht_es8316.c | 20 + sound/soc/intel/boards/bytcr_rt5640.c | 7 sound/soc/intel/boards/bytcr_rt5651.c | 26 +- tools/build/feature/Makefile | 4 tools/lib/subcmd/help.c | 3 tools/perf/util/lzma.c | 2 tools/perf/util/session.c | 2 tools/perf/util/zlib.c | 2 tools/testing/selftests/rseq/rseq.c | 8 tools/testing/selftests/watchdog/watchdog-test.c | 6 216 files changed, 1509 insertions(+), 919 deletions(-) Abdun Nihaal (1): wifi: mt76: fix potential memory leak in mt76_wmac_probe() Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Akhilesh Patil (1): selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Alexander Aring (1): dlm: check for defined force value in dlm_lockspace_release Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alexey Simakov (2): tg3: prevent use of uninitialized remote_adv and local_adv variables sctp: avoid NULL dereference when chunk data buffer is missing Alice Ryhl (1): binder: remove "invalid inc weak" check Alok Tiwari (2): PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Andy Shevchenko (1): mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Anthony Iliopoulos (1): NFSv4.1: fix backchannel max_resp_sz verification check Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Barry Song (1): sched/fair: Trivial correction of the newidle_balance() comment Bartosz Golaszewski (2): pinctrl: check the return value of pinmux_ops::get_function_name() mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Bernard Metzler (1): RDMA/siw: Always report immediate post SQ errors Bitterblue Smith (1): wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Brahmajit Das (1): drm/radeon/r600_cs: clean up of dead code in r600_cs Brian Masney (1): clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Chen Yu (1): sched: Make newidle_balance() static again Christophe JAILLET (2): media: pci/ivtv: switch from 'pci_' to 'dma_' API net: dl2k: switch from 'pci_' to 'dma_' API Christophe Leroy (1): watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Chuck Lever (1): NFSD: Define a proc_layoutcommit for the FlexFiles layout type Colin Ian King (2): misc: genwqe: Fix incorrect cmd field being reported in error net: rtnetlink: remove redundant assignment to variable err Cristian Ciocaltea (1): usb: vhci-hcd: Prevent suspending virtually attached devices Da Xue (1): pinctrl: meson-gxl: add missing i2c_d pinmux Dan Carpenter (4): usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup serial: max310x: Add error checking in probe() ocfs2: fix double free in user_cluster_connect() net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Deepanshu Kartikey (3): ocfs2: clear extent cache after moving/defragmenting extents comedi: fix divide-by-zero in comedi_buf_munge() ext4: detect invalid INLINE_DATA + EXTENTS flag combination Dmitry Safonov (1): net/ip6_tunnel: Prevent perpetual tunnel growth Donet Tom (2): drivers/base/node: handle error properly in register_one_node() drivers/base/node: fix double free in register_one_node() Duoming Zhou (4): media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove media: tuner: xc5000: Fix use-after-free in xc5000_release media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Edward Adam Davis (1): media: mc: Clear minor number before put device Eric Biggers (2): sctp: Fix MAC comparison to be constant-time KEYS: trusted_tpm1: Compare HMAC values in constant time Eric Dumazet (2): tcp: fix __tcp_close() to only send RST when required tcp: fix tcp_tso_should_defer() vs large RTT Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (2): rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Flavius Georgescu (1): media: rc: Add support for another iMON 0xffdc device Geert Uytterhoeven (2): regmap: Remove superfluous check for !config in __regmap_init() m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman (1): Linux 5.4.301 Gui-Dong Han (1): drm/amdgpu: use atomic functions with memory barriers for vm fault info Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Hans de Goede (3): iio: consumers: Fix offset handling in iio_convert_raw_to_processed() mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Harini T (2): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Herbert Xu (1): crypto: essiv - Check ssize for decryption and in-place encryption Huang Ying (1): arm64, mm: avoid always making PTE dirty in pte_mkwrite() Huisong Li (1): ACPI: processor: idle: Fix memory leak when register cpuidle device failed I Viswanath (1): net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Ian Forbes (1): drm/vmwgfx: Fix Use-after-free in validation Ingo Molnar (1): sched/balancing: Rename newidle_balance() => sched_balance_newidle() Jakub Kicinski (1): Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Jan Kara (1): vfs: Don't leak disconnected dentries on umount Jason Andryuk (2): xen/events: Cleanup find_virq() return codes xen/events: Update virq_to_irq on migration Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (2): firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() Johannes Wiesböck (1): rtnetlink: Allow deleting FDB entries in user namespace John Garry (3): scsi: libsas: Add sas_task_find_rq() scsi: mvsas: Delete mvs_tag_init() scsi: mvsas: Use sas_task_find_rq() for tagging Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: remove ctx->suspended Kohei Enju (2): nfp: fix RSS hash key size when RSS is not supported net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Krzysztof Kozlowski (1): memory: samsung: exynos-srom: Correct alignment Kunihiko Hayashi (1): i2c: designware: Add disabling clocks when probe fails Kuniyuki Iwashima (2): udp: Fix memory accounting leak. tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). LI Qingwu (1): USB: serial: option: add Telit FN920C04 ECM compositions Lad Prabhakar (1): net: ravb: Ensure memory write completes before ringing TX doorbell Larshin Sergey (2): media: rc: fix races with imon_disconnect() fs: udf: fix OOB read in lengthAllocDescs handling Leilk.Liu (1): i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Leo Yan (3): perf: arm_spe: Prevent overflow in PERF_IDX2OFF() perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf Li Nan (1): blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Lino Sanfilippo (1): tpm, tpm_tis: Claim locality before writing interrupt registers Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Lukas Wunner (1): xen/manage: Fix suspend error path Ma Ke (2): sparc: fix error handling in scan_one_device() media: lirc: Fix error handling in lirc_register() Maciej W. Rozycki (1): MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Mathias Nyman (1): xhci: dbc: enable back DbC in resume if it was enabled before suspend Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Karcher (5): sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara sparc: fix accurate exception reporting in copy_to_user for Niagara 4 sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michal Pecio (1): net: usb: rtl8150: Fix frame padding Mikulas Patocka (1): dm-integrity: limit MAX_TAG_SIZE to 255 Nalivayko Sergey (1): net/9p: fix double req put in p9_fd_cancelled Naman Jain (1): uio_hv_generic: Let userspace take care of interrupt mask Niklas Cassel (1): scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Nikolay Aleksandrov (7): net: rtnetlink: add msg kind names net: rtnetlink: add helper to extract msg type's kind net: rtnetlink: use BIT for flag values net: netlink: add NLM_F_BULK delete request modifier net: rtnetlink: add bulk delete support flag net: add ndo_fdb_del_bulk net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Olga Kornievskaia (1): nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Ovidiu Panait (2): staging: axis-fifo: fix maximum TX packet length check staging: axis-fifo: flush RX FIFO on read errors Parav Pandit (1): RDMA/core: Resolve MAC of next-hop device without ARP support Paul Chaignon (1): bpf: Explicitly check accesses to bpf_sock_addr Phillip Lougher (3): Squashfs: fix uninit-value in squashfs_get_parent Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pratyush Yadav (2): spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (5): block: use int to store blk_stack_limits() return value ALSA: lx_core: use int type to store negative error codes media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Rafael J. Wysocki (3): driver core/PM: Set power.no_callbacks along with power.no_pm cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Revert "cpuidle: menu: Avoid discarding useful information" Raju Rangoju (1): amd-xgbe: Avoid spurious link down messages during interface toggle Randy Dunlap (1): ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Ranjan Kumar (1): scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Reinhard Speyerer (1): USB: serial: option: add Quectel RG255C Renjun Wang (1): USB: serial: option: add UNISOC UIS7720 Rex Chen (1): mmc: core: SPI mode remove cmd7 Ricardo Ribalda (1): media: tunner: xc5000: Refactor firmware load Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Sabrina Dubroca (2): tls: always set record_type in tls_process_cmsg tls: don't rely on tx_work during send() Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Sean Christopherson (4): rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Sergey Bashirov (2): NFSD: Minor cleanup in layoutcommit processing NFSD: Fix last write offset handling in layoutcommit Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Siddharth Vadapalli (1): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Slavin Liu (1): ipvs: Defer ip_vs_ftp unregister during netns cleanup Sneh Mankad (1): soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Stefan Kerkmann (1): wifi: mwifiex: send world regulatory domain to driver Stephan Gerhold (2): remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice arm64: dts: qcom: msm8916: Add missing MDSS reset Takashi Iwai (3): ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Tetsuo Handa (4): media: imon: reorganize serialization media: imon: grab lock earlier in imon_ir_change_protocol() minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Thomas Fourier (4): scsi: myrs: Fix dma_alloc_coherent() error check crypto: atmel - Fix dma_unmap_sg() direction media: cx18: Add missing check after DMA map media: pci: ivtv: Add missing check after DMA map Thorsten Blum (1): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Tim Guttzeit (1): usb/core/quirks: Add Huawei ME906S to wakeup quirk Tonghao Zhang (1): net: bonding: fix possible peer notify event loss or dup issue Uros Bizjak (1): x86/vdso: Fix output operand size of RDPID Uwe Kleine-König (1): pwm: tiehrpwm: Fix corner case in clock divisor calculation Viacheslav Dubeyko (6): hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() hfs: clear offset and space out of valid records in b-tree node hfs: make proper initalization of struct hfs_find_data hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Vincent Guittot (1): sched/fair: Fix pelt lost idle time detection Vlad Dumitrescu (1): IB/sa: Fix sa_local_svc_timeout_ms read race Wang Haoran (1): scsi: target: target_core_configfs: Add length check to avoid buffer overflow Wang Liang (1): pps: fix warning in pps_register_cdev when register device fail Wei Fang (1): net: enetc: correct the value of ENETC_RXB_TRUESIZE William Wu (1): usb: gadget: configfs: Correctly set use_os_string at bind Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xiaowei Li (1): USB: serial: option: add SIMCom 8230C compositions Xichao Zhao (2): usb: phy: twl6030: Fix incorrect type for ret exec: Fix incorrect type for ret Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc Yang Shi (1): mm: hugetlb: avoid soft lockup when mprotect to large memory area Yangtao Li (1): hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Yeounsu Moon (1): net: dlink: handle dma_map_single() failure properly Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yuan Chen (1): tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Zhang Shurong (1): media: rj54n1cb0c: Fix memleak in rj54n1_probe() Zhang Yi (1): jbd2: ensure that all ongoing I/O complete before freeing blocks Zhen Ni (4): netfilter: ipset: Remove unused htable_bits in macro ahash_region Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Zheng Qixing (1): dm: fix NULL pointer dereference in __dm_suspend() Zhengchao Shao (1): net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns hupu (1): perf subcmd: avoid crash in exclude_cmds when excludes is empty keliu (1): media: rc: Directly use ida_free()

6 days, 15 hours

1
1
0 0

[PATCH] x86/mm: Fix check/use ordering in switch_mm_irqs_off()

by Stephen Dolan

[ Upstream commit 83b0177a6c48 ] [ Patch for 6.1.y, 6.6.y, 6.12.y trees ] To avoid racing with should_flush_tlb, setting loaded_mm to LOADED_MM_SWITCHING must happen before reading tlb_gen. This patch differs from the upstream fix since the ordering issue in stable trees is different: here, the relevant code blocks are in the wrong order due to a bad rebase earlier, so the fix is to reorder them. Signed-off-by: Stephen Dolan <sdolan(a)janestreet.com> Acked-by: Dave Hansen <dave.hansen(a)intel.com> Link: https://lore.kernel.org/lkml/CAHDw0oGd0B4=uuv8NGqbUQ_ZVmSheU2bN70e4QhFXWvuA… --- arch/x86/mm/tlb.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 8629d90fdcd9..ed182831063c 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -606,6 +606,14 @@ void switch_mm_irqs_off(struct mm_struct *unused, struct mm_struct *next, */ cond_mitigation(tsk); + /* + * Indicate that CR3 is about to change. nmi_uaccess_okay() + * and others are sensitive to the window where mm_cpumask(), + * CR3 and cpu_tlbstate.loaded_mm are not all in sync. + */ + this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING); + barrier(); + /* * Stop remote flushes for the previous mm. * Skip kernel threads; we never send init_mm TLB flushing IPIs, @@ -623,14 +631,6 @@ void switch_mm_irqs_off(struct mm_struct *unused, struct mm_struct *next, next_tlb_gen = atomic64_read(&next->context.tlb_gen); choose_new_asid(next, next_tlb_gen, &new_asid, &need_flush); - - /* - * Indicate that CR3 is about to change. nmi_uaccess_okay() - * and others are sensitive to the window where mm_cpumask(), - * CR3 and cpu_tlbstate.loaded_mm are not all in sync. - */ - this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING); - barrier(); } new_lam = mm_lam_cr3_mask(next); -- 2.43.7

6 days, 16 hours

1
0
0 0

[PATCH 5.10] comedi: pcl726: Prevent invalid irq number

by Andrey Troshin

From: Edward Adam Davis <eadavis(a)qq.com> commit 96cb948408b3adb69df7e451ba7da9d21f814d00 upstream. The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob. Added an interrupt number check to prevent users from passing in an irq number that was too large. If `it->options[1]` is 31, then `1 << it->options[1]` is still invalid because it shifts a 1-bit into the sign bit (which is UB in C). Possible solutions include reducing the upper bound on the `it->options[1]` value to 30 or lower, or using `1U << it->options[1]`. The old code would just not attempt to request the IRQ if the `options[1]` value were invalid. And it would still configure the device without interrupts even if the call to `request_irq` returned an error. So it would be better to combine this test with the test below. Fixes: fff46207245c ("staging: comedi: pcl726: enable the interrupt support code") Cc: stable <stable(a)kernel.org> # 5.13+ Reported-by: syzbot+5cd373521edd68bebcb3(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5cd373521edd68bebcb3 Tested-by: syzbot+5cd373521edd68bebcb3(a)syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Reviewed-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/tencent_3C66983CC1369E962436264A50759176BF09@qq.c… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Andrey Troshin: backport fix from drivers/comedi/drivers/pcl726.c to drivers/staging/comedi/drivers/pcl726.c] Signed-off-by: Andrey Troshin <drtrosh(a)yandex-team.ru> --- Backport fix for CVE-2025-39685 Link: https://nvd.nist.gov/vuln/detail/CVE-2025-39685 --- drivers/staging/comedi/drivers/pcl726.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/staging/comedi/drivers/pcl726.c b/drivers/staging/comedi/drivers/pcl726.c index 64eb649c9813..f26d7f07d749 100644 --- a/drivers/staging/comedi/drivers/pcl726.c +++ b/drivers/staging/comedi/drivers/pcl726.c @@ -327,7 +327,8 @@ static int pcl726_attach(struct comedi_device *dev, * Hook up the external trigger source interrupt only if the * user config option is valid and the board supports interrupts. */ - if (it->options[1] && (board->irq_mask & (1 << it->options[1]))) { + if (it->options[1] > 0 && it->options[1] < 16 && + (board->irq_mask & (1U << it->options[1]))) { ret = request_irq(it->options[1], pcl726_interrupt, 0, dev->board_name, dev); if (ret == 0) { -- 2.34.1

6 days, 16 hours

1
0
0 0

[PATCH 6.17 000/184] 6.17.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.6 release. There are 184 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.6-rc1 William Breathitt Gray <wbg(a)kernel.org> gpio: idio-16: Define fixed direction of the GPIO lines Ioana Ciornei <ioana.ciornei(a)nxp.com> gpio: regmap: add the .fixed_direction_output configuration parameter Mathieu Dubois-Briand <mathieu.dubois-briand(a)bootlin.com> gpio: regmap: Allow to allocate regmap-irq device Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options David Hildenbrand <david(a)redhat.com> vmw_balloon: indicate success when effectively deflating during migration David Hildenbrand <david(a)redhat.com> treewide: remove MIGRATEPAGE_SUCCESS David Hildenbrand <david(a)redhat.com> mm/migrate: remove MIGRATEPAGE_UNMAP Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix sending clear and trigger events Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Return -EINTR on device clear Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Fix no EOI on 1 and 2 byte writes Ma Ke <make24(a)iscas.ac.cn> staging: gpib: Fix device reference leak in fmh_gpib driver Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: remove useless enable of enhanced features Daniel Golle <daniel(a)makrotopia.org> serial: 8250_mtk: Enable baud clock and manage in runtime PM Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> dt-bindings: usb: qcom,snps-dwc3: Fix bindings for X1E80100 Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: serial: sh-sci: Fix r8a78000 interrupts Cosmin Tanislav <cosmin-gabriel.tanislav.xa(a)renesas.com> tty: serial: sh-sci: fix RSCI FIFO overrun handling Michael Grzeschik <m.grzeschik(a)pengutronix.de> tcpm: switch check for role_sw device with fw_node Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Junhao Xie <bigfoot(a)radxa.com> misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Cosmin Tanislav <cosmin-gabriel.tanislav.xa(a)renesas.com> nvmem: rcar-efuse: add missing MODULE_DEVICE_TABLE Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Andrew Cooper <andrew.cooper3(a)citrix.com> x86/microcode: Fix Entrysign revision check for Zen1/Naples Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> sched: Remove never used code in mm_cid_get() Alok Tiwari <alok.a.tiwari(a)oracle.com> io_uring: correct __must_hold annotation in io_install_fixed_file Haotian Zhang <vulab(a)iscas.ac.cn> gpio: ljca: Fix duplicated IRQ mapping Christoph Hellwig <hch(a)lst.de> block: require LBA dma_alignment when using PI Lorenzo Pieralisi <lpieralisi(a)kernel.org> of/irq: Add msi-parent check to of_msi_xlate() Lorenzo Pieralisi <lpieralisi(a)kernel.org> of/irq: Convert of_msi_map_id() callers to of_msi_xlate() Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Fix 24bit pixel crossing page boundaries Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Fix qr_code, ensure vmargin is positive Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Fix drawing the logo on a small narrow screen Ondrej Mosnacek <omosnace(a)redhat.com> nbd: override creds to kernel when calling sock_{send,recv}msg() Alok Tiwari <alok.a.tiwari(a)oracle.com> io_uring: fix incorrect unlikely() usage in io_waitid_prep() Guenter Roeck <linux(a)roeck-us.net> hwmon: (sht3x) Fix error handling Li Qiang <liqiang01(a)kylinos.cn> hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() Erick Karanja <karanja99erick(a)gmail.com> hwmon: (pmbus/isl68137) Fix child node reference leak on early return Paul Walmsley <pjw(a)kernel.org> riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id() Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Anup Patel <apatel(a)ventanamicro.com> RISC-V: Define pgprot_dmacoherent() for non-coherent devices Akash Goel <akash.goel(a)arm.com> drm/panthor: Fix kernel panic on partial unmap of a GPU VA region Fernando Fernandez Mancera <fmancera(a)suse.de> sysfs: check visibility before changing group attribute ownership Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: fix reading/writing of flashes with more than one plane per lun Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: switch back to non-dma mode in the case of error Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: add support of dual/quad wires spi modes to exec_op() handler Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha: return an error for continuous mode dirmap creation cases Artem Shimko <a.shimko.dev(a)gmail.com> firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode Cristian Marussi <cristian.marussi(a)arm.com> include: trace: Fix inflight count helper on failed initialization Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Account for failed debug initialization Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: broadcom: bcm2712: Define VGIC interrupt Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: broadcom: bcm2712: Add default GIC address cells Mattijs Korpershoek <mkorpershoek(a)kernel.org> spi: cadence-quadspi: Fix pm_runtime unbalance on dma EPROBE_DEFER Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: limit the clock rate for different sample clock source selection Han Xu <han.xu(a)nxp.com> spi: spi-nxp-fspi: add extra delay after dll locked Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: re-config the clock rate when operation require new clock rate Haibo Chen <haibo.chen(a)nxp.com> spi: spi-nxp-fspi: add the support for sample data from DQS pad Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Add support for IMPDEF value in the memory access descriptor Marek Szyprowski <m.szyprowski(a)samsung.com> spi: rockchip-sfc: Fix DMA-API usage SeongJae Park <sj(a)kernel.org> mm/damon/sysfs: dealloc commit test ctx always SeongJae Park <sj(a)kernel.org> mm/damon/sysfs: catch commit test ctx alloc failure Enze Li <lienze(a)kylinos.cn> mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme SeongJae Park <sj(a)kernel.org> mm/damon/core: fix list_add_tail() call on damon_call() SeongJae Park <sj(a)kernel.org> mm/damon/core: use damos_commit_quota_goal() for new goal commit Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: increase max link count and fix link->enc NULL pointer access Matthew Brost <matthew.brost(a)intel.com> drm/xe: Check return value of GGTT workqueue allocation Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm/mremap: correctly account old mapping after MREMAP_DONTUNMAP remap Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> mm: prevent poison consumption when splitting THP Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'delete re-add signal' as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark implicit tests as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'flush re-add' as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Sebastian Reichel <sebastian.reichel(a)collabora.com> net: stmmac: dwmac-rk: Fix disabling set_clock_selection Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: update the slave array for broadcast mode Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Nam Cao <namcao(a)linutronix.de> rv: Make rtapp/pagefault monitor depends on CONFIG_MMU Nam Cao <namcao(a)linutronix.de> rv: Fully convert enabled_monitors to use list_head as iterator Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Update adpm12160 coeff due to latest FW Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. David Howells <dhowells(a)redhat.com> cifs: Fix TCP_Server_Info::credits to be signed Marc Kleine-Budde <mkl(a)pengutronix.de> can: netlink: can_changelink(): allow disabling of automatic restart Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not warn if the page is already tagged in copy_highpage() Xi Ruoyao <xry111(a)xry111.site> ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Paulo Alcantara <pc(a)manguebit.org> smb: client: get rid of d_drop() in cifs_do_rename() Hao Ge <gehao(a)kylinos.cn> slab: Fix obj_ext mistakenly considered NULL due to race condition Hao Ge <gehao(a)kylinos.cn> slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts Danilo Krummrich <dakr(a)kernel.org> rust: device: fix device context of Device::parent() Paul Walmsley <pjw(a)kernel.org> riscv: cpufeature: avoid uninitialized variable in has_thead_homogeneous_vlenb() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers tr1x_em <admin(a)trix.is-a.dev> platform/x86: alienware-wmi-wmax: Add AWCC support to Dell G15 5530 Darrick J. Wong <djwong(a)kernel.org> xfs: fix locking in xchk_nlinks_collect_dir William Breathitt Gray <wbg(a)kernel.org> gpio: 104-idio-16: Define maximum valid register address offset William Breathitt Gray <wbg(a)kernel.org> gpio: pci-idio-16: Define maximum valid register address offset Amit Dhingra <mechanicalamit(a)gmail.com> btrfs: ref-verify: fix IS_ERR() vs NULL check in btrfs_build_ref_tree() Ting-Chang Hou <tchou(a)synology.com> btrfs: send: fix duplicated rmdir operations when using extrefs Dewei Meng <mengdewei(a)cqsoftware.com.cn> btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: be smarter on when to update the stime usage Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: switch away from getrusage() for CPU accounting Jingwei Wang <wangjingwei(a)iscas.ac.cn> riscv: hwprobe: Fix stale vDSO data for late-initialized keys at boot Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Jason Wang <jasowang(a)redhat.com> virtio-net: zero unused hash fields Marek Szyprowski <m.szyprowski(a)samsung.com> dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Alexei Starovoitov <ast(a)kernel.org> mm: don't spin in add_stack_record when gfp flags don't allow Lance Yang <lance.yang(a)linux.dev> hung_task: fix warnings caused by unaligned lock pointers Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Jakub Acs <acsjakub(a)amazon.de> fs/notify: call exportfs_encode_fid with s_umount Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix IPsec cleanup over MPV device Robert Marko <robert.marko(a)sartura.hr> net: phy: micrel: always set shared->phydev for LAN8814 Ralf Lici <ralf(a)mandelbit.com> ovpn: use datagram_poll_queue for socket readiness in TCP Ralf Lici <ralf(a)mandelbit.com> net: datagram: introduce datagram_poll_queue for custom receive queues Ralf Lici <ralf(a)mandelbit.com> espintcp: use datagram_poll_queue for socket readiness Fernando Fernandez Mancera <fmancera(a)suse.de> net: hsr: prevent creation of HSR device with slaves from another netns Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Jiasheng Jiang <jiashengjiangcool(a)gmail.com> ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop Heiner Kallweit <hkallweit1(a)gmail.com> net: hibmcge: select FIXED_PHY Gao Xiang <xiang(a)kernel.org> erofs: avoid infinite loops due to corrupted subpage compact indexes Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Aksh Garg <a-garg7(a)ti.com> net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions Wang Liang <wangliang74(a)huawei.com> net/smc: fix general protection fault in __smc_diag_dump Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ Xin Long <lucien.xin(a)gmail.com> selftests: net: fix server bind failure in sctp_vrf.sh Marc Kleine-Budde <mkl(a)pengutronix.de> can: rockchip-canfd: rkcanfd_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Marc Kleine-Budde <mkl(a)pengutronix.de> can: esd: acc_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Marc Kleine-Budde <mkl(a)pengutronix.de> can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Aleksander Jan Bajkowski <olek2(a)wp.pl> net: phy: realtek: fix rtl8221b-vm-cg name Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Jianpeng Chang <jianpeng.chang.cn(a)windriver.com> net: enetc: fix the deadlock of enetc_mdio_lock Gao Xiang <xiang(a)kernel.org> erofs: fix crafted invalid cases for encoded extents Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nathan Chancellor <nathan(a)kernel.org> net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Mario Limonciello (AMD) <superm1(a)kernel.org> cpufreq/amd-pstate: Fix a regression leading to EPP 0 after hibernate David Thompson <davthompson(a)nvidia.com> platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init Linus Torvalds <torvalds(a)linux-foundation.org> Unbreak 'make tools/*' for user-space targets Stefan Metzmacher <metze(a)samba.org> smb: server: let smb_direct_flush_send_list() invalidate a remote key first Stefan Metzmacher <metze(a)samba.org> smb: client: make use of ib_wc_status_msg() and skip IB_WC_WR_FLUSH_ERR logging Stefan Metzmacher <metze(a)samba.org> smb: client: limit the range of info->receive_credit_target Stefan Metzmacher <metze(a)samba.org> smb: client: queue post_recv_credits_work also if the peer raises the credit target Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Use __GFP_ACCOUNT for user page table allocations Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi: Relax the event ID check in the framework Clément Léger <cleger(a)rivosinc.com> riscv: cpufeature: add validation for zfa, zfh and zfhmin Junhui Liu <junhui.liu(a)pigmoral.tech> riscv: mm: Use mmu-type from FDT to limit SATP mode Junhui Liu <junhui.liu(a)pigmoral.tech> riscv: mm: Return intended SATP mode for noXlvl options Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix unlikely race in gdlm_put_lock Fuad Tabba <tabba(a)google.com> arm64: sysreg: Correct sign definitions for EIESB and DoubleLock Junjie Cao <junjie.cao(a)intel.com> lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Kees Cook <kees(a)kernel.org> PCI: Test for bit underflow in pcie_set_readrq() Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Harald Freudenberger <freude(a)linux.ibm.com> s390/pkey: Forward keygenflags to ep11_unwrapkey Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Alexander Aring <aahringo(a)redhat.com> dlm: move to rinfo for all middle conversion cases Randy Dunlap <rdunlap(a)infradead.org> cgroup/misc: fix misc_res_type kernel-doc warning Jan Kara <jack(a)suse.cz> expfs: Fix exportfs_can_encode_fh() for EXPORT_FH_FID Nipun Gupta <nipun.gupta(a)amd.com> vfio/cdx: update driver to build without CONFIG_GENERIC_MSI_IRQ K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Block delayed tasks on throttled hierarchy during dequeue ------------- Diffstat: .../devicetree/bindings/serial/renesas,scif.yaml | 1 + .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- .../devicetree/bindings/usb/qcom,snps-dwc3.yaml | 3 + Makefile | 8 +- arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 3 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/mm/copypage.c | 11 +- arch/arm64/tools/sysreg | 4 +- arch/m68k/include/asm/bitops.h | 25 ++-- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 +++ arch/powerpc/include/asm/pgtable.h | 12 -- arch/powerpc/mm/book3s32/mmu.c | 4 +- arch/powerpc/mm/pgtable_32.c | 2 +- arch/powerpc/platforms/pseries/cmm.c | 2 +- arch/riscv/include/asm/hwprobe.h | 7 ++ arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/include/asm/vdso/arch_data.h | 6 + arch/riscv/kernel/cpu.c | 4 +- arch/riscv/kernel/cpufeature.c | 10 +- arch/riscv/kernel/pi/cmdline_early.c | 4 +- arch/riscv/kernel/pi/fdt_early.c | 40 ++++++ arch/riscv/kernel/pi/pi.h | 1 + arch/riscv/kernel/sys_hwprobe.c | 94 ++++++++++---- arch/riscv/kernel/unaligned_access_speed.c | 9 +- arch/riscv/kernel/vdso/hwprobe.c | 2 +- arch/riscv/mm/init.c | 11 +- arch/s390/mm/pgalloc.c | 13 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- block/blk-settings.c | 10 ++ drivers/acpi/acpica/tbprint.c | 6 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 136 +++++++++++++-------- drivers/block/nbd.c | 15 +++ drivers/comedi/comedi_buf.c | 2 +- drivers/cpufreq/amd-pstate.c | 6 +- drivers/cpuidle/governors/menu.c | 21 ++-- drivers/firmware/arm_ffa/driver.c | 37 ++++-- drivers/firmware/arm_scmi/common.h | 32 ++++- drivers/firmware/arm_scmi/driver.c | 54 +++----- drivers/gpio/gpio-104-idio-16.c | 1 + drivers/gpio/gpio-idio-16.c | 5 + drivers/gpio/gpio-ljca.c | 14 +-- drivers/gpio/gpio-pci-idio-16.c | 1 + drivers/gpio/gpio-regmap.c | 53 +++++++- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 3 + drivers/gpu/drm/amd/display/dc/inc/hw/hw_shared.h | 8 +- drivers/gpu/drm/drm_panic.c | 54 +++++++- drivers/gpu/drm/panthor/panthor_mmu.c | 10 +- drivers/gpu/drm/xe/xe_ggtt.c | 3 + drivers/hwmon/cgbc-hwmon.c | 3 + drivers/hwmon/pmbus/isl68137.c | 3 +- drivers/hwmon/pmbus/max34440.c | 12 +- drivers/hwmon/sht3x.c | 27 ++-- drivers/irqchip/irq-gic-v3-its-fsl-mc-msi.c | 2 +- drivers/misc/fastrpc.c | 2 + drivers/misc/lkdtm/fortify.c | 6 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/vmw_balloon.c | 8 +- drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 47 ++++--- drivers/net/can/bxcan.c | 2 +- drivers/net/can/dev/netlink.c | 6 +- drivers/net/can/esd/esdacc.c | 2 +- drivers/net/can/rockchip/rockchip_canfd-tx.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.c | 25 +++- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/hisilicon/Kconfig | 1 + .../net/ethernet/mellanox/mlx5/core/en/params.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 5 + .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 25 +++- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 51 ++++++-- drivers/net/ethernet/renesas/ravb_main.c | 24 +++- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 +- drivers/net/ethernet/ti/am65-cpts.c | 63 +++++++--- drivers/net/ovpn/tcp.c | 26 +++- drivers/net/phy/micrel.c | 4 +- drivers/net/phy/realtek/realtek_main.c | 16 +-- drivers/net/usb/rtl8150.c | 11 +- drivers/nvmem/rcar-efuse.c | 1 + drivers/of/irq.c | 62 ++++++---- drivers/pci/msi/irqdomain.c | 2 +- drivers/pci/pci.c | 6 +- drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 +- drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 +- drivers/platform/mellanox/mlxbf-pmc.c | 1 + drivers/platform/x86/dell/alienware-wmi-wmax.c | 12 +- drivers/ptp/ptp_ocp.c | 2 +- drivers/s390/crypto/zcrypt_ep11misc.c | 4 +- drivers/spi/spi-airoha-snfi.c | 128 ++++++++++++++----- drivers/spi/spi-cadence-quadspi.c | 5 +- drivers/spi/spi-nxp-fspi.c | 80 +++++++++++- drivers/spi/spi-rockchip-sfc.c | 12 +- .../staging/gpib/agilent_82350b/agilent_82350b.c | 12 +- drivers/staging/gpib/fmh_gpib/fmh_gpib.c | 5 + drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 13 +- drivers/tty/serial/8250/8250_dw.c | 4 +- drivers/tty/serial/8250/8250_exar.c | 11 ++ drivers/tty/serial/8250/8250_mtk.c | 6 +- drivers/tty/serial/sc16is7xx.c | 7 -- drivers/tty/serial/sh-sci.c | 14 ++- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/host/xhci-dbgcap.c | 15 ++- drivers/usb/serial/option.c | 10 ++ drivers/usb/typec/tcpm/tcpm.c | 4 +- drivers/vfio/cdx/Makefile | 6 +- drivers/vfio/cdx/private.h | 14 +++ drivers/virtio/virtio_balloon.c | 2 +- fs/aio.c | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ref-verify.c | 2 +- fs/btrfs/send.c | 56 +++++++-- fs/btrfs/super.c | 8 +- fs/dlm/lock.c | 2 +- fs/dlm/lockspace.c | 2 +- fs/dlm/recover.c | 2 +- fs/erofs/zmap.c | 39 +++--- fs/exec.c | 2 +- fs/gfs2/lock_dlm.c | 11 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 +++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ------- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++++++ fs/hfsplus/super.c | 25 +++- fs/hugetlbfs/inode.c | 4 +- fs/jfs/jfs_metapage.c | 8 +- fs/notify/fdinfo.c | 6 + fs/ocfs2/move_extents.c | 5 + fs/smb/client/cifsglob.h | 2 +- fs/smb/client/inode.c | 5 +- fs/smb/client/smbdirect.c | 30 +++-- fs/smb/client/smbdirect.h | 2 +- fs/smb/server/transport_rdma.c | 11 +- fs/sysfs/group.c | 26 +++- fs/xfs/scrub/nlinks.c | 34 +++++- fs/xfs/xfs_super.c | 33 +++-- include/linux/arm_ffa.h | 21 +++- include/linux/exportfs.h | 7 +- include/linux/gpio/regmap.h | 16 +++ include/linux/hung_task.h | 8 +- include/linux/migrate.h | 11 +- include/linux/misc_cgroup.h | 2 +- include/linux/of_irq.h | 6 - include/linux/skbuff.h | 3 + include/linux/virtio_net.h | 4 + io_uring/fdinfo.c | 8 +- io_uring/filetable.c | 2 +- io_uring/sqpoll.c | 65 +++++++--- io_uring/sqpoll.h | 1 + io_uring/waitid.c | 2 +- kernel/dma/debug.c | 5 +- kernel/sched/fair.c | 9 +- kernel/sched/sched.h | 2 - kernel/trace/rv/monitors/pagefault/Kconfig | 1 + kernel/trace/rv/rv.c | 12 +- mm/damon/core.c | 7 +- mm/damon/sysfs.c | 7 +- mm/huge_memory.c | 3 + mm/migrate.c | 88 +++++++------ mm/migrate_device.c | 2 +- mm/mremap.c | 15 +-- mm/page_owner.c | 3 + mm/slub.c | 23 ++-- mm/zsmalloc.c | 4 +- net/core/datagram.c | 44 +++++-- net/core/rtnetlink.c | 3 - net/hsr/hsr_netlink.c | 8 +- net/mptcp/pm_kernel.c | 6 + net/sctp/inqueue.c | 13 +- net/smc/smc_inet.c | 13 -- net/vmw_vsock/af_vsock.c | 38 +++--- net/xfrm/espintcp.c | 6 +- rust/kernel/auxiliary.rs | 8 +- rust/kernel/device.rs | 4 +- tools/objtool/check.c | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 8 +- tools/testing/selftests/net/sctp_hello.c | 17 +-- tools/testing/selftests/net/sctp_vrf.sh | 73 ++++++----- 186 files changed, 1849 insertions(+), 834 deletions(-)

6 days, 16 hours

14
197
0 0

[PATCH 6.6 00/84] 6.6.115-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.115 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.115-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.115-rc1 Haoyu Li <lihaoyu499(a)gmail.com> gpio: ljca: Initialize num before accessing item in ljca_gpio_config Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Amir Goldstein <amir73il(a)gmail.com> fuse: allocate ff->release_args only if release is needed Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Jakub Acs <acsjakub(a)amazon.de> fs/notify: call exportfs_encode_fid with s_umount Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Daniel Golle <daniel(a)makrotopia.org> serial: 8250_mtk: Enable baud clock and manage in runtime PM Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Michael Grzeschik <m.grzeschik(a)pengutronix.de> tcpm: switch check for role_sw device with fw_node Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Junhao Xie <bigfoot(a)radxa.com> misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Andrew Cooper <andrew.cooper3(a)citrix.com> x86/microcode: Fix Entrysign revision check for Zen1/Naples Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> sched: Remove never used code in mm_cid_get() Alok Tiwari <alok.a.tiwari(a)oracle.com> io_uring: correct __must_hold annotation in io_install_fixed_file Haotian Zhang <vulab(a)iscas.ac.cn> gpio: ljca: Fix duplicated IRQ mapping Wentong Wu <wentong.wu(a)intel.com> gpio: update Intel LJCA USB GPIO driver Guenter Roeck <linux(a)roeck-us.net> hwmon: (sht3x) Fix error handling Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Anup Patel <apatel(a)ventanamicro.com> RISC-V: Define pgprot_dmacoherent() for non-coherent devices Artem Shimko <a.shimko.dev(a)gmail.com> firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Account for failed debug initialization Han Xu <han.xu(a)nxp.com> spi: spi-nxp-fspi: add extra delay after dll locked Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark implicit tests as skipped if not supported Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: mark 'flush re-add' as skipped if not supported Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Sebastian Reichel <sebastian.reichel(a)collabora.com> net: stmmac: dwmac-rk: Fix disabling set_clock_selection Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering David Howells <dhowells(a)redhat.com> cifs: Fix TCP_Server_Info::credits to be signed Marc Kleine-Budde <mkl(a)pengutronix.de> can: netlink: can_changelink(): allow disabling of automatic restart Xi Ruoyao <xry111(a)xry111.site> ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" William Breathitt Gray <wbg(a)kernel.org> gpio: 104-idio-16: Define maximum valid register address offset William Breathitt Gray <wbg(a)kernel.org> gpio: pci-idio-16: Define maximum valid register address offset Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Marek Szyprowski <m.szyprowski(a)samsung.com> dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ Amery Hung <ameryhung(a)gmail.com> net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead Xin Long <lucien.xin(a)gmail.com> selftests: net: fix server bind failure in sctp_vrf.sh Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert sctp_vrf.sh to run it in unique namespace Marc Kleine-Budde <mkl(a)pengutronix.de> can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Jianpeng Chang <jianpeng.chang.cn(a)windriver.com> net: enetc: fix the deadlock of enetc_mdio_lock Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nathan Chancellor <nathan(a)kernel.org> net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() Linus Torvalds <torvalds(a)linux-foundation.org> Unbreak 'make tools/*' for user-space targets Stefan Metzmacher <metze(a)samba.org> smb: server: let smb_direct_flush_send_list() invalidate a remote key first Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi: Relax the event ID check in the framework Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Junjie Cao <junjie.cao(a)intel.com> lkdtm: fortify: Fix potential NULL dereference on kmalloc failure Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret ------------- Diffstat: .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- Makefile | 8 +- arch/arm64/include/asm/pgtable.h | 3 +- arch/m68k/include/asm/bitops.h | 25 ++- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 ++ arch/powerpc/include/asm/pgtable.h | 12 - arch/powerpc/mm/book3s32/mmu.c | 4 +- arch/powerpc/mm/pgtable_32.c | 2 +- arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/kernel/cpu.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/resctrl/monitor.c | 12 +- drivers/acpi/acpica/tbprint.c | 6 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 138 +++++++----- drivers/comedi/comedi_buf.c | 2 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/firmware/arm_scmi/common.h | 24 +- drivers/firmware/arm_scmi/driver.c | 47 ++-- drivers/gpio/Kconfig | 4 +- drivers/gpio/gpio-104-idio-16.c | 1 + drivers/gpio/gpio-ljca.c | 248 ++++++++++++--------- drivers/gpio/gpio-pci-idio-16.c | 1 + drivers/hwmon/sht3x.c | 27 ++- drivers/misc/fastrpc.c | 2 + drivers/misc/lkdtm/fortify.c | 6 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 40 ++-- drivers/net/can/bxcan.c | 2 +- drivers/net/can/dev/netlink.c | 6 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 2 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.c | 27 ++- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/freescale/fec_main.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/ice/ice_txrx_lib.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 2 +- drivers/net/ethernet/marvell/mvneta.c | 2 +- drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 7 + .../net/ethernet/mellanox/mlx5/core/en/params.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en/xdp.h | 6 - drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 128 +++++++---- drivers/net/ethernet/netronome/nfp/nfd3/xsk.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 24 +- drivers/net/ethernet/sfc/efx_channels.c | 2 +- drivers/net/ethernet/sfc/siena/efx_channels.c | 2 +- drivers/net/ethernet/socionext/netsec.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 9 +- drivers/net/ethernet/ti/cpsw_priv.c | 2 +- drivers/net/usb/rtl8150.c | 11 +- drivers/perf/hisilicon/hisi_uncore_pmu.c | 2 +- drivers/perf/hisilicon/hisi_uncore_pmu.h | 3 +- drivers/s390/cio/device.c | 37 +-- drivers/spi/spi-nxp-fspi.c | 6 + drivers/tty/serial/8250/8250_dw.c | 4 +- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/tty/serial/8250/8250_mtk.c | 6 +- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/serial/option.c | 10 + drivers/usb/typec/tcpm/tcpm.c | 4 +- fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/fuse/dir.c | 2 +- fs/fuse/file.c | 75 ++++--- fs/fuse/fuse_i.h | 2 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 ++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ---- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 ++++ fs/hfsplus/super.c | 25 ++- fs/notify/fdinfo.c | 6 + fs/ocfs2/move_extents.c | 5 + fs/smb/client/cifsglob.h | 2 +- fs/smb/server/transport_rdma.c | 11 +- fs/xfs/xfs_super.c | 33 ++- io_uring/filetable.c | 2 +- kernel/dma/debug.c | 5 +- kernel/sched/sched.h | 2 - net/core/rtnetlink.c | 3 - net/sctp/inqueue.c | 13 +- net/vmw_vsock/af_vsock.c | 38 ++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 6 +- tools/testing/selftests/net/sctp_hello.c | 17 +- tools/testing/selftests/net/sctp_vrf.sh | 85 ++++--- 98 files changed, 917 insertions(+), 604 deletions(-)

6 days, 17 hours

11
94
0 0

[PATCH v2 2/4] ASoC: cs4271: Disable regulators in component_probe() error path

by Herve Codina

The commit 9a397f473657 ("ASoC: cs4271: add regulator consumer support") has introduced regulators in the driver. Regulators are enabled at the beginning of component_probe() but they are not disabled on errors. This can lead to unbalanced enable/disable. Fix the error path to disable regulators on errors. Fixes: 9a397f473657 ("ASoC: cs4271: add regulator consumer support") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- sound/soc/codecs/cs4271.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sound/soc/codecs/cs4271.c b/sound/soc/codecs/cs4271.c index ff9c6628224c..a9d333e6c723 100644 --- a/sound/soc/codecs/cs4271.c +++ b/sound/soc/codecs/cs4271.c @@ -572,17 +572,17 @@ static int cs4271_component_probe(struct snd_soc_component *component) ret = regcache_sync(cs4271->regmap); if (ret < 0) - return ret; + goto err_disable_regulators; ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2, CS4271_MODE2_PDN | CS4271_MODE2_CPEN, CS4271_MODE2_PDN | CS4271_MODE2_CPEN); if (ret < 0) - return ret; + goto err_disable_regulators; ret = regmap_update_bits(cs4271->regmap, CS4271_MODE2, CS4271_MODE2_PDN, 0); if (ret < 0) - return ret; + goto err_disable_regulators; /* Power-up sequence requires 85 uS */ udelay(85); @@ -592,6 +592,10 @@ static int cs4271_component_probe(struct snd_soc_component *component) CS4271_MODE2_MUTECAEQUB); return 0; + +err_disable_regulators: + regulator_bulk_disable(ARRAY_SIZE(cs4271->supplies), cs4271->supplies); + return ret; } static void cs4271_component_remove(struct snd_soc_component *component) -- 2.51.0

6 days, 17 hours

2
1
0 0

[PATCH 5.15 000/117] 5.15.196-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.196 release. There are 117 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 30 Oct 2025 09:28:07 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.196-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.196-rc2 Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Reset BARs when running in PCIe endpoint mode Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Drop PMSR spinlock Marek Vasut <marek.vasut+renesas(a)gmail.com> PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Amir Goldstein <amir73il(a)gmail.com> fuse: allocate ff->release_args only if release is needed Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Niko Mauno <niko.mauno(a)vaisala.com> Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads (part 2) Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Jakub Kicinski <kuba(a)kernel.org> net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sascha Hauer <s.hauer(a)pengutronix.de> net: tls: wait for async completion on last message David Howells <dhowells(a)redhat.com> splice, net: Add a splice_eof op to file-ops and socket-ops Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init ------------- Diffstat: Documentation/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Makefile | 4 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/m68k/include/asm/bitops.h | 25 ++-- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 +++ arch/riscv/kernel/probes/kprobes.c | 13 +- block/blk-crypto-fallback.c | 3 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/power/runtime.c | 44 +++++++ drivers/comedi/comedi_buf.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 14 ++- drivers/cpuidle/governors/menu.c | 21 ++-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 +++++---------- drivers/hid/hid-multitouch.c | 27 ++-- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 ++---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 ++---- drivers/media/rc/lirc_dev.c | 15 +-- drivers/media/rc/rc-main.c | 6 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 40 +++--- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 ++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/renesas/ravb_main.c | 8 ++ drivers/net/usb/aqc111.c | 2 +- drivers/net/usb/lan78xx.c | 42 +++++-- drivers/net/usb/r8152.c | 9 +- drivers/net/usb/rndis_host.c | 2 +- drivers/net/usb/rtl8150.c | 13 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 +++ drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/pci/controller/cadence/pci-j721e.c | 64 +++++++++- drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/dwc/pcie-tegra194.c | 28 ++++- drivers/pci/controller/pcie-rcar-host.c | 83 +++++++------ drivers/pci/pci-sysfs.c | 10 +- drivers/s390/cio/device.c | 37 ++++-- drivers/tty/serial/8250/8250_exar.c | 11 ++ drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/function/f_acm.c | 42 +++---- drivers/usb/gadget/function/f_ncm.c | 78 +++++------- drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/gadget/udc/core.c | 3 + drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/serial/option.c | 10 ++ fs/btrfs/relocation.c | 13 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/ext4/inode.c | 8 ++ fs/f2fs/data.c | 2 +- fs/fuse/dir.c | 2 +- fs/fuse/file.c | 75 ++++++----- fs/fuse/fuse_i.h | 2 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 +++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ------ fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++++++ fs/hfsplus/super.c | 25 +++- fs/hfsplus/unicode.c | 24 ++++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/flexfilelayout.c | 8 ++ fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 34 +++-- fs/nfsd/nfs4xdr.c | 14 +-- fs/nfsd/xdr4.h | 36 +++++- fs/ocfs2/move_extents.c | 5 + fs/splice.c | 31 ++++- fs/xfs/libxfs/xfs_log_format.h | 30 ++++- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 +++-- fs/xfs/xfs_ondisk.h | 2 + fs/xfs/xfs_super.c | 33 +++-- include/linux/cpufreq.h | 3 + include/linux/fs.h | 1 + include/linux/net.h | 1 + include/linux/netdevice.h | 9 ++ include/linux/pm_runtime.h | 4 + include/linux/splice.h | 1 + include/linux/usb/gadget.h | 25 ++++ include/net/ip_tunnels.h | 15 +++ include/net/rtnetlink.h | 9 +- include/net/sock.h | 1 + include/uapi/linux/netlink.h | 1 + kernel/padata.c | 6 +- kernel/sched/fair.c | 38 +++--- net/core/rtnetlink.c | 81 ++++++++---- net/ipv4/ip_tunnel.c | 14 --- net/ipv4/tcp_output.c | 19 ++- net/ipv6/ip6_tunnel.c | 3 +- net/sctp/inqueue.c | 13 +- net/socket.c | 10 ++ net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 22 +++- net/vmw_vsock/af_vsock.c | 38 +++--- sound/firewire/amdtp-stream.h | 2 +- sound/usb/card.c | 10 +- tools/perf/tests/perf-record.c | 4 - 128 files changed, 1305 insertions(+), 728 deletions(-)

6 days, 19 hours

9
8
0 0

[Patch v2] perf/x86/intel: Fix KASAN global-out-of-bounds warning

by Dapeng Mi

When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. 196.273657] ================================================================== [ 196.273662] BUG: KASAN: global-out-of-bounds in cmt_latency_data+0x176/0x1b0 [ 196.273669] Read of size 4 at addr ffffffffb721d000 by task dtlb/9850 [ 196.273676] CPU: 126 UID: 0 PID: 9850 Comm: dtlb Kdump: loaded Not tainted 6.17.0-rc3-2025-08-29-intel-next-34160-g316938187eb0 #1 PREEMPT(none) [ 196.273680] Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.IPC.3544.P83.2507110208 07/11/2025 [ 196.273682] Call Trace: [ 196.273683] <NMI> [ 196.273684] dump_stack_lvl+0x55/0x70 [ 196.273689] print_address_description.constprop.0+0x2c/0x3d0 [ 196.273694] ? cmt_latency_data+0x176/0x1b0 [ 196.273696] print_report+0xb4/0x270 [ 196.273699] ? kasan_addr_to_slab+0xd/0xa0 [ 196.273702] kasan_report+0xb8/0xf0 [ 196.273705] ? cmt_latency_data+0x176/0x1b0 [ 196.273707] cmt_latency_data+0x176/0x1b0 [ 196.273710] setup_arch_pebs_sample_data+0xf49/0x2560 [ 196.273713] intel_pmu_drain_arch_pebs+0x577/0xb00 [ 196.273716] ? __pfx_intel_pmu_drain_arch_pebs+0x10/0x10 [ 196.273719] ? perf_output_begin+0x3e4/0xa10 [ 196.273724] ? intel_pmu_drain_bts_buffer+0xc2/0x6a0 [ 196.273727] ? __pfx_intel_pmu_drain_bts_buffer+0x10/0x10 [ 196.273730] handle_pmi_common+0x6c4/0xc80 [ 196.273734] ? __pfx_handle_pmi_common+0x10/0x10 [ 196.273738] ? intel_bts_interrupt+0xd3/0x4d0 [ 196.273740] ? __pfx_intel_bts_interrupt+0x10/0x10 [ 196.273742] ? intel_pmu_lbr_enable_all+0x25/0x150 [ 196.273745] intel_pmu_handle_irq+0x388/0x700 [ 196.273748] perf_event_nmi_handler+0xff/0x150 [ 196.273751] nmi_handle.part.0+0xa8/0x2d0 [ 196.273755] ? perf_output_begin+0x3e9/0xa10 [ 196.273757] default_do_nmi+0x79/0x1a0 [ 196.273760] fred_exc_nmi+0x40/0x90 [ 196.273762] asm_fred_entrypoint_kernel+0x45/0x60 [ 196.273765] RIP: 0010:perf_output_begin+0x3e9/0xa10 [ 196.273768] Code: 54 24 1c 85 d2 0f 85 19 03 00 00 48 8b 44 24 18 48 c1 e8 03 42 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 25 05 00 00 41 8b 44 24 18 <c1> e0 0c 48 98 48 83 e8 01 80 7c 24 2a 00 0f 85 f9 02 00 00 4c 29 [ 196.273770] RSP: 0018:ffffc9001cf575e8 EFLAGS: 00000246 [ 196.273774] RAX: 0000000000000080 RBX: ffff88c1a0f95028 RCX: 0000000000000004 [ 196.273775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88c08c8f9408 [ 196.273777] RBP: 0000000000000028 R08: 0000000000000000 R09: ffffed18341f2a05 [ 196.273778] R10: ffff88c1a0f9502f R11: ffff88c1a0dbe1b8 R12: ffff88c1a0f95000 [ 196.273779] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9001cf577e0 [ 196.273782] </NMI> The issue is caused by below code in __grt_latency_data(). The code tries to access x86_hybrid_pmu structure which doesn't exist on non-hybrid platform like CWF. WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big) So add is_hybrid() check before calling this WARN_ON_ONCE to fix the global-out-of-bounds access issue. Reported-by: Xudong Hao <xudong.hao(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 090262439f66 ("perf/x86/intel: Rename model-specific pebs_latency_data functions") Signed-off-by: Dapeng Mi <dapeng1.mi(a)linux.intel.com> Reviewed-by: Zide Chen <zide.chen(a)intel.com> --- Changes: v2: Wrap the line that exceeds 80 characters (Zide) arch/x86/events/intel/ds.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index c0b7ac1c7594..01bc59e9286c 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -317,7 +317,8 @@ static u64 __grt_latency_data(struct perf_event *event, u64 status, { u64 val; - WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big); + WARN_ON_ONCE(is_hybrid() && + hybrid_pmu(event->pmu)->pmu_type == hybrid_big); dse &= PERF_PEBS_DATA_SOURCE_GRT_MASK; val = hybrid_var(event->pmu, pebs_data_source)[dse]; base-commit: 45e1dccc0653c50e377dae57ef086a8d0f71061d -- 2.34.1

6 days, 19 hours

2
1
0 0

[PATCH] most: usb: fix double free on late probe failure

by Johan Hovold

The MOST subsystem has a non-standard registration function which frees the interface on registration failures and on deregistration. This unsurprisingly leads to bugs in the MOST drivers, and a couple of recent changes turned a reference underflow and use-after-free in the USB driver into several double free and a use-after-free on late probe failures. Fixes: 723de0f9171e ("staging: most: remove device from interface structure") Fixes: 4b1270902609 ("most: usb: Fix use-after-free in hdm_disconnect") Fixes: a8cc9e5fcb0e ("most: usb: hdm_probe: Fix calling put_device() before device initialization") Cc: stable(a)vger.kernel.org Cc: Christian Gromm <christian.gromm(a)microchip.com> Cc: Victoria Votokina <Victoria.Votokina(a)kaspersky.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/most/most_usb.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/drivers/most/most_usb.c b/drivers/most/most_usb.c index 10064d7b7249..41ee169f80c5 100644 --- a/drivers/most/most_usb.c +++ b/drivers/most/most_usb.c @@ -1058,7 +1058,7 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id) ret = most_register_interface(&mdev->iface); if (ret) - goto err_free_busy_urbs; + return ret; mutex_lock(&mdev->io_mutex); if (le16_to_cpu(usb_dev->descriptor.idProduct) == USB_DEV_ID_OS81118 || @@ -1068,8 +1068,7 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id) if (!mdev->dci) { mutex_unlock(&mdev->io_mutex); most_deregister_interface(&mdev->iface); - ret = -ENOMEM; - goto err_free_busy_urbs; + return -ENOMEM; } mdev->dci->dev.init_name = "dci"; @@ -1078,18 +1077,15 @@ hdm_probe(struct usb_interface *interface, const struct usb_device_id *id) mdev->dci->dev.release = release_dci; if (device_register(&mdev->dci->dev)) { mutex_unlock(&mdev->io_mutex); + put_device(&mdev->dci->dev); most_deregister_interface(&mdev->iface); - ret = -ENOMEM; - goto err_free_dci; + return -ENOMEM; } mdev->dci->usb_device = mdev->usb_device; } mutex_unlock(&mdev->io_mutex); return 0; -err_free_dci: - put_device(&mdev->dci->dev); -err_free_busy_urbs: - kfree(mdev->busy_urbs); + err_free_ep_address: kfree(mdev->ep_address); err_free_cap: -- 2.51.0

6 days, 19 hours

1
0
0 0

[PATCH v5 1/2] dma-mapping: benchmark: Restore padding to ensure uABI remained consistent

by Qinxin Xia

The padding field in the structure was previously reserved to maintain a stable interface for potential new fields, ensuring compatibility with user-space shared data structures. However,it was accidentally removed by tiantao in a prior commit, which may lead to incompatibility between user space and the kernel. This patch reinstates the padding to restore the original structure layout and preserve compatibility. Fixes: 8ddde07a3d28 ("dma-mapping: benchmark: extract a common header file for map_benchmark definition") Cc: stable(a)vger.kernel.org Acked-by: Barry Song <baohua(a)kernel.org> Signed-off-by: Qinxin Xia <xiaqinxin(a)huawei.com> --- include/linux/map_benchmark.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/linux/map_benchmark.h b/include/linux/map_benchmark.h index 62674c83bde4..48e2ff95332f 100644 --- a/include/linux/map_benchmark.h +++ b/include/linux/map_benchmark.h @@ -27,5 +27,6 @@ struct map_benchmark { __u32 dma_dir; /* DMA data direction */ __u32 dma_trans_ns; /* time for DMA transmission in ns */ __u32 granule; /* how many PAGE_SIZE will do map/unmap once a time */ + __u8 expansion[76]; /* For future use */ }; #endif /* _KERNEL_DMA_BENCHMARK_H */ -- 2.33.0

6 days, 19 hours

3
2
0 0

[PATCH v2 1/2] PCI: Allow per function PCI slots

by Farhan Ali

On s390 systems, which use a machine level hypervisor, PCI devices are always accessed through a form of PCI pass-through which fundamentally operates on a per PCI function granularity. This is also reflected in the s390 PCI hotplug driver which creates hotplug slots for individual PCI functions. Its reset_slot() function, which is a wrapper for zpci_hot_reset_device(), thus also resets individual functions. Currently, the kernel's PCI_SLOT() macro assigns the same pci_slot object to multifunction devices. This approach worked fine on s390 systems that only exposed virtual functions as individual PCI domains to the operating system. Since commit 44510d6fa0c0 ("s390/pci: Handling multifunctions") s390 supports exposing the topology of multifunction PCI devices by grouping them in a shared PCI domain. When attempting to reset a function through the hotplug driver, the shared slot assignment causes the wrong function to be reset instead of the intended one. It also leaks memory as we do create a pci_slot object for the function, but don't correctly free it in pci_slot_release(). Add a flag for struct pci_slot to allow per function PCI slots for functions managed through a hypervisor, which exposes individual PCI functions while retaining the topology. Fixes: 44510d6fa0c0 ("s390/pci: Handling multifunctions") Cc: stable(a)vger.kernel.org Suggested-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Farhan Ali <alifm(a)linux.ibm.com> --- drivers/pci/pci.c | 5 +++-- drivers/pci/slot.c | 25 ++++++++++++++++++++++--- include/linux/pci.h | 1 + 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index b14dd064006c..36ee38e0d817 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -4980,8 +4980,9 @@ static int pci_reset_hotplug_slot(struct hotplug_slot *hotplug, bool probe) static int pci_dev_reset_slot_function(struct pci_dev *dev, bool probe) { - if (dev->multifunction || dev->subordinate || !dev->slot || - dev->dev_flags & PCI_DEV_FLAGS_NO_BUS_RESET) + if (dev->subordinate || !dev->slot || + dev->dev_flags & PCI_DEV_FLAGS_NO_BUS_RESET || + (dev->multifunction && !dev->slot->per_func_slot)) return -ENOTTY; return pci_reset_hotplug_slot(dev->slot->hotplug, probe); diff --git a/drivers/pci/slot.c b/drivers/pci/slot.c index 50fb3eb595fe..ed10fa3ae727 100644 --- a/drivers/pci/slot.c +++ b/drivers/pci/slot.c @@ -63,6 +63,22 @@ static ssize_t cur_speed_read_file(struct pci_slot *slot, char *buf) return bus_speed_read(slot->bus->cur_bus_speed, buf); } +static bool pci_dev_matches_slot(struct pci_dev *dev, struct pci_slot *slot) +{ + if (slot->per_func_slot) + return dev->devfn == slot->number; + + return PCI_SLOT(dev->devfn) == slot->number; +} + +static bool pci_slot_enabled_per_func(void) +{ + if (IS_ENABLED(CONFIG_S390)) + return true; + + return false; +} + static void pci_slot_release(struct kobject *kobj) { struct pci_dev *dev; @@ -73,7 +89,7 @@ static void pci_slot_release(struct kobject *kobj) down_read(&pci_bus_sem); list_for_each_entry(dev, &slot->bus->devices, bus_list) - if (PCI_SLOT(dev->devfn) == slot->number) + if (pci_dev_matches_slot(dev, slot)) dev->slot = NULL; up_read(&pci_bus_sem); @@ -166,7 +182,7 @@ void pci_dev_assign_slot(struct pci_dev *dev) mutex_lock(&pci_slot_mutex); list_for_each_entry(slot, &dev->bus->slots, list) - if (PCI_SLOT(dev->devfn) == slot->number) + if (pci_dev_matches_slot(dev, slot)) dev->slot = slot; mutex_unlock(&pci_slot_mutex); } @@ -265,6 +281,9 @@ struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr, slot->bus = pci_bus_get(parent); slot->number = slot_nr; + if (pci_slot_enabled_per_func()) + slot->per_func_slot = 1; + slot->kobj.kset = pci_slots_kset; slot_name = make_slot_name(name); @@ -285,7 +304,7 @@ struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr, down_read(&pci_bus_sem); list_for_each_entry(dev, &parent->devices, bus_list) - if (PCI_SLOT(dev->devfn) == slot_nr) + if (pci_dev_matches_slot(dev, slot)) dev->slot = slot; up_read(&pci_bus_sem); diff --git a/include/linux/pci.h b/include/linux/pci.h index d1fdf81fbe1e..6ad194597ab5 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -78,6 +78,7 @@ struct pci_slot { struct list_head list; /* Node in list of slots */ struct hotplug_slot *hotplug; /* Hotplug info (move here) */ unsigned char number; /* PCI_SLOT(pci_dev->devfn) */ + unsigned int per_func_slot:1; /* Allow per function slot */ struct kobject kobj; }; -- 2.43.0

6 days, 20 hours

3
3
0 0

[PATCH net] virtio-net: calculate header alignment mask based on features

by Jason Wang

Commit 56a06bd40fab ("virtio_net: enable gso over UDP tunnel support.") switches to check the alignment of the virtio_net_hdr_v1_hash_tunnel even when doing the transmission even if the feature is not negotiated. This will cause a series performance degradation of pktgen as the skb->data can't satisfy the alignment requirement due to the increase of the header size then virtio-net must prepare at least 2 sgs with indirect descriptors which will introduce overheads in the device. Fixing this by calculate the header alignment during probe so when tunnel gso is not negotiated, we can less strict. Pktgen in guest + XDP_DROP on TAP + vhost_net shows the TX PPS is recovered from 2.4Mpps to 4.45Mpps. Note that we still need a way to recover the performance when tunnel gso is enabled, probably a new vnet header format. Fixes: 56a06bd40fab ("virtio_net: enable gso over UDP tunnel support.") Cc: stable(a)vger.kernel.org Signed-off-by: Jason Wang <jasowang(a)redhat.com> --- drivers/net/virtio_net.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 31bd32bdecaf..5b851df749c0 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -441,6 +441,9 @@ struct virtnet_info { /* Packet virtio header size */ u8 hdr_len; + /* header alignment */ + size_t hdr_align; + /* Work struct for delayed refilling if we run low on memory. */ struct delayed_work refill; @@ -3308,8 +3311,9 @@ static int xmit_skb(struct send_queue *sq, struct sk_buff *skb, bool orphan) pr_debug("%s: xmit %p %pM\n", vi->dev->name, skb, dest); can_push = vi->any_header_sg && - !((unsigned long)skb->data & (__alignof__(*hdr) - 1)) && + !((unsigned long)skb->data & (vi->hdr_align - 1)) && !skb_header_cloned(skb) && skb_headroom(skb) >= hdr_len; + /* Even if we can, don't push here yet as this would skew * csum_start offset below. */ if (can_push) @@ -6926,15 +6930,20 @@ static int virtnet_probe(struct virtio_device *vdev) } if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO) || - virtio_has_feature(vdev, VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO)) + virtio_has_feature(vdev, VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO)) { vi->hdr_len = sizeof(struct virtio_net_hdr_v1_hash_tunnel); - else if (vi->has_rss_hash_report) + vi->hdr_align = __alignof__(struct virtio_net_hdr_v1_hash_tunnel); + } else if (vi->has_rss_hash_report) { vi->hdr_len = sizeof(struct virtio_net_hdr_v1_hash); - else if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF) || - virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) + vi->hdr_align = __alignof__(struct virtio_net_hdr_v1_hash); + } else if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF) || + virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) { vi->hdr_len = sizeof(struct virtio_net_hdr_mrg_rxbuf); - else + vi->hdr_align = __alignof__(struct virtio_net_hdr_mrg_rxbuf); + } else { vi->hdr_len = sizeof(struct virtio_net_hdr); + vi->hdr_align = __alignof__(struct virtio_net_hdr); + } if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM)) vi->rx_tnl_csum = true; -- 2.31.1

6 days, 20 hours

3
3
0 0

[PATCH] drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse()

by Miaoqian Lin

The function mtk_dp_dt_parse() calls of_graph_get_endpoint_by_regs() to get the endpoint device node, but fails to call of_node_put() to release the reference when the function returns. This results in a device node reference leak. Fix this by adding the missing of_node_put() call before returning from the function. Found via static analysis and code review. Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/mediatek/mtk_dp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c index bef6eeb30d3e..b0b1e158600f 100644 --- a/drivers/gpu/drm/mediatek/mtk_dp.c +++ b/drivers/gpu/drm/mediatek/mtk_dp.c @@ -2087,6 +2087,7 @@ static int mtk_dp_dt_parse(struct mtk_dp *mtk_dp, endpoint = of_graph_get_endpoint_by_regs(pdev->dev.of_node, 1, -1); len = of_property_count_elems_of_size(endpoint, "data-lanes", sizeof(u32)); + of_node_put(endpoint); if (len < 0 || len > 4 || len == 3) { dev_err(dev, "invalid data lane size: %d\n", len); return -EINVAL; -- 2.39.5 (Apple Git-154)

6 days, 20 hours

2
1
0 0

[PATCH] drm/bridge: sii902x: Fix device node reference leak sii902x_probe

by Miaoqian Lin

of_graph_get_endpoint_by_regs() gets a reference to the endpoint node to read the "bus-width" property but fails to call of_node_put() to release the reference, causing a reference count leak. Add the missing of_node_put() call to fix this. Found via static analysis and code review. Fixes: d284ccd8588c ("drm/bridge: sii902x: Set input bus format based on bus-width") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/bridge/sii902x.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/bridge/sii902x.c b/drivers/gpu/drm/bridge/sii902x.c index d537b1d036fb..3a247ac3c7dd 100644 --- a/drivers/gpu/drm/bridge/sii902x.c +++ b/drivers/gpu/drm/bridge/sii902x.c @@ -1189,8 +1189,10 @@ static int sii902x_probe(struct i2c_client *client) sii902x->bus_width = 24; endpoint = of_graph_get_endpoint_by_regs(dev->of_node, 0, -1); - if (endpoint) + if (endpoint) { of_property_read_u32(endpoint, "bus-width", &sii902x->bus_width); + of_node_put(endpoint); + } endpoint = of_graph_get_endpoint_by_regs(dev->of_node, 1, -1); if (endpoint) { -- 2.39.5 (Apple Git-154)

6 days, 20 hours

1
0
0 0

[PATCH] drm/bridge: samsung-dsim: Fix device node reference leak in samsung_dsim_parse_dt

by Miaoqian Lin

The function samsung_dsim_parse_dt() calls of_graph_get_endpoint_by_regs() to get the endpoint device node, but fails to call of_node_put() to release the reference when the function returns. This results in a device node reference leak. Fix this by adding the missing of_node_put() call before returning from the function. Found via static analysis and code review. Fixes: 77169a11d4e9 ("drm/bridge: samsung-dsim: add driver support for exynos7870 DSIM bridge") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/bridge/samsung-dsim.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/bridge/samsung-dsim.c b/drivers/gpu/drm/bridge/samsung-dsim.c index eabc4c32f6ab..1a5acd5077ad 100644 --- a/drivers/gpu/drm/bridge/samsung-dsim.c +++ b/drivers/gpu/drm/bridge/samsung-dsim.c @@ -2086,6 +2086,7 @@ static int samsung_dsim_parse_dt(struct samsung_dsim *dsi) if (lane_polarities[1]) dsi->swap_dn_dp_data = true; } + of_node_put(endpoint); return 0; } -- 2.39.5 (Apple Git-154)

6 days, 21 hours

1
0
0 0

[PATCH 5.4 000/224] 5.4.301-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.301 release. There are 224 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.301-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.301-rc1 Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Krzysztof Kozlowski <krzk(a)kernel.org> memory: samsung: exynos-srom: Correct alignment Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add msg kind names Colin Ian King <colin.king(a)canonical.com> net: rtnetlink: remove redundant assignment to variable err Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Barry Song <song.bao.hua(a)hisilicon.com> sched/fair: Trivial correction of the newidle_balance() comment Chen Yu <yu.c.chen(a)intel.com> sched: Make newidle_balance() static again Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dl2k: switch from 'pci_' to 'dma_' API Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: pci/ivtv: switch from 'pci_' to 'dma_' API Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Zheng Qixing <zhengqixing(a)huawei.com> dm: fix NULL pointer dereference in __dm_suspend() Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Larshin Sergey <Sergey.Larshin(a)kaspersky.com> fs: udf: fix OOB read in lengthAllocDescs handling Sean Christopherson <seanjc(a)google.com> KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Nalivayko Sergey <Sergey.Nalivayko(a)kaspersky.com> net/9p: fix double req put in p9_fd_cancelled Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Lino Sanfilippo <l.sanfilippo(a)kunbus.com> tpm, tpm_tis: Claim locality before writing interrupt registers Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue John Garry <john.garry(a)huawei.com> scsi: mvsas: Use sas_task_find_rq() for tagging John Garry <john.garry(a)huawei.com> scsi: mvsas: Delete mvs_tag_init() John Garry <john.garry(a)huawei.com> scsi: libsas: Add sas_task_find_rq() Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: check the return value of pinmux_ops::get_function_name() Zhen Ni <zhen.ni(a)easystack.cn> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Yang Shi <yang(a)os.amperecomputing.com> mm: hugetlb: avoid soft lockup when mprotect to large memory area Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Let userspace take care of interrupt mask Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix uninit-value in squashfs_get_parent Jakub Kicinski <kuba(a)kernel.org> Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Kohei Enju <enjuk(a)amazon.com> net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Kohei Enju <enjuk(a)amazon.com> nfp: fix RSS hash key size when RSS is not supported Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: fix double free in register_one_node() Dan Carpenter <dan.carpenter(a)linaro.org> ocfs2: fix double free in user_cluster_connect() I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Bernard Metzler <bernard.metzler(a)linux.dev> RDMA/siw: Always report immediate post SQ errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> usb: vhci-hcd: Prevent suspending virtually attached devices Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Slavin Liu <slavin452(a)gmail.com> ipvs: Defer ip_vs_ftp unregister during netns cleanup Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix backchannel max_resp_sz verification check Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_to_user for Niagara 4 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath10k: avoid unnecessary wait for service ready message Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/sa: Fix sa_local_svc_timeout_ms read race Parav Pandit <parav(a)nvidia.com> RDMA/core: Resolve MAC of next-hop device without ARP support Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: mt76: fix potential memory leak in mt76_wmac_probe() Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: handle error properly in register_one_node() Christophe Leroy <christophe.leroy(a)csgroup.eu> watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Zhen Ni <zhen.ni(a)easystack.cn> netfilter: ipset: Remove unused htable_bits in macro ahash_region Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix offset handling in iio_convert_raw_to_processed() Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping Wang Liang <wangliang74(a)huawei.com> pps: fix warning in pps_register_cdev when register device fail Colin Ian King <colin.i.king(a)gmail.com> misc: genwqe: Fix incorrect cmd field being reported in error William Wu <william.wu(a)rock-chips.com> usb: gadget: configfs: Correctly set use_os_string at bind Xichao Zhao <zhao.xichao(a)vivo.com> usb: phy: twl6030: Fix incorrect type for ret Eric Dumazet <edumazet(a)google.com> tcp: fix __tcp_close() to only send RST when required Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation Stefan Kerkmann <s.kerkmann(a)pengutronix.de> wifi: mwifiex: send world regulatory domain to driver Qianfeng Rong <rongqianfeng(a)vivo.com> ALSA: lx_core: use int type to store negative error codes Zhang Shurong <zhang_shurong(a)foxmail.com> media: rj54n1cb0c: Fix memleak in rj54n1_probe() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: myrs: Fix dma_alloc_coherent() error check Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Dan Carpenter <dan.carpenter(a)linaro.org> serial: max310x: Add error checking in probe() Dan Carpenter <dan.carpenter(a)linaro.org> usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup Brahmajit Das <listout(a)listout.xyz> drm/radeon/r600_cs: clean up of dead code in r600_cs Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Add disabling clocks when probe fails Leilk.Liu <leilk.liu(a)mediatek.com> i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Explicitly check accesses to bpf_sock_addr Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix corner case in clock divisor calculation Qianfeng Rong <rongqianfeng(a)vivo.com> block: use int to store blk_stack_limits() return value Li Nan <linan122(a)huawei.com> blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Da Xue <da(a)libre.computer> pinctrl: meson-gxl: add missing i2c_d pinmux Sneh Mankad <sneh.mankad(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Huisong Li <lihuisong(a)huawei.com> ACPI: processor: idle: Fix memory leak when register cpuidle device failed Geert Uytterhoeven <geert+renesas(a)glider.be> regmap: Remove superfluous check for !config in __regmap_init() Uros Bizjak <ubizjak(a)gmail.com> x86/vdso: Fix output operand size of RDPID Leo Yan <leo.yan(a)arm.com> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core/PM: Set power.no_callbacks along with power.no_pm Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: flush RX FIFO on read errors Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: fix maximum TX packet length check hupu <hupu.gm(a)gmail.com> perf subcmd: avoid crash in exclude_cmds when excludes is empty Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: limit MAX_TAG_SIZE to 255 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Xiaowei Li <xiaowei.li(a)simcom.com> USB: serial: option: add SIMCom 8230C compositions Larshin Sergey <Sergey.Larshin(a)kaspersky.com> media: rc: fix races with imon_disconnect() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: grab lock earlier in imon_ir_change_protocol() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: reorganize serialization Flavius Georgescu <pretoriano.mp(a)gmail.com> media: rc: Add support for another iMON 0xffdc device Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe Duoming Zhou <duoming(a)zju.edu.cn> media: tuner: xc5000: Fix use-after-free in xc5000_release Ricardo Ribalda <ribalda(a)chromium.org> media: tunner: xc5000: Refactor firmware load Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Duoming Zhou <duoming(a)zju.edu.cn> media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove Wang Haoran <haoranwangsec(a)gmail.com> scsi: target: target_core_configfs: Add length check to avoid buffer overflow ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + Documentation/arm64/silicon-errata.rst | 2 + Makefile | 4 +- arch/arm64/Kconfig | 1 + arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/m68k/include/asm/bitops.h | 25 +-- arch/mips/mti-malta/malta-setup.c | 2 +- arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/lib/M7memcpy.S | 20 +-- arch/sparc/lib/Memcpy_utils.S | 9 + arch/sparc/lib/NG4memcpy.S | 2 +- arch/sparc/lib/NGmemcpy.S | 29 ++-- arch/sparc/lib/U1memcpy.S | 19 ++- arch/sparc/lib/U3memcpy.S | 2 +- arch/sparc/mm/hugetlbpage.c | 20 +++ arch/x86/include/asm/kvm_emulate.h | 2 +- arch/x86/include/asm/segment.h | 8 +- arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/emulate.c | 10 +- arch/x86/kvm/x86.c | 9 +- block/blk-mq-sysfs.c | 6 +- block/blk-settings.c | 3 +- crypto/essiv.c | 14 +- drivers/acpi/acpi_dbg.c | 26 +-- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/processor_idle.c | 3 + drivers/android/binder.c | 11 +- drivers/base/node.c | 4 + drivers/base/regmap/regmap.c | 2 +- drivers/char/tpm/tpm_tis_core.c | 26 +-- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 ++- drivers/clocksource/clps711x-timer.c | 23 ++- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpuidle/governors/menu.c | 21 +-- drivers/crypto/atmel-tdes.c | 2 +- drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 ---- drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 +- drivers/i2c/busses/i2c-designware-platdrv.c | 1 + drivers/i2c/busses/i2c-mt65xx.c | 17 +- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 ++- drivers/iio/inkern.c | 2 +- drivers/infiniband/core/addr.c | 10 +- drivers/infiniband/core/sa_query.c | 6 +- drivers/infiniband/sw/siw/siw_verbs.c | 25 +-- drivers/input/misc/uinput.c | 1 + drivers/mailbox/zynqmp-ipi-mailbox.c | 7 +- drivers/md/dm-integrity.c | 2 +- drivers/md/dm.c | 7 +- drivers/media/i2c/mt9v111.c | 2 +- drivers/media/i2c/rj54n1cb0c.c | 9 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/pci/b2c2/flexcop-pci.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 12 +- drivers/media/pci/ivtv/ivtv-driver.c | 2 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-queue.c | 18 +- drivers/media/pci/ivtv/ivtv-streams.c | 22 +-- drivers/media/pci/ivtv/ivtv-udma.c | 19 ++- drivers/media/pci/ivtv/ivtv-yuv.c | 18 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 ++-- drivers/media/rc/imon.c | 189 +++++++++++++-------- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 +- drivers/media/tuners/xc5000.c | 41 ++--- drivers/memory/samsung/exynos-srom.c | 32 ++-- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/mfd/vexpress-sysreg.c | 6 +- drivers/misc/genwqe/card_ddcb.c | 2 +- drivers/mmc/core/sdio.c | 6 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/mtd/spi-nor/cadence-quadspi.c | 5 + drivers/net/bonding/bond_main.c | 40 ++--- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 99 ++++++----- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 -- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/usb/rtl8150.c | 13 +- drivers/net/wireless/ath/ath10k/wmi.c | 39 +++-- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 +- drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 - drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/pci-tegra.c | 2 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/perf/arm_spe_pmu.c | 3 +- drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 ++ drivers/pinctrl/pinmux.c | 2 +- drivers/pps/kapi.c | 5 +- drivers/pps/pps.c | 5 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/pwm/pwm-tiehrpwm.c | 4 +- drivers/remoteproc/qcom_q6v5.c | 3 - drivers/rtc/interface.c | 27 +++ drivers/rtc/rtc-x1205.c | 2 +- drivers/scsi/hpsa.c | 21 ++- drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 +- drivers/scsi/mvsas/mv_defs.h | 1 + drivers/scsi/mvsas/mv_init.c | 13 +- drivers/scsi/mvsas/mv_sas.c | 42 ++--- drivers/scsi/mvsas/mv_sas.h | 8 +- drivers/scsi/myrs.c | 8 +- drivers/scsi/pm8001/pm8001_sas.c | 9 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/staging/axis-fifo/axis-fifo.c | 32 ++-- drivers/staging/comedi/comedi_buf.c | 2 +- drivers/target/target_core_configfs.c | 2 +- drivers/tty/serial/max310x.c | 2 + drivers/uio/uio_hv_generic.c | 7 +- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/configfs.c | 2 + drivers/usb/host/max3421-hcd.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/phy/phy-twl6030-usb.c | 3 +- drivers/usb/serial/option.c | 16 ++ drivers/usb/usbip/vhci_hcd.c | 22 +++ drivers/watchdog/mpc8xxx_wdt.c | 2 + drivers/xen/events/events_base.c | 25 ++- drivers/xen/manage.c | 3 +- fs/btrfs/export.c | 8 +- fs/cramfs/inode.c | 11 +- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/ext4/fsmap.c | 14 +- fs/ext4/inode.c | 18 +- fs/ext4/super.c | 10 +- fs/ext4/xattr.c | 15 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 ++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ----- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++++ fs/hfsplus/super.c | 25 ++- fs/hfsplus/unicode.c | 24 +++ fs/jbd2/transaction.c | 13 +- fs/minix/inode.c | 8 +- fs/namespace.c | 11 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/lockd.c | 15 ++ fs/nfsd/nfs4proc.c | 34 ++-- fs/ocfs2/move_extents.c | 5 + fs/ocfs2/stack_user.c | 1 + fs/squashfs/inode.c | 31 +++- fs/squashfs/squashfs_fs_i.h | 2 +- fs/udf/inode.c | 3 + include/linux/device.h | 3 + include/linux/iio/frequency/adf4350.h | 2 +- include/linux/netdevice.h | 9 + include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 16 +- include/scsi/libsas.h | 18 ++ include/uapi/linux/netlink.h | 1 + kernel/padata.c | 6 +- kernel/pid.c | 2 +- kernel/sched/fair.c | 38 +++-- kernel/sched/sched.h | 4 - kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 12 +- lib/genalloc.c | 5 +- mm/hugetlb.c | 2 + net/9p/trans_fd.c | 8 +- net/core/filter.c | 16 +- net/core/rtnetlink.c | 89 +++++++--- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/tcp.c | 9 +- net/ipv4/tcp_input.c | 1 - net/ipv4/tcp_output.c | 19 ++- net/ipv4/udp.c | 16 +- net/ipv6/ip6_tunnel.c | 3 +- net/netfilter/ipset/ip_set_hash_gen.h | 8 +- net/netfilter/ipvs/ip_vs_ftp.c | 4 +- net/sctp/inqueue.c | 13 +- net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 13 ++ security/keys/trusted.c | 7 +- sound/firewire/amdtp-stream.h | 2 +- sound/pci/lx6464es/lx_core.c | 4 +- sound/soc/intel/boards/bytcht_es8316.c | 20 ++- sound/soc/intel/boards/bytcr_rt5640.c | 7 +- sound/soc/intel/boards/bytcr_rt5651.c | 26 ++- tools/build/feature/Makefile | 4 +- tools/lib/subcmd/help.c | 3 + tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/zlib.c | 2 +- tools/testing/selftests/rseq/rseq.c | 8 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 217 files changed, 1530 insertions(+), 941 deletions(-)

6 days, 21 hours

9
233
0 0

[PATCH 5.10 000/325] 5.10.246-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.246 release. There are 325 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 30 Oct 2025 09:28:09 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.246-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.246-rc2 Li Jinlin <lijinlin3(a)huawei.com> fsdax: Fix infinite loop in dax_iomap_rw() Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads Krzysztof Wilczyński <kw(a)linux.com> PCI/sysfs: Use sysfs_emit() and sysfs_emit_at() in "show" functions Maximilian Luz <luzmaximilian(a)gmail.com> PCI: Add sysfs attribute for device power state Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add msg kind names Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Barry Song <song.bao.hua(a)hisilicon.com> sched/fair: Trivial correction of the newidle_balance() comment Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Jakub Kicinski <kuba(a)kernel.org> net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Christoph Hellwig <hch(a)lst.de> fsdax: switch dax_iomap_rw to use iomap_iter Christoph Hellwig <hch(a)lst.de> iomap: add the new iomap_iter model Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Adam Xue <zxue(a)semtech.com> bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Jason A. Donenfeld <Jason(a)zx2c4.com> wifi: rt2x00: use explicitly signed or unsigned types Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: pci/ivtv: switch from 'pci_' to 'dma_' API David Laight <David.Laight(a)ACULAB.COM> minmax.h: remove some #defines that are only expanded once David Laight <David.Laight(a)ACULAB.COM> minmax.h: simplify the variants of clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: move all the clamp() definitions after the min/max() ones David Laight <David.Laight(a)ACULAB.COM> minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: reduce the #define expansion of min(), max() and clamp() David Laight <David.Laight(a)ACULAB.COM> minmax.h: update some comments David Laight <David.Laight(a)ACULAB.COM> minmax.h: add whitespace around operators and after commas Linus Torvalds <torvalds(a)linux-foundation.org> minmax: fix up min3() and max3() too Linus Torvalds <torvalds(a)linux-foundation.org> minmax: improve macro expansion and type checking Linus Torvalds <torvalds(a)linux-foundation.org> minmax: simplify min()/max()/clamp() implementation Linus Torvalds <torvalds(a)linux-foundation.org> minmax: don't use max() in situations that want a C constant expression Linus Torvalds <torvalds(a)linux-foundation.org> minmax: make generic MIN() and MAX() macros available everywhere Linus Torvalds <torvalds(a)linux-foundation.org> minmax: simplify and clarify min_t()/max_t() implementation Linus Torvalds <torvalds(a)linux-foundation.org> minmax: add a few more MIN_T/MAX_T users Linus Torvalds <torvalds(a)linux-foundation.org> minmax: avoid overly complicated constant expressions in VM code David Laight <David.Laight(a)ACULAB.COM> minmax: relax check to allow comparison between unsigned arguments and signed constants David Laight <David.Laight(a)ACULAB.COM> minmax: allow comparisons of 'int' against 'unsigned char/short' David Laight <David.Laight(a)ACULAB.COM> minmax: fix indentation of __cmp_once() and __clamp_once() David Laight <David.Laight(a)ACULAB.COM> minmax: allow min()/max()/clamp() if the arguments have the same signedness. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: fix header inclusions Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: deduplicate __unconst_integer_typeof() Herve Codina <herve.codina(a)bootlin.com> minmax: Introduce {min,max}_array() Matthew Wilcox (Oracle) <willy(a)infradead.org> minmax: add in_range() macro Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: clamp more efficiently by avoiding extra comparison Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: sanity check constant bounds when clamping Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: remove duplicated in_range() macro Bart Van Assche <bvanassche(a)acm.org> overflow, tracing: Define the is_signed_type() macro once Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not flag the zero page as PG_mte_tagged Aleksa Sarai <cyphar(a)cyphar.com> fscontext: do not consume log entries when returning -EMSGSIZE Peter Zijlstra <peterz(a)infradead.org> locking: Introduce __cleanup() based infrastructure Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Nalivayko Sergey <Sergey.Nalivayko(a)kaspersky.com> net/9p: fix double req put in p9_fd_cancelled Sean Christopherson <seanjc(a)google.com> KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Ma Ke <make24(a)iscas.ac.cn> ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd934x: Simplify with dev_err_probe Larshin Sergey <Sergey.Larshin(a)kaspersky.com> fs: udf: fix OOB read in lengthAllocDescs handling Gianfranco Trad <gianf.trad(a)gmail.com> udf: fix uninit-value use in udf_get_fileshortad Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Zheng Qixing <zhengqixing(a)huawei.com> dm: fix NULL pointer dereference in __dm_suspend() Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Nathan Chancellor <nathan(a)kernel.org> lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Thorsten Blum <thorsten.blum(a)linux.dev> NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Lukas Wunner <lukas(a)wunner.de> PCI/AER: Support errors introduced by PCIe r6.0 Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Lukas Wunner <lukas(a)wunner.de> PCI/ERR: Fix uevent on failure to recover Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Askar Safin <safinaskar(a)zohomail.com> openat2: don't trigger automounts with RESOLVE_NO_XDEV Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Huacai Chen <chenhuacai(a)loongson.cn> init: handle bootloader identifier in kernel parameters Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Simon Schuster <schuster.simon(a)siemens-energy.com> copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Miaoqian Lin <linmq006(a)gmail.com> ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: mark the GPIO controller as sleeping Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly disable scaling on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add additional DCE6 SCL registers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue John Garry <john.garry(a)huawei.com> scsi: mvsas: Use sas_task_find_rq() for tagging John Garry <john.garry(a)huawei.com> scsi: mvsas: Delete mvs_tag_init() John Garry <john.garry(a)huawei.com> scsi: libsas: Add sas_task_find_rq() Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Brian Masney <bmasney(a)redhat.com> clk: at91: peripheral: fix return value Ian Rogers <irogers(a)google.com> libperf event: Ensure tracing data is multiple of 8 sized Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> fs: always return zero on success from replace_fd() Salah Triki <salah.triki(a)gmail.com> bus: fsl-mc: Check return value of platform_get_resource() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: check the return value of pinmux_ops::get_function_name() Zhen Ni <zhen.ni(a)easystack.cn> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Marek Vasut <marek.vasut(a)mailbox.org> Input: atmel_mxt_ts - allow reset GPIO to sleep Yang Shi <yang(a)os.amperecomputing.com> mm: hugetlb: avoid soft lockup when mprotect to large memory area Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Let userspace take care of interrupt mask Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix uninit-value in squashfs_get_parent Jakub Kicinski <kuba(a)kernel.org> Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle copy_thresh allocation failure Kohei Enju <enjuk(a)amazon.com> net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Kohei Enju <enjuk(a)amazon.com> nfp: fix RSS hash key size when RSS is not supported Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: fix double free in register_one_node() Dan Carpenter <dan.carpenter(a)linaro.org> ocfs2: fix double free in user_cluster_connect() Nishanth Menon <nm(a)ti.com> hwrng: ks-sa - fix division by zero in ks_sa_rng_init Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Bernard Metzler <bernard.metzler(a)linux.dev> RDMA/siw: Always report immediate post SQ errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> usb: vhci-hcd: Prevent suspending virtually attached devices Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Slavin Liu <slavin452(a)gmail.com> ipvs: Defer ip_vs_ftp unregister during netns cleanup Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix backchannel max_resp_sz verification check Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_to_user for Niagara 4 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/sa: Fix sa_local_svc_timeout_ms read race Parav Pandit <parav(a)nvidia.com> RDMA/core: Resolve MAC of next-hop device without ARP support Colin Ian King <colin.i.king(a)gmail.com> ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: mt76: fix potential memory leak in mt76_wmac_probe() Håkon Bugge <haakon.bugge(a)oracle.com> RDMA/cm: Rate limit destroy CM ID timeout error message Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: handle error properly in register_one_node() Christophe Leroy <christophe.leroy(a)csgroup.eu> watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Zhen Ni <zhen.ni(a)easystack.cn> netfilter: ipset: Remove unused htable_bits in macro ahash_region Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix offset handling in iio_convert_raw_to_processed() Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping Wang Liang <wangliang74(a)huawei.com> pps: fix warning in pps_register_cdev when register device fail Colin Ian King <colin.i.king(a)gmail.com> misc: genwqe: Fix incorrect cmd field being reported in error William Wu <william.wu(a)rock-chips.com> usb: gadget: configfs: Correctly set use_os_string at bind Xichao Zhao <zhao.xichao(a)vivo.com> usb: phy: twl6030: Fix incorrect type for ret Eric Dumazet <edumazet(a)google.com> tcp: fix __tcp_close() to only send RST when required Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation Stefan Kerkmann <s.kerkmann(a)pengutronix.de> wifi: mwifiex: send world regulatory domain to driver Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Power up UVD 3 for FW validation (v2) Qianfeng Rong <rongqianfeng(a)vivo.com> ALSA: lx_core: use int type to store negative error codes Zhang Shurong <zhang_shurong(a)foxmail.com> media: rj54n1cb0c: Fix memleak in rj54n1_probe() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: myrs: Fix dma_alloc_coherent() error check Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Dan Carpenter <dan.carpenter(a)linaro.org> serial: max310x: Add error checking in probe() Dan Carpenter <dan.carpenter(a)linaro.org> usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup Brahmajit Das <listout(a)listout.xyz> drm/radeon/r600_cs: clean up of dead code in r600_cs Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Add disabling clocks when probe fails Leilk.Liu <leilk.liu(a)mediatek.com> i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Explicitly check accesses to bpf_sock_addr Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix corner case in clock divisor calculation AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible Qianfeng Rong <rongqianfeng(a)vivo.com> pinctrl: renesas: Use int type to store negative error codes Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Clear power.must_resume in noirq suspend error path Qianfeng Rong <rongqianfeng(a)vivo.com> block: use int to store blk_stack_limits() return value Li Nan <linan122(a)huawei.com> blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Da Xue <da(a)libre.computer> pinctrl: meson-gxl: add missing i2c_d pinmux Sneh Mankad <sneh.mankad(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Huisong Li <lihuisong(a)huawei.com> ACPI: processor: idle: Fix memory leak when register cpuidle device failed Yureka Lilian <yuka(a)yuka.dev> libbpf: Fix reuse of DEVMAP Geert Uytterhoeven <geert+renesas(a)glider.be> regmap: Remove superfluous check for !config in __regmap_init() Uros Bizjak <ubizjak(a)gmail.com> x86/vdso: Fix output operand size of RDPID Leo Yan <leo.yan(a)arm.com> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Bala-Vignesh-Reddy <reddybalavignesh9979(a)gmail.com> selftests: arm64: Check fread return value in exec_target Jeff Layton <jlayton(a)kernel.org> filelock: add FL_RECLAIM to show_fl_flags() macro Herbert Xu <herbert(a)gondor.apana.org.au> crypto: rng - Ensure set_ent is always present Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> drm/amd/display: Fix potential null dereference Roman Li <roman.li(a)amd.com> drm/amd/display: Remove redundant safeguards for dmub-srv destroy() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> driver core/PM: Set power.no_callbacks along with power.no_pm Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: flush RX FIFO on read errors Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> staging: axis-fifo: fix maximum TX packet length check Raphael Gallais-Pou <raphael.gallais-pou(a)foss.st.com> serial: stm32: allow selecting console when the driver is module Arnaud Lecomte <contact(a)arnaud-lcm.com> hid: fix I2C read buffer overflow in raw_event() for mcp2221 hupu <hupu.gm(a)gmail.com> perf subcmd: avoid crash in exclude_cmds when excludes is empty Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: limit MAX_TAG_SIZE to 255 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Xiaowei Li <xiaowei.li(a)simcom.com> USB: serial: option: add SIMCom 8230C compositions Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe Duoming Zhou <duoming(a)zju.edu.cn> media: tuner: xc5000: Fix use-after-free in xc5000_release Ricardo Ribalda <ribalda(a)chromium.org> media: tunner: xc5000: Refactor firmware load Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Fix memory accounting leak. Larshin Sergey <Sergey.Larshin(a)kaspersky.com> media: rc: fix races with imon_disconnect() Duoming Zhou <duoming(a)zju.edu.cn> media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove Wang Haoran <haoranwangsec(a)gmail.com> scsi: target: target_core_configfs: Add length check to avoid buffer overflow ------------- Diffstat: Documentation/ABI/testing/sysfs-bus-pci | 9 + Documentation/admin-guide/kernel-parameters.txt | 3 + Documentation/arm64/silicon-errata.rst | 2 + Documentation/trace/histogram-design.rst | 4 +- Makefile | 4 +- arch/arm/mach-omap2/pm33xx-core.c | 6 +- arch/arm/mm/pageattr.c | 6 +- arch/arm64/Kconfig | 1 + arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kernel/mte.c | 3 +- arch/m68k/include/asm/bitops.h | 25 +- arch/mips/mti-malta/malta-setup.c | 2 +- arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/lib/M7memcpy.S | 20 +- arch/sparc/lib/Memcpy_utils.S | 9 + arch/sparc/lib/NG4memcpy.S | 2 +- arch/sparc/lib/NGmemcpy.S | 29 ++- arch/sparc/lib/U1memcpy.S | 19 +- arch/sparc/lib/U3memcpy.S | 2 +- arch/sparc/mm/hugetlbpage.c | 20 ++ arch/um/drivers/mconsole_user.c | 2 + arch/x86/include/asm/segment.h | 8 +- arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/emulate.c | 11 +- arch/x86/kvm/kvm_emulate.h | 2 +- arch/x86/kvm/x86.c | 9 +- arch/x86/mm/pgtable.c | 2 +- block/blk-crypto-fallback.c | 3 + block/blk-mq-sysfs.c | 6 +- block/blk-settings.c | 3 +- crypto/essiv.c | 14 +- crypto/rng.c | 8 + drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 3 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/node.c | 4 + drivers/base/power/main.c | 14 +- drivers/base/power/runtime.c | 44 ++++ drivers/base/regmap/regmap.c | 2 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 3 + drivers/bus/mhi/host/init.c | 5 +- drivers/char/hw_random/ks-sa-rng.c | 4 + drivers/char/tpm/tpm_tis_core.c | 4 +- drivers/clk/at91/clk-peripheral.c | 7 +- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 +- drivers/clocksource/clps711x-timer.c | 23 +- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/atmel-tdes.c | 2 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +- drivers/dma/ioat/dma.c | 12 +- drivers/edac/sb_edac.c | 4 +- drivers/edac/skx_common.h | 1 - drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpio/gpio-wcd934x.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 ++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 + .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 + .../gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 + .../drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/arm/display/include/malidp_utils.h | 2 +- .../drm/arm/display/komeda/komeda_pipeline_state.c | 24 +- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 --- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 - drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/radeon/evergreen_cs.c | 2 + drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 4 +- drivers/hid/hid-mcp2221.c | 4 + drivers/hid/hid-multitouch.c | 27 ++- drivers/hwmon/adt7475.c | 24 +- drivers/i2c/busses/i2c-designware-platdrv.c | 1 + drivers/i2c/busses/i2c-mt65xx.c | 17 +- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 39 +-- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 +- drivers/iio/inkern.c | 2 +- drivers/infiniband/core/addr.c | 10 +- drivers/infiniband/core/cm.c | 4 +- drivers/infiniband/core/sa_query.c | 6 +- drivers/infiniband/sw/siw/siw_verbs.c | 25 +- drivers/input/misc/uinput.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 2 +- drivers/input/touchscreen/cyttsp4_core.c | 2 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 7 +- drivers/md/dm-integrity.c | 8 +- drivers/md/dm.c | 7 +- drivers/media/dvb-frontends/stv0367_priv.h | 3 + drivers/media/i2c/mt9v111.c | 2 +- drivers/media/i2c/rj54n1cb0c.c | 9 +- drivers/media/i2c/tc358743.c | 4 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/pci/b2c2/flexcop-pci.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 12 +- drivers/media/pci/ivtv/ivtv-driver.c | 2 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-queue.c | 18 +- drivers/media/pci/ivtv/ivtv-streams.c | 22 +- drivers/media/pci/ivtv/ivtv-udma.c | 27 ++- drivers/media/pci/ivtv/ivtv-yuv.c | 24 +- drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +-- drivers/media/rc/imon.c | 27 ++- drivers/media/rc/lirc_dev.c | 15 +- drivers/media/rc/rc-main.c | 6 +- drivers/media/tuners/xc5000.c | 41 ++-- drivers/memory/samsung/exynos-srom.c | 10 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/mfd/vexpress-sysreg.c | 6 +- drivers/misc/genwqe/card_ddcb.c | 2 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/sdio.c | 6 +- drivers/most/most_usb.c | 13 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/net/bonding/bond_main.c | 40 ++- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 +- drivers/net/ethernet/dlink/dl2k.c | 30 ++- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/renesas/ravb_main.c | 8 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/fjes/fjes_main.c | 4 +- drivers/net/usb/aqc111.c | 2 +- drivers/net/usb/lan78xx.c | 42 +++- drivers/net/usb/r8152.c | 2 +- drivers/net/usb/rndis_host.c | 2 +- drivers/net/usb/rtl8150.c | 15 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 ++ drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 +- drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2400pci.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2400pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2500pci.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2500pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2500usb.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 36 +-- drivers/net/wireless/ralink/rt2x00/rt2800lib.h | 8 +- drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 +- drivers/net/wireless/ralink/rt2x00/rt61pci.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt61pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt73usb.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt73usb.h | 2 +- .../net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 - drivers/nfc/pn544/i2c.c | 2 - drivers/pci/controller/cadence/pci-j721e.c | 25 ++ drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/dwc/pcie-tegra194.c | 22 +- drivers/pci/controller/pci-tegra.c | 2 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/pci/pci-label.c | 10 +- drivers/pci/pci-sysfs.c | 98 +++++--- drivers/pci/pcie/aer.c | 12 +- drivers/pci/pcie/err.c | 8 +- drivers/perf/arm_spe_pmu.c | 3 +- drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 + drivers/pinctrl/pinmux.c | 2 +- drivers/pinctrl/renesas/pinctrl.c | 3 +- drivers/platform/x86/sony-laptop.c | 1 - drivers/pps/kapi.c | 5 +- drivers/pps/pps.c | 5 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/pwm/pwm-tiehrpwm.c | 4 +- drivers/remoteproc/qcom_q6v5.c | 3 - drivers/rtc/interface.c | 27 +++ drivers/rtc/rtc-x1205.c | 2 +- drivers/scsi/hpsa.c | 21 +- drivers/scsi/isci/init.c | 6 +- drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 +- drivers/scsi/mvsas/mv_defs.h | 1 + drivers/scsi/mvsas/mv_init.c | 13 +- drivers/scsi/mvsas/mv_sas.c | 42 ++-- drivers/scsi/mvsas/mv_sas.h | 8 +- drivers/scsi/myrs.c | 8 +- drivers/scsi/pm8001/pm8001_sas.c | 9 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/spi/spi-cadence-quadspi.c | 5 + drivers/staging/axis-fifo/axis-fifo.c | 32 ++- drivers/staging/comedi/comedi_buf.c | 2 +- .../pci/hive_isp_css_include/math_support.h | 5 - drivers/target/target_core_configfs.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 11 + drivers/tty/serial/Kconfig | 2 +- drivers/tty/serial/max310x.c | 2 + drivers/uio/uio_hv_generic.c | 7 +- drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/configfs.c | 2 + drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/host/max3421-hcd.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/phy/phy-twl6030-usb.c | 3 +- drivers/usb/serial/option.c | 16 ++ drivers/usb/usbip/vhci_hcd.c | 22 ++ drivers/watchdog/mpc8xxx_wdt.c | 2 + drivers/xen/events/events_base.c | 20 +- drivers/xen/manage.c | 3 +- fs/btrfs/ctree.h | 2 - fs/btrfs/export.c | 8 +- fs/btrfs/extent_io.c | 1 + fs/btrfs/file-item.c | 1 + fs/btrfs/misc.h | 2 - fs/btrfs/raid56.c | 1 + fs/btrfs/tree-checker.c | 2 +- fs/cramfs/inode.c | 11 +- fs/dax.c | 54 +++-- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/erofs/zdata.h | 2 +- fs/exec.c | 2 +- fs/ext2/balloc.c | 2 - fs/ext4/ext4.h | 2 - fs/ext4/fsmap.c | 14 +- fs/ext4/inode.c | 18 +- fs/ext4/super.c | 10 +- fs/ext4/xattr.c | 15 +- fs/file.c | 5 +- fs/fsopen.c | 70 +++--- fs/fuse/file.c | 8 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 ++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ---- fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 ++++ fs/hfsplus/super.c | 25 +- fs/hfsplus/unicode.c | 24 ++ fs/iomap/apply.c | 74 +++++- fs/iomap/trace.h | 37 ++- fs/jbd2/transaction.c | 13 +- fs/minix/inode.c | 8 +- fs/namei.c | 8 + fs/namespace.c | 11 +- fs/nfs/nfs4proc.c | 2 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/flexfilelayout.c | 8 + fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/lockd.c | 15 ++ fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 36 ++- fs/nfsd/nfs4xdr.c | 14 +- fs/nfsd/xdr4.h | 36 ++- fs/ocfs2/move_extents.c | 5 + fs/ocfs2/stack_user.c | 1 + fs/squashfs/inode.c | 31 ++- fs/squashfs/squashfs_fs_i.h | 2 +- fs/udf/inode.c | 12 +- fs/ufs/util.h | 6 - include/linux/cleanup.h | 171 +++++++++++++ include/linux/compiler-clang.h | 9 + include/linux/compiler.h | 15 ++ include/linux/compiler_attributes.h | 6 + include/linux/device.h | 10 + include/linux/file.h | 6 + include/linux/iio/frequency/adf4350.h | 2 +- include/linux/iomap.h | 56 +++++ include/linux/irqflags.h | 7 + include/linux/minmax.h | 267 ++++++++++++++++----- include/linux/mutex.h | 4 + include/linux/netdevice.h | 9 + include/linux/overflow.h | 1 - include/linux/percpu.h | 4 + include/linux/pm_runtime.h | 4 + include/linux/preempt.h | 5 + include/linux/rcupdate.h | 3 + include/linux/rwsem.h | 9 + include/linux/sched/task.h | 2 + include/linux/slab.h | 3 + include/linux/spinlock.h | 32 +++ include/linux/srcu.h | 5 + include/linux/trace_events.h | 2 - include/net/ip_tunnels.h | 15 ++ include/net/rtnetlink.h | 16 +- include/scsi/libsas.h | 18 ++ include/trace/events/filelock.h | 3 +- include/uapi/linux/netlink.h | 1 + init/main.c | 14 ++ kernel/fork.c | 2 +- kernel/padata.c | 6 +- kernel/pid.c | 2 +- kernel/sched/fair.c | 38 +-- kernel/trace/preemptirq_delay_test.c | 2 - kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 12 +- lib/btree.c | 1 - lib/crypto/Makefile | 4 + lib/decompress_unlzma.c | 2 + lib/genalloc.c | 5 +- lib/logic_pio.c | 3 - lib/vsprintf.c | 2 +- lib/zstd/zstd_internal.h | 2 - mm/hugetlb.c | 2 + mm/zsmalloc.c | 1 - net/9p/trans_fd.c | 8 +- net/bluetooth/mgmt.c | 10 +- net/core/filter.c | 18 +- net/core/rtnetlink.c | 87 +++++-- net/ipv4/ip_tunnel.c | 14 -- net/ipv4/proc.c | 2 +- net/ipv4/tcp.c | 9 +- net/ipv4/tcp_input.c | 1 - net/ipv4/tcp_output.c | 19 +- net/ipv4/udp.c | 16 +- net/ipv6/ip6_tunnel.c | 3 +- net/ipv6/proc.c | 2 +- net/netfilter/ipset/ip_set_hash_gen.h | 8 +- net/netfilter/ipvs/ip_vs_ftp.c | 4 +- net/netfilter/nf_nat_core.c | 6 +- net/sctp/inqueue.c | 13 +- net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- net/tipc/core.h | 2 +- net/tipc/link.c | 10 +- net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 13 + net/vmw_vsock/af_vsock.c | 38 +-- scripts/checkpatch.pl | 2 +- security/keys/trusted-keys/trusted_tpm1.c | 7 +- sound/firewire/amdtp-stream.h | 2 +- sound/pci/lx6464es/lx_core.c | 4 +- sound/soc/codecs/wcd934x.c | 30 ++- sound/soc/intel/boards/bytcht_es8316.c | 20 +- sound/soc/intel/boards/bytcr_rt5640.c | 7 +- sound/soc/intel/boards/bytcr_rt5651.c | 26 +- tools/build/feature/Makefile | 4 +- tools/lib/bpf/libbpf.c | 10 + tools/lib/perf/include/perf/event.h | 1 + tools/lib/subcmd/help.c | 3 + tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/zlib.c | 2 +- tools/testing/selftests/arm64/pauth/exec_target.c | 7 +- tools/testing/selftests/rseq/rseq.c | 8 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 372 files changed, 2799 insertions(+), 1321 deletions(-)

6 days, 21 hours

6
5
0 0

[PATCH] ASoC: sdw_utils: fix device reference leak in is_sdca_endpoint_present()

by Miaoqian Lin

The bus_find_device_by_name() function returns a device pointer with an incremented reference count, but the original code was missing put_device() calls in some return paths, leading to reference count leaks. Fix this by ensuring put_device() is called before function exit after bus_find_device_by_name() succeeds This follows the same pattern used elsewhere in the kernel where bus_find_device_by_name() is properly paired with put_device(). Found via static analysis and code review. Fixes: 4f8ef33dd44a ("ASoC: soc_sdw_utils: skip the endpoint that doesn't present") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- sound/soc/sdw_utils/soc_sdw_utils.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/sound/soc/sdw_utils/soc_sdw_utils.c b/sound/soc/sdw_utils/soc_sdw_utils.c index 270c66b90228..ea594f84f11a 100644 --- a/sound/soc/sdw_utils/soc_sdw_utils.c +++ b/sound/soc/sdw_utils/soc_sdw_utils.c @@ -1278,7 +1278,7 @@ static int is_sdca_endpoint_present(struct device *dev, struct sdw_slave *slave; struct device *sdw_dev; const char *sdw_codec_name; - int i; + int ret, i; dlc = kzalloc(sizeof(*dlc), GFP_KERNEL); if (!dlc) @@ -1308,13 +1308,16 @@ static int is_sdca_endpoint_present(struct device *dev, } slave = dev_to_sdw_dev(sdw_dev); - if (!slave) - return -EINVAL; + if (!slave) { + ret = -EINVAL; + goto put_device; + } /* Make sure BIOS provides SDCA properties */ if (!slave->sdca_data.interface_revision) { dev_warn(&slave->dev, "SDCA properties not found in the BIOS\n"); - return 1; + ret = 1; + goto put_device; } for (i = 0; i < slave->sdca_data.num_functions; i++) { @@ -1323,7 +1326,8 @@ static int is_sdca_endpoint_present(struct device *dev, if (dai_type == dai_info->dai_type) { dev_dbg(&slave->dev, "DAI type %d sdca function %s found\n", dai_type, slave->sdca_data.function[i].name); - return 1; + ret = 1; + goto put_device; } } @@ -1331,7 +1335,11 @@ static int is_sdca_endpoint_present(struct device *dev, "SDCA device function for DAI type %d not supported, skip endpoint\n", dai_info->dai_type); - return 0; + ret = 0; + +put_device: + put_device(sdw_dev); + return ret; } int asoc_sdw_parse_sdw_endpoints(struct snd_soc_card *card, -- 2.39.5 (Apple Git-154)

6 days, 21 hours

1
0
0 0

[PATCH] powerpc/kexec: Enable SMT before waking offline CPUs

by Nysal Jan K.A.

If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228. WARNING: CPU: 0 PID: 9062 at arch/powerpc/kexec/core_64.c:223 kexec_prepare_cpus+0x1b0/0x1bc [snip] NIP kexec_prepare_cpus+0x1b0/0x1bc LR kexec_prepare_cpus+0x1a0/0x1bc Call Trace: kexec_prepare_cpus+0x1a0/0x1bc (unreliable) default_machine_kexec+0x160/0x19c machine_kexec+0x80/0x88 kernel_kexec+0xd0/0x118 __do_sys_reboot+0x210/0x2c4 system_call_exception+0x124/0x320 system_call_vectored_common+0x15c/0x2ec This occurs as add_cpu() fails due to cpu_bootable() returning false for CPUs that fail the cpu_smt_thread_allowed() check or non primary threads if SMT is disabled. Fix the issue by enabling SMT and resetting the number of SMT threads to the number of threads per core, before attempting to wake up all present CPUs. Fixes: 38253464bc82 ("cpu/SMT: Create topology_smt_thread_allowed()") Reported-by: Sachin P Bappalige <sachinpb(a)linux.ibm.com> Cc: stable(a)vger.kernel.org # v6.6+ Signed-off-by: Nysal Jan K.A. <nysal(a)linux.ibm.com> --- arch/powerpc/kexec/core_64.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/powerpc/kexec/core_64.c b/arch/powerpc/kexec/core_64.c index 222aa326dace..ff6df43720c4 100644 --- a/arch/powerpc/kexec/core_64.c +++ b/arch/powerpc/kexec/core_64.c @@ -216,6 +216,11 @@ static void wake_offline_cpus(void) { int cpu = 0; + lock_device_hotplug(); + cpu_smt_num_threads = threads_per_core; + cpu_smt_control = CPU_SMT_ENABLED; + unlock_device_hotplug(); + for_each_present_cpu(cpu) { if (!cpu_online(cpu)) { printk(KERN_INFO "kexec: Waking offline cpu %d.\n", -- 2.51.0

1 week

5
6
0 0

[PATCH v2] codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext

by Hao Ge

From: Hao Ge <gehao(a)kylinos.cn> When alloc_slab_obj_exts() fails and then later succeeds in allocating a slab extension vector, it calls handle_failed_objexts_alloc() to mark all objects in the vector as empty. As a result all objects in this slab (slabA) will have their extensions set to CODETAG_EMPTY. Later on if this slabA is used to allocate a slabobj_ext vector for another slab (slabB), we end up with the slabB->obj_exts pointing to a slabobj_ext vector that itself has a non-NULL slabobj_ext equal to CODETAG_EMPTY. When slabB gets freed, free_slab_obj_exts() is called to free slabB->obj_exts vector. free_slab_obj_exts() calls mark_objexts_empty(slabB->obj_exts) which will generate a warning because it expects slabobj_ext vectors to have a NULL obj_ext, not CODETAG_EMPTY. Modify mark_objexts_empty() to skip the warning and setting the obj_ext value if it's already set to CODETAG_EMPTY. Fixes: 09c46563ff6d ("codetag: debug: introduce OBJEXTS_ALLOC_FAIL to mark failed slab_ext allocations") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hao Ge <gehao(a)kylinos.cn> --- v2: Update the commit message and code comments for greater accuracy, incorporating Suren's suggestions. Thanks for Suren's help. --- mm/slub.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index d4367f25b20d..589c596163c4 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2046,7 +2046,11 @@ static inline void mark_objexts_empty(struct slabobj_ext *obj_exts) if (slab_exts) { unsigned int offs = obj_to_index(obj_exts_slab->slab_cache, obj_exts_slab, obj_exts); - /* codetag should be NULL */ + + if (unlikely(is_codetag_empty(&slab_exts[offs].ref))) + return; + + /* codetag should be NULL here */ WARN_ON(slab_exts[offs].ref.ct); set_codetag_empty(&slab_exts[offs].ref); } -- 2.25.1

1 week

2
1
0 0

+ codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext has been added to the -mm mm-hotfixes-unstable branch. Its filename is codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hao Ge <gehao(a)kylinos.cn> Subject: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext Date: Wed, 29 Oct 2025 09:43:17 +0800 When alloc_slab_obj_exts() fails and then later succeeds in allocating a slab extension vector, it calls handle_failed_objexts_alloc() to mark all objects in the vector as empty. As a result all objects in this slab (slabA) will have their extensions set to CODETAG_EMPTY. Later on if this slabA is used to allocate a slabobj_ext vector for another slab (slabB), we end up with the slabB->obj_exts pointing to a slabobj_ext vector that itself has a non-NULL slabobj_ext equal to CODETAG_EMPTY. When slabB gets freed, free_slab_obj_exts() is called to free slabB->obj_exts vector. free_slab_obj_exts() calls mark_objexts_empty(slabB->obj_exts) which will generate a warning because it expects slabobj_ext vectors to have a NULL obj_ext, not CODETAG_EMPTY. Modify mark_objexts_empty() to skip the warning and setting the obj_ext value if it's already set to CODETAG_EMPTY. To quickly detect this WARN, I modified the code from:WARN_ON(slab_exts[offs].ref.ct) to WARN_ON(slab_exts[offs].ref.ct == 1); We then obtained this message: [21630.898561] ------------[ cut here ]------------ [21630.898596] kernel BUG at mm/slub.c:2050! [21630.898611] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [21630.900372] Modules linked in: squashfs isofs vfio_iommu_type1 vhost_vsock vfio vhost_net vmw_vsock_virtio_transport_common vhost tap vhost_iotlb iommufd vsock binfmt_misc nfsv3 nfs_acl nfs lockd grace netfs tls rds dns_resolver tun brd overlay ntfs3 exfat btrfs blake2b_generic xor xor_neon raid6_pq loop sctp ip6_udp_tunnel udp_tunnel nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables rfkill ip_set sunrpc vfat fat joydev sg sch_fq_codel nfnetlink virtio_gpu sr_mod cdrom drm_client_lib virtio_dma_buf drm_shmem_helper drm_kms_helper drm ghash_ce backlight virtio_net virtio_blk virtio_scsi net_failover virtio_console failover virtio_mmio dm_mirror dm_region_hash dm_log dm_multipath dm_mod fuse i2c_dev virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev virtio virtio_ring autofs4 aes_neon_bs aes_ce_blk [last unloaded: hwpoison_inject] [21630.909177] CPU: 3 UID: 0 PID: 3787 Comm: kylin-process-m Kdump: loaded Tainted: G�� W�� 6.18.0-rc1+ #74 PREEMPT(voluntary) [21630.910495] Tainted: [W]=WARN [21630.910867] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [21630.911625] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [21630.912392] pc : __free_slab+0x228/0x250 [21630.912868] lr : __free_slab+0x18c/0x250[21630.913334] sp : ffff8000a02f73e0 [21630.913830] x29: ffff8000a02f73e0 x28: fffffdffc43fc800 x27: ffff0000c0011c40 [21630.914677] x26: ffff0000c000cac0 x25: ffff00010fe5e5f0 x24: ffff000102199b40 [21630.915469] x23: 0000000000000003 x22: 0000000000000003 x21: ffff0000c0011c40 [21630.916259] x20: fffffdffc4086600 x19: fffffdffc43fc800 x18: 0000000000000000 [21630.917048] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [21630.917837] x14: 0000000000000000 x13: 0000000000000000 x12: ffff70001405ee66 [21630.918640] x11: 1ffff0001405ee65 x10: ffff70001405ee65 x9 : ffff800080a295dc [21630.919442] x8 : ffff8000a02f7330 x7 : 0000000000000000 x6 : 0000000000003000 [21630.920232] x5 : 0000000024924925 x4 : 0000000000000001 x3 : 0000000000000007 [21630.921021] x2 : 0000000000001b40 x1 : 000000000000001f x0 : 0000000000000001 [21630.921810] Call trace: [21630.922130]�� __free_slab+0x228/0x250 (P) [21630.922669]�� free_slab+0x38/0x118 [21630.923079]�� free_to_partial_list+0x1d4/0x340 [21630.923591]�� __slab_free+0x24c/0x348 [21630.924024]�� ___cache_free+0xf0/0x110 [21630.924468]�� qlist_free_all+0x78/0x130 [21630.924922]�� kasan_quarantine_reduce+0x114/0x148 [21630.925525]�� __kasan_slab_alloc+0x7c/0xb0 [21630.926006]�� kmem_cache_alloc_noprof+0x164/0x5c8 [21630.926699]�� __alloc_object+0x44/0x1f8 [21630.927153]�� __create_object+0x34/0xc8 [21630.927604]�� kmemleak_alloc+0xb8/0xd8 [21630.928052]�� kmem_cache_alloc_noprof+0x368/0x5c8 [21630.928606]�� getname_flags.part.0+0xa4/0x610 [21630.929112]�� getname_flags+0x80/0xd8 [21630.929557]�� vfs_fstatat+0xc8/0xe0 [21630.929975]�� __do_sys_newfstatat+0xa0/0x100 [21630.930469]�� __arm64_sys_newfstatat+0x90/0xd8 [21630.931046]�� invoke_syscall+0xd4/0x258 [21630.931685]�� el0_svc_common.constprop.0+0xb4/0x240 [21630.932467]�� do_el0_svc+0x48/0x68 [21630.932972]�� el0_svc+0x40/0xe0 [21630.933472]�� el0t_64_sync_handler+0xa0/0xe8 [21630.934151]�� el0t_64_sync+0x1ac/0x1b0 [21630.934923] Code: aa1803e0 97ffef2b a9446bf9 17ffff9c (d4210000) [21630.936461] SMP: stopping secondary CPUs [21630.939550] Starting crashdump kernel... [21630.940108] Bye! Link: https://lkml.kernel.org/r/20251029014317.1533488-1-hao.ge@linux.dev Fixes: 09c46563ff6d ("codetag: debug: introduce OBJEXTS_ALLOC_FAIL to mark failed slab_ext allocations") Signed-off-by: Hao Ge <gehao(a)kylinos.cn> Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org> Cc: David Rientjes <rientjes(a)google.com> Cc: gehao <gehao(a)kylinos.cn> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/mm/slub.c~codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext +++ a/mm/slub.c @@ -2046,7 +2046,11 @@ static inline void mark_objexts_empty(st if (slab_exts) { unsigned int offs = obj_to_index(obj_exts_slab->slab_cache, obj_exts_slab, obj_exts); - /* codetag should be NULL */ + + if (unlikely(is_codetag_empty(&slab_exts[offs].ref))) + return; + + /* codetag should be NULL here */ WARN_ON(slab_exts[offs].ref.ct); set_codetag_empty(&slab_exts[offs].ref); } _ Patches currently in -mm which might be from gehao(a)kylinos.cn are codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch

1 week

1
0
0 0

Re: [PATCH] drm/mediatek: Disable AFBC support on Mediatek DRM driver

by Macpaul Lin (林智斌)

On Fri, 2025-10-24 at 17:27 -0300, Ariel D'Alessandro wrote: > > External email : Please do not click links or open attachments until > you have verified the sender or the content. > > > Commit c410fa9b07c32 ("drm/mediatek: Add AFBC support to Mediatek DRM > driver") added AFBC support to Mediatek DRM and enabled the > 32x8/split/sparse modifier. > > However, this is currently broken on Mediatek MT8188 (Genio 700 EVK > platform); tested using upstream Kernel and Mesa (v25.2.1), AFBC is > used by > default since Mesa v25.0. > > Kernel trace reports vblank timeouts constantly, and the render is > garbled: > > ``` > [CRTC:62:crtc-0] vblank wait timed out > WARNING: CPU: 7 PID: 70 at drivers/gpu/drm/drm_atomic_helper.c:1835 > drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c > [...] > Hardware name: MediaTek Genio-700 EVK (DT) > Workqueue: events_unbound commit_work > pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c > lr : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c > sp : ffff80008337bca0 > x29: ffff80008337bcd0 x28: 0000000000000061 x27: 0000000000000000 > x26: 0000000000000001 x25: 0000000000000000 x24: ffff0000c9dcc000 > x23: 0000000000000001 x22: 0000000000000000 x21: ffff0000c66f2f80 > x20: ffff0000c0d7d880 x19: 0000000000000000 x18: 000000000000000a > x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000000 > x14: 0000000000000000 x13: 74756f2064656d69 x12: 742074696177206b > x11: 0000000000000058 x10: 0000000000000018 x9 : ffff800082396a70 > x8 : 0000000000057fa8 x7 : 0000000000000cce x6 : ffff8000823eea70 > x5 : ffff0001fef5f408 x4 : ffff80017ccee000 x3 : ffff0000c12cb480 > x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c12cb480 > Call trace: > drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c (P) > drm_atomic_helper_commit_tail_rpm+0x64/0x80 > commit_tail+0xa4/0x1a4 > commit_work+0x14/0x20 > process_one_work+0x150/0x290 > worker_thread+0x2d0/0x3ec > kthread+0x12c/0x210 > ret_from_fork+0x10/0x20 > ---[ end trace 0000000000000000 ]--- > ``` > > Until this gets fixed upstream, disable AFBC support on this > platform, as > it's currently broken with upstream Mesa. > > Signed-off-by: Ariel D'Alessandro <ariel.dalessandro(a)collabora.com> > --- > drivers/gpu/drm/mediatek/mtk_plane.c | 24 +----------------------- > 1 file changed, 1 insertion(+), 23 deletions(-) > > diff --git a/drivers/gpu/drm/mediatek/mtk_plane.c > b/drivers/gpu/drm/mediatek/mtk_plane.c > index 02349bd440017..788b52c1d10c5 100644 > --- a/drivers/gpu/drm/mediatek/mtk_plane.c > +++ b/drivers/gpu/drm/mediatek/mtk_plane.c > @@ -21,9 +21,6 @@ > > static const u64 modifiers[] = { > DRM_FORMAT_MOD_LINEAR, > - DRM_FORMAT_MOD_ARM_AFBC(AFBC_FORMAT_MOD_BLOCK_SIZE_32x8 | > - AFBC_FORMAT_MOD_SPLIT | > - AFBC_FORMAT_MOD_SPARSE), > DRM_FORMAT_MOD_INVALID, > }; > > @@ -71,26 +68,7 @@ static bool mtk_plane_format_mod_supported(struct > drm_plane *plane, > uint32_t format, > uint64_t modifier) > { > - if (modifier == DRM_FORMAT_MOD_LINEAR) > - return true; > - > - if (modifier != DRM_FORMAT_MOD_ARM_AFBC( > - AFBC_FORMAT_MOD_BLOCK_SIZE_32x8 | > - AFBC_FORMAT_MOD_SPLIT | > - AFBC_FORMAT_MOD_SPARSE)) > - return false; > - > - if (format != DRM_FORMAT_XRGB8888 && > - format != DRM_FORMAT_ARGB8888 && > - format != DRM_FORMAT_BGRX8888 && > - format != DRM_FORMAT_BGRA8888 && > - format != DRM_FORMAT_ABGR8888 && > - format != DRM_FORMAT_XBGR8888 && > - format != DRM_FORMAT_RGB888 && > - format != DRM_FORMAT_BGR888) > - return false; > - > - return true; > + return modifier == DRM_FORMAT_MOD_LINEAR; > } > > static void mtk_plane_destroy_state(struct drm_plane *plane, > Great! Thanks for this patch. I've tested this patch against k6.17.5 on mt8395-genio-1200-evk board, and it is working. I've also tested this patch with 'modetest -M mediatek -s 34@59:1200x1290' is working as well. I'm not sure if it is possible to add a "Fixes:" tag to this patch? Maybe add this patch with 'Cc: stable(a)vger.kernel.org #6.17' at least? Some Linux distros are currently using 6.17 for testing. Reviewed-by: Macpaul Lin <macpaul.lin(a)mediatek.com> Regards, Macpaul Lin

1 week

2
1
0 0

[PATCH v2 1/1] Bluetooth: btusb: add default nvm file

by Shuai Zhang

If no NVM file matches the board_id, load the default NVM file. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> Cc: stable(a)vger.kernel.org --- drivers/bluetooth/btusb.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index dcbff7641..6903606d3 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3482,15 +3482,14 @@ static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, } static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, - const struct qca_version *ver) + const struct qca_version *ver, + u16 board_id) { u32 rom_version = le32_to_cpu(ver->rom_version); const char *variant, *fw_subdir; int len; - u16 board_id; fw_subdir = qca_get_fw_subdirectory(ver); - board_id = qca_extract_board_id(ver); switch (le32_to_cpu(ver->ram_version)) { case WCN6855_2_0_RAM_VERSION_GF: @@ -3522,14 +3521,28 @@ static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, const struct firmware *fw; char fwname[80]; int err; + u16 board_id = 0; - btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); + board_id = qca_extract_board_id(ver); +retry: + btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver, board_id); err = request_firmware(&fw, fwname, &hdev->dev); if (err) { + if (err == -EINVAL) { + bt_dev_err(hdev, "QCOM BT firmware file request failed (%d)", err); + return err; + } + bt_dev_err(hdev, "failed to request NVM file: %s (%d)", fwname, err); - return err; + if (err == -ENOENT && board_id != 0) { + board_id = 0; + goto retry; + } else { + bt_dev_err(hdev, "QCOM BT firmware file request failed (%d)", err); + return err; + } } bt_dev_info(hdev, "using NVM file: %s", fwname); -- 2.34.1

1 week

1
0
0 0

[PATCH v1] Bluetooth: btusb: add default nvm file

by Shuai Zhang

If no NVM file matches the board_id, load the default NVM file. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> --- drivers/bluetooth/btusb.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index dcbff7641..998dfd455 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -3482,15 +3482,14 @@ static int btusb_setup_qca_load_rampatch(struct hci_dev *hdev, } static void btusb_generate_qca_nvm_name(char *fwname, size_t max_size, - const struct qca_version *ver) + const struct qca_version *ver, + u16 board_id) { u32 rom_version = le32_to_cpu(ver->rom_version); const char *variant, *fw_subdir; int len; - u16 board_id; fw_subdir = qca_get_fw_subdirectory(ver); - board_id = qca_extract_board_id(ver); switch (le32_to_cpu(ver->ram_version)) { case WCN6855_2_0_RAM_VERSION_GF: @@ -3522,13 +3521,25 @@ static int btusb_setup_qca_load_nvm(struct hci_dev *hdev, const struct firmware *fw; char fwname[80]; int err; + u16 board_id = 0; - btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver); + board_id = qca_extract_board_id(ver); +retry: + btusb_generate_qca_nvm_name(fwname, sizeof(fwname), ver, board_id); err = request_firmware(&fw, fwname, &hdev->dev); if (err) { + if (err == -EINVAL) { + bt_dev_err(hdev, "QCOM BT firmware file request failed (%d)", err); + return err; + } + bt_dev_err(hdev, "failed to request NVM file: %s (%d)", fwname, err); + if (err == -ENOENT && board_id != 0) { + board_id = 0; + goto retry; + } return err; } -- 2.34.1

1 week

3
3
0 0

Inquiry about purchasing your products

by PERDIS SUPER U

-- Hi, PERDIS SUPER U is a leading retail group in France with numerous outlets across the country. After reviewing your company profile and products, we’re very interested in establishing a long-term partnership. Kindly share your product catalog or website so we can review your offerings and pricing. We are ready to place orders and begin cooperation.Please note: Our payment terms are SWIFT, 14 days after delivery. Looking forward to your response. Best regards, Dominique Schelcher Director, PERDIS SUPER U RUE DE SAVOIE, 45600 SAINT-PÈRE-SUR-LOIRE VAT: FR65380071464 www.magasins-u.com

1 week

1
0
0 0

+ mm-mremap-honour-writable-bit-in-mremap-pte-batching.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/mremap: honour writable bit in mremap pte batching has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mremap-honour-writable-bit-in-mremap-pte-batching.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Dev Jain <dev.jain(a)arm.com> Subject: mm/mremap: honour writable bit in mremap pte batching Date: Tue, 28 Oct 2025 12:09:52 +0530 Currently mremap folio pte batch ignores the writable bit during figuring out a set of similar ptes mapping the same folio. Suppose that the first pte of the batch is writable while the others are not - set_ptes will end up setting the writable bit on the other ptes, which is a violation of mremap semantics. Therefore, use FPB_RESPECT_WRITE to check the writable bit while determining the pte batch. Link: https://lkml.kernel.org/r/20251028063952.90313-1-dev.jain@arm.com Signed-off-by: Dev Jain <dev.jain(a)arm.com> Fixes: f822a9a81a31 ("mm: optimize mremap() by PTE batching") Reported-by: David Hildenbrand <david(a)redhat.com> Debugged-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Pedro Falcato <pfalcato(a)suse.de> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Jann Horn <jannh(a)google.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> [6.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mremap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/mremap.c~mm-mremap-honour-writable-bit-in-mremap-pte-batching +++ a/mm/mremap.c @@ -187,7 +187,7 @@ static int mremap_folio_pte_batch(struct if (!folio || !folio_test_large(folio)) return 1; - return folio_pte_batch(folio, ptep, pte, max_nr); + return folio_pte_batch_flags(folio, NULL, ptep, &pte, max_nr, FPB_RESPECT_WRITE); } static int move_ptes(struct pagetable_move_control *pmc, _ Patches currently in -mm which might be from dev.jain(a)arm.com are mm-mremap-honour-writable-bit-in-mremap-pte-batching.patch

1 week

1
0
0 0

+ gcov-add-support-for-gcc-15.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: gcov: add support for GCC 15 has been added to the -mm mm-hotfixes-unstable branch. Its filename is gcov-add-support-for-gcc-15.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Oberparleiter <oberpar(a)linux.ibm.com> Subject: gcov: add support for GCC 15 Date: Tue, 28 Oct 2025 12:51:25 +0100 Using gcov on kernels compiled with GCC 15 results in truncated 16-byte long .gcda files with no usable data. To fix this, update GCOV_COUNTERS to match the value defined by GCC 15. Tested with GCC 14.3.0 and GCC 15.2.0. Link: https://lkml.kernel.org/r/20251028115125.1319410-1-oberpar@linux.ibm.com Signed-off-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reported-by: Matthieu Baerts <matttbe(a)kernel.org> Closes: https://github.com/linux-test-project/lcov/issues/445 Tested-by: Matthieu Baerts <matttbe(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/gcov/gcc_4_7.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/gcov/gcc_4_7.c~gcov-add-support-for-gcc-15 +++ a/kernel/gcov/gcc_4_7.c @@ -18,7 +18,9 @@ #include <linux/mm.h> #include "gcov.h" -#if (__GNUC__ >= 14) +#if (__GNUC__ >= 15) +#define GCOV_COUNTERS 10 +#elif (__GNUC__ >= 14) #define GCOV_COUNTERS 9 #elif (__GNUC__ >= 10) #define GCOV_COUNTERS 8 _ Patches currently in -mm which might be from oberpar(a)linux.ibm.com are gcov-add-support-for-gcc-15.patch

1 week

1
0
0 0

+ s390-fix-hugetlb-vmemmap-optimization-crash.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: s390: fix HugeTLB vmemmap optimization crash has been added to the -mm mm-hotfixes-unstable branch. Its filename is s390-fix-hugetlb-vmemmap-optimization-crash.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Luiz Capitulino <luizcap(a)redhat.com> Subject: s390: fix HugeTLB vmemmap optimization crash Date: Tue, 28 Oct 2025 17:15:33 -0400 A reproducible crash occurs when enabling HugeTLB vmemmap optimization (HVO) on s390. The crash and the proposed fix were worked on an s390 KVM guest running on an older hypervisor, as I don't have access to an LPAR. However, the same issue should occur on bare-metal. Reproducer (it may take a few runs to trigger): # sysctl vm.hugetlb_optimize_vmemmap=1 # echo 1 > /proc/sys/vm/nr_hugepages # echo 0 > /proc/sys/vm/nr_hugepages Crash log: [ 52.340369] list_del corruption. prev->next should be 000000d382110008, but was 000000d7116d3880. (prev=000000d7116d3910) [ 52.340420] ------------[ cut here ]------------ [ 52.340424] kernel BUG at lib/list_debug.c:62! [ 52.340566] monitor event: 0040 ilc:2 [#1]SMP [ 52.340573] Modules linked in: ctcm fsm qeth ccwgroup zfcp scsi_transport_fc qdio dasd_fba_mod dasd_eckd_mod dasd_mod xfs ghash_s390 prng des_s390 libdes sha3_512_s390 sha3_256_s390 virtio_net virtio_blk net_failover sha_common failover dm_mirror dm_region_hash dm_log dm_mod paes_s390 crypto_engine pkey_cca pkey_ep11 zcrypt pkey_pckmo pkey aes_s390 [ 52.340606] CPU: 1 UID: 0 PID: 1672 Comm: root-rep2 Kdump: loaded Not tainted 6.18.0-rc3 #1 NONE [ 52.340610] Hardware name: IBM 3931 LA1 400 (KVM/Linux) [ 52.340611] Krnl PSW : 0704c00180000000 0000015710cda7fe (__list_del_entry_valid_or_report+0xfe/0x128) [ 52.340619] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 [ 52.340622] Krnl GPRS: c0000000ffffefff 0000000100000027 000000000000006d 0000000000000000 [ 52.340623] 000000d7116d35d8 000000d7116d35d0 0000000000000002 000000d7116d39b0 [ 52.340625] 000000d7116d3880 000000d7116d3910 000000d7116d3910 000000d382110008 [ 52.340626] 000003ffac1ccd08 000000d7116d39b0 0000015710cda7fa 000000d7116d37d0 [ 52.340632] Krnl Code: 0000015710cda7ee: c020003e496f larl %r2,00000157114a3acc 0000015710cda7f4: c0e5ffd5280e brasl %r14,000001571077f810 #0000015710cda7fa: af000000 mc 0,0 >0000015710cda7fe: b9040029 lgr %r2,%r9 0000015710cda802: c0e5ffe5e193 brasl %r14,0000015710996b28 0000015710cda808: e34090080004 lg %r4,8(%r9) 0000015710cda80e: b9040059 lgr %r5,%r9 0000015710cda812: b9040038 lgr %r3,%r8 [ 52.340643] Call Trace: [ 52.340645] [<0000015710cda7fe>] __list_del_entry_valid_or_report+0xfe/0x128 [ 52.340649] ([<0000015710cda7fa>] __list_del_entry_valid_or_report+0xfa/0x128) [ 52.340652] [<0000015710a30b2e>] hugetlb_vmemmap_restore_folios+0x96/0x138 [ 52.340655] [<0000015710a268ac>] update_and_free_pages_bulk+0x64/0x150 [ 52.340659] [<0000015710a26f8a>] set_max_huge_pages+0x4ca/0x6f0 [ 52.340662] [<0000015710a273ba>] hugetlb_sysctl_handler_common+0xea/0x120 [ 52.340665] [<0000015710a27484>] hugetlb_sysctl_handler+0x44/0x50 [ 52.340667] [<0000015710b53ffa>] proc_sys_call_handler+0x17a/0x280 [ 52.340672] [<0000015710a90968>] vfs_write+0x2c8/0x3a0 [ 52.340676] [<0000015710a90bd2>] ksys_write+0x72/0x100 [ 52.340679] [<00000157111483a8>] __do_syscall+0x150/0x318 [ 52.340682] [<0000015711153a5e>] system_call+0x6e/0x90 [ 52.340684] Last Breaking-Event-Address: [ 52.340684] [<000001571077f85c>] _printk+0x4c/0x58 [ 52.340690] Kernel panic - not syncing: Fatal exception: panic_on_oops This issue was introduced by commit f13b83fdd996 ("hugetlb: batch TLB flushes when freeing vmemmap"). Before that change, the HVO implementation called flush_tlb_kernel_range() each time a vmemmap PMD split and remapping was performed. The mentioned commit changed this to issue a few flush_tlb_all() calls after performing all remappings. However, on s390, flush_tlb_kernel_range() expands to __tlb_flush_kernel() while flush_tlb_all() is not implemented. As a result, we went from flushing the TLB for every remapping to no flushing at all. This commit fixes this by implementing flush_tlb_all() on s390 as an alias to __tlb_flush_global(). This should cause a flush on all TLB entries on all CPUs as expected by the flush_tlb_all() semantics. Link: https://lkml.kernel.org/r/20251028211533.47694-1-luizcap@redhat.com Fixes: f13b83fdd996 ("hugetlb: batch TLB flushes when freeing vmemmap") Signed-off-by: Luiz Capitulino <luizcap(a)redhat.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Joao Martins <joao.m.martins(a)oracle.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/s390/include/asm/tlbflush.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/arch/s390/include/asm/tlbflush.h~s390-fix-hugetlb-vmemmap-optimization-crash +++ a/arch/s390/include/asm/tlbflush.h @@ -103,9 +103,13 @@ static inline void __tlb_flush_mm_lazy(s * flush_tlb_range functions need to do the flush. */ #define flush_tlb() do { } while (0) -#define flush_tlb_all() do { } while (0) #define flush_tlb_page(vma, addr) do { } while (0) +static inline void flush_tlb_all(void) +{ + __tlb_flush_global(); +} + static inline void flush_tlb_mm(struct mm_struct *mm) { __tlb_flush_mm_lazy(mm); _ Patches currently in -mm which might be from luizcap(a)redhat.com are s390-fix-hugetlb-vmemmap-optimization-crash.patch

1 week

1
0
0 0

[PATCH] video: valkyriefb: Fix reference count leak in valkyriefb_init

by Miaoqian Lin

The of_find_node_by_name() function returns a device tree node with its reference count incremented. The caller is responsible for calling of_node_put() to release this reference when done. Found via static analysis. Fixes: cc5d0189b9ba ("[PATCH] powerpc: Remove device_node addrs/n_addr") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/video/fbdev/valkyriefb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/video/fbdev/valkyriefb.c b/drivers/video/fbdev/valkyriefb.c index 91d070ef6989..6ff059ee1694 100644 --- a/drivers/video/fbdev/valkyriefb.c +++ b/drivers/video/fbdev/valkyriefb.c @@ -329,11 +329,13 @@ static int __init valkyriefb_init(void) if (of_address_to_resource(dp, 0, &r)) { printk(KERN_ERR "can't find address for valkyrie\n"); + of_node_put(dp); return 0; } frame_buffer_phys = r.start; cmap_regs_phys = r.start + 0x304000; + of_node_put(dp); } #endif /* ppc (!CONFIG_MAC) */ -- 2.39.5 (Apple Git-154)

1 week

2
1
0 0

+ codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext has been added to the -mm mm-new branch. Its filename is codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hao Ge <gehao(a)kylinos.cn> Subject: codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext Date: Mon, 27 Oct 2025 16:52:14 +0800 Even though obj_exts was created with the __GFP_NO_OBJ_EXT flag, objects in the same slab may have their extensions allocated via alloc_slab_obj_exts, and handle_failed_objexts_alloc may be called within alloc_slab_obj_exts to set their codetag to CODETAG_EMPTY. Therefore, both NULL and CODETAG_EMPTY are valid for the codetag of slabobj_ext, as we do not need to re-set it to CODETAG_EMPTY if it is already CODETAG_EMPTY. It also resolves the warning triggered when the codetag is CODETAG_EMPTY during slab freeing. This issue also occurred during our memory stress testing. The possibility of its occurrence should be as follows: When a slab allocates a slabobj_ext, the slab to which this slabobj_ext belongs may have already allocated its own slabobj_ext and called handle_failed_objexts_alloc. That is to say, the codetag of this slabobj_ext has been set to CODETAG_EMPTY. To quickly detect this WARN, I modified the code from:WARN_ON(slab_exts[offs].ref.ct) to WARN_ON(slab_exts[offs].ref.ct == 1); We then obtained this message: [21630.898561] ------------[ cut here ]------------ [21630.898596] kernel BUG at mm/slub.c:2050! [21630.898611] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [21630.900372] Modules linked in: squashfs isofs vfio_iommu_type1 vhost_vsock vfio vhost_net vmw_vsock_virtio_transport_common vhost tap vhost_iotlb iommufd vsock binfmt_misc nfsv3 nfs_acl nfs lockd grace netfs tls rds dns_resolver tun brd overlay ntfs3 exfat btrfs blake2b_generic xor xor_neon raid6_pq loop sctp ip6_udp_tunnel udp_tunnel nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables rfkill ip_set sunrpc vfat fat joydev sg sch_fq_codel nfnetlink virtio_gpu sr_mod cdrom drm_client_lib virtio_dma_buf drm_shmem_helper drm_kms_helper drm ghash_ce backlight virtio_net virtio_blk virtio_scsi net_failover virtio_console failover virtio_mmio dm_mirror dm_region_hash dm_log dm_multipath dm_mod fuse i2c_dev virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev virtio virtio_ring autofs4 aes_neon_bs aes_ce_blk [last unloaded: hwpoison_inject] [21630.909177] CPU: 3 UID: 0 PID: 3787 Comm: kylin-process-m Kdump: loaded Tainted: G�� W�� 6.18.0-rc1+ #74 PREEMPT(voluntary) [21630.910495] Tainted: [W]=WARN [21630.910867] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [21630.911625] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [21630.912392] pc : __free_slab+0x228/0x250 [21630.912868] lr : __free_slab+0x18c/0x250[21630.913334] sp : ffff8000a02f73e0 [21630.913830] x29: ffff8000a02f73e0 x28: fffffdffc43fc800 x27: ffff0000c0011c40 [21630.914677] x26: ffff0000c000cac0 x25: ffff00010fe5e5f0 x24: ffff000102199b40 [21630.915469] x23: 0000000000000003 x22: 0000000000000003 x21: ffff0000c0011c40 [21630.916259] x20: fffffdffc4086600 x19: fffffdffc43fc800 x18: 0000000000000000 [21630.917048] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [21630.917837] x14: 0000000000000000 x13: 0000000000000000 x12: ffff70001405ee66 [21630.918640] x11: 1ffff0001405ee65 x10: ffff70001405ee65 x9 : ffff800080a295dc [21630.919442] x8 : ffff8000a02f7330 x7 : 0000000000000000 x6 : 0000000000003000 [21630.920232] x5 : 0000000024924925 x4 : 0000000000000001 x3 : 0000000000000007 [21630.921021] x2 : 0000000000001b40 x1 : 000000000000001f x0 : 0000000000000001 [21630.921810] Call trace: [21630.922130]�� __free_slab+0x228/0x250 (P) [21630.922669]�� free_slab+0x38/0x118 [21630.923079]�� free_to_partial_list+0x1d4/0x340 [21630.923591]�� __slab_free+0x24c/0x348 [21630.924024]�� ___cache_free+0xf0/0x110 [21630.924468]�� qlist_free_all+0x78/0x130 [21630.924922]�� kasan_quarantine_reduce+0x114/0x148 [21630.925525]�� __kasan_slab_alloc+0x7c/0xb0 [21630.926006]�� kmem_cache_alloc_noprof+0x164/0x5c8 [21630.926699]�� __alloc_object+0x44/0x1f8 [21630.927153]�� __create_object+0x34/0xc8 [21630.927604]�� kmemleak_alloc+0xb8/0xd8 [21630.928052]�� kmem_cache_alloc_noprof+0x368/0x5c8 [21630.928606]�� getname_flags.part.0+0xa4/0x610 [21630.929112]�� getname_flags+0x80/0xd8 [21630.929557]�� vfs_fstatat+0xc8/0xe0 [21630.929975]�� __do_sys_newfstatat+0xa0/0x100 [21630.930469]�� __arm64_sys_newfstatat+0x90/0xd8 [21630.931046]�� invoke_syscall+0xd4/0x258 [21630.931685]�� el0_svc_common.constprop.0+0xb4/0x240 [21630.932467]�� do_el0_svc+0x48/0x68 [21630.932972]�� el0_svc+0x40/0xe0 [21630.933472]�� el0t_64_sync_handler+0xa0/0xe8 [21630.934151]�� el0t_64_sync+0x1ac/0x1b0 [21630.934923] Code: aa1803e0 97ffef2b a9446bf9 17ffff9c (d4210000) [21630.936461] SMP: stopping secondary CPUs [21630.939550] Starting crashdump kernel... [21630.940108] Bye! Link: https://lkml.kernel.org/r/20251027085214.184672-1-hao.ge@linux.dev Fixes: 09c46563ff6d ("codetag: debug: introduce OBJEXTS_ALLOC_FAIL to mark failed slab_ext allocations") Signed-off-by: Hao Ge <gehao(a)kylinos.cn> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slub.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/mm/slub.c~codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext +++ a/mm/slub.c @@ -2046,7 +2046,17 @@ static inline void mark_objexts_empty(st if (slab_exts) { unsigned int offs = obj_to_index(obj_exts_slab->slab_cache, obj_exts_slab, obj_exts); - /* codetag should be NULL */ + + /* + * codetag should be either NULL or CODETAG_EMPTY. + * When the same slab calls handle_failed_objexts_alloc, + * it will set us to CODETAG_EMPTY. + * + * If codetag is already CODETAG_EMPTY, no action is needed here. + */ + if (unlikely(is_codetag_empty(&slab_exts[offs].ref))) + return; + WARN_ON(slab_exts[offs].ref.ct); set_codetag_empty(&slab_exts[offs].ref); } _ Patches currently in -mm which might be from gehao(a)kylinos.cn are codetag-debug-handle-existing-codetag_empty-in-mark_objexts_empty-for-slabobj_ext.patch

1 week

1
0
0 0

+ mm-mm_init-fix-hash-table-order-logging-in-alloc_large_system_hash.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/mm_init: fix hash table order logging in alloc_large_system_hash() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-mm_init-fix-hash-table-order-logging-in-alloc_large_system_hash.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Isaac J. Manjarres" <isaacmanjarres(a)google.com> Subject: mm/mm_init: fix hash table order logging in alloc_large_system_hash() Date: Tue, 28 Oct 2025 12:10:12 -0700 When emitting the order of the allocation for a hash table, alloc_large_system_hash() unconditionally subtracts PAGE_SHIFT from log base 2 of the allocation size. This is not correct if the allocation size is smaller than a page, and yields a negative value for the order as seen below: TCP established hash table entries: 32 (order: -4, 256 bytes, linear) TCP bind hash table entries: 32 (order: -2, 1024 bytes, linear) Use get_order() to compute the order when emitting the hash table information to correctly handle cases where the allocation size is smaller than a page: TCP established hash table entries: 32 (order: 0, 256 bytes, linear) TCP bind hash table entries: 32 (order: 0, 1024 bytes, linear) Link: https://lkml.kernel.org/r/20251028191020.413002-1-isaacmanjarres@google.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mm_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/mm_init.c~mm-mm_init-fix-hash-table-order-logging-in-alloc_large_system_hash +++ a/mm/mm_init.c @@ -2469,7 +2469,7 @@ void *__init alloc_large_system_hash(con panic("Failed to allocate %s hash table\n", tablename); pr_info("%s hash table entries: %ld (order: %d, %lu bytes, %s)\n", - tablename, 1UL << log2qty, ilog2(size) - PAGE_SHIFT, size, + tablename, 1UL << log2qty, get_order(size), size, virt ? (huge ? "vmalloc hugepage" : "vmalloc") : "linear"); if (_hash_shift) _ Patches currently in -mm which might be from isaacmanjarres(a)google.com are mm-mm_init-fix-hash-table-order-logging-in-alloc_large_system_hash.patch

1 week

1
0
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102058-citadel-crinkly-125f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

1 week

2
1
0 0

[tip: x86/urgent] x86/fpu: Ensure XFD state on signal delivery

by tip-bot2 for Chang S. Bae

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 388eff894d6bc5f921e9bfff0e4b0ab2684a96e9 Gitweb: https://git.kernel.org/tip/388eff894d6bc5f921e9bfff0e4b0ab2684a96e9 Author: Chang S. Bae <chang.seok.bae(a)intel.com> AuthorDate: Mon, 09 Jun 2025 17:16:59 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 28 Oct 2025 12:10:59 -07:00 x86/fpu: Ensure XFD state on signal delivery Sean reported [1] the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70 Call Trace: <TASK> fpu__clear_user_states+0x9c/0x100 arch_do_signal_or_restart+0x142/0x210 exit_to_user_mode_loop+0x55/0x100 do_syscall_64+0x205/0x2c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Chao further identified [2] a reproducible scenario involving signal delivery: a non-AMX task is preempted by an AMX-enabled task which modifies the XFD MSR. When the non-AMX task resumes and reloads XSTATE with init values, a warning is triggered due to a mismatch between fpstate::xfd and the CPU's current XFD state. fpu__clear_user_states() does not currently re-synchronize the XFD state after such preemption. Invoke xfd_update_state() which detects and corrects the mismatch if there is a dynamic feature. This also benefits the sigreturn path, as fpu__restore_sig() may call fpu__clear_user_states() when the sigframe is inaccessible. [ dhansen: minor changelog munging ] Closes: https://lore.kernel.org/lkml/aDCo_SczQOUaB2rS@google.com [1] Fixes: 672365477ae8a ("x86/fpu: Update XFD state where required") Reported-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Chang S. Bae <chang.seok.bae(a)intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Chao Gao <chao.gao(a)intel.com> Tested-by: Chao Gao <chao.gao(a)intel.com> Link: https://lore.kernel.org/all/aDWbctO%2FRfTGiCg3@intel.com [2] Cc:stable@vger.kernel.org Link: https://patch.msgid.link/20250610001700.4097-1-chang.seok.bae%40intel.com --- arch/x86/kernel/fpu/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 1f71cc1..e88eacb 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -825,6 +825,9 @@ void fpu__clear_user_states(struct fpu *fpu) !fpregs_state_valid(fpu, smp_processor_id())) os_xrstor_supervisor(fpu->fpstate); + /* Ensure XFD state is in sync before reloading XSTATE */ + xfd_update_state(fpu->fpstate); + /* Reset user states in registers. */ restore_fpregs_from_init_fpstate(XFEATURE_MASK_USER_RESTORE);

1 week

1
0
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102056-qualify-unopposed-be08@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

1 week

2
1
0 0

[PATCH] media: uvcvideo: Fix support for V4L2_CTRL_FLAG_HAS_WHICH_MIN_MAX

by Ricardo Ribalda

The VIDIOC_G_EXT_CTRLS with which V4L2_CTRL_WHICH_(MIN|MAX)_VAL can only work for controls that have previously announced support for it. This patch fixes the following v4l2-compliance error: info: checking extended control 'User Controls' (0x00980001) fail: v4l2-test-controls.cpp(980): ret != EINVAL (got 13) test VIDIOC_G/S/TRY_EXT_CTRLS: FAIL Fixes: 39d2c891c96e ("media: uvcvideo: support V4L2_CTRL_WHICH_MIN/MAX_VAL") Cc: stable(a)vger.kernel.org Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- drivers/media/usb/uvc/uvc_ctrl.c | 11 +++++++++-- drivers/media/usb/uvc/uvc_v4l2.c | 9 ++++++--- drivers/media/usb/uvc/uvcvideo.h | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 2905505c240c060e5034ea12d33b59d5702f2e1f..2f7d5cdd18e072a47fb5906da0f847dd449911b4 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1432,7 +1432,7 @@ static bool uvc_ctrl_is_readable(u32 which, struct uvc_control *ctrl, * auto_exposure=1, exposure_time_absolute=251. */ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, - const struct v4l2_ext_controls *ctrls, + const struct v4l2_ext_controls *ctrls, u32 which, unsigned long ioctl) { struct uvc_control_mapping *master_map = NULL; @@ -1442,14 +1442,21 @@ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, s32 val; int ret; int i; + bool is_which_min_max = (ioctl == VIDIOC_G_EXT_CTRLS && + (which == V4L2_CTRL_WHICH_MIN_VAL || + which == V4L2_CTRL_WHICH_MAX_VAL)); if (__uvc_query_v4l2_class(chain, v4l2_id, 0) >= 0) - return -EACCES; + return is_which_min_max ? -EINVAL : -EACCES; ctrl = uvc_find_control(chain, v4l2_id, &mapping); if (!ctrl) return -EINVAL; + if ((!(ctrl->info.flags & UVC_CTRL_FLAG_GET_MAX) || + !(ctrl->info.flags & UVC_CTRL_FLAG_GET_MIN)) && is_which_min_max) + return -EINVAL; + if (ioctl == VIDIOC_G_EXT_CTRLS) return uvc_ctrl_is_readable(ctrls->which, ctrl, mapping); diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c index 9e4a251eca88085a1b4e0e854370015855be92ee..d5274dc94da3c60f1f4566b307dd445f30c4f45f 100644 --- a/drivers/media/usb/uvc/uvc_v4l2.c +++ b/drivers/media/usb/uvc/uvc_v4l2.c @@ -765,6 +765,7 @@ static int uvc_ioctl_query_ext_ctrl(struct file *file, void *priv, static int uvc_ctrl_check_access(struct uvc_video_chain *chain, struct v4l2_ext_controls *ctrls, + u32 which, unsigned long ioctl) { struct v4l2_ext_control *ctrl = ctrls->controls; @@ -772,7 +773,8 @@ static int uvc_ctrl_check_access(struct uvc_video_chain *chain, int ret = 0; for (i = 0; i < ctrls->count; ++ctrl, ++i) { - ret = uvc_ctrl_is_accessible(chain, ctrl->id, ctrls, ioctl); + ret = uvc_ctrl_is_accessible(chain, ctrl->id, ctrls, which, + ioctl); if (ret) break; } @@ -806,7 +808,7 @@ static int uvc_ioctl_g_ext_ctrls(struct file *file, void *priv, which = V4L2_CTRL_WHICH_CUR_VAL; } - ret = uvc_ctrl_check_access(chain, ctrls, VIDIOC_G_EXT_CTRLS); + ret = uvc_ctrl_check_access(chain, ctrls, which, VIDIOC_G_EXT_CTRLS); if (ret < 0) return ret; @@ -840,7 +842,8 @@ static int uvc_ioctl_s_try_ext_ctrls(struct uvc_fh *handle, if (!ctrls->count) return 0; - ret = uvc_ctrl_check_access(chain, ctrls, ioctl); + ret = uvc_ctrl_check_access(chain, ctrls, V4L2_CTRL_WHICH_CUR_VAL, + ioctl); if (ret < 0) return ret; diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index ed7bad31f75ca474c1037d666d5310c78dd764df..d583425893a5f716185153a07aae9bfe20182964 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -786,7 +786,7 @@ int uvc_ctrl_get(struct uvc_video_chain *chain, u32 which, struct v4l2_ext_control *xctrl); int uvc_ctrl_set(struct uvc_fh *handle, struct v4l2_ext_control *xctrl); int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, - const struct v4l2_ext_controls *ctrls, + const struct v4l2_ext_controls *ctrls, u32 which, unsigned long ioctl); int uvc_xu_ctrl_query(struct uvc_video_chain *chain, --- base-commit: c218ce4f98eccf5a40de64c559c52d61e9cc78ee change-id: 20251028-uvc-fix-which-c3ba1fb68ed5 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 week

1
0
0 0

[PATCH AUTOSEL 6.17-5.4] ACPI: property: Return present device nodes only on fwnode interface

by Sasha Levin

From: Sakari Ailus <sakari.ailus(a)linux.intel.com> [ Upstream commit d9f866b2bb3eec38b3734f1fed325ec7c55ccdfa ] fwnode_graph_get_next_subnode() may return fwnode backed by ACPI device nodes and there has been no check these devices are present in the system, unlike there has been on fwnode OF backend. In order to provide consistent behaviour towards callers, add a check for device presence by introducing a new function acpi_get_next_present_subnode(), used as the get_next_child_node() fwnode operation that also checks device node presence. Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Jonathan Cameron <jonathan.cameron(a)huawei.com> Link: https://patch.msgid.link/20251001102636.1272722-2-sakari.ailus@linux.intel.… [ rjw: Kerneldoc comment and changelog edits ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: YES – this change fixes a real behavioural bug in the ACPI fwnode backend and should go to stable. - `drivers/acpi/property.c:1375` adds `acpi_get_next_present_subnode()` so `.get_next_child_node` skips ACPI child devices whose `_STA` says they are absent (`acpi_device_is_present()`), while still returning data subnodes unchanged. - The new helper is now wired into the ACPI fwnode ops (`drivers/acpi/property.c:1731`), making generic helpers such as `fwnode_get_next_child_node()` and macros like `fwnode_for_each_child_node` (`include/linux/property.h:167`) behave the same as the OF backend, which already filtered unavailable children via `of_get_next_available_child()` (`drivers/of/property.c:1070`). - Several core helpers assume disabled endpoints never surface: e.g. `fwnode_graph_get_endpoint_by_id()` in `drivers/base/property.c:1286` promises to hide endpoints on disabled devices, and higher layers such as `v4l2_fwnode_reference_get_int_prop()` (`drivers/media/v4l2-core/v4l2-fwnode.c:1064`) iterate child nodes without rechecking availability. On ACPI systems today they still see powered-off devices, leading to asynchronous notifiers that wait forever for hardware that can’t appear, or to bogus graph enumerations. This patch closes that gap. Risk is low: it only suppresses ACPI device nodes already known to be absent, aligns behaviour with DT userspace expectations, and leaves data nodes untouched. No extra dependencies are required, so the fix is self- contained and appropriate for stable backporting. Suggest running existing ACPI graph users (media/typec drivers) after backport to confirm no regressions. drivers/acpi/property.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/property.c b/drivers/acpi/property.c index c086786fe84cb..d74678f0ba4af 100644 --- a/drivers/acpi/property.c +++ b/drivers/acpi/property.c @@ -1357,6 +1357,28 @@ struct fwnode_handle *acpi_get_next_subnode(const struct fwnode_handle *fwnode, return NULL; } +/* + * acpi_get_next_present_subnode - Return the next present child node handle + * @fwnode: Firmware node to find the next child node for. + * @child: Handle to one of the device's child nodes or a null handle. + * + * Like acpi_get_next_subnode(), but the device nodes returned by + * acpi_get_next_present_subnode() are guaranteed to be present. + * + * Returns: The fwnode handle of the next present sub-node. + */ +static struct fwnode_handle * +acpi_get_next_present_subnode(const struct fwnode_handle *fwnode, + struct fwnode_handle *child) +{ + do { + child = acpi_get_next_subnode(fwnode, child); + } while (is_acpi_device_node(child) && + !acpi_device_is_present(to_acpi_device_node(child))); + + return child; +} + /** * acpi_node_get_parent - Return parent fwnode of this fwnode * @fwnode: Firmware node whose parent to get @@ -1701,7 +1723,7 @@ static int acpi_fwnode_irq_get(const struct fwnode_handle *fwnode, .property_read_string_array = \ acpi_fwnode_property_read_string_array, \ .get_parent = acpi_node_get_parent, \ - .get_next_child_node = acpi_get_next_subnode, \ + .get_next_child_node = acpi_get_next_present_subnode, \ .get_named_child_node = acpi_fwnode_get_named_child_node, \ .get_name = acpi_fwnode_get_name, \ .get_name_prefix = acpi_fwnode_get_name_prefix, \ -- 2.51.0

1 week

2
46
0 0

[PATCH] x86/fpu: Ensure XFD state on signal delivery

by Chang S. Bae

Sean reported [1] the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70 Call Trace: <TASK> fpu__clear_user_states+0x9c/0x100 arch_do_signal_or_restart+0x142/0x210 exit_to_user_mode_loop+0x55/0x100 do_syscall_64+0x205/0x2c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Chao further identified [2] a reproducible scenarios involving signal delivery: a non-AMX task is preempted by an AMX-enabled task which modifies the XFD MSR. When the non-AMX task resumes and reloads XSTATE with init values, a warning is triggered due to a mismatch between fpstate::xfd and the CPU's current XFD state. fpu__clear_user_states() does not currently re-synchronize the XFD state after such preemption. Invoke xfd_update_state() which detects and corrects the mismatch if the dynamic feature is enabled. This also benefits the sigreturn path, as fpu__restore_sig() may call fpu__clear_user_states() when the sigframe is inaccessible. Fixes: 672365477ae8a ("x86/fpu: Update XFD state where required") Reported-by: Sean Christopherson <seanjc(a)google.com> Closes: https://lore.kernel.org/lkml/aDCo_SczQOUaB2rS@google.com [1] Tested-by: Chao Gao <chao.gao(a)intel.com> Signed-off-by: Chang S. Bae <chang.seok.bae(a)intel.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/aDWbctO%2FRfTGiCg3@intel.com [2] --- arch/x86/kernel/fpu/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index ea138583dd92..5fa782a2ae7c 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -800,6 +800,9 @@ void fpu__clear_user_states(struct fpu *fpu) !fpregs_state_valid(fpu, smp_processor_id())) os_xrstor_supervisor(fpu->fpstate); + /* Ensure XFD state is in sync before reloading XSTATE */ + xfd_update_state(fpu->fpstate); + /* Reset user states in registers. */ restore_fpregs_from_init_fpstate(XFEATURE_MASK_USER_RESTORE); -- 2.48.1

1 week

3
2
0 0

[PATCH] regmap: irq: Correct documentation of wake_invert flag

by Shawn Guo

From: Shawn Guo <shawnguo(a)kernel.org> Per commit 9442490a0286 ("regmap: irq: Support wake IRQ mask inversion") the wake_invert flag is to support enable register, so cleared bits are wake disabled. Fixes: 68622bdfefb9 ("regmap: irq: document mask/wake_invert flags") Cc: stable(a)vger.kernel.org Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> --- include/linux/regmap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/regmap.h b/include/linux/regmap.h index 4e1ac1fbcec4..55343795644b 100644 --- a/include/linux/regmap.h +++ b/include/linux/regmap.h @@ -1643,7 +1643,7 @@ struct regmap_irq_chip_data; * @status_invert: Inverted status register: cleared bits are active interrupts. * @status_is_level: Status register is actuall signal level: Xor status * register with previous value to get active interrupts. - * @wake_invert: Inverted wake register: cleared bits are wake enabled. + * @wake_invert: Inverted wake register: cleared bits are wake disabled. * @type_in_mask: Use the mask registers for controlling irq type. Use this if * the hardware provides separate bits for rising/falling edge * or low/high level interrupts and they should be combined into -- 2.43.0

1 week

2
3
0 0

[PATCH] ALSA: wavefront: fix buffer overflow in longname construction

by moonafterrain＠outlook.com

From: Junrui Luo <moonafterrain(a)outlook.com> The snd_wavefront_probe() function constructs the card->longname string using unsafe sprintf() calls that can overflow the 80-byte buffer when module parameters contain large values. The vulnerability exists at wavefront.c where multiple sprintf() operations append to card->longname without length checking. Fix by replacing all sprintf() calls with scnprintf() and proper length tracking to ensure writes never exceed sizeof(card->longname). Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Reported-by: Junrui Luo <moonafterrain(a)outlook.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain(a)outlook.com> --- sound/isa/wavefront/wavefront.c | 40 ++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/sound/isa/wavefront/wavefront.c b/sound/isa/wavefront/wavefront.c index 07c68568091d..74ea3a67620c 100644 --- a/sound/isa/wavefront/wavefront.c +++ b/sound/isa/wavefront/wavefront.c @@ -343,6 +343,7 @@ snd_wavefront_probe (struct snd_card *card, int dev) struct snd_rawmidi *ics2115_external_rmidi = NULL; struct snd_hwdep *fx_processor; int hw_dev = 0, midi_dev = 0, err; + size_t len, rem; /* --------- PCM --------------- */ @@ -492,26 +493,35 @@ snd_wavefront_probe (struct snd_card *card, int dev) length restrictions */ - sprintf(card->longname, "%s PCM 0x%lx irq %d dma %d", - card->driver, - chip->port, - cs4232_pcm_irq[dev], - dma1[dev]); + len = scnprintf(card->longname, sizeof(card->longname), + "%s PCM 0x%lx irq %d dma %d", + card->driver, + chip->port, + cs4232_pcm_irq[dev], + dma1[dev]); - if (dma2[dev] >= 0 && dma2[dev] < 8) - sprintf(card->longname + strlen(card->longname), "&%d", dma2[dev]); + if (dma2[dev] >= 0 && dma2[dev] < 8 && len < sizeof(card->longname)) { + rem = sizeof(card->longname) - len; + len += scnprintf(card->longname + len, rem, "&%d", dma2[dev]); + } if (cs4232_mpu_port[dev] > 0 && cs4232_mpu_port[dev] != SNDRV_AUTO_PORT) { - sprintf (card->longname + strlen (card->longname), - " MPU-401 0x%lx irq %d", - cs4232_mpu_port[dev], - cs4232_mpu_irq[dev]); + if (len < sizeof(card->longname)) { + rem = sizeof(card->longname) - len; + len += scnprintf(card->longname + len, rem, + " MPU-401 0x%lx irq %d", + cs4232_mpu_port[dev], + cs4232_mpu_irq[dev]); + } } - sprintf (card->longname + strlen (card->longname), - " SYNTH 0x%lx irq %d", - ics2115_port[dev], - ics2115_irq[dev]); + if (len < sizeof(card->longname)) { + rem = sizeof(card->longname) - len; + scnprintf(card->longname + len, rem, + " SYNTH 0x%lx irq %d", + ics2115_port[dev], + ics2115_irq[dev]); + } return snd_card_register(card); } -- 2.51.1.dirty

1 week

2
1
0 0

[PATCH] mm/mremap: Honour writable bit in mremap pte batching

by Dev Jain

Currently mremap folio pte batch ignores the writable bit during figuring out a set of similar ptes mapping the same folio. Suppose that the first pte of the batch is writable while the others are not - set_ptes will end up setting the writable bit on the other ptes, which is a violation of mremap semantics. Therefore, use FPB_RESPECT_WRITE to check the writable bit while determining the pte batch. Cc: stable(a)vger.kernel.org #6.17 Fixes: f822a9a81a31 ("mm: optimize mremap() by PTE batching") Reported-by: David Hildenbrand <david(a)redhat.com> Debugged-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- mm-selftests pass. Based on mm-new. Need David H. to confirm whether the repro passes. mm/mremap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/mremap.c b/mm/mremap.c index a7f531c17b79..8ad06cf50783 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -187,7 +187,7 @@ static int mremap_folio_pte_batch(struct vm_area_struct *vma, unsigned long addr if (!folio || !folio_test_large(folio)) return 1; - return folio_pte_batch(folio, ptep, pte, max_nr); + return folio_pte_batch_flags(folio, NULL, ptep, &pte, max_nr, FPB_RESPECT_WRITE); } static int move_ptes(struct pagetable_move_control *pmc, -- 2.30.2

1 week

4
3
0 0

, conoce mejor a tu candidato antes de contratar

by Valeria Pérez

Evaluaciones Psicométricas para RR.HH. body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Mejora tus procesos de selección con evaluaciones psicométricas fáciles y confiables. Hola, , Sabemos que encontrar al candidato ideal va más allá del currículum. Por eso quiero contarte brevemente sobre PsicoSmart, una plataforma que ayuda a equipos de RR.HH. a evaluar talento con pruebas psicométricas rápidas, confiables y fáciles de aplicar. Con PsicoSmart puedes: Aplicar evaluaciones psicométricas 100% en línea. Elegir entre más de 31 pruebas psicométricas Generar reportes automáticos, visuales y fáciles de interpretar. Comparar resultados entre candidatos en segundos. Ahorrar horas valiosas del proceso de selección. Si estás buscando mejorar tus contrataciones, te lo recomiendo muchísimo. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, ----------------------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewisppiseup">click aquí</a>

1 week

1
0
0 0

[PATCH] scsi: aic94xx: fix use-after-free in device removal path

by moonafterrain＠outlook.com

From: Junrui Luo <moonafterrain(a)outlook.com> The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability. When a device removal is triggered (via hot-unplug or module unload), race condition can occur. The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Reported-by: Junrui Luo <moonafterrain(a)outlook.com> Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver") Cc: stable(a)vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain(a)outlook.com> --- drivers/scsi/aic94xx/aic94xx_init.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/scsi/aic94xx/aic94xx_init.c b/drivers/scsi/aic94xx/aic94xx_init.c index adf3d9145606..95f3620059f7 100644 --- a/drivers/scsi/aic94xx/aic94xx_init.c +++ b/drivers/scsi/aic94xx/aic94xx_init.c @@ -882,6 +882,9 @@ static void asd_pci_remove(struct pci_dev *dev) asd_disable_ints(asd_ha); + /* Ensure all scheduled tasklets complete before freeing resources */ + tasklet_kill(&asd_ha->seq.dl_tasklet); + asd_remove_dev_attrs(asd_ha); /* XXX more here as needed */ -- 2.51.1.dirty

1 week

1
0
0 0

[PATCH] agp/uninorth: fix out-of-bounds access with negative pg_start

by moonafterrain＠outlook.com

From: Junrui Luo <moonafterrain(a)outlook.com> The uninorth_insert_memory and uninorth_remove_memory functions lack proper validation of the pg_start parameter before using it as an array index into the GATT (Graphics Address Translation Table). The current bounds check fails to reject negative pg_start values and potentially causes out-of-bounds writes. Fix by explicitly checking that pg_start is non-negative before performing bounds checking. This makes the security requirement clear and does not rely on implicit type conversion behavior. The uninorth_remove_memory function has no bounds checking at all, so add the same validation there. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Reported-by: Junrui Luo <moonafterrain(a)outlook.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain(a)outlook.com> --- drivers/char/agp/uninorth-agp.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/char/agp/uninorth-agp.c b/drivers/char/agp/uninorth-agp.c index b8d7115b8c9e..4e0b949016f7 100644 --- a/drivers/char/agp/uninorth-agp.c +++ b/drivers/char/agp/uninorth-agp.c @@ -169,7 +169,9 @@ static int uninorth_insert_memory(struct agp_memory *mem, off_t pg_start, int ty temp = agp_bridge->current_size; num_entries = A_SIZE_32(temp)->num_entries; - if ((pg_start + mem->page_count) > num_entries) + if (pg_start < 0 || + (pg_start + mem->page_count) > num_entries || + (pg_start + mem->page_count) < pg_start) return -EINVAL; gp = (u32 *) &agp_bridge->gatt_table[pg_start]; @@ -200,6 +202,9 @@ static int uninorth_insert_memory(struct agp_memory *mem, off_t pg_start, int ty static int uninorth_remove_memory(struct agp_memory *mem, off_t pg_start, int type) { size_t i; + int num_entries; + void *temp; + u32 *gp; int mask_type; @@ -215,6 +220,14 @@ static int uninorth_remove_memory(struct agp_memory *mem, off_t pg_start, int ty if (mem->page_count == 0) return 0; + temp = agp_bridge->current_size; + num_entries = A_SIZE_32(temp)->num_entries; + + if (pg_start < 0 || + (pg_start + mem->page_count) > num_entries || + (pg_start + mem->page_count) < pg_start) + return -EINVAL; + gp = (u32 *) &agp_bridge->gatt_table[pg_start]; for (i = 0; i < mem->page_count; ++i) { gp[i] = scratch_value; -- 2.51.1.dirty

1 week

1
0
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102054-slacks-ambush-f774@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

1 week

2
1
0 0

[PATCH v2] leds: leds-lp50xx: enable chip before any communication

by Christian Hitz

From: Christian Hitz <christian.hitz(a)bbv.ch> If a GPIO is used to control the chip's enable pin, it needs to be pulled high before any i2c communication is attempted. Currently, the enable GPIO handling is not correct. Assume the enable GPIO is low when the probe function is entered. In this case the device is in SHUTDOWN mode and does not react to i2c commands. During probe the following sequence happens: 1. The call to lp50xx_reset() on line 548 has no effect as i2c is not possible yet. 2. Then - on line 552 - lp50xx_enable_disable() is called. As "priv->enable_gpio“ has not yet been initialized, setting the GPIO has no effect. Also the i2c enable command is not executed as the device is still in SHUTDOWN. 3. On line 556 the call to lp50xx_probe_dt() finally parses the rest of the DT and the configured priv->enable_gpio is set up. As a result the device is still in SHUTDOWN mode and not ready for operation. Split lp50xx_enable_disable() into distinct enable and disable functions to enforce correct ordering between enable_gpio manipulations and i2c commands. Read enable_gpio configuration from DT before attempting to manipulate enable_gpio. Add delays to observe correct wait timing after manipulating enable_gpio and before any i2c communication. Fixes: 242b81170fb8 ("leds: lp50xx: Add the LP50XX family of the RGB LED driver") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Hitz <christian.hitz(a)bbv.ch> --- Changes in v2: - Unconditionally reset in lp50xx_enable - Define magic numbers - Improve log message --- drivers/leds/leds-lp50xx.c | 55 +++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 15 deletions(-) diff --git a/drivers/leds/leds-lp50xx.c b/drivers/leds/leds-lp50xx.c index 94f8ef6b482c..d3485d814cf4 100644 --- a/drivers/leds/leds-lp50xx.c +++ b/drivers/leds/leds-lp50xx.c @@ -50,6 +50,12 @@ #define LP50XX_SW_RESET 0xff #define LP50XX_CHIP_EN BIT(6) +#define LP50XX_CHIP_DISABLE 0x00 +#define LP50XX_START_TIME_US 500 +#define LP50XX_RESET_TIME_US 3 + +#define LP50XX_EN_GPIO_LOW 0 +#define LP50XX_EN_GPIO_HIGH 1 /* There are 3 LED outputs per bank */ #define LP50XX_LEDS_PER_MODULE 3 @@ -371,19 +377,42 @@ static int lp50xx_reset(struct lp50xx *priv) return regmap_write(priv->regmap, priv->chip_info->reset_reg, LP50XX_SW_RESET); } -static int lp50xx_enable_disable(struct lp50xx *priv, int enable_disable) +static int lp50xx_enable(struct lp50xx *priv) { int ret; - ret = gpiod_direction_output(priv->enable_gpio, enable_disable); + if (priv->enable_gpio) { + ret = gpiod_direction_output(priv->enable_gpio, LP50XX_EN_GPIO_HIGH); + if (ret) + return ret; + + udelay(LP50XX_START_TIME_US); + } + + ret = lp50xx_reset(priv); if (ret) return ret; - if (enable_disable) - return regmap_write(priv->regmap, LP50XX_DEV_CFG0, LP50XX_CHIP_EN); - else - return regmap_write(priv->regmap, LP50XX_DEV_CFG0, 0); + return regmap_write(priv->regmap, LP50XX_DEV_CFG0, LP50XX_CHIP_EN); +} +static int lp50xx_disable(struct lp50xx *priv) +{ + int ret; + + ret = regmap_write(priv->regmap, LP50XX_DEV_CFG0, LP50XX_CHIP_DISABLE); + if (ret) + return ret; + + if (priv->enable_gpio) { + ret = gpiod_direction_output(priv->enable_gpio, LP50XX_EN_GPIO_LOW); + if (ret) + return ret; + + udelay(LP50XX_RESET_TIME_US); + } + + return 0; } static int lp50xx_probe_leds(struct fwnode_handle *child, struct lp50xx *priv, @@ -447,6 +476,10 @@ static int lp50xx_probe_dt(struct lp50xx *priv) return dev_err_probe(priv->dev, PTR_ERR(priv->enable_gpio), "Failed to get enable GPIO\n"); + ret = lp50xx_enable(priv); + if (ret) + return ret; + priv->regulator = devm_regulator_get(priv->dev, "vled"); if (IS_ERR(priv->regulator)) priv->regulator = NULL; @@ -547,14 +580,6 @@ static int lp50xx_probe(struct i2c_client *client) return ret; } - ret = lp50xx_reset(led); - if (ret) - return ret; - - ret = lp50xx_enable_disable(led, 1); - if (ret) - return ret; - return lp50xx_probe_dt(led); } @@ -563,7 +588,7 @@ static void lp50xx_remove(struct i2c_client *client) struct lp50xx *led = i2c_get_clientdata(client); int ret; - ret = lp50xx_enable_disable(led, 0); + ret = lp50xx_disable(led); if (ret) dev_err(led->dev, "Failed to disable chip\n"); -- 2.51.1

1 week

1
0
0 0

[PATCH] leds: leds-cros_ec: Skip LEDs without color components

by Thomas Weißschuh

A user reports that on their Lenovo Corsola Magneton with EC firmware steelix-15194.270.0 the driver probe fails with EINVAL. It turns out that the power LED does not contain any color components as indicated by the following "ectool led power query" output: Brightness range for LED 1: red : 0x0 green : 0x0 blue : 0x0 yellow : 0x0 white : 0x0 amber : 0x0 The LED also does not react to commands sent manually through ectool and is generally non-functional. Instead of failing the probe for all LEDs managed by the EC when one without color components is encountered, silently skip those. Fixes: 8d6ce6f3ec9d ("leds: Add ChromeOS EC driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- drivers/leds/leds-cros_ec.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/leds/leds-cros_ec.c b/drivers/leds/leds-cros_ec.c index 377cf04e202a..bea3cc3fbfd2 100644 --- a/drivers/leds/leds-cros_ec.c +++ b/drivers/leds/leds-cros_ec.c @@ -142,9 +142,6 @@ static int cros_ec_led_count_subleds(struct device *dev, } } - if (!num_subleds) - return -EINVAL; - *max_brightness = common_range; return num_subleds; } @@ -189,6 +186,8 @@ static int cros_ec_led_probe_one(struct device *dev, struct cros_ec_device *cros &priv->led_mc_cdev.led_cdev.max_brightness); if (num_subleds < 0) return num_subleds; + if (num_subleds == 0) + return 0; /* LED without any colors, skip */ priv->cros_ec = cros_ec; priv->led_id = id; --- base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787 change-id: 20251028-cros_ec-leds-no-colors-18eb8d1efa92 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 week

1
0
0 0

[PATCH] iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source

by Miaoqian Lin

When simple_write_to_buffer() succeeds, it returns the number of bytes actually copied to the buffer, which may be less than the requested 'count' if the buffer size is insufficient. However, the current code incorrectly uses 'count' as the index for null termination instead of the actual bytes copied, leading to out-of-bound write. Add a check for the count and use the return value as the index. Found via static analysis. This is similar to the commit da9374819eb3 ("iio: backend: fix out-of-bound write") Fixes: b1c5d68ea66e ("iio: dac: ad3552r-hs: add support for internal ramp") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/iio/dac/ad3552r-hs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iio/dac/ad3552r-hs.c b/drivers/iio/dac/ad3552r-hs.c index 41b96b48ba98..a9578afa7015 100644 --- a/drivers/iio/dac/ad3552r-hs.c +++ b/drivers/iio/dac/ad3552r-hs.c @@ -549,12 +549,15 @@ static ssize_t ad3552r_hs_write_data_source(struct file *f, guard(mutex)(&st->lock); + if (count >= sizeof(buf)) + return -ENOSPC; + ret = simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, userbuf, count); if (ret < 0) return ret; - buf[count] = '\0'; + buf[ret] = '\0'; ret = match_string(dbgfs_attr_source, ARRAY_SIZE(dbgfs_attr_source), buf); -- 2.39.5 (Apple Git-154)

1 week

5
12
0 0

[PATCH] drm/mediatek: fix device use-after-free on unbind

by Johan Hovold

A recent change fixed device reference leaks when looking up drm platform device driver data during bind() but failed to remove a partial fix which had been added by commit 80805b62ea5b ("drm/mediatek: Fix kobject put for component sub-drivers"). This results in a reference imbalance on component bind() failures and on unbind() which could lead to a user-after-free. Make sure to only drop the references after retrieving the driver data by effectively reverting the previous partial fix. Note that holding a reference to a device does not prevent its driver data from going away so there is no point in keeping the reference. Fixes: 1f403699c40f ("drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv") Reported-by: Sjoerd Simons <sjoerd(a)collabora.com> Link: https://lore.kernel.org/r/20251003-mtk-drm-refcount-v1-1-3b3f2813b0db@colla… Cc: stable(a)vger.kernel.org Cc: Ma Ke <make24(a)iscas.ac.cn> Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c index 384b0510272c..a94c51a83261 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c @@ -686,10 +686,6 @@ static int mtk_drm_bind(struct device *dev) for (i = 0; i < private->data->mmsys_dev_num; i++) private->all_drm_private[i]->drm = NULL; err_put_dev: - for (i = 0; i < private->data->mmsys_dev_num; i++) { - /* For device_find_child in mtk_drm_get_all_priv() */ - put_device(private->all_drm_private[i]->dev); - } put_device(private->mutex_dev); return ret; } @@ -697,18 +693,12 @@ static int mtk_drm_bind(struct device *dev) static void mtk_drm_unbind(struct device *dev) { struct mtk_drm_private *private = dev_get_drvdata(dev); - int i; /* for multi mmsys dev, unregister drm dev in mmsys master */ if (private->drm_master) { drm_dev_unregister(private->drm); mtk_drm_kms_deinit(private->drm); drm_dev_put(private->drm); - - for (i = 0; i < private->data->mmsys_dev_num; i++) { - /* For device_find_child in mtk_drm_get_all_priv() */ - put_device(private->all_drm_private[i]->dev); - } put_device(private->mutex_dev); } private->mtk_drm_bound = false; -- 2.49.1

1 week

6
6
0 0

[PATCH] drm/of: Fix device node reference leak in drm_of_panel_bridge_remove

by Miaoqian Lin

of_graph_get_remote_node() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed. Add of_node_put(remote) to fix the reference leak. Found via static analysis. Fixes: c70087e8f16f ("drm/drm_of: add drm_of_panel_bridge_remove function") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- include/drm/drm_of.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/drm/drm_of.h b/include/drm/drm_of.h index 7f0256dae3f1..5940b1cd542b 100644 --- a/include/drm/drm_of.h +++ b/include/drm/drm_of.h @@ -171,6 +171,7 @@ static inline int drm_of_panel_bridge_remove(const struct device_node *np, return -ENODEV; bridge = of_drm_find_bridge(remote); + of_node_put(remote); drm_panel_bridge_remove(bridge); return 0; -- 2.39.5 (Apple Git-154)

1 week

2
3
0 0

[PATCH] iio: accel: bmc150: Fix irq assumption regression

by Linus Walleij

The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like this if the device has no interrupts: Unable to handle kernel NULL pointer dereference at virtual address 00000001 when read CPU: 0 UID: 0 PID: 393 Comm: iio-sensor-prox Not tainted 6.18.0-rc1-postmarketos-stericsson-00001-g6b43386e3737 #73 PREEMPT Hardware name: ST-Ericsson Ux5x0 platform (Device Tree Support) PC is at bmc150_accel_set_interrupt+0x98/0x194 LR is at __pm_runtime_resume+0x5c/0x64 (...) Call trace: bmc150_accel_set_interrupt from bmc150_accel_buffer_postenable+0x40/0x108 bmc150_accel_buffer_postenable from __iio_update_buffers+0xbe0/0xcbc __iio_update_buffers from enable_store+0x84/0xc8 enable_store from kernfs_fop_write_iter+0x154/0x1b4 kernfs_fop_write_iter from do_iter_readv_writev+0x178/0x1e4 do_iter_readv_writev from vfs_writev+0x158/0x3f4 vfs_writev from do_writev+0x74/0xe4 do_writev from __sys_trace_return+0x0/0x10 This bug seems to have been in the driver since the beginning, but it only manifests recently, I do not know why. Cc: stable(a)vger.kernel.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/iio/accel/bmc150-accel-core.c | 5 +++++ drivers/iio/accel/bmc150-accel.h | 1 + 2 files changed, 6 insertions(+) diff --git a/drivers/iio/accel/bmc150-accel-core.c b/drivers/iio/accel/bmc150-accel-core.c index 3c5d1560b163..f4421a3b0ef2 100644 --- a/drivers/iio/accel/bmc150-accel-core.c +++ b/drivers/iio/accel/bmc150-accel-core.c @@ -523,6 +523,10 @@ static int bmc150_accel_set_interrupt(struct bmc150_accel_data *data, int i, const struct bmc150_accel_interrupt_info *info = intr->info; int ret; + /* We do not always have an IRQ */ + if (!data->has_irq) + return 0; + if (state) { if (atomic_inc_return(&intr->users) > 1) return 0; @@ -1696,6 +1700,7 @@ int bmc150_accel_core_probe(struct device *dev, struct regmap *regmap, int irq, } if (irq > 0) { + data->has_irq = true; ret = devm_request_threaded_irq(dev, irq, bmc150_accel_irq_handler, bmc150_accel_irq_thread_handler, diff --git a/drivers/iio/accel/bmc150-accel.h b/drivers/iio/accel/bmc150-accel.h index 7a7baf52e595..6e9bb69a1fd4 100644 --- a/drivers/iio/accel/bmc150-accel.h +++ b/drivers/iio/accel/bmc150-accel.h @@ -59,6 +59,7 @@ enum bmc150_accel_trigger_id { struct bmc150_accel_data { struct regmap *regmap; struct regulator_bulk_data regulators[2]; + bool has_irq; struct bmc150_accel_interrupt interrupts[BMC150_ACCEL_INTERRUPTS]; struct bmc150_accel_trigger triggers[BMC150_ACCEL_TRIGGERS]; struct mutex mutex; --- base-commit: 3a8660878839faadb4f1a6dd72c3179c1df56787 change-id: 20251027-fix-bmc150-7e568122b265 Best regards, -- Linus Walleij <linus.walleij(a)linaro.org>

1 week

2
4
0 0

[PATCH 5.10] ipv6: sr: Fix MAC comparison to be constant-time

by Andrey Troshin

From: Eric Biggers <ebiggers(a)kernel.org> commit a458b2902115b26a25d67393b12ddd57d1216aaa upstream. To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Reviewed-by: Andrea Mayer <andrea.mayer(a)uniroma2.it> Link: https://patch.msgid.link/20250818202724.15713-1-ebiggers@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Andrey Troshin: backport fix for 5.10] Signed-off-by: Andrey Troshin <drtrosh(a)yandex-team.ru> --- Backport fix for CVE-2025-39702 Link: https://nvd.nist.gov/vuln/detail/CVE-2025-39702 --- net/ipv6/seg6_hmac.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c index 4a3f7bb027ed..8bb7f94cba1e 100644 --- a/net/ipv6/seg6_hmac.c +++ b/net/ipv6/seg6_hmac.c @@ -35,6 +35,7 @@ #include <net/xfrm.h> #include <crypto/hash.h> +#include <crypto/algapi.h> #include <crypto/sha.h> #include <net/seg6.h> #include <net/genetlink.h> @@ -270,7 +271,7 @@ bool seg6_hmac_validate_skb(struct sk_buff *skb) if (seg6_hmac_compute(hinfo, srh, &ipv6_hdr(skb)->saddr, hmac_output)) return false; - if (memcmp(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN) != 0) + if (crypto_memneq(hmac_output, tlv->hmac, SEG6_HMAC_FIELD_LEN)) return false; return true; -- 2.34.1

1 week

1
0
0 0

[PATCH 2/2] ext4: fix string copying in parse_apply_sb_mount_options()

by Fedor Pchelkin

strscpy_pad() can't be used to copy a possibly non-NUL-term string into a NUL-term string. Commit 0efc5990bca5 ("string.h: Introduce memtostr() and memtostr_pad()") provides additional information in that regard. So if this happens, the following warning is observed: strnlen: detected buffer overflow: 65 byte read of buffer size 64 WARNING: CPU: 0 PID: 28655 at lib/string_helpers.c:1032 __fortify_report+0x96/0xc0 lib/string_helpers.c:1032 Modules linked in: CPU: 0 UID: 0 PID: 28655 Comm: syz-executor.3 Not tainted 6.12.54-syzkaller-00144-g5f0270f1ba00 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:__fortify_report+0x96/0xc0 lib/string_helpers.c:1032 Call Trace: <TASK> __fortify_panic+0x1f/0x30 lib/string_helpers.c:1039 strnlen include/linux/fortify-string.h:235 [inline] sized_strscpy include/linux/fortify-string.h:309 [inline] parse_apply_sb_mount_options fs/ext4/super.c:2504 [inline] __ext4_fill_super fs/ext4/super.c:5261 [inline] ext4_fill_super+0x3c35/0xad00 fs/ext4/super.c:5706 get_tree_bdev_flags+0x387/0x620 fs/super.c:1636 vfs_get_tree+0x93/0x380 fs/super.c:1814 do_new_mount fs/namespace.c:3553 [inline] path_mount+0x6ae/0x1f70 fs/namespace.c:3880 do_mount fs/namespace.c:3893 [inline] __do_sys_mount fs/namespace.c:4103 [inline] __se_sys_mount fs/namespace.c:4080 [inline] __x64_sys_mount+0x280/0x300 fs/namespace.c:4080 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x64/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e Since s_es->s_mount_opts might be non-NUL-term, annotate it with __nonstring and use the proper memtostr_pad() routine to get its NULL-term copy. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 8ecb790ea8c3 ("ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- fs/ext4/ext4.h | 2 +- fs/ext4/super.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 57087da6c7be..4c8698316457 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1429,7 +1429,7 @@ struct ext4_super_block { __le64 s_last_error_block; /* block involved of last error */ __u8 s_last_error_func[32] __nonstring; /* function where the error happened */ #define EXT4_S_ERR_END offsetof(struct ext4_super_block, s_mount_opts) - __u8 s_mount_opts[64]; + __u8 s_mount_opts[64] __nonstring; __le32 s_usr_quota_inum; /* inode for tracking user quota */ __le32 s_grp_quota_inum; /* inode for tracking group quota */ __le32 s_overhead_clusters; /* overhead blocks/clusters in fs */ diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 33e7c08c9529..57df129873e3 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2483,7 +2483,7 @@ static int parse_apply_sb_mount_options(struct super_block *sb, if (!sbi->s_es->s_mount_opts[0]) return 0; - strscpy_pad(s_mount_opts, sbi->s_es->s_mount_opts); + memtostr_pad(s_mount_opts, sbi->s_es->s_mount_opts); fc = kzalloc(sizeof(struct fs_context), GFP_KERNEL); if (!fc) -- 2.51.0

1 week

1
1
0 0

[PATCH] iommu/of: Fix device node reference leak in of_iommu_get_resv_regions

by Miaoqian Lin

In of_iommu_get_resv_regions(), of_find_node_by_phandle() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed. Add a call to of_node_put() to release the reference after the usage. Found via static analysis. Fixes: a5bf3cfce8cb ("iommu: Implement of_iommu_get_resv_regions()") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/iommu/of_iommu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/of_iommu.c b/drivers/iommu/of_iommu.c index 6b989a62def2..02448da8ff90 100644 --- a/drivers/iommu/of_iommu.c +++ b/drivers/iommu/of_iommu.c @@ -256,6 +256,7 @@ void of_iommu_get_resv_regions(struct device *dev, struct list_head *list) maps = of_translate_dma_region(np, maps, &iova, &length); if (length == 0) { dev_warn(dev, "Cannot reserve IOVA region of 0 size\n"); + of_node_put(np); continue; } type = iommu_resv_region_get_type(dev, &phys, iova, length); @@ -265,6 +266,7 @@ void of_iommu_get_resv_regions(struct device *dev, struct list_head *list) if (region) list_add_tail(&region->list, list); } + of_node_put(np); } } #endif -- 2.39.5 (Apple Git-154)

1 week

3
2
0 0

[PATCH AUTOSEL 6.17-6.1] spi: intel-pci: Add support for Intel Wildcat Lake SPI serial flash

by Sasha Levin

From: Mika Westerberg <mika.westerberg(a)linux.intel.com> [ Upstream commit f7e37affbc9085f2b77ccb6596521a44eabf7505 ] Add Intel Wildcat Lake SPI serial flash PCI ID to the list of supported devices. Signed-off-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Link: https://patch.msgid.link/20251020145415.3377022-4-mika.westerberg@linux.int… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## BACKPORT ANALYSIS COMPLETE **Backport Status: YES** --- ## DETAILED ANALYSIS ### 1. COMMIT CHARACTERIZATION **Type**: Hardware enablement (PCI device ID addition) **Code Changes**: - Single line addition to `drivers/spi/spi-intel-pci.c` - Adds PCI device ID `0x4d23` (Intel Wildcat Lake SPI serial flash) - Maps to existing `cnl_info` configuration structure - No behavioral changes to existing code paths ### 2. SEMANTIC CODE ANALYSIS FINDINGS #### Tools Used: - **Read**: Examined the complete file structure (drivers/spi/spi-intel- pci.c:68-99) - **Grep**: Located PCI device table usage and MODULE_DEVICE_TABLE macro - **Git analysis**: Reviewed commit history and backport precedents #### Impact Scope Analysis: - **Direct impact**: Only affects systems with PCI ID 0x4d23 (Wildcat Lake hardware) - **Caller analysis**: The PCI device table is used by the kernel's PCI subsystem for automatic device-driver matching - **Dependency analysis**: Uses `cnl_info` structure (drivers/spi/spi- intel-pci.c:38-41), which has existed since 2022 - **Risk assessment**: Zero risk to existing hardware - new entry only triggers on matching PCI ID ### 3. BACKPORT PRECEDENT (Strong Evidence) I found multiple similar commits that **WERE backported** to stable trees: **Example 1 - Lunar Lake-M** (commit ec33549be99fe): ``` commit ec33549be99fe25c6927c8b3d6ed13918b27656e Author: Mika Westerberg <mika.westerberg(a)linux.intel.com> Commit: Sasha Levin <sashal(a)kernel.org> [STABLE MAINTAINER] spi: intel-pci: Add support for Lunar Lake-M SPI serial flash [ Upstream commit 8f44e3808200c1434c26ef459722f88f48b306df ] ``` **Example 2 - Granite Rapids** (commit 60446b5e74865): ``` commit 60446b5e74865acff1af5f2d89d99551c8e6e2c1 Author: Mika Westerberg <mika.westerberg(a)linux.intel.com> Commit: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [STABLE MAINTAINER] spi: intel-pci: Add support for Granite Rapids SPI serial flash [ Upstream commit 9855d60cfc720ff32355484c119acafd3c4dc806 ] ``` **Key Finding**: Both commits were backported to stable trees by stable maintainers (Sasha Levin, Greg Kroah-Hartman) **despite having NO explicit stable tags** in the original commits. ### 4. STABLE TREE COMPLIANCE **Positive Factors**: - ✅ Fixes a real user problem (Wildcat Lake users cannot access SPI flash on stable kernels) - ✅ Extremely low risk (single line, static table entry) - ✅ No architectural changes - ✅ No dependencies on unreleased features - ✅ Follows established backporting pattern for PCI ID additions - ✅ "Obviously correct" - uses tested configuration from 20+ other Intel platforms **Considerations**: - ⚠️ Technically a "new feature" (new hardware support) - ✅ However, PCI ID additions are a **special exception** routinely accepted by stable maintainers - ✅ Hardware enablement is considered "fixing" missing support for existing hardware ### 5. DEPENDENCY VERIFICATION - **cnl_info structure**: Present since 2022, exists in all stable kernels that would receive this backport - **PCI_VDEVICE macro**: Standard kernel infrastructure - **intel_spi_probe()**: Core function, no recent changes that would conflict - **Clean backport**: No conflicts expected with any stable kernel version ### 6. RISK ANALYSIS **Regression Risk**: **MINIMAL** - Only triggered when PCI ID 0x4d23 is detected - No effect on systems without Wildcat Lake hardware - Uses well-tested code path (cnl_info shared with 20+ other platforms) - No user-space API changes **Testing Coverage**: - Same code path used by numerous Intel platforms (Ice Lake, Tiger Lake, Alder Lake, etc.) - Configuration structure (cnl_info) battle-tested across multiple generations ### 7. COMMIT MESSAGE ANALYSIS The commit message is: - ✅ Clear and descriptive - ✅ Identifies specific hardware (Intel Wildcat Lake) - ✅ Consistent with previous similar commits - ❌ No "Fixes:" tag (not applicable - this is new hardware support) - ❌ No "Cc: stable(a)vger.kernel.org" tag (but precedent shows this doesn't prevent backporting) --- ## RECOMMENDATION **YES - This commit SHOULD be backported to stable kernel trees** ### Rationale: 1. **Strong precedent**: Multiple similar PCI ID additions for Intel platforms (Lunar Lake, Granite Rapids, Arrow Lake) have been backported to stable trees by stable maintainers 2. **User benefit**: Enables critical SPI flash functionality for Wildcat Lake hardware owners running stable kernels 3. **Minimal risk**: Single-line change to static table with no impact on existing hardware 4. **Well-established pattern**: PCI ID additions for hardware enablement are routinely accepted for stable backports as they "fix" missing hardware support 5. **Clean backport**: No dependencies or conflicts expected ### Target Stable Trees: - All currently maintained stable kernels (6.17.x, 6.16.x, 6.15.x, etc.) - The commit is from v6.18-rc3, so it would benefit users on any stable kernel before 6.18 drivers/spi/spi-intel-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/spi/spi-intel-pci.c b/drivers/spi/spi-intel-pci.c index 4b63cb98df9cc..4bb158a23349e 100644 --- a/drivers/spi/spi-intel-pci.c +++ b/drivers/spi/spi-intel-pci.c @@ -75,6 +75,7 @@ static const struct pci_device_id intel_spi_pci_ids[] = { { PCI_VDEVICE(INTEL, 0x38a4), (unsigned long)&bxt_info }, { PCI_VDEVICE(INTEL, 0x43a4), (unsigned long)&cnl_info }, { PCI_VDEVICE(INTEL, 0x4b24), (unsigned long)&bxt_info }, + { PCI_VDEVICE(INTEL, 0x4d23), (unsigned long)&cnl_info }, { PCI_VDEVICE(INTEL, 0x4da4), (unsigned long)&bxt_info }, { PCI_VDEVICE(INTEL, 0x51a4), (unsigned long)&cnl_info }, { PCI_VDEVICE(INTEL, 0x54a4), (unsigned long)&cnl_info }, -- 2.51.0

1 week

1
8
0 0

[PATCH] net: phy: motorcomm: Fix the issue in the code regarding the incorrect use of time units

by Yi Cong

From: Yi Cong <yicong(a)kylinos.cn> Currently, NS (nanoseconds) is being used, but according to the datasheet, the correct unit should be PS (picoseconds). Fixes: 4869a146cd60 ("net: phy: Add BIT macro for Motorcomm yt8521/yt8531 gigabit ethernet phy") Cc: stable(a)vger.kernel.org Signed-off-by: Yi Cong <yicong(a)kylinos.cn> --- drivers/net/phy/motorcomm.c | 102 ++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/drivers/net/phy/motorcomm.c b/drivers/net/phy/motorcomm.c index a3593e663059..81491c71e75b 100644 --- a/drivers/net/phy/motorcomm.c +++ b/drivers/net/phy/motorcomm.c @@ -171,7 +171,7 @@ * 1b1 enable 1.9ns rxc clock delay */ #define YT8521_CCR_RXC_DLY_EN BIT(8) -#define YT8521_CCR_RXC_DLY_1_900_NS 1900 +#define YT8521_CCR_RXC_DLY_1_900_PS 1900 #define YT8521_CCR_MODE_SEL_MASK (BIT(2) | BIT(1) | BIT(0)) #define YT8521_CCR_MODE_UTP_TO_RGMII 0 @@ -196,22 +196,22 @@ #define YT8521_RC1R_RX_DELAY_MASK GENMASK(13, 10) #define YT8521_RC1R_FE_TX_DELAY_MASK GENMASK(7, 4) #define YT8521_RC1R_GE_TX_DELAY_MASK GENMASK(3, 0) -#define YT8521_RC1R_RGMII_0_000_NS 0 -#define YT8521_RC1R_RGMII_0_150_NS 1 -#define YT8521_RC1R_RGMII_0_300_NS 2 -#define YT8521_RC1R_RGMII_0_450_NS 3 -#define YT8521_RC1R_RGMII_0_600_NS 4 -#define YT8521_RC1R_RGMII_0_750_NS 5 -#define YT8521_RC1R_RGMII_0_900_NS 6 -#define YT8521_RC1R_RGMII_1_050_NS 7 -#define YT8521_RC1R_RGMII_1_200_NS 8 -#define YT8521_RC1R_RGMII_1_350_NS 9 -#define YT8521_RC1R_RGMII_1_500_NS 10 -#define YT8521_RC1R_RGMII_1_650_NS 11 -#define YT8521_RC1R_RGMII_1_800_NS 12 -#define YT8521_RC1R_RGMII_1_950_NS 13 -#define YT8521_RC1R_RGMII_2_100_NS 14 -#define YT8521_RC1R_RGMII_2_250_NS 15 +#define YT8521_RC1R_RGMII_0_000_PS 0 +#define YT8521_RC1R_RGMII_0_150_PS 1 +#define YT8521_RC1R_RGMII_0_300_PS 2 +#define YT8521_RC1R_RGMII_0_450_PS 3 +#define YT8521_RC1R_RGMII_0_600_PS 4 +#define YT8521_RC1R_RGMII_0_750_PS 5 +#define YT8521_RC1R_RGMII_0_900_PS 6 +#define YT8521_RC1R_RGMII_1_050_PS 7 +#define YT8521_RC1R_RGMII_1_200_PS 8 +#define YT8521_RC1R_RGMII_1_350_PS 9 +#define YT8521_RC1R_RGMII_1_500_PS 10 +#define YT8521_RC1R_RGMII_1_650_PS 11 +#define YT8521_RC1R_RGMII_1_800_PS 12 +#define YT8521_RC1R_RGMII_1_950_PS 13 +#define YT8521_RC1R_RGMII_2_100_PS 14 +#define YT8521_RC1R_RGMII_2_250_PS 15 /* LED CONFIG */ #define YT8521_MAX_LEDS 3 @@ -800,40 +800,40 @@ struct ytphy_cfg_reg_map { static const struct ytphy_cfg_reg_map ytphy_rgmii_delays[] = { /* for tx delay / rx delay with YT8521_CCR_RXC_DLY_EN is not set. */ - { 0, YT8521_RC1R_RGMII_0_000_NS }, - { 150, YT8521_RC1R_RGMII_0_150_NS }, - { 300, YT8521_RC1R_RGMII_0_300_NS }, - { 450, YT8521_RC1R_RGMII_0_450_NS }, - { 600, YT8521_RC1R_RGMII_0_600_NS }, - { 750, YT8521_RC1R_RGMII_0_750_NS }, - { 900, YT8521_RC1R_RGMII_0_900_NS }, - { 1050, YT8521_RC1R_RGMII_1_050_NS }, - { 1200, YT8521_RC1R_RGMII_1_200_NS }, - { 1350, YT8521_RC1R_RGMII_1_350_NS }, - { 1500, YT8521_RC1R_RGMII_1_500_NS }, - { 1650, YT8521_RC1R_RGMII_1_650_NS }, - { 1800, YT8521_RC1R_RGMII_1_800_NS }, - { 1950, YT8521_RC1R_RGMII_1_950_NS }, /* default tx/rx delay */ - { 2100, YT8521_RC1R_RGMII_2_100_NS }, - { 2250, YT8521_RC1R_RGMII_2_250_NS }, + { 0, YT8521_RC1R_RGMII_0_000_PS }, + { 150, YT8521_RC1R_RGMII_0_150_PS }, + { 300, YT8521_RC1R_RGMII_0_300_PS }, + { 450, YT8521_RC1R_RGMII_0_450_PS }, + { 600, YT8521_RC1R_RGMII_0_600_PS }, + { 750, YT8521_RC1R_RGMII_0_750_PS }, + { 900, YT8521_RC1R_RGMII_0_900_PS }, + { 1050, YT8521_RC1R_RGMII_1_050_PS }, + { 1200, YT8521_RC1R_RGMII_1_200_PS }, + { 1350, YT8521_RC1R_RGMII_1_350_PS }, + { 1500, YT8521_RC1R_RGMII_1_500_PS }, + { 1650, YT8521_RC1R_RGMII_1_650_PS }, + { 1800, YT8521_RC1R_RGMII_1_800_PS }, + { 1950, YT8521_RC1R_RGMII_1_950_PS }, /* default tx/rx delay */ + { 2100, YT8521_RC1R_RGMII_2_100_PS }, + { 2250, YT8521_RC1R_RGMII_2_250_PS }, /* only for rx delay with YT8521_CCR_RXC_DLY_EN is set. */ - { 0 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_000_NS }, - { 150 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_150_NS }, - { 300 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_300_NS }, - { 450 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_450_NS }, - { 600 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_600_NS }, - { 750 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_750_NS }, - { 900 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_900_NS }, - { 1050 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_050_NS }, - { 1200 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_200_NS }, - { 1350 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_350_NS }, - { 1500 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_500_NS }, - { 1650 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_650_NS }, - { 1800 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_800_NS }, - { 1950 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_950_NS }, - { 2100 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_2_100_NS }, - { 2250 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_2_250_NS } + { 0 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_000_PS }, + { 150 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_150_PS }, + { 300 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_300_PS }, + { 450 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_450_PS }, + { 600 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_600_PS }, + { 750 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_750_PS }, + { 900 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_900_PS }, + { 1050 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_050_PS }, + { 1200 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_200_PS }, + { 1350 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_350_PS }, + { 1500 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_500_PS }, + { 1650 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_650_PS }, + { 1800 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_800_PS }, + { 1950 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_950_PS }, + { 2100 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_2_100_PS }, + { 2250 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_2_250_PS } }; static u32 ytphy_get_delay_reg_value(struct phy_device *phydev, @@ -890,10 +890,10 @@ static int ytphy_rgmii_clk_delay_config(struct phy_device *phydev) rx_reg = ytphy_get_delay_reg_value(phydev, "rx-internal-delay-ps", ytphy_rgmii_delays, tb_size, &rxc_dly_en, - YT8521_RC1R_RGMII_1_950_NS); + YT8521_RC1R_RGMII_1_950_PS); tx_reg = ytphy_get_delay_reg_value(phydev, "tx-internal-delay-ps", ytphy_rgmii_delays, tb_size, NULL, - YT8521_RC1R_RGMII_1_950_NS); + YT8521_RC1R_RGMII_1_950_PS); switch (phydev->interface) { case PHY_INTERFACE_MODE_RGMII: -- 2.25.1

1 week

3
5
0 0

[PATCH] thermal: thermal_of: Fix device node reference leak in thermal_of_cm_lookup

by Miaoqian Lin

In thermal_of_cm_lookup(), of_parse_phandle() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed. Add of_node_put(tr_np) to fix the reference leaks. Found via static analysis. Fixes: 3fd6d6e2b4e8 ("thermal/of: Rework the thermal device tree initialization") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/thermal/thermal_of.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index 1a51a4d240ff..2bb1b8e471cf 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -284,8 +284,11 @@ static bool thermal_of_cm_lookup(struct device_node *cm_np, int count, i; tr_np = of_parse_phandle(child, "trip", 0); - if (tr_np != trip->priv) + if (tr_np != trip->priv) { + of_node_put(tr_np); continue; + } + of_node_put(tr_np); /* The trip has been found, look up the cdev. */ count = of_count_phandle_with_args(child, "cooling-device", -- 2.39.5 (Apple Git-154)

1 week

2
1
0 0

[PATCH] gcov: Add support for GCC 15

by Peter Oberparleiter

Using gcov on kernels compiled with GCC 15 results in truncated 16-byte long .gcda files with no usable data. To fix this, update GCOV_COUNTERS to match the value defined by GCC 15. Tested with GCC 14.3.0 and GCC 15.2.0. Reported-by: Matthieu Baerts <matttbe(a)kernel.org> Closes: https://github.com/linux-test-project/lcov/issues/445 Tested-by: Matthieu Baerts <matttbe(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> --- kernel/gcov/gcc_4_7.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/gcov/gcc_4_7.c b/kernel/gcov/gcc_4_7.c index a08cc076f332..ffde93d051a4 100644 --- a/kernel/gcov/gcc_4_7.c +++ b/kernel/gcov/gcc_4_7.c @@ -18,7 +18,9 @@ #include <linux/mm.h> #include "gcov.h" -#if (__GNUC__ >= 14) +#if (__GNUC__ >= 15) +#define GCOV_COUNTERS 10 +#elif (__GNUC__ >= 14) #define GCOV_COUNTERS 9 #elif (__GNUC__ >= 10) #define GCOV_COUNTERS 8 -- 2.48.1

1 week

1
0
0 0

[PATCH 05/25] media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format()

by Hans de Goede

The 2 argument version of v4l2_subdev_state_get_format() takes the pad as second argument, not the stream. Fixes: bc0e8d91feec ("media: v4l: subdev: Switch to stream-aware state functions") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- Note the problem pre-exists the Fixes: commit but backporting further will require manual backports and seems unnecessary. --- drivers/media/i2c/ov01a10.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/i2c/ov01a10.c b/drivers/media/i2c/ov01a10.c index f92867f542f0..0405ec7c75fd 100644 --- a/drivers/media/i2c/ov01a10.c +++ b/drivers/media/i2c/ov01a10.c @@ -731,7 +731,7 @@ static int ov01a10_set_format(struct v4l2_subdev *sd, h_blank); } - format = v4l2_subdev_state_get_format(sd_state, fmt->stream); + format = v4l2_subdev_state_get_format(sd_state, fmt->pad); *format = fmt->format; return 0; -- 2.51.0

1 week

2
1
0 0

[PATCH 04/25] media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls

by Hans de Goede

Add missing v4l2_subdev_cleanup() calls to cleanup after v4l2_subdev_init_finalize(). Fixes: 0827b58dabff ("media: i2c: add ov01a10 image sensor driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- drivers/media/i2c/ov01a10.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/i2c/ov01a10.c b/drivers/media/i2c/ov01a10.c index 95d6a0f046a0..f92867f542f0 100644 --- a/drivers/media/i2c/ov01a10.c +++ b/drivers/media/i2c/ov01a10.c @@ -864,6 +864,7 @@ static void ov01a10_remove(struct i2c_client *client) struct v4l2_subdev *sd = i2c_get_clientdata(client); v4l2_async_unregister_subdev(sd); + v4l2_subdev_cleanup(sd); media_entity_cleanup(&sd->entity); v4l2_ctrl_handler_free(sd->ctrl_handler); @@ -934,6 +935,7 @@ static int ov01a10_probe(struct i2c_client *client) err_pm_disable: pm_runtime_disable(dev); pm_runtime_set_suspended(&client->dev); + v4l2_subdev_cleanup(&ov01a10->sd); err_media_entity_cleanup: media_entity_cleanup(&ov01a10->sd.entity); -- 2.51.0

1 week

3
3
0 0

[PATCH wireless v4 1/4] wifi: cfg80211: add an hrtimer based delayed work item

by Miri Korenblit

From: Benjamin Berg <benjamin.berg(a)intel.com> The normal timer mechanism assume that timeout further in the future need a lower accuracy. As an example, the granularity for a timer scheduled 4096 ms in the future on a 1000 Hz system is already 512 ms. This granularity is perfectly sufficient for e.g. timeouts, but there are other types of events that will happen at a future point in time and require a higher accuracy. Add a new wiphy_hrtimer_work type that uses an hrtimer internally. The API is almost identical to the existing wiphy_delayed_work and it can be used as a drop-in replacement after minor adjustments. The work will be scheduled relative to the current time with a slack of 1 millisecond. CC: stable(a)vger.kernel.org # 6.4+ Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com> Reviewed-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> --- include/net/cfg80211.h | 78 ++++++++++++++++++++++++++++++++++++++++++ net/wireless/core.c | 56 ++++++++++++++++++++++++++++++ net/wireless/trace.h | 21 ++++++++++++ 3 files changed, 155 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 781624f5913a..820e299f06b5 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -6435,6 +6435,11 @@ static inline void wiphy_delayed_work_init(struct wiphy_delayed_work *dwork, * after wiphy_lock() was called. Therefore, wiphy_cancel_work() can * use just cancel_work() instead of cancel_work_sync(), it requires * being in a section protected by wiphy_lock(). + * + * Note that these are scheduled with a timer where the accuracy + * becomes less the longer in the future the scheduled timer is. Use + * wiphy_hrtimer_work_queue() if the timer must be not be late by more + * than approximately 10 percent. */ void wiphy_delayed_work_queue(struct wiphy *wiphy, struct wiphy_delayed_work *dwork, @@ -6506,6 +6511,79 @@ void wiphy_delayed_work_flush(struct wiphy *wiphy, bool wiphy_delayed_work_pending(struct wiphy *wiphy, struct wiphy_delayed_work *dwork); +struct wiphy_hrtimer_work { + struct wiphy_work work; + struct wiphy *wiphy; + struct hrtimer timer; +}; + +enum hrtimer_restart wiphy_hrtimer_work_timer(struct hrtimer *t); + +static inline void wiphy_hrtimer_work_init(struct wiphy_hrtimer_work *hrwork, + wiphy_work_func_t func) +{ + hrtimer_setup(&hrwork->timer, wiphy_hrtimer_work_timer, + CLOCK_BOOTTIME, HRTIMER_MODE_REL); + wiphy_work_init(&hrwork->work, func); +} + +/** + * wiphy_hrtimer_work_queue - queue hrtimer work for the wiphy + * @wiphy: the wiphy to queue for + * @hrwork: the high resolution timer worker + * @delay: the delay given as a ktime_t + * + * Please refer to wiphy_delayed_work_queue(). The difference is that + * the hrtimer work uses a high resolution timer for scheduling. This + * may be needed if timeouts might be scheduled further in the future + * and the accuracy of the normal timer is not sufficient. + * + * Expect a delay of a few milliseconds as the timer is scheduled + * with some slack and some more time may pass between queueing the + * work and its start. + */ +void wiphy_hrtimer_work_queue(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork, + ktime_t delay); + +/** + * wiphy_hrtimer_work_cancel - cancel previously queued hrtimer work + * @wiphy: the wiphy, for debug purposes + * @hrtimer: the hrtimer work to cancel + * + * Cancel the work *without* waiting for it, this assumes being + * called under the wiphy mutex acquired by wiphy_lock(). + */ +void wiphy_hrtimer_work_cancel(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrtimer); + +/** + * wiphy_hrtimer_work_flush - flush previously queued hrtimer work + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work to flush + * + * Flush the work (i.e. run it if pending). This must be called + * under the wiphy mutex acquired by wiphy_lock(). + */ +void wiphy_hrtimer_work_flush(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork); + +/** + * wiphy_hrtimer_work_pending - Find out whether a wiphy hrtimer + * work item is currently pending. + * + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work in question + * + * Return: true if timer is pending, false otherwise + * + * Please refer to the wiphy_delayed_work_pending() documentation as + * this is the equivalent function for hrtimer based delayed work + * items. + */ +bool wiphy_hrtimer_work_pending(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork); + /** * enum ieee80211_ap_reg_power - regulatory power for an Access Point * diff --git a/net/wireless/core.c b/net/wireless/core.c index 797f9f2004a6..54a34d8d356e 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -1787,6 +1787,62 @@ bool wiphy_delayed_work_pending(struct wiphy *wiphy, } EXPORT_SYMBOL_GPL(wiphy_delayed_work_pending); +enum hrtimer_restart wiphy_hrtimer_work_timer(struct hrtimer *t) +{ + struct wiphy_hrtimer_work *hrwork = + container_of(t, struct wiphy_hrtimer_work, timer); + + wiphy_work_queue(hrwork->wiphy, &hrwork->work); + + return HRTIMER_NORESTART; +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_timer); + +void wiphy_hrtimer_work_queue(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork, + ktime_t delay) +{ + trace_wiphy_hrtimer_work_queue(wiphy, &hrwork->work, delay); + + if (!delay) { + hrtimer_cancel(&hrwork->timer); + wiphy_work_queue(wiphy, &hrwork->work); + return; + } + + hrwork->wiphy = wiphy; + hrtimer_start_range_ns(&hrwork->timer, delay, + 1000 * NSEC_PER_USEC, HRTIMER_MODE_REL); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_queue); + +void wiphy_hrtimer_work_cancel(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + lockdep_assert_held(&wiphy->mtx); + + hrtimer_cancel(&hrwork->timer); + wiphy_work_cancel(wiphy, &hrwork->work); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_cancel); + +void wiphy_hrtimer_work_flush(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + lockdep_assert_held(&wiphy->mtx); + + hrtimer_cancel(&hrwork->timer); + wiphy_work_flush(wiphy, &hrwork->work); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_flush); + +bool wiphy_hrtimer_work_pending(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + return hrtimer_is_queued(&hrwork->timer); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_pending); + static int __init cfg80211_init(void) { int err; diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 8a4c34112eb5..2b71f1d867a0 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -304,6 +304,27 @@ TRACE_EVENT(wiphy_delayed_work_queue, __entry->delay) ); +TRACE_EVENT(wiphy_hrtimer_work_queue, + TP_PROTO(struct wiphy *wiphy, struct wiphy_work *work, + ktime_t delay), + TP_ARGS(wiphy, work, delay), + TP_STRUCT__entry( + WIPHY_ENTRY + __field(void *, instance) + __field(void *, func) + __field(ktime_t, delay) + ), + TP_fast_assign( + WIPHY_ASSIGN; + __entry->instance = work; + __entry->func = work->func; + __entry->delay = delay; + ), + TP_printk(WIPHY_PR_FMT " instance=%p func=%pS delay=%llu", + WIPHY_PR_ARG, __entry->instance, __entry->func, + __entry->delay) +); + TRACE_EVENT(wiphy_work_worker_start, TP_PROTO(struct wiphy *wiphy), TP_ARGS(wiphy), -- 2.34.1

1 week

1
0
0 0

[PATCH] phy: ti: omap-usb2: Fix device node reference leak in omap_usb2_probe

by Miaoqian Lin

In omap_usb2_probe(), of_parse_phandle() returns a device node with its reference count incremented. The caller is responsible for releasing this reference when the node is no longer needed. Add of_node_put(control_node) after usage to fix the reference leak. Found via static analysis. Fixes: 478b6c7436c2 ("usb: phy: omap-usb2: Don't use omap_get_control_dev()") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/phy/ti/phy-omap-usb2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/ti/phy-omap-usb2.c b/drivers/phy/ti/phy-omap-usb2.c index 1eb252604441..660df3181e4f 100644 --- a/drivers/phy/ti/phy-omap-usb2.c +++ b/drivers/phy/ti/phy-omap-usb2.c @@ -426,6 +426,7 @@ static int omap_usb2_probe(struct platform_device *pdev) } control_pdev = of_find_device_by_node(control_node); + of_node_put(control_node); if (!control_pdev) { dev_err(&pdev->dev, "Failed to get control device\n"); return -EINVAL; -- 2.39.5 (Apple Git-154)

1 week

2
1
0 0

[PATCH v2 1/2] media: mediatek: mdp: fix device leak on probe

by Johan Hovold

Make sure to drop the reference taken when looking up the VPU firmware device during probe on probe failure (e.g. probe deferral) and on driver unbind. Fixes: c8eb2d7e8202 ("[media] media: Add Mediatek MDP Driver") Cc: stable(a)vger.kernel.org # 4.10 Cc: Minghsiu Tsai <minghsiu.tsai(a)mediatek.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/media/platform/mediatek/mdp/mtk_mdp_core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/media/platform/mediatek/mdp/mtk_mdp_core.c b/drivers/media/platform/mediatek/mdp/mtk_mdp_core.c index 80fdc6ff57e0..5c7dcf4090f4 100644 --- a/drivers/media/platform/mediatek/mdp/mtk_mdp_core.c +++ b/drivers/media/platform/mediatek/mdp/mtk_mdp_core.c @@ -198,7 +198,7 @@ static int mtk_mdp_probe(struct platform_device *pdev) VPU_RST_MDP); if (ret) { dev_err(&pdev->dev, "Failed to register reset handler\n"); - goto err_m2m_register; + goto err_put_vpu; } platform_set_drvdata(pdev, mdp); @@ -206,7 +206,7 @@ static int mtk_mdp_probe(struct platform_device *pdev) ret = vb2_dma_contig_set_max_seg_size(&pdev->dev, DMA_BIT_MASK(32)); if (ret) { dev_err(&pdev->dev, "Failed to set vb2 dma mag seg size\n"); - goto err_m2m_register; + goto err_put_vpu; } pm_runtime_enable(dev); @@ -214,6 +214,8 @@ static int mtk_mdp_probe(struct platform_device *pdev) return 0; +err_put_vpu: + put_device(&mdp->vpu_dev->dev); err_m2m_register: v4l2_device_unregister(&mdp->v4l2_dev); @@ -241,6 +243,7 @@ static void mtk_mdp_remove(struct platform_device *pdev) struct mtk_mdp_comp *comp, *comp_temp; pm_runtime_disable(&pdev->dev); + put_device(&mdp->vpu_dev->dev); vb2_dma_contig_clear_max_seg_size(&pdev->dev); mtk_mdp_unregister_m2m_device(mdp); v4l2_device_unregister(&mdp->v4l2_dev); -- 2.51.0

1 week

1
0
0 0

[PATCH] drm/meson: Fix reference count leak in meson_encoder_dsi_probe

by Miaoqian Lin

The of_graph_get_remote_node() function returns a device node with its reference count incremented. The caller is responsible for calling of_node_put() to release this reference when done. Fixes: 42dcf15f901c ("drm/meson: add DSI encoder") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/meson/meson_encoder_dsi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/meson/meson_encoder_dsi.c b/drivers/gpu/drm/meson/meson_encoder_dsi.c index 6c6624f9ba24..01edf46e30d0 100644 --- a/drivers/gpu/drm/meson/meson_encoder_dsi.c +++ b/drivers/gpu/drm/meson/meson_encoder_dsi.c @@ -121,6 +121,7 @@ int meson_encoder_dsi_probe(struct meson_drm *priv) } meson_encoder_dsi->next_bridge = of_drm_find_bridge(remote); + of_node_put(remote); if (!meson_encoder_dsi->next_bridge) return dev_err_probe(priv->dev, -EPROBE_DEFER, "Failed to find DSI transceiver bridge\n"); -- 2.39.5 (Apple Git-154)

1 week

2
1
0 0

[PATCH] soc: samsung: exynos-pmu: fix reference count leak in exynos_get_pmu_regmap_by_phandle

by Miaoqian Lin

The driver_find_device_by_of_node() function calls driver_find_device and returns a device with its reference count incremented. Add the missing put_device() call to release this reference after the device is used. Found via static analysis. Fixes: 0b7c6075022c ("soc: samsung: exynos-pmu: Add regmap support for SoCs that protect PMU regs") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/soc/samsung/exynos-pmu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/soc/samsung/exynos-pmu.c b/drivers/soc/samsung/exynos-pmu.c index 22c50ca2aa79..a53c1f882e1a 100644 --- a/drivers/soc/samsung/exynos-pmu.c +++ b/drivers/soc/samsung/exynos-pmu.c @@ -346,6 +346,7 @@ struct regmap *exynos_get_pmu_regmap_by_phandle(struct device_node *np, if (!dev) return ERR_PTR(-EPROBE_DEFER); + put_device(dev); return syscon_node_to_regmap(pmu_np); } EXPORT_SYMBOL_GPL(exynos_get_pmu_regmap_by_phandle); -- 2.39.5 (Apple Git-154)

1 week

3
2
0 0

Hello

by Eric

1 week

1
0
0 0

[PATCH] cpufreq: nforce2: fix reference count leak in nforce2

by Miaoqian Lin

There are two reference count leaks in this driver: 1. In nforce2_fsb_read(): pci_get_subsys() increases the reference count of the PCI device, but pci_dev_put() is never called to release it, thus leaking the reference. 2. In nforce2_detect_chipset(): pci_get_subsys() gets a reference to the nforce2_dev which is stored in a global variable, but the reference is never released when the module is unloaded. Fix both by: - Adding pci_dev_put(nforce2_sub5) in nforce2_fsb_read() after reading the configuration. - Adding pci_dev_put(nforce2_dev) in nforce2_exit() to release the global device reference. Found via static analysis. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/cpufreq/cpufreq-nforce2.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/cpufreq/cpufreq-nforce2.c b/drivers/cpufreq/cpufreq-nforce2.c index fedad1081973..fbbbe501cf2d 100644 --- a/drivers/cpufreq/cpufreq-nforce2.c +++ b/drivers/cpufreq/cpufreq-nforce2.c @@ -145,6 +145,8 @@ static unsigned int nforce2_fsb_read(int bootfsb) pci_read_config_dword(nforce2_sub5, NFORCE2_BOOTFSB, &fsb); fsb /= 1000000; + pci_dev_put(nforce2_sub5); + /* Check if PLL register is already set */ pci_read_config_byte(nforce2_dev, NFORCE2_PLLENABLE, (u8 *)&temp); @@ -426,6 +428,7 @@ static int __init nforce2_init(void) static void __exit nforce2_exit(void) { cpufreq_unregister_driver(&nforce2_driver); + pci_dev_put(nforce2_dev); } module_init(nforce2_init); -- 2.39.5 (Apple Git-154)

1 week

2
1
0 0

[PATCH] mfd: altera-sysmgr: Fix device reference leak in altr_sysmgr_regmap_lookup_by_phandle

by Miaoqian Lin

driver_find_device_by_of_node() calls driver_find_device(), which calls get_device(). get_device() increments the device's reference count, so driver_find_device_by_of_node() returns a device with its reference count incremented. We need to release this reference after usage to avoid a reference leak. Add put_device(dev) after dev_get_drvdata() to fix the reference leak. Found via static analysis. Fixes: f36e789a1f8d ("mfd: altera-sysmgr: Add SOCFPGA System Manager") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/mfd/altera-sysmgr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mfd/altera-sysmgr.c b/drivers/mfd/altera-sysmgr.c index fb5f988e61f3..cb66b2fff536 100644 --- a/drivers/mfd/altera-sysmgr.c +++ b/drivers/mfd/altera-sysmgr.c @@ -116,6 +116,7 @@ struct regmap *altr_sysmgr_regmap_lookup_by_phandle(struct device_node *np, return ERR_PTR(-EPROBE_DEFER); sysmgr = dev_get_drvdata(dev); + put_device(dev); return sysmgr->regmap; } -- 2.39.5 (Apple Git-154)

1 week, 1 day

1
0
0 0

[PATCH v2] f2fs: invalidate dentry cache on failed whiteout creation

by Deepanshu Kartikey

F2FS can mount filesystems with corrupted directory depth values that get runtime-clamped to MAX_DIR_HASH_DEPTH. When RENAME_WHITEOUT operations are performed on such directories, f2fs_rename performs directory modifications (updating target entry and deleting source entry) before attempting to add the whiteout entry via f2fs_add_link. If f2fs_add_link fails due to the corrupted directory structure, the function returns an error to VFS, but the partial directory modifications have already been committed to disk. VFS assumes the entire rename operation failed and does not update the dentry cache, leaving stale mappings. In the error path, VFS does not call d_move() to update the dentry cache. This results in new_dentry still pointing to the old inode (new_inode) which has already had its i_nlink decremented to zero. The stale cache causes subsequent operations to incorrectly reference the freed inode. This causes subsequent operations to use cached dentry information that no longer matches the on-disk state. When a second rename targets the same entry, VFS attempts to decrement i_nlink on the stale inode, which may already have i_nlink=0, triggering a WARNING in drop_nlink(). Example sequence: 1. First rename (RENAME_WHITEOUT): file2 → file1 - f2fs updates file1 entry on disk (points to inode 8) - f2fs deletes file2 entry on disk - f2fs_add_link(whiteout) fails (corrupted directory) - Returns error to VFS - VFS does not call d_move() due to error - VFS cache still has: file1 → inode 7 (stale!) - inode 7 has i_nlink=0 (already decremented) 2. Second rename: file3 → file1 - VFS uses stale cache: file1 → inode 7 - Tries to drop_nlink on inode 7 (i_nlink already 0) - WARNING in drop_nlink() Fix this by explicitly invalidating old_dentry and new_dentry when f2fs_add_link fails during whiteout creation. This forces VFS to refresh from disk on subsequent operations, ensuring cache consistency even when the rename partially succeeds. Reproducer: 1. Mount F2FS image with corrupted i_current_depth 2. renameat2(file2, file1, RENAME_WHITEOUT) 3. renameat2(file3, file1, 0) 4. System triggers WARNING in drop_nlink() Fixes: 7e01e7ad746b ("f2fs: support RENAME_WHITEOUT") Reported-by: syzbot+632cf32276a9a564188d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=632cf32276a9a564188d Suggested-by: Chao Yu <chao(a)kernel.org> Link: https://lore.kernel.org/all/20251022233349.102728-1-kartikey406@gmail.com/ [v1] Cc: stable(a)vger.kernel.org Signed-off-by: Deepanshu Kartikey <kartikey406(a)gmail.com> --- Changes in v2: - Added detailed explanation about VFS not calling d_move() in error path, resulting in new_dentry still pointing to inode with zeroed i_nlink (suggested by Chao Yu) - Added Fixes tag pointing to commit 7e01e7ad746b - Added Cc: stable(a)vger.kernel.org for backporting to stable kernels --- fs/f2fs/namei.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index b882771e4699..712479b7b93d 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -1053,9 +1053,11 @@ static int f2fs_rename(struct mnt_idmap *idmap, struct inode *old_dir, if (whiteout) { set_inode_flag(whiteout, FI_INC_LINK); err = f2fs_add_link(old_dentry, whiteout); - if (err) + if (err) { + d_invalidate(old_dentry); + d_invalidate(new_dentry); goto put_out_dir; - + } spin_lock(&whiteout->i_lock); whiteout->i_state &= ~I_LINKABLE; spin_unlock(&whiteout->i_lock); -- 2.43.0

1 week, 1 day

2
1
0 0

[PATCH] net: phy: motorcomm: Fix the issue in the code regarding the incorrect use of time units

by Yi Cong

From: Yi Cong <yicong(a)kylinos.cn> Currently, NS (nanoseconds) is being used, but according to the datasheet, the correct unit should be PS (picoseconds). Fixes: 4869a146cd60 ("net: phy: Add BIT macro for Motorcomm yt8521/yt8531 gigabit ethernet phy") Cc: stable(a)vger.kernel.org Signed-off-by: Yi Cong <yicong(a)kylinos.cn> --- drivers/net/phy/motorcomm.c | 102 ++++++++++++++++++------------------ 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/drivers/net/phy/motorcomm.c b/drivers/net/phy/motorcomm.c index a3593e663059..81491c71e75b 100644 --- a/drivers/net/phy/motorcomm.c +++ b/drivers/net/phy/motorcomm.c @@ -171,7 +171,7 @@ * 1b1 enable 1.9ns rxc clock delay */ #define YT8521_CCR_RXC_DLY_EN BIT(8) -#define YT8521_CCR_RXC_DLY_1_900_NS 1900 +#define YT8521_CCR_RXC_DLY_1_900_PS 1900 #define YT8521_CCR_MODE_SEL_MASK (BIT(2) | BIT(1) | BIT(0)) #define YT8521_CCR_MODE_UTP_TO_RGMII 0 @@ -196,22 +196,22 @@ #define YT8521_RC1R_RX_DELAY_MASK GENMASK(13, 10) #define YT8521_RC1R_FE_TX_DELAY_MASK GENMASK(7, 4) #define YT8521_RC1R_GE_TX_DELAY_MASK GENMASK(3, 0) -#define YT8521_RC1R_RGMII_0_000_NS 0 -#define YT8521_RC1R_RGMII_0_150_NS 1 -#define YT8521_RC1R_RGMII_0_300_NS 2 -#define YT8521_RC1R_RGMII_0_450_NS 3 -#define YT8521_RC1R_RGMII_0_600_NS 4 -#define YT8521_RC1R_RGMII_0_750_NS 5 -#define YT8521_RC1R_RGMII_0_900_NS 6 -#define YT8521_RC1R_RGMII_1_050_NS 7 -#define YT8521_RC1R_RGMII_1_200_NS 8 -#define YT8521_RC1R_RGMII_1_350_NS 9 -#define YT8521_RC1R_RGMII_1_500_NS 10 -#define YT8521_RC1R_RGMII_1_650_NS 11 -#define YT8521_RC1R_RGMII_1_800_NS 12 -#define YT8521_RC1R_RGMII_1_950_NS 13 -#define YT8521_RC1R_RGMII_2_100_NS 14 -#define YT8521_RC1R_RGMII_2_250_NS 15 +#define YT8521_RC1R_RGMII_0_000_PS 0 +#define YT8521_RC1R_RGMII_0_150_PS 1 +#define YT8521_RC1R_RGMII_0_300_PS 2 +#define YT8521_RC1R_RGMII_0_450_PS 3 +#define YT8521_RC1R_RGMII_0_600_PS 4 +#define YT8521_RC1R_RGMII_0_750_PS 5 +#define YT8521_RC1R_RGMII_0_900_PS 6 +#define YT8521_RC1R_RGMII_1_050_PS 7 +#define YT8521_RC1R_RGMII_1_200_PS 8 +#define YT8521_RC1R_RGMII_1_350_PS 9 +#define YT8521_RC1R_RGMII_1_500_PS 10 +#define YT8521_RC1R_RGMII_1_650_PS 11 +#define YT8521_RC1R_RGMII_1_800_PS 12 +#define YT8521_RC1R_RGMII_1_950_PS 13 +#define YT8521_RC1R_RGMII_2_100_PS 14 +#define YT8521_RC1R_RGMII_2_250_PS 15 /* LED CONFIG */ #define YT8521_MAX_LEDS 3 @@ -800,40 +800,40 @@ struct ytphy_cfg_reg_map { static const struct ytphy_cfg_reg_map ytphy_rgmii_delays[] = { /* for tx delay / rx delay with YT8521_CCR_RXC_DLY_EN is not set. */ - { 0, YT8521_RC1R_RGMII_0_000_NS }, - { 150, YT8521_RC1R_RGMII_0_150_NS }, - { 300, YT8521_RC1R_RGMII_0_300_NS }, - { 450, YT8521_RC1R_RGMII_0_450_NS }, - { 600, YT8521_RC1R_RGMII_0_600_NS }, - { 750, YT8521_RC1R_RGMII_0_750_NS }, - { 900, YT8521_RC1R_RGMII_0_900_NS }, - { 1050, YT8521_RC1R_RGMII_1_050_NS }, - { 1200, YT8521_RC1R_RGMII_1_200_NS }, - { 1350, YT8521_RC1R_RGMII_1_350_NS }, - { 1500, YT8521_RC1R_RGMII_1_500_NS }, - { 1650, YT8521_RC1R_RGMII_1_650_NS }, - { 1800, YT8521_RC1R_RGMII_1_800_NS }, - { 1950, YT8521_RC1R_RGMII_1_950_NS }, /* default tx/rx delay */ - { 2100, YT8521_RC1R_RGMII_2_100_NS }, - { 2250, YT8521_RC1R_RGMII_2_250_NS }, + { 0, YT8521_RC1R_RGMII_0_000_PS }, + { 150, YT8521_RC1R_RGMII_0_150_PS }, + { 300, YT8521_RC1R_RGMII_0_300_PS }, + { 450, YT8521_RC1R_RGMII_0_450_PS }, + { 600, YT8521_RC1R_RGMII_0_600_PS }, + { 750, YT8521_RC1R_RGMII_0_750_PS }, + { 900, YT8521_RC1R_RGMII_0_900_PS }, + { 1050, YT8521_RC1R_RGMII_1_050_PS }, + { 1200, YT8521_RC1R_RGMII_1_200_PS }, + { 1350, YT8521_RC1R_RGMII_1_350_PS }, + { 1500, YT8521_RC1R_RGMII_1_500_PS }, + { 1650, YT8521_RC1R_RGMII_1_650_PS }, + { 1800, YT8521_RC1R_RGMII_1_800_PS }, + { 1950, YT8521_RC1R_RGMII_1_950_PS }, /* default tx/rx delay */ + { 2100, YT8521_RC1R_RGMII_2_100_PS }, + { 2250, YT8521_RC1R_RGMII_2_250_PS }, /* only for rx delay with YT8521_CCR_RXC_DLY_EN is set. */ - { 0 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_000_NS }, - { 150 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_150_NS }, - { 300 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_300_NS }, - { 450 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_450_NS }, - { 600 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_600_NS }, - { 750 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_750_NS }, - { 900 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_0_900_NS }, - { 1050 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_050_NS }, - { 1200 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_200_NS }, - { 1350 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_350_NS }, - { 1500 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_500_NS }, - { 1650 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_650_NS }, - { 1800 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_800_NS }, - { 1950 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_1_950_NS }, - { 2100 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_2_100_NS }, - { 2250 + YT8521_CCR_RXC_DLY_1_900_NS, YT8521_RC1R_RGMII_2_250_NS } + { 0 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_000_PS }, + { 150 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_150_PS }, + { 300 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_300_PS }, + { 450 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_450_PS }, + { 600 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_600_PS }, + { 750 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_750_PS }, + { 900 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_0_900_PS }, + { 1050 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_050_PS }, + { 1200 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_200_PS }, + { 1350 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_350_PS }, + { 1500 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_500_PS }, + { 1650 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_650_PS }, + { 1800 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_800_PS }, + { 1950 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_1_950_PS }, + { 2100 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_2_100_PS }, + { 2250 + YT8521_CCR_RXC_DLY_1_900_PS, YT8521_RC1R_RGMII_2_250_PS } }; static u32 ytphy_get_delay_reg_value(struct phy_device *phydev, @@ -890,10 +890,10 @@ static int ytphy_rgmii_clk_delay_config(struct phy_device *phydev) rx_reg = ytphy_get_delay_reg_value(phydev, "rx-internal-delay-ps", ytphy_rgmii_delays, tb_size, &rxc_dly_en, - YT8521_RC1R_RGMII_1_950_NS); + YT8521_RC1R_RGMII_1_950_PS); tx_reg = ytphy_get_delay_reg_value(phydev, "tx-internal-delay-ps", ytphy_rgmii_delays, tb_size, NULL, - YT8521_RC1R_RGMII_1_950_NS); + YT8521_RC1R_RGMII_1_950_PS); switch (phydev->interface) { case PHY_INTERFACE_MODE_RGMII: -- 2.25.1

1 week, 1 day

1
0
0 0

[PATCH] crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value

by Miaoqian Lin

The qm_get_qos_value() function calls bus_find_device_by_name() which increases the device reference count, but fails to call put_device() to balance the reference count and lead to a device reference leak. Add put_device() calls in both the error path and success path to properly balance the reference count. Found via static analysis. Fixes: 22d7a6c39cab ("crypto: hisilicon/qm - add pci bdf number check") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/crypto/hisilicon/qm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/crypto/hisilicon/qm.c b/drivers/crypto/hisilicon/qm.c index a5b96adf2d1e..3b391a146635 100644 --- a/drivers/crypto/hisilicon/qm.c +++ b/drivers/crypto/hisilicon/qm.c @@ -3871,10 +3871,12 @@ static ssize_t qm_get_qos_value(struct hisi_qm *qm, const char *buf, pdev = container_of(dev, struct pci_dev, dev); if (pci_physfn(pdev) != qm->pdev) { pci_err(qm->pdev, "the pdev input does not match the pf!\n"); + put_device(dev); return -EINVAL; } *fun_index = pdev->devfn; + put_device(dev); return 0; } -- 2.39.5 (Apple Git-154)

1 week, 1 day

2
1
0 0

[PATCH] clk: rockchip: rk3588: Don't change PLL rates when setting dclk_vop2_src

by Heiko Stuebner

dclk_vop2_src currently has CLK_SET_RATE_PARENT | CLK_SET_RATE_NO_REPARENT flags set, which is vastly different than dclk_vop0_src or dclk_vop1_src, which have none of those. With these flags in dclk_vop2_src, actually setting the clock then results in a lot of other peripherals breaking, because setting the rate results in the PLL source getting changed: [ 14.898718] clk_core_set_rate_nolock: setting rate for dclk_vop2 to 152840000 [ 15.155017] clk_change_rate: setting rate for pll_gpll to 1680000000 [ clk adjusting every gpll user ] This includes possibly the other vops, i2s, spdif and even the uarts. Among other possible things, this breaks the uart console on a board I use. Sometimes it recovers later on, but there will be a big block of garbled output for a while at least. Shared PLLs should not be changed by individual users, so drop these flags from dclk_vop2_src and make the flags the same as on dclk_vop0 and dclk_vop1. Fixes: f1c506d152ff ("clk: rockchip: add clock controller for the RK3588") Cc: stable(a)vger.kernel.org Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> --- drivers/clk/rockchip/clk-rk3588.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/rockchip/clk-rk3588.c b/drivers/clk/rockchip/clk-rk3588.c index 1694223f4f84..cf83242d1726 100644 --- a/drivers/clk/rockchip/clk-rk3588.c +++ b/drivers/clk/rockchip/clk-rk3588.c @@ -2094,7 +2094,7 @@ static struct rockchip_clk_branch rk3588_early_clk_branches[] __initdata = { COMPOSITE(DCLK_VOP1_SRC, "dclk_vop1_src", gpll_cpll_v0pll_aupll_p, 0, RK3588_CLKSEL_CON(111), 14, 2, MFLAGS, 9, 5, DFLAGS, RK3588_CLKGATE_CON(52), 11, GFLAGS), - COMPOSITE(DCLK_VOP2_SRC, "dclk_vop2_src", gpll_cpll_v0pll_aupll_p, CLK_SET_RATE_PARENT | CLK_SET_RATE_NO_REPARENT, + COMPOSITE(DCLK_VOP2_SRC, "dclk_vop2_src", gpll_cpll_v0pll_aupll_p, 0, RK3588_CLKSEL_CON(112), 5, 2, MFLAGS, 0, 5, DFLAGS, RK3588_CLKGATE_CON(52), 12, GFLAGS), COMPOSITE_NODIV(DCLK_VOP0, "dclk_vop0", dclk_vop0_p, -- 2.47.2

1 week, 1 day

5
8
0 0

[PATCH net 1/1] batman-adv: Release references to inactive interfaces

by Simon Wunderlich

From: Sven Eckelmann <sven(a)narfation.org> Trying to dump the originators or the neighbors via netlink for a meshif with an inactive primary interface is not allowed. The dump functions were checking this correctly but they didn't handle non-existing primary interfaces and existing _inactive_ interfaces differently. (Primary) batadv_hard_ifaces hold a references to a net_device. And accessing them is only allowed when either being in a RCU/spinlock protected section or when holding a valid reference to them. The netlink dump functions use the latter. But because the missing specific error handling for inactive primary interfaces, the reference was never dropped. This reference counting error was only detected when the interface should have been removed from the system: unregister_netdevice: waiting for batadv_slave_0 to become free. Usage count = 2 Cc: stable(a)vger.kernel.org Fixes: 6ecc4fd6c2f4 ("batman-adv: netlink: reduce duplicate code by returning interfaces") Reported-by: syzbot+881d65229ca4f9ae8c84(a)syzkaller.appspotmail.com Reported-by: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/originator.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c index a464ff96b9291..ed89d7fd1e7f4 100644 --- a/net/batman-adv/originator.c +++ b/net/batman-adv/originator.c @@ -764,11 +764,16 @@ int batadv_hardif_neigh_dump(struct sk_buff *msg, struct netlink_callback *cb) bat_priv = netdev_priv(mesh_iface); primary_if = batadv_primary_if_get_selected(bat_priv); - if (!primary_if || primary_if->if_status != BATADV_IF_ACTIVE) { + if (!primary_if) { ret = -ENOENT; goto out_put_mesh_iface; } + if (primary_if->if_status != BATADV_IF_ACTIVE) { + ret = -ENOENT; + goto out_put_primary_if; + } + hard_iface = batadv_netlink_get_hardif(bat_priv, cb); if (IS_ERR(hard_iface) && PTR_ERR(hard_iface) != -ENONET) { ret = PTR_ERR(hard_iface); @@ -1333,11 +1338,16 @@ int batadv_orig_dump(struct sk_buff *msg, struct netlink_callback *cb) bat_priv = netdev_priv(mesh_iface); primary_if = batadv_primary_if_get_selected(bat_priv); - if (!primary_if || primary_if->if_status != BATADV_IF_ACTIVE) { + if (!primary_if) { ret = -ENOENT; goto out_put_mesh_iface; } + if (primary_if->if_status != BATADV_IF_ACTIVE) { + ret = -ENOENT; + goto out_put_primary_if; + } + hard_iface = batadv_netlink_get_hardif(bat_priv, cb); if (IS_ERR(hard_iface) && PTR_ERR(hard_iface) != -ENONET) { ret = PTR_ERR(hard_iface); -- 2.47.3

1 week, 1 day

2
1
0 0

[PATCH] riscv: Fix memory leak in module_frob_arch_sections()

by Miaoqian Lin

The current code directly overwrites the scratch pointer with the return value of kvrealloc(). If kvrealloc() fails and returns NULL, the original buffer becomes unreachable, causing a memory leak. Fix this by using a temporary variable to store kvrealloc()'s return value and only update the scratch pointer on success. Found via static anlaysis and this is similar to commit 42378a9ca553 ("bpf, verifier: Fix memory leak in array reallocation for stack state") Fixes: be17c0df6795 ("riscv: module: Optimize PLT/GOT entry counting") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/riscv/kernel/module-sections.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/module-sections.c b/arch/riscv/kernel/module-sections.c index 75551ac6504c..1675cbad8619 100644 --- a/arch/riscv/kernel/module-sections.c +++ b/arch/riscv/kernel/module-sections.c @@ -119,6 +119,7 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, unsigned int num_plts = 0; unsigned int num_gots = 0; Elf_Rela *scratch = NULL; + Elf_Rela *new_scratch; size_t scratch_size = 0; int i; @@ -168,9 +169,12 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, scratch_size_needed = (num_scratch_relas + num_relas) * sizeof(*scratch); if (scratch_size_needed > scratch_size) { scratch_size = scratch_size_needed; - scratch = kvrealloc(scratch, scratch_size, GFP_KERNEL); - if (!scratch) + new_scratch = kvrealloc(scratch, scratch_size, GFP_KERNEL); + if (!new_scratch) { + kvfree(scratch); return -ENOMEM; + } + scratch = new_scratch; } for (size_t j = 0; j < num_relas; j++) -- 2.39.5 (Apple Git-154)

1 week, 1 day

2
1
0 0

[PATCH AUTOSEL 6.17-6.1] smb/server: fix possible memory leak in smb2_read()

by Sasha Levin

From: ZhangGuoDong <zhangguodong(a)kylinos.cn> [ Upstream commit 6fced056d2cc8d01b326e6fcfabaacb9850b71a4 ] Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree(). Co-developed-by: ChenXiaoSong <chenxiaosong(a)kylinos.cn> Signed-off-by: ChenXiaoSong <chenxiaosong(a)kylinos.cn> Signed-off-by: ZhangGuoDong <zhangguodong(a)kylinos.cn> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: ## **Backport Status: YES** ### **Extensive Analysis** Based on comprehensive semantic code analysis and repository examination, this commit **should be backported** to stable kernel trees. --- ## **1. Code Change Analysis** The commit adds a single line to fix a memory leak in `fs/smb/server/smb2pdu.c`: ```c nbytes = ksmbd_vfs_read(work, fp, length, &offset, aux_payload_buf); if (nbytes < 0) { + kvfree(aux_payload_buf); // <-- Added line err = nbytes; goto out; } ``` **What was wrong:** Memory allocated at line 6821 (`aux_payload_buf = kvzalloc(ALIGN(length, 8), KSMBD_DEFAULT_GFP)`) was not freed when `ksmbd_vfs_read()` fails, while all other error paths properly call `kvfree()`. --- ## **2. Semantic Analysis Tools Used** ### **Tool 1: mcp__semcode__find_function** - Located `smb2_read()` in `fs/smb/server/smb2pdu.c:6727-6895` - Confirmed it's an SMB2 protocol handler (169 lines, 24 function calls) - Return type: `int` (returns error codes) ### **Tool 2: mcp__semcode__find_callers** - Result: No direct function callers - However, cross-referenced with `smb2ops.c:183` showing `smb2_read` is registered as a handler: `[SMB2_READ_HE] = { .proc = smb2_read }` - **Conclusion:** This is a protocol handler invoked by the SMB2 message dispatcher, meaning it's **directly user-triggerable** via network requests ### **Tool 3: mcp__semcode__find_calls** - Analyzed `ksmbd_vfs_read()` dependencies - Found it can fail with multiple error codes: `-EISDIR`, `-EACCES`, `-EAGAIN`, plus any errors from `kernel_read()` - **All of these failure paths trigger the memory leak** ### **Tool 4: git blame & git log** - Bug introduced: commit `e2f34481b24db2` (2021-03-16) - **4 years old!** - Recent modification: commit `06a025448b572c` (2024-11-30) changed allocation to `ALIGN(length, 8)` but didn't fix the leak - Found 15+ similar "memory leak" fixes in ksmbd history, indicating active maintenance --- ## **3. Impact Scope Analysis** ### **User Exposure: CRITICAL** - **Protocol Handler:** Any SMB client can trigger this by sending SMB2 READ requests - **Network-facing:** ksmbd is a kernel SMB server exposed to network clients - **No authentication required to trigger:** The error path can be reached even with permission errors ### **Trigger Conditions (from VFS analysis):** 1. **-EISDIR**: Client tries to read a directory 2. **-EACCES**: Permission denied (no FILE_READ_DATA or FILE_EXECUTE access) 3. **-EAGAIN**: File is locked by another process 4. **kernel_read() failures**: Various VFS/filesystem errors All of these are **easily triggerable** by malicious or misbehaving clients. ### **Memory Leak Severity: HIGH** - **Allocation size:** `ALIGN(length, 8)` where `length` is client- controlled - **Maximum per leak:** Up to `SMB3_MAX_IOSIZE` = **8 MB** (from smb2pdu.h:28) - **Default size:** `SMB21_DEFAULT_IOSIZE` = **1 MB** (from smb2pdu.h:25) - **Attack scenario:** An attacker could repeatedly: 1. Send READ requests for locked files (triggers -EAGAIN) 2. Each failed request leaks up to 8MB 3. 100 requests = 800MB leaked 4. Can exhaust server memory leading to **DoS** --- ## **4. Regression Risk Analysis** ### **Risk Level: VERY LOW** - **Change size:** Single line addition - **Operation:** Adding missing cleanup (defensive programming) - **No behavior change:** Only affects error path that already returns failure - **Idempotent:** `kvfree()` is safe to call and simply frees allocated memory - **No dependencies:** No API changes or external impact --- ## **5. Stable Tree Compliance** | Criterion | Status | Evidence | |-----------|--------|----------| | Fixes important bug | ✅ YES | Memory leak leading to potential DoS | | Small and contained | ✅ YES | 1 line change, single function | | No new features | ✅ YES | Pure bug fix | | No architectural changes | ✅ YES | No structural modifications | | Low regression risk | ✅ YES | Minimal, defensive change | | Confined to subsystem | ✅ YES | Only affects ksmbd | | User-facing impact | ✅ YES | Affects all ksmbd users | --- ## **6. Comparison with Similar Commits** Recent ksmbd fixes in the repository show similar patterns: - `379510a815cb2`: "fix possible refcount leak in smb2_sess_setup()" - `5929e98f3bb76`: "fix potential double free on smb2_read_pipe() error path" - `e523a26c05672`: "fix passing freed memory 'aux_payload_buf'" - `809d50d36e71b`: "fix memory leak in smb2_lock()" **All these are typical stable tree backport candidates** with similar characteristics (small resource leak fixes). --- ## **7. Missing Stable Tags** **Notable:** The commit lacks explicit stable tree tags: - ❌ No `Cc: stable(a)vger.kernel.org` - ❌ No `Fixes:` tag pointing to the original buggy commit However, this doesn't diminish backport worthiness - the technical merits clearly justify backporting. --- ## **Conclusion** This commit is an **excellent candidate for backporting** because: 1. **Security concern:** Remote memory exhaustion DoS vector 2. **Long-standing bug:** Present since ksmbd's introduction (4+ years) 3. **Wide impact:** Affects all ksmbd deployments 4. **Minimal risk:** Single-line defensive fix 5. **Clear bug fix:** Unambiguous resource leak on error path 6. **Pattern consistency:** Matches other successfully backported ksmbd fixes **Recommendation:** Backport to all active stable trees where ksmbd exists (5.15+). fs/smb/server/smb2pdu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 287200d7c0764..409b85af82e1c 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -6826,6 +6826,7 @@ int smb2_read(struct ksmbd_work *work) nbytes = ksmbd_vfs_read(work, fp, length, &offset, aux_payload_buf); if (nbytes < 0) { + kvfree(aux_payload_buf); err = nbytes; goto out; } -- 2.51.0

1 week, 1 day

1
25
0 0

[PATCH v2] PCI: xilinx-xdma: Enable INTx interrupts

by Ravi Kumar Bandi

The pcie-xilinx-dma-pl driver does not enable INTx interrupts after initializing the port, preventing INTx interrupts from PCIe endpoints from flowing through the Xilinx XDMA root port bridge. This issue affects kernel 6.6.0 and later versions. This patch allows INTx interrupts generated by PCIe endpoints to flow through the root port. Tested the fix on a board with two endpoints generating INTx interrupts. Interrupts are properly detected and serviced. The /proc/interrupts output shows: [...] 32: 320 0 pl_dma:RC-Event 16 Level 400000000.axi-pcie, azdrv 52: 470 0 pl_dma:RC-Event 16 Level 500000000.axi-pcie, azdrv [...] Changes since v1:: - Fixed commit message per reviewer's comments Fixes: 8d786149d78c ("PCI: xilinx-xdma: Add Xilinx XDMA Root Port driver") Cc: stable(a)vger.kernel.org Signed-off-by: Ravi Kumar Bandi <ravib(a)amazon.com> --- drivers/pci/controller/pcie-xilinx-dma-pl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/pci/controller/pcie-xilinx-dma-pl.c b/drivers/pci/controller/pcie-xilinx-dma-pl.c index b037c8f315e4..cc539292d10a 100644 --- a/drivers/pci/controller/pcie-xilinx-dma-pl.c +++ b/drivers/pci/controller/pcie-xilinx-dma-pl.c @@ -659,6 +659,12 @@ static int xilinx_pl_dma_pcie_setup_irq(struct pl_dma_pcie *port) return err; } + /* Enable interrupts */ + pcie_write(port, XILINX_PCIE_DMA_IMR_ALL_MASK, + XILINX_PCIE_DMA_REG_IMR); + pcie_write(port, XILINX_PCIE_DMA_IDRN_MASK, + XILINX_PCIE_DMA_REG_IDRN_MASK); + return 0; } -- 2.47.3

1 week, 1 day

8
31
0 0

[PATCH] powerpc: Fix mprotect on book3s32

by Dave Vasilevsky via B4 Relay

From: Dave Vasilevsky <dave(a)vasilevsky.ca> On 32-bit book3s with hash-MMUs, tlb_flush() was a no-op. This was unnoticed because all uses until recently were for unmaps, and thus handled by __tlb_remove_tlb_entry(). After commit 4a18419f71cd ("mm/mprotect: use mmu_gather") in kernel 5.19, tlb_gather_mmu() started being used for mprotect as well. This caused mprotect to simply not work on these machines: int *ptr = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); *ptr = 1; // force HPTE to be created mprotect(ptr, 4096, PROT_READ); *ptr = 2; // should segfault, but succeeds Fixed by making tlb_flush() actually flush TLB pages. This finally agrees with the behaviour of boot3s64's tlb_flush(). Fixes: 4a18419f71cd ("mm/mprotect: use mmu_gather") Signed-off-by: Dave Vasilevsky <dave(a)vasilevsky.ca> --- arch/powerpc/include/asm/book3s/32/tlbflush.h | 8 ++++++-- arch/powerpc/mm/book3s32/tlb.c | 6 ++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/32/tlbflush.h b/arch/powerpc/include/asm/book3s/32/tlbflush.h index e43534da5207aa3b0cb3c07b78e29b833c141f3f..b8c587ad2ea954f179246a57d6e86e45e91dcfdc 100644 --- a/arch/powerpc/include/asm/book3s/32/tlbflush.h +++ b/arch/powerpc/include/asm/book3s/32/tlbflush.h @@ -11,6 +11,7 @@ void hash__flush_tlb_mm(struct mm_struct *mm); void hash__flush_tlb_page(struct vm_area_struct *vma, unsigned long vmaddr); void hash__flush_range(struct mm_struct *mm, unsigned long start, unsigned long end); +void hash__flush_gather(struct mmu_gather *tlb); #ifdef CONFIG_SMP void _tlbie(unsigned long address); @@ -28,9 +29,12 @@ void _tlbia(void); */ static inline void tlb_flush(struct mmu_gather *tlb) { - /* 603 needs to flush the whole TLB here since it doesn't use a hash table. */ - if (!mmu_has_feature(MMU_FTR_HPTE_TABLE)) + if (mmu_has_feature(MMU_FTR_HPTE_TABLE)) { + hash__flush_gather(tlb); + } else { + /* 603 needs to flush the whole TLB here since it doesn't use a hash table. */ _tlbia(); + } } static inline void flush_range(struct mm_struct *mm, unsigned long start, unsigned long end) diff --git a/arch/powerpc/mm/book3s32/tlb.c b/arch/powerpc/mm/book3s32/tlb.c index 9ad6b56bfec96e989b96f027d075ad5812500854..3da95ecfbbb296303082e378425e92a5fbdbfac8 100644 --- a/arch/powerpc/mm/book3s32/tlb.c +++ b/arch/powerpc/mm/book3s32/tlb.c @@ -105,3 +105,9 @@ void hash__flush_tlb_page(struct vm_area_struct *vma, unsigned long vmaddr) flush_hash_pages(mm->context.id, vmaddr, pmd_val(*pmd), 1); } EXPORT_SYMBOL(hash__flush_tlb_page); + +void hash__flush_gather(struct mmu_gather *tlb) +{ + hash__flush_range(tlb->mm, tlb->start, tlb->end); +} +EXPORT_SYMBOL(hash__flush_gather); --- base-commit: dcb6fa37fd7bc9c3d2b066329b0d27dedf8becaa change-id: 20251027-vasi-mprotect-g3-f8f5278d4140 Best regards, -- Dave Vasilevsky <dave(a)vasilevsky.ca>

1 week, 1 day

2
1
0 0

[PATCH v3 0/3] Fixes/improvements for SM6350 UFS

by Luca Weiss

Fix the order of the freq-table-hz property, then convert to OPP tables and add interconnect support for UFS for the SM6350 SoC. Signed-off-by: Luca Weiss <luca.weiss(a)fairphone.com> --- Changes in v3: - Actually pick up tags, sorry about that - Link to v2: https://lore.kernel.org/r/20251023-sm6350-ufs-things-v2-0-799d59178713@fair… Changes in v2: - Resend, pick up tags - Link to v1: https://lore.kernel.org/r/20250314-sm6350-ufs-things-v1-0-3600362cc52c@fair… --- Luca Weiss (3): arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS arm64: dts: qcom: sm6350: Add OPP table support to UFSHC arm64: dts: qcom: sm6350: Add interconnect support to UFS arch/arm64/boot/dts/qcom/sm6350.dtsi | 49 ++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 10 deletions(-) --- base-commit: a92c761bcac3d5042559107fa7679470727a4bcb change-id: 20250314-sm6350-ufs-things-53c5de9fec5e Best regards, -- Luca Weiss <luca.weiss(a)fairphone.com>

1 week, 1 day

2
2
0 0

+ mm-truncate-unmap-large-folio-on-split-failure.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/truncate: unmap large folio on split failure has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-truncate-unmap-large-folio-on-split-failure.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kiryl Shutsemau <kas(a)kernel.org> Subject: mm/truncate: unmap large folio on split failure Date: Mon, 27 Oct 2025 11:56:36 +0000 Accesses within VMA, but beyond i_size rounded up to PAGE_SIZE are supposed to generate SIGBUS. This behavior might not be respected on truncation. During truncation, the kernel splits a large folio in order to reclaim memory. As a side effect, it unmaps the folio and destroys PMD mappings of the folio. The folio will be refaulted as PTEs and SIGBUS semantics are preserved. However, if the split fails, PMD mappings are preserved and the user will not receive SIGBUS on any accesses within the PMD. Unmap the folio on split failure. It will lead to refault as PTEs and preserve SIGBUS semantics. Make an exception for shmem/tmpfs that for long time intentionally mapped with PMDs across i_size. Link: https://lkml.kernel.org/r/20251027115636.82382-3-kirill@shutemov.name Signed-off-by: Kiryl Shutsemau <kas(a)kernel.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Dave Chinner <david(a)fromorbit.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/truncate.c | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) --- a/mm/truncate.c~mm-truncate-unmap-large-folio-on-split-failure +++ a/mm/truncate.c @@ -177,6 +177,32 @@ int truncate_inode_folio(struct address_ return 0; } +static int try_folio_split_or_unmap(struct folio *folio, struct page *split_at, + unsigned long min_order) +{ + enum ttu_flags ttu_flags = + TTU_SYNC | + TTU_SPLIT_HUGE_PMD | + TTU_IGNORE_MLOCK; + int ret; + + ret = try_folio_split_to_order(folio, split_at, min_order); + + /* + * If the split fails, unmap the folio, so it will be refaulted + * with PTEs to respect SIGBUS semantics. + * + * Make an exception for shmem/tmpfs that for long time + * intentionally mapped with PMDs across i_size. + */ + if (ret && !shmem_mapping(folio->mapping)) { + try_to_unmap(folio, ttu_flags); + WARN_ON(folio_mapped(folio)); + } + + return ret; +} + /* * Handle partial folios. The folio may be entirely within the * range if a split has raced with us. If not, we zero the part of the @@ -226,7 +252,7 @@ bool truncate_inode_partial_folio(struct min_order = mapping_min_folio_order(folio->mapping); split_at = folio_page(folio, PAGE_ALIGN_DOWN(offset) / PAGE_SIZE); - if (!try_folio_split_to_order(folio, split_at, min_order)) { + if (!try_folio_split_or_unmap(folio, split_at, min_order)) { /* * try to split at offset + length to make sure folios within * the range can be dropped, especially to avoid memory waste @@ -250,13 +276,10 @@ bool truncate_inode_partial_folio(struct if (!folio_trylock(folio2)) goto out; - /* - * make sure folio2 is large and does not change its mapping. - * Its split result does not matter here. - */ + /* make sure folio2 is large and does not change its mapping */ if (folio_test_large(folio2) && folio2->mapping == folio->mapping) - try_folio_split_to_order(folio2, split_at2, min_order); + try_folio_split_or_unmap(folio2, split_at2, min_order); folio_unlock(folio2); out: _ Patches currently in -mm which might be from kas(a)kernel.org are mm-memory-do-not-populate-page-table-entries-beyond-i_size.patch mm-truncate-unmap-large-folio-on-split-failure.patch

1 week, 1 day

1
0
0 0

+ mm-memory-do-not-populate-page-table-entries-beyond-i_size.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory: do not populate page table entries beyond i_size has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-do-not-populate-page-table-entries-beyond-i_size.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kiryl Shutsemau <kas(a)kernel.org> Subject: mm/memory: do not populate page table entries beyond i_size Date: Mon, 27 Oct 2025 11:56:35 +0000 Patch series "Fix SIGBUS semantics with large folios", v3. Accessing memory within a VMA, but beyond i_size rounded up to the next page size, is supposed to generate SIGBUS. Darrick reported[1] an xfstests regression in v6.18-rc1. generic/749 failed due to missing SIGBUS. This was caused by my recent changes that try to fault in the whole folio where possible: 19773df031bc ("mm/fault: try to map the entire file folio in finish_fault()") 357b92761d94 ("mm/filemap: map entire large folio faultaround") These changes did not consider i_size when setting up PTEs, leading to xfstest breakage. However, the problem has been present in the kernel for a long time - since huge tmpfs was introduced in 2016. The kernel happily maps PMD-sized folios as PMD without checking i_size. And huge=always tmpfs allocates PMD-size folios on any writes. I considered this corner case when I implemented a large tmpfs, and my conclusion was that no one in their right mind should rely on receiving a SIGBUS signal when accessing beyond i_size. I cannot imagine how it could be useful for the workload. But apparently filesystem folks care a lot about preserving strict SIGBUS semantics. Generic/749 was introduced last year with reference to POSIX, but no real workloads were mentioned. It also acknowledged the tmpfs deviation from the test case. POSIX indeed says[3]: References within the address range starting at pa and continuing for len bytes to whole pages following the end of an object shall result in delivery of a SIGBUS signal. The patchset fixes the regression introduced by recent changes as well as more subtle SIGBUS breakage due to split failure on truncation. This patch (of 2): Accesses within VMA, but beyond i_size rounded up to PAGE_SIZE are supposed to generate SIGBUS. Recent changes attempted to fault in full folio where possible. They did not respect i_size, which led to populating PTEs beyond i_size and breaking SIGBUS semantics. Darrick reported generic/749 breakage because of this. However, the problem existed before the recent changes. With huge=always tmpfs, any write to a file leads to PMD-size allocation. Following the fault-in of the folio will install PMD mapping regardless of i_size. Fix filemap_map_pages() and finish_fault() to not install: - PTEs beyond i_size; - PMD mappings across i_size; Make an exception for shmem/tmpfs that for long time intentionally mapped with PMDs across i_size. Link: https://lkml.kernel.org/r/20251027115636.82382-1-kirill@shutemov.name Link: https://lkml.kernel.org/r/20251027115636.82382-2-kirill@shutemov.name Signed-off-by: Kiryl Shutsemau <kas(a)kernel.org> Fixes: 19773df031bc ("mm/fault: try to map the entire file folio in finish_fault()") Fixes: 357b92761d94 ("mm/filemap: map entire large folio faultaround") Fixes: 01c70267053d ("fs: add a filesystem flag for THPs") Reported-by: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Dave Chinner <david(a)fromorbit.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 28 ++++++++++++++++++++-------- mm/memory.c | 20 +++++++++++++++++++- 2 files changed, 39 insertions(+), 9 deletions(-) --- a/mm/filemap.c~mm-memory-do-not-populate-page-table-entries-beyond-i_size +++ a/mm/filemap.c @@ -3681,7 +3681,8 @@ skip: static vm_fault_t filemap_map_folio_range(struct vm_fault *vmf, struct folio *folio, unsigned long start, unsigned long addr, unsigned int nr_pages, - unsigned long *rss, unsigned short *mmap_miss) + unsigned long *rss, unsigned short *mmap_miss, + bool can_map_large) { unsigned int ref_from_caller = 1; vm_fault_t ret = 0; @@ -3696,7 +3697,7 @@ static vm_fault_t filemap_map_folio_rang * The folio must not cross VMA or page table boundary. */ addr0 = addr - start * PAGE_SIZE; - if (folio_within_vma(folio, vmf->vma) && + if (can_map_large && folio_within_vma(folio, vmf->vma) && (addr0 & PMD_MASK) == ((addr0 + folio_size(folio) - 1) & PMD_MASK)) { vmf->pte -= start; page -= start; @@ -3811,13 +3812,27 @@ vm_fault_t filemap_map_pages(struct vm_f unsigned long rss = 0; unsigned int nr_pages = 0, folio_type; unsigned short mmap_miss = 0, mmap_miss_saved; + bool can_map_large; rcu_read_lock(); folio = next_uptodate_folio(&xas, mapping, end_pgoff); if (!folio) goto out; - if (filemap_map_pmd(vmf, folio, start_pgoff)) { + file_end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE) - 1; + end_pgoff = min(end_pgoff, file_end); + + /* + * Do not allow to map with PTEs beyond i_size and with PMD + * across i_size to preserve SIGBUS semantics. + * + * Make an exception for shmem/tmpfs that for long time + * intentionally mapped with PMDs across i_size. + */ + can_map_large = shmem_mapping(mapping) || + file_end >= folio_next_index(folio); + + if (can_map_large && filemap_map_pmd(vmf, folio, start_pgoff)) { ret = VM_FAULT_NOPAGE; goto out; } @@ -3830,10 +3845,6 @@ vm_fault_t filemap_map_pages(struct vm_f goto out; } - file_end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE) - 1; - if (end_pgoff > file_end) - end_pgoff = file_end; - folio_type = mm_counter_file(folio); do { unsigned long end; @@ -3850,7 +3861,8 @@ vm_fault_t filemap_map_pages(struct vm_f else ret |= filemap_map_folio_range(vmf, folio, xas.xa_index - folio->index, addr, - nr_pages, &rss, &mmap_miss); + nr_pages, &rss, &mmap_miss, + can_map_large); folio_unlock(folio); } while ((folio = next_uptodate_folio(&xas, mapping, end_pgoff)) != NULL); --- a/mm/memory.c~mm-memory-do-not-populate-page-table-entries-beyond-i_size +++ a/mm/memory.c @@ -65,6 +65,7 @@ #include <linux/gfp.h> #include <linux/migrate.h> #include <linux/string.h> +#include <linux/shmem_fs.h> #include <linux/memory-tiers.h> #include <linux/debugfs.h> #include <linux/userfaultfd_k.h> @@ -5501,8 +5502,25 @@ fallback: return ret; } + if (!needs_fallback && vma->vm_file) { + struct address_space *mapping = vma->vm_file->f_mapping; + pgoff_t file_end; + + file_end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE); + + /* + * Do not allow to map with PTEs beyond i_size and with PMD + * across i_size to preserve SIGBUS semantics. + * + * Make an exception for shmem/tmpfs that for long time + * intentionally mapped with PMDs across i_size. + */ + needs_fallback = !shmem_mapping(mapping) && + file_end < folio_next_index(folio); + } + if (pmd_none(*vmf->pmd)) { - if (folio_test_pmd_mappable(folio)) { + if (!needs_fallback && folio_test_pmd_mappable(folio)) { ret = do_set_pmd(vmf, folio, page); if (ret != VM_FAULT_FALLBACK) return ret; _ Patches currently in -mm which might be from kas(a)kernel.org are mm-memory-do-not-populate-page-table-entries-beyond-i_size.patch mm-truncate-unmap-large-folio-on-split-failure.patch

1 week, 1 day

1
0
0 0

[PATCH] thermal/of: Fix reference count leak in thermal_of_cm_lookup

by Miaoqian Lin

The function calls of_parse_phandle() to get a device node, which increments the reference count of the node. However, the function fails to call of_node_put() to decrement the reference. This leads to a reference count leak. This is found by static analysis and similar to the commit a508e33956b5 ("ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe") Fixes: 423de5b5bc5b ("thermal/of: Fix cdev lookup in thermal_of_should_bind()") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/thermal/thermal_of.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index 1a51a4d240ff..932291648683 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -284,8 +284,12 @@ static bool thermal_of_cm_lookup(struct device_node *cm_np, int count, i; tr_np = of_parse_phandle(child, "trip", 0); - if (tr_np != trip->priv) + if (tr_np != trip->priv) { + of_node_put(tr_np); continue; + } + + of_node_put(tr_np); /* The trip has been found, look up the cdev. */ count = of_count_phandle_with_args(child, "cooling-device", -- 2.39.5 (Apple Git-154)

1 week, 1 day

2
1
0 0

[PATCH v1] net: phy: dp83867: Disable EEE support as not implemented

by Emanuele Ghidoli

From: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> While the DP83867 PHYs report EEE capability through their feature registers, the actual hardware does not support EEE (see Links). When the connected MAC enables EEE, it causes link instability and communication failures. The issue is reproducible with a iMX8MP and relevant stmmac ethernet port. Since the introduction of phylink-managed EEE support in the stmmac driver, EEE is now enabled by default, leading to issues on systems using the DP83867 PHY. Call phy_disable_eee during phy initialization to prevent EEE from being enabled on DP83867 PHYs. Link: https://e2e.ti.com/support/interface-group/interface/f/interface-forum/1445… Link: https://e2e.ti.com/support/interface-group/interface/f/interface-forum/6586… Fixes: 2a10154abcb7 ("net: phy: dp83867: Add TI dp83867 phy") Cc: stable(a)vger.kernel.org Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> --- drivers/net/phy/dp83867.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/phy/dp83867.c b/drivers/net/phy/dp83867.c index deeefb962566..36a0c1b7f59c 100644 --- a/drivers/net/phy/dp83867.c +++ b/drivers/net/phy/dp83867.c @@ -738,6 +738,12 @@ static int dp83867_config_init(struct phy_device *phydev) return ret; } + /* Although the DP83867 reports EEE capability through the + * MDIO_PCS_EEE_ABLE and MDIO_AN_EEE_ADV registers, the feature + * is not actually implemented in hardware. + */ + phy_disable_eee(phydev); + if (phy_interface_is_rgmii(phydev) || phydev->interface == PHY_INTERFACE_MODE_SGMII) { val = phy_read(phydev, MII_DP83867_PHYCTRL); -- 2.43.0

1 week, 1 day

6
16
0 0

FAILED: patch "[PATCH] serial: 8250_dw: handle reset control deassert error" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x daeb4037adf7d3349b4a1fb792f4bc9824686a4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102701-scabby-entrust-a162@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daeb4037adf7d3349b4a1fb792f4bc9824686a4b Mon Sep 17 00:00:00 2001 From: Artem Shimko <a.shimko.dev(a)gmail.com> Date: Sun, 19 Oct 2025 12:51:31 +0300 Subject: [PATCH] serial: 8250_dw: handle reset control deassert error Check the return value of reset_control_deassert() in the probe function to prevent continuing probe when reset deassertion fails. Previously, reset_control_deassert() was called without checking its return value, which could lead to probe continuing even when the device reset wasn't properly deasserted. The fix checks the return value and returns an error with dev_err_probe() if reset deassertion fails, providing better error handling and diagnostics. Fixes: acbdad8dd1ab ("serial: 8250_dw: simplify optional reset handling") Cc: stable <stable(a)kernel.org> Signed-off-by: Artem Shimko <a.shimko.dev(a)gmail.com> Link: https://patch.msgid.link/20251019095131.252848-1-a.shimko.dev@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c index a53ba04d9770..710ae4d40aec 100644 --- a/drivers/tty/serial/8250/8250_dw.c +++ b/drivers/tty/serial/8250/8250_dw.c @@ -635,7 +635,9 @@ static int dw8250_probe(struct platform_device *pdev) if (IS_ERR(data->rst)) return PTR_ERR(data->rst); - reset_control_deassert(data->rst); + err = reset_control_deassert(data->rst); + if (err) + return dev_err_probe(dev, err, "failed to deassert resets\n"); err = devm_add_action_or_reset(dev, dw8250_reset_control_assert, data->rst); if (err)

1 week, 1 day

2
3
0 0

[PATCH 03/25] media: i2c: ov01a10: Fix gain range

by Hans de Goede

A maximum gain of 0xffff / 65525 seems unlikely and testing indeed shows that the gain control wraps-around at 4096, so set the maximum gain to 0xfff / 4095. The minimum gain of 0x100 is correct. Setting bits 8-11 to 0x0 results in the same gain values as setting these bits to 0x1, with bits 0-7 still increasing the gain when going from 0x000 - 0x0ff in the exact same range as when going from 0x100 - 0x1ff. Fixes: 0827b58dabff ("media: i2c: add ov01a10 image sensor driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- drivers/media/i2c/ov01a10.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/i2c/ov01a10.c b/drivers/media/i2c/ov01a10.c index 0b1a1ecfffd0..95d6a0f046a0 100644 --- a/drivers/media/i2c/ov01a10.c +++ b/drivers/media/i2c/ov01a10.c @@ -48,7 +48,7 @@ /* analog gain controls */ #define OV01A10_REG_ANALOG_GAIN 0x3508 #define OV01A10_ANAL_GAIN_MIN 0x100 -#define OV01A10_ANAL_GAIN_MAX 0xffff +#define OV01A10_ANAL_GAIN_MAX 0xfff #define OV01A10_ANAL_GAIN_STEP 1 /* digital gain controls */ -- 2.51.0

1 week, 1 day

2
1
0 0

[PATCH 02/25] media: i2c: ov01a10: Fix reported pixel-rate value

by Hans de Goede

CSI lanes are double-clocked so with a single lane at 400MHZ the resulting pixel-rate for 10-bits pixels is 400 MHz * 2 / 10 = 80 MHz, not 40 MHz. This also matches with the observed frame-rate of 60 fps with the default vblank setting: 80000000 / (1488 * 896) = 60. Fixes: 0827b58dabff ("media: i2c: add ov01a10 image sensor driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- drivers/media/i2c/ov01a10.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/i2c/ov01a10.c b/drivers/media/i2c/ov01a10.c index e5df01f97978..0b1a1ecfffd0 100644 --- a/drivers/media/i2c/ov01a10.c +++ b/drivers/media/i2c/ov01a10.c @@ -16,7 +16,7 @@ #include <media/v4l2-fwnode.h> #define OV01A10_LINK_FREQ_400MHZ 400000000ULL -#define OV01A10_SCLK 40000000LL +#define OV01A10_SCLK 80000000LL #define OV01A10_DATA_LANES 1 #define OV01A10_REG_CHIP_ID 0x300a -- 2.51.0

1 week, 1 day

2
1
0 0

[PATCH 01/25] media: i2c: ov01a10: Fix the horizontal flip control

by Hans de Goede

During sensor calibration I noticed that with the hflip control set to false/disabled the image was mirrored. So it seems that the horizontal flip control is inverted and needs to be set to 1 to not flip (just like the similar problem recently fixed on the ov08x40 sensor). Invert the hflip control to fix the sensor mirroring by default. As the comment above the newly added OV01A10_MEDIA_BUS_FMT define explains the control being inverted also means that the native Bayer-order of the sensor actually is GBRG not BGGR, but so as to not break userspace the Bayer-order is kept at BGGR. Fixes: 0827b58dabff ("media: i2c: add ov01a10 image sensor driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- drivers/media/i2c/ov01a10.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/drivers/media/i2c/ov01a10.c b/drivers/media/i2c/ov01a10.c index 141cb6f75b55..e5df01f97978 100644 --- a/drivers/media/i2c/ov01a10.c +++ b/drivers/media/i2c/ov01a10.c @@ -75,6 +75,15 @@ #define OV01A10_REG_X_WIN 0x3811 #define OV01A10_REG_Y_WIN 0x3813 +/* + * The native ov01a10 bayer-pattern is GBRG, but there was a driver bug enabling + * hflip/mirroring by default resulting in BGGR. Because of this bug Intel's + * proprietary IPU6 userspace stack expects BGGR. So we report BGGR to not break + * userspace and fix things up by shifting the crop window-x coordinate by 1 + * when hflip is *disabled*. + */ +#define OV01A10_MEDIA_BUS_FMT MEDIA_BUS_FMT_SBGGR10_1X10 + struct ov01a10_reg { u16 address; u8 val; @@ -185,14 +194,14 @@ static const struct ov01a10_reg sensor_1280x800_setting[] = { {0x380e, 0x03}, {0x380f, 0x80}, {0x3810, 0x00}, - {0x3811, 0x08}, + {0x3811, 0x09}, {0x3812, 0x00}, {0x3813, 0x08}, {0x3814, 0x01}, {0x3815, 0x01}, {0x3816, 0x01}, {0x3817, 0x01}, - {0x3820, 0xa0}, + {0x3820, 0xa8}, {0x3822, 0x13}, {0x3832, 0x28}, {0x3833, 0x10}, @@ -411,7 +420,7 @@ static int ov01a10_set_hflip(struct ov01a10 *ov01a10, u32 hflip) int ret; u32 val, offset; - offset = hflip ? 0x9 : 0x8; + offset = hflip ? 0x8 : 0x9; ret = ov01a10_write_reg(ov01a10, OV01A10_REG_X_WIN, 1, offset); if (ret) return ret; @@ -420,8 +429,8 @@ static int ov01a10_set_hflip(struct ov01a10 *ov01a10, u32 hflip) if (ret) return ret; - val = hflip ? val | FIELD_PREP(OV01A10_HFLIP_MASK, 0x1) : - val & ~OV01A10_HFLIP_MASK; + val = hflip ? val & ~OV01A10_HFLIP_MASK : + val | FIELD_PREP(OV01A10_HFLIP_MASK, 0x1); return ov01a10_write_reg(ov01a10, OV01A10_REG_FORMAT1, 1, val); } @@ -610,7 +619,7 @@ static void ov01a10_update_pad_format(const struct ov01a10_mode *mode, { fmt->width = mode->width; fmt->height = mode->height; - fmt->code = MEDIA_BUS_FMT_SBGGR10_1X10; + fmt->code = OV01A10_MEDIA_BUS_FMT; fmt->field = V4L2_FIELD_NONE; fmt->colorspace = V4L2_COLORSPACE_RAW; } @@ -751,7 +760,7 @@ static int ov01a10_enum_mbus_code(struct v4l2_subdev *sd, if (code->index > 0) return -EINVAL; - code->code = MEDIA_BUS_FMT_SBGGR10_1X10; + code->code = OV01A10_MEDIA_BUS_FMT; return 0; } @@ -761,7 +770,7 @@ static int ov01a10_enum_frame_size(struct v4l2_subdev *sd, struct v4l2_subdev_frame_size_enum *fse) { if (fse->index >= ARRAY_SIZE(supported_modes) || - fse->code != MEDIA_BUS_FMT_SBGGR10_1X10) + fse->code != OV01A10_MEDIA_BUS_FMT) return -EINVAL; fse->min_width = supported_modes[fse->index].width; -- 2.51.0

1 week, 1 day

2
1
0 0

FAILED: patch "[PATCH] serial: sc16is7xx: remove useless enable of enhanced features" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1c05bf6c0262f946571a37678250193e46b1ff0f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102739-fable-reroute-e6a6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1c05bf6c0262f946571a37678250193e46b1ff0f Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Mon, 6 Oct 2025 10:20:02 -0400 Subject: [PATCH] serial: sc16is7xx: remove useless enable of enhanced features Commit 43c51bb573aa ("sc16is7xx: make sure device is in suspend once probed") permanently enabled access to the enhanced features in sc16is7xx_probe(), and it is never disabled after that. Therefore, remove re-enable of enhanced features in sc16is7xx_set_baud(). This eliminates a potential useless read + write cycle each time the baud rate is reconfigured. Fixes: 43c51bb573aa ("sc16is7xx: make sure device is in suspend once probed") Cc: stable <stable(a)kernel.org> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://patch.msgid.link/20251006142002.177475-1-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 1a2c4c14f6aa..c7435595dce1 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -588,13 +588,6 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) div /= prescaler; } - /* Enable enhanced features */ - sc16is7xx_efr_lock(port); - sc16is7xx_port_update(port, SC16IS7XX_EFR_REG, - SC16IS7XX_EFR_ENABLE_BIT, - SC16IS7XX_EFR_ENABLE_BIT); - sc16is7xx_efr_unlock(port); - /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT,

1 week, 1 day

2
4
0 0

FAILED: patch "[PATCH] xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f3d12ec847b945d5d65846c85f062d07d5e73164 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102714-patriot-eel-32c8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f3d12ec847b945d5d65846c85f062d07d5e73164 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Tue, 14 Oct 2025 01:55:41 +0300 Subject: [PATCH] xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DbC may add 1024 bogus bytes to the beginneing of the receiving endpoint if DbC hw triggers a STALL event before any Transfer Blocks (TRBs) for incoming data are queued, but driver handles the event after it queued the TRBs. This is possible as xHCI DbC hardware may trigger spurious STALL transfer events even if endpoint is empty. The STALL event contains a pointer to the stalled TRB, and "remaining" untransferred data length. As there are no TRBs queued yet the STALL event will just point to first TRB position of the empty ring, with '0' bytes remaining untransferred. DbC driver is polling for events, and may not handle the STALL event before /dev/ttyDBC0 is opened and incoming data TRBs are queued. The DbC event handler will now assume the first queued TRB (length 1024) has stalled with '0' bytes remaining untransferred, and copies the data This race situation can be practically mitigated by making sure the event handler handles all pending transfer events when DbC reaches configured state, and only then create dev/ttyDbC0, and start queueing transfers. The event handler can this way detect the STALL events on empty rings and discard them before any transfers are queued. This does in practice solve the issue, but still leaves a small possible gap for the race to trigger. We still need a way to distinguish spurious STALLs on empty rings with '0' bytes remaing, from actual STALL events with all bytes transmitted. Cc: stable <stable(a)kernel.org> Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Tested-by: Łukasz Bartosik <ukaszb(a)chromium.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-dbgcap.c b/drivers/usb/host/xhci-dbgcap.c index 63edf2d8f245..023a8ec6f305 100644 --- a/drivers/usb/host/xhci-dbgcap.c +++ b/drivers/usb/host/xhci-dbgcap.c @@ -892,7 +892,8 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) dev_info(dbc->dev, "DbC configured\n"); portsc = readl(&dbc->regs->portsc); writel(portsc, &dbc->regs->portsc); - return EVT_GSER; + ret = EVT_GSER; + break; } return EVT_DONE; @@ -954,7 +955,8 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) break; case TRB_TYPE(TRB_TRANSFER): dbc_handle_xfer_event(dbc, evt); - ret = EVT_XFER_DONE; + if (ret != EVT_GSER) + ret = EVT_XFER_DONE; break; default: break;

1 week, 1 day

2
6
0 0

FAILED: patch "[PATCH] serial: 8250_dw: handle reset control deassert error" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x daeb4037adf7d3349b4a1fb792f4bc9824686a4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102700-sleep-robotics-c9e3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daeb4037adf7d3349b4a1fb792f4bc9824686a4b Mon Sep 17 00:00:00 2001 From: Artem Shimko <a.shimko.dev(a)gmail.com> Date: Sun, 19 Oct 2025 12:51:31 +0300 Subject: [PATCH] serial: 8250_dw: handle reset control deassert error Check the return value of reset_control_deassert() in the probe function to prevent continuing probe when reset deassertion fails. Previously, reset_control_deassert() was called without checking its return value, which could lead to probe continuing even when the device reset wasn't properly deasserted. The fix checks the return value and returns an error with dev_err_probe() if reset deassertion fails, providing better error handling and diagnostics. Fixes: acbdad8dd1ab ("serial: 8250_dw: simplify optional reset handling") Cc: stable <stable(a)kernel.org> Signed-off-by: Artem Shimko <a.shimko.dev(a)gmail.com> Link: https://patch.msgid.link/20251019095131.252848-1-a.shimko.dev@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c index a53ba04d9770..710ae4d40aec 100644 --- a/drivers/tty/serial/8250/8250_dw.c +++ b/drivers/tty/serial/8250/8250_dw.c @@ -635,7 +635,9 @@ static int dw8250_probe(struct platform_device *pdev) if (IS_ERR(data->rst)) return PTR_ERR(data->rst); - reset_control_deassert(data->rst); + err = reset_control_deassert(data->rst); + if (err) + return dev_err_probe(dev, err, "failed to deassert resets\n"); err = devm_add_action_or_reset(dev, dw8250_reset_control_assert, data->rst); if (err)

1 week, 1 day

2
2
0 0

FAILED: patch "[PATCH] serial: sc16is7xx: remove useless enable of enhanced features" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1c05bf6c0262f946571a37678250193e46b1ff0f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102739-casualty-hankering-f9ab@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1c05bf6c0262f946571a37678250193e46b1ff0f Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Date: Mon, 6 Oct 2025 10:20:02 -0400 Subject: [PATCH] serial: sc16is7xx: remove useless enable of enhanced features Commit 43c51bb573aa ("sc16is7xx: make sure device is in suspend once probed") permanently enabled access to the enhanced features in sc16is7xx_probe(), and it is never disabled after that. Therefore, remove re-enable of enhanced features in sc16is7xx_set_baud(). This eliminates a potential useless read + write cycle each time the baud rate is reconfigured. Fixes: 43c51bb573aa ("sc16is7xx: make sure device is in suspend once probed") Cc: stable <stable(a)kernel.org> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Link: https://patch.msgid.link/20251006142002.177475-1-hugo@hugovil.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 1a2c4c14f6aa..c7435595dce1 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -588,13 +588,6 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) div /= prescaler; } - /* Enable enhanced features */ - sc16is7xx_efr_lock(port); - sc16is7xx_port_update(port, SC16IS7XX_EFR_REG, - SC16IS7XX_EFR_ENABLE_BIT, - SC16IS7XX_EFR_ENABLE_BIT); - sc16is7xx_efr_unlock(port); - /* If bit MCR_CLKSEL is set, the divide by 4 prescaler is activated. */ sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, SC16IS7XX_MCR_CLKSEL_BIT,

1 week, 1 day

2
4
0 0

[[Name]]Alliance Ad

by Almus

1 week, 1 day

1
0
0 0

[PATCH 0/4] drm/tidss: Fixes data edge sampling

by Louis Chauvet

Currently the driver only configure the data edge sampling partially. The AM62 require it to be configured in two distincts registers: one in tidss and one in the general device registers. Introduce a new dt property to link the proper syscon node from the main device registers into the tidss driver. Fixes: 32a1795f57ee ("drm/tidss: New driver for TI Keystone platform Display SubSystem") --- Cc: stable(a)vger.kernel.org Signed-off-by: Louis Chauvet <louis.chauvet(a)bootlin.com> --- Louis Chauvet (4): dt-bindings: display: ti,am65x-dss: Add clk property for data edge synchronization dt-bindings: mfd: syscon: Add ti,am625-dss-clk-ctrl arm64: dts: ti: k3-am62-main: Add tidss clk-ctrl property drm/tidss: Fix sampling edge configuration .../devicetree/bindings/display/ti/ti,am65x-dss.yaml | 6 ++++++ Documentation/devicetree/bindings/mfd/syscon.yaml | 3 ++- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 6 ++++++ drivers/gpu/drm/tidss/tidss_dispc.c | 14 ++++++++++++++ 4 files changed, 28 insertions(+), 1 deletion(-) --- base-commit: 85c23f28905cf20a86ceec3cfd7a0a5572c9eb13 change-id: 20250730-fix-edge-handling-9123f7438910 Best regards, -- Louis Chauvet <louis.chauvet(a)bootlin.com>

1 week, 1 day

6
23
0 0

[PATCH v4 bpf 1/3] ftrace: Fix BPF fexit with livepatch

by Song Liu

When livepatch is attached to the same function as bpf trampoline with a fexit program, bpf trampoline code calls register_ftrace_direct() twice. The first time will fail with -EAGAIN, and the second time it will succeed. This requires register_ftrace_direct() to unregister the address on the first attempt. Otherwise, the bpf trampoline cannot attach. Here is an easy way to reproduce this issue: insmod samples/livepatch/livepatch-sample.ko bpftrace -e 'fexit:cmdline_proc_show {}' ERROR: Unable to attach probe: fexit:vmlinux:cmdline_proc_show... Fix this by cleaning up the hash when register_ftrace_function_nolock hits errors. Also, move the code that resets ops->func and ops->trampoline to the error path of register_ftrace_direct(); and add a helper function reset_direct() in register_ftrace_direct() and unregister_ftrace_direct(). Fixes: d05cb470663a ("ftrace: Fix modification of direct_function hash while in use") Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: Andrey Grodzovsky <andrey.grodzovsky(a)crowdstrike.com> Closes: https://lore.kernel.org/live-patching/c5058315a39d4615b333e485893345be@crow… Cc: Steven Rostedt (Google) <rostedt(a)goodmis.org> Cc: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Acked-and-tested-by: Andrey Grodzovsky <andrey.grodzovsky(a)crowdstrike.com> Signed-off-by: Song Liu <song(a)kernel.org> Reviewed-by: Jiri Olsa <jolsa(a)kernel.org> --- kernel/bpf/trampoline.c | 5 ----- kernel/trace/ftrace.c | 20 ++++++++++++++------ 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c index 5949095e51c3..f2cb0b097093 100644 --- a/kernel/bpf/trampoline.c +++ b/kernel/bpf/trampoline.c @@ -479,11 +479,6 @@ static int bpf_trampoline_update(struct bpf_trampoline *tr, bool lock_direct_mut * BPF_TRAMP_F_SHARE_IPMODIFY is set, we can generate the * trampoline again, and retry register. */ - /* reset fops->func and fops->trampoline for re-register */ - tr->fops->func = NULL; - tr->fops->trampoline = 0; - - /* free im memory and reallocate later */ bpf_tramp_image_free(im); goto again; } diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 42bd2ba68a82..cbeb7e833131 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -5953,6 +5953,17 @@ static void register_ftrace_direct_cb(struct rcu_head *rhp) free_ftrace_hash(fhp); } +static void reset_direct(struct ftrace_ops *ops, unsigned long addr) +{ + struct ftrace_hash *hash = ops->func_hash->filter_hash; + + remove_direct_functions_hash(hash, addr); + + /* cleanup for possible another register call */ + ops->func = NULL; + ops->trampoline = 0; +} + /** * register_ftrace_direct - Call a custom trampoline directly * for multiple functions registered in @ops @@ -6048,6 +6059,8 @@ int register_ftrace_direct(struct ftrace_ops *ops, unsigned long addr) ops->direct_call = addr; err = register_ftrace_function_nolock(ops); + if (err) + reset_direct(ops, addr); out_unlock: mutex_unlock(&direct_mutex); @@ -6080,7 +6093,6 @@ EXPORT_SYMBOL_GPL(register_ftrace_direct); int unregister_ftrace_direct(struct ftrace_ops *ops, unsigned long addr, bool free_filters) { - struct ftrace_hash *hash = ops->func_hash->filter_hash; int err; if (check_direct_multi(ops)) @@ -6090,13 +6102,9 @@ int unregister_ftrace_direct(struct ftrace_ops *ops, unsigned long addr, mutex_lock(&direct_mutex); err = unregister_ftrace_function(ops); - remove_direct_functions_hash(hash, addr); + reset_direct(ops, addr); mutex_unlock(&direct_mutex); - /* cleanup for possible another register call */ - ops->func = NULL; - ops->trampoline = 0; - if (free_filters) ftrace_free_filter(ops); return err; -- 2.47.3

1 week, 1 day

1
0
0 0

FAILED: patch "[PATCH] xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f3d12ec847b945d5d65846c85f062d07d5e73164 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102713-cucumber-persevere-aa50@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f3d12ec847b945d5d65846c85f062d07d5e73164 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Tue, 14 Oct 2025 01:55:41 +0300 Subject: [PATCH] xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DbC may add 1024 bogus bytes to the beginneing of the receiving endpoint if DbC hw triggers a STALL event before any Transfer Blocks (TRBs) for incoming data are queued, but driver handles the event after it queued the TRBs. This is possible as xHCI DbC hardware may trigger spurious STALL transfer events even if endpoint is empty. The STALL event contains a pointer to the stalled TRB, and "remaining" untransferred data length. As there are no TRBs queued yet the STALL event will just point to first TRB position of the empty ring, with '0' bytes remaining untransferred. DbC driver is polling for events, and may not handle the STALL event before /dev/ttyDBC0 is opened and incoming data TRBs are queued. The DbC event handler will now assume the first queued TRB (length 1024) has stalled with '0' bytes remaining untransferred, and copies the data This race situation can be practically mitigated by making sure the event handler handles all pending transfer events when DbC reaches configured state, and only then create dev/ttyDbC0, and start queueing transfers. The event handler can this way detect the STALL events on empty rings and discard them before any transfers are queued. This does in practice solve the issue, but still leaves a small possible gap for the race to trigger. We still need a way to distinguish spurious STALLs on empty rings with '0' bytes remaing, from actual STALL events with all bytes transmitted. Cc: stable <stable(a)kernel.org> Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Tested-by: Łukasz Bartosik <ukaszb(a)chromium.org> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-dbgcap.c b/drivers/usb/host/xhci-dbgcap.c index 63edf2d8f245..023a8ec6f305 100644 --- a/drivers/usb/host/xhci-dbgcap.c +++ b/drivers/usb/host/xhci-dbgcap.c @@ -892,7 +892,8 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) dev_info(dbc->dev, "DbC configured\n"); portsc = readl(&dbc->regs->portsc); writel(portsc, &dbc->regs->portsc); - return EVT_GSER; + ret = EVT_GSER; + break; } return EVT_DONE; @@ -954,7 +955,8 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) break; case TRB_TYPE(TRB_TRANSFER): dbc_handle_xfer_event(dbc, evt); - ret = EVT_XFER_DONE; + if (ret != EVT_GSER) + ret = EVT_XFER_DONE; break; default: break;

1 week, 1 day

2
6
0 0

FAILED: patch "[PATCH] serial: 8250_dw: handle reset control deassert error" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x daeb4037adf7d3349b4a1fb792f4bc9824686a4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102700-impish-precook-5377@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From daeb4037adf7d3349b4a1fb792f4bc9824686a4b Mon Sep 17 00:00:00 2001 From: Artem Shimko <a.shimko.dev(a)gmail.com> Date: Sun, 19 Oct 2025 12:51:31 +0300 Subject: [PATCH] serial: 8250_dw: handle reset control deassert error Check the return value of reset_control_deassert() in the probe function to prevent continuing probe when reset deassertion fails. Previously, reset_control_deassert() was called without checking its return value, which could lead to probe continuing even when the device reset wasn't properly deasserted. The fix checks the return value and returns an error with dev_err_probe() if reset deassertion fails, providing better error handling and diagnostics. Fixes: acbdad8dd1ab ("serial: 8250_dw: simplify optional reset handling") Cc: stable <stable(a)kernel.org> Signed-off-by: Artem Shimko <a.shimko.dev(a)gmail.com> Link: https://patch.msgid.link/20251019095131.252848-1-a.shimko.dev@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c index a53ba04d9770..710ae4d40aec 100644 --- a/drivers/tty/serial/8250/8250_dw.c +++ b/drivers/tty/serial/8250/8250_dw.c @@ -635,7 +635,9 @@ static int dw8250_probe(struct platform_device *pdev) if (IS_ERR(data->rst)) return PTR_ERR(data->rst); - reset_control_deassert(data->rst); + err = reset_control_deassert(data->rst); + if (err) + return dev_err_probe(dev, err, "failed to deassert resets\n"); err = devm_add_action_or_reset(dev, dw8250_reset_control_assert, data->rst); if (err)

1 week, 1 day

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror