- Linux-stable-mirror - lists.linaro.org

by Seven

Hi, Glad to know you and your company from Jordan. I‘m Seven CTO of STHL We are a one-stop service provider for PCBA. We can help you with production from PCB to finished product assembly. Why Partner With Us? ✅ One-Stop Expertise: From PCB fabrication, PCBA (SMT & Through-Hole), custom cable harnesses, , to final product assembly – we eliminate multi-vendor coordination risks. ✅ Cost Efficiency: 40%+ clients reduce logistics/QC costs through our integrated service model (ISO 9001:2015 certified). ✅ Speed-to-Market: Average 15% faster lead times achieved via in-house vertical integration. Recent Success Case: Helped a German IoT startup scale from prototype to 50K-unit/month production within 6 months through our: PCB Design-for-Manufacturing (DFM) optimizationAutomated PCBA with 99.98% first-pass yieldMechanical housing CNC machining & IP67-rated assembly Seven Marcus CTO Shenzhen STHL Technology Co,Ltd +8618569002840 Seven(a)pcba-china.com

3 months, 2 weeks

1
0
0 0

[PATCH 6.15 00/49] 6.15.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.1 release. There are 49 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 04 Jun 2025 13:42:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.1-rc1 Robin Murphy <robin.murphy(a)arm.com> iommu: Handle yet another race around registration Robin Murphy <robin.murphy(a)arm.com> iommu: Avoid introducing more races Christian Brauner <brauner(a)kernel.org> coredump: hand a pidfd to the usermode coredump helper Christian Brauner <brauner(a)kernel.org> coredump: fix error handling for replace_fd() Christian Brauner <brauner(a)kernel.org> pidfs: move O_RDWR into pidfs_alloc_file() Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Add CMN S3 ACPI binding Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Initialise cmn->cpu earlier Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix REQ2/SNP2 mixup Pedro Tammela <pctammela(a)mojatatu.com> net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix length of serdes_ln_ctrl Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-main: Disable "serdes_wiz0" and "serdes_wiz1" Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-evm: Enable "serdes_wiz0" and "serdes_wiz1" Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add requiried voltage supplies for IMX219 Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Remove clock-names property from IMX219 overlay Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am68-sk: Fix regulator hierarchy Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in OV5640 overlay Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in IMX219 overlay Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am62x: Remove clock-names property from IMX219 overlay Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62p-j722s-common-main: Set eMMC clock parent to default Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62a-main: Set eMMC clock parent to default Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62-main: Set eMMC clock parent to default Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix PCIe 3rd controller DBI size Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100: Add GPU cooling Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100: Fix video thermal zone Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-yoga-slim7x: mark l12b and l15b always-on Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: mark l12b and l15b always-on Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix vreg_l2j_1p2 voltage Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix vreg_l2j_1p2 voltage Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-hp-x14: mark l12b and l15b always-on Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-hp-omnibook-x14: Fix vreg_l2j_1p2 voltage Juerg Haefliger <juerg.haefliger(a)canonical.com> arm64: dts: qcom: x1e80100-hp-omnibook-x14: Enable SMB2360 0 and 1 Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-dell-xps13-9345: mark l12b and l15b always-on Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix vreg_l2j_1p2 voltage Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e001de-devkit: mark l12b and l15b always-on Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e001de-devkit: Fix vreg_l2j_1p2 voltage Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sm8650: Add missing properties for cryptobam Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sm8550: Add missing properties for cryptobam Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sm8450: Add missing properties for cryptobam Alok Tiwari <alok.a.tiwari(a)oracle.com> arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node Karthik Sanagavarapu <quic_kartsana(a)quicinc.com> arm64: dts: qcom: sa8775p: Remove cdsp compute-cb@10 Ling Xu <quic_lxu5(a)quicinc.com> arm64: dts: qcom: sa8775p: Remove extra entries from the iommus property Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sa8775p: Add missing properties for cryptobam Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: ipq9574: Add missing properties for cryptobam Sebastian Reichel <sebastian.reichel(a)collabora.com> arm64: dts: rockchip: Add missing SFC power-domains to rk3576 Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> arm64: dts: socfpga: agilex5: fix gpio0 address ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi | 4 +- arch/arm64/boot/dts/qcom/ipq9574.dtsi | 2 + arch/arm64/boot/dts/qcom/sa8775p.dtsi | 248 ++--------------- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8550.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8650.dtsi | 2 + arch/arm64/boot/dts/qcom/x1e001de-devkit.dts | 6 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- .../boot/dts/qcom/x1e80100-dell-xps13-9345.dts | 2 + .../boot/dts/qcom/x1e80100-hp-omnibook-x14.dts | 14 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 7 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 309 +++++++++++---------- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 40 ++- arch/arm64/boot/dts/rockchip/rk3576.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 2 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 - .../boot/dts/ti/k3-am62p-j722s-common-main.dtsi | 2 - .../arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso | 3 +- .../arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso | 2 +- .../boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso | 2 +- arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts | 13 +- .../boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso | 35 ++- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 31 +++ arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 8 + arch/arm64/boot/dts/ti/k3-j722s-main.dtsi | 4 + .../boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 2 +- drivers/iommu/iommu.c | 34 ++- drivers/perf/arm-cmn.c | 11 +- fs/coredump.c | 65 ++++- fs/pidfs.c | 1 + include/linux/coredump.h | 1 + include/linux/iommu.h | 2 + net/sched/sch_hfsc.c | 9 +- 37 files changed, 447 insertions(+), 440 deletions(-)

3 months, 2 weeks

10
58
0 0

[PATCH 6.14 000/783] 6.14.9-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.9 release. There are 783 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 May 2025 16:22:51 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.9-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.9-rc1 Nathan Chancellor <nathan(a)kernel.org> kbuild: Properly disable -Wunterminated-string-initialization for clang Linus Torvalds <torvalds(a)linux-foundation.org> Fix mis-uses of 'cc-option' for warning disablement Linus Torvalds <torvalds(a)linux-foundation.org> gcc-15: disable '-Wunterminated-string-initialization' entirely for now Linus Torvalds <torvalds(a)linux-foundation.org> gcc-15: make 'unterminated string initialization' just a warning David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu: read back register after written for VCN v4.0.5 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/vcn4.0.5: split code along instances Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix determining SST/MST mode during MTP TU state computation Raag Jadav <raag.jadav(a)intel.com> err.h: move IOMEM_ERR_PTR() to err.h Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Use xe_mmio_read32() to read mtcfg register Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: Reset SR flags before sending a new message Bogdan-Gabriel Roman <bogdan-gabriel.roman(a)nxp.com> spi: spi-fsl-dspi: Halt the module after a new message transfer Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: restrict register range for regmap access Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> spi: use container_of_cont() for to_spi_device() Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: think-lmi: Fix attribute name usage for non-compliant items Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix stream write failure Jernej Skrabec <jernej.skrabec(a)gmail.com> Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection" Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btmtksdio: Do close if SDIO card removed without close Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btmtksdio: Check function enabled before doing close Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: restore monitor for outgoing frames Arnd Bergmann <arnd(a)arndb.de> octeontx2: hide unused label Kees Cook <kees(a)kernel.org> mm: vmalloc: only zero-init on vrealloc shrink Kees Cook <kees(a)kernel.org> mm: vmalloc: actually use the in-place vrealloc region Florent Revest <revest(a)chromium.org> mm: fix VM_UFFD_MINOR == VM_SHADOW_STACK on USERFAULTFD=y && ARM64_GCS=y Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled Wang Yaxin <wang.yaxin(a)zte.com.cn> taskstats: fix struct taskstats breaks backward compatibility since version 15 David Wang <00107082(a)163.com> module: release codetag section when module load fails Tianyang Zhang <zhangtianyang(a)loongson.cn> mm/page_alloc.c: avoid infinite retries caused by cpuset race Ge Yang <yangge1116(a)126.com> mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios Breno Leitao <leitao(a)debian.org> memcg: always call cond_resched() after fn() Alexander Gordeev <agordeev(a)linux.ibm.com> kasan: avoid sleepable page allocation from atomic context Matthew Wilcox (Oracle) <willy(a)infradead.org> highmem: add folio_test_partial_kmap() Suren Baghdasaryan <surenb(a)google.com> alloc_tag: allocate percpu counters for module tags dynamically Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics-rmi - fix crash with unsupported versions of F34 Vicki Pfau <vi(a)endrift.com> Input: xpad - add more controllers Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: Keep display off while going into S4" Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Reset all search buffer pointers when releasing buffer Gabor Juhos <j4g8y7(a)gmail.com> arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix use-after-free in cifs_fill_dirent feijuan.li <feijuan.li(a)samsung.com> drm/edid: fixed the bug that hdr metadata was not reset Zhang Rui <rui.zhang(a)intel.com> thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature Vladimir Moskovkin <Vladimir.Moskovkin(a)kaspersky.com> platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() Dan Carpenter <dan.carpenter(a)linaro.org> pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: renesas: rcar: Remove obsolete nullify checks Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Add SDHCI_QUIRK2_SUPPRESS_V1P8_ENA quirk to am62 compatible Ronak Doshi <ronak.doshi(a)broadcom.com> vmxnet3: update MTU after device quiesce Jakob Unterwurzacher <jakobunt(a)gmail.com> net: dsa: microchip: linearize skb for tail-tagging switches Jens Axboe <axboe(a)kernel.dk> io_uring/net: only retry recv bundle for a full transfer Axel Forsman <axfo(a)kvaser.com> can: kvaser_pciefd: Fix echo_skb race Axel Forsman <axfo(a)kvaser.com> can: kvaser_pciefd: Continue parsing DMA buf after dropped RX Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> llc: fix data loss when reading from a socket in llc_ui_recvmsg() Ed Burcher <git(a)edburcher.com> ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix race of buffer access at PCM OSS layer Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoc: SOF: topology: connect DAI to a single DAI link Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-bus: Use PIO mode on ACE2+ platforms Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add missing rcu read protection for procfs content Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add locking for bcm_op runtime updates Carlos Sanchez <carlossanchez(a)geotab.com> can: slcan: allow reception of short error messages Dominik Grzegorzek <dominik.grzegorzek(a)oracle.com> padata: do not leak refcount in reorder_work Ivan Pravdin <ipravdin.official(a)gmail.com> crypto: algif_hash - fix double free in hash_accept André Draszik <andre.draszik(a)linaro.org> clk: s2mps11: initialise clk_hw_onecell_data::num before accessing ::hws[] in probe() Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix APR entry mapping based on APR_LMT_CFG Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Set LMT_ENA bit for APR table entries Wang Liang <wangliang74(a)huawei.com> net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Suman Ghosh <sumang(a)marvell.com> octeontx2-pf: Avoid adding dcbnl_ops for LBK and SDP vf Suman Ghosh <sumang(a)marvell.com> octeontx2-pf: AF_XDP zero copy receive support Suman Ghosh <sumang(a)marvell.com> octeontx2-pf: Add AF_XDP non-zero copy support Suman Ghosh <sumang(a)marvell.com> octeontx2-pf: use xdp_return_frame() to free xdp buffers Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() Eric Dumazet <edumazet(a)google.com> idpf: fix idpf_vport_splitq_napi_poll() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix overflow resched cqe reordering Samiullah Khawaja <skhawaja(a)google.com> xsk: Bring back busy polling support in XDP_COPY Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Restore SGMII CTRL register on resume Paul Kocialkowski <paulk(a)sys-base.io> net: dwmac-sun8i: Use parsed internal PHY address instead of 1 Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> pinctrl: qcom: switch to devm_register_sys_off_handler() Christoph Hellwig <hch(a)lst.de> loop: don't require ->write_iter for writable files in loop_configure Pavan Kumar Linga <pavan.kumar.linga(a)intel.com> idpf: fix null-ptr-deref in idpf_features_check Dave Ertman <david.m.ertman(a)intel.com> ice: Fix LACP bonds without SRIOV environment Jacob Keller <jacob.e.keller(a)intel.com> ice: fix vf->num_mac count with port representors Paolo Abeni <pabeni(a)redhat.com> mr: consolidate the ipmr_can_free_table() checks. Ido Schimmel <idosch(a)nvidia.com> bridge: netfilter: Fix forwarding of fragmented packets Sagi Maimon <maimon.sagi(a)gmail.com> ptp: ocp: Limit signal/freq counts in summary output functions En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not checking l2cap_chan security level Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq Andrew Bresticker <abrestic(a)rivosinc.com> irqchip/riscv-imsic: Start local sync timer on correct CPU Tavian Barnes <tavianator(a)tavianator.com> ASoC: SOF: Intel: hda: Fix UAF when reloading module Raag Jadav <raag.jadav(a)intel.com> devres: Introduce devm_kmemdup_array() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> driver core: Split devres APIs to device/devres.h Stefan Wahren <wahrenst(a)gmx.net> dmaengine: fsl-edma: Fix return code for unhandled interrupts Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: Fix ->poll() return value Paul Chaignon <paul.chaignon(a)gmail.com> xfrm: Sanitize marks before insert Andre Przywara <andre.przywara(a)arm.com> clk: sunxi-ng: d1: Add missing divider for MMC mod clocks Matti Lehtimäki <matti.lehtimaki(a)gmail.com> remoteproc: qcom_wcnss: Fix on platforms without fallback regulators David Hildenbrand <david(a)redhat.com> kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() Seongman Lee <augustus92(a)kaist.ac.kr> x86/sev: Fix operator precedence in GHCB_MSR_VMPL_REQ_LEVEL macro Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: idxd: Fix allowing write() from different address spaces Tobias Brunner <tobias(a)strongswan.org> xfrm: Fix UDP GRO handling for some corner cases Sabrina Dubroca <sd(a)queasysnail.net> espintcp: remove encap socket caching to avoid reference leak Sabrina Dubroca <sd(a)queasysnail.net> espintcp: fix skb leaks Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: bus: Fix race on the creation of the IRQ domain Al Viro <viro(a)zeniv.linux.org.uk> __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock Austin Zheng <Austin.Zheng(a)amd.com> drm/amd/display: Call FP Protect Before Mode Programming/Mode Support Jason Andryuk <jason.andryuk(a)amd.com> xenbus: Allow PVH dom0 a non-local xenstore Paweł Anikiel <panikiel(a)google.com> x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: add support for Killer on MTL Johannes Thumshirn <johannes.thumshirn(a)wdc.com> block: only update request sector if needed David Wei <dw(a)davidwei.uk> tools: ynl-gen: validate 0 len strings from kernel Qu Wenruo <wqu(a)suse.com> btrfs: avoid NULL pointer dereference if no valid csum tree Boris Burkov <boris(a)bur.io> btrfs: handle empty eb->folios in num_extent_folios() Goldwyn Rodrigues <rgoldwyn(a)suse.de> btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref Kees Cook <kees(a)kernel.org> btrfs: compression: adjust cb->compressed_folios allocation type Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> iio: imu: st_lsm6dsx: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> iio: adc: qcom-spmi-iadc: Fix wakeup source leaks on device unbind Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> iio: accel: fxls8962af: Fix wakeup source leaks on device unbind Stefan Binding <sbinding(a)opensource.cirrus.com> ASoC: intel/sdw_utils: Add volume limit to cs35l56 speakers Stefan Binding <sbinding(a)opensource.cirrus.com> ASoC: intel/sdw_utils: Add volume limit to cs42l43 speakers Pali Rohár <pali(a)kernel.org> cifs: Fix changing times and read-only attr over SMB1 smb_set_file_info() function Pali Rohár <pali(a)kernel.org> cifs: Fix and improve cifs_query_path_info() and cifs_query_file_info() Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: annotate racy sq/cq head/tail reads Alistair Francis <alistair.francis(a)wdc.com> nvmet-tcp: don't restore null sk_state_change Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix duplicated name in MIDI substream names Wentao Guan <guanwentao(a)uniontech.com> nvme-pci: add quirks for WDC Blue SN550 15b7:5009 Wentao Guan <guanwentao(a)uniontech.com> nvme-pci: add quirks for device 126f:1001 Sunil Khatri <sunil.khatri(a)amd.com> drm/ttm: fix the warning for hit_low and evict_low Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Disable headphone clamps during type detection Gašper Nemgar <gasper.nemgar(a)gmail.com> platform/x86: ideapad-laptop: add support for some new buttons Pavel Nikulin <pavel(a)noa-labs.com> platform/x86: asus-wmi: Disable OOBE state after resume from hibernation Saranya Gopal <saranya.gopal(a)intel.com> platform/x86/intel: hid: Add Pantherlake support Salah Triki <salah.triki(a)gmail.com> smb: server: smb2pdu: check return value of xa_store() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> pinctrl: meson: define the pull up/down resistor value as 60 kOhm Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> book3s64/radix: Fix compile errors when CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=n Chenyuan Yang <chenyuan0y(a)gmail.com> ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() Eric Dumazet <edumazet(a)google.com> net-sysfs: restore behavior for not running devices Kate Hsuan <hpa(a)redhat.com> HID: Kconfig: Add LEDS_CLASS_MULTICOLOR dependency to HID_LOGITECH Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: mac80211: Add counter for all monitor interfaces Xiaogang Chen <xiaogang.chen(a)amd.com> drm/amdkfd: Fix pasid value leak Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Fix error handling for missing PASID in 'kfd_process_device_init_vm' Ovidiu Bunea <Ovidiu.Bunea(a)amd.com> drm/amd/display: Exit idle optimizations before accessing PHY Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Save and restore more registers Willem de Bruijn <willemb(a)google.com> ipv6: remove leftover ip6 cookie initializer Eduard Zingerman <eddyz87(a)gmail.com> bpf: abort verification if env->cur_state->loop_entry != NULL Balbir Singh <balbirs(a)nvidia.com> x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers Michael S. Tsirkin <mst(a)redhat.com> virtgpu: don't reset on shutdown Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Internally test import_attach for imported objects Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Correct F8_MODE for gfx950 Arnd Bergmann <arnd(a)arndb.de> watchdog: aspeed: fix 64-bit division Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() Dan Carpenter <dan.carpenter(a)linaro.org> ASoC: sma1307: Fix error handling in sma1307_setting_loaded() Nathan Chancellor <nathan(a)kernel.org> i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() Jessica Zhang <quic_jesszhan(a)quicinc.com> drm: Add valid clones check Douglas Anderson <dianders(a)chromium.org> drm/panel-edp: Add Starry 116KHD024006 Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> drm/xe: Add locks in gtidle code Lin.Cao <lincao12(a)amd.com> drm/buddy: fix issue that force_merge cannot free all roots Simona Vetter <simona.vetter(a)ffwll.ch> drm/atomic: clarify the rules around drm_atomic_state->allow_modeset Oak Zeng <oak.zeng(a)intel.com> drm/xe: Reject BO eviction if BO is bound to current VM John Harrison <John.C.Harrison(a)Intel.com> drm/xe/guc: Drop error messages about missing GuC logs Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Always setup GT MMIO adjustment data Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/vf: Perform early GT MMIO initialization to read GMDID Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/sa: Always call drm_suballoc_manager_fini() Ching-Te Ku <ku920601(a)realtek.com> wifi: rtw89: coex: Add protect to avoid A2DP lag while Wi-Fi connecting Ching-Te Ku <ku920601(a)realtek.com> wifi: rtw89: coex: Separated Wi-Fi connecting event from Wi-Fi scan event Maarten Lankhorst <dev(a)lankhorst.se> drm/xe: Do not attempt to bootstrap VF in execlists mode Maarten Lankhorst <dev(a)lankhorst.se> drm/xe: Move suballocator init to after display init Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Hide Gens 1 to 3 TX detection in branch P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation Zhi Wang <zhiw(a)nvidia.com> drm/nouveau: fix the broken marco GSP_MSG_MAX_SIZE Olivier Moysan <olivier.moysan(a)foss.st.com> drm: bridge: adv7511: fill stream capabilities Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: ath12k: report station mode transmit rate Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: ath12k: report station mode receive rate for IEEE 802.11be P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix end offset bit definition in monitor ring descriptor Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Move VFs reprovisioning to worker Aaradhana Sahu <quic_aarasahu(a)quicinc.com> wifi: ath12k: Fetch regdb.bin file from board-2.bin Rosen Penev <rosenp(a)gmail.com> wifi: ath9k: return by of_get_mac_address Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Reset GuC VF config when unprovisioning critical resource Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Mask out SR-IOV PCI resources Nicolas Escande <nico.escande(a)gmail.com> wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override Isaac Scott <isaac.scott(a)ideasonboard.com> regulator: ad5398: Add device tree support Sean Anderson <sean.anderson(a)linux.dev> spi: zynqmp-gqspi: Always acknowledge interrupts Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate Soeren Moch <smoch(a)web.de> wifi: rtl8xxxu: retry firmware download on error Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: rzg2l-cpg: Refactor Runtime PM clock validation Ravi Bangoria <ravi.bangoria(a)amd.com> perf/amd/ibs: Fix ->config to sample period calculation for OP PMU Ravi Bangoria <ravi.bangoria(a)amd.com> perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_scmi: Relax duplicate name constraint across protocol ids Viktor Malik <vmalik(a)redhat.com> bpftool: Fix readlink usage in get_fd_type Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Use kallsyms to find the function name of a struct_ops's stub function Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Find VBIOS mode from regular display size Matthew Sakai <msakai(a)redhat.com> dm vdo: use a short static string for thread name prefix Chung Chung <cchung(a)redhat.com> dm vdo indexer: prevent unterminated string warning Ken Raeburn <raeburn(a)redhat.com> dm vdo vio-pool: allow variable-sized metadata vios Vladimir Kondratiev <vladimir.kondratiev(a)mobileye.com> irqchip/riscv-aplic: Add support for hart indexes Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: rt722-sdca: Add some missing readable registers Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode Naman Trivedi <naman.trivedimanojbhai(a)amd.com> arm64: zynqmp: add clock-output-names property in clock nodes junan <junan76(a)163.com> HID: usbkbd: Fix the bit shift number for LED_KANA Avula Sri Charan <quic_asrichar(a)quicinc.com> wifi: ath12k: Avoid napi_sync() before napi_enable() Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Restore some drive settings after reset Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Reduce log message generation during ELS ring clean up Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine Konstantin Taranov <kotaranov(a)microsoft.com> net/mana: fix warning in the writer of client oob Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/relay: Don't use GFP_KERNEL for new transactions Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: count combined queues using Rx/Tx count Peter Zijlstra (Intel) <peterz(a)infradead.org> perf: Avoid the read if the count is already updated Ankur Arora <ankur.a.arora(a)oracle.com> rcu: fix header guard for rcu_all_qs() Ankur Arora <ankur.a.arora(a)oracle.com> rcu: handle unstable rdp in rcu_read_unlock_strict() Ankur Arora <ankur.a.arora(a)oracle.com> rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: treat dyn_allowed only as suggestion Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: init flow director before RDMA Petr Machata <petrm(a)nvidia.com> bridge: mdb: Allow replace of a host-joined group Eric Dumazet <edumazet(a)google.com> net: flush_backlog() small changes Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't scan PHY addresses > 0 Geert Uytterhoeven <geert(a)linux-m68k.org> ipv4: ip_gre: Fix set but not used warning in ipgre_err() if IPv4-only Ido Schimmel <idosch(a)nvidia.com> vxlan: Annotate FDB data races Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled Jakub Kicinski <kuba(a)kernel.org> tools: ynl-gen: don't output external constants Alexander Duyck <alexanderduyck(a)meta.com> eth: fbnic: set IFF_UNICAST_FLT to avoid enabling promiscuous mode when adding unicast addrs Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> drm/rockchip: vop2: Improve display modes handling on RK3588 HDMI0 Depeng Shao <quic_depengs(a)quicinc.com> media: qcom: camss: Add default case in vfe_src_pad_code Depeng Shao <quic_depengs(a)quicinc.com> media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: introduce f2fs_base_attr for global sysfs entries Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe: Fix PVC RPe and RPa information Andrey Vatoropin <a.vatoropin(a)crpt.ru> hwmon: (xgene-hwmon) use appropriate type for the latency value Len Brown <len.brown(a)intel.com> tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options Jakub Kicinski <kuba(a)kernel.org> net: page_pool: avoid false positive warning if NAPI was never added Jakub Kicinski <kuba(a)kernel.org> netdevsim: allow normal queue reset while down Jordan Crouse <jorcrous(a)amazon.com> clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: add bus mode setup Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: ad3552r-hs: use instruction mode for configuration Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: call power_on ahead before selecting firmware Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: validate multi-firmware header before accessing Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: validate multi-firmware header before getting its size Ching-Te Ku <ku920601(a)realtek.com> wifi: rtw89: coex: Assign value over than 0 to avoid firmware timer hang Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix download_firmware_validate() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Extend rtw_fw_send_ra_info() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_update_sta_info() for RTL8814AU Zhang Yi <yi.zhang(a)huawei.com> ext4: remove writable userspace mappings before truncating page cache Zhang Yi <yi.zhang(a)huawei.com> ext4: don't write back data before punch hole in nojournal mode Marek Vasut <marex(a)denx.de> leds: trigger: netdev: Configure LED blink interval for HW offload Kees Cook <kees(a)kernel.org> pstore: Change kmsg_bytes storage size to u32 Song Yoong Siang <yoong.siang.song(a)intel.com> igc: Avoid unnecessary link down event in XDP_SETUP_PROG process David Lechner <dlechner(a)baylibre.com> iio: adc: ad7944: don't use storagebits for sizing Akihiko Odaki <akihiko.odaki(a)daynix.com> s390/crash: Use note name macros Aleksander Jan Bajkowski <olek2(a)wp.pl> r8152: add vendor/device ID pair for Dell Alienware AW1022z Kuniyuki Iwashima <kuniyu(a)amazon.com> ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> arch/powerpc/perf: Check the instruction type before creating sample with perf_mem_data_src Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Refactor MAC reset to function Alexander Wetzel <Alexander(a)wetzel-home.de> wifi: mac80211: Drop cooked monitor support Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: add HT and VHT basic set verification Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: set ieee80211_prep_tx_info::link_id upon Auth Rx Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove misplaced drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unconditionally call drv_mgd_complete_tx() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: always send max agg subframe num in strict mode Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: don't warn during reprobe Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: use correct IMR dump variable Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: userspace: flags: clearer msg if no remote addr Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: ath12k: Update the peer id in PPDU end user stats TLV P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: fix the ampdu id fetch in the HAL_RX_MPDU_START TLV Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: ath12k: use arvif instead of link_conf in ath12k_mac_set_key() Aaradhana Sahu <quic_aarasahu(a)quicinc.com> wifi: ath12k: Enable MLO setup ready and teardown commands for single split-phy device Angelo Dureghello <adureghello(a)baylibre.com> iio: adc: ad7606: protect register access Leon Romanovsky <leon(a)kernel.org> xfrm: prevent high SEQ input in non-ESN mode Stefan Wahren <wahrenst(a)gmx.net> drm/v3d: Add clock handling William Tu <witu(a)nvidia.com> net/mlx5e: reduce the max log mpwrq sz for ECPF and reps William Tu <witu(a)nvidia.com> net/mlx5e: reduce rep rxq depth to 256 for ECPF William Tu <witu(a)nvidia.com> net/mlx5e: set the tx_queue_len for pfifo_fast Alexei Lazar <alazar(a)nvidia.com> net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB Alexei Lazar <alazar(a)nvidia.com> net/mlx5: XDP, Enable TX side XDP multi-buffer support Chaohai Chen <wdhh66(a)163.com> scsi: target: spc: Fix loop traversal in spc_rsoc_get_descr() Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() Xiaogang Chen <xiaogang.chen(a)amd.com> drm/amdkfd: Have kfd driver use same PASID values from graphic driver Shiwu Zhang <shiwu.zhang(a)amd.com> drm/amdgpu: enlarge the VBIOS binary size limit Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Use active umc info from discovery Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Populate register address for dentist for dcn401 Austin Zheng <Austin.Zheng(a)amd.com> drm/amd/display: Use Nominal vBlank If Provided Instead Of Capping It Joshua Aberback <joshua.aberback(a)amd.com> drm/amd/display: Increase block_sequence array size Peterson Guo <peterson.guo(a)amd.com> drm/amd/display: Reverse the visual confirm recouts Jiang Liu <gerry(a)linux.alibaba.com> amdgpu/soc15: enable asic reset for dGPU in case of suspend abort Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Skip err_count sysfs creation on VF unsupported RAS blocks Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/gfx10: Add cleaner shader for GFX10.1.10 Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Initial psr_version with correct setting George Shen <george.shen(a)amd.com> drm/amd/display: Update CR AUX RD interval interpretation Austin Zheng <Austin.Zheng(a)amd.com> drm/amd/display: Account For OTO Prefetch Bandwidth When Calculating Urgent Bandwidth Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Ammend DCPG IP control sequences to align with HW guidance Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Fixes for mcache programming in DML21 Brandon Syu <Brandon.Syu(a)amd.com> Revert "drm/amd/display: Exit idle optimizations before attempt to access PHY" Martin Tsai <Martin.Tsai(a)amd.com> drm/amd/display: Support multiple options during psr entry. Asad Kamal <asad.kamal(a)amd.com> drm/amd/pm: Skip P2S load for SMU v13.0.12 Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: reset psp->cmd to NULL after releasing the buffer Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Don't try AUX transactions on disconnected link Samson Tam <Samson.Tam(a)amd.com> drm/amd/display: remove TF check for LLS policy Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: pass calculated dram_speed_mts to dml2 Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdgpu: Set snoop bit for SDMA for MI series Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix missing L2 cache info in topology Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes11: fix set_hw_resources_1 calculation Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Rename the RESERVE and RELEASE constants Huacai Chen <chenhuacai(a)kernel.org> net: stmmac: dwmac-loongson: Set correct {tx,rx}_fifo_size Jan Kara <jack(a)suse.cz> jbd2: Avoid long replay times due to high number or revoke blocks Bard Liao <yung-chuan.liao(a)linux.intel.com> soundwire: cadence_master: set frame shape and divider based on actual clk freq Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: change the soundwire wake enable/disable sequence André Draszik <andre.draszik(a)linaro.org> phy: exynos5-usbdrd: fix EDS distribution tuning (gs101) Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: core: don't require set_mode() callback for phy_get_mode() to work Damon Ding <damon.ding(a)rock-chips.com> phy: phy-rockchip-samsung-hdptx: Swap the definitions of LCPLL_REF and ROPLL_REF Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/xe/display: Remove hpd cancel work sync from runtime pm path Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Add suspend/resume support for pull up/down Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Update the suspend/resume support zihan zhou <15645113830zzh(a)gmail.com> sched: Reduce the default slice to avoid tasks getting an extra tick Peter Zijlstra <peterz(a)infradead.org> x86/boot: Mark start_secondary() with __noendbr Peter Zijlstra <peterz(a)infradead.org> x86/traps: Cleanup and robustify decode_bug() Peter Zijlstra <peterz(a)infradead.org> x86/ibt: Handle FineIBT in handle_cfi_failure() Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/debugfs: Add missing xe_pm_runtime_put in wedge_mode_set Xin Wang <x.wang(a)intel.com> drm/xe/debugfs: fixed the return value of wedged_mode_set Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: qcom: clk-alpha-pll: Do not use random stack value for recalc rate Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Refactor hardware context destroy routine Karl Chan <exxxxkc(a)getgoogleoff.me> clk: qcom: ipq5018: allow it to be bulid on arm32 Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix xe_tile_init_noalloc() error propagation Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Stop ignoring errors from xe_ttm_stolen_mgr_init() Kees Cook <kees(a)kernel.org> net/mlx4_core: Avoid impossible mlx4_db_alloc() order value Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Set NPAR 1.2 support when registering with firmware Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov2740: Free control handler on error path Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: csi: add missing pm_runtime_put on error Alain Volmat <alain.volmat(a)foss.st.com> media: stm32: csi: use ARRAY_SIZE to search D-PHY table Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: Memset argument to 0 before calling get_mbus_config pad op David Plowman <david.plowman(a)raspberrypi.com> media: i2c: imx219: Correct the minimum vblanking value Brendan Jackman <jackmanb(a)google.com> kunit: tool: Use qboot on QEMU x86_64 Konstantin Andreev <andreev(a)swemel.ru> smack: Revert "smackfs: Added check catlen" Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Release all VFs configs on device removal Konstantin Andreev <andreev(a)swemel.ru> smack: recognize ipv4 CIPSO w/o categories Valentin Caron <valentin.caron(a)foss.st.com> pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Power up/down amp on mute ops Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Mark SW_RESET as volatile Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG Martin Povišer <povik+lin(a)cutebit.org> ASoC: ops: Enforce platform maximum on initial value Pavel Begunkov <asml.silence(a)gmail.com> io_uring: sanitise ring params earlier Caleb Sander Mateos <csander(a)purestorage.com> io_uring: use IO_REQ_LINK_FLAGS more Siva Durga Prasad Paladugu <siva.durga.prasad.paladugu(a)amd.com> firmware: xilinx: Dont send linux address to get fpga config get status Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Handle the presence of host partition in the partition info Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Reject higher major version as incompatible Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Apply rate-limiting to high temperature warning Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Modify LSB bitmask in temperature event to include only the first bit Amery Hung <ameryhung(a)gmail.com> bpf: Make every prog keep a copy of ctx_arg_info Hans Verkuil <hverkuil(a)xs4all.nl> media: test-drivers: vivid: don't call schedule in loop Andrew Jones <ajones(a)ventanamicro.com> irqchip/riscv-imsic: Set irq_set_affinity() for IMSIC base Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> hrtimers: Replace hrtimer_clock_to_base_table with switch-case Benjamin Segall <bsegall(a)google.com> posix-timers: Invoke cond_resched() during exit_itimers() Brian Gerst <brgerst(a)gmail.com> x86/boot: Disable stack protector for early boot code Petr Machata <petrm(a)nvidia.com> vxlan: Join / leave MC group after remote changes Xiaofei Tan <tanxiaofei(a)huawei.com> ACPI: HED: Always initialize before evged Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix old_size lower bound in calculate_iosize() too Jakub Kicinski <kuba(a)kernel.org> eth: mlx4: don't try to complete XDP frames in netpoll Eduard Zingerman <eddyz87(a)gmail.com> bpf: copy_verifier_state() should copy 'loop_entry' field Eduard Zingerman <eddyz87(a)gmail.com> bpf: don't do clean_live_states when state->loop_entry->branches > 0 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: Use of_property_present() to test existence of DT property Ahmad Fatoum <a.fatoum(a)pengutronix.de> pmdomain: imx: gpcv2: use proper helper for property detection Michael Margolin <mrgolin(a)amazon.com> RDMA/core: Fix best page size finding when it can cross SG entries Alexis Lothoré <alexis.lothore(a)bootlin.com> serial: mctrl_gpio: split disable_ms into sync and no_sync APIs Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink Leo Zeng <Leo.Zeng(a)amd.com> Revert "drm/amd/display: Request HW cursor on DCN3.2 with SubVP" George Shen <george.shen(a)amd.com> drm/amd/display: Read LTTPR ALPM caps during link cap retrieval Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Fix BT2020 YCbCr limited/full range input Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Guard against setting dispclk low when active Harry VanZyllDeJong <hvanzyll(a)amd.com> drm/amd/display: Add support for disconnected eDP streams Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fetch current power limit from PMFW Marcin Bernatowicz <marcin.bernatowicz(a)linux.intel.com> drm/xe/client: Skip show_run_ticks if unable to read timestamp Anup Patel <apatel(a)ventanamicro.com> irqchip/riscv-imsic: Separate next and previous pointers in IMSIC vector Eddie James <eajames(a)linux.ibm.com> eeprom: ee1004: Check chip before probing Chris Morgan <macromorgan(a)hotmail.com> mfd: axp20x: AXP717: Add AXP717_TS_PIN_CFG to writeable regs Breno Leitao <leitao(a)debian.org> netdevsim: call napi_schedule from a timer context Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) Arnd Bergmann <arnd(a)arndb.de> EDAC/ie31200: work around false positive build warning Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Update temp sensor for AXP717 from device tree Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Kuan-Chung Chen <damon.chen(a)realtek.com> wifi: rtw89: 8922a: fix incorrect STA-ID in EHT MU PPDU Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: add blacklist to avoid obsolete secure firmware Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: get sb_sel_ver via get_unaligned_le32() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_mac_power_switch() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: mpt3sas: Send a diag reset if target reset fails Mrinmay Sarkar <quic_msarkar(a)quicinc.com> PCI: epf-mhi: Update device ID for SA8775P Paul Burton <paulburton(a)kernel.org> clocksource: mips-gic-timer: Enable counter when CPUs start Paul Burton <paulburton(a)kernel.org> MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core Subramanian Mohan <subramanian.mohan(a)intel.com> pps: generators: replace copy of pps-gen info struct with const pointer Jason Gunthorpe <jgg(a)ziepe.ca> genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie Uros Bizjak <ubizjak(a)gmail.com> x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() Rik van Riel <riel(a)surriel.com> x86/mm: Make MMU_GATHER_RCU_TABLE_FREE unconditional Christian König <christian.koenig(a)amd.com> drm/amdgpu: remove all KFD fences from the BO on release Bibo Mao <maobibo(a)loongson.cn> MIPS: Use arch specific syscall name match function Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe/oa: Ensure that polled read returns latest data Xiao Liang <shaw.leon(a)gmail.com> rtnetlink: Lookup device in target netns when creating link Xiao Liang <shaw.leon(a)gmail.com> net: ipv6: Init tunnel link-netns before registering dev Herbert Xu <herbert(a)gondor.apana.org.au> crypto: skcipher - Zap type in crypto_alloc_sync_skcipher Herbert Xu <herbert(a)gondor.apana.org.au> crypto: ahash - Set default reqsize from ahash_alg Balbir Singh <balbirs(a)nvidia.com> x86/kaslr: Reduce KASLR entropy on most x86 systems Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Change POOL_NEXT_SIZE define value and make it global Philippe Simons <simons.philippe(a)gmail.com> clk: sunxi-ng: h616: Reparent GPU clock during frequency changes Song Liu <song(a)kernel.org> bpf: arm64: Silence "UBSAN: negation-overflow" warning Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: scsi_debug: First fixes for tapes Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpiolib: sanitize the return value of gpio_chip::set_config() Jinliang Zheng <alexjlzheng(a)gmail.com> dm: fix unconditional IO throttle caused by REQ_PREFLUSH Michael S. Tsirkin <mst(a)redhat.com> virtio: break and reset virtio devices on device_shutdown() Nandakumar Edamana <nandakumar(a)nandakumar.co.in> libbpf: Fix out-of-bound read Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Correct usage of maximum queue number macros Christoph Hellwig <hch(a)lst.de> loop: check in LO_FLAGS_DIRECT_IO in loop_default_blocksize Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Update timestamp only for supervisor IOCs Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add correct match to check IPSec syndromes for switchdev mode Matthias Fend <matthias.fend(a)emfend.at> media: tc358746: improve calculation of the D-PHY timing registers Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Disable test-pattern control on adv7180 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: menu: Avoid discarding useful information Konstantin Shkolnyy <kshk(a)linux.ibm.com> vdpa/mlx5: Fix mlx5_vdpa_get_config() endianness on big-endian machines Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Return queue full for page alloc failures during copy Waiman Long <longman(a)redhat.com> x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt8188: Add reference for dmic clocks Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile Samson Tam <Samson.Tam(a)amd.com> drm/amd/display: Fix mismatch type comparison in custom_float Navid Assadian <Navid.Assadian(a)amd.com> drm/amd/display: Add opp recout adjustment Assadian, Navid <navid.assadian(a)amd.com> drm/amd/display: Fix mismatch type comparison Samson Tam <Samson.Tam(a)amd.com> drm/amd/display: fix check for identity ratio Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: fix dcn4x init failed Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: handle max_downscale_src_width fail check Nir Lichtman <nir(a)lichtman.org> x86/build: Fix broken copy command in genimage.sh when making isoimage Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: RPM: Register driver with PCI subsys IDs Amery Hung <amery.hung(a)bytedance.com> bpf: Search and add kfuncs in struct_ops prologue and epilogue Andrew Davis <afd(a)ti.com> soc: ti: k3-socinfo: Do not use syscon helper to build regmap Ramasamy Kaliappan <quic_rkaliapp(a)quicinc.com> wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band Dang Huynh <danct12(a)riseup.net> pinctrl: qcom: msm8917: Add MSM8937 wsa_reset pin Eric Dumazet <edumazet(a)google.com> tcp: be less liberal in TSEcr received while in SYN_RECV state Hangbin Liu <liuhangbin(a)gmail.com> bonding: report duplicate MAC address in all situations Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: Parse channel from IE to correct invalid hardware reports during scanning Roger Quadros <rogerq(a)kernel.org> dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn Arnd Bergmann <arnd(a)arndb.de> net: xgene-v2: remove incorrect ACPI_PTR annotation Eric Woudstra <ericwouds(a)gmail.com> net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Check interrupt register before mailbox_rx_worker exits Yuanjun Gong <ruc_gongyuanjun(a)163.com> leds: pwm-multicolor: Add check for fwnode_property_read_u32 Daniel Gomez <da.gomez(a)samsung.com> drm/xe: xe_gen_wa_oob: replace program_invocation_short_name Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: KFD release_work possible circular locking Inochi Amaoto <inochiama(a)gmail.com> pinctrl: sophgo: avoid to modify untouched bit when setting cv1800 pinconf Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> driver core: faux: only create the device if probe() succeeds Kevin Krakauer <krakauer(a)google.com> selftests/net: have `gro.sh -t` return a correct exit code Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Avoid report two health errors on same syndrome Satyanarayana K V P <satyanarayana.k.v.p(a)intel.com> drm/xe/pf: Create a link between PF and VF devices Satyanarayana K V P <satyanarayana.k.v.p(a)intel.com> drm/xe/vf: Retry sending MMIO request to GUC on timeout error Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Set dma_mask for ffa devices Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Add a softdep to MIP MSI-X driver Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Expand inbound window size up to 64GB Vinith Kumar R <quic_vinithku(a)quicinc.com> wifi: ath12k: Report proper tx completion status to mac80211 Hector Martin <marcan(a)marcan.st> soc: apple: rtkit: Implement OSLog buffers properly Janne Grunau <j(a)jannau.net> soc: apple: rtkit: Use high prio work queue Rob Herring (Arm) <robh(a)kernel.org> perf: arm_pmuv3: Call kvm_vcpu_pmu_resync_el0() before enabling counters Kuhanh Murugasen Krishnan <kuhanh.murugasen.krishnan(a)intel.com> fpga: altera-cvp: Increase credit timeout AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence Li Bin <bin.li(a)microchip.com> ARM: at91: pm: fix at91_suspend_finish for ZQ calibration Alexander Stein <alexander.stein(a)ew.tq-group.com> hwmon: (gpio-fan) Add missing mutex locks Huisong Li <lihuisong(a)huawei.com> hwmon: (acpi_power_meter) Fix the fake power alarm reporting Breno Leitao <leitao(a)debian.org> x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 Xu Yang <xu.yang_2(a)nxp.com> PM: sleep: Suppress sleeping parent warning in special case Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx8mp: inform CCF of maximum frequency of clocks Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map Caleb Sander Mateos <csander(a)purestorage.com> ublk: complete command synchronously on error Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> null_blk: generate null_blk configfs features string Christoph Hellwig <hch(a)lst.de> block: mark bounce buffering as incompatible with integrity Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Add uv swap for cluster window Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: fib: Hold rtnl_net_lock() in ip_rt_ioctl(). Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> scsi: logging: Fix scsi_logging_level bounds Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 Saket Kumar Bhaskar <skb99(a)linux.ibm.com> perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix perf_mmap() failure path Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix mpls maximum labels list parsing Paul Elder <paul.elder(a)ideasonboard.com> media: imx335: Set vblank immediately Yi Liu <yi.l.liu(a)intel.com> iommufd: Disallow allocating nested parent domain with fault ID Uday Shankar <ushankar(a)purestorage.com> ublk: enforce ublks_max only for unprivileged devices Jiasheng Jiang <jiashengjiangcool(a)gmail.com> dpll: Add an assertion to check freq_supported_num Andrei Botila <andrei.botila(a)oss.nxp.com> net: phy: nxp-c45-tja11xx: add match_phy_device to TJA1103/TJA1104 Lee Trager <lee(a)trager.us> eth: fbnic: Prepend TSENE FW fields with FBNIC_FW Alexander Sverdlin <alexander.sverdlin(a)siemens.com> net: ethernet: ti: cpsw_new: populate netdev of_node Jessica Zhang <quic_jesszhan(a)quicinc.com> drm/msm/dpu: Set possible clones for all encoders Paul E. McKenney <paulmck(a)kernel.org> rcu: Fix get_state_synchronize_rcu_full() GP-start detection Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" Hans Verkuil <hverkuil(a)xs4all.nl> media: cx231xx: set device_caps for 417 Peter Zijlstra <peterz(a)infradead.org> perf/core: Clean up perf_try_init_event() Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Add offset normalization in VCN v5.0.1 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Avoid HDP flush on JPEG v5.0.1 Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Request HW cursor on DCN3.2 with SubVP Dillon Varone <Dillon.Varone(a)amd.com> drm/amd/display: Fix p-state type when p-state is unsupported Dillon Varone <Dillon.Varone(a)amd.com> drm/amd/display: Fix DMUB reset sequence for DCN401 George Shen <george.shen(a)amd.com> drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Ensure DMCUB idle before reset on DCN31/DCN35 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Reinit FW shared flags on VCN v5.0.1 Victor Lu <victorchengchi.lu(a)amd.com> drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c Gustavo Sousa <gustavo.sousa(a)intel.com> drm/xe: Disambiguate GMDID-based IP names Matti Lehtimäki <matti.lehtimaki(a)gmail.com> remoteproc: qcom_wcnss: Handle platforms with only single power domain Ming Lei <ming.lei(a)redhat.com> blk-throttle: don't take carryover for prioritized processing of metadata Choong Yong Liang <yong.liang.choong(a)linux.intel.com> net: phylink: use pl->link_interface in phylink_expects_phy() Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Test for imported GEM buffers with helper Matthew Wilcox (Oracle) <willy(a)infradead.org> orangefs: Do not truncate file size AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> soc: mediatek: mtk-mutex: Add DPI1 SOF/EOF to MT8188 mutex tables Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: prevent BUG_ON by blocking retries on failed device resumes Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: set page size to the xHCI-supported size Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru> media: cec: use us_to_ktime() where appropriate Markus Elfring <elfring(a)users.sourceforge.net> media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() Svyatoslav Ryhel <clamor95(a)gmail.com> ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 Arnd Bergmann <arnd(a)arndb.de> soc: samsung: include linux/array_size.h where needed Matthew Brost <matthew.brost(a)intel.com> drm/xe: Retry BO allocation Matthew Brost <matthew.brost(a)intel.com> drm/xe: Nuke VM's mapping upon close Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ieee802154: ca8210: Use proper setters and getters for bitwise types Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: ds1307: stop disabling alarms on probe Michael Jeanson <mjeanson(a)efficios.com> rseq: Fix segfault on registration when rseq_cs is non-zero Eric Dumazet <edumazet(a)google.com> tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Improve data consistency at polling Andreas Schwab <schwab(a)linux-m68k.org> powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 Jon Hunter <jonathanh(a)nvidia.com> arm64: tegra: Resize aperture for the IGX PCIe C5 slot Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator Emily Deng <Emily.Deng(a)amd.com> drm/amdgpu: Fix missing drain retry fault the last entry Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: increase RAS bad page threshold Alex Sierra <alex.sierra(a)amd.com> drm/amdkfd: clear F8_MODE for gfx950 Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Set per-process flags only once cik/vi Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Set per-process flags only once for gfx9/10/11/12 Sven Schwermer <sven(a)svenschwermer.de> crypto: mxs-dcp - Only set OTP_KEY bit for OTP key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lzo - Fix compression buffer overrun Niklas Cassel <cassel(a)kernel.org> selftests: pci_endpoint: Skip disabled BARs Niklas Cassel <cassel(a)kernel.org> misc: pci_endpoint_test: Give disabled BARs a distinct error code Christian Bruel <christian.bruel(a)foss.st.com> PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops Chin-Ting Kuo <chin-ting_kuo(a)aspeedtech.com> watchdog: aspeed: Update bootstatus handling Kyunghwan Seo <khwan.seo(a)samsung.com> watchdog: s3c2410_wdt: Fix PMU register bits for ExynosAutoV920 SoC Aaron Kling <luceoscutum(a)gmail.com> cpufreq: tegra186: Share policy per cluster K Prateek Nayak <kprateek.nayak(a)amd.com> fs/pipe: Limit the slots in pipe_resize_ring() Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd/pgtbl_v2: Improve error handling Jason Gunthorpe <jgg(a)ziepe.ca> iommu/vt-d: Check if SVA is supported when attaching the SVA domain Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: change coresight_trace_id_map's lock type to raw_spinlock_t Yeoreum Yun <yeoreum.yun(a)arm.com> coresight-etb10: change etb_drvdata spinlock's type to raw_spinlock_t Nilay Shroff <nilay(a)linux.ibm.com> block: acquire q->limits_lock while reading sysfs attributes Coly Li <colyli(a)kernel.org> badblocks: Fix a nonsense WARN_ON() which checks whether a u64 variable < 0 Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Check for empty queue in run_queue Leon Huang <Leon.Huang1(a)amd.com> drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch Peichen Huang <PeiChen.Huang(a)amd.com> drm/amd/display: not abort link train when bw is low Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: calculate the remain segments for all pipes Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: remove minimum Dispclk and apply oem panel timing. Willem de Bruijn <willemb(a)google.com> ipv6: save dontfrag in cork Heiner Kallweit <hkallweit1(a)gmail.com> r8169: increase max jumbo packet size on RTL8125/RTL8126 Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: cfg80211: allow IR in 20 MHz configurations Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix U-APSD check in ML reconfiguration Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211_hwsim: Fix MLD address translation Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix warning on disconnect during failed ML reconf Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Update the link address when a link is added Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't include MLE in ML reconf per-STA profile Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: fix the ECKV UEFI variable name Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mark Br device not integrated Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fix debug actions order Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: w/a FW SMPS mode selection Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: don't warn when if there is a FW error Marcos Paulo de Souza <mpdesouza(a)suse.com> printk: Check CON_SUSPEND when unblanking a console Robin Murphy <robin.murphy(a)arm.com> iommu: Keep dev->iommu state consistent Kurt Borja <kuurtb(a)gmail.com> hwmon: (dell-smm) Increment the number of fans Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix setting the TK when associated Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Don't change the status of stalled TDs on failed Stop EP Erick Shepherd <erick.shepherd(a)ni.com> mmc: sdhci: Disable SD card clock before changing parameters Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add exynos7870 DW MMC support Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Check PUD_TYPE_TABLE in pud_bad() Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Check pmd_table() in pmd_trans_huge() Andy Yan <andy.yan(a)rock-chips.com> phy: rockchip: usbdp: Only verify link rates/lanes/voltage when the corresponding set flags are set Kees Cook <kees(a)kernel.org> PNP: Expand length of fixup id string Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> netfilter: conntrack: Bound nf_conntrack sysctl writes Dian-Syuan Yang <dian_syuan0116(a)realtek.com> wifi: rtw89: set force HE TB mode when connecting to 11ax AP Ching-Te Ku <ku920601(a)realtek.com> wifi: rtw89: coex: Fix coexistence report not show as expected Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> timer_list: Don't use %pK through printk() Jaakko Karrenpalo <jkarrenpalo(a)gmail.com> net: hsr: Fix PRP duplicate detection Jonas Karlman <jonas(a)kwiboo.se> net: stmmac: dwmac-rk: Validate GRF and peripheral GRF during probe Thomas Gleixner <tglx(a)linutronix.de> posix-timers: Ensure that timer initialization is fully visible Eric Dumazet <edumazet(a)google.com> posix-timers: Add cond_resched() to posix_timer_add() search loop Maher Sanalla <msanalla(a)nvidia.com> RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() Baokun Li <libaokun1(a)huawei.com> ext4: do not convert the unwritten extents if data writeback fails Baokun Li <libaokun1(a)huawei.com> ext4: reject the 'data_err=abort' option in nojournal mode Manuel Fombuena <fombuena(a)outlook.com> leds: leds-st1202: Initialize hardware before DT node child operations Manuel Fombuena <fombuena(a)outlook.com> leds: Kconfig: leds-st1202: Add select for required LEDS_TRIGGER_PATTERN Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: lpassaudiocc-sc7280: Add support for LPASS resets for QCM6490 Ryan Walklin <ryan(a)testtoast.com> ASoC: sun4i-codec: correct dapm widgets and controls for h616 Ryan Walklin <ryan(a)testtoast.com> ASoC: sun4i-codec: support hp-det-gpios property David Rosca <david.rosca(a)amd.com> drm/amdgpu: Update SRIOV video codec caps Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: don't read registers in mqd init Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: don't read registers in mqd init Shree Ramamoorthy <s-ramamoorthy(a)ti.com> mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check Eder Zulian <ezulian(a)redhat.com> mfd: syscon: Add check for invalid resource size Prathamesh Shete <pshete(a)nvidia.com> pinctrl-tegra: Restore SFSEL bit when freeing pins Frediano Ziglio <frediano.ziglio(a)cloud.com> xen: Add support for XenServer 6.1 platform device Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: use the correct ndev to find pnetid by pnetid table Mikulas Patocka <mpatocka(a)redhat.com> dm: restrict dm device size to 2^63-512 bytes Shashank Gupta <shashankg(a)marvell.com> crypto: octeontx2 - suppress auth failure screaming due to negative tests Masahiro Yamada <masahiroy(a)kernel.org> kconfig: do not clear SYMBOL_VALID when reading include/config/auto.conf Seyediman Seyedarab <imandevel(a)gmail.com> kbuild: fix argument parsing in scripts/config Yonghong Song <yonghong.song(a)linux.dev> bpf: Allow pre-ordering for bpf cgroup progs Rae Moar <rmoar(a)google.com> kunit: tool: Fix bug in parsing test plan Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect Linus Walleij <linus.walleij(a)linaro.org> ASoC: pcm6240: Drop bogus code handling IRQ as GPIO Chenyuan Yang <chenyuan0y(a)gmail.com> ASoC: sma1307: Add NULL check in sma1307_setting_loaded() Sergio Perez Gonzalez <sperezglz(a)gmail.com> spi: spi-mux: Fix coverity issue, unchecked return value Gao Xiang <xiang(a)kernel.org> erofs: initialize decompression early Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix error handling inconsistencies in check() Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: rv3032: fix EERD location Ilpo Järvinen <ij(a)kernel.org> tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() Jan Kara <jack(a)suse.cz> jbd2: do not try to recover wiped journal Frank Li <Frank.Li(a)nxp.com> PCI: dwc: Use resource start as ioremap() input in dw_pcie_pme_turn_off() Mykyta Yatsenko <yatsenko(a)meta.com> bpf: Return prog btf_id without capable check Jiayuan Chen <jiayuan.chen(a)linux.dev> bpftool: Using the right format specifiers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Handle INTx IRQ_NOTCONNECTED Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: ERASE does not change tape location Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Tighten the page format heuristics with MODE SELECT Al Viro <viro(a)zeniv.linux.org.uk> hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure Christian Göttsche <cgzones(a)googlemail.com> ext4: reorder capability check last Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Call secondary mmu notifier when flushing the tlb Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: add support for thermal sensor event reception shantiprasad shettar <shantiprasad.shettar(a)broadcom.com> bnxt_en: Query FW parameters when the CAPS_CHANGE bit is set Jeff Chen <jeff.chen_1(a)nxp.com> wifi: mwifiex: Fix HT40 bandwidth issue. Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Preserve rate settings when creating a rate node Tiwei Bie <tiwei.btw(a)antgroup.com> um: Update min_low_pfn to match changes in uml_reserved Benjamin Berg <benjamin(a)sipsolutions.net> um: Store full CSGSFS and SS register from mcontext Nick Hu <nick.hu(a)sifive.com> clocksource/drivers/timer-riscv: Stop stimecmp when cpu hotplug Ming Lei <ming.lei(a)redhat.com> loop: move vfs_fsync() out of loop_update_dio() Heming Zhao <heming.zhao(a)suse.com> dlm: make tcp still work in multi-link env Heiko Carstens <hca(a)linux.ibm.com> s390/tlb: Use mm_has_pgste() instead of mm_alloc_pgste() Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing STOP for master request Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: adjust drm_firmware_drivers_only() handling Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't free conflicting apertures for non-display devices Jing Zhou <Jing.Zhou(a)amd.com> drm/amd/display: Guard against setting dispclk low for dcn31x Flora Cui <flora.cui(a)amd.com> drm/amdgpu: release xcp_mgr on exit Chen Linxuan <chenlinxuan(a)uniontech.com> blk-cgroup: improve policy registration error handling Filipe Manana <fdmanana(a)suse.com> btrfs: send: return -ENAMETOOLONG when attempting a path that is too long Filipe Manana <fdmanana(a)suse.com> btrfs: get zone unusable bytes while holding lock at btrfs_reclaim_bgs_work() Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to async workers Qu Wenruo <wqu(a)suse.com> btrfs: run btrfs_error_commit_super() early Mark Harmstone <maharmstone(a)fb.com> btrfs: avoid linker error in btrfs_find_create_tree_block() Boris Burkov <boris(a)bur.io> btrfs: make btrfs_discard_workfn() block_group ref explicit Vitalii Mordan <mordan(a)ispras.ru> i2c: pxa: fix call balance of i2c->clk handling routines Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> i2c: amd-asf: Set cmd variable when encountering an error Stephan Gerhold <stephan.gerhold(a)kernkonzept.com> i2c: qup: Vote for interconnect bandwidth to DRAM Philip Redkin <me(a)rarity.fan> x86/mm: Check return value from memblock_phys_alloc_range() Mario Limonciello <mario.limonciello(a)amd.com> x86/amd_node: Add SMN offsets to exclusive region access Sohil Mehta <sohil.mehta(a)intel.com> x86/microcode: Update the Intel processor flag scan check Sohil Mehta <sohil.mehta(a)intel.com> x86/smpboot: Fix INIT delay assignment for extended Intel Families Ingo Molnar <mingo(a)kernel.org> x86/stackprotector/64: Only export __ref_stack_chk_guard on CONFIG_SMP Thomas Huth <thuth(a)redhat.com> x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers Thomas Huth <thuth(a)redhat.com> x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in non-UAPI headers Quan Zhou <quan.zhou(a)mediatek.com> wifi: mt76: mt7925: fix fails to enter low power mode in suspend state Quan Zhou <quan.zhou(a)mediatek.com> wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: load the appropriate CLC data based on hardware type Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: revise TXS size Rex Lu <rex.lu(a)mediatek.com> wifi: mt76: mt7996: fix SER reset trigger on WED reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: scan: set vif offchannel link for scanning/roc Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: use the correct vif link for scanning/roc Felix Fietkau <nbd(a)nbd.name> wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: implement driver specific get_txpower function Felix Fietkau <nbd(a)nbd.name> wifi: mt76: scan: fix setting tx_info fields Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: Check link_conf pointer in mt76_connac_mcu_sta_basic_tlv() Eric Dumazet <edumazet(a)google.com> cgroup/rstat: avoid disabling irqs for O(num_cpu) Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Skip pcie_replay_count sysfs creation for VF Erick Shepherd <erick.shepherd(a)ni.com> mmc: host: Wait for Vdd to settle on card power off Stefan Wahren <wahrenst(a)gmx.net> staging: vchiq_arm: Create keep-alive thread during probe Christian Brauner <brauner(a)kernel.org> pidfs: improve multi-threaded exec and premature thread-group leader exit polling Robert Richter <rrichter(a)amd.com> libnvdimm/labels: Fix divide error in nd_label_data_init() Nicolas Bretz <bretznic(a)gmail.com> ext4: on a remount, only log the ro or r/w state when it has changed Roger Pau Monne <roger.pau(a)citrix.com> xen/pci: Do not register devices with segments >= 0x10000 Roger Pau Monne <roger.pau(a)citrix.com> PCI: vmd: Disable MSI remapping bypass under Xen Jonathan Kim <jonathan.kim(a)amd.com> drm/amdkfd: set precise mem ops caps to disabled for gfx 11 and 12 Christian König <christian.koenig(a)amd.com> drm/amdgpu: use GFP_NOWAIT for memory allocations Christian König <christian.koenig(a)amd.com> drm/amdgpu: rework how isolation is enforced v2 Christian König <christian.koenig(a)amd.com> drm/amdgpu: rework how the cleaner shader is emitted v3 Flora Cui <flora.cui(a)amd.com> drm/amdgpu/discovery: check ip_discovery fw file available Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS/flexfiles: Report ENETDOWN as a connection error Mukesh Kumar Savaliya <quic_msavaliy(a)quicinc.com> i2c: qcom-geni: Update i2c frequency table to match hardware guidance Thippeswamy Havalige <thippeswamy.havalige(a)amd.com> PCI: xilinx-cpm: Add cpm_csr register mapping for CPM5_HOST1 variant Ian Rogers <irogers(a)google.com> tools/build: Don't pass test log files to linker ChunHao Lin <hau(a)realtek.com> r8169: disable RTL8126 ZRX-DC timeout Frank Li <Frank.Li(a)nxp.com> PCI: dwc: ep: Ensure proper iteration over outbound map windows Mark Zhang <markzhang(a)nvidia.com> net/mlx5e: Use right API to free bitmap memory Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Properly disable uaccess validation Ryo Takakura <ryotkkr98(a)gmail.com> lockdep: Fix wait context check on softirq for PREEMPT_RT Jing Su <jingsusu(a)didiglobal.com> dql: Fix dql->limit value when reset. Conor Dooley <conor.dooley(a)microchip.com> RISC-V: add vector extension validation checks Pedro Nishiyama <nishiyama.pedro(a)gmail.com> Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken Sean Wang <sean.wang(a)mediatek.com> Bluetooth: btmtksdio: Prevent enabling interrupts after IRQ handler removal Alice Guo <alice.guo(a)nxp.com> thermal/drivers/qoriq: Power down TMU on system suspend Nícolas F. R. A. Prado <nfraprado(a)collabora.com> thermal/drivers/mediatek/lvts: Start sensor interrupts disabled Hans-Frieder Vogt <hfdevel(a)gmx.net> net: tn40xx: create swnode for mdio and aqr105 phy and add to mdiobus Hans-Frieder Vogt <hfdevel(a)gmx.net> net: tn40xx: add pci-id of the aqr105-based Tehuti TN4010 cards Daniel Hsu <d486250(a)gmail.com> mctp: Fix incorrect tx flow invalidation condition in mctp-i2c Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa883x: Correct VI sense channel mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa884x: Correct VI sense channel mask Luis de Arquer <luis.dearquer(a)inertim.com> spi-rockchip: Fix register out of bounds access Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpcbind should never reset the port to the value '0' Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpc_clnt_set_transport() must not change the autobind setting Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Treat ENETUNREACH errors as fatal for state recovery Pali Rohár <pali(a)kernel.org> cifs: Check if server supports reparse points before using them Pali Rohár <pali(a)kernel.org> cifs: Fix getting DACL-only xattr system.cifs_acl and system.smb3_acl Pali Rohár <pali(a)kernel.org> cifs: Fix establishing NetBIOS session for SMB2+ connection Namjae Jeon <linkinjeon(a)kernel.org> cifs: add validation check for the fields in smb_aces Pali Rohár <pali(a)kernel.org> cifs: Set default Netbios RFC1001 server name to hostname in UNC Zsolt Kajtar <soci(a)c64.rulez.org> fbdev: core: tileblit: Implement missing margin clearing for tileblit Zsolt Kajtar <soci(a)c64.rulez.org> fbcon: Use correct erase colour for clearing in fbcon Shixiong Ou <oushixiong(a)kylinos.cn> fbdev: fsl-diu-fb: add missing device_remove_file() Samuel Holland <samuel.holland(a)sifive.com> riscv: Allow NOMMU kernels to access all of RAM Tudor Ambarus <tudor.ambarus(a)linaro.org> mailbox: use error ret code of of_parse_phandle_with_args() Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() Jonathan McDowell <noodles(a)meta.com> tpm: Convert warn to dbg in tpm2_start_auth_session() Diogo Ivo <diogo.ivo(a)siemens.com> ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> tracing: Mark binary printing functions with __printf() attribute Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Use kaslr address instead of text delta Yi Liu <yi.l.liu(a)intel.com> iommufd: Extend IOMMU_GET_HW_INFO to report PASID capability Jinqian Yang <yangjinqian1(a)huawei.com> arm64: Add support for HIP09 Spectre-BHB mitigation Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Don't allow waiting for exiting tasks Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Don't allow waiting for exiting tasks Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/msg: initialise msg request opcode Sungjong Seo <sj1557.seo(a)samsung.com> exfat: call bh_read in get_block only when necessary Matt Johnston <matt(a)codeconstruct.com.au> fuse: Return EPERM rather than ENOSYS from link() Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Store original IO parameters and prevent zero IO sizes Pali Rohár <pali(a)kernel.org> cifs: Fix negotiate retry functionality Pali Rohár <pali(a)kernel.org> cifs: Fix access_flags_to_smbopen_mode Pali Rohár <pali(a)kernel.org> cifs: Fix querying and creating MF symlinks over SMB1 Pali Rohár <pali(a)kernel.org> cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES Anthony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log Xin Li (Intel) <xin(a)zytor.com> x86/fred: Fix system hang during S4 resume with FRED enabled Daniel Gomez <da.gomez(a)samsung.com> kconfig: merge_config: use an empty file as initfile Haoran Jiang <jianghaoran(a)kylinos.cn> samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora Brandon Kammerdiener <brandon.kammerdiener(a)intel.com> bpf: fix possible endless loop in BPF map iteration Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't duplicate flushing in io_req_post_cqe Darrick J. Wong <djwong(a)kernel.org> block: hoist block size validation code to a separate function Darrick J. Wong <djwong(a)kernel.org> block: fix race between set_blocksize and read paths Ihor Solodrai <ihor.solodrai(a)linux.dev> selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure Felix Kuehling <felix.kuehling(a)amd.com> drm/amdgpu: Allow P2P access through XGMI Nicholas Susanto <nsusanto(a)amd.com> drm/amd/display: Enable urgent latency adjustment on DCN35 Davidlohr Bueso <dave(a)stgolabs.net> fs/ext4: use sleeping version of sb_find_get_block() Davidlohr Bueso <dave(a)stgolabs.net> fs/jbd2: use sleeping version of __find_get_block() Davidlohr Bueso <dave(a)stgolabs.net> fs/ocfs2: use sleeping version of __find_get_block() Davidlohr Bueso <dave(a)stgolabs.net> fs/buffer: use sleeping version of __find_get_block() Davidlohr Bueso <dave(a)stgolabs.net> fs/buffer: introduce sleeping flavors for pagecache lookups Davidlohr Bueso <dave(a)stgolabs.net> fs/buffer: split locking for pagecache lookups Frederick Lawler <fred(a)cloudflare.com> ima: process_measurement() needlessly takes inode_lock() on MAY_READ Balbir Singh <balbirs(a)nvidia.com> dma-mapping: Fix warning reported for missing prototype Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Add level check to control event logging Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: protect vq->log_used with vq->mutex Stefano Garzarella <sgarzare(a)redhat.com> vhost_task: fix vhost_task_create() documentation gaoxu <gaoxu2(a)honor.com> cgroup: Fix compilation issue due to cgroup_mutex not being exported David Sterba <dsterba(a)suse.com> btrfs: tree-checker: adjust error code for header level check Marek Szyprowski <m.szyprowski(a)samsung.com> dma-mapping: avoid potential unused data compilation warning Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> intel_th: avoid using deprecated page->mapping, index fields Balbir Singh <balbirs(a)nvidia.com> dma/mapping.c: dev_dbg support for dma_addressing_limited Zhongqiu Han <quic_zhonhan(a)quicinc.com> virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN Manish Pandey <quic_mapa(a)quicinc.com> scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: iscsi: Fix timeout on deleted connection Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> nvmem: qfprom: switch to 4-byte aligned reads Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> nvmem: core: update raw_len if the bit reading is required Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> nvmem: core: verify cell's raw_len Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> nvmem: core: fix bit offsets of more than one byte Heiko Stuebner <heiko(a)sntech.de> nvmem: rockchip-otp: add rk3576 variant data Heiko Stuebner <heiko(a)sntech.de> nvmem: rockchip-otp: Move read-offset into variant-data Pengyu Luo <mitltlatltl(a)gmail.com> cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist Damien Le Moal <dlemoal(a)kernel.org> nvmet: pci-epf: clear completion queue IRQ flag on delete Damien Le Moal <dlemoal(a)kernel.org> nvmet: pci-epf: Keep completion queues mapped Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Move IRQ request in probe John Olender <john.olender(a)gmail.com> drm/amd/display: Defer BW-optimization-blocked DRR adjustments Zhongwei Zhang <Zhongwei.Zhang(a)amd.com> drm/amd/display: Correct timing_adjust_pending flag setting. Danny Wang <danny.wang(a)amd.com> drm/amd/display: Do not enable replay when vtotal update is pending. ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 2 + Documentation/driver-api/pps.rst | 3 +- Documentation/driver-api/serial/driver.rst | 2 +- Documentation/hwmon/dell-smm-hwmon.rst | 14 +- Documentation/networking/net_cachelines/snmp.rst | 1 + Makefile | 8 +- arch/arm/boot/dts/nvidia/tegra114.dtsi | 2 +- arch/arm/mach-at91/pm.c | 21 +- .../boot/dts/allwinner/sun50i-h6-beelink-gs1.dts | 38 +- .../boot/dts/allwinner/sun50i-h6-orangepi-3.dts | 14 +- .../boot/dts/allwinner/sun50i-h6-orangepi.dtsi | 22 +- arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi | 8 +- arch/arm64/boot/dts/nvidia/tegra210-p2597.dtsi | 2 +- .../dts/nvidia/tegra234-p3740-0002+p3701-0008.dts | 10 + arch/arm64/boot/dts/xilinx/zynqmp-clk-ccf.dtsi | 15 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 27 +- arch/arm64/kernel/proton-pack.c | 1 + arch/arm64/net/bpf_jit_comp.c | 6 +- arch/loongarch/kernel/Makefile | 8 +- arch/loongarch/kvm/Makefile | 2 +- arch/mips/include/asm/ftrace.h | 16 + arch/mips/kernel/pm-cps.c | 30 +- arch/powerpc/include/asm/mmzone.h | 1 + arch/powerpc/kernel/prom_init.c | 4 +- arch/powerpc/mm/book3s64/radix_pgtable.c | 3 +- arch/powerpc/mm/numa.c | 2 +- arch/powerpc/perf/core-book3s.c | 20 + arch/powerpc/perf/isa207-common.c | 4 +- arch/powerpc/platforms/pseries/iommu.c | 139 ++++-- arch/riscv/include/asm/cpufeature.h | 3 + arch/riscv/include/asm/page.h | 12 +- arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/kernel/Makefile | 4 +- arch/riscv/kernel/cpufeature.c | 60 ++- arch/riscv/mm/tlbflush.c | 37 +- arch/s390/hypfs/hypfs_diag_fs.c | 2 + arch/s390/include/asm/tlb.h | 2 +- arch/s390/kernel/crash_dump.c | 62 +-- arch/um/kernel/mem.c | 1 + arch/x86/Kconfig | 3 +- arch/x86/boot/boot.h | 4 +- arch/x86/boot/genimage.sh | 5 +- arch/x86/entry/entry.S | 2 +- arch/x86/entry/vdso/extable.h | 2 +- arch/x86/events/amd/ibs.c | 20 +- arch/x86/events/intel/ds.c | 9 +- arch/x86/include/asm/alternative.h | 6 +- arch/x86/include/asm/asm.h | 10 +- arch/x86/include/asm/boot.h | 2 +- arch/x86/include/asm/bug.h | 5 +- arch/x86/include/asm/cfi.h | 11 + arch/x86/include/asm/cpufeature.h | 4 +- arch/x86/include/asm/cpumask.h | 4 +- arch/x86/include/asm/current.h | 4 +- arch/x86/include/asm/desc_defs.h | 4 +- arch/x86/include/asm/dwarf2.h | 2 +- arch/x86/include/asm/fixmap.h | 4 +- arch/x86/include/asm/frame.h | 10 +- arch/x86/include/asm/fred.h | 4 +- arch/x86/include/asm/fsgsbase.h | 4 +- arch/x86/include/asm/ftrace.h | 8 +- arch/x86/include/asm/hw_irq.h | 4 +- arch/x86/include/asm/ibt.h | 16 +- arch/x86/include/asm/idtentry.h | 6 +- arch/x86/include/asm/inst.h | 2 +- arch/x86/include/asm/intel-family.h | 1 + arch/x86/include/asm/irqflags.h | 10 +- arch/x86/include/asm/jump_label.h | 4 +- arch/x86/include/asm/kasan.h | 2 +- arch/x86/include/asm/kexec.h | 4 +- arch/x86/include/asm/linkage.h | 6 +- arch/x86/include/asm/mem_encrypt.h | 4 +- arch/x86/include/asm/msr.h | 4 +- arch/x86/include/asm/nmi.h | 2 + arch/x86/include/asm/nops.h | 2 +- arch/x86/include/asm/nospec-branch.h | 6 +- arch/x86/include/asm/orc_types.h | 4 +- arch/x86/include/asm/page.h | 4 +- arch/x86/include/asm/page_32.h | 4 +- arch/x86/include/asm/page_32_types.h | 4 +- arch/x86/include/asm/page_64.h | 4 +- arch/x86/include/asm/page_64_types.h | 2 +- arch/x86/include/asm/page_types.h | 4 +- arch/x86/include/asm/paravirt.h | 14 +- arch/x86/include/asm/paravirt_types.h | 4 +- arch/x86/include/asm/percpu.h | 32 +- arch/x86/include/asm/perf_event.h | 1 + arch/x86/include/asm/pgtable-2level_types.h | 4 +- arch/x86/include/asm/pgtable-3level_types.h | 4 +- arch/x86/include/asm/pgtable-invert.h | 4 +- arch/x86/include/asm/pgtable.h | 12 +- arch/x86/include/asm/pgtable_32.h | 4 +- arch/x86/include/asm/pgtable_32_areas.h | 2 +- arch/x86/include/asm/pgtable_64.h | 6 +- arch/x86/include/asm/pgtable_64_types.h | 4 +- arch/x86/include/asm/pgtable_types.h | 10 +- arch/x86/include/asm/prom.h | 4 +- arch/x86/include/asm/pti.h | 4 +- arch/x86/include/asm/ptrace.h | 4 +- arch/x86/include/asm/purgatory.h | 4 +- arch/x86/include/asm/pvclock-abi.h | 4 +- arch/x86/include/asm/realmode.h | 4 +- arch/x86/include/asm/segment.h | 8 +- arch/x86/include/asm/setup.h | 6 +- arch/x86/include/asm/setup_data.h | 4 +- arch/x86/include/asm/sev-common.h | 2 +- arch/x86/include/asm/shared/tdx.h | 4 +- arch/x86/include/asm/shstk.h | 4 +- arch/x86/include/asm/signal.h | 8 +- arch/x86/include/asm/smap.h | 6 +- arch/x86/include/asm/smp.h | 4 +- arch/x86/include/asm/tdx.h | 4 +- arch/x86/include/asm/thread_info.h | 12 +- arch/x86/include/asm/unwind_hints.h | 4 +- arch/x86/include/asm/vdso/getrandom.h | 4 +- arch/x86/include/asm/vdso/gettimeofday.h | 4 +- arch/x86/include/asm/vdso/processor.h | 4 +- arch/x86/include/asm/vdso/vsyscall.h | 4 +- arch/x86/include/asm/xen/interface.h | 10 +- arch/x86/include/asm/xen/interface_32.h | 4 +- arch/x86/include/asm/xen/interface_64.h | 4 +- arch/x86/include/uapi/asm/bootparam.h | 4 +- arch/x86/include/uapi/asm/e820.h | 4 +- arch/x86/include/uapi/asm/ldt.h | 4 +- arch/x86/include/uapi/asm/msr.h | 4 +- arch/x86/include/uapi/asm/ptrace-abi.h | 6 +- arch/x86/include/uapi/asm/ptrace.h | 4 +- arch/x86/include/uapi/asm/setup_data.h | 4 +- arch/x86/include/uapi/asm/signal.h | 8 +- arch/x86/kernel/Makefile | 2 + arch/x86/kernel/alternative.c | 30 ++ arch/x86/kernel/amd_node.c | 41 ++ arch/x86/kernel/cfi.c | 22 +- arch/x86/kernel/cpu/bugs.c | 10 +- arch/x86/kernel/cpu/microcode/intel.c | 2 +- arch/x86/kernel/nmi.c | 42 ++ arch/x86/kernel/paravirt.c | 17 +- arch/x86/kernel/reboot.c | 10 +- arch/x86/kernel/smpboot.c | 9 +- arch/x86/kernel/traps.c | 82 +++- arch/x86/math-emu/control_w.h | 2 +- arch/x86/math-emu/exception.h | 6 +- arch/x86/math-emu/fpu_emu.h | 6 +- arch/x86/math-emu/status_w.h | 6 +- arch/x86/mm/init.c | 9 +- arch/x86/mm/init_64.c | 15 +- arch/x86/mm/kaslr.c | 10 +- arch/x86/mm/pgtable.c | 27 +- arch/x86/power/cpu.c | 14 + arch/x86/realmode/rm/realmode.h | 4 +- arch/x86/realmode/rm/wakeup.h | 2 +- arch/x86/um/os-Linux/mcontext.c | 3 +- block/badblocks.c | 5 +- block/bdev.c | 50 ++- block/blk-cgroup.c | 30 +- block/blk-settings.c | 5 + block/blk-sysfs.c | 102 +++-- block/blk-throttle.c | 15 +- block/blk-zoned.c | 5 +- block/blk.h | 3 +- block/bounce.c | 2 - block/fops.c | 16 + block/ioctl.c | 6 + crypto/ahash.c | 4 + crypto/algif_hash.c | 4 - crypto/lzo-rle.c | 2 +- crypto/lzo.c | 2 +- crypto/skcipher.c | 1 + drivers/accel/amdxdna/aie2_ctx.c | 37 +- drivers/accel/amdxdna/amdxdna_ctx.c | 2 + drivers/accel/amdxdna/amdxdna_ctx.h | 3 + drivers/accel/amdxdna/amdxdna_mailbox.c | 17 +- drivers/accel/qaic/qaic_drv.c | 2 +- drivers/acpi/Kconfig | 2 +- drivers/acpi/acpi_pnp.c | 2 + drivers/acpi/hed.c | 7 +- drivers/auxdisplay/charlcd.c | 5 +- drivers/auxdisplay/charlcd.h | 5 +- drivers/auxdisplay/hd44780.c | 2 +- drivers/auxdisplay/lcd2s.c | 2 +- drivers/auxdisplay/panel.c | 2 +- drivers/base/faux.c | 15 +- drivers/base/power/main.c | 7 + drivers/block/loop.c | 25 +- drivers/block/null_blk/main.c | 90 ++-- drivers/block/ublk_drv.c | 53 ++- drivers/bluetooth/btmtksdio.c | 15 +- drivers/bluetooth/btusb.c | 98 ++--- drivers/char/tpm/tpm2-sessions.c | 2 +- drivers/clk/clk-s2mps11.c | 3 +- drivers/clk/imx/clk-imx8mp.c | 151 +++++++ drivers/clk/qcom/Kconfig | 2 +- drivers/clk/qcom/camcc-sm8250.c | 56 +-- drivers/clk/qcom/clk-alpha-pll.c | 52 ++- drivers/clk/qcom/lpassaudiocc-sc7280.c | 23 +- drivers/clk/renesas/rzg2l-cpg.c | 106 ++--- drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 42 +- drivers/clk/sunxi-ng/ccu-sun50i-h616.c | 36 +- drivers/clk/sunxi-ng/ccu_mp.h | 22 + drivers/clocksource/mips-gic-timer.c | 6 +- drivers/clocksource/timer-riscv.c | 6 + drivers/cpufreq/amd-pstate.c | 1 - drivers/cpufreq/cpufreq-dt-platdev.c | 1 + drivers/cpufreq/tegra186-cpufreq.c | 7 + drivers/cpuidle/governors/menu.c | 13 +- .../crypto/marvell/octeontx2/otx2_cptvf_reqmgr.c | 7 +- drivers/crypto/mxs-dcp.c | 8 +- drivers/dma/fsl-edma-main.c | 2 +- drivers/dma/idxd/cdev.c | 9 + drivers/dma/ti/k3-udma-glue.c | 15 +- drivers/dpll/dpll_core.c | 5 +- drivers/edac/ie31200_edac.c | 28 +- drivers/firmware/arm_ffa/bus.c | 1 + drivers/firmware/arm_ffa/driver.c | 12 + drivers/firmware/arm_scmi/bus.c | 19 +- drivers/firmware/xilinx/zynqmp.c | 6 +- drivers/fpga/altera-cvp.c | 2 +- drivers/gpio/gpiolib.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 102 ++--- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 18 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 143 ++++++- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 31 +- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 14 + drivers/gpu/drm/amd/amdgpu/amdgpu_ids.c | 54 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ih.h | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 38 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sync.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sync.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_umc.c | 42 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 41 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 1 - drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 14 + .../gpu/drm/amd/amdgpu/gfx_v10_0_cleaner_shader.h | 35 ++ .../drm/amd/amdgpu/gfx_v10_1_10_cleaner_shader.asm | 126 ++++++ drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 47 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 48 ++- drivers/gpu/drm/amd/amdgpu/gfxhub_v1_0.c | 10 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 1 - drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.h | 1 + drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_1.c | 1 + drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v1_7.c | 25 ++ drivers/gpu/drm/amd/amdgpu/mmhub_v1_8.c | 27 ++ drivers/gpu/drm/amd/amdgpu/mmhub_v9_4.c | 31 ++ drivers/gpu/drm/amd/amdgpu/nv.c | 16 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 8 +- drivers/gpu/drm/amd/amdgpu/soc21.c | 10 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 14 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.h | 9 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 474 +++++++++++---------- drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 48 ++- drivers/gpu/drm/amd/amdkfd/cik_event_interrupt.c | 18 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 25 +- drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 14 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 2 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 126 ++---- .../drm/amd/amdkfd/kfd_device_queue_manager_cik.c | 69 ++- .../drm/amd/amdkfd/kfd_device_queue_manager_v10.c | 43 +- .../drm/amd/amdkfd/kfd_device_queue_manager_v11.c | 45 +- .../drm/amd/amdkfd/kfd_device_queue_manager_v12.c | 45 +- .../drm/amd/amdkfd/kfd_device_queue_manager_v9.c | 38 +- .../drm/amd/amdkfd/kfd_device_queue_manager_vi.c | 77 ++-- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 43 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_vi.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 137 +++--- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 10 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 21 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 23 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 41 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 2 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 6 +- drivers/gpu/drm/amd/display/dc/basics/dc_common.c | 3 +- .../gpu/drm/amd/display/dc/bios/command_table2.c | 9 - .../amd/display/dc/bios/command_table_helper2.c | 3 +- .../amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 22 +- .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 15 +- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 13 +- .../amd/display/dc/clk_mgr/dcn401/dcn401_clk_mgr.c | 2 + drivers/gpu/drm/amd/display/dc/core/dc.c | 22 +- .../gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 21 +- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 71 ++- drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 50 +-- drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 12 + drivers/gpu/drm/amd/display/dc/dc_hw_types.h | 5 +- drivers/gpu/drm/amd/display/dc/dc_types.h | 7 + .../drm/amd/display/dc/dce/dce_stream_encoder.c | 3 +- drivers/gpu/drm/amd/display/dc/dce/dmub_psr.c | 4 + .../display/dc/dio/dcn10/dcn10_stream_encoder.c | 3 +- .../dc/dio/dcn401/dcn401_dio_stream_encoder.c | 3 +- .../gpu/drm/amd/display/dc/dml/dcn35/dcn35_fpu.c | 6 +- .../gpu/drm/amd/display/dc/dml/dcn351/dcn351_fpu.c | 1 + .../drm/amd/display/dc/dml2/dml21/dml21_utils.c | 1 - .../drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 22 +- .../amd/display/dc/dml2/dml21/inc/dml_top_types.h | 1 + .../dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 30 +- .../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 33 +- .../dml21/src/dml2_core/dml2_core_shared_types.h | 5 + .../dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c | 21 + .../dc/dml2/dml21/src/dml2_top/dml2_top_soc15.c | 8 - drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.h | 1 + .../gpu/drm/amd/display/dc/dpp/dcn30/dcn30_dpp.c | 11 +- .../dc/hpo/dcn31/dcn31_hpo_dp_stream_encoder.c | 3 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 10 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 55 +-- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 22 +- .../drm/amd/display/dc/hwss/dcn31/dcn31_hwseq.c | 4 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 92 ++-- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.h | 3 + .../drm/amd/display/dc/hwss/dcn401/dcn401_init.c | 2 +- drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer.h | 6 + drivers/gpu/drm/amd/display/dc/inc/core_types.h | 2 +- .../drm/amd/display/dc/inc/hw/clk_mgr_internal.h | 1 + drivers/gpu/drm/amd/display/dc/inc/hw/dpp.h | 6 +- drivers/gpu/drm/amd/display/dc/inc/resource.h | 2 + .../display/dc/link/protocols/link_dp_capability.c | 42 +- .../amd/display/dc/link/protocols/link_dp_phy.c | 8 +- .../display/dc/link/protocols/link_dp_training.c | 5 +- .../dc/link/protocols/link_dp_training_8b_10b.c | 7 +- .../dc/link/protocols/link_edp_panel_control.c | 25 +- .../display/dc/resource/dcn315/dcn315_resource.c | 40 +- drivers/gpu/drm/amd/display/dc/spl/dc_spl.c | 87 ++-- drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h | 12 +- .../gpu/drm/amd/display/dc/spl/spl_fixpt31_32.c | 2 +- .../gpu/drm/amd/display/dc/spl/spl_fixpt31_32.h | 4 +- drivers/gpu/drm/amd/display/dmub/inc/dmub_cmd.h | 6 + drivers/gpu/drm/amd/display/dmub/src/dmub_dcn31.c | 17 +- drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 4 +- drivers/gpu/drm/amd/display/dmub/src/dmub_dcn401.c | 47 +- drivers/gpu/drm/amd/display/dmub/src/dmub_dcn401.h | 3 +- .../amd/display/modules/info_packet/info_packet.c | 4 +- .../include/asic_reg/mmhub/mmhub_9_4_1_offset.h | 32 ++ .../include/asic_reg/mmhub/mmhub_9_4_1_sh_mask.h | 48 +++ drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 5 +- drivers/gpu/drm/ast/ast_main.c | 30 +- drivers/gpu/drm/ast/ast_mode.c | 10 +- drivers/gpu/drm/bridge/adv7511/adv7511_audio.c | 2 + drivers/gpu/drm/drm_atomic_helper.c | 28 ++ drivers/gpu/drm/drm_buddy.c | 5 +- drivers/gpu/drm/drm_edid.c | 1 + drivers/gpu/drm/drm_gem.c | 4 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 3 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 32 ++ drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.h | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 7 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 2 +- drivers/gpu/drm/panel/panel-edp.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 40 +- drivers/gpu/drm/ttm/ttm_bo.c | 3 +- drivers/gpu/drm/v3d/v3d_drv.c | 25 +- drivers/gpu/drm/virtio/virtgpu_drv.c | 9 + drivers/gpu/drm/xe/display/xe_display.c | 3 +- drivers/gpu/drm/xe/xe_bo.c | 22 + drivers/gpu/drm/xe/xe_debugfs.c | 3 +- drivers/gpu/drm/xe/xe_device.c | 10 +- drivers/gpu/drm/xe/xe_drm_client.c | 8 + drivers/gpu/drm/xe/xe_gen_wa_oob.c | 6 +- drivers/gpu/drm/xe/xe_gt.c | 3 + drivers/gpu/drm/xe/xe_gt_idle.c | 23 +- drivers/gpu/drm/xe/xe_gt_idle.h | 1 + drivers/gpu/drm/xe/xe_gt_idle_types.h | 3 + drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 49 ++- drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 66 ++- drivers/gpu/drm/xe/xe_gt_sriov_pf_config.h | 1 + drivers/gpu/drm/xe/xe_gt_sriov_pf_types.h | 10 + drivers/gpu/drm/xe/xe_gt_sriov_vf.c | 12 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 22 + drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h | 2 + drivers/gpu/drm/xe/xe_guc_log.c | 8 +- drivers/gpu/drm/xe/xe_guc_pc.c | 22 +- drivers/gpu/drm/xe/xe_guc_relay.c | 2 +- drivers/gpu/drm/xe/xe_mmio.c | 10 +- drivers/gpu/drm/xe/xe_oa.c | 1 + drivers/gpu/drm/xe/xe_pci.c | 37 +- drivers/gpu/drm/xe/xe_pci_sriov.c | 51 +++ drivers/gpu/drm/xe/xe_pci_types.h | 1 + drivers/gpu/drm/xe/xe_pt.c | 14 + drivers/gpu/drm/xe/xe_pt.h | 3 + drivers/gpu/drm/xe/xe_sa.c | 3 +- drivers/gpu/drm/xe/xe_tile.c | 12 +- drivers/gpu/drm/xe/xe_tile.h | 1 + drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 17 +- drivers/gpu/drm/xe/xe_ttm_stolen_mgr.h | 2 +- drivers/gpu/drm/xe/xe_vm.c | 32 ++ drivers/hid/Kconfig | 1 + drivers/hid/usbhid/usbkbd.c | 2 +- drivers/hwmon/acpi_power_meter.c | 8 +- drivers/hwmon/dell-smm-hwmon.c | 5 +- drivers/hwmon/gpio-fan.c | 16 +- drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/coresight/coresight-core.c | 2 +- drivers/hwtracing/coresight/coresight-etb10.c | 26 +- drivers/hwtracing/coresight/coresight-trace-id.c | 22 +- drivers/hwtracing/intel_th/Kconfig | 1 + drivers/hwtracing/intel_th/msu.c | 31 +- drivers/i2c/busses/i2c-amd-asf-plat.c | 2 +- drivers/i2c/busses/i2c-pxa.c | 5 +- drivers/i2c/busses/i2c-qcom-geni.c | 6 +- drivers/i2c/busses/i2c-qup.c | 36 ++ drivers/i3c/master/svc-i3c-master.c | 4 + drivers/iio/accel/fxls8962af-core.c | 7 +- drivers/iio/adc/ad7606.c | 10 + drivers/iio/adc/ad7944.c | 16 +- drivers/iio/adc/qcom-spmi-iadc.c | 4 +- drivers/iio/dac/ad3552r-hs.c | 29 +- drivers/iio/dac/ad3552r-hs.h | 8 + drivers/iio/dac/adi-axi-dac.c | 22 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 7 +- drivers/infiniband/core/umem.c | 36 +- drivers/infiniband/core/uverbs_cmd.c | 144 ++++--- drivers/infiniband/core/verbs.c | 11 +- drivers/input/joystick/xpad.c | 3 + drivers/input/rmi4/rmi_f34.c | 133 +++--- drivers/iommu/amd/io_pgtable_v2.c | 2 +- drivers/iommu/dma-iommu.c | 28 +- drivers/iommu/intel/iommu.c | 37 +- drivers/iommu/intel/svm.c | 43 ++ drivers/iommu/iommu-priv.h | 2 + drivers/iommu/iommu.c | 2 +- drivers/iommu/iommufd/device.c | 34 +- drivers/iommu/iommufd/hw_pagetable.c | 3 + drivers/iommu/of_iommu.c | 6 +- drivers/irqchip/irq-riscv-aplic-direct.c | 24 +- drivers/irqchip/irq-riscv-imsic-early.c | 8 +- drivers/irqchip/irq-riscv-imsic-platform.c | 16 +- drivers/irqchip/irq-riscv-imsic-state.c | 96 +++-- drivers/irqchip/irq-riscv-imsic-state.h | 7 +- drivers/leds/Kconfig | 1 + drivers/leds/leds-st1202.c | 4 +- drivers/leds/rgb/leds-pwm-multicolor.c | 5 +- drivers/leds/trigger/ledtrig-netdev.c | 16 +- drivers/mailbox/mailbox.c | 7 +- drivers/mailbox/pcc.c | 8 +- drivers/md/dm-cache-target.c | 24 ++ drivers/md/dm-table.c | 4 + drivers/md/dm-vdo/indexer/index-layout.c | 5 +- drivers/md/dm-vdo/io-submitter.c | 6 +- drivers/md/dm-vdo/io-submitter.h | 18 +- drivers/md/dm-vdo/types.h | 3 + drivers/md/dm-vdo/vdo.c | 11 +- drivers/md/dm-vdo/vio.c | 36 +- drivers/md/dm-vdo/vio.h | 2 + drivers/md/dm.c | 8 +- drivers/media/cec/core/cec-pin.c | 11 +- drivers/media/i2c/adv7180.c | 34 +- drivers/media/i2c/imx219.c | 2 +- drivers/media/i2c/imx335.c | 21 +- drivers/media/i2c/ov2740.c | 4 +- drivers/media/i2c/tc358746.c | 19 +- drivers/media/platform/qcom/camss/camss-csid.c | 64 +-- drivers/media/platform/qcom/camss/camss-vfe.c | 4 + .../platform/st/sti/c8sectpfe/c8sectpfe-core.c | 3 +- drivers/media/platform/st/stm32/stm32-csi.c | 36 +- .../media/test-drivers/vivid/vivid-kthread-cap.c | 11 +- .../media/test-drivers/vivid/vivid-kthread-out.c | 11 +- .../media/test-drivers/vivid/vivid-kthread-touch.c | 11 +- drivers/media/test-drivers/vivid/vivid-sdr-cap.c | 11 +- drivers/media/usb/cx231xx/cx231xx-417.c | 2 + drivers/media/usb/uvc/uvc_ctrl.c | 77 ++-- drivers/media/usb/uvc/uvc_v4l2.c | 6 + drivers/media/v4l2-core/v4l2-subdev.c | 2 + drivers/message/fusion/mptscsih.c | 4 +- drivers/mfd/axp20x.c | 1 + drivers/mfd/syscon.c | 9 +- drivers/mfd/tps65219.c | 7 - drivers/misc/eeprom/ee1004.c | 4 + drivers/misc/mei/vsc-tp.c | 14 +- drivers/misc/pci_endpoint_test.c | 6 +- drivers/mmc/host/dw_mmc-exynos.c | 41 +- drivers/mmc/host/sdhci-pci-core.c | 6 +- drivers/mmc/host/sdhci.c | 9 +- drivers/mmc/host/sdhci_am654.c | 35 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/can/c_can/c_can_platform.c | 2 +- drivers/net/can/kvaser_pciefd.c | 101 +++-- drivers/net/can/slcan/slcan-core.c | 26 +- drivers/net/ethernet/apm/xgene-v2/main.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 + drivers/net/ethernet/freescale/fec_main.c | 52 ++- drivers/net/ethernet/intel/ice/ice_ethtool.c | 3 +- drivers/net/ethernet/intel/ice/ice_irq.c | 25 +- drivers/net/ethernet/intel/ice/ice_lag.c | 6 + drivers/net/ethernet/intel/ice/ice_lib.c | 2 + drivers/net/ethernet/intel/ice/ice_main.c | 6 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 1 - drivers/net/ethernet/intel/idpf/idpf.h | 2 + drivers/net/ethernet/intel/idpf/idpf_lib.c | 10 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 18 +- drivers/net/ethernet/intel/igc/igc_xdp.c | 19 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 4 + drivers/net/ethernet/intel/ixgbe/ixgbe_type_e610.h | 3 + drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 14 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_cn10k.c | 24 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 11 +- .../net/ethernet/marvell/octeontx2/nic/Makefile | 2 +- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 7 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 114 +++-- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 10 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 34 +- .../net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 124 ++++-- .../net/ethernet/marvell/octeontx2/nic/otx2_txrx.h | 7 + .../net/ethernet/marvell/octeontx2/nic/otx2_vf.c | 21 +- .../net/ethernet/marvell/octeontx2/nic/otx2_xsk.c | 182 ++++++++ .../net/ethernet/marvell/octeontx2/nic/otx2_xsk.h | 21 + .../net/ethernet/marvell/octeontx2/nic/qos_sq.c | 2 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 22 +- drivers/net/ethernet/mellanox/mlx4/alloc.c | 6 +- drivers/net/ethernet/mellanox/mlx4/en_tx.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en.h | 3 - .../net/ethernet/mellanox/mlx5/core/en/params.c | 16 +- .../net/ethernet/mellanox/mlx5/core/en/params.h | 1 - .../ethernet/mellanox/mlx5/core/en/reporter_tx.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 53 +-- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 28 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 40 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 5 + .../net/ethernet/mellanox/mlx5/core/en_selftest.c | 3 + .../net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.c | 13 + .../net/ethernet/mellanox/mlx5/core/esw/ipsec_fs.h | 5 + .../net/ethernet/mellanox/mlx5/core/esw/legacy.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 13 +- drivers/net/ethernet/mellanox/mlx5/core/events.c | 11 +- .../net/ethernet/mellanox/mlx5/core/fs_ft_pool.c | 6 +- .../net/ethernet/mellanox/mlx5/core/fs_ft_pool.h | 2 - drivers/net/ethernet/mellanox/mlx5/core/health.c | 1 + .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 3 +- drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 16 +- drivers/net/ethernet/meta/fbnic/fbnic_fw.h | 8 +- drivers/net/ethernet/meta/fbnic/fbnic_netdev.c | 2 + drivers/net/ethernet/microchip/lan743x_main.c | 19 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 32 ++ drivers/net/ethernet/stmicro/stmmac/common.h | 4 +- .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 + drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 21 +- drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 7 +- drivers/net/ethernet/tehuti/tn40.c | 9 +- drivers/net/ethernet/tehuti/tn40.h | 33 ++ drivers/net/ethernet/tehuti/tn40_mdio.c | 82 +++- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +- drivers/net/ethernet/ti/cpsw_new.c | 1 + drivers/net/ethernet/ti/icssg/icssg_common.c | 2 +- drivers/net/ieee802154/ca8210.c | 9 +- drivers/net/mctp/mctp-i2c.c | 2 +- drivers/net/netdevsim/netdev.c | 31 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/phy/nxp-c45-tja11xx.c | 54 ++- drivers/net/phy/phylink.c | 2 +- drivers/net/usb/r8152.c | 1 + drivers/net/vmxnet3/vmxnet3_drv.c | 5 +- drivers/net/vxlan/vxlan_core.c | 36 +- drivers/net/wireless/ath/ath11k/dp.h | 6 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 117 +++-- drivers/net/wireless/ath/ath12k/core.c | 45 +- drivers/net/wireless/ath/ath12k/core.h | 4 + drivers/net/wireless/ath/ath12k/dp_mon.c | 19 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 22 +- drivers/net/wireless/ath/ath12k/dp_rx.h | 5 +- drivers/net/wireless/ath/ath12k/dp_tx.c | 145 ++++++- drivers/net/wireless/ath/ath12k/hal_desc.h | 2 +- drivers/net/wireless/ath/ath12k/hal_rx.h | 8 +- drivers/net/wireless/ath/ath12k/hal_tx.h | 10 +- drivers/net/wireless/ath/ath12k/mac.c | 102 ++++- drivers/net/wireless/ath/ath12k/mac.h | 5 +- drivers/net/wireless/ath/ath12k/pci.c | 13 +- drivers/net/wireless/ath/ath12k/rx_desc.h | 5 +- drivers/net/wireless/ath/ath12k/wmi.c | 4 +- drivers/net/wireless/ath/ath9k/init.c | 4 +- drivers/net/wireless/intel/iwlwifi/cfg/dr.c | 2 - drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 4 +- drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 8 +- drivers/net/wireless/intel/iwlwifi/fw/uefi.h | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 10 +- drivers/net/wireless/intel/iwlwifi/iwl-trans.c | 8 +- .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 4 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 15 + .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 3 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 2 + drivers/net/wireless/marvell/mwifiex/11n.c | 6 +- drivers/net/wireless/mediatek/mt76/channel.c | 3 + drivers/net/wireless/mediatek/mt76/mt76.h | 3 + .../net/wireless/mediatek/mt76/mt76_connac3_mac.h | 3 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x0/pci.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x0/usb.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x2/pci.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 76 +++- drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 3 + drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 44 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 30 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.h | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/scan.c | 21 +- drivers/net/wireless/mediatek/mt76/tx.c | 3 +- drivers/net/wireless/realtek/rtl8xxxu/core.c | 17 +- drivers/net/wireless/realtek/rtw88/fw.c | 15 + drivers/net/wireless/realtek/rtw88/fw.h | 1 + drivers/net/wireless/realtek/rtw88/mac.c | 7 +- drivers/net/wireless/realtek/rtw88/main.c | 54 ++- drivers/net/wireless/realtek/rtw88/main.h | 1 + drivers/net/wireless/realtek/rtw88/reg.h | 3 +- drivers/net/wireless/realtek/rtw88/rtw8822b.c | 14 +- drivers/net/wireless/realtek/rtw88/util.c | 3 +- drivers/net/wireless/realtek/rtw89/coex.c | 107 +++-- drivers/net/wireless/realtek/rtw89/coex.h | 2 + drivers/net/wireless/realtek/rtw89/core.c | 67 ++- drivers/net/wireless/realtek/rtw89/core.h | 6 +- drivers/net/wireless/realtek/rtw89/fw.c | 101 ++++- drivers/net/wireless/realtek/rtw89/fw.h | 12 + drivers/net/wireless/realtek/rtw89/mac.c | 55 ++- drivers/net/wireless/realtek/rtw89/mac.h | 3 + drivers/net/wireless/realtek/rtw89/mac80211.c | 1 + drivers/net/wireless/realtek/rtw89/reg.h | 4 + drivers/net/wireless/realtek/rtw89/regd.c | 2 + drivers/net/wireless/realtek/rtw89/rtw8851b.c | 8 + drivers/net/wireless/realtek/rtw89/rtw8852a.c | 8 + drivers/net/wireless/realtek/rtw89/rtw8852b.c | 8 + drivers/net/wireless/realtek/rtw89/rtw8852bt.c | 8 + drivers/net/wireless/realtek/rtw89/rtw8852c.c | 8 + drivers/net/wireless/realtek/rtw89/rtw8922a.c | 2 + drivers/net/wireless/realtek/rtw89/ser.c | 4 + drivers/net/wireless/virtual/mac80211_hwsim.c | 14 +- drivers/nvdimm/label.c | 3 +- drivers/nvme/host/pci.c | 6 + drivers/nvme/target/pci-epf.c | 66 ++- drivers/nvme/target/tcp.c | 3 + drivers/nvmem/core.c | 40 +- drivers/nvmem/qfprom.c | 26 +- drivers/nvmem/rockchip-otp.c | 17 +- drivers/pci/Kconfig | 6 + drivers/pci/ats.c | 33 ++ drivers/pci/controller/dwc/pcie-designware-ep.c | 2 +- drivers/pci/controller/dwc/pcie-designware-host.c | 2 +- drivers/pci/controller/pcie-brcmstb.c | 5 +- drivers/pci/controller/pcie-xilinx-cpm.c | 3 +- drivers/pci/controller/vmd.c | 20 + drivers/pci/endpoint/functions/pci-epf-mhi.c | 2 +- drivers/pci/endpoint/functions/pci-epf-test.c | 2 + drivers/pci/setup-bus.c | 6 +- drivers/perf/arm_pmuv3.c | 4 +- drivers/phy/phy-core.c | 7 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 95 +++-- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 4 +- drivers/phy/rockchip/phy-rockchip-usbdp.c | 105 +++-- drivers/phy/samsung/phy-exynos5-usbdrd.c | 7 +- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 44 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/meson/pinctrl-meson.c | 2 +- drivers/pinctrl/qcom/Kconfig.msm | 4 +- drivers/pinctrl/qcom/pinctrl-msm.c | 23 +- drivers/pinctrl/qcom/pinctrl-msm8917.c | 8 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 19 +- drivers/pinctrl/sophgo/pinctrl-cv18xx.c | 33 +- drivers/pinctrl/tegra/pinctrl-tegra.c | 59 ++- drivers/pinctrl/tegra/pinctrl-tegra.h | 6 + drivers/platform/x86/asus-wmi.c | 11 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 2 +- drivers/platform/x86/ideapad-laptop.c | 16 + drivers/platform/x86/intel/hid.c | 21 +- drivers/platform/x86/think-lmi.c | 26 +- drivers/platform/x86/think-lmi.h | 1 + drivers/pmdomain/core.c | 2 +- drivers/pmdomain/imx/gpcv2.c | 2 +- drivers/pmdomain/renesas/rcar-gen4-sysc.c | 5 - drivers/pmdomain/renesas/rcar-sysc.c | 5 - drivers/power/supply/axp20x_battery.c | 21 + drivers/pps/generators/pps_gen-dummy.c | 2 +- drivers/pps/generators/pps_gen.c | 14 +- drivers/pps/generators/sysfs.c | 6 +- drivers/ptp/ptp_ocp.c | 24 +- drivers/regulator/ad5398.c | 12 +- drivers/remoteproc/qcom_wcnss.c | 34 +- drivers/rtc/rtc-ds1307.c | 4 +- drivers/rtc/rtc-rv3032.c | 2 +- drivers/s390/crypto/vfio_ap_ops.c | 72 ++-- drivers/scsi/aacraid/aachba.c | 4 +- drivers/scsi/arm/acornscsi.c | 2 +- drivers/scsi/ips.c | 8 +- drivers/scsi/lpfc/lpfc_els.c | 16 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 29 +- drivers/scsi/lpfc/lpfc_init.c | 2 + drivers/scsi/megaraid.c | 10 +- drivers/scsi/megaraid/megaraid_mbox.c | 10 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 8 +- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 12 +- drivers/scsi/scsi_debug.c | 55 ++- drivers/scsi/scsi_sysctl.c | 4 +- drivers/scsi/st.c | 29 +- drivers/scsi/st.h | 2 + drivers/soc/apple/rtkit-internal.h | 1 + drivers/soc/apple/rtkit.c | 58 ++- drivers/soc/mediatek/mtk-mutex.c | 6 + drivers/soc/samsung/exynos-asv.c | 1 + drivers/soc/samsung/exynos-chipid.c | 1 + drivers/soc/samsung/exynos-pmu.c | 1 + drivers/soc/samsung/exynos-usi.c | 1 + drivers/soc/samsung/exynos3250-pmu.c | 1 + drivers/soc/samsung/exynos5250-pmu.c | 1 + drivers/soc/samsung/exynos5420-pmu.c | 1 + drivers/soc/ti/k3-socinfo.c | 13 +- drivers/soundwire/amd_manager.c | 2 + drivers/soundwire/bus.c | 9 +- drivers/soundwire/cadence_master.c | 22 +- drivers/spi/spi-fsl-dspi.c | 46 +- drivers/spi/spi-mux.c | 4 +- drivers/spi/spi-rockchip.c | 2 +- drivers/spi/spi-zynqmp-gqspi.c | 22 +- .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 69 ++- drivers/target/iscsi/iscsi_target.c | 2 +- drivers/target/target_core_device.c | 8 +- drivers/target/target_core_pr.c | 6 +- drivers/target/target_core_spc.c | 34 +- drivers/thermal/intel/x86_pkg_temp_thermal.c | 1 + drivers/thermal/mediatek/lvts_thermal.c | 3 +- drivers/thermal/qoriq_thermal.c | 13 + drivers/thunderbolt/retimer.c | 8 +- drivers/tty/serial/8250/8250_port.c | 2 +- drivers/tty/serial/atmel_serial.c | 2 +- drivers/tty/serial/imx.c | 2 +- drivers/tty/serial/serial_mctrl_gpio.c | 34 +- drivers/tty/serial/serial_mctrl_gpio.h | 17 +- drivers/tty/serial/sh-sci.c | 98 ++++- drivers/tty/serial/stm32-usart.c | 2 +- drivers/ufs/core/ufshcd.c | 29 ++ drivers/usb/gadget/function/f_mass_storage.c | 4 +- drivers/usb/host/xhci-mem.c | 34 +- drivers/usb/host/xhci-ring.c | 12 +- drivers/usb/host/xhci.h | 8 +- drivers/usb/storage/debug.c | 4 +- drivers/vdpa/mlx5/net/mlx5_vnet.c | 3 + drivers/vfio/pci/vfio_pci_config.c | 3 +- drivers/vfio/pci/vfio_pci_core.c | 10 +- drivers/vfio/pci/vfio_pci_intrs.c | 2 +- drivers/vhost/scsi.c | 23 +- drivers/video/fbdev/core/bitblit.c | 5 +- drivers/video/fbdev/core/fbcon.c | 10 +- drivers/video/fbdev/core/fbcon.h | 38 +- drivers/video/fbdev/core/fbcon_ccw.c | 5 +- drivers/video/fbdev/core/fbcon_cw.c | 5 +- drivers/video/fbdev/core/fbcon_ud.c | 5 +- drivers/video/fbdev/core/tileblit.c | 45 +- drivers/video/fbdev/fsl-diu-fb.c | 1 + drivers/virtio/virtio.c | 35 ++ drivers/virtio/virtio_ring.c | 2 +- drivers/watchdog/aspeed_wdt.c | 81 +++- drivers/watchdog/s3c2410_wdt.c | 10 +- drivers/xen/pci.c | 32 ++ drivers/xen/platform-pci.c | 4 + drivers/xen/xenbus/xenbus_probe.c | 14 +- fs/btrfs/block-group.c | 18 +- fs/btrfs/compression.c | 2 +- fs/btrfs/discard.c | 34 +- fs/btrfs/disk-io.c | 28 +- fs/btrfs/extent_io.c | 7 +- fs/btrfs/extent_io.h | 2 + fs/btrfs/scrub.c | 4 +- fs/btrfs/send.c | 6 +- fs/btrfs/tree-checker.c | 2 +- fs/buffer.c | 61 ++- fs/dlm/lowcomms.c | 4 +- fs/erofs/internal.h | 4 +- fs/erofs/super.c | 46 +- fs/erofs/zdata.c | 4 +- fs/exfat/inode.c | 169 ++++---- fs/ext4/balloc.c | 4 +- fs/ext4/ext4.h | 5 +- fs/ext4/extents.c | 19 +- fs/ext4/inode.c | 81 +++- fs/ext4/mballoc.c | 3 +- fs/ext4/page-io.c | 16 +- fs/ext4/super.c | 19 +- fs/f2fs/sysfs.c | 74 +++- fs/fuse/dir.c | 2 + fs/gfs2/glock.c | 11 +- fs/jbd2/recovery.c | 69 ++- fs/jbd2/revoke.c | 23 +- fs/namespace.c | 6 +- fs/nfs/delegation.c | 3 +- fs/nfs/flexfilelayout/flexfilelayout.c | 1 + fs/nfs/inode.c | 2 + fs/nfs/internal.h | 5 + fs/nfs/nfs3proc.c | 2 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/nfs4state.c | 10 +- fs/nilfs2/the_nilfs.c | 3 - fs/ocfs2/journal.c | 2 +- fs/orangefs/inode.c | 7 +- fs/pidfs.c | 9 +- fs/pipe.c | 4 + fs/pstore/inode.c | 2 +- fs/pstore/internal.h | 4 +- fs/pstore/platform.c | 11 +- fs/smb/client/cifsacl.c | 21 +- fs/smb/client/cifspdu.h | 5 +- fs/smb/client/cifsproto.h | 7 + fs/smb/client/cifssmb.c | 93 +++- fs/smb/client/connect.c | 30 +- fs/smb/client/fs_context.c | 13 + fs/smb/client/fs_context.h | 3 + fs/smb/client/link.c | 11 +- fs/smb/client/readdir.c | 7 +- fs/smb/client/smb1ops.c | 228 ++++++++-- fs/smb/client/smb2file.c | 11 +- fs/smb/client/smb2inode.c | 8 + fs/smb/client/smb2ops.c | 34 +- fs/smb/client/smb2pdu.c | 4 +- fs/smb/client/transport.c | 2 +- fs/smb/client/xattr.c | 15 +- fs/smb/common/smb2pdu.h | 3 + fs/smb/server/smb2pdu.c | 9 +- fs/smb/server/vfs.c | 14 +- include/crypto/hash.h | 3 + include/drm/drm_atomic.h | 23 +- include/drm/drm_gem.h | 13 + include/linux/alloc_tag.h | 12 + include/linux/blkdev.h | 1 + include/linux/bpf-cgroup.h | 1 + include/linux/bpf.h | 7 +- include/linux/buffer_head.h | 8 + include/linux/codetag.h | 8 +- include/linux/coresight.h | 2 +- include/linux/device.h | 119 +----- include/linux/device/devres.h | 129 ++++++ include/linux/dma-mapping.h | 12 +- include/linux/dma/k3-udma-glue.h | 3 +- include/linux/err.h | 3 + include/linux/gpio/driver.h | 3 +- include/linux/highmem.h | 10 +- include/linux/io.h | 2 - include/linux/ipv6.h | 1 + include/linux/jbd2.h | 2 + include/linux/lzo.h | 8 + include/linux/mfd/axp20x.h | 1 + include/linux/mlx4/device.h | 2 +- include/linux/mlx5/eswitch.h | 2 + include/linux/mlx5/fs.h | 2 + include/linux/mm.h | 2 +- include/linux/mman.h | 2 + include/linux/mroute_base.h | 5 + include/linux/msi.h | 33 +- include/linux/objtool.h | 4 +- include/linux/page-flags.h | 7 + include/linux/pci-ats.h | 3 + include/linux/percpu.h | 4 - include/linux/perf_event.h | 8 +- include/linux/pnp.h | 2 +- include/linux/pps_gen_kernel.h | 4 +- include/linux/rcupdate.h | 2 +- include/linux/rcutree.h | 2 +- include/linux/ring_buffer.h | 3 +- include/linux/spi/spi.h | 5 +- include/linux/tcp.h | 2 + include/linux/trace.h | 4 +- include/linux/trace_seq.h | 8 +- include/linux/usb/r8152.h | 1 + include/linux/virtio.h | 3 + include/media/v4l2-subdev.h | 4 +- include/net/cfg80211.h | 4 + include/net/dropreason.h | 6 - include/net/mac80211.h | 4 +- include/net/xfrm.h | 1 - include/rdma/uverbs_std_types.h | 2 +- include/scsi/scsi_proto.h | 4 +- include/sound/hda_codec.h | 1 + include/sound/pcm.h | 2 + include/sound/soc_sdw_utils.h | 1 + include/trace/events/btrfs.h | 2 +- include/trace/events/scsi.h | 4 +- include/trace/events/target.h | 4 +- include/uapi/linux/bpf.h | 1 + include/uapi/linux/iommufd.h | 14 +- include/uapi/linux/nl80211.h | 52 ++- include/uapi/linux/snmp.h | 1 + include/uapi/linux/taskstats.h | 47 +- include/ufs/ufs_quirks.h | 6 + io_uring/fdinfo.c | 4 +- io_uring/io_uring.c | 96 +++-- io_uring/msg_ring.c | 1 + io_uring/net.c | 14 +- kernel/bpf/bpf_iter.c | 13 +- kernel/bpf/bpf_struct_ops.c | 98 ++--- kernel/bpf/cgroup.c | 33 +- kernel/bpf/disasm.c | 4 +- kernel/bpf/hashtab.c | 2 +- kernel/bpf/syscall.c | 8 +- kernel/bpf/verifier.c | 56 ++- kernel/cgroup/cgroup.c | 2 +- kernel/cgroup/rstat.c | 12 +- kernel/dma/mapping.c | 27 +- kernel/events/core.c | 104 +++-- kernel/events/hw_breakpoint.c | 5 +- kernel/events/ring_buffer.c | 1 + kernel/exit.c | 6 +- kernel/fork.c | 9 +- kernel/module/main.c | 1 + kernel/padata.c | 3 +- kernel/printk/printk.c | 14 +- kernel/rcu/rcu.h | 2 +- kernel/rcu/tree.c | 15 +- kernel/rcu/tree_plugin.h | 22 +- kernel/rseq.c | 60 ++- kernel/sched/fair.c | 6 +- kernel/signal.c | 3 +- kernel/softirq.c | 18 + kernel/time/hrtimer.c | 29 +- kernel/time/posix-timers.c | 26 +- kernel/time/timer_list.c | 4 +- kernel/trace/ring_buffer.c | 31 +- kernel/trace/trace.c | 41 +- kernel/trace/trace.h | 25 +- kernel/vhost_task.c | 2 +- lib/alloc_tag.c | 87 +++- lib/codetag.c | 5 +- lib/dynamic_queue_limits.c | 2 +- lib/lzo/Makefile | 2 +- lib/lzo/lzo1x_compress.c | 102 +++-- lib/lzo/lzo1x_compress_safe.c | 18 + mm/hugetlb.c | 8 + mm/kasan/shadow.c | 92 +++- mm/memcontrol.c | 6 +- mm/page_alloc.c | 8 + mm/vmalloc.c | 13 +- net/bluetooth/hci_event.c | 3 + net/bluetooth/l2cap_core.c | 15 +- net/bridge/br_mdb.c | 2 +- net/bridge/br_nf_core.c | 7 +- net/bridge/br_private.h | 1 + net/can/bcm.c | 79 ++-- net/core/dev.c | 12 +- net/core/dev.h | 12 + net/core/net-sysfs.c | 5 +- net/core/page_pool.c | 7 +- net/core/pktgen.c | 13 +- net/core/rtnetlink.c | 10 +- net/dsa/tag_ksz.c | 19 +- net/hsr/hsr_device.c | 2 + net/hsr/hsr_forward.c | 4 +- net/hsr/hsr_framereg.c | 95 ++++- net/hsr/hsr_framereg.h | 8 +- net/hsr/hsr_main.h | 2 + net/ipv4/esp4.c | 53 +-- net/ipv4/fib_frontend.c | 28 +- net/ipv4/fib_rules.c | 4 +- net/ipv4/fib_trie.c | 22 - net/ipv4/inet_hashtables.c | 37 +- net/ipv4/ip_gre.c | 16 +- net/ipv4/ipmr.c | 12 +- net/ipv4/proc.c | 1 + net/ipv4/syncookies.c | 1 + net/ipv4/tcp_input.c | 57 +-- net/ipv4/tcp_minisocks.c | 26 +- net/ipv4/tcp_output.c | 6 + net/ipv4/xfrm4_input.c | 18 +- net/ipv6/esp6.c | 53 +-- net/ipv6/fib6_rules.c | 4 +- net/ipv6/ip6_gre.c | 2 - net/ipv6/ip6_output.c | 11 +- net/ipv6/ip6_tunnel.c | 3 +- net/ipv6/ip6_vti.c | 3 +- net/ipv6/ip6mr.c | 12 +- net/ipv6/sit.c | 8 +- net/ipv6/xfrm6_input.c | 18 +- net/llc/af_llc.c | 8 +- net/mac80211/agg-tx.c | 5 +- net/mac80211/cfg.c | 14 +- net/mac80211/driver-ops.h | 3 +- net/mac80211/drop.h | 21 +- net/mac80211/ethtool.c | 2 +- net/mac80211/ieee80211_i.h | 13 +- net/mac80211/iface.c | 60 ++- net/mac80211/main.c | 16 +- net/mac80211/mlme.c | 150 ++++++- net/mac80211/rx.c | 194 +++------ net/mac80211/status.c | 32 +- net/mac80211/tx.c | 2 +- net/mac80211/util.c | 3 +- net/mptcp/pm_userspace.c | 8 +- net/netfilter/nf_conntrack_standalone.c | 12 +- net/sched/sch_hfsc.c | 6 +- net/smc/smc_pnet.c | 8 +- net/sunrpc/clnt.c | 3 - net/sunrpc/rpcb_clnt.c | 5 +- net/sunrpc/sched.c | 2 + net/tipc/crypto.c | 5 + net/wireless/chan.c | 8 +- net/wireless/mlme.c | 4 + net/wireless/nl80211.c | 4 + net/wireless/reg.c | 4 +- net/xdp/xsk.c | 2 +- net/xfrm/espintcp.c | 4 +- net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_state.c | 6 +- net/xfrm/xfrm_user.c | 12 + samples/bpf/Makefile | 2 +- scripts/Makefile.extrawarn | 11 +- scripts/config | 26 +- scripts/kconfig/confdata.c | 19 +- scripts/kconfig/merge_config.sh | 4 +- security/integrity/ima/ima_main.c | 4 +- security/smack/smackfs.c | 21 +- sound/core/oss/pcm_oss.c | 3 +- sound/core/pcm_native.c | 11 + sound/core/seq/seq_clientmgr.c | 5 +- sound/core/seq/seq_memory.c | 1 + sound/pci/hda/hda_beep.c | 15 +- sound/pci/hda/patch_realtek.c | 77 +++- sound/soc/codecs/cs42l43-jack.c | 7 + sound/soc/codecs/mt6359-accdet.h | 9 + sound/soc/codecs/pcm3168a.c | 6 +- sound/soc/codecs/pcm6240.c | 28 +- sound/soc/codecs/pcm6240.h | 7 +- sound/soc/codecs/rt722-sdca-sdw.c | 49 ++- sound/soc/codecs/sma1307.c | 27 +- sound/soc/codecs/tas2764.c | 53 +-- sound/soc/codecs/wsa883x.c | 2 +- sound/soc/codecs/wsa884x.c | 2 +- sound/soc/fsl/imx-card.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 13 + sound/soc/mediatek/mt8188/mt8188-afe-clk.c | 8 + sound/soc/mediatek/mt8188/mt8188-afe-clk.h | 8 + sound/soc/mediatek/mt8188/mt8188-afe-pcm.c | 4 - sound/soc/qcom/sm8250.c | 3 + sound/soc/sdw_utils/soc_sdw_bridge_cs35l56.c | 4 + sound/soc/sdw_utils/soc_sdw_cs42l43.c | 10 + sound/soc/sdw_utils/soc_sdw_cs_amp.c | 24 ++ sound/soc/soc-dai.c | 8 +- sound/soc/soc-ops.c | 29 +- sound/soc/sof/intel/hda-bus.c | 2 +- sound/soc/sof/intel/hda.c | 16 +- sound/soc/sof/ipc4-control.c | 11 +- sound/soc/sof/ipc4-pcm.c | 3 +- sound/soc/sof/topology.c | 18 +- sound/soc/sunxi/sun4i-codec.c | 56 ++- sound/usb/midi.c | 16 +- tools/arch/x86/include/asm/asm.h | 8 +- tools/arch/x86/include/asm/nops.h | 2 +- tools/arch/x86/include/asm/orc_types.h | 4 +- tools/arch/x86/include/asm/pvclock-abi.h | 4 +- tools/bpf/bpftool/btf.c | 14 +- tools/bpf/bpftool/btf_dumper.c | 2 +- tools/bpf/bpftool/cgroup.c | 2 +- tools/bpf/bpftool/common.c | 7 +- tools/bpf/bpftool/jit_disasm.c | 3 +- tools/bpf/bpftool/map_perf_ring.c | 6 +- tools/bpf/bpftool/net.c | 4 +- tools/bpf/bpftool/netlink_dumper.c | 6 +- tools/bpf/bpftool/prog.c | 12 +- tools/bpf/bpftool/tracelog.c | 2 +- tools/bpf/bpftool/xlated_dumper.c | 6 +- tools/build/Makefile.build | 6 +- tools/include/uapi/linux/bpf.h | 1 + tools/lib/bpf/libbpf.c | 2 +- tools/net/ynl/lib/ynl.c | 2 +- tools/net/ynl/pyynl/ynl_gen_c.py | 3 + tools/objtool/check.c | 21 +- tools/power/x86/turbostat/turbostat.8 | 1 + tools/power/x86/turbostat/turbostat.c | 13 +- tools/testing/kunit/kunit_parser.py | 9 +- tools/testing/kunit/qemu_configs/x86_64.py | 4 +- .../selftests/bpf/prog_tests/sockmap_ktls.c | 1 - tools/testing/selftests/iommu/iommufd.c | 4 + .../testing/selftests/net/forwarding/bridge_mdb.sh | 2 +- tools/testing/selftests/net/gro.sh | 3 +- tools/testing/selftests/net/nl_netdev.py | 18 +- .../selftests/pci_endpoint/pci_endpoint_test.c | 2 + 1089 files changed, 12544 insertions(+), 5911 deletions(-)

3 months, 2 weeks

23
816
0 0

[PATCH 6.6 000/444] 6.6.93-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.93 release. There are 444 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 04 Jun 2025 13:42:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.93-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.93-rc1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use list_first_entry_or_null for opinfo_get_list() Nishanth Menon <nm(a)ti.com> net: ethernet: ti: am65-cpsw: Lower random mac address error print to info Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: thinkpad_acpi: Ignore battery threshold change event notification Valtteri Koskivuori <vkoskiv(a)gmail.com> platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid flushing data while holding directory locks in nfs_rename() Ilya Guterman <amfernusus(a)gmail.com> nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro Alessandro Grassi <alessandro.grassi(a)mailbox.org> spi: spi-sun4i: fix early activation Hal Feng <hal.feng(a)starfivetech.com> phy: starfive: jh7110-usb: Fix USB 2.0 host occasional detection failure George Shen <george.shen(a)amd.com> drm/amd/display: fix link_set_dpms_off multi-display MST corner case Masahiro Yamada <masahiroy(a)kernel.org> um: let 'make clean' properly clean underlying SUBARCH as well John Chau <johnchau(a)0atlas.com> platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS Jeff Layton <jlayton(a)kernel.org> nfs: don't share pNFS DS connections between net namespaces Milton Barrera <miltonjosue2001(a)gmail.com> HID: quirks: Add ADATA XPG alpha wireless mouse support Purva Yeshi <purvayeshi550(a)gmail.com> dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open Christian Brauner <brauner(a)kernel.org> coredump: hand a pidfd to the usermode coredump helper Christian Brauner <brauner(a)kernel.org> coredump: fix error handling for replace_fd() Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Initialise cmn->cpu earlier Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix REQ2/SNP2 mixup Pedro Tammela <pctammela(a)mojatatu.com> net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am68-sk: Fix regulator hierarchy Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sm8550: Add missing properties for cryptobam Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sm8450: Add missing properties for cryptobam Alok Tiwari <alok.a.tiwari(a)oracle.com> arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: ipq9574: Add missing properties for cryptobam Shigeru Yoshida <syoshida(a)redhat.com> af_unix: Fix uninit-value in __unix_walk_scc() Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collection of embryos carrying OOB with SCM_RIGHTS Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Add dead flag to struct scm_fp_list. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't access successor in unix_del_edges() during GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Try not to hold unix_gc_lock during accept(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove lock dance in unix_peek_fds(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Replace garbage collection algorithm. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Detect dead SCC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Assign a unique index to SCC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Avoid Tarjan's algorithm if unnecessary. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Skip GC if no cycle exists. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Save O(n) setup of Tarjan's algo. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix up unix_edge.successor for embryo socket. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Save listener for embryo socket. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Detect Strongly Connected Components. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Iterate all vertices by DFS. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Bulk update unix_tot_inflight/unix_inflight when queuing skb. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Link struct unix_edge when queuing skb. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Allocate struct unix_edge for each inflight AF_UNIX fd. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Allocate struct unix_vertex for each inflight AF_UNIX fd. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove CONFIG_UNIX_SCM. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove io_uring code for GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Replace BUG_ON() with WARN_ON_ONCE(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Try to run GC async. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Run GC on only one CPU. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Return struct unix_sock from unix_get_socket(). Boris Burkov <boris(a)bur.io> btrfs: check folio mapping after unlock in relocate_one_folio() Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Axel Forsman <axfo(a)kvaser.com> can: kvaser_pciefd: Force IRQ edge in case of nested IRQ Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Internally test import_attach for imported objects Balbir Singh <balbirs(a)nvidia.com> x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers bounce buffers Nathan Chancellor <nathan(a)kernel.org> i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() Arnd Bergmann <arnd(a)arndb.de> watchdog: aspeed: fix 64-bit division Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Save and restore more registers Brett Creeley <brett.creeley(a)amd.com> pds_core: Prevent possible adminq overflow/stuck condition Matthew Wilcox (Oracle) <willy(a)infradead.org> highmem: add folio_test_partial_kmap() Alexey Dobriyan <adobriyan(a)gmail.com> x86/boot: Compile boot code with -std=gnu11 too Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: Reset SR flags before sending a new message Bogdan-Gabriel Roman <bogdan-gabriel.roman(a)nxp.com> spi: spi-fsl-dspi: Halt the module after a new message transfer Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: restrict register range for regmap access Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix stream write failure Jernej Skrabec <jernej.skrabec(a)gmail.com> Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection" Tianyang Zhang <zhangtianyang(a)loongson.cn> mm/page_alloc.c: avoid infinite retries caused by cpuset race Breno Leitao <leitao(a)debian.org> memcg: always call cond_resched() after fn() Vicki Pfau <vi(a)endrift.com> Input: xpad - add more controllers Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: Keep display off while going into S4" Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Reset all search buffer pointers when releasing buffer Gabor Juhos <j4g8y7(a)gmail.com> arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix use-after-free in cifs_fill_dirent feijuan.li <feijuan.li(a)samsung.com> drm/edid: fixed the bug that hdr metadata was not reset Zhang Rui <rui.zhang(a)intel.com> thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature Vladimir Moskovkin <Vladimir.Moskovkin(a)kaspersky.com> platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() Axel Forsman <axfo(a)kvaser.com> can: kvaser_pciefd: Continue parsing DMA buf after dropped RX Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> llc: fix data loss when reading from a socket in llc_ui_recvmsg() Ed Burcher <git(a)edburcher.com> ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix race of buffer access at PCM OSS layer Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoc: SOF: topology: connect DAI to a single DAI link Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add missing rcu read protection for procfs content Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add locking for bcm_op runtime updates Carlos Sanchez <carlossanchez(a)geotab.com> can: slcan: allow reception of short error messages Dominik Grzegorzek <dominik.grzegorzek(a)oracle.com> padata: do not leak refcount in reorder_work Ivan Pravdin <ipravdin.official(a)gmail.com> crypto: algif_hash - fix double free in hash_accept André Draszik <andre.draszik(a)linaro.org> clk: s2mps11: initialise clk_hw_onecell_data::num before accessing ::hws[] in probe() Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix APR entry mapping based on APR_LMT_CFG Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Set LMT_ENA bit for APR table entries Wang Liang <wangliang74(a)huawei.com> net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Suman Ghosh <sumang(a)marvell.com> octeontx2-pf: Add AF_XDP non-zero copy support Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix overflow resched cqe reordering Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Restore SGMII CTRL register on resume Paul Kocialkowski <paulk(a)sys-base.io> net: dwmac-sun8i: Use parsed internal PHY address instead of 1 Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> pinctrl: qcom: switch to devm_register_sys_off_handler() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pinctrl: qcom/msm: Convert to platform remove callback returning void Dave Ertman <david.m.ertman(a)intel.com> ice: Fix LACP bonds without SRIOV environment Jacob Keller <jacob.e.keller(a)intel.com> ice: fix vf->num_mac count with port representors Ido Schimmel <idosch(a)nvidia.com> bridge: netfilter: Fix forwarding of fragmented packets En-Wei Wu <en-wei.wu(a)canonical.com> Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not checking l2cap_chan security level Stefan Wahren <wahrenst(a)gmx.net> dmaengine: fsl-edma: Fix return code for unhandled interrupts Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: Fix ->poll() return value Paul Chaignon <paul.chaignon(a)gmail.com> xfrm: Sanitize marks before insert Andre Przywara <andre.przywara(a)arm.com> clk: sunxi-ng: d1: Add missing divider for MMC mod clocks Matti Lehtimäki <matti.lehtimaki(a)gmail.com> remoteproc: qcom_wcnss: Fix on platforms without fallback regulators David Hildenbrand <david(a)redhat.com> kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: idxd: Fix allowing write() from different address spaces Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: add wq driver name support for accel-config user tool Sabrina Dubroca <sd(a)queasysnail.net> espintcp: remove encap socket caching to avoid reference leak Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: bus: Fix race on the creation of the IRQ domain Al Viro <viro(a)zeniv.linux.org.uk> __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock Jason Andryuk <jason.andryuk(a)amd.com> xenbus: Allow PVH dom0 a non-local xenstore Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: add support for Killer on MTL David Wei <dw(a)davidwei.uk> tools: ynl-gen: validate 0 len strings from kernel Qu Wenruo <wqu(a)suse.com> btrfs: avoid NULL pointer dereference if no valid csum tree Goldwyn Rodrigues <rgoldwyn(a)suse.de> btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref Pali Rohár <pali(a)kernel.org> cifs: Fix changing times and read-only attr over SMB1 smb_set_file_info() function Pali Rohár <pali(a)kernel.org> cifs: Fix and improve cifs_query_path_info() and cifs_query_file_info() Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: annotate racy sq/cq head/tail reads Alistair Francis <alistair.francis(a)wdc.com> nvmet-tcp: don't restore null sk_state_change Wentao Guan <guanwentao(a)uniontech.com> nvme-pci: add quirks for WDC Blue SN550 15b7:5009 Wentao Guan <guanwentao(a)uniontech.com> nvme-pci: add quirks for device 126f:1001 Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Disable headphone clamps during type detection Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> pinctrl: meson: define the pull up/down resistor value as 60 kOhm Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> book3s64/radix: Fix compile errors when CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=n Chenyuan Yang <chenyuan0y(a)gmail.com> ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() Jessica Zhang <quic_jesszhan(a)quicinc.com> drm: Add valid clones check Douglas Anderson <dianders(a)chromium.org> drm/panel-edp: Add Starry 116KHD024006 Simona Vetter <simona.vetter(a)ffwll.ch> drm/atomic: clarify the rules around drm_atomic_state->allow_modeset Olivier Moysan <olivier.moysan(a)foss.st.com> drm: bridge: adv7511: fill stream capabilities P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Fix end offset bit definition in monitor ring descriptor Rosen Penev <rosenp(a)gmail.com> wifi: ath9k: return by of_get_mac_address Youssef Samir <quic_yabdulra(a)quicinc.com> accel/qaic: Mask out SR-IOV PCI resources Nicolas Escande <nico.escande(a)gmail.com> wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override Isaac Scott <isaac.scott(a)ideasonboard.com> regulator: ad5398: Add device tree support Sean Anderson <sean.anderson(a)linux.dev> spi: zynqmp-gqspi: Always acknowledge interrupts Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate Soeren Moch <smoch(a)web.de> wifi: rtl8xxxu: retry firmware download on error Ravi Bangoria <ravi.bangoria(a)amd.com> perf/amd/ibs: Fix ->config to sample period calculation for OP PMU Ravi Bangoria <ravi.bangoria(a)amd.com> perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_scmi: Relax duplicate name constraint across protocol ids Viktor Malik <vmalik(a)redhat.com> bpftool: Fix readlink usage in get_fd_type Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Find VBIOS mode from regular display size Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: rt722-sdca: Add some missing readable registers Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode Naman Trivedi <naman.trivedimanojbhai(a)amd.com> arm64: zynqmp: add clock-output-names property in clock nodes junan <junan76(a)163.com> HID: usbkbd: Fix the bit shift number for LED_KANA Avula Sri Charan <quic_asrichar(a)quicinc.com> wifi: ath12k: Avoid napi_sync() before napi_enable() Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Restore some drive settings after reset Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine Konstantin Taranov <kotaranov(a)microsoft.com> net/mana: fix warning in the writer of client oob Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: count combined queues using Rx/Tx count Peter Zijlstra (Intel) <peterz(a)infradead.org> perf: Avoid the read if the count is already updated Ankur Arora <ankur.a.arora(a)oracle.com> rcu: fix header guard for rcu_all_qs() Ankur Arora <ankur.a.arora(a)oracle.com> rcu: handle unstable rdp in rcu_read_unlock_strict() Ankur Arora <ankur.a.arora(a)oracle.com> rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: treat dyn_allowed only as suggestion Petr Machata <petrm(a)nvidia.com> bridge: mdb: Allow replace of a host-joined group Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't scan PHY addresses > 0 Geert Uytterhoeven <geert(a)linux-m68k.org> ipv4: ip_gre: Fix set but not used warning in ipgre_err() if IPv4-only Ido Schimmel <idosch(a)nvidia.com> vxlan: Annotate FDB data races Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled Depeng Shao <quic_depengs(a)quicinc.com> media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: introduce f2fs_base_attr for global sysfs entries Andrey Vatoropin <a.vatoropin(a)crpt.ru> hwmon: (xgene-hwmon) use appropriate type for the latency value Jordan Crouse <jorcrous(a)amazon.com> clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix download_firmware_validate() for RTL8814AU Zhang Yi <yi.zhang(a)huawei.com> ext4: remove writable userspace mappings before truncating page cache Zhang Yi <yi.zhang(a)huawei.com> ext4: don't write back data before punch hole in nojournal mode Marek Vasut <marex(a)denx.de> leds: trigger: netdev: Configure LED blink interval for HW offload Kees Cook <kees(a)kernel.org> pstore: Change kmsg_bytes storage size to u32 Aleksander Jan Bajkowski <olek2(a)wp.pl> r8152: add vendor/device ID pair for Dell Alienware AW1022z Kuniyuki Iwashima <kuniyu(a)amazon.com> ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> arch/powerpc/perf: Check the instruction type before creating sample with perf_mem_data_src Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Refactor MAC reset to function Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove misplaced drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unconditionally call drv_mgd_complete_tx() Stefan Wahren <wahrenst(a)gmx.net> drm/v3d: Add clock handling William Tu <witu(a)nvidia.com> net/mlx5e: reduce the max log mpwrq sz for ECPF and reps William Tu <witu(a)nvidia.com> net/mlx5e: reduce rep rxq depth to 256 for ECPF William Tu <witu(a)nvidia.com> net/mlx5e: set the tx_queue_len for pfifo_fast Alexei Lazar <alazar(a)nvidia.com> net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB Chaohai Chen <wdhh66(a)163.com> scsi: target: spc: Fix loop traversal in spc_rsoc_get_descr() Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() Shiwu Zhang <shiwu.zhang(a)amd.com> drm/amdgpu: enlarge the VBIOS binary size limit Joshua Aberback <joshua.aberback(a)amd.com> drm/amd/display: Increase block_sequence array size Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Initial psr_version with correct setting George Shen <george.shen(a)amd.com> drm/amd/display: Update CR AUX RD interval interpretation Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: reset psp->cmd to NULL after releasing the buffer Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Don't try AUX transactions on disconnected link Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdgpu: Set snoop bit for SDMA for MI series Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: change the soundwire wake enable/disable sequence Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: core: don't require set_mode() callback for phy_get_mode() to work Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Update the suspend/resume support zihan zhou <15645113830zzh(a)gmail.com> sched: Reduce the default slice to avoid tasks getting an extra tick Peter Zijlstra <peterz(a)infradead.org> x86/traps: Cleanup and robustify decode_bug() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: qcom: clk-alpha-pll: Do not use random stack value for recalc rate Karl Chan <exxxxkc(a)getgoogleoff.me> clk: qcom: ipq5018: allow it to be bulid on arm32 Kees Cook <kees(a)kernel.org> net/mlx4_core: Avoid impossible mlx4_db_alloc() order value Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: Memset argument to 0 before calling get_mbus_config pad op David Plowman <david.plowman(a)raspberrypi.com> media: i2c: imx219: Correct the minimum vblanking value Brendan Jackman <jackmanb(a)google.com> kunit: tool: Use qboot on QEMU x86_64 Konstantin Andreev <andreev(a)swemel.ru> smack: Revert "smackfs: Added check catlen" Konstantin Andreev <andreev(a)swemel.ru> smack: recognize ipv4 CIPSO w/o categories Valentin Caron <valentin.caron(a)foss.st.com> pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Power up/down amp on mute ops Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Mark SW_RESET as volatile Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG Martin Povišer <povik+lin(a)cutebit.org> ASoC: ops: Enforce platform maximum on initial value Sudeep Holla <sudeep.holla(a)arm.com> firmware: arm_ffa: Reject higher major version as incompatible Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Apply rate-limiting to high temperature warning Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Modify LSB bitmask in temperature event to include only the first bit Hans Verkuil <hverkuil(a)xs4all.nl> media: test-drivers: vivid: don't call schedule in loop Petr Machata <petrm(a)nvidia.com> vxlan: Join / leave MC group after remote changes Xiaofei Tan <tanxiaofei(a)huawei.com> ACPI: HED: Always initialize before evged Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix old_size lower bound in calculate_iosize() too Jakub Kicinski <kuba(a)kernel.org> eth: mlx4: don't try to complete XDP frames in netpoll Eduard Zingerman <eddyz87(a)gmail.com> bpf: don't do clean_live_states when state->loop_entry->branches > 0 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: Use of_property_present() to test existence of DT property Ahmad Fatoum <a.fatoum(a)pengutronix.de> pmdomain: imx: gpcv2: use proper helper for property detection Michael Margolin <mrgolin(a)amazon.com> RDMA/core: Fix best page size finding when it can cross SG entries Alexis Lothoré <alexis.lothore(a)bootlin.com> serial: mctrl_gpio: split disable_ms into sync and no_sync APIs Harry VanZyllDeJong <hvanzyll(a)amd.com> drm/amd/display: Add support for disconnected eDP streams Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) Arnd Bergmann <arnd(a)arndb.de> EDAC/ie31200: work around false positive build warning Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: mpt3sas: Send a diag reset if target reset fails Paul Burton <paulburton(a)kernel.org> clocksource: mips-gic-timer: Enable counter when CPUs start Paul Burton <paulburton(a)kernel.org> MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core Jason Gunthorpe <jgg(a)ziepe.ca> genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie Bibo Mao <maobibo(a)loongson.cn> MIPS: Use arch specific syscall name match function Herbert Xu <herbert(a)gondor.apana.org.au> crypto: skcipher - Zap type in crypto_alloc_sync_skcipher Herbert Xu <herbert(a)gondor.apana.org.au> crypto: ahash - Set default reqsize from ahash_alg Balbir Singh <balbirs(a)nvidia.com> x86/kaslr: Reduce KASLR entropy on most x86 systems Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Change POOL_NEXT_SIZE define value and make it global Jinliang Zheng <alexjlzheng(a)gmail.com> dm: fix unconditional IO throttle caused by REQ_PREFLUSH Nandakumar Edamana <nandakumar(a)nandakumar.co.in> libbpf: Fix out-of-bound read Matthias Fend <matthias.fend(a)emfend.at> media: tc358746: improve calculation of the D-PHY timing registers Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Disable test-pattern control on adv7180 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: menu: Avoid discarding useful information Konstantin Shkolnyy <kshk(a)linux.ibm.com> vdpa/mlx5: Fix mlx5_vdpa_get_config() endianness on big-endian machines Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Return queue full for page alloc failures during copy Waiman Long <longman(a)redhat.com> x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt8188: Add reference for dmic clocks Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: handle max_downscale_src_width fail check Nir Lichtman <nir(a)lichtman.org> x86/build: Fix broken copy command in genimage.sh when making isoimage Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: RPM: Register driver with PCI subsys IDs Andrew Davis <afd(a)ti.com> soc: ti: k3-socinfo: Do not use syscon helper to build regmap Ramasamy Kaliappan <quic_rkaliapp(a)quicinc.com> wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band Hangbin Liu <liuhangbin(a)gmail.com> bonding: report duplicate MAC address in all situations Arnd Bergmann <arnd(a)arndb.de> net: xgene-v2: remove incorrect ACPI_PTR annotation Eric Woudstra <ericwouds(a)gmail.com> net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only Yuanjun Gong <ruc_gongyuanjun(a)163.com> leds: pwm-multicolor: Add check for fwnode_property_read_u32 Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: KFD release_work possible circular locking Kevin Krakauer <krakauer(a)google.com> selftests/net: have `gro.sh -t` return a correct exit code Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Avoid report two health errors on same syndrome Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Set dma_mask for ffa devices Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Add a softdep to MIP MSI-X driver Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Expand inbound window size up to 64GB Vinith Kumar R <quic_vinithku(a)quicinc.com> wifi: ath12k: Report proper tx completion status to mac80211 Hector Martin <marcan(a)marcan.st> soc: apple: rtkit: Implement OSLog buffers properly Janne Grunau <j(a)jannau.net> soc: apple: rtkit: Use high prio work queue Rob Herring (Arm) <robh(a)kernel.org> perf: arm_pmuv3: Call kvm_vcpu_pmu_resync_el0() before enabling counters Kuhanh Murugasen Krishnan <kuhanh.murugasen.krishnan(a)intel.com> fpga: altera-cvp: Increase credit timeout AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence Li Bin <bin.li(a)microchip.com> ARM: at91: pm: fix at91_suspend_finish for ZQ calibration Alexander Stein <alexander.stein(a)ew.tq-group.com> hwmon: (gpio-fan) Add missing mutex locks Breno Leitao <leitao(a)debian.org> x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx8mp: inform CCF of maximum frequency of clocks Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Add uv swap for cluster window Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 Saket Kumar Bhaskar <skb99(a)linux.ibm.com> perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix mpls maximum labels list parsing Alexander Sverdlin <alexander.sverdlin(a)siemens.com> net: ethernet: ti: cpsw_new: populate netdev of_node Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" Hans Verkuil <hverkuil(a)xs4all.nl> media: cx231xx: set device_caps for 417 George Shen <george.shen(a)amd.com> drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination Victor Lu <victorchengchi.lu(a)amd.com> drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c Matti Lehtimäki <matti.lehtimaki(a)gmail.com> remoteproc: qcom_wcnss: Handle platforms with only single power domain Choong Yong Liang <yong.liang.choong(a)linux.intel.com> net: phylink: use pl->link_interface in phylink_expects_phy() Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Test for imported GEM buffers with helper Matthew Wilcox (Oracle) <willy(a)infradead.org> orangefs: Do not truncate file size Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: prevent BUG_ON by blocking retries on failed device resumes Markus Elfring <elfring(a)users.sourceforge.net> media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() Svyatoslav Ryhel <clamor95(a)gmail.com> ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ieee802154: ca8210: Use proper setters and getters for bitwise types Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: ds1307: stop disabling alarms on probe Eric Dumazet <edumazet(a)google.com> tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Improve data consistency at polling Andreas Schwab <schwab(a)linux-m68k.org> powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 Jon Hunter <jonathanh(a)nvidia.com> arm64: tegra: Resize aperture for the IGX PCIe C5 slot Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: Set per-process flags only once cik/vi Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lzo - Fix compression buffer overrun Chin-Ting Kuo <chin-ting_kuo(a)aspeedtech.com> watchdog: aspeed: Update bootstatus handling Aaron Kling <luceoscutum(a)gmail.com> cpufreq: tegra186: Share policy per cluster Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd/pgtbl_v2: Improve error handling Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Check for empty queue in run_queue Leon Huang <Leon.Huang1(a)amd.com> drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: calculate the remain segments for all pipes Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: remove minimum Dispclk and apply oem panel timing. Willem de Bruijn <willemb(a)google.com> ipv6: save dontfrag in cork Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fix debug actions order Marcos Paulo de Souza <mpdesouza(a)suse.com> printk: Check CON_SUSPEND when unblanking a console Kurt Borja <kuurtb(a)gmail.com> hwmon: (dell-smm) Increment the number of fans Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Don't change the status of stalled TDs on failed Stop EP Erick Shepherd <erick.shepherd(a)ni.com> mmc: sdhci: Disable SD card clock before changing parameters Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add exynos7870 DW MMC support Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Check PUD_TYPE_TABLE in pud_bad() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> netfilter: conntrack: Bound nf_conntrack sysctl writes Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> timer_list: Don't use %pK through printk() Eric Dumazet <edumazet(a)google.com> posix-timers: Add cond_resched() to posix_timer_add() search loop Maher Sanalla <msanalla(a)nvidia.com> RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() Baokun Li <libaokun1(a)huawei.com> ext4: do not convert the unwritten extents if data writeback fails Baokun Li <libaokun1(a)huawei.com> ext4: reject the 'data_err=abort' option in nojournal mode Ryan Walklin <ryan(a)testtoast.com> ASoC: sun4i-codec: support hp-det-gpios property David Rosca <david.rosca(a)amd.com> drm/amdgpu: Update SRIOV video codec caps Shree Ramamoorthy <s-ramamoorthy(a)ti.com> mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check Prathamesh Shete <pshete(a)nvidia.com> pinctrl-tegra: Restore SFSEL bit when freeing pins Frediano Ziglio <frediano.ziglio(a)cloud.com> xen: Add support for XenServer 6.1 platform device Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: use the correct ndev to find pnetid by pnetid table Mikulas Patocka <mpatocka(a)redhat.com> dm: restrict dm device size to 2^63-512 bytes Shashank Gupta <shashankg(a)marvell.com> crypto: octeontx2 - suppress auth failure screaming due to negative tests Seyediman Seyedarab <imandevel(a)gmail.com> kbuild: fix argument parsing in scripts/config Yonghong Song <yonghong.song(a)linux.dev> bpf: Allow pre-ordering for bpf cgroup progs Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix error handling inconsistencies in check() Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: rv3032: fix EERD location Ilpo Järvinen <ij(a)kernel.org> tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() Jan Kara <jack(a)suse.cz> jbd2: do not try to recover wiped journal Mykyta Yatsenko <yatsenko(a)meta.com> bpf: Return prog btf_id without capable check Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Handle INTx IRQ_NOTCONNECTED Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: ERASE does not change tape location Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Tighten the page format heuristics with MODE SELECT Al Viro <viro(a)zeniv.linux.org.uk> hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure Christian Göttsche <cgzones(a)googlemail.com> ext4: reorder capability check last Tiwei Bie <tiwei.btw(a)antgroup.com> um: Update min_low_pfn to match changes in uml_reserved Benjamin Berg <benjamin(a)sipsolutions.net> um: Store full CSGSFS and SS register from mcontext Heming Zhao <heming.zhao(a)suse.com> dlm: make tcp still work in multi-link env Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing STOP for master request Jing Zhou <Jing.Zhou(a)amd.com> drm/amd/display: Guard against setting dispclk low for dcn31x Filipe Manana <fdmanana(a)suse.com> btrfs: send: return -ENAMETOOLONG when attempting a path that is too long Filipe Manana <fdmanana(a)suse.com> btrfs: get zone unusable bytes while holding lock at btrfs_reclaim_bgs_work() Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to async workers Qu Wenruo <wqu(a)suse.com> btrfs: run btrfs_error_commit_super() early Mark Harmstone <maharmstone(a)fb.com> btrfs: avoid linker error in btrfs_find_create_tree_block() Boris Burkov <boris(a)bur.io> btrfs: make btrfs_discard_workfn() block_group ref explicit Vitalii Mordan <mordan(a)ispras.ru> i2c: pxa: fix call balance of i2c->clk handling routines Stephan Gerhold <stephan.gerhold(a)kernkonzept.com> i2c: qup: Vote for interconnect bandwidth to DRAM Philip Redkin <me(a)rarity.fan> x86/mm: Check return value from memblock_phys_alloc_range() Ingo Molnar <mingo(a)kernel.org> x86/stackprotector/64: Only export __ref_stack_chk_guard on CONFIG_SMP Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: revise TXS size Felix Fietkau <nbd(a)nbd.name> wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 Erick Shepherd <erick.shepherd(a)ni.com> mmc: host: Wait for Vdd to settle on card power off Robert Richter <rrichter(a)amd.com> libnvdimm/labels: Fix divide error in nd_label_data_init() Nicolas Bretz <bretznic(a)gmail.com> ext4: on a remount, only log the ro or r/w state when it has changed Roger Pau Monne <roger.pau(a)citrix.com> PCI: vmd: Disable MSI remapping bypass under Xen Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS/flexfiles: Report ENETDOWN as a connection error Ian Rogers <irogers(a)google.com> tools/build: Don't pass test log files to linker Frank Li <Frank.Li(a)nxp.com> PCI: dwc: ep: Ensure proper iteration over outbound map windows Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Properly disable uaccess validation Ryo Takakura <ryotkkr98(a)gmail.com> lockdep: Fix wait context check on softirq for PREEMPT_RT Jing Su <jingsusu(a)didiglobal.com> dql: Fix dql->limit value when reset. Alice Guo <alice.guo(a)nxp.com> thermal/drivers/qoriq: Power down TMU on system suspend Luis de Arquer <luis.dearquer(a)inertim.com> spi-rockchip: Fix register out of bounds access Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpcbind should never reset the port to the value '0' Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpc_clnt_set_transport() must not change the autobind setting Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Treat ENETUNREACH errors as fatal for state recovery Pali Rohár <pali(a)kernel.org> cifs: Fix establishing NetBIOS session for SMB2+ connection Namjae Jeon <linkinjeon(a)kernel.org> cifs: add validation check for the fields in smb_aces Zsolt Kajtar <soci(a)c64.rulez.org> fbdev: core: tileblit: Implement missing margin clearing for tileblit Zsolt Kajtar <soci(a)c64.rulez.org> fbcon: Use correct erase colour for clearing in fbcon Shixiong Ou <oushixiong(a)kylinos.cn> fbdev: fsl-diu-fb: add missing device_remove_file() Samuel Holland <samuel.holland(a)sifive.com> riscv: Allow NOMMU kernels to access all of RAM Tudor Ambarus <tudor.ambarus(a)linaro.org> mailbox: use error ret code of of_parse_phandle_with_args() Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() Diogo Ivo <diogo.ivo(a)siemens.com> ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> tracing: Mark binary printing functions with __printf() attribute Jinqian Yang <yangjinqian1(a)huawei.com> arm64: Add support for HIP09 Spectre-BHB mitigation Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Don't allow waiting for exiting tasks Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Don't allow waiting for exiting tasks Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() Matt Johnston <matt(a)codeconstruct.com.au> fuse: Return EPERM rather than ENOSYS from link() Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Store original IO parameters and prevent zero IO sizes Pali Rohár <pali(a)kernel.org> cifs: Fix negotiate retry functionality Pali Rohár <pali(a)kernel.org> cifs: Fix querying and creating MF symlinks over SMB1 Pali Rohár <pali(a)kernel.org> cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES Anthony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log Daniel Gomez <da.gomez(a)samsung.com> kconfig: merge_config: use an empty file as initfile Haoran Jiang <jianghaoran(a)kylinos.cn> samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora Brandon Kammerdiener <brandon.kammerdiener(a)intel.com> bpf: fix possible endless loop in BPF map iteration Ihor Solodrai <ihor.solodrai(a)linux.dev> selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure Felix Kuehling <felix.kuehling(a)amd.com> drm/amdgpu: Allow P2P access through XGMI Frederick Lawler <fred(a)cloudflare.com> ima: process_measurement() needlessly takes inode_lock() on MAY_READ Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: refactor bulk flipping of RX buffers to separate function Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Add level check to control event logging Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: protect vq->log_used with vq->mutex Stefano Garzarella <sgarzare(a)redhat.com> vhost_task: fix vhost_task_create() documentation gaoxu <gaoxu2(a)honor.com> cgroup: Fix compilation issue due to cgroup_mutex not being exported Marek Szyprowski <m.szyprowski(a)samsung.com> dma-mapping: avoid potential unused data compilation warning Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> intel_th: avoid using deprecated page->mapping, index fields Zhongqiu Han <quic_zhonhan(a)quicinc.com> virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN Manish Pandey <quic_mapa(a)quicinc.com> scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: iscsi: Fix timeout on deleted connection Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> nvmem: qfprom: switch to 4-byte aligned reads Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> nvmem: core: update raw_len if the bit reading is required Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> nvmem: core: verify cell's raw_len Heiko Stuebner <heiko(a)sntech.de> nvmem: rockchip-otp: add rk3576 variant data Heiko Stuebner <heiko(a)sntech.de> nvmem: rockchip-otp: Move read-offset into variant-data Pengyu Luo <mitltlatltl(a)gmail.com> cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Move IRQ request in probe Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Add support to initialize the bus Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: designware: Fix an error handling path in i2c_dw_pci_probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: designware: Use temporary variable for struct device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: designware: Remove ->disable() callback Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i2c: designware: Uniform initialization flow for polling mode Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: pca953x: fix IRQ storm on system wake up Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Simplify code with cleanup helpers Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() ------------- Diffstat: Documentation/ABI/stable/sysfs-driver-dma-idxd | 6 + Documentation/admin-guide/kernel-parameters.txt | 2 + Documentation/driver-api/serial/driver.rst | 2 +- Documentation/hwmon/dell-smm-hwmon.rst | 14 +- Makefile | 4 +- arch/arm/boot/dts/nvidia/tegra114.dtsi | 2 +- arch/arm/mach-at91/pm.c | 21 +- .../boot/dts/allwinner/sun50i-h6-beelink-gs1.dts | 38 +- .../boot/dts/allwinner/sun50i-h6-orangepi-3.dts | 14 +- .../boot/dts/allwinner/sun50i-h6-orangepi.dtsi | 22 +- arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi | 8 +- arch/arm64/boot/dts/nvidia/tegra210-p2597.dtsi | 2 +- .../dts/nvidia/tegra234-p3740-0002+p3701-0008.dts | 10 + arch/arm64/boot/dts/qcom/ipq9574.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8550.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts | 13 +- arch/arm64/boot/dts/xilinx/zynqmp-clk-ccf.dtsi | 15 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/proton-pack.c | 1 + arch/mips/include/asm/ftrace.h | 16 + arch/mips/kernel/pm-cps.c | 30 +- arch/powerpc/include/asm/mmzone.h | 1 + arch/powerpc/kernel/prom_init.c | 4 +- arch/powerpc/mm/book3s64/radix_pgtable.c | 3 +- arch/powerpc/mm/numa.c | 2 +- arch/powerpc/perf/core-book3s.c | 20 + arch/powerpc/perf/isa207-common.c | 4 +- arch/powerpc/platforms/pseries/iommu.c | 29 +- arch/riscv/include/asm/page.h | 12 +- arch/riscv/include/asm/pgtable.h | 2 +- arch/s390/hypfs/hypfs_diag_fs.c | 2 + arch/um/Makefile | 1 + arch/um/kernel/mem.c | 1 + arch/x86/Makefile | 2 +- arch/x86/boot/genimage.sh | 5 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/amd/ibs.c | 20 +- arch/x86/include/asm/bug.h | 5 +- arch/x86/include/asm/ibt.h | 4 +- arch/x86/include/asm/nmi.h | 2 + arch/x86/include/asm/perf_event.h | 1 + arch/x86/kernel/cpu/bugs.c | 10 +- arch/x86/kernel/nmi.c | 42 ++ arch/x86/kernel/reboot.c | 10 +- arch/x86/kernel/traps.c | 82 ++- arch/x86/mm/init.c | 9 +- arch/x86/mm/init_64.c | 15 +- arch/x86/mm/kaslr.c | 10 +- arch/x86/um/os-Linux/mcontext.c | 3 +- crypto/ahash.c | 4 + crypto/algif_hash.c | 4 - crypto/lzo-rle.c | 2 +- crypto/lzo.c | 2 +- crypto/skcipher.c | 1 + drivers/accel/qaic/qaic_drv.c | 2 +- drivers/acpi/Kconfig | 2 +- drivers/acpi/acpi_pnp.c | 2 + drivers/acpi/hed.c | 7 +- drivers/auxdisplay/charlcd.c | 5 +- drivers/auxdisplay/charlcd.h | 5 +- drivers/auxdisplay/hd44780.c | 2 +- drivers/auxdisplay/lcd2s.c | 2 +- drivers/auxdisplay/panel.c | 2 +- drivers/bluetooth/btusb.c | 98 ++- drivers/clk/clk-s2mps11.c | 3 +- drivers/clk/imx/clk-imx8mp.c | 151 ++++ drivers/clk/qcom/Kconfig | 2 +- drivers/clk/qcom/camcc-sm8250.c | 56 +- drivers/clk/qcom/clk-alpha-pll.c | 52 +- drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 42 +- drivers/clk/sunxi-ng/ccu_mp.h | 22 + drivers/clocksource/mips-gic-timer.c | 6 +- drivers/cpufreq/cpufreq-dt-platdev.c | 1 + drivers/cpufreq/tegra186-cpufreq.c | 7 + drivers/cpuidle/governors/menu.c | 13 +- .../crypto/marvell/octeontx2/otx2_cptvf_reqmgr.c | 7 +- drivers/dma/fsl-edma-main.c | 2 +- drivers/dma/idxd/cdev.c | 20 +- drivers/dma/idxd/dma.c | 6 + drivers/dma/idxd/idxd.h | 9 + drivers/dma/idxd/sysfs.c | 34 + drivers/edac/ie31200_edac.c | 28 +- drivers/firmware/arm_ffa/bus.c | 1 + drivers/firmware/arm_ffa/driver.c | 8 + drivers/firmware/arm_scmi/bus.c | 19 +- drivers/fpga/altera-cvp.c | 2 +- drivers/gpio/gpio-pca953x.c | 111 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 7 +- drivers/gpu/drm/amd/amdgpu/gfxhub_v1_0.c | 10 +- drivers/gpu/drm/amd/amdgpu/mmhub_v1_7.c | 25 + drivers/gpu/drm/amd/amdgpu/mmhub_v1_8.c | 27 + drivers/gpu/drm/amd/amdgpu/mmhub_v9_4.c | 31 + drivers/gpu/drm/amd/amdgpu/nv.c | 16 +- drivers/gpu/drm/amd/amdgpu/soc21.c | 10 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 39 +- .../drm/amd/amdkfd/kfd_device_queue_manager_cik.c | 69 +- .../drm/amd/amdkfd/kfd_device_queue_manager_vi.c | 77 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 16 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 +- .../amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 22 +- .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 15 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_dpp.c | 11 +- .../drm/amd/display/dc/dcn315/dcn315_resource.c | 40 +- drivers/gpu/drm/amd/display/dc/inc/core_types.h | 2 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 13 +- .../display/dc/link/protocols/link_dp_capability.c | 33 +- .../amd/display/dc/link/protocols/link_dp_phy.c | 8 +- .../dc/link/protocols/link_dp_training_8b_10b.c | 7 +- .../dc/link/protocols/link_edp_panel_control.c | 25 +- .../include/asic_reg/mmhub/mmhub_9_4_1_offset.h | 32 + .../include/asic_reg/mmhub/mmhub_9_4_1_sh_mask.h | 48 ++ drivers/gpu/drm/ast/ast_mode.c | 10 +- drivers/gpu/drm/bridge/adv7511/adv7511_audio.c | 2 + drivers/gpu/drm/drm_atomic_helper.c | 28 + drivers/gpu/drm/drm_edid.c | 1 + drivers/gpu/drm/drm_gem.c | 4 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 5 +- drivers/gpu/drm/panel/panel-edp.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 6 +- drivers/gpu/drm/v3d/v3d_drv.c | 25 +- drivers/hid/hid-ids.h | 4 + drivers/hid/hid-quirks.c | 2 + drivers/hid/usbhid/usbkbd.c | 2 +- drivers/hwmon/dell-smm-hwmon.c | 5 +- drivers/hwmon/gpio-fan.c | 16 +- drivers/hwmon/xgene-hwmon.c | 2 +- drivers/hwtracing/intel_th/Kconfig | 1 + drivers/hwtracing/intel_th/msu.c | 31 +- drivers/i2c/busses/i2c-designware-common.c | 1 + drivers/i2c/busses/i2c-designware-core.h | 5 +- drivers/i2c/busses/i2c-designware-master.c | 43 +- drivers/i2c/busses/i2c-designware-pcidrv.c | 40 +- drivers/i2c/busses/i2c-designware-platdrv.c | 54 +- drivers/i2c/busses/i2c-designware-slave.c | 3 +- drivers/i2c/busses/i2c-pxa.c | 5 +- drivers/i2c/busses/i2c-qup.c | 36 + drivers/i3c/master/svc-i3c-master.c | 4 + drivers/infiniband/core/umem.c | 36 +- drivers/infiniband/core/uverbs_cmd.c | 144 ++-- drivers/infiniband/core/verbs.c | 11 +- drivers/input/joystick/xpad.c | 3 + drivers/iommu/amd/io_pgtable_v2.c | 2 +- drivers/iommu/dma-iommu.c | 28 +- drivers/leds/rgb/leds-pwm-multicolor.c | 5 +- drivers/leds/trigger/ledtrig-netdev.c | 16 +- drivers/mailbox/mailbox.c | 7 +- drivers/mailbox/pcc.c | 8 +- drivers/md/dm-cache-target.c | 24 + drivers/md/dm-table.c | 4 + drivers/md/dm.c | 8 +- drivers/media/i2c/adv7180.c | 34 +- drivers/media/i2c/imx219.c | 2 +- drivers/media/i2c/tc358746.c | 19 +- drivers/media/platform/qcom/camss/camss-csid.c | 64 +- .../platform/st/sti/c8sectpfe/c8sectpfe-core.c | 3 +- .../media/test-drivers/vivid/vivid-kthread-cap.c | 11 +- .../media/test-drivers/vivid/vivid-kthread-out.c | 11 +- .../media/test-drivers/vivid/vivid-kthread-touch.c | 11 +- drivers/media/test-drivers/vivid/vivid-sdr-cap.c | 11 +- drivers/media/usb/cx231xx/cx231xx-417.c | 2 + drivers/media/usb/uvc/uvc_ctrl.c | 77 +- drivers/media/usb/uvc/uvc_v4l2.c | 6 + drivers/media/v4l2-core/v4l2-subdev.c | 2 + drivers/mfd/tps65219.c | 7 - drivers/mmc/host/dw_mmc-exynos.c | 41 +- drivers/mmc/host/sdhci-pci-core.c | 6 +- drivers/mmc/host/sdhci.c | 9 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/can/c_can/c_can_platform.c | 2 +- drivers/net/can/kvaser_pciefd.c | 90 ++- drivers/net/can/slcan/slcan-core.c | 26 +- drivers/net/ethernet/amd/pds_core/core.c | 5 +- drivers/net/ethernet/amd/pds_core/core.h | 2 +- drivers/net/ethernet/apm/xgene-v2/main.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc.c | 16 +- drivers/net/ethernet/freescale/fec_main.c | 52 +- drivers/net/ethernet/intel/ice/ice_ethtool.c | 3 +- drivers/net/ethernet/intel/ice/ice_irq.c | 25 +- drivers/net/ethernet/intel/ice/ice_lag.c | 6 + drivers/net/ethernet/intel/ice/ice_lib.c | 2 + drivers/net/ethernet/intel/ice/ice_virtchnl.c | 1 - drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 14 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_cn10k.c | 24 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 11 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 8 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 22 +- drivers/net/ethernet/mellanox/mlx4/alloc.c | 6 +- drivers/net/ethernet/mellanox/mlx4/en_tx.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 - .../net/ethernet/mellanox/mlx5/core/en/params.c | 15 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 5 + .../net/ethernet/mellanox/mlx5/core/en_selftest.c | 3 + .../net/ethernet/mellanox/mlx5/core/esw/legacy.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/events.c | 11 +- .../net/ethernet/mellanox/mlx5/core/fs_ft_pool.c | 6 +- .../net/ethernet/mellanox/mlx5/core/fs_ft_pool.h | 2 - drivers/net/ethernet/mellanox/mlx5/core/health.c | 1 + .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 3 +- drivers/net/ethernet/microchip/lan743x_main.c | 19 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/ethernet/ti/cpsw_new.c | 1 + drivers/net/ieee802154/ca8210.c | 9 +- drivers/net/phy/phylink.c | 2 +- drivers/net/usb/r8152.c | 1 + drivers/net/vxlan/vxlan_core.c | 36 +- drivers/net/wireless/ath/ath12k/core.h | 1 + drivers/net/wireless/ath/ath12k/dp_tx.c | 6 +- drivers/net/wireless/ath/ath12k/hal_desc.h | 2 +- drivers/net/wireless/ath/ath12k/pci.c | 13 +- drivers/net/wireless/ath/ath12k/wmi.c | 4 +- drivers/net/wireless/ath/ath9k/init.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 10 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 2 + drivers/net/wireless/mediatek/mt76/mt76.h | 1 + .../net/wireless/mediatek/mt76/mt76_connac3_mac.h | 3 + drivers/net/wireless/mediatek/mt76/mt76x0/pci.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x0/usb.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x2/pci.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +- drivers/net/wireless/mediatek/mt76/tx.c | 3 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 17 +- drivers/net/wireless/realtek/rtw88/mac.c | 6 +- drivers/net/wireless/realtek/rtw88/main.c | 40 +- drivers/net/wireless/realtek/rtw88/reg.h | 3 +- drivers/net/wireless/realtek/rtw88/rtw8822b.c | 14 +- drivers/net/wireless/realtek/rtw88/util.c | 3 +- drivers/net/wireless/realtek/rtw89/fw.c | 2 - drivers/net/wireless/realtek/rtw89/regd.c | 2 + drivers/net/wireless/realtek/rtw89/ser.c | 4 + drivers/nvdimm/label.c | 3 +- drivers/nvme/host/pci.c | 8 + drivers/nvme/target/tcp.c | 3 + drivers/nvmem/core.c | 16 +- drivers/nvmem/qfprom.c | 26 +- drivers/nvmem/rockchip-otp.c | 17 +- drivers/pci/Kconfig | 6 + drivers/pci/controller/dwc/pcie-designware-ep.c | 2 +- drivers/pci/controller/pcie-brcmstb.c | 5 +- drivers/pci/controller/vmd.c | 20 + drivers/pci/setup-bus.c | 6 +- drivers/perf/arm-cmn.c | 10 +- drivers/perf/arm_pmuv3.c | 4 +- drivers/phy/phy-core.c | 7 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 143 ++-- drivers/phy/starfive/phy-jh7110-usb.c | 7 + drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 44 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/meson/pinctrl-meson.c | 2 +- drivers/pinctrl/qcom/pinctrl-apq8064.c | 2 +- drivers/pinctrl/qcom/pinctrl-apq8084.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq4019.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq5018.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq5332.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq6018.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq8064.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq8074.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq9574.c | 2 +- drivers/pinctrl/qcom/pinctrl-mdm9607.c | 2 +- drivers/pinctrl/qcom/pinctrl-mdm9615.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm.c | 27 +- drivers/pinctrl/qcom/pinctrl-msm.h | 2 +- drivers/pinctrl/qcom/pinctrl-msm8226.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8660.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8909.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8916.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8953.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8960.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8976.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8994.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8996.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8998.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8x74.c | 2 +- drivers/pinctrl/qcom/pinctrl-qcm2290.c | 2 +- drivers/pinctrl/qcom/pinctrl-qcs404.c | 2 +- drivers/pinctrl/qcom/pinctrl-qdf2xxx.c | 2 +- drivers/pinctrl/qcom/pinctrl-qdu1000.c | 2 +- drivers/pinctrl/qcom/pinctrl-sa8775p.c | 2 +- drivers/pinctrl/qcom/pinctrl-sc7180.c | 2 +- drivers/pinctrl/qcom/pinctrl-sc7280.c | 2 +- drivers/pinctrl/qcom/pinctrl-sc8180x.c | 2 +- drivers/pinctrl/qcom/pinctrl-sc8280xp.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdm660.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdm670.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdm845.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdx55.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdx65.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdx75.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm6115.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm6125.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm6350.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm6375.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm7150.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8150.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8250.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8350.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8450.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8550.c | 2 +- drivers/pinctrl/tegra/pinctrl-tegra.c | 59 +- drivers/pinctrl/tegra/pinctrl-tegra.h | 6 + .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 2 +- drivers/platform/x86/fujitsu-laptop.c | 33 +- drivers/platform/x86/thinkpad_acpi.c | 7 + drivers/pmdomain/imx/gpcv2.c | 2 +- drivers/regulator/ad5398.c | 12 +- drivers/remoteproc/qcom_wcnss.c | 34 +- drivers/rtc/rtc-ds1307.c | 4 +- drivers/rtc/rtc-rv3032.c | 2 +- drivers/s390/crypto/vfio_ap_ops.c | 72 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 17 +- drivers/scsi/lpfc/lpfc_init.c | 2 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 3 + drivers/scsi/mpt3sas/mpt3sas_ctl.c | 12 +- drivers/scsi/st.c | 29 +- drivers/scsi/st.h | 2 + drivers/soc/apple/rtkit-internal.h | 1 + drivers/soc/apple/rtkit.c | 58 +- drivers/soc/ti/k3-socinfo.c | 13 +- drivers/soundwire/amd_manager.c | 2 + drivers/soundwire/bus.c | 9 +- drivers/spi/spi-fsl-dspi.c | 46 +- drivers/spi/spi-rockchip.c | 2 +- drivers/spi/spi-sun4i.c | 5 +- drivers/spi/spi-zynqmp-gqspi.c | 22 +- drivers/target/iscsi/iscsi_target.c | 2 +- drivers/target/target_core_spc.c | 14 +- drivers/thermal/intel/x86_pkg_temp_thermal.c | 1 + drivers/thermal/qoriq_thermal.c | 13 + drivers/thunderbolt/retimer.c | 8 +- drivers/tty/serial/8250/8250_port.c | 2 +- drivers/tty/serial/atmel_serial.c | 2 +- drivers/tty/serial/imx.c | 2 +- drivers/tty/serial/serial_mctrl_gpio.c | 34 +- drivers/tty/serial/serial_mctrl_gpio.h | 17 +- drivers/tty/serial/sh-sci.c | 98 ++- drivers/tty/serial/stm32-usart.c | 2 +- drivers/ufs/core/ufshcd.c | 29 + drivers/usb/host/xhci-ring.c | 12 +- drivers/vdpa/mlx5/net/mlx5_vnet.c | 3 + drivers/vfio/pci/vfio_pci_config.c | 3 +- drivers/vfio/pci/vfio_pci_core.c | 10 +- drivers/vfio/pci/vfio_pci_intrs.c | 2 +- drivers/vhost/scsi.c | 23 +- drivers/video/fbdev/core/bitblit.c | 5 +- drivers/video/fbdev/core/fbcon.c | 10 +- drivers/video/fbdev/core/fbcon.h | 38 +- drivers/video/fbdev/core/fbcon_ccw.c | 5 +- drivers/video/fbdev/core/fbcon_cw.c | 5 +- drivers/video/fbdev/core/fbcon_ud.c | 5 +- drivers/video/fbdev/core/tileblit.c | 45 +- drivers/video/fbdev/fsl-diu-fb.c | 1 + drivers/virtio/virtio_ring.c | 2 +- drivers/watchdog/aspeed_wdt.c | 81 ++- drivers/xen/platform-pci.c | 4 + drivers/xen/xenbus/xenbus_probe.c | 14 +- fs/btrfs/block-group.c | 18 +- fs/btrfs/discard.c | 34 +- fs/btrfs/disk-io.c | 28 +- fs/btrfs/extent_io.c | 7 +- fs/btrfs/relocation.c | 6 + fs/btrfs/scrub.c | 4 +- fs/btrfs/send.c | 6 +- fs/coredump.c | 81 ++- fs/dlm/lowcomms.c | 4 +- fs/ext4/balloc.c | 4 +- fs/ext4/ext4.h | 5 +- fs/ext4/extents.c | 19 +- fs/ext4/inode.c | 81 ++- fs/ext4/page-io.c | 16 +- fs/ext4/super.c | 19 +- fs/f2fs/sysfs.c | 74 +- fs/fuse/dir.c | 2 + fs/gfs2/glock.c | 11 +- fs/jbd2/recovery.c | 11 +- fs/namespace.c | 6 +- fs/nfs/client.c | 2 + fs/nfs/delegation.c | 3 +- fs/nfs/dir.c | 15 +- fs/nfs/filelayout/filelayoutdev.c | 6 +- fs/nfs/flexfilelayout/flexfilelayout.c | 1 + fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 +- fs/nfs/inode.c | 2 + fs/nfs/internal.h | 5 + fs/nfs/nfs3proc.c | 2 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/nfs4state.c | 10 +- fs/nfs/pnfs.h | 4 +- fs/nfs/pnfs_nfs.c | 9 +- fs/orangefs/inode.c | 7 +- fs/pstore/inode.c | 2 +- fs/pstore/internal.h | 4 +- fs/pstore/platform.c | 11 +- fs/smb/client/cifsacl.c | 17 +- fs/smb/client/cifspdu.h | 5 +- fs/smb/client/cifsproto.h | 7 + fs/smb/client/cifssmb.c | 57 ++ fs/smb/client/connect.c | 30 +- fs/smb/client/fs_context.c | 2 + fs/smb/client/fs_context.h | 3 + fs/smb/client/link.c | 8 +- fs/smb/client/readdir.c | 7 +- fs/smb/client/smb1ops.c | 228 +++++- fs/smb/client/smb2file.c | 11 +- fs/smb/client/smb2ops.c | 30 +- fs/smb/client/transport.c | 2 +- fs/smb/common/smb2pdu.h | 3 + fs/smb/server/oplock.c | 7 +- fs/smb/server/vfs.c | 14 +- include/crypto/hash.h | 3 + include/drm/drm_atomic.h | 23 +- include/drm/drm_gem.h | 13 + include/linux/bpf-cgroup.h | 1 + include/linux/coredump.h | 1 + include/linux/dma-mapping.h | 12 +- include/linux/highmem.h | 6 +- include/linux/hrtimer.h | 1 + include/linux/ipv6.h | 1 + include/linux/lzo.h | 8 + include/linux/mlx4/device.h | 2 +- include/linux/mlx5/fs.h | 2 + include/linux/msi.h | 33 +- include/linux/nfs_fs_sb.h | 12 +- include/linux/page-flags.h | 7 + include/linux/perf_event.h | 8 +- include/linux/rcupdate.h | 2 +- include/linux/rcutree.h | 2 +- include/linux/trace.h | 4 +- include/linux/trace_seq.h | 8 +- include/linux/usb/r8152.h | 1 + include/media/v4l2-subdev.h | 4 +- include/net/af_unix.h | 49 +- include/net/scm.h | 11 + include/net/xfrm.h | 1 - include/rdma/uverbs_std_types.h | 2 +- include/sound/hda_codec.h | 1 + include/sound/pcm.h | 2 + include/trace/events/btrfs.h | 2 +- include/uapi/linux/bpf.h | 1 + include/uapi/linux/idxd.h | 1 + include/ufs/ufs_quirks.h | 6 + io_uring/fdinfo.c | 4 +- io_uring/io_uring.c | 1 + kernel/bpf/cgroup.c | 33 +- kernel/bpf/hashtab.c | 2 +- kernel/bpf/syscall.c | 7 +- kernel/bpf/verifier.c | 4 + kernel/cgroup/cgroup.c | 2 +- kernel/events/core.c | 33 +- kernel/events/hw_breakpoint.c | 5 +- kernel/events/ring_buffer.c | 1 + kernel/fork.c | 9 +- kernel/padata.c | 3 +- kernel/printk/printk.c | 14 +- kernel/rcu/tree_plugin.h | 22 +- kernel/sched/fair.c | 6 +- kernel/softirq.c | 18 + kernel/time/hrtimer.c | 103 ++- kernel/time/posix-timers.c | 1 + kernel/time/timer_list.c | 4 +- kernel/trace/trace.c | 11 +- kernel/trace/trace.h | 16 +- kernel/vhost_task.c | 2 +- lib/dynamic_queue_limits.c | 2 +- lib/lzo/Makefile | 2 +- lib/lzo/lzo1x_compress.c | 102 ++- lib/lzo/lzo1x_compress_safe.c | 18 + mm/memcontrol.c | 6 +- mm/page_alloc.c | 8 + net/Makefile | 2 +- net/bluetooth/l2cap_core.c | 15 +- net/bridge/br_mdb.c | 2 +- net/bridge/br_nf_core.c | 7 +- net/bridge/br_private.h | 1 + net/can/bcm.c | 79 ++- net/core/pktgen.c | 13 +- net/core/scm.c | 17 + net/ipv4/esp4.c | 49 +- net/ipv4/fib_frontend.c | 18 +- net/ipv4/fib_rules.c | 4 +- net/ipv4/fib_trie.c | 22 - net/ipv4/inet_hashtables.c | 37 +- net/ipv4/ip_gre.c | 16 +- net/ipv4/tcp_input.c | 56 +- net/ipv6/esp6.c | 49 +- net/ipv6/fib6_rules.c | 4 +- net/ipv6/ip6_output.c | 9 +- net/llc/af_llc.c | 8 +- net/mac80211/mlme.c | 4 +- net/netfilter/nf_conntrack_standalone.c | 12 +- net/sched/sch_hfsc.c | 15 +- net/smc/smc_pnet.c | 8 +- net/sunrpc/clnt.c | 3 - net/sunrpc/rpcb_clnt.c | 5 +- net/sunrpc/sched.c | 2 + net/tipc/crypto.c | 5 + net/unix/Kconfig | 5 - net/unix/Makefile | 2 - net/unix/af_unix.c | 120 ++-- net/unix/garbage.c | 779 ++++++++++++++------- net/unix/scm.c | 161 ----- net/unix/scm.h | 10 - net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_state.c | 6 +- samples/bpf/Makefile | 2 +- scripts/config | 26 +- scripts/kconfig/merge_config.sh | 4 +- security/integrity/ima/ima_main.c | 4 +- security/smack/smackfs.c | 21 +- sound/core/oss/pcm_oss.c | 3 +- sound/core/pcm_native.c | 11 + sound/core/seq/seq_clientmgr.c | 5 +- sound/core/seq/seq_memory.c | 1 + sound/pci/hda/hda_beep.c | 15 +- sound/pci/hda/patch_realtek.c | 77 +- sound/soc/codecs/cs42l43-jack.c | 7 + sound/soc/codecs/mt6359-accdet.h | 9 + sound/soc/codecs/pcm3168a.c | 6 +- sound/soc/codecs/rt722-sdca-sdw.c | 49 +- sound/soc/codecs/tas2764.c | 53 +- sound/soc/fsl/imx-card.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 13 + sound/soc/mediatek/mt8188/mt8188-afe-clk.c | 8 + sound/soc/mediatek/mt8188/mt8188-afe-clk.h | 8 + sound/soc/mediatek/mt8188/mt8188-afe-pcm.c | 4 - sound/soc/qcom/sm8250.c | 3 + sound/soc/soc-dai.c | 8 +- sound/soc/soc-ops.c | 29 +- sound/soc/sof/ipc4-control.c | 11 +- sound/soc/sof/ipc4-pcm.c | 3 +- sound/soc/sof/topology.c | 18 +- sound/soc/sunxi/sun4i-codec.c | 53 ++ tools/bpf/bpftool/common.c | 3 +- tools/build/Makefile.build | 6 +- tools/include/uapi/linux/bpf.h | 1 + tools/lib/bpf/libbpf.c | 2 +- tools/net/ynl/lib/ynl.c | 2 +- tools/objtool/check.c | 21 +- tools/testing/kunit/qemu_configs/x86_64.py | 4 +- .../selftests/bpf/prog_tests/sockmap_ktls.c | 1 - .../testing/selftests/net/forwarding/bridge_mdb.sh | 2 +- tools/testing/selftests/net/gro.sh | 3 +- 552 files changed, 5765 insertions(+), 2788 deletions(-)

3 months, 2 weeks

12
457
0 0

[PATCH 6.1 000/325] 6.1.141-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.141 release. There are 325 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 04 Jun 2025 13:42:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.141-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.141-rc1 Nishanth Menon <nm(a)ti.com> net: ethernet: ti: am65-cpsw: Lower random mac address error print to info Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: thinkpad_acpi: Ignore battery threshold change event notification Valtteri Koskivuori <vkoskiv(a)gmail.com> platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid flushing data while holding directory locks in nfs_rename() Ilya Guterman <amfernusus(a)gmail.com> nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro Alessandro Grassi <alessandro.grassi(a)mailbox.org> spi: spi-sun4i: fix early activation Masahiro Yamada <masahiroy(a)kernel.org> um: let 'make clean' properly clean underlying SUBARCH as well John Chau <johnchau(a)0atlas.com> platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS Jeff Layton <jlayton(a)kernel.org> nfs: don't share pNFS DS connections between net namespaces Milton Barrera <miltonjosue2001(a)gmail.com> HID: quirks: Add ADATA XPG alpha wireless mouse support Christian Brauner <brauner(a)kernel.org> coredump: hand a pidfd to the usermode coredump helper Christian Brauner <brauner(a)kernel.org> fork: use pidfd_prepare() Christian Brauner <brauner(a)kernel.org> pid: add pidfd_prepare() Christian Brauner <brauner(a)kernel.org> coredump: fix error handling for replace_fd() Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Initialise cmn->cpu earlier Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix REQ2/SNP2 mixup Pedro Tammela <pctammela(a)mojatatu.com> net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Alok Tiwari <alok.a.tiwari(a)oracle.com> arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node Shigeru Yoshida <syoshida(a)redhat.com> af_unix: Fix uninit-value in __unix_walk_scc() Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collection of embryos carrying OOB with SCM_RIGHTS Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Add dead flag to struct scm_fp_list. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't access successor in unix_del_edges() during GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Try not to hold unix_gc_lock during accept(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove lock dance in unix_peek_fds(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Replace garbage collection algorithm. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Detect dead SCC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Assign a unique index to SCC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Avoid Tarjan's algorithm if unnecessary. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Skip GC if no cycle exists. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Save O(n) setup of Tarjan's algo. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Fix up unix_edge.successor for embryo socket. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Save listener for embryo socket. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Detect Strongly Connected Components. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Iterate all vertices by DFS. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Bulk update unix_tot_inflight/unix_inflight when queuing skb. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Link struct unix_edge when queuing skb. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Allocate struct unix_edge for each inflight AF_UNIX fd. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Allocate struct unix_vertex for each inflight AF_UNIX fd. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove CONFIG_UNIX_SCM. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove io_uring code for GC. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Replace BUG_ON() with WARN_ON_ONCE(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Try to run GC async. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Run GC on only one CPU. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Return struct unix_sock from unix_get_socket(). Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> af_unix: Kconfig: make CONFIG_UNIX bool Boris Burkov <boris(a)bur.io> btrfs: check folio mapping after unlock in relocate_one_folio() Frederic Weisbecker <frederic(a)kernel.org> hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING Ratheesh Kannoth <rkannoth(a)marvell.com> octeontx2-pf: Fix page pool frag allocation warning Ratheesh Kannoth <rkannoth(a)marvell.com> octeontx2-pf: Fix page pool cache index corruption. Ratheesh Kannoth <rkannoth(a)marvell.com> octeontx2-pf: fix page_pool creation fail for rings > 32k Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> dmaengine: idxd: Fix passing freed memory in idxd_cdev_open() Balbir Singh <balbirs(a)nvidia.com> x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers bounce buffers Nathan Chancellor <nathan(a)kernel.org> i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() Geert Uytterhoeven <geert+renesas(a)glider.be> serial: sh-sci: Save and restore more registers Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: Reset SR flags before sending a new message Bogdan-Gabriel Roman <bogdan-gabriel.roman(a)nxp.com> spi: spi-fsl-dspi: Halt the module after a new message transfer Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: restrict register range for regmap access Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix stream write failure Jernej Skrabec <jernej.skrabec(a)gmail.com> Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection" Tianyang Zhang <zhangtianyang(a)loongson.cn> mm/page_alloc.c: avoid infinite retries caused by cpuset race Breno Leitao <leitao(a)debian.org> memcg: always call cond_resched() after fn() Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: Keep display off while going into S4" Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Reset all search buffer pointers when releasing buffer Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix use-after-free in cifs_fill_dirent feijuan.li <feijuan.li(a)samsung.com> drm/edid: fixed the bug that hdr metadata was not reset Vladimir Moskovkin <Vladimir.Moskovkin(a)kaspersky.com> platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> llc: fix data loss when reading from a socket in llc_ui_recvmsg() Ed Burcher <git(a)edburcher.com> ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix race of buffer access at PCM OSS layer Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add missing rcu read protection for procfs content Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add locking for bcm_op runtime updates Carlos Sanchez <carlossanchez(a)geotab.com> can: slcan: allow reception of short error messages Dominik Grzegorzek <dominik.grzegorzek(a)oracle.com> padata: do not leak refcount in reorder_work Ivan Pravdin <ipravdin.official(a)gmail.com> crypto: algif_hash - fix double free in hash_accept Geetha sowjanya <gakula(a)marvell.com> octeontx2-af: Fix APR entry mapping based on APR_LMT_CFG Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Set LMT_ENA bit for APR table entries Wang Liang <wangliang74(a)huawei.com> net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Suman Ghosh <sumang(a)marvell.com> octeontx2-pf: Add AF_XDP non-zero copy support Ratheesh Kannoth <rkannoth(a)marvell.com> octeontx2-pf: Add support for page pool Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix overflow resched cqe reordering Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: Restore SGMII CTRL register on resume Paul Kocialkowski <paulk(a)sys-base.io> net: dwmac-sun8i: Use parsed internal PHY address instead of 1 Jacob Keller <jacob.e.keller(a)intel.com> ice: fix vf->num_mac count with port representors Ido Schimmel <idosch(a)nvidia.com> bridge: netfilter: Fix forwarding of fragmented packets Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not checking l2cap_chan security level Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: Fix ->poll() return value Paul Chaignon <paul.chaignon(a)gmail.com> xfrm: Sanitize marks before insert Andre Przywara <andre.przywara(a)arm.com> clk: sunxi-ng: d1: Add missing divider for MMC mod clocks Matti Lehtimäki <matti.lehtimaki(a)gmail.com> remoteproc: qcom_wcnss: Fix on platforms without fallback regulators Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: idxd: Fix allowing write() from different address spaces Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: add idxd_copy_cr() to copy user completion record during page fault handling Dave Jiang <dave.jiang(a)intel.com> dmaengine: idxd: add per DSA wq workqueue for processing cr faults Sabrina Dubroca <sd(a)queasysnail.net> espintcp: remove encap socket caching to avoid reference leak Al Viro <viro(a)zeniv.linux.org.uk> __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock Jason Andryuk <jason.andryuk(a)amd.com> xenbus: Allow PVH dom0 a non-local xenstore Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: add support for Killer on MTL Goldwyn Rodrigues <rgoldwyn(a)suse.de> btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: annotate racy sq/cq head/tail reads Alistair Francis <alistair.francis(a)wdc.com> nvmet-tcp: don't restore null sk_state_change Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> pinctrl: meson: define the pull up/down resistor value as 60 kOhm Chenyuan Yang <chenyuan0y(a)gmail.com> ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() Jessica Zhang <quic_jesszhan(a)quicinc.com> drm: Add valid clones check Douglas Anderson <dianders(a)chromium.org> drm/panel-edp: Add Starry 116KHD024006 Simona Vetter <simona.vetter(a)ffwll.ch> drm/atomic: clarify the rules around drm_atomic_state->allow_modeset Rosen Penev <rosenp(a)gmail.com> wifi: ath9k: return by of_get_mac_address Isaac Scott <isaac.scott(a)ideasonboard.com> regulator: ad5398: Add device tree support Sean Anderson <sean.anderson(a)linux.dev> spi: zynqmp-gqspi: Always acknowledge interrupts Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate Soeren Moch <smoch(a)web.de> wifi: rtl8xxxu: retry firmware download on error Ravi Bangoria <ravi.bangoria(a)amd.com> perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt Viktor Malik <vmalik(a)redhat.com> bpftool: Fix readlink usage in get_fd_type Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Find VBIOS mode from regular display size Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode junan <junan76(a)163.com> HID: usbkbd: Fix the bit shift number for LED_KANA Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Restore some drive settings after reset Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine Konstantin Taranov <kotaranov(a)microsoft.com> net/mana: fix warning in the writer of client oob Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: count combined queues using Rx/Tx count Peter Zijlstra (Intel) <peterz(a)infradead.org> perf: Avoid the read if the count is already updated Ankur Arora <ankur.a.arora(a)oracle.com> rcu: fix header guard for rcu_all_qs() Ankur Arora <ankur.a.arora(a)oracle.com> rcu: handle unstable rdp in rcu_read_unlock_strict() Ankur Arora <ankur.a.arora(a)oracle.com> rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't scan PHY addresses > 0 Ido Schimmel <idosch(a)nvidia.com> vxlan: Annotate FDB data races Depeng Shao <quic_depengs(a)quicinc.com> media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available Andrey Vatoropin <a.vatoropin(a)crpt.ru> hwmon: (xgene-hwmon) use appropriate type for the latency value Jordan Crouse <jorcrous(a)amazon.com> clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix download_firmware_validate() for RTL8814AU Aleksander Jan Bajkowski <olek2(a)wp.pl> r8152: add vendor/device ID pair for Dell Alienware AW1022z Kuniyuki Iwashima <kuniyu(a)amazon.com> ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> arch/powerpc/perf: Check the instruction type before creating sample with perf_mem_data_src Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove misplaced drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unconditionally call drv_mgd_complete_tx() William Tu <witu(a)nvidia.com> net/mlx5e: reduce rep rxq depth to 256 for ECPF William Tu <witu(a)nvidia.com> net/mlx5e: set the tx_queue_len for pfifo_fast Alexei Lazar <alazar(a)nvidia.com> net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() Shiwu Zhang <shiwu.zhang(a)amd.com> drm/amdgpu: enlarge the VBIOS binary size limit Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Initial psr_version with correct setting Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: reset psp->cmd to NULL after releasing the buffer Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: core: don't require set_mode() callback for phy_get_mode() to work Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Update the suspend/resume support Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> clk: qcom: clk-alpha-pll: Do not use random stack value for recalc rate Kees Cook <kees(a)kernel.org> net/mlx4_core: Avoid impossible mlx4_db_alloc() order value Brendan Jackman <jackmanb(a)google.com> kunit: tool: Use qboot on QEMU x86_64 Konstantin Andreev <andreev(a)swemel.ru> smack: recognize ipv4 CIPSO w/o categories Valentin Caron <valentin.caron(a)foss.st.com> pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Power up/down amp on mute ops Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Mark SW_RESET as volatile Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG Martin Povišer <povik+lin(a)cutebit.org> ASoC: ops: Enforce platform maximum on initial value Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Apply rate-limiting to high temperature warning Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Modify LSB bitmask in temperature event to include only the first bit Hans Verkuil <hverkuil(a)xs4all.nl> media: test-drivers: vivid: don't call schedule in loop Petr Machata <petrm(a)nvidia.com> vxlan: Join / leave MC group after remote changes Xiaofei Tan <tanxiaofei(a)huawei.com> ACPI: HED: Always initialize before evged Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix old_size lower bound in calculate_iosize() too Jakub Kicinski <kuba(a)kernel.org> eth: mlx4: don't try to complete XDP frames in netpoll Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: Use of_property_present() to test existence of DT property Ahmad Fatoum <a.fatoum(a)pengutronix.de> pmdomain: imx: gpcv2: use proper helper for property detection Michael Margolin <mrgolin(a)amazon.com> RDMA/core: Fix best page size finding when it can cross SG entries Alexis Lothoré <alexis.lothore(a)bootlin.com> serial: mctrl_gpio: split disable_ms into sync and no_sync APIs Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) Arnd Bergmann <arnd(a)arndb.de> EDAC/ie31200: work around false positive build warning Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: mpt3sas: Send a diag reset if target reset fails Paul Burton <paulburton(a)kernel.org> clocksource: mips-gic-timer: Enable counter when CPUs start Paul Burton <paulburton(a)kernel.org> MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core Jason Gunthorpe <jgg(a)ziepe.ca> genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie Bibo Mao <maobibo(a)loongson.cn> MIPS: Use arch specific syscall name match function Balbir Singh <balbirs(a)nvidia.com> x86/kaslr: Reduce KASLR entropy on most x86 systems Jinliang Zheng <alexjlzheng(a)gmail.com> dm: fix unconditional IO throttle caused by REQ_PREFLUSH Nandakumar Edamana <nandakumar(a)nandakumar.co.in> libbpf: Fix out-of-bound read Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: adv7180: Disable test-pattern control on adv7180 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: menu: Avoid discarding useful information Waiman Long <longman(a)redhat.com> x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: handle max_downscale_src_width fail check Nir Lichtman <nir(a)lichtman.org> x86/build: Fix broken copy command in genimage.sh when making isoimage Andrew Davis <afd(a)ti.com> soc: ti: k3-socinfo: Do not use syscon helper to build regmap Hangbin Liu <liuhangbin(a)gmail.com> bonding: report duplicate MAC address in all situations Arnd Bergmann <arnd(a)arndb.de> net: xgene-v2: remove incorrect ACPI_PTR annotation Eric Woudstra <ericwouds(a)gmail.com> net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only Yuanjun Gong <ruc_gongyuanjun(a)163.com> leds: pwm-multicolor: Add check for fwnode_property_read_u32 Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: KFD release_work possible circular locking Kevin Krakauer <krakauer(a)google.com> selftests/net: have `gro.sh -t` return a correct exit code Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Avoid report two health errors on same syndrome Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Set dma_mask for ffa devices Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Add a softdep to MIP MSI-X driver Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Expand inbound window size up to 64GB Hector Martin <marcan(a)marcan.st> soc: apple: rtkit: Implement OSLog buffers properly Janne Grunau <j(a)jannau.net> soc: apple: rtkit: Use high prio work queue Kuhanh Murugasen Krishnan <kuhanh.murugasen.krishnan(a)intel.com> fpga: altera-cvp: Increase credit timeout AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence Li Bin <bin.li(a)microchip.com> ARM: at91: pm: fix at91_suspend_finish for ZQ calibration Alexander Stein <alexander.stein(a)ew.tq-group.com> hwmon: (gpio-fan) Add missing mutex locks Breno Leitao <leitao(a)debian.org> x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx8mp: inform CCF of maximum frequency of clocks Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Add uv swap for cluster window Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 Saket Kumar Bhaskar <skb99(a)linux.ibm.com> perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix mpls maximum labels list parsing Alexander Sverdlin <alexander.sverdlin(a)siemens.com> net: ethernet: ti: cpsw_new: populate netdev of_node Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" Hans Verkuil <hverkuil(a)xs4all.nl> media: cx231xx: set device_caps for 417 Victor Lu <victorchengchi.lu(a)amd.com> drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c Matti Lehtimäki <matti.lehtimaki(a)gmail.com> remoteproc: qcom_wcnss: Handle platforms with only single power domain Choong Yong Liang <yong.liang.choong(a)linux.intel.com> net: phylink: use pl->link_interface in phylink_expects_phy() Matthew Wilcox (Oracle) <willy(a)infradead.org> orangefs: Do not truncate file size Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: prevent BUG_ON by blocking retries on failed device resumes Markus Elfring <elfring(a)users.sourceforge.net> media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() Svyatoslav Ryhel <clamor95(a)gmail.com> ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ieee802154: ca8210: Use proper setters and getters for bitwise types Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: ds1307: stop disabling alarms on probe Eric Dumazet <edumazet(a)google.com> tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Improve data consistency at polling Andreas Schwab <schwab(a)linux-m68k.org> powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lzo - Fix compression buffer overrun Aaron Kling <luceoscutum(a)gmail.com> cpufreq: tegra186: Share policy per cluster Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd/pgtbl_v2: Improve error handling Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Check for empty queue in run_queue Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: calculate the remain segments for all pipes Willem de Bruijn <willemb(a)google.com> ipv6: save dontfrag in cork Kurt Borja <kuurtb(a)gmail.com> hwmon: (dell-smm) Increment the number of fans Erick Shepherd <erick.shepherd(a)ni.com> mmc: sdhci: Disable SD card clock before changing parameters Kaustabh Chakraborty <kauschluss(a)disroot.org> mmc: dw_mmc: add exynos7870 DW MMC support Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Check PUD_TYPE_TABLE in pud_bad() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> netfilter: conntrack: Bound nf_conntrack sysctl writes Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> timer_list: Don't use %pK through printk() Eric Dumazet <edumazet(a)google.com> posix-timers: Add cond_resched() to posix_timer_add() search loop Maher Sanalla <msanalla(a)nvidia.com> RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() Baokun Li <libaokun1(a)huawei.com> ext4: reject the 'data_err=abort' option in nojournal mode Ryan Walklin <ryan(a)testtoast.com> ASoC: sun4i-codec: support hp-det-gpios property Prathamesh Shete <pshete(a)nvidia.com> pinctrl-tegra: Restore SFSEL bit when freeing pins Frediano Ziglio <frediano.ziglio(a)cloud.com> xen: Add support for XenServer 6.1 platform device Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: use the correct ndev to find pnetid by pnetid table Mikulas Patocka <mpatocka(a)redhat.com> dm: restrict dm device size to 2^63-512 bytes Shashank Gupta <shashankg(a)marvell.com> crypto: octeontx2 - suppress auth failure screaming due to negative tests Seyediman Seyedarab <imandevel(a)gmail.com> kbuild: fix argument parsing in scripts/config Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: rv3032: fix EERD location Ilpo Järvinen <ij(a)kernel.org> tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() Mykyta Yatsenko <yatsenko(a)meta.com> bpf: Return prog btf_id without capable check Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Handle INTx IRQ_NOTCONNECTED Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: ERASE does not change tape location Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Tighten the page format heuristics with MODE SELECT Christian Göttsche <cgzones(a)googlemail.com> ext4: reorder capability check last Tiwei Bie <tiwei.btw(a)antgroup.com> um: Update min_low_pfn to match changes in uml_reserved Benjamin Berg <benjamin(a)sipsolutions.net> um: Store full CSGSFS and SS register from mcontext Heming Zhao <heming.zhao(a)suse.com> dlm: make tcp still work in multi-link env Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing STOP for master request Jing Zhou <Jing.Zhou(a)amd.com> drm/amd/display: Guard against setting dispclk low for dcn31x Filipe Manana <fdmanana(a)suse.com> btrfs: send: return -ENAMETOOLONG when attempting a path that is too long Filipe Manana <fdmanana(a)suse.com> btrfs: get zone unusable bytes while holding lock at btrfs_reclaim_bgs_work() Filipe Manana <fdmanana(a)suse.com> btrfs: fix non-empty delayed iputs list on unmount due to async workers Qu Wenruo <wqu(a)suse.com> btrfs: run btrfs_error_commit_super() early Mark Harmstone <maharmstone(a)fb.com> btrfs: avoid linker error in btrfs_find_create_tree_block() Boris Burkov <boris(a)bur.io> btrfs: make btrfs_discard_workfn() block_group ref explicit Vitalii Mordan <mordan(a)ispras.ru> i2c: pxa: fix call balance of i2c->clk handling routines Stephan Gerhold <stephan.gerhold(a)kernkonzept.com> i2c: qup: Vote for interconnect bandwidth to DRAM Philip Redkin <me(a)rarity.fan> x86/mm: Check return value from memblock_phys_alloc_range() Erick Shepherd <erick.shepherd(a)ni.com> mmc: host: Wait for Vdd to settle on card power off Robert Richter <rrichter(a)amd.com> libnvdimm/labels: Fix divide error in nd_label_data_init() Roger Pau Monne <roger.pau(a)citrix.com> PCI: vmd: Disable MSI remapping bypass under Xen Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS/flexfiles: Report ENETDOWN as a connection error Ian Rogers <irogers(a)google.com> tools/build: Don't pass test log files to linker Frank Li <Frank.Li(a)nxp.com> PCI: dwc: ep: Ensure proper iteration over outbound map windows Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Properly disable uaccess validation Ryo Takakura <ryotkkr98(a)gmail.com> lockdep: Fix wait context check on softirq for PREEMPT_RT Jing Su <jingsusu(a)didiglobal.com> dql: Fix dql->limit value when reset. Alice Guo <alice.guo(a)nxp.com> thermal/drivers/qoriq: Power down TMU on system suspend Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpcbind should never reset the port to the value '0' Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpc_clnt_set_transport() must not change the autobind setting Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Treat ENETUNREACH errors as fatal for state recovery Pali Rohár <pali(a)kernel.org> cifs: Fix establishing NetBIOS session for SMB2+ connection Zsolt Kajtar <soci(a)c64.rulez.org> fbdev: core: tileblit: Implement missing margin clearing for tileblit Zsolt Kajtar <soci(a)c64.rulez.org> fbcon: Use correct erase colour for clearing in fbcon Shixiong Ou <oushixiong(a)kylinos.cn> fbdev: fsl-diu-fb: add missing device_remove_file() Tudor Ambarus <tudor.ambarus(a)linaro.org> mailbox: use error ret code of of_parse_phandle_with_args() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> tracing: Mark binary printing functions with __printf() attribute Jinqian Yang <yangjinqian1(a)huawei.com> arm64: Add support for HIP09 Spectre-BHB mitigation Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: Don't allow waiting for exiting tasks Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Don't allow waiting for exiting tasks Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() Matt Johnston <matt(a)codeconstruct.com.au> fuse: Return EPERM rather than ENOSYS from link() Pali Rohár <pali(a)kernel.org> cifs: Fix negotiate retry functionality Pali Rohár <pali(a)kernel.org> cifs: Fix querying and creating MF symlinks over SMB1 Pali Rohár <pali(a)kernel.org> cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES Anthony Krowiak <akrowiak(a)linux.ibm.com> s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log Daniel Gomez <da.gomez(a)samsung.com> kconfig: merge_config: use an empty file as initfile Haoran Jiang <jianghaoran(a)kylinos.cn> samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora Brandon Kammerdiener <brandon.kammerdiener(a)intel.com> bpf: fix possible endless loop in BPF map iteration Ihor Solodrai <ihor.solodrai(a)linux.dev> selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure Felix Kuehling <felix.kuehling(a)amd.com> drm/amdgpu: Allow P2P access through XGMI Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: refactor bulk flipping of RX buffers to separate function Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Add level check to control event logging gaoxu <gaoxu2(a)honor.com> cgroup: Fix compilation issue due to cgroup_mutex not being exported Marek Szyprowski <m.szyprowski(a)samsung.com> dma-mapping: avoid potential unused data compilation warning Zhongqiu Han <quic_zhonhan(a)quicinc.com> virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: iscsi: Fix timeout on deleted connection Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Move IRQ request in probe Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Add support to initialize the bus Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: pca953x: fix IRQ storm on system wake up Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Simplify code with cleanup helpers Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: pca953x: Add missing header(s) ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 2 + Documentation/driver-api/serial/driver.rst | 2 +- Documentation/hwmon/dell-smm-hwmon.rst | 14 +- Makefile | 16 +- arch/arm/boot/dts/tegra114.dtsi | 2 +- arch/arm/mach-at91/pm.c | 21 +- .../boot/dts/allwinner/sun50i-h6-beelink-gs1.dts | 38 +- .../boot/dts/allwinner/sun50i-h6-orangepi-3.dts | 14 +- .../boot/dts/allwinner/sun50i-h6-orangepi.dtsi | 22 +- arch/arm64/boot/dts/nvidia/tegra210-p2597.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/proton-pack.c | 1 + arch/mips/include/asm/ftrace.h | 16 + arch/mips/kernel/pm-cps.c | 30 +- arch/powerpc/kernel/prom_init.c | 4 +- arch/powerpc/perf/core-book3s.c | 20 + arch/powerpc/perf/isa207-common.c | 4 +- arch/um/Makefile | 1 + arch/um/kernel/mem.c | 1 + arch/x86/boot/genimage.sh | 5 +- arch/x86/events/amd/ibs.c | 3 +- arch/x86/include/asm/nmi.h | 2 + arch/x86/include/asm/perf_event.h | 1 + arch/x86/kernel/cpu/bugs.c | 10 +- arch/x86/kernel/nmi.c | 42 ++ arch/x86/kernel/reboot.c | 10 +- arch/x86/mm/init.c | 9 +- arch/x86/mm/init_64.c | 15 +- arch/x86/mm/kaslr.c | 10 +- arch/x86/um/os-Linux/mcontext.c | 3 +- crypto/algif_hash.c | 4 - crypto/lzo-rle.c | 2 +- crypto/lzo.c | 2 +- drivers/acpi/Kconfig | 2 +- drivers/acpi/hed.c | 7 +- drivers/auxdisplay/charlcd.c | 5 +- drivers/auxdisplay/charlcd.h | 5 +- drivers/auxdisplay/hd44780.c | 2 +- drivers/auxdisplay/lcd2s.c | 2 +- drivers/auxdisplay/panel.c | 2 +- drivers/clk/imx/clk-imx8mp.c | 151 ++++ drivers/clk/qcom/camcc-sm8250.c | 56 +- drivers/clk/qcom/clk-alpha-pll.c | 52 +- drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 42 +- drivers/clk/sunxi-ng/ccu_mp.h | 22 + drivers/clocksource/mips-gic-timer.c | 6 +- drivers/cpufreq/tegra186-cpufreq.c | 7 + drivers/cpuidle/governors/menu.c | 13 +- .../crypto/marvell/octeontx2/otx2_cptvf_reqmgr.c | 7 +- drivers/dma/idxd/cdev.c | 128 +++- drivers/dma/idxd/idxd.h | 7 + drivers/dma/idxd/init.c | 2 + drivers/dma/idxd/sysfs.c | 1 + drivers/edac/ie31200_edac.c | 28 +- drivers/firmware/arm_ffa/bus.c | 1 + drivers/fpga/altera-cvp.c | 2 +- drivers/gpio/gpio-pca953x.c | 114 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 7 +- drivers/gpu/drm/amd/amdgpu/gfxhub_v1_0.c | 10 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 16 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 +- .../amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 20 +- .../amd/display/dc/clk_mgr/dcn316/dcn316_clk_mgr.c | 13 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_dpp.c | 11 +- .../drm/amd/display/dc/dcn315/dcn315_resource.c | 40 +- drivers/gpu/drm/ast/ast_mode.c | 10 +- drivers/gpu/drm/drm_atomic_helper.c | 28 + drivers/gpu/drm/drm_edid.c | 1 + drivers/gpu/drm/mediatek/mtk_dpi.c | 5 +- drivers/gpu/drm/panel/panel-edp.c | 1 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 6 +- drivers/hid/hid-ids.h | 4 + drivers/hid/hid-quirks.c | 2 + drivers/hid/usbhid/usbkbd.c | 2 +- drivers/hwmon/dell-smm-hwmon.c | 5 +- drivers/hwmon/gpio-fan.c | 16 +- drivers/hwmon/xgene-hwmon.c | 2 +- drivers/i2c/busses/i2c-pxa.c | 5 +- drivers/i2c/busses/i2c-qup.c | 36 + drivers/i3c/master/svc-i3c-master.c | 4 + drivers/infiniband/core/umem.c | 36 +- drivers/infiniband/core/uverbs_cmd.c | 144 ++-- drivers/infiniband/core/verbs.c | 11 +- drivers/iommu/amd/io_pgtable_v2.c | 2 +- drivers/iommu/dma-iommu.c | 28 +- drivers/leds/rgb/leds-pwm-multicolor.c | 5 +- drivers/mailbox/mailbox.c | 7 +- drivers/md/dm-cache-target.c | 24 + drivers/md/dm-table.c | 4 + drivers/md/dm.c | 8 +- drivers/media/i2c/adv7180.c | 34 +- drivers/media/platform/qcom/camss/camss-csid.c | 64 +- .../platform/st/sti/c8sectpfe/c8sectpfe-core.c | 3 +- .../media/test-drivers/vivid/vivid-kthread-cap.c | 11 +- .../media/test-drivers/vivid/vivid-kthread-out.c | 11 +- .../media/test-drivers/vivid/vivid-kthread-touch.c | 11 +- drivers/media/test-drivers/vivid/vivid-sdr-cap.c | 11 +- drivers/media/usb/cx231xx/cx231xx-417.c | 2 + drivers/media/usb/uvc/uvc_v4l2.c | 6 + drivers/mmc/host/dw_mmc-exynos.c | 41 +- drivers/mmc/host/sdhci-pci-core.c | 6 +- drivers/mmc/host/sdhci.c | 9 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/can/c_can/c_can_platform.c | 2 +- drivers/net/can/slcan/slcan-core.c | 26 +- drivers/net/ethernet/apm/xgene-v2/main.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc.c | 16 +- drivers/net/ethernet/intel/ice/ice_ethtool.c | 3 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 1 - drivers/net/ethernet/marvell/octeontx2/Kconfig | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_cn10k.c | 24 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 11 +- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 6 +- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.h | 2 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 130 ++-- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 9 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 18 +- .../net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 49 +- .../net/ethernet/marvell/octeontx2/nic/otx2_txrx.h | 7 +- .../net/ethernet/marvell/octeontx2/nic/qos_sq.c | 2 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 22 +- drivers/net/ethernet/mellanox/mlx4/alloc.c | 6 +- drivers/net/ethernet/mellanox/mlx4/en_tx.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 5 + .../net/ethernet/mellanox/mlx5/core/en_selftest.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/events.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/health.c | 1 + drivers/net/ethernet/microchip/lan743x_main.c | 19 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/ethernet/ti/cpsw_new.c | 1 + drivers/net/ieee802154/ca8210.c | 9 +- drivers/net/phy/phylink.c | 2 +- drivers/net/usb/r8152.c | 1 + drivers/net/vxlan/vxlan_core.c | 36 +- drivers/net/wireless/ath/ath9k/init.c | 4 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 2 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 17 +- drivers/net/wireless/realtek/rtw88/main.c | 40 +- drivers/net/wireless/realtek/rtw88/reg.h | 3 +- drivers/net/wireless/realtek/rtw88/rtw8822b.c | 14 +- drivers/net/wireless/realtek/rtw88/util.c | 3 +- drivers/net/wireless/realtek/rtw89/fw.c | 2 - drivers/net/wireless/realtek/rtw89/regd.c | 2 + drivers/net/wireless/realtek/rtw89/ser.c | 4 + drivers/nvdimm/label.c | 3 +- drivers/nvme/host/pci.c | 2 + drivers/nvme/target/tcp.c | 3 + drivers/pci/Kconfig | 6 + drivers/pci/controller/dwc/pcie-designware-ep.c | 2 +- drivers/pci/controller/pcie-brcmstb.c | 5 +- drivers/pci/controller/vmd.c | 20 + drivers/pci/setup-bus.c | 6 +- drivers/perf/arm-cmn.c | 10 +- drivers/phy/phy-core.c | 7 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 143 ++-- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 44 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/meson/pinctrl-meson.c | 2 +- drivers/pinctrl/tegra/pinctrl-tegra.c | 59 +- drivers/pinctrl/tegra/pinctrl-tegra.h | 6 + .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 2 +- drivers/platform/x86/fujitsu-laptop.c | 33 +- drivers/platform/x86/thinkpad_acpi.c | 7 + drivers/regulator/ad5398.c | 12 +- drivers/remoteproc/qcom_wcnss.c | 34 +- drivers/rtc/rtc-ds1307.c | 4 +- drivers/rtc/rtc-rv3032.c | 2 +- drivers/s390/crypto/vfio_ap_ops.c | 72 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 17 +- drivers/scsi/lpfc/lpfc_init.c | 2 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 3 + drivers/scsi/mpt3sas/mpt3sas_ctl.c | 12 +- drivers/scsi/st.c | 29 +- drivers/scsi/st.h | 2 + drivers/soc/apple/rtkit-internal.h | 1 + drivers/soc/apple/rtkit.c | 58 +- drivers/soc/imx/gpcv2.c | 2 +- drivers/soc/ti/k3-socinfo.c | 13 +- drivers/spi/spi-fsl-dspi.c | 46 +- drivers/spi/spi-sun4i.c | 5 +- drivers/spi/spi-zynqmp-gqspi.c | 22 +- drivers/target/iscsi/iscsi_target.c | 2 +- drivers/thermal/qoriq_thermal.c | 13 + drivers/thunderbolt/retimer.c | 8 +- drivers/tty/serial/8250/8250_port.c | 2 +- drivers/tty/serial/atmel_serial.c | 2 +- drivers/tty/serial/imx.c | 2 +- drivers/tty/serial/serial_mctrl_gpio.c | 34 +- drivers/tty/serial/serial_mctrl_gpio.h | 17 +- drivers/tty/serial/sh-sci.c | 98 ++- drivers/tty/serial/stm32-usart.c | 2 +- drivers/vfio/pci/vfio_pci_config.c | 3 +- drivers/vfio/pci/vfio_pci_core.c | 10 +- drivers/vfio/pci/vfio_pci_intrs.c | 2 +- drivers/video/fbdev/core/bitblit.c | 5 +- drivers/video/fbdev/core/fbcon.c | 10 +- drivers/video/fbdev/core/fbcon.h | 38 +- drivers/video/fbdev/core/fbcon_ccw.c | 5 +- drivers/video/fbdev/core/fbcon_cw.c | 5 +- drivers/video/fbdev/core/fbcon_ud.c | 5 +- drivers/video/fbdev/core/tileblit.c | 45 +- drivers/video/fbdev/fsl-diu-fb.c | 1 + drivers/virtio/virtio_ring.c | 2 +- drivers/xen/platform-pci.c | 4 + drivers/xen/xenbus/xenbus_probe.c | 14 +- fs/btrfs/block-group.c | 18 +- fs/btrfs/discard.c | 34 +- fs/btrfs/disk-io.c | 28 +- fs/btrfs/extent_io.c | 7 +- fs/btrfs/relocation.c | 6 + fs/btrfs/send.c | 6 +- fs/coredump.c | 81 ++- fs/dlm/lowcomms.c | 4 +- fs/ext4/balloc.c | 4 +- fs/ext4/super.c | 12 + fs/fuse/dir.c | 2 + fs/gfs2/glock.c | 11 +- fs/namespace.c | 6 +- fs/nfs/client.c | 2 + fs/nfs/delegation.c | 3 +- fs/nfs/dir.c | 15 +- fs/nfs/filelayout/filelayoutdev.c | 6 +- fs/nfs/flexfilelayout/flexfilelayout.c | 1 + fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 +- fs/nfs/inode.c | 2 + fs/nfs/internal.h | 5 + fs/nfs/nfs3proc.c | 2 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/nfs4state.c | 10 +- fs/nfs/pnfs.h | 4 +- fs/nfs/pnfs_nfs.c | 9 +- fs/orangefs/inode.c | 7 +- fs/smb/client/cifsproto.h | 3 + fs/smb/client/connect.c | 30 +- fs/smb/client/link.c | 8 +- fs/smb/client/readdir.c | 7 +- fs/smb/client/smb1ops.c | 7 - fs/smb/client/smb2file.c | 11 +- fs/smb/client/smb2ops.c | 3 - fs/smb/client/transport.c | 2 +- fs/smb/server/vfs.c | 14 +- include/drm/drm_atomic.h | 23 +- include/linux/coredump.h | 1 + include/linux/dma-mapping.h | 12 +- include/linux/hrtimer.h | 1 + include/linux/ipv6.h | 1 + include/linux/lzo.h | 8 + include/linux/mlx4/device.h | 2 +- include/linux/msi.h | 33 +- include/linux/nfs_fs_sb.h | 12 +- include/linux/perf_event.h | 8 +- include/linux/pid.h | 1 + include/linux/rcupdate.h | 2 +- include/linux/rcutree.h | 2 +- include/linux/trace.h | 4 +- include/linux/trace_seq.h | 8 +- include/linux/usb/r8152.h | 1 + include/net/af_unix.h | 48 +- include/net/scm.h | 11 + include/net/xfrm.h | 1 - include/rdma/uverbs_std_types.h | 2 +- include/sound/hda_codec.h | 1 + include/sound/pcm.h | 2 + include/trace/events/btrfs.h | 2 +- io_uring/fdinfo.c | 4 +- io_uring/io_uring.c | 1 + kernel/bpf/hashtab.c | 2 +- kernel/bpf/syscall.c | 4 +- kernel/cgroup/cgroup.c | 2 +- kernel/events/core.c | 33 +- kernel/events/hw_breakpoint.c | 5 +- kernel/events/ring_buffer.c | 1 + kernel/fork.c | 98 ++- kernel/padata.c | 3 +- kernel/pid.c | 19 +- kernel/rcu/tree_plugin.h | 22 +- kernel/softirq.c | 18 + kernel/time/hrtimer.c | 103 ++- kernel/time/posix-timers.c | 1 + kernel/time/timer_list.c | 4 +- kernel/trace/trace.c | 11 +- kernel/trace/trace.h | 16 +- lib/dynamic_queue_limits.c | 2 +- lib/lzo/Makefile | 2 +- lib/lzo/lzo1x_compress.c | 102 ++- lib/lzo/lzo1x_compress_safe.c | 18 + mm/memcontrol.c | 6 +- mm/page_alloc.c | 8 + net/Makefile | 2 +- net/bluetooth/l2cap_core.c | 15 +- net/bridge/br_nf_core.c | 7 +- net/bridge/br_private.h | 1 + net/can/bcm.c | 79 ++- net/core/pktgen.c | 13 +- net/core/scm.c | 17 + net/ipv4/esp4.c | 49 +- net/ipv4/fib_frontend.c | 18 +- net/ipv4/fib_rules.c | 4 +- net/ipv4/fib_trie.c | 22 - net/ipv4/inet_hashtables.c | 37 +- net/ipv4/tcp_input.c | 56 +- net/ipv6/esp6.c | 49 +- net/ipv6/fib6_rules.c | 4 +- net/ipv6/ip6_output.c | 9 +- net/llc/af_llc.c | 8 +- net/mac80211/mlme.c | 4 +- net/netfilter/nf_conntrack_standalone.c | 12 +- net/sched/sch_hfsc.c | 15 +- net/smc/smc_pnet.c | 8 +- net/sunrpc/clnt.c | 3 - net/sunrpc/rpcb_clnt.c | 5 +- net/sunrpc/sched.c | 2 + net/tipc/crypto.c | 5 + net/unix/Kconfig | 11 +- net/unix/Makefile | 2 - net/unix/af_unix.c | 120 ++-- net/unix/garbage.c | 779 ++++++++++++++------- net/unix/scm.c | 154 ---- net/unix/scm.h | 10 - net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_state.c | 6 +- samples/bpf/Makefile | 2 +- scripts/config | 26 +- scripts/kconfig/merge_config.sh | 4 +- security/smack/smackfs.c | 4 + sound/core/oss/pcm_oss.c | 3 +- sound/core/pcm_native.c | 11 + sound/core/seq/seq_clientmgr.c | 5 +- sound/core/seq/seq_memory.c | 1 + sound/pci/hda/hda_beep.c | 15 +- sound/pci/hda/patch_realtek.c | 77 +- sound/soc/codecs/mt6359-accdet.h | 9 + sound/soc/codecs/pcm3168a.c | 6 +- sound/soc/codecs/tas2764.c | 53 +- sound/soc/fsl/imx-card.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 13 + sound/soc/qcom/sm8250.c | 3 + sound/soc/soc-dai.c | 8 +- sound/soc/soc-ops.c | 29 +- sound/soc/sunxi/sun4i-codec.c | 53 ++ tools/bpf/bpftool/common.c | 3 +- tools/build/Makefile.build | 6 +- tools/lib/bpf/libbpf.c | 2 +- tools/objtool/check.c | 11 +- tools/testing/kunit/qemu_configs/x86_64.py | 4 +- .../selftests/bpf/prog_tests/sockmap_ktls.c | 1 - tools/testing/selftests/net/gro.sh | 3 +- 354 files changed, 4230 insertions(+), 2032 deletions(-)

3 months, 2 weeks

11
335
0 0

[PATCH 5.15 000/207] 5.15.185-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.185 release. There are 207 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 04 Jun 2025 13:42:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.185-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.185-rc1 Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Initialise cmn->cpu earlier Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: thinkpad_acpi: Ignore battery threshold change event notification Valtteri Koskivuori <vkoskiv(a)gmail.com> platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Ilya Guterman <amfernusus(a)gmail.com> nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro Alessandro Grassi <alessandro.grassi(a)mailbox.org> spi: spi-sun4i: fix early activation Masahiro Yamada <masahiroy(a)kernel.org> um: let 'make clean' properly clean underlying SUBARCH as well John Chau <johnchau(a)0atlas.com> platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS Jeff Layton <jlayton(a)kernel.org> nfs: don't share pNFS DS connections between net namespaces Milton Barrera <miltonjosue2001(a)gmail.com> HID: quirks: Add ADATA XPG alpha wireless mouse support Christian Brauner <brauner(a)kernel.org> coredump: hand a pidfd to the usermode coredump helper Christian Brauner <brauner(a)kernel.org> fork: use pidfd_prepare() Christian Brauner <brauner(a)kernel.org> pid: add pidfd_prepare() Christian Brauner <brauner(a)kernel.org> coredump: fix error handling for replace_fd() Pedro Tammela <pctammela(a)mojatatu.com> net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Alok Tiwari <alok.a.tiwari(a)oracle.com> arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Reset all search buffer pointers when releasing buffer Wang Zhaolong <wangzhaolong1(a)huawei.com> smb: client: Fix use-after-free in cifs_fill_dirent Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Fix undefined reference to cpu_wants_rethunk_at() Jani Nikula <jani.nikula(a)intel.com> drm/i915/gvt: fix unterminated-string-initialization warning Juergen Gross <jgross(a)suse.com> xen/swiotlb: relax alignment requirements Nathan Chancellor <nathan(a)kernel.org> i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: Reset SR flags before sending a new message Bogdan-Gabriel Roman <bogdan-gabriel.roman(a)nxp.com> spi: spi-fsl-dspi: Halt the module after a new message transfer Larisa Grigore <larisa.grigore(a)nxp.com> spi: spi-fsl-dspi: restrict register range for regmap access Jernej Skrabec <jernej.skrabec(a)gmail.com> Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection" Tianyang Zhang <zhangtianyang(a)loongson.cn> mm/page_alloc.c: avoid infinite retries caused by cpuset race Breno Leitao <leitao(a)debian.org> memcg: always call cond_resched() after fn() Mario Limonciello <mario.limonciello(a)amd.com> Revert "drm/amd: Keep display off while going into S4" feijuan.li <feijuan.li(a)samsung.com> drm/edid: fixed the bug that hdr metadata was not reset Vladimir Moskovkin <Vladimir.Moskovkin(a)kaspersky.com> platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() Ilia Gavrilov <Ilia.Gavrilov(a)infotecs.ru> llc: fix data loss when reading from a socket in llc_ui_recvmsg() Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Fix race of buffer access at PCM OSS layer Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add missing rcu read protection for procfs content Oliver Hartkopp <socketcan(a)hartkopp.net> can: bcm: add locking for bcm_op runtime updates Dominik Grzegorzek <dominik.grzegorzek(a)oracle.com> padata: do not leak refcount in reorder_work Ivan Pravdin <ipravdin.official(a)gmail.com> crypto: algif_hash - fix double free in hash_accept Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-af: Set LMT_ENA bit for APR table entries Wang Liang <wangliang74(a)huawei.com> net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() Paul Kocialkowski <paulk(a)sys-base.io> net: dwmac-sun8i: Use parsed internal PHY address instead of 1 Ido Schimmel <idosch(a)nvidia.com> bridge: netfilter: Fix forwarding of fragmented packets Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not checking l2cap_chan security level Paul Chaignon <paul.chaignon(a)gmail.com> xfrm: Sanitize marks before insert Matti Lehtimäki <matti.lehtimaki(a)gmail.com> remoteproc: qcom_wcnss: Fix on platforms without fallback regulators Al Viro <viro(a)zeniv.linux.org.uk> __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock Jason Andryuk <jason.andryuk(a)amd.com> xenbus: Allow PVH dom0 a non-local xenstore Goldwyn Rodrigues <rgoldwyn(a)suse.de> btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref Alistair Francis <alistair.francis(a)wdc.com> nvmet-tcp: don't restore null sk_state_change Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> pinctrl: meson: define the pull up/down resistor value as 60 kOhm Chenyuan Yang <chenyuan0y(a)gmail.com> ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() Jessica Zhang <quic_jesszhan(a)quicinc.com> drm: Add valid clones check Simona Vetter <simona.vetter(a)ffwll.ch> drm/atomic: clarify the rules around drm_atomic_state->allow_modeset Rosen Penev <rosenp(a)gmail.com> wifi: ath9k: return by of_get_mac_address Isaac Scott <isaac.scott(a)ideasonboard.com> regulator: ad5398: Add device tree support Sean Anderson <sean.anderson(a)linux.dev> spi: zynqmp-gqspi: Always acknowledge interrupts Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate Ravi Bangoria <ravi.bangoria(a)amd.com> perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt Viktor Malik <vmalik(a)redhat.com> bpftool: Fix readlink usage in get_fd_type Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Find VBIOS mode from regular display size junan <junan76(a)163.com> HID: usbkbd: Fix the bit shift number for LED_KANA Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Restore some drive settings after reset Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine Konstantin Taranov <kotaranov(a)microsoft.com> net/mana: fix warning in the writer of client oob Ankur Arora <ankur.a.arora(a)oracle.com> rcu: fix header guard for rcu_all_qs() Ankur Arora <ankur.a.arora(a)oracle.com> rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't scan PHY addresses > 0 Ido Schimmel <idosch(a)nvidia.com> vxlan: Annotate FDB data races Depeng Shao <quic_depengs(a)quicinc.com> media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available Andrey Vatoropin <a.vatoropin(a)crpt.ru> hwmon: (xgene-hwmon) use appropriate type for the latency value Jordan Crouse <jorcrous(a)amazon.com> clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix download_firmware_validate() for RTL8814AU Aleksander Jan Bajkowski <olek2(a)wp.pl> r8152: add vendor/device ID pair for Dell Alienware AW1022z Kuniyuki Iwashima <kuniyu(a)amazon.com> ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> arch/powerpc/perf: Check the instruction type before creating sample with perf_mem_data_src Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove misplaced drv_mgd_complete_tx() call Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't unconditionally call drv_mgd_complete_tx() William Tu <witu(a)nvidia.com> net/mlx5e: reduce rep rxq depth to 256 for ECPF William Tu <witu(a)nvidia.com> net/mlx5e: set the tx_queue_len for pfifo_fast Alexei Lazar <alazar(a)nvidia.com> net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Initial psr_version with correct setting Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: reset psp->cmd to NULL after releasing the buffer Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> phy: core: don't require set_mode() callback for phy_get_mode() to work Kees Cook <kees(a)kernel.org> net/mlx4_core: Avoid impossible mlx4_db_alloc() order value Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: Memset argument to 0 before calling get_mbus_config pad op Konstantin Andreev <andreev(a)swemel.ru> smack: recognize ipv4 CIPSO w/o categories Valentin Caron <valentin.caron(a)foss.st.com> pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Power up/down amp on mute ops Martin Povišer <povik+lin(a)cutebit.org> ASoC: ops: Enforce platform maximum on initial value Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Apply rate-limiting to high temperature warning Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Modify LSB bitmask in temperature event to include only the first bit Xiaofei Tan <tanxiaofei(a)huawei.com> ACPI: HED: Always initialize before evged Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix old_size lower bound in calculate_iosize() too Jakub Kicinski <kuba(a)kernel.org> eth: mlx4: don't try to complete XDP frames in netpoll Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> can: c_can: Use of_property_present() to test existence of DT property Michael Margolin <mrgolin(a)amazon.com> RDMA/core: Fix best page size finding when it can cross SG entries Arnd Bergmann <arnd(a)arndb.de> EDAC/ie31200: work around false positive build warning Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: mpt3sas: Send a diag reset if target reset fails Paul Burton <paulburton(a)kernel.org> clocksource: mips-gic-timer: Enable counter when CPUs start Paul Burton <paulburton(a)kernel.org> MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core Bibo Mao <maobibo(a)loongson.cn> MIPS: Use arch specific syscall name match function Balbir Singh <balbirs(a)nvidia.com> x86/kaslr: Reduce KASLR entropy on most x86 systems Nandakumar Edamana <nandakumar(a)nandakumar.co.in> libbpf: Fix out-of-bound read Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: menu: Avoid discarding useful information Waiman Long <longman(a)redhat.com> x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: handle max_downscale_src_width fail check Nir Lichtman <nir(a)lichtman.org> x86/build: Fix broken copy command in genimage.sh when making isoimage Andrew Davis <afd(a)ti.com> soc: ti: k3-socinfo: Do not use syscon helper to build regmap Hangbin Liu <liuhangbin(a)gmail.com> bonding: report duplicate MAC address in all situations Arnd Bergmann <arnd(a)arndb.de> net: xgene-v2: remove incorrect ACPI_PTR annotation Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: KFD release_work possible circular locking Kevin Krakauer <krakauer(a)google.com> selftests/net: have `gro.sh -t` return a correct exit code Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Avoid report two health errors on same syndrome Viresh Kumar <viresh.kumar(a)linaro.org> firmware: arm_ffa: Set dma_mask for ffa devices Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Add a softdep to MIP MSI-X driver Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Expand inbound window size up to 64GB Kuhanh Murugasen Krishnan <kuhanh.murugasen.krishnan(a)intel.com> fpga: altera-cvp: Increase credit timeout AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence Li Bin <bin.li(a)microchip.com> ARM: at91: pm: fix at91_suspend_finish for ZQ calibration Alexander Stein <alexander.stein(a)ew.tq-group.com> hwmon: (gpio-fan) Add missing mutex locks Breno Leitao <leitao(a)debian.org> x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 Ahmad Fatoum <a.fatoum(a)pengutronix.de> clk: imx8mp: inform CCF of maximum frequency of clocks Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). Peter Seiderer <ps.report(a)gmx.net> net: pktgen: fix mpls maximum labels list parsing Alexander Sverdlin <alexander.sverdlin(a)siemens.com> net: ethernet: ti: cpsw_new: populate netdev of_node Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" Hans Verkuil <hverkuil(a)xs4all.nl> media: cx231xx: set device_caps for 417 Victor Lu <victorchengchi.lu(a)amd.com> drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c Matti Lehtimäki <matti.lehtimaki(a)gmail.com> remoteproc: qcom_wcnss: Handle platforms with only single power domain Matthew Wilcox (Oracle) <willy(a)infradead.org> orangefs: Do not truncate file size Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: prevent BUG_ON by blocking retries on failed device resumes Markus Elfring <elfring(a)users.sourceforge.net> media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() Svyatoslav Ryhel <clamor95(a)gmail.com> ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ieee802154: ca8210: Use proper setters and getters for bitwise types Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: ds1307: stop disabling alarms on probe Eric Dumazet <edumazet(a)google.com> tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() Andreas Schwab <schwab(a)linux-m68k.org> powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lzo - Fix compression buffer overrun Aaron Kling <luceoscutum(a)gmail.com> cpufreq: tegra186: Share policy per cluster Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common" Willem de Bruijn <willemb(a)google.com> ipv6: save dontfrag in cork Erick Shepherd <erick.shepherd(a)ni.com> mmc: sdhci: Disable SD card clock before changing parameters Ryan Roberts <ryan.roberts(a)arm.com> arm64/mm: Check PUD_TYPE_TABLE in pud_bad() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> netfilter: conntrack: Bound nf_conntrack sysctl writes Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> timer_list: Don't use %pK through printk() Eric Dumazet <edumazet(a)google.com> posix-timers: Add cond_resched() to posix_timer_add() search loop Maher Sanalla <msanalla(a)nvidia.com> RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() Frediano Ziglio <frediano.ziglio(a)cloud.com> xen: Add support for XenServer 6.1 platform device Mikulas Patocka <mpatocka(a)redhat.com> dm: restrict dm device size to 2^63-512 bytes Shashank Gupta <shashankg(a)marvell.com> crypto: octeontx2 - suppress auth failure screaming due to negative tests Seyediman Seyedarab <imandevel(a)gmail.com> kbuild: fix argument parsing in scripts/config Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect Alexandre Belloni <alexandre.belloni(a)bootlin.com> rtc: rv3032: fix EERD location Ilpo Järvinen <ij(a)kernel.org> tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Handle INTx IRQ_NOTCONNECTED Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: ERASE does not change tape location Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Tighten the page format heuristics with MODE SELECT Christian Göttsche <cgzones(a)googlemail.com> ext4: reorder capability check last Tiwei Bie <tiwei.btw(a)antgroup.com> um: Update min_low_pfn to match changes in uml_reserved Benjamin Berg <benjamin(a)sipsolutions.net> um: Store full CSGSFS and SS register from mcontext Nick Hu <nick.hu(a)sifive.com> clocksource/drivers/timer-riscv: Stop stimecmp when cpu hotplug Heming Zhao <heming.zhao(a)suse.com> dlm: make tcp still work in multi-link env Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Fix missing STOP for master request Filipe Manana <fdmanana(a)suse.com> btrfs: send: return -ENAMETOOLONG when attempting a path that is too long Filipe Manana <fdmanana(a)suse.com> btrfs: get zone unusable bytes while holding lock at btrfs_reclaim_bgs_work() Mark Harmstone <maharmstone(a)fb.com> btrfs: avoid linker error in btrfs_find_create_tree_block() Boris Burkov <boris(a)bur.io> btrfs: make btrfs_discard_workfn() block_group ref explicit Vitalii Mordan <mordan(a)ispras.ru> i2c: pxa: fix call balance of i2c->clk handling routines Stephan Gerhold <stephan.gerhold(a)kernkonzept.com> i2c: qup: Vote for interconnect bandwidth to DRAM Felix Fietkau <nbd(a)nbd.name> wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 Erick Shepherd <erick.shepherd(a)ni.com> mmc: host: Wait for Vdd to settle on card power off Robert Richter <rrichter(a)amd.com> libnvdimm/labels: Fix divide error in nd_label_data_init() Roger Pau Monne <roger.pau(a)citrix.com> PCI: vmd: Disable MSI remapping bypass under Xen Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS/flexfiles: Report ENETDOWN as a connection error Ian Rogers <irogers(a)google.com> tools/build: Don't pass test log files to linker Frank Li <Frank.Li(a)nxp.com> PCI: dwc: ep: Ensure proper iteration over outbound map windows Ryo Takakura <ryotkkr98(a)gmail.com> lockdep: Fix wait context check on softirq for PREEMPT_RT Jing Su <jingsusu(a)didiglobal.com> dql: Fix dql->limit value when reset. Alice Guo <alice.guo(a)nxp.com> thermal/drivers/qoriq: Power down TMU on system suspend Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpcbind should never reset the port to the value '0' Trond Myklebust <trond.myklebust(a)hammerspace.com> SUNRPC: rpc_clnt_set_transport() must not change the autobind setting Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Treat ENETUNREACH errors as fatal for state recovery Zsolt Kajtar <soci(a)c64.rulez.org> fbdev: core: tileblit: Implement missing margin clearing for tileblit Zsolt Kajtar <soci(a)c64.rulez.org> fbcon: Use correct erase colour for clearing in fbcon Shixiong Ou <oushixiong(a)kylinos.cn> fbdev: fsl-diu-fb: add missing device_remove_file() Tudor Ambarus <tudor.ambarus(a)linaro.org> mailbox: use error ret code of of_parse_phandle_with_args() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> tracing: Mark binary printing functions with __printf() attribute Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() Daniel Gomez <da.gomez(a)samsung.com> kconfig: merge_config: use an empty file as initfile Haoran Jiang <jianghaoran(a)kylinos.cn> samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora Brandon Kammerdiener <brandon.kammerdiener(a)intel.com> bpf: fix possible endless loop in BPF map iteration Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: refactor bulk flipping of RX buffers to separate function gaoxu <gaoxu2(a)honor.com> cgroup: Fix compilation issue due to cgroup_mutex not being exported Marek Szyprowski <m.szyprowski(a)samsung.com> dma-mapping: avoid potential unused data compilation warning Zhongqiu Han <quic_zhonhan(a)quicinc.com> virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN Dmitry Bogdanov <d.bogdanov(a)yadro.com> scsi: target: iscsi: Fix timeout on deleted connection ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 2 + Makefile | 16 ++- arch/arm/boot/dts/tegra114.dtsi | 2 +- arch/arm/mach-at91/pm.c | 21 +-- .../boot/dts/allwinner/sun50i-h6-beelink-gs1.dts | 38 +++--- .../boot/dts/allwinner/sun50i-h6-orangepi-3.dts | 14 +- .../boot/dts/allwinner/sun50i-h6-orangepi.dtsi | 22 +-- arch/arm64/boot/dts/nvidia/tegra210-p2597.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/include/asm/pgtable.h | 3 +- arch/mips/include/asm/ftrace.h | 16 +++ arch/mips/kernel/pm-cps.c | 30 ++-- arch/powerpc/kernel/prom_init.c | 4 +- arch/powerpc/perf/core-book3s.c | 20 +++ arch/powerpc/perf/isa207-common.c | 4 +- arch/um/Makefile | 1 + arch/um/kernel/mem.c | 1 + arch/x86/boot/genimage.sh | 5 +- arch/x86/events/amd/ibs.c | 3 +- arch/x86/include/asm/alternative.h | 2 +- arch/x86/include/asm/nmi.h | 2 + arch/x86/include/asm/perf_event.h | 1 + arch/x86/kernel/cpu/bugs.c | 10 +- arch/x86/kernel/nmi.c | 42 ++++++ arch/x86/kernel/reboot.c | 10 +- arch/x86/mm/kaslr.c | 10 +- arch/x86/um/os-Linux/mcontext.c | 3 +- crypto/algif_hash.c | 4 - crypto/lzo-rle.c | 2 +- crypto/lzo.c | 2 +- drivers/acpi/Kconfig | 2 +- drivers/acpi/hed.c | 7 +- drivers/auxdisplay/charlcd.c | 5 +- drivers/auxdisplay/charlcd.h | 5 +- drivers/auxdisplay/hd44780.c | 2 +- drivers/auxdisplay/lcd2s.c | 2 +- drivers/auxdisplay/panel.c | 2 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/clk/imx/clk-imx8mp.c | 151 +++++++++++++++++++++ drivers/clk/qcom/camcc-sm8250.c | 56 ++++---- drivers/clocksource/mips-gic-timer.c | 6 +- drivers/clocksource/timer-riscv.c | 6 + drivers/cpufreq/tegra186-cpufreq.c | 7 + drivers/cpuidle/governors/menu.c | 13 +- .../crypto/marvell/octeontx2/otx2_cptvf_reqmgr.c | 7 +- drivers/edac/ie31200_edac.c | 28 ++-- drivers/firmware/arm_ffa/bus.c | 1 + drivers/fpga/altera-cvp.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 5 +- drivers/gpu/drm/amd/amdgpu/gfxhub_v1_0.c | 10 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 16 +-- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 - drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_dpp.c | 11 +- drivers/gpu/drm/ast/ast_mode.c | 10 +- drivers/gpu/drm/drm_atomic_helper.c | 28 ++++ drivers/gpu/drm/drm_edid.c | 1 + drivers/gpu/drm/i915/gvt/opregion.c | 8 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 5 +- drivers/hid/hid-ids.h | 4 + drivers/hid/hid-quirks.c | 2 + drivers/hid/usbhid/usbkbd.c | 2 +- drivers/hwmon/gpio-fan.c | 16 ++- drivers/hwmon/xgene-hwmon.c | 2 +- drivers/i2c/busses/i2c-pxa.c | 5 +- drivers/i2c/busses/i2c-qup.c | 36 +++++ drivers/i3c/master/svc-i3c-master.c | 2 + drivers/infiniband/core/umem.c | 36 +++-- drivers/infiniband/core/uverbs_cmd.c | 144 ++++++++++---------- drivers/infiniband/core/verbs.c | 11 +- drivers/mailbox/mailbox.c | 7 +- drivers/md/dm-cache-target.c | 24 ++++ drivers/md/dm-table.c | 4 + drivers/media/platform/qcom/camss/camss-csid.c | 64 +++++---- .../media/platform/sti/c8sectpfe/c8sectpfe-core.c | 3 +- drivers/media/usb/cx231xx/cx231xx-417.c | 2 + drivers/media/usb/uvc/uvc_v4l2.c | 6 + drivers/media/v4l2-core/v4l2-subdev.c | 2 + drivers/mmc/host/sdhci-pci-core.c | 6 +- drivers/mmc/host/sdhci.c | 9 +- drivers/net/bonding/bond_main.c | 2 +- drivers/net/can/c_can/c_can_platform.c | 2 +- drivers/net/ethernet/apm/xgene-v2/main.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc.c | 16 ++- .../net/ethernet/marvell/octeontx2/af/rvu_cn10k.c | 15 +- drivers/net/ethernet/mellanox/mlx4/alloc.c | 6 +- drivers/net/ethernet/mellanox/mlx4/en_tx.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 5 + .../net/ethernet/mellanox/mlx5/core/en_selftest.c | 3 + drivers/net/ethernet/mellanox/mlx5/core/events.c | 11 +- drivers/net/ethernet/mellanox/mlx5/core/health.c | 1 + drivers/net/ethernet/microsoft/mana/gdma_main.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 1 + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 +- drivers/net/ethernet/ti/cpsw_new.c | 1 + drivers/net/ieee802154/ca8210.c | 9 +- drivers/net/usb/r8152.c | 1 + drivers/net/vxlan/vxlan_core.c | 18 +-- drivers/net/wireless/ath/ath9k/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt76.h | 1 + drivers/net/wireless/mediatek/mt76/mt76x0/pci.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x0/usb.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x2/pci.c | 3 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 3 +- drivers/net/wireless/mediatek/mt76/tx.c | 3 +- drivers/net/wireless/realtek/rtw88/main.c | 40 ++---- drivers/net/wireless/realtek/rtw88/reg.h | 3 +- drivers/net/wireless/realtek/rtw88/rtw8822b.c | 14 +- drivers/net/wireless/realtek/rtw88/util.c | 3 +- drivers/nvdimm/label.c | 3 +- drivers/nvme/host/pci.c | 2 + drivers/nvme/target/tcp.c | 3 + drivers/pci/Kconfig | 6 + drivers/pci/controller/dwc/pcie-designware-ep.c | 2 +- drivers/pci/controller/pcie-brcmstb.c | 5 +- drivers/pci/controller/vmd.c | 20 +++ drivers/pci/setup-bus.c | 6 +- drivers/perf/arm-cmn.c | 2 +- drivers/phy/phy-core.c | 7 +- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 44 +++--- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/meson/pinctrl-meson.c | 2 +- .../x86/dell/dell-wmi-sysman/passobj-attributes.c | 2 +- drivers/platform/x86/fujitsu-laptop.c | 33 ++++- drivers/platform/x86/thinkpad_acpi.c | 7 + drivers/regulator/ad5398.c | 12 +- drivers/remoteproc/qcom_wcnss.c | 34 ++++- drivers/rtc/rtc-ds1307.c | 4 +- drivers/rtc/rtc-rv3032.c | 2 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 17 ++- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 12 +- drivers/scsi/st.c | 29 +++- drivers/scsi/st.h | 2 + drivers/soc/ti/k3-socinfo.c | 13 +- drivers/spi/spi-fsl-dspi.c | 46 ++++++- drivers/spi/spi-sun4i.c | 5 +- drivers/spi/spi-zynqmp-gqspi.c | 22 ++- drivers/target/iscsi/iscsi_target.c | 2 +- drivers/thermal/qoriq_thermal.c | 13 ++ drivers/vfio/pci/vfio_pci_config.c | 3 +- drivers/vfio/pci/vfio_pci_core.c | 10 +- drivers/vfio/pci/vfio_pci_intrs.c | 2 +- drivers/video/fbdev/core/bitblit.c | 5 +- drivers/video/fbdev/core/fbcon.c | 10 +- drivers/video/fbdev/core/fbcon.h | 38 +----- drivers/video/fbdev/core/fbcon_ccw.c | 5 +- drivers/video/fbdev/core/fbcon_cw.c | 5 +- drivers/video/fbdev/core/fbcon_ud.c | 5 +- drivers/video/fbdev/core/tileblit.c | 45 +++++- drivers/video/fbdev/fsl-diu-fb.c | 1 + drivers/virtio/virtio_ring.c | 2 +- drivers/xen/platform-pci.c | 4 + drivers/xen/swiotlb-xen.c | 18 ++- drivers/xen/xenbus/xenbus_probe.c | 14 +- fs/btrfs/block-group.c | 18 ++- fs/btrfs/discard.c | 34 +++-- fs/btrfs/extent_io.c | 7 +- fs/btrfs/send.c | 6 +- fs/cifs/readdir.c | 7 +- fs/coredump.c | 80 ++++++++++- fs/dlm/lowcomms.c | 4 +- fs/ext4/balloc.c | 4 +- fs/namespace.c | 6 +- fs/nfs/delegation.c | 3 +- fs/nfs/filelayout/filelayoutdev.c | 6 +- fs/nfs/flexfilelayout/flexfilelayout.c | 1 + fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 +- fs/nfs/nfs4state.c | 10 +- fs/nfs/pnfs.h | 4 +- fs/nfs/pnfs_nfs.c | 9 +- fs/orangefs/inode.c | 7 +- include/drm/drm_atomic.h | 23 +++- include/linux/binfmts.h | 1 + include/linux/dma-mapping.h | 12 +- include/linux/ipv6.h | 1 + include/linux/lzo.h | 8 ++ include/linux/mlx4/device.h | 2 +- include/linux/pid.h | 1 + include/linux/rcutree.h | 2 +- include/linux/tpm.h | 2 +- include/linux/trace.h | 4 +- include/linux/trace_seq.h | 8 +- include/linux/usb/r8152.h | 1 + include/media/v4l2-subdev.h | 4 +- include/rdma/uverbs_std_types.h | 2 +- include/sound/pcm.h | 2 + include/trace/events/btrfs.h | 2 +- kernel/bpf/hashtab.c | 2 +- kernel/cgroup/cgroup.c | 2 +- kernel/fork.c | 98 +++++++++++-- kernel/padata.c | 3 +- kernel/rcu/tree_plugin.h | 11 +- kernel/softirq.c | 18 +++ kernel/time/posix-timers.c | 1 + kernel/time/timer_list.c | 4 +- kernel/trace/trace.c | 11 +- kernel/trace/trace.h | 16 ++- lib/dynamic_queue_limits.c | 2 +- lib/lzo/Makefile | 2 +- lib/lzo/lzo1x_compress.c | 102 ++++++++++---- lib/lzo/lzo1x_compress_safe.c | 18 +++ mm/memcontrol.c | 6 +- mm/page_alloc.c | 8 ++ net/bluetooth/l2cap_core.c | 15 +- net/bridge/br_nf_core.c | 7 +- net/bridge/br_private.h | 1 + net/can/bcm.c | 79 +++++++---- net/core/pktgen.c | 13 +- net/ipv4/fib_frontend.c | 18 ++- net/ipv4/fib_rules.c | 4 +- net/ipv4/fib_trie.c | 22 --- net/ipv4/inet_hashtables.c | 37 +++-- net/ipv4/tcp_input.c | 56 ++++---- net/ipv6/fib6_rules.c | 4 +- net/ipv6/ip6_output.c | 9 +- net/llc/af_llc.c | 8 +- net/mac80211/mlme.c | 4 +- net/netfilter/nf_conntrack_standalone.c | 12 +- net/sched/sch_hfsc.c | 15 +- net/sunrpc/clnt.c | 3 - net/sunrpc/rpcb_clnt.c | 5 +- net/tipc/crypto.c | 5 + net/xfrm/xfrm_policy.c | 3 + net/xfrm/xfrm_state.c | 3 + samples/bpf/Makefile | 2 +- scripts/config | 26 ++-- scripts/kconfig/merge_config.sh | 4 +- security/smack/smackfs.c | 4 + sound/core/oss/pcm_oss.c | 3 +- sound/core/pcm_native.c | 11 ++ sound/pci/hda/patch_realtek.c | 42 ++++++ sound/soc/codecs/mt6359-accdet.h | 9 ++ sound/soc/codecs/tas2764.c | 51 +++---- sound/soc/fsl/imx-card.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 13 ++ sound/soc/qcom/sm8250.c | 3 + sound/soc/soc-dai.c | 8 +- sound/soc/soc-ops.c | 29 +++- tools/bpf/bpftool/common.c | 3 +- tools/build/Makefile.build | 6 +- tools/lib/bpf/libbpf.c | 2 +- tools/testing/selftests/net/gro.sh | 3 +- 242 files changed, 2053 insertions(+), 882 deletions(-)

3 months, 2 weeks

10
218
0 0

[PATCH 1/8] drm/gem: Fix race in drm_gem_handle_create_tail()

by Simona Vetter

Object creation is a careful dance where we must guarantee that the object is fully constructed before it is visible to other threads, and GEM buffer objects are no difference. Final publishing happens by calling drm_gem_handle_create(). After that the only allowed thing to do is call drm_gem_object_put() because a concurrent call to the GEM_CLOSE ioctl with a correctly guessed id (which is trivial since we have a linear allocator) can already tear down the object again. Luckily most drivers get this right, the very few exceptions I've pinged the relevant maintainers for. Unfortunately we also need drm_gem_handle_create() when creating additional handles for an already existing object (e.g. GETFB ioctl or the various bo import ioctl), and hence we cannot have a drm_gem_handle_create_and_put() as the only exported function to stop these issues from happening. Now unfortunately the implementation of drm_gem_handle_create() isn't living up to standards: It does correctly finishe object initialization at the global level, and hence is safe against a concurrent tear down. But it also sets up the file-private aspects of the handle, and that part goes wrong: We fully register the object in the drm_file.object_idr before calling drm_vma_node_allow() or obj->funcs->open, which opens up races against concurrent removal of that handle in drm_gem_handle_delete(). Fix this with the usual two-stage approach of first reserving the handle id, and then only registering the object after we've completed the file-private setup. Jacek reported this with a testcase of concurrently calling GEM_CLOSE on a freshly-created object (which also destroys the object), but it should be possible to hit this with just additional handles created through import or GETFB without completed destroying the underlying object with the concurrent GEM_CLOSE ioctl calls. Note that the close-side of this race was fixed in f6cd7daecff5 ("drm: Release driver references to handle before making it available again"), which means a cool 9 years have passed until someone noticed that we need to make this symmetry or there's still gaps left :-/ Without the 2-stage close approach we'd still have a race, therefore that's an integral part of this bugfix. More importantly, this means we can have NULL pointers behind allocated id in our drm_file.object_idr. We need to check for that now: - drm_gem_handle_delete() checks for ERR_OR_NULL already - drm_gem.c:object_lookup() also chekcs for NULL - drm_gem_release() should never be called if there's another thread still existing that could call into an IOCTL that creates a new handle, so cannot race. For paranoia I added a NULL check to drm_gem_object_release_handle() though. - most drivers (etnaviv, i915, msm) are find because they use idr_find, which maps both ENOENT and NULL to NULL. - vmgfx is already broken vmw_debugfs_gem_info_show() because NULL pointers might exist due to drm_gem_handle_delete(). This needs a separate patch. This is because idr_for_each_entry terminates on the first NULL entry and so might not iterate over everything. - similar for amd in amdgpu_debugfs_gem_info_show() and amdgpu_gem_force_release(). The latter is really questionable though since it's a best effort hack and there's no way to close all the races. Needs separate patches. - xe is really broken because it not uses idr_for_each_entry() but also drops the drm_file.table_lock, which can wreak the idr iterator state if you're unlucky enough. Maybe another reason to look into the drm fdinfo memory stats instead of hand-rolling too much. - drm_show_memory_stats() is also broken since it uses idr_for_each_entry. But since that's a preexisting bug I'll follow up with a separate patch. Reported-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Cc: stable(a)vger.kernel.org Cc: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: David Airlie <airlied(a)gmail.com> Cc: Simona Vetter <simona(a)ffwll.ch> Signed-off-by: Simona Vetter <simona.vetter(a)intel.com> Signed-off-by: Simona Vetter <simona.vetter(a)ffwll.ch> --- drivers/gpu/drm/drm_gem.c | 10 +++++++++- include/drm/drm_file.h | 3 +++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index 1e659d2660f7..e4e20dda47b1 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -279,6 +279,9 @@ drm_gem_object_release_handle(int id, void *ptr, void *data) struct drm_file *file_priv = data; struct drm_gem_object *obj = ptr; + if (WARN_ON(!data)) + return 0; + if (obj->funcs->close) obj->funcs->close(obj, file_priv); @@ -399,7 +402,7 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, idr_preload(GFP_KERNEL); spin_lock(&file_priv->table_lock); - ret = idr_alloc(&file_priv->object_idr, obj, 1, 0, GFP_NOWAIT); + ret = idr_alloc(&file_priv->object_idr, NULL, 1, 0, GFP_NOWAIT); spin_unlock(&file_priv->table_lock); idr_preload_end(); @@ -420,6 +423,11 @@ drm_gem_handle_create_tail(struct drm_file *file_priv, goto err_revoke; } + /* mirrors drm_gem_handle_delete to avoid races */ + spin_lock(&file_priv->table_lock); + obj = idr_replace(&file_priv->object_idr, obj, handle); + WARN_ON(obj != NULL); + spin_unlock(&file_priv->table_lock); *handlep = handle; return 0; diff --git a/include/drm/drm_file.h b/include/drm/drm_file.h index 5c3b2aa3e69d..d344d41e6cfe 100644 --- a/include/drm/drm_file.h +++ b/include/drm/drm_file.h @@ -300,6 +300,9 @@ struct drm_file { * * Mapping of mm object handles to object pointers. Used by the GEM * subsystem. Protected by @table_lock. + * + * Note that allocated entries might be NULL as a transient state when + * creating or deleting a handle. */ struct idr object_idr; -- 2.49.0

3 months, 2 weeks

3
6
0 0

[PATCH 1/2] wifi: ath12k: fix dest ring-buffer corruption

by Johan Hovold

Add the missing memory barriers to make sure that destination ring descriptors are read after the head pointers to avoid using stale data on weakly ordered architectures like aarch64. Note that this may fix the empty descriptor issue recently worked around by commit 51ad34a47e9f ("wifi: ath12k: Add drop descriptor handling for monitor ring"). Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/net/wireless/ath/ath12k/dp_mon.c | 3 +++ drivers/net/wireless/ath/ath12k/dp_rx.c | 12 ++++++++++++ drivers/net/wireless/ath/ath12k/dp_tx.c | 3 +++ 3 files changed, 18 insertions(+) diff --git a/drivers/net/wireless/ath/ath12k/dp_mon.c b/drivers/net/wireless/ath/ath12k/dp_mon.c index d22800e89485..90a7763502c8 100644 --- a/drivers/net/wireless/ath/ath12k/dp_mon.c +++ b/drivers/net/wireless/ath/ath12k/dp_mon.c @@ -3258,6 +3258,9 @@ int ath12k_dp_mon_srng_process(struct ath12k *ar, int *budget, spin_lock_bh(&srng->lock); ath12k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while (likely(*budget)) { *budget -= 1; mon_dst_desc = ath12k_hal_srng_dst_peek(ab, srng); diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless/ath/ath12k/dp_rx.c index 75bf4211ad42..68fceb4201d7 100644 --- a/drivers/net/wireless/ath/ath12k/dp_rx.c +++ b/drivers/net/wireless/ath/ath12k/dp_rx.c @@ -2753,6 +2753,9 @@ int ath12k_dp_rx_process(struct ath12k_base *ab, int ring_id, try_again: ath12k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while ((desc = ath12k_hal_srng_dst_get_next_entry(ab, srng))) { struct rx_mpdu_desc *mpdu_info; struct rx_msdu_desc *msdu_info; @@ -3599,6 +3602,9 @@ int ath12k_dp_rx_process_err(struct ath12k_base *ab, struct napi_struct *napi, ath12k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while (budget && (reo_desc = ath12k_hal_srng_dst_get_next_entry(ab, srng))) { drop = false; @@ -3941,6 +3947,9 @@ int ath12k_dp_rx_process_wbm_err(struct ath12k_base *ab, ath12k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while (budget) { rx_desc = ath12k_hal_srng_dst_get_next_entry(ab, srng); if (!rx_desc) @@ -4122,6 +4131,9 @@ void ath12k_dp_rx_process_reo_status(struct ath12k_base *ab) ath12k_hal_srng_access_begin(ab, srng); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while ((hdr = ath12k_hal_srng_dst_get_next_entry(ab, srng))) { tag = le64_get_bits(hdr->tl, HAL_SRNG_TLV_HDR_TAG); diff --git a/drivers/net/wireless/ath/ath12k/dp_tx.c b/drivers/net/wireless/ath/ath12k/dp_tx.c index ced232bf4aed..3124eafa0201 100644 --- a/drivers/net/wireless/ath/ath12k/dp_tx.c +++ b/drivers/net/wireless/ath/ath12k/dp_tx.c @@ -853,6 +853,9 @@ void ath12k_dp_tx_completion_handler(struct ath12k_base *ab, int ring_id) ath12k_hal_srng_access_begin(ab, status_ring); + /* Make sure descriptor is read after the head pointer. */ + dma_rmb(); + while (ATH12K_TX_COMPL_NEXT(tx_ring->tx_status_head) != tx_ring->tx_status_tail) { desc = ath12k_hal_srng_dst_get_next_entry(ab, status_ring); if (!desc) -- 2.49.0

3 months, 2 weeks

2
1
0 0

[PATCH AUTOSEL 5.4 01/20] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index a750c752846cf..a635c9af26c3e 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -4320,7 +4320,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

3 months, 2 weeks

1
19
0 0

[PATCH AUTOSEL 5.10 01/27] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index 0f18837def3c8..4d3332d96e086 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -4578,7 +4578,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

3 months, 2 weeks

1
26
0 0

[PATCH AUTOSEL 5.15 01/33] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index 667af80a739b9..2266a3ecc5533 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -4809,7 +4809,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

3 months, 2 weeks

1
32
0 0

[PATCH AUTOSEL 6.1 01/46] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index d2f4709dee0de..495a1cb0bc183 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -4956,7 +4956,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

3 months, 2 weeks

1
45
0 0

[PATCH AUTOSEL 6.6 01/62] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index 6f45f4d9fba71..534e7f7bca4c2 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -5070,7 +5070,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

3 months, 2 weeks

1
61
0 0

[PATCH AUTOSEL 6.12 01/93] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index ae100ed8ed6b9..3c2a7919b1289 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -5117,7 +5117,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

3 months, 2 weeks

1
92
0 0

[PATCH AUTOSEL 6.14 001/108] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index e3cc26472c2f1..ec7f85cb0cbfa 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -5104,7 +5104,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

3 months, 2 weeks

1
107
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am62-main: Set eMMC clock parent to" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3a71cdfec94436079513d9adf4b1d4f7a7edd917 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060230-sacrifice-vexingly-4e21@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a71cdfec94436079513d9adf4b1d4f7a7edd917 Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Tue, 29 Apr 2025 11:33:35 -0500 Subject: [PATCH] arm64: dts: ti: k3-am62-main: Set eMMC clock parent to default Set eMMC clock parents to the defaults which is MAIN_PLL0_HSDIV5_CLKOUT for eMMC. This change is necessary since DM is not implementing the correct procedure to switch PLL clock source for eMMC and MMC CLK mux is not glich-free. As a preventative action, lets switch back to the defaults. Fixes: c37c58fdeb8a ("arm64: dts: ti: k3-am62: Add more peripheral nodes") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Acked-by: Udit Kumar <u-kumar1(a)ti.com> Acked-by: Bryan Brattlof <bb(a)ti.com> Link: https://lore.kernel.org/r/20250429163337.15634-2-jm@ti.com Signed-off-by: Nishanth Menon <nm(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi index 7d355aa73ea2..0c286f600296 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi @@ -552,8 +552,6 @@ sdhci0: mmc@fa10000 { power-domains = <&k3_pds 57 TI_SCI_PD_EXCLUSIVE>; clocks = <&k3_clks 57 5>, <&k3_clks 57 6>; clock-names = "clk_ahb", "clk_xin"; - assigned-clocks = <&k3_clks 57 6>; - assigned-clock-parents = <&k3_clks 57 8>; bus-width = <8>; mmc-ddr-1_8v; mmc-hs200-1_8v;

3 months, 2 weeks

4
3
0 0

[PATCH 6.12.y] f2fs: fix to avoid accessing uninitialized curseg

by alvalan9＠foxmail.com

From: Chao Yu <chao(a)kernel.org> [ Upstream commit 986c50f6bca109c6cf362b4e2babcb85aba958f6 ] syzbot reports a f2fs bug as below: F2FS-fs (loop3): Stopped filesystem due to reason: 7 kworker/u8:7: attempt to access beyond end of device BUG: unable to handle page fault for address: ffffed1604ea3dfa RIP: 0010:get_ckpt_valid_blocks fs/f2fs/segment.h:361 [inline] RIP: 0010:has_curseg_enough_space fs/f2fs/segment.h:570 [inline] RIP: 0010:__get_secs_required fs/f2fs/segment.h:620 [inline] RIP: 0010:has_not_enough_free_secs fs/f2fs/segment.h:633 [inline] RIP: 0010:has_enough_free_secs+0x575/0x1660 fs/f2fs/segment.h:649 <TASK> f2fs_is_checkpoint_ready fs/f2fs/segment.h:671 [inline] f2fs_write_inode+0x425/0x540 fs/f2fs/inode.c:791 write_inode fs/fs-writeback.c:1525 [inline] __writeback_single_inode+0x708/0x10d0 fs/fs-writeback.c:1745 writeback_sb_inodes+0x820/0x1360 fs/fs-writeback.c:1976 wb_writeback+0x413/0xb80 fs/fs-writeback.c:2156 wb_do_writeback fs/fs-writeback.c:2303 [inline] wb_workfn+0x410/0x1080 fs/fs-writeback.c:2343 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317 worker_thread+0x870/0xd30 kernel/workqueue.c:3398 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Commit 8b10d3653735 ("f2fs: introduce FAULT_NO_SEGMENT") allows to trigger no free segment fault in allocator, then it will update curseg->segno to NULL_SEGNO, though, CP_ERROR_FLAG has been set, f2fs_write_inode() missed to check the flag, and access invalid curseg->segno directly in below call path, then resulting in panic: - f2fs_write_inode - f2fs_is_checkpoint_ready - has_enough_free_secs - has_not_enough_free_secs - __get_secs_required - has_curseg_enough_space - get_ckpt_valid_blocks : access invalid curseg->segno To avoid this issue, let's: - check CP_ERROR_FLAG flag in prior to f2fs_is_checkpoint_ready() in f2fs_write_inode(). - in has_curseg_enough_space(), save curseg->segno into a temp variable, and verify its validation before use. Fixes: 8b10d3653735 ("f2fs: introduce FAULT_NO_SEGMENT") Reported-by: syzbot+b6b347b7a4ea1b2e29b6(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/67973c2b.050a0220.11b1bb.0089.GAE@google.com Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Alva Lan <alvalan9(a)foxmail.com> --- Build test passed. The kernel booted up successfully with the patch applied. --- fs/f2fs/inode.c | 7 +++++++ fs/f2fs/segment.h | 9 ++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index a60db5e795a4..1061991434b1 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -777,6 +777,13 @@ int f2fs_write_inode(struct inode *inode, struct writeback_control *wbc) !is_inode_flag_set(inode, FI_DIRTY_INODE)) return 0; + /* + * no need to update inode page, ultimately f2fs_evict_inode() will + * clear dirty status of inode. + */ + if (f2fs_cp_error(sbi)) + return -EIO; + if (!f2fs_is_checkpoint_ready(sbi)) { f2fs_mark_inode_dirty_sync(inode, true); return -ENOSPC; diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h index 51b2b8c5c749..0c004dd5595b 100644 --- a/fs/f2fs/segment.h +++ b/fs/f2fs/segment.h @@ -562,13 +562,16 @@ static inline bool has_curseg_enough_space(struct f2fs_sb_info *sbi, unsigned int node_blocks, unsigned int data_blocks, unsigned int dent_blocks) { - unsigned int segno, left_blocks, blocks; int i; /* check current data/node sections in the worst case. */ for (i = CURSEG_HOT_DATA; i < NR_PERSISTENT_LOG; i++) { segno = CURSEG_I(sbi, i)->segno; + + if (unlikely(segno == NULL_SEGNO)) + return false; + left_blocks = CAP_BLKS_PER_SEC(sbi) - get_ckpt_valid_blocks(sbi, segno, true); @@ -579,6 +582,10 @@ static inline bool has_curseg_enough_space(struct f2fs_sb_info *sbi, /* check current data section for dentry blocks. */ segno = CURSEG_I(sbi, CURSEG_HOT_DATA)->segno; + + if (unlikely(segno == NULL_SEGNO)) + return false; + left_blocks = CAP_BLKS_PER_SEC(sbi) - get_ckpt_valid_blocks(sbi, segno, true); if (dent_blocks > left_blocks) -- 2.34.1

3 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f55c9f087cc2e2252d44ffd9d58def2066fc176e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060218-subdivide-smashing-0ef7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f55c9f087cc2e2252d44ffd9d58def2066fc176e Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Tue, 29 Apr 2025 12:30:08 -0500 Subject: [PATCH] arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 For am65x, add missing ITAPDLYSEL values for Default Speed and High Speed SDR modes to sdhci0 node according to the device datasheet [0]. [0] https://www.ti.com/lit/gpn/am6548 Fixes: eac99d38f861 ("arm64: dts: ti: k3-am654-main: Update otap-del-sel values") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Reviewed-by: Moteen Shah <m-shah(a)ti.com> Link: https://lore.kernel.org/r/20250429173009.33994-1-jm@ti.com Signed-off-by: Nishanth Menon <nm(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am65-main.dtsi b/arch/arm64/boot/dts/ti/k3-am65-main.dtsi index 6d3c467d7038..b085e7361116 100644 --- a/arch/arm64/boot/dts/ti/k3-am65-main.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am65-main.dtsi @@ -449,6 +449,8 @@ sdhci0: mmc@4f80000 { ti,otap-del-sel-mmc-hs = <0x0>; ti,otap-del-sel-ddr52 = <0x5>; ti,otap-del-sel-hs200 = <0x5>; + ti,itap-del-sel-legacy = <0xa>; + ti,itap-del-sel-mmc-hs = <0x1>; ti,itap-del-sel-ddr52 = <0x0>; dma-coherent; status = "disabled";

3 months, 2 weeks

4
3
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f55c9f087cc2e2252d44ffd9d58def2066fc176e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060219-slicing-gargle-f481@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f55c9f087cc2e2252d44ffd9d58def2066fc176e Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Tue, 29 Apr 2025 12:30:08 -0500 Subject: [PATCH] arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 For am65x, add missing ITAPDLYSEL values for Default Speed and High Speed SDR modes to sdhci0 node according to the device datasheet [0]. [0] https://www.ti.com/lit/gpn/am6548 Fixes: eac99d38f861 ("arm64: dts: ti: k3-am654-main: Update otap-del-sel values") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Reviewed-by: Moteen Shah <m-shah(a)ti.com> Link: https://lore.kernel.org/r/20250429173009.33994-1-jm@ti.com Signed-off-by: Nishanth Menon <nm(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am65-main.dtsi b/arch/arm64/boot/dts/ti/k3-am65-main.dtsi index 6d3c467d7038..b085e7361116 100644 --- a/arch/arm64/boot/dts/ti/k3-am65-main.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am65-main.dtsi @@ -449,6 +449,8 @@ sdhci0: mmc@4f80000 { ti,otap-del-sel-mmc-hs = <0x0>; ti,otap-del-sel-ddr52 = <0x5>; ti,otap-del-sel-hs200 = <0x5>; + ti,itap-del-sel-legacy = <0xa>; + ti,itap-del-sel-mmc-hs = <0x1>; ti,itap-del-sel-ddr52 = <0x0>; dma-coherent; status = "disabled";

3 months, 2 weeks

4
3
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f55c9f087cc2e2252d44ffd9d58def2066fc176e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060218-borrowing-cartload-20af@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f55c9f087cc2e2252d44ffd9d58def2066fc176e Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Tue, 29 Apr 2025 12:30:08 -0500 Subject: [PATCH] arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 For am65x, add missing ITAPDLYSEL values for Default Speed and High Speed SDR modes to sdhci0 node according to the device datasheet [0]. [0] https://www.ti.com/lit/gpn/am6548 Fixes: eac99d38f861 ("arm64: dts: ti: k3-am654-main: Update otap-del-sel values") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Reviewed-by: Moteen Shah <m-shah(a)ti.com> Link: https://lore.kernel.org/r/20250429173009.33994-1-jm@ti.com Signed-off-by: Nishanth Menon <nm(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am65-main.dtsi b/arch/arm64/boot/dts/ti/k3-am65-main.dtsi index 6d3c467d7038..b085e7361116 100644 --- a/arch/arm64/boot/dts/ti/k3-am65-main.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am65-main.dtsi @@ -449,6 +449,8 @@ sdhci0: mmc@4f80000 { ti,otap-del-sel-mmc-hs = <0x0>; ti,otap-del-sel-ddr52 = <0x5>; ti,otap-del-sel-hs200 = <0x5>; + ti,itap-del-sel-legacy = <0xa>; + ti,itap-del-sel-mmc-hs = <0x1>; ti,itap-del-sel-ddr52 = <0x0>; dma-coherent; status = "disabled";

3 months, 2 weeks

4
3
0 0

[PATCH] drm/xe/guc_submit: add back fix

by Matthew Auld

Daniele noticed that the fix in commit 2d2be279f1ca ("drm/xe: fix UAF around queue destruction") looks to have been unintentionally removed as part of handling a conflict in some past merge commit. Add it back. Fixes: ac44ff7cec33 ("Merge tag 'drm-xe-fixes-2024-10-10' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes") Reported-by: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.12+ --- drivers/gpu/drm/xe/xe_guc_submit.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_guc_submit.c b/drivers/gpu/drm/xe/xe_guc_submit.c index 80f748baad3f..2b61d017eeca 100644 --- a/drivers/gpu/drm/xe/xe_guc_submit.c +++ b/drivers/gpu/drm/xe/xe_guc_submit.c @@ -229,6 +229,17 @@ static bool exec_queue_killed_or_banned_or_wedged(struct xe_exec_queue *q) static void guc_submit_fini(struct drm_device *drm, void *arg) { struct xe_guc *guc = arg; + struct xe_device *xe = guc_to_xe(guc); + struct xe_gt *gt = guc_to_gt(guc); + int ret; + + ret = wait_event_timeout(guc->submission_state.fini_wq, + xa_empty(&guc->submission_state.exec_queue_lookup), + HZ * 5); + + drain_workqueue(xe->destroy_wq); + + xe_gt_assert(gt, ret); xa_destroy(&guc->submission_state.exec_queue_lookup); } -- 2.49.0

3 months, 2 weeks

2
1
0 0

[for-linus][PATCH 1/5] ftrace: Fix UAF when lookup kallsym after ftrace disabled

by Steven Rostedt

From: Ye Bin <yebin10(a)huawei.com> The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN PTI Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS RIP: 0010:sized_strscpy+0x81/0x2f0 RSP: 0018:ffff88812d76fa08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffffffc0601010 RCX: dffffc0000000000 RDX: 0000000000000038 RSI: dffffc0000000000 RDI: ffff88812608da2d RBP: 8080808080808080 R08: ffff88812608da2d R09: ffff88812608da68 R10: ffff88812608d82d R11: ffff88812608d810 R12: 0000000000000038 R13: ffff88812608da2d R14: ffffffffc05d0218 R15: fefefefefefefeff FS: 00007fef552de740(0000) GS:ffff8884251c7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffc05d0218 CR3: 00000001146f0000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ftrace_mod_get_kallsym+0x1ac/0x590 update_iter_mod+0x239/0x5b0 s_next+0x5b/0xa0 seq_read_iter+0x8c9/0x1070 seq_read+0x249/0x3b0 proc_reg_read+0x1b0/0x280 vfs_read+0x17f/0x920 ksys_read+0xf3/0x1c0 do_syscall_64+0x5f/0x2e0 entry_SYSCALL_64_after_hwframe+0x76/0x7e The above issue may happen as follows: (1) Add kprobe tracepoint; (2) insmod test.ko; (3) Module triggers ftrace disabled; (4) rmmod test.ko; (5) cat /proc/kallsyms; --> Will trigger UAF as test.ko already removed; ftrace_mod_get_kallsym() ... strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN); ... The problem is when a module triggers an issue with ftrace and sets ftrace_disable. The ftrace_disable is set when an anomaly is discovered and to prevent any more damage, ftrace stops all text modification. The issue that happened was that the ftrace_disable stops more than just the text modification. When a module is loaded, its init functions can also be traced. Because kallsyms deletes the init functions after a module has loaded, ftrace saves them when the module is loaded and function tracing is enabled. This allows the output of the function trace to show the init function names instead of just their raw memory addresses. When a module is removed, ftrace_release_mod() is called, and if ftrace_disable is set, it just returns without doing anything more. The problem here is that it leaves the mod_list still around and if kallsyms is called, it will call into this code and access the module memory that has already been freed as it will return: strscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN); Where the "mod" no longer exists and triggers a UAF bug. Link: https://lore.kernel.org/all/20250523135452.626d8dcd@gandalf.local.home/ Cc: stable(a)vger.kernel.org Fixes: aba4b5c22cba ("ftrace: Save module init functions kallsyms symbols for tracing") Link: https://lore.kernel.org/20250529111955.2349189-2-yebin@huaweicloud.com Signed-off-by: Ye Bin <yebin10(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 1af952cba48d..84fd2f8263fa 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -7438,9 +7438,10 @@ void ftrace_release_mod(struct module *mod) mutex_lock(&ftrace_lock); - if (ftrace_disabled) - goto out_unlock; - + /* + * To avoid the UAF problem after the module is unloaded, the + * 'mod_map' resource needs to be released unconditionally. + */ list_for_each_entry_safe(mod_map, n, &ftrace_mod_maps, list) { if (mod_map->mod == mod) { list_del_rcu(&mod_map->list); @@ -7449,6 +7450,9 @@ void ftrace_release_mod(struct module *mod) } } + if (ftrace_disabled) + goto out_unlock; + /* * Each module has its own ftrace_pages, remove * them from the list. -- 2.47.2

3 months, 2 weeks

1
0
0 0

[PATCH 6.14 00/73] 6.14.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.10 release. There are 73 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 04 Jun 2025 13:42:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.10-rc1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use list_first_entry_or_null for opinfo_get_list() Nishanth Menon <nm(a)ti.com> net: ethernet: ti: am65-cpsw: Lower random mac address error print to info Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: thinkpad_acpi: Ignore battery threshold change event notification Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - restore auto-mute mode for Dell Chrome platform Valtteri Koskivuori <vkoskiv(a)gmail.com> platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid flushing data while holding directory locks in nfs_rename() Purva Yeshi <purvayeshi550(a)gmail.com> char: tpm: tpm-buf: Add sanity check fallback in read helpers Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe: Save the gt pointer in lrc and drop the tile Aradhya Bhatia <aradhya.bhatia(a)intel.com> drm/xe/xe2hpg: Add Wa_22021007897 Ilya Guterman <amfernusus(a)gmail.com> nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro Alan Adamson <alan.adamson(a)oracle.com> nvme: all namespaces in a subsystem must adhere to a common atomic write size Alessandro Grassi <alessandro.grassi(a)mailbox.org> spi: spi-sun4i: fix early activation Algea Cao <algea.cao(a)rock-chips.com> phy: phy-rockchip-samsung-hdptx: Fix PHY PLL output 50.25MHz error Hal Feng <hal.feng(a)starfivetech.com> phy: starfive: jh7110-usb: Fix USB 2.0 host occasional detection failure Alan Adamson <alan.adamson(a)oracle.com> nvme: multipath: enable BLK_FEAT_ATOMIC_WRITES for multipathing Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: check stream id dml21 wrapper to get plane_id George Shen <george.shen(a)amd.com> drm/amd/display: fix link_set_dpms_off multi-display MST corner case Markus Burri <markus.burri(a)mt.com> gpio: virtuser: fix potential out-of-bound write Damien Le Moal <dlemoal(a)kernel.org> nvmet: pci-epf: cleanup nvmet_pci_epf_raise_irq() Masahiro Yamada <masahiroy(a)kernel.org> um: let 'make clean' properly clean underlying SUBARCH as well Sami Tolvanen <samitolvanen(a)google.com> kbuild: Require pahole <v1.28 or >v1.29 with GENDWARFKSYMS on X86 John Chau <johnchau(a)0atlas.com> platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS Jeff Layton <jlayton(a)kernel.org> nfs: don't share pNFS DS connections between net namespaces Milton Barrera <miltonjosue2001(a)gmail.com> HID: quirks: Add ADATA XPG alpha wireless mouse support Mario Limonciello <mario.limonciello(a)amd.com> HID: amd_sfh: Avoid clearing reports for SRA sensor Purva Yeshi <purvayeshi550(a)gmail.com> dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open Christian Brauner <brauner(a)kernel.org> coredump: hand a pidfd to the usermode coredump helper Christian Brauner <brauner(a)kernel.org> coredump: fix error handling for replace_fd() Robin Murphy <robin.murphy(a)arm.com> iommu: Handle yet another race around registration Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Add CMN S3 ACPI binding Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Initialise cmn->cpu earlier Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix REQ2/SNP2 mixup Pedro Tammela <pctammela(a)mojatatu.com> net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix length of serdes_ln_ctrl Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-main: Disable "serdes_wiz0" and "serdes_wiz1" Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j722s-evm: Enable "serdes_wiz0" and "serdes_wiz1" Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add requiried voltage supplies for IMX219 Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Remove clock-names property from IMX219 overlay Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am68-sk: Fix regulator hierarchy Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in OV5640 overlay Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am62x: Rename I2C switch to I2C mux in IMX219 overlay Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-am62x: Remove clock-names property from IMX219 overlay Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62p-j722s-common-main: Set eMMC clock parent to default Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62a-main: Set eMMC clock parent to default Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62-main: Set eMMC clock parent to default Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix PCIe 3rd controller DBI size Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100: Add GPU cooling Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100: Fix video thermal zone Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-yoga-slim7x: mark l12b and l15b always-on Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: mark l12b and l15b always-on Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix vreg_l2j_1p2 voltage Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-lenovo-yoga-slim7x: Fix vreg_l2j_1p2 voltage Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-hp-x14: mark l12b and l15b always-on Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-hp-omnibook-x14: Fix vreg_l2j_1p2 voltage Juerg Haefliger <juerg.haefliger(a)canonical.com> arm64: dts: qcom: x1e80100-hp-omnibook-x14: Enable SMB2360 0 and 1 Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-dell-xps13-9345: mark l12b and l15b always-on Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e80100-asus-vivobook-s15: Fix vreg_l2j_1p2 voltage Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e001de-devkit: mark l12b and l15b always-on Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: x1e001de-devkit: Fix vreg_l2j_1p2 voltage Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sm8650: Add missing properties for cryptobam Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sm8550: Add missing properties for cryptobam Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sm8450: Add missing properties for cryptobam Alok Tiwari <alok.a.tiwari(a)oracle.com> arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node Karthik Sanagavarapu <quic_kartsana(a)quicinc.com> arm64: dts: qcom: sa8775p: Remove cdsp compute-cb@10 Ling Xu <quic_lxu5(a)quicinc.com> arm64: dts: qcom: sa8775p: Remove extra entries from the iommus property Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sa8775p: Add missing properties for cryptobam Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: ipq9574: Add missing properties for cryptobam Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma Niravkumar L Rabara <niravkumar.l.rabara(a)intel.com> arm64: dts: socfpga: agilex5: fix gpio0 address Axel Forsman <axfo(a)kvaser.com> can: kvaser_pciefd: Force IRQ edge in case of nested IRQ ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/intel/socfpga_agilex5.dtsi | 4 +- arch/arm64/boot/dts/qcom/ipq9574.dtsi | 2 + arch/arm64/boot/dts/qcom/sa8775p.dtsi | 248 ++--------------- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8550.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8650.dtsi | 2 + arch/arm64/boot/dts/qcom/x1e001de-devkit.dts | 6 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 +- .../boot/dts/qcom/x1e80100-dell-xps13-9345.dts | 2 + .../boot/dts/qcom/x1e80100-hp-omnibook-x14.dts | 14 +- .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 7 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 6 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 309 +++++++++++---------- arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 40 ++- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 2 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 - .../boot/dts/ti/k3-am62p-j722s-common-main.dtsi | 2 - .../arm64/boot/dts/ti/k3-am62x-sk-csi2-imx219.dtso | 3 +- .../arm64/boot/dts/ti/k3-am62x-sk-csi2-ov5640.dtso | 2 +- .../boot/dts/ti/k3-am62x-sk-csi2-tevi-ov5640.dtso | 2 +- arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts | 13 +- .../boot/dts/ti/k3-j721e-sk-csi2-dual-imx219.dtso | 35 ++- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 31 +++ arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 8 + arch/arm64/boot/dts/ti/k3-j722s-main.dtsi | 4 + .../boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 2 +- arch/um/Makefile | 1 + drivers/char/tpm/tpm-buf.c | 6 +- drivers/dma/idxd/cdev.c | 4 +- drivers/gpio/gpio-virtuser.c | 12 +- .../dc/dml2/dml21/dml21_translation_helper.c | 20 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 13 +- drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 + drivers/gpu/drm/xe/xe_lrc.c | 4 +- drivers/gpu/drm/xe/xe_lrc_types.h | 4 +- drivers/gpu/drm/xe/xe_wa.c | 4 + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 5 + drivers/hid/hid-ids.h | 4 + drivers/hid/hid-quirks.c | 2 + drivers/iommu/iommu.c | 26 +- drivers/net/can/kvaser_pciefd.c | 83 +++--- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/nvme/host/core.c | 30 +- drivers/nvme/host/multipath.c | 3 +- drivers/nvme/host/nvme.h | 3 +- drivers/nvme/host/pci.c | 2 + drivers/nvme/target/pci-epf.c | 10 +- drivers/perf/arm-cmn.c | 11 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 2 + drivers/phy/starfive/phy-jh7110-usb.c | 7 + drivers/platform/x86/fujitsu-laptop.c | 33 ++- drivers/platform/x86/thinkpad_acpi.c | 7 + drivers/spi/spi-sun4i.c | 5 +- fs/coredump.c | 65 ++++- fs/nfs/client.c | 2 + fs/nfs/dir.c | 15 +- fs/nfs/filelayout/filelayoutdev.c | 6 +- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 +- fs/nfs/pnfs.h | 4 +- fs/nfs/pnfs_nfs.c | 9 +- fs/smb/server/oplock.c | 7 +- include/linux/coredump.h | 1 + include/linux/iommu.h | 2 + include/linux/nfs_fs_sb.h | 12 +- kernel/module/Kconfig | 5 + net/sched/sch_hfsc.c | 9 +- sound/pci/hda/patch_realtek.c | 5 +- 70 files changed, 674 insertions(+), 540 deletions(-)

3 months, 2 weeks

8
80
0 0

[PATCH v3] mm: userfaultfd: fix race of userfaultfd_move and swap cache

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and try to move the found folio to the faulting vma when. Currently, it relies on the PTE value check to ensure the moved folio still belongs to the src swap entry, which turns out is not reliable. While working and reviewing the swap table series with Barry, following existing race is observed and reproduced [1]: ( move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 isn't in the swap cache.) CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < Somehow interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is just a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B could use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < Somehow interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry pte // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced [1]. It's also possible that folio (A) is swapped in, and swapped out again after the filemap_get_folio lookup, in such case folio (A) may stay in swap cache so it needs to be moved too. In this case we should also try again so kernel won't miss a folio move. Fix this by checking if the folio is the valid swap cache folio after acquiring the folio lock, and checking the swap cache again after acquiring the src_pte lock. SWP_SYNCRHONIZE_IO path does make the problem more complex, but so far we don't need to worry about that since folios only might get exposed to swap cache in the swap out path, and it's covered in this patch too by checking the swap cache again after acquiring src_pte lock. Testing with a simple C program to allocate and move several GB of memory did not show any observable performance change. Cc: <stable(a)vger.kernel.org> Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Signed-off-by: Kairui Song <kasong(a)tencent.com> --- V1: https://lore.kernel.org/linux-mm/20250530201710.81365-1-ryncsn@gmail.com/ Changes: - Check swap_map instead of doing a filemap lookup after acquiring the PTE lock to minimize critical section overhead [ Barry Song, Lokesh Gidra ] V2: https://lore.kernel.org/linux-mm/20250601200108.23186-1-ryncsn@gmail.com/ Changes: - Move the folio and swap check inside move_swap_pte to avoid skipping the check and potential overhead [ Lokesh Gidra ] - Add a READ_ONCE for the swap_map read to ensure it reads a up to dated value. mm/userfaultfd.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index bc473ad21202..5dc05346e360 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1084,8 +1084,18 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, + struct swap_info_struct *si, swp_entry_t entry) { + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (src_folio && unlikely(!folio_test_swapcache(src_folio) || + entry.val != src_folio->swap.val)) + return -EAGAIN; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1112,15 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check if the swap entry is cached after acquiring the src_pte + * lock. Or we might miss a new loaded swap cache folio. + */ + if (READ_ONCE(si->swap_map[swp_offset(entry)]) & SWAP_HAS_CACHE) { + double_pt_unlock(dst_ptl, src_ptl); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1412,7 +1431,7 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si, entry); } out: -- 2.49.0

3 months, 2 weeks

4
6
0 0

[tip: x86/urgent] x86/iopl: Cure TIF_IO_BITMAP inconsistencies

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 8b68e978718f14fdcb080c2a7791c52a0d09bc6d Gitweb: https://git.kernel.org/tip/8b68e978718f14fdcb080c2a7791c52a0d09bc6d Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Wed, 26 Feb 2025 16:01:57 +01:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Tue, 03 Jun 2025 15:56:39 +02:00 x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated during fork(). io_bitmap_exit() invokes task_update_io_bitmap(), which in turn ends up in tss_update_io_bitmap(). tss_update_io_bitmap() operates on the current task. If current has TIF_IO_BITMAP set, but no bitmap installed, tss_update_io_bitmap() crashes with a NULL pointer dereference. There are two issues, which lead to that problem: 1) io_bitmap_exit() should not invoke task_update_io_bitmap() when the task, which is cleaned up, is not the current task. That's a clear indicator for a cleanup after a failed fork(). 2) A task should not have TIF_IO_BITMAP set and neither a bitmap installed nor IOPL emulation level 3 activated. This happens when a kernel thread is created in the context of a user space thread, which has TIF_IO_BITMAP set as the thread flags are copied and the IO bitmap pointer is cleared. Other than in the failed fork() case this has no impact because kernel threads including IO workers never return to user space and therefore never invoke tss_update_io_bitmap(). Cure this by adding the missing cleanups and checks: 1) Prevent io_bitmap_exit() to invoke task_update_io_bitmap() if the to be cleaned up task is not the current task. 2) Clear TIF_IO_BITMAP in copy_thread() unconditionally. For user space forks it is set later, when the IO bitmap is inherited in io_bitmap_share(). For paranoia sake, add a warning into tss_update_io_bitmap() to catch the case, when that code is invoked with inconsistent state. Fixes: ea5f1cd7ab49 ("x86/ioperm: Remove bitmap if all permissions dropped") Reported-by: syzbot+e2b1803445d236442e54(a)syzkaller.appspotmail.com Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/87wmdceom2.ffs@tglx --- arch/x86/kernel/ioport.c | 13 +++++++++---- arch/x86/kernel/process.c | 6 ++++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c index 6290dd1..ff40f09 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c @@ -33,8 +33,9 @@ void io_bitmap_share(struct task_struct *tsk) set_tsk_thread_flag(tsk, TIF_IO_BITMAP); } -static void task_update_io_bitmap(struct task_struct *tsk) +static void task_update_io_bitmap(void) { + struct task_struct *tsk = current; struct thread_struct *t = &tsk->thread; if (t->iopl_emul == 3 || t->io_bitmap) { @@ -54,7 +55,12 @@ void io_bitmap_exit(struct task_struct *tsk) struct io_bitmap *iobm = tsk->thread.io_bitmap; tsk->thread.io_bitmap = NULL; - task_update_io_bitmap(tsk); + /* + * Don't touch the TSS when invoked on a failed fork(). TSS + * reflects the state of @current and not the state of @tsk. + */ + if (tsk == current) + task_update_io_bitmap(); if (iobm && refcount_dec_and_test(&iobm->refcnt)) kfree(iobm); } @@ -192,8 +198,7 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) } t->iopl_emul = level; - task_update_io_bitmap(current); - + task_update_io_bitmap(); return 0; } diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index c1d2dac..704883c 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -176,6 +176,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) frame->ret_addr = (unsigned long) ret_from_fork_asm; p->thread.sp = (unsigned long) fork_frame; p->thread.io_bitmap = NULL; + clear_tsk_thread_flag(p, TIF_IO_BITMAP); p->thread.iopl_warn = 0; memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps)); @@ -464,6 +465,11 @@ void native_tss_update_io_bitmap(void) } else { struct io_bitmap *iobm = t->io_bitmap; + if (WARN_ON_ONCE(!iobm)) { + clear_thread_flag(TIF_IO_BITMAP); + native_tss_invalidate_io_bitmap(); + } + /* * Only copy bitmap data when the sequence number differs. The * update time is accounted to the incoming task.

3 months, 2 weeks

1
0
0 0

[PATCH v2 1/2] tty: Register device *after* creating the cdev for a tty

by Max Staudt

This change makes the tty device file available only after the tty's backing character device is ready. Since 6a7e6f78c235975cc14d4e141fa088afffe7062c, the class device is registered before the cdev is created, and userspace may pick it up, yet open() will fail because the backing cdev doesn't exist yet. Userspace is racing the bottom half of tty_register_device_attr() here, specifically the call to tty_cdev_add(). dev_set_uevent_suppress() was used to work around this, but this fails on embedded systems that rely on bare devtmpfs rather than udev. On such systems, the device file is created as part of device_add(), and userspace can pick it up via inotify, irrespective of uevent suppression. So let's undo the existing patch, and create the cdev first, and only afterwards register the class device in the kernel's device tree. However, this restores the original race of the cdev existing before the class device is registered, and an attempt to tty_[k]open() the chardev between these two steps will lead to tty->dev being assigned NULL by alloc_tty_struct(). This will be addressed in a second patch. Fixes: 6a7e6f78c235 ("tty: close race between device register and open") Signed-off-by: Max Staudt <max(a)enpas.org> Cc: <stable(a)vger.kernel.org> --- drivers/tty/tty_io.c | 54 +++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 23 deletions(-) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index ca9b7d7bad2b..e922b84524d2 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -3245,6 +3245,7 @@ struct device *tty_register_device_attr(struct tty_driver *driver, struct ktermios *tp; struct device *dev; int retval; + bool cdev_added = false; if (index >= driver->num) { pr_err("%s: Attempt to register invalid tty line number (%d)\n", @@ -3257,24 +3258,6 @@ struct device *tty_register_device_attr(struct tty_driver *driver, else tty_line_name(driver, index, name); - dev = kzalloc(sizeof(*dev), GFP_KERNEL); - if (!dev) - return ERR_PTR(-ENOMEM); - - dev->devt = devt; - dev->class = &tty_class; - dev->parent = device; - dev->release = tty_device_create_release; - dev_set_name(dev, "%s", name); - dev->groups = attr_grp; - dev_set_drvdata(dev, drvdata); - - dev_set_uevent_suppress(dev, 1); - - retval = device_register(dev); - if (retval) - goto err_put; - if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) { /* * Free any saved termios data so that the termios state is @@ -3288,19 +3271,44 @@ struct device *tty_register_device_attr(struct tty_driver *driver, retval = tty_cdev_add(driver, devt, index, 1); if (retval) - goto err_del; + return ERR_PTR(retval); + + cdev_added = true; + } + + dev = kzalloc(sizeof(*dev), GFP_KERNEL); + if (!dev) { + retval = -ENOMEM; + goto err_del_cdev; } - dev_set_uevent_suppress(dev, 0); - kobject_uevent(&dev->kobj, KOBJ_ADD); + dev->devt = devt; + dev->class = &tty_class; + dev->parent = device; + dev->release = tty_device_create_release; + dev_set_name(dev, "%s", name); + dev->groups = attr_grp; + dev_set_drvdata(dev, drvdata); + + retval = device_register(dev); + if (retval) + goto err_put; return dev; -err_del: - device_del(dev); err_put: + /* + * device_register() calls device_add(), after which + * we must use put_device() instead of kfree(). + */ put_device(dev); +err_del_cdev: + if (cdev_added) { + cdev_del(driver->cdevs[index]); + driver->cdevs[index] = NULL; + } + return ERR_PTR(retval); } EXPORT_SYMBOL_GPL(tty_register_device_attr); -- 2.39.5

3 months, 2 weeks

4
5
0 0

[PATCH v2 4/7] LoongArch: KVM: Check validation of num_cpu from user space

by Bibo Mao

The maximum supported cpu number is EIOINTC_ROUTE_MAX_VCPUS about irqchip eiointc, here add validation about cpu number to avoid array pointer overflow. Cc: stable(a)vger.kernel.org Fixes: 1ad7efa552fd ("LoongArch: KVM: Add EIOINTC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index b48511f903b5..ed80bf290755 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -798,7 +798,7 @@ static int kvm_eiointc_ctrl_access(struct kvm_device *dev, int ret = 0; unsigned long flags; unsigned long type = (unsigned long)attr->attr; - u32 i, start_irq; + u32 i, start_irq, val; void __user *data; struct loongarch_eiointc *s = dev->kvm->arch.eiointc; @@ -806,7 +806,12 @@ static int kvm_eiointc_ctrl_access(struct kvm_device *dev, spin_lock_irqsave(&s->lock, flags); switch (type) { case KVM_DEV_LOONGARCH_EXTIOI_CTRL_INIT_NUM_CPU: - if (copy_from_user(&s->num_cpu, data, 4)) + if (copy_from_user(&val, data, 4) == 0) { + if (val < EIOINTC_ROUTE_MAX_VCPUS) + s->num_cpu = val; + else + ret = -EINVAL; + } else ret = -EFAULT; break; case KVM_DEV_LOONGARCH_EXTIOI_CTRL_INIT_FEATURE: @@ -835,7 +840,7 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, struct kvm_device_attr *attr, bool is_write) { - int addr, cpuid, offset, ret = 0; + int addr, cpu, offset, ret = 0; unsigned long flags; void *p = NULL; void __user *data; @@ -843,7 +848,7 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, s = dev->kvm->arch.eiointc; addr = attr->attr; - cpuid = addr >> 16; + cpu = addr >> 16; addr &= 0xffff; data = (void __user *)attr->addr; switch (addr) { @@ -868,8 +873,11 @@ static int kvm_eiointc_regs_access(struct kvm_device *dev, p = &s->isr.reg_u32[offset]; break; case EIOINTC_COREISR_START ... EIOINTC_COREISR_END: + if (cpu >= s->num_cpu) + return -EINVAL; + offset = (addr - EIOINTC_COREISR_START) / 4; - p = &s->coreisr.reg_u32[cpuid][offset]; + p = &s->coreisr.reg_u32[cpu][offset]; break; case EIOINTC_COREMAP_START ... EIOINTC_COREMAP_END: offset = (addr - EIOINTC_COREMAP_START) / 4; -- 2.39.3

3 months, 2 weeks

1
0
0 0

[PATCH v2 3/7] LoongArch: KVM: Disable update property num_cpu and feature with eiointc

by Bibo Mao

Property num_cpu and feature is read-only once eiointc is created, which is set with KVM_DEV_LOONGARCH_EXTIOI_GRP_CTRL attr group before device creation. Attr group KVM_DEV_LOONGARCH_EXTIOI_GRP_SW_STATUS is to update register and software state for migration and reset usage, property num_cpu and feature can not be update again if it is created already. Here discard write operation with property num_cpu and feature in attr group KVM_DEV_LOONGARCH_EXTIOI_GRP_CTRL. Cc: stable(a)vger.kernel.org Fixes: 1ad7efa552fd ("LoongArch: KVM: Add EIOINTC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index 0b648c56b0c3..b48511f903b5 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -910,9 +910,22 @@ static int kvm_eiointc_sw_status_access(struct kvm_device *dev, data = (void __user *)attr->addr; switch (addr) { case KVM_DEV_LOONGARCH_EXTIOI_SW_STATUS_NUM_CPU: + /* + * Property num_cpu and feature is read-only once eiointc is + * created with KVM_DEV_LOONGARCH_EXTIOI_GRP_CTRL group API + * + * Disable writing with KVM_DEV_LOONGARCH_EXTIOI_GRP_SW_STATUS + * group API + */ + if (is_write) + return ret; + p = &s->num_cpu; break; case KVM_DEV_LOONGARCH_EXTIOI_SW_STATUS_FEATURE: + if (is_write) + return ret; + p = &s->features; break; case KVM_DEV_LOONGARCH_EXTIOI_SW_STATUS_STATE: -- 2.39.3

3 months, 2 weeks

1
0
0 0

[PATCH v2 2/7] LoongArch: KVM: Check interrupt route from physical cpu with eiointc

by Bibo Mao

With eiointc interrupt controller, physical cpu id is set for irq route. However function kvm_get_vcpu() is used to get destination vCPU when delivering irq. With API kvm_get_vcpu(), logical cpu is used. With API kvm_get_vcpu_by_cpuid(), vCPU can be searched from physical cpu id. Cc: stable(a)vger.kernel.org Fixes: 3956a52bc05b ("LoongArch: KVM: Add EIOINTC read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index d2c521b0e923..0b648c56b0c3 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -9,7 +9,8 @@ static void eiointc_set_sw_coreisr(struct loongarch_eiointc *s) { - int ipnum, cpu, irq_index, irq_mask, irq; + int ipnum, cpu, irq_index, irq_mask, irq, cpuid; + struct kvm_vcpu *vcpu; for (irq = 0; irq < EIOINTC_IRQS; irq++) { ipnum = s->ipmap.reg_u8[irq / 32]; @@ -20,7 +21,12 @@ static void eiointc_set_sw_coreisr(struct loongarch_eiointc *s) irq_index = irq / 32; irq_mask = BIT(irq & 0x1f); - cpu = s->coremap.reg_u8[irq]; + cpuid = s->coremap.reg_u8[irq]; + vcpu = kvm_get_vcpu_by_cpuid(s->kvm, cpuid); + if (vcpu == NULL) + continue; + + cpu = vcpu->vcpu_id; if (!!(s->coreisr.reg_u32[cpu][irq_index] & irq_mask)) set_bit(irq, s->sw_coreisr[cpu][ipnum]); else @@ -68,17 +74,23 @@ static void eiointc_update_irq(struct loongarch_eiointc *s, int irq, int level) static inline void eiointc_update_sw_coremap(struct loongarch_eiointc *s, int irq, u64 val, u32 len, bool notify) { - int i, cpu; + int i, cpu, cpuid; + struct kvm_vcpu *vcpu; for (i = 0; i < len; i++) { - cpu = val & 0xff; + cpuid = val & 0xff; val = val >> 8; if (!(s->status & BIT(EIOINTC_ENABLE_CPU_ENCODE))) { - cpu = ffs(cpu) - 1; - cpu = (cpu >= 4) ? 0 : cpu; + cpuid = ffs(cpuid) - 1; + cpuid = (cpuid >= 4) ? 0 : cpuid; } + vcpu = kvm_get_vcpu_by_cpuid(s->kvm, cpuid); + if (vcpu == NULL) + continue; + + cpu = vcpu->vcpu_id; if (s->sw_coremap[irq + i] == cpu) continue; -- 2.39.3

3 months, 2 weeks

1
0
0 0

[PATCH v2 1/7] LoongArch: KVM: Fix interrupt route update with eiointc

by Bibo Mao

With function eiointc_update_sw_coremap(), there is forced assignment like val = *(u64 *)pvalue. Parameter pvalue may be pointer to char type or others, there is problem with forced assignment with u64 type. Here the detailed value is passed rather address pointer. Cc: stable(a)vger.kernel.org Fixes: 3956a52bc05b ("LoongArch: KVM: Add EIOINTC read and write functions") Signed-off-by: Bibo Mao <maobibo(a)loongson.cn> --- arch/loongarch/kvm/intc/eiointc.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/arch/loongarch/kvm/intc/eiointc.c b/arch/loongarch/kvm/intc/eiointc.c index f39929d7bf8a..d2c521b0e923 100644 --- a/arch/loongarch/kvm/intc/eiointc.c +++ b/arch/loongarch/kvm/intc/eiointc.c @@ -66,10 +66,9 @@ static void eiointc_update_irq(struct loongarch_eiointc *s, int irq, int level) } static inline void eiointc_update_sw_coremap(struct loongarch_eiointc *s, - int irq, void *pvalue, u32 len, bool notify) + int irq, u64 val, u32 len, bool notify) { int i, cpu; - u64 val = *(u64 *)pvalue; for (i = 0; i < len; i++) { cpu = val & 0xff; @@ -398,7 +397,7 @@ static int loongarch_eiointc_writeb(struct kvm_vcpu *vcpu, irq = offset - EIOINTC_COREMAP_START; index = irq; s->coremap.reg_u8[index] = data; - eiointc_update_sw_coremap(s, irq, (void *)&data, sizeof(data), true); + eiointc_update_sw_coremap(s, irq, data, sizeof(data), true); break; default: ret = -EINVAL; @@ -484,7 +483,7 @@ static int loongarch_eiointc_writew(struct kvm_vcpu *vcpu, irq = offset - EIOINTC_COREMAP_START; index = irq >> 1; s->coremap.reg_u16[index] = data; - eiointc_update_sw_coremap(s, irq, (void *)&data, sizeof(data), true); + eiointc_update_sw_coremap(s, irq, data, sizeof(data), true); break; default: ret = -EINVAL; @@ -570,7 +569,7 @@ static int loongarch_eiointc_writel(struct kvm_vcpu *vcpu, irq = offset - EIOINTC_COREMAP_START; index = irq >> 2; s->coremap.reg_u32[index] = data; - eiointc_update_sw_coremap(s, irq, (void *)&data, sizeof(data), true); + eiointc_update_sw_coremap(s, irq, data, sizeof(data), true); break; default: ret = -EINVAL; @@ -656,7 +655,7 @@ static int loongarch_eiointc_writeq(struct kvm_vcpu *vcpu, irq = offset - EIOINTC_COREMAP_START; index = irq >> 3; s->coremap.reg_u64[index] = data; - eiointc_update_sw_coremap(s, irq, (void *)&data, sizeof(data), true); + eiointc_update_sw_coremap(s, irq, data, sizeof(data), true); break; default: ret = -EINVAL; @@ -809,7 +808,7 @@ static int kvm_eiointc_ctrl_access(struct kvm_device *dev, for (i = 0; i < (EIOINTC_IRQS / 4); i++) { start_irq = i * 4; eiointc_update_sw_coremap(s, start_irq, - (void *)&s->coremap.reg_u32[i], sizeof(u32), false); + s->coremap.reg_u32[i], sizeof(u32), false); } break; default: -- 2.39.3

3 months, 2 weeks

1
0
0 0

UITP 2025 Attendee List

by Michelle Calara

Hi, I wanted to check if you’d be interested in acquiring the attendees list of UITP Summit - Hamburg 2025? Event Overview: Dates: 15 - 18 Jun 2025 Location: Hamburg, Germany Attendees: 10,126 Exhibitors: 380 Each contact contains: Contact Name, First Name, Last Name, Job Title, Company, Website Address, City, State, Zip, Country Code, Revenue, Employee Size, Email, Phone Number, and Fax Number. This dataset is an excellent asset for companies looking to expand their reach, build partnerships, and strengthen market presence. If you're interested in the list, just reply "Send Counts and Cost"? Best regards, Michelle Calara Senior Marketing Manager To unsubscribe, simply respond with “Not interested.”

3 months, 2 weeks

1
0
0 0

Qualcomm WIFI-6 <IPQ5018>

by Alan Ye

Hi The IPQ50xx chip integrates only a 2x2 2.4GHz Wi-Fi module. Through the high-performance NSS core and PCIe expansion and integration the application range of the IPQ50xx chip ranges from Wi-Fi mesh node to Enterprise AP. OEM manufacturers can think in a unified way when doing circuit design and PCB layout, and the same packaging can really save designers a lot of trouble. .# Part Number Manufacturer Date Code Quantity Unit Price Lead Time Condition (PCS) USD/Each one 1 IPQ-5018-0-MRQFN232-TR-01-0 QUALCOMM 2022+ 30000pcs US$3.50/pcs 7days New & original - stock 2 QCN-6102-0-DRQFN116-TR-01-1 QUALCOMM 2022+ 30000pcs US$2.50/pcs 3 QCN-9024-0-MSP234-TR-01-0 QUALCOMM 2022+ 5000pcs US$3.50/pcs 4 QCN-6112-0-DRQFN116-TR-01-0 QUALCOMM 2023+ 15000pcs US$2.70/pcs 5 QCA-8337-AL3C-R QUALCOMM 2023+ 20000pcs US$1.30/pcs The above are our company's current inventory, all of which are genuine and original packaging. If you need anything, please feel free to contact me, thank you Best Regards Maintain your product-savvy edge with . Stay Updated on News If you prefer to exit, choose Review Communication Options.

3 months, 3 weeks

1
0
0 0

[merged] fs-dax-fix-dont-skip-locked-entries-when-scanning-entries.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/dax: fix "don't skip locked entries when scanning entries" has been removed from the -mm tree. Its filename was fs-dax-fix-dont-skip-locked-entries-when-scanning-entries.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Alistair Popple <apopple(a)nvidia.com> Subject: fs/dax: fix "don't skip locked entries when scanning entries" Date: Fri, 23 May 2025 14:37:49 +1000 Commit 6be3e21d25ca ("fs/dax: don't skip locked entries when scanning entries") introduced a new function, wait_entry_unlocked_exclusive(), which waits for the current entry to become unlocked without advancing the XArray iterator state. Waiting for the entry to become unlocked requires dropping the XArray lock. This requires calling xas_pause() prior to dropping the lock which leaves the xas in a suitable state for the next iteration. However this has the side-effect of advancing the xas state to the next index. Normally this isn't an issue because xas_for_each() contains code to detect this state and thus avoid advancing the index a second time on the next loop iteration. However both callers of and wait_entry_unlocked_exclusive() itself subsequently use the xas state to reload the entry. As xas_pause() updated the state to the next index this will cause the current entry which is being waited on to be skipped. This caused the following warning to fire intermittently when running xftest generic/068 on an XFS filesystem with FS DAX enabled: [ 35.067397] ------------[ cut here ]------------ [ 35.068229] WARNING: CPU: 21 PID: 1640 at mm/truncate.c:89 truncate_folio_batch_exceptionals+0xd8/0x1e0 [ 35.069717] Modules linked in: nd_pmem dax_pmem nd_btt nd_e820 libnvdimm [ 35.071006] CPU: 21 UID: 0 PID: 1640 Comm: fstest Not tainted 6.15.0-rc7+ #77 PREEMPT(voluntary) [ 35.072613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/204 [ 35.074845] RIP: 0010:truncate_folio_batch_exceptionals+0xd8/0x1e0 [ 35.075962] Code: a1 00 00 00 f6 47 0d 20 0f 84 97 00 00 00 4c 63 e8 41 39 c4 7f 0b eb 61 49 83 c5 01 45 39 ec 7e 58 42 f68 [ 35.079522] RSP: 0018:ffffb04e426c7850 EFLAGS: 00010202 [ 35.080359] RAX: 0000000000000000 RBX: ffff9d21e3481908 RCX: ffffb04e426c77f4 [ 35.081477] RDX: ffffb04e426c79e8 RSI: ffffb04e426c79e0 RDI: ffff9d21e34816e8 [ 35.082590] RBP: ffffb04e426c79e0 R08: 0000000000000001 R09: 0000000000000003 [ 35.083733] R10: 0000000000000000 R11: 822b53c0f7a49868 R12: 000000000000001f [ 35.084850] R13: 0000000000000000 R14: ffffb04e426c78e8 R15: fffffffffffffffe [ 35.085953] FS: 00007f9134c87740(0000) GS:ffff9d22abba0000(0000) knlGS:0000000000000000 [ 35.087346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.088244] CR2: 00007f9134c86000 CR3: 000000040afff000 CR4: 00000000000006f0 [ 35.089354] Call Trace: [ 35.089749] <TASK> [ 35.090168] truncate_inode_pages_range+0xfc/0x4d0 [ 35.091078] truncate_pagecache+0x47/0x60 [ 35.091735] xfs_setattr_size+0xc7/0x3e0 [ 35.092648] xfs_vn_setattr+0x1ea/0x270 [ 35.093437] notify_change+0x1f4/0x510 [ 35.094219] ? do_truncate+0x97/0xe0 [ 35.094879] do_truncate+0x97/0xe0 [ 35.095640] path_openat+0xabd/0xca0 [ 35.096278] do_filp_open+0xd7/0x190 [ 35.096860] do_sys_openat2+0x8a/0xe0 [ 35.097459] __x64_sys_openat+0x6d/0xa0 [ 35.098076] do_syscall_64+0xbb/0x1d0 [ 35.098647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 35.099444] RIP: 0033:0x7f9134d81fc1 [ 35.100033] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 2a 26 0e 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff5 [ 35.102993] RSP: 002b:00007ffcd41e0d10 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 35.104263] RAX: ffffffffffffffda RBX: 0000000000000242 RCX: 00007f9134d81fc1 [ 35.105452] RDX: 0000000000000242 RSI: 00007ffcd41e1200 RDI: 00000000ffffff9c [ 35.106663] RBP: 00007ffcd41e1200 R08: 0000000000000000 R09: 0000000000000064 [ 35.107923] R10: 00000000000001a4 R11: 0000000000000202 R12: 0000000000000066 [ 35.109112] R13: 0000000000100000 R14: 0000000000100000 R15: 0000000000000400 [ 35.110357] </TASK> [ 35.110769] irq event stamp: 8415587 [ 35.111486] hardirqs last enabled at (8415599): [<ffffffff8d74b562>] __up_console_sem+0x52/0x60 [ 35.113067] hardirqs last disabled at (8415610): [<ffffffff8d74b547>] __up_console_sem+0x37/0x60 [ 35.114575] softirqs last enabled at (8415300): [<ffffffff8d6ac625>] handle_softirqs+0x315/0x3f0 [ 35.115933] softirqs last disabled at (8415291): [<ffffffff8d6ac811>] __irq_exit_rcu+0xa1/0xc0 [ 35.117316] ---[ end trace 0000000000000000 ]--- Fix this by using xas_reset() instead, which is equivalent in implementation to xas_pause() but does not advance the XArray state. Link: https://lkml.kernel.org/r/20250523043749.1460780-1-apopple@nvidia.com Fixes: 6be3e21d25ca ("fs/dax: don't skip locked entries when scanning entries") Signed-off-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Cc: Alison Schofield <alison.schofield(a)intel.com> Cc: Matthew Wilcow (Oracle) <willy(a)infradead.org> Cc: Balbir Singh <balbirs(a)nvidia.com> Cc: "Darrick J. Wong" <djwong(a)kernel.org> Cc: Dave Chinner <david(a)fromorbit.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Ted Ts'o <tytso(a)mit.edu> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/dax.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/dax.c~fs-dax-fix-dont-skip-locked-entries-when-scanning-entries +++ a/fs/dax.c @@ -257,7 +257,7 @@ static void *wait_entry_unlocked_exclusi wq = dax_entry_waitqueue(xas, entry, &ewait.key); prepare_to_wait_exclusive(wq, &ewait.wait, TASK_UNINTERRUPTIBLE); - xas_pause(xas); + xas_reset(xas); xas_unlock_irq(xas); schedule(); finish_wait(wq, &ewait.wait); _ Patches currently in -mm which might be from apopple(a)nvidia.com are maintainers-add-myself-as-reviewer-of-mm-memory-policy.patch

3 months, 3 weeks

1
0
0 0

+ mm-madvise-handle-madvise_lock-failure-during-race-unwinding.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/madvise: handle madvise_lock() failure during race unwinding has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-madvise-handle-madvise_lock-failure-during-race-unwinding.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/madvise: handle madvise_lock() failure during race unwinding Date: Mon, 2 Jun 2025 10:49:26 -0700 When unwinding race on -ERESTARTNOINTR handling of process_madvise(), madvise_lock() failure is ignored. Check the failure and abort remaining works in the case. Link: https://lkml.kernel.org/r/20250602174926.1074-1-sj@kernel.org Fixes: 4000e3d0a367 ("mm/madvise: remove redundant mmap_lock operations from process_madvise()") Signed-off-by: SeongJae Park <sj(a)kernel.org> Reported-by: Barry Song <21cnbao(a)gmail.com> Closes: https://lore.kernel.org/CAGsJ_4xJXXO0G+4BizhohSZ4yDteziPw43_uF8nPXPWxUVChzw… Reviewed-by: Jann Horn <jannh(a)google.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Shakeel Butt <shakeel.butt(a)linux.dev> Reviewed-by: Barry Song <baohua(a)kernel.org> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/madvise.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/mm/madvise.c~mm-madvise-handle-madvise_lock-failure-during-race-unwinding +++ a/mm/madvise.c @@ -1881,7 +1881,9 @@ static ssize_t vector_madvise(struct mm_ /* Drop and reacquire lock to unwind race. */ madvise_finish_tlb(&madv_behavior); madvise_unlock(mm, behavior); - madvise_lock(mm, behavior); + ret = madvise_lock(mm, behavior); + if (ret) + goto out; madvise_init_tlb(&madv_behavior, mm); continue; } @@ -1892,6 +1894,7 @@ static ssize_t vector_madvise(struct mm_ madvise_finish_tlb(&madv_behavior); madvise_unlock(mm, behavior); +out: ret = (total_len - iov_iter_count(iter)) ? : ret; return ret; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-madvise-handle-madvise_lock-failure-during-race-unwinding.patch mm-damon-kconfig-set-damon_vaddrpaddrsysfs-default-to-damon.patch mm-damon-kconfig-enable-config_damon-by-default.patch

3 months, 3 weeks

1
0
0 0

[PATCH 5.10] netfilter: nft_socket: fix sk refcount leaks

by Denis Arefev

From: Florian Westphal <fw(a)strlen.de> commit 8b26ff7af8c32cb4148b3e147c52f9e4c695209c upstream. We must put 'sk' reference before returning. Fixes: 039b1f4f24ec ("netfilter: nft_socket: fix erroneous socket assignment") Signed-off-by: Florian Westphal <fw(a)strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo(a)netfilter.org> [Denis: minor fix to resolve merge conflict.] Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- Backport fix for CVE-2024-46855 Link: https://nvd.nist.gov/vuln/detail/CVE-2024-46855 --- net/netfilter/nft_socket.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c index 826e5f8c78f3..07e73e50b713 100644 --- a/net/netfilter/nft_socket.c +++ b/net/netfilter/nft_socket.c @@ -88,13 +88,13 @@ static void nft_socket_eval(const struct nft_expr *expr, *dest = sk->sk_mark; } else { regs->verdict.code = NFT_BREAK; - return; + goto out_put_sk; } break; case NFT_SOCKET_WILDCARD: if (!sk_fullsock(sk)) { regs->verdict.code = NFT_BREAK; - return; + goto out_put_sk; } nft_socket_wildcard(pkt, regs, sk, dest); break; @@ -103,6 +103,7 @@ static void nft_socket_eval(const struct nft_expr *expr, regs->verdict.code = NFT_BREAK; } +out_put_sk: if (sk != skb->sk) sock_gen_put(sk); } -- 2.43.0

3 months, 3 weeks

3
2
0 0

[PATCH 1/6] cifs: deal with the channel loading lag while picking channels

by nspmangalore＠gmail.com

From: Shyam Prasad N <sprasad(a)microsoft.com> Our current approach to select a channel for sending requests is this: 1. iterate all channels to find the min and max queue depth 2. if min and max are not the same, pick the channel with min depth 3. if min and max are same, round robin, as all channels are equally loaded The problem with this approach is that there's a lag between selecting a channel and sending the request (that increases the queue depth on the channel). While these numbers will eventually catch up, there could be a skew in the channel usage, depending on the application's I/O parallelism and the server's speed of handling requests. With sufficient parallelism, this lag can artificially increase the queue depth, thereby impacting the performance negatively. This change will change the step 1 above to start the iteration from the last selected channel. This is to reduce the skew in channel usage even in the presence of this lag. Fixes: ea90708d3cf3 ("cifs: use the least loaded channel for sending requests") Cc: <stable(a)vger.kernel.org> Signed-off-by: Shyam Prasad N <sprasad(a)microsoft.com> --- fs/smb/client/transport.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/smb/client/transport.c b/fs/smb/client/transport.c index 266af17aa7d9..191783f553ce 100644 --- a/fs/smb/client/transport.c +++ b/fs/smb/client/transport.c @@ -1018,14 +1018,16 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) uint index = 0; unsigned int min_in_flight = UINT_MAX, max_in_flight = 0; struct TCP_Server_Info *server = NULL; - int i; + int i, start, cur; if (!ses) return NULL; spin_lock(&ses->chan_lock); + start = atomic_inc_return(&ses->chan_seq); for (i = 0; i < ses->chan_count; i++) { - server = ses->chans[i].server; + cur = (start + i) % ses->chan_count; + server = ses->chans[cur].server; if (!server || server->terminate) continue; @@ -1042,17 +1044,15 @@ struct TCP_Server_Info *cifs_pick_channel(struct cifs_ses *ses) */ if (server->in_flight < min_in_flight) { min_in_flight = server->in_flight; - index = i; + index = cur; } if (server->in_flight > max_in_flight) max_in_flight = server->in_flight; } /* if all channels are equally loaded, fall back to round-robin */ - if (min_in_flight == max_in_flight) { - index = (uint)atomic_inc_return(&ses->chan_seq); - index %= ses->chan_count; - } + if (min_in_flight == max_in_flight) + index = (uint)start % ses->chan_count; server = ses->chans[index].server; spin_unlock(&ses->chan_lock); -- 2.43.0

3 months, 3 weeks

2
3
0 0

[PATCH] arm64: Add MIDR-based check for FEAT_ECBHB

by Oliver Upton

Prior to commit e8cde32f111f ("arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 register") KVM was erroneously masking FEAT_ECBHB from VMs, giving the perception that safe implementations are actually vulnerable to Spectre-BHB. And, after commit e403e8538359 ("arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB") guests are enabling the loop mitigation. This broken virtual hardware is going to be around for some time, so do the ugly thing and check for revisions of Neoverse-V2 [1], Cortex-X3 [2], Cortex-A720 [3], and Neoverse-N3 [4] that are documented to have FEAT_ECBHB. Cc: stable(a)vger.kernel.org Link: https://developer.arm.com/documentation/102375/0002 Link: https://developer.arm.com/documentation/101593/0102 Link: https://developer.arm.com/documentation/102530/0002 Link: https://developer.arm.com/documentation/107997/0001 Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- I thoroughly hate this but the alternative of nuking these busted VMs isn't exactly popular... arch/arm64/include/asm/cputype.h | 1 + arch/arm64/kernel/proton-pack.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h index d1cc0571798b..5c6152e61cad 100644 --- a/arch/arm64/include/asm/cputype.h +++ b/arch/arm64/include/asm/cputype.h @@ -282,6 +282,7 @@ struct midr_range { #define MIDR_REV_RANGE(m, v, r_min, r_max) MIDR_RANGE(m, v, r_min, v, r_max) #define MIDR_REV(m, v, r) MIDR_RANGE(m, v, r, v, r) #define MIDR_ALL_VERSIONS(m) MIDR_RANGE(m, 0, 0, 0xf, 0xf) +#define MIDR_MIN_VERSION(m, v, r) MIDR_RANGE(m, v, r, 0xf, 0xf) static inline bool midr_is_cpu_model_range(u32 midr, u32 model, u32 rv_min, u32 rv_max) diff --git a/arch/arm64/kernel/proton-pack.c b/arch/arm64/kernel/proton-pack.c index b198dde79e59..3d00d4c22d58 100644 --- a/arch/arm64/kernel/proton-pack.c +++ b/arch/arm64/kernel/proton-pack.c @@ -962,8 +962,24 @@ static bool has_spectre_bhb_fw_mitigation(void) static bool supports_ecbhb(int scope) { + static const struct midr_range spectre_ecbhb_list[] = { + MIDR_MIN_VERSION(MIDR_NEOVERSE_V2, 0, 2), + MIDR_MIN_VERSION(MIDR_CORTEX_X3, 1, 1), + MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N3), + MIDR_MIN_VERSION(MIDR_CORTEX_A720, 0, 1), + {}, + }; u64 mmfr1; + /* + * Prior to commit e8cde32f111f ("arm64/cpufeatures/kvm: Add ARMv8.9 + * FEAT_ECBHB bits in ID_AA64MMFR1 register"), KVM masked FEAT_ECBHB + * on implementations that actually have the feature. That sucks; infer + * presence of FEAT_ECBHB based on MIDR. + */ + if (is_midr_in_range_list(spectre_ecbhb_list)) + return true; + if (scope == SCOPE_LOCAL_CPU) mmfr1 = read_sysreg_s(SYS_ID_AA64MMFR1_EL1); else base-commit: b4432656b36e5cc1d50a1f2dc15357543add530e -- 2.39.5

3 months, 3 weeks

2
2
0 0

[PATCH v3 0/3] pwm: axi-pwmgen: add external clock

by David Lechner

When we created the driver for the AXI PWMGEN IP block, we overlooked the fact that it can optionally be configured to use an external clock in addition to the AXI bus clock. This is easy to miss in testing because the bus clock is always on because it is driving other peripherals as well. Up to now, users were specifying the external clock if there was one and the AXI bus clock otherwise. But the proper way to do this is to would be to always specify the bus clock and only specify the external clock if the IP block has been configured to use it. To fix this, we add clock-names to the devicetree bindings and change clocks to allow 1 or 2 clocks. --- Changes in v3: - Fixed clock-names DT property restrictions (was failing dt_binding_check) - Added Cc: stable - Picked up trailers - Link to v2: https://lore.kernel.org/r/20250522-pwm-axi-pwmgen-add-external-clock-v2-0-0… Changes in v2: - Consider this a fix rather than a new feature. - Make clock-names required. - Simplify the logic in the pwm driver to avoid needing to test if clock-names is present in old dtbs that used the broken binding. - Link to v1: https://lore.kernel.org/r/20250520-pwm-axi-pwmgen-add-external-clock-v1-0-6… --- David Lechner (3): dt-bindings: pwm: adi,axi-pwmgen: update documentation link dt-bindings: pwm: adi,axi-pwmgen: fix clocks pwm: axi-pwmgen: fix missing separate external clock .../devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 15 +++++++++++--- drivers/pwm/pwm-axi-pwmgen.c | 23 +++++++++++++++++++--- 2 files changed, 32 insertions(+), 6 deletions(-) --- base-commit: 484803582c77061b470ac64a634f25f89715be3f change-id: 20250515-pwm-axi-pwmgen-add-external-clock-0364fbdf809b Best regards, -- David Lechner <dlechner(a)baylibre.com>

3 months, 3 weeks

3
4
0 0

[PATCH 5.4.y 0/1] Manual Backport of 099606a7b2d5 to 5.4

by Harshvardhan Jha

The patch 099606a7b2d5 didn't cleanly apply to 5.4 due to the significant difference in codebases. I've tried to manually bring it back to 5.4 via some minor conflict resolution but also invoking the newly introduced API using inverted logic as the conditionals present in 5.4 are the opposite of those in 6.1 xen/swiotlib. Harshvardhan Jha (1): xen/swiotlb: relax alignment requirements drivers/xen/swiotlb-xen.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) -- 2.47.1

3 months, 3 weeks

2
2
0 0

[PATCH 5.10.y 0/1] Manual Backport of 099606a7b2d5 to 5.10

by Harshvardhan Jha

The patch 099606a7b2d5 didn't cleanly apply to 5.10 due to the significant difference in codebases. I've tried to manually bring it back to 5.10 via some minor conflict resolution but also invoking the newly introduced API using inverted logic as the conditionals present in 5.10 are the opposite of those in 6.1 xen/swiotlib. Harshvardhan Jha (1): xen/swiotlb: relax alignment requirements drivers/xen/swiotlb-xen.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) -- 2.47.1

3 months, 3 weeks

2
2
0 0

[PATCH 5.10/5.15] perf/arm-cmn: Initialise cmn->cpu earlier

by Robin Murphy

commit 597704e201068db3d104de3c7a4d447ff8209127 upstream. For all the complexity of handling affinity for CPU hotplug, what we've apparently managed to overlook is that arm_cmn_init_irqs() has in fact always been setting the *initial* affinity of all IRQs to CPU 0, not the CPU we subsequently choose for event scheduling. Oh dear. Cc: stable(a)vger.kernel.org Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver") Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Reviewed-by: Ilkka Koskinen <ilkka(a)os.amperecomputing.com> Link: https://lore.kernel.org/r/b12fccba6b5b4d2674944f59e4daad91cd63420b.17470699… Signed-off-by: Will Deacon <will(a)kernel.org> [ backport past NUMA changes in 5.17 ] Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> --- drivers/perf/arm-cmn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c index e2a055ba0b7a..cabeff8c944b 100644 --- a/drivers/perf/arm-cmn.c +++ b/drivers/perf/arm-cmn.c @@ -1512,6 +1512,7 @@ static int arm_cmn_probe(struct platform_device *pdev) return -ENOMEM; cmn->dev = &pdev->dev; + cmn->cpu = raw_smp_processor_id(); platform_set_drvdata(pdev, cmn); if (has_acpi_companion(cmn->dev)) @@ -1533,7 +1534,6 @@ static int arm_cmn_probe(struct platform_device *pdev) if (err) return err; - cmn->cpu = raw_smp_processor_id(); cmn->pmu = (struct pmu) { .module = THIS_MODULE, .attr_groups = arm_cmn_attr_groups, -- 2.39.2.101.g768bb238c484.dirty

3 months, 3 weeks

2
1
0 0

[PATCH 5.10] ibmvnic: Add tx check to prevent skb leak

by Denis Arefev

From: Nick Child <nnac123(a)linux.ibm.com> commit 0983d288caf984de0202c66641577b739caad561 upstream. Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index ++; Where variable data looks like this: free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3] consumer_index^ tx_buff == [skb=null, skb=<ptr>, skb=<ptr>, skb=null, skb=null] The driver has checks to ensure that free_map[consumer_index] pointed to a valid index but there was no check to ensure that this index pointed to an unused/null skb address. So, if, by some chance, our free_map and tx_buff lists become out of sync then we were previously risking an skb memory leak. This could then cause tcp congestion control to stop sending packets, eventually leading to ETIMEDOUT. Therefore, add a conditional to ensure that the skb address is null. If not then warn the user (because this is still a bug that should be patched) and free the old pointer to prevent memleak/tcp problems. Signed-off-by: Nick Child <nnac123(a)linux.ibm.com> Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> [Denis: minor fix to resolve merge conflict.] Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- Backport fix for CVE-2024-41066 Link: https://nvd.nist.gov/vuln/detail/CVE-2024-41066 --- drivers/net/ethernet/ibm/ibmvnic.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c index 84da6ccaf339..e63220ebb2ea 100644 --- a/drivers/net/ethernet/ibm/ibmvnic.c +++ b/drivers/net/ethernet/ibm/ibmvnic.c @@ -1625,6 +1625,18 @@ static netdev_tx_t ibmvnic_xmit(struct sk_buff *skb, struct net_device *netdev) (tx_pool->consumer_index + 1) % tx_pool->num_buffers; tx_buff = &tx_pool->tx_buff[index]; + + /* Sanity checks on our free map to make sure it points to an index + * that is not being occupied by another skb. If skb memory is + * not freed then we see congestion control kick in and halt tx. + */ + if (unlikely(tx_buff->skb)) { + dev_warn_ratelimited(dev, "TX free map points to untracked skb (%s %d idx=%d)\n", + skb_is_gso(skb) ? "tso_pool" : "tx_pool", + queue_num, index); + dev_kfree_skb_any(tx_buff->skb); + } + tx_buff->skb = skb; tx_buff->data_dma[0] = data_dma_addr; tx_buff->data_len[0] = skb->len; -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH] iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush

by Sean Nyekjaer

fxls8962af_fifo_flush() uses indio_dev->active_scan_mask (with iio_for_each_active_channel()) without making sure the indio_dev stays in buffer mode. There is a race if indio_dev exits buffer mode in the middle of the interrupt that flushes the fifo. Fix this by calling iio_device_claim_buffer_mode() to ensure indio_dev can't exit buffer mode during the flush. Unable to handle kernel NULL pointer dereference at virtual address 00000000 when read [...] _find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290 fxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178 fxls8962af_interrupt from irq_thread_fn+0x1c/0x7c irq_thread_fn from irq_thread+0x110/0x1f4 irq_thread from kthread+0xe0/0xfc kthread from ret_from_fork+0x14/0x2c Fixes: 79e3a5bdd9ef ("iio: accel: fxls8962af: add hw buffered sampling") Cc: stable(a)vger.kernel.org Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> --- drivers/iio/accel/fxls8962af-core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/iio/accel/fxls8962af-core.c b/drivers/iio/accel/fxls8962af-core.c index 6d23da3e7aa22c61f2d9348bb91d70cc5719a732..7db83ebeea823173d79bf8ff484add16f575edfc 100644 --- a/drivers/iio/accel/fxls8962af-core.c +++ b/drivers/iio/accel/fxls8962af-core.c @@ -973,6 +973,9 @@ static int fxls8962af_fifo_flush(struct iio_dev *indio_dev) if (ret) return ret; + if (iio_device_claim_buffer_mode(indio_dev) < 0) + return 0; + /* Demux hw FIFO into kfifo. */ for (i = 0; i < count; i++) { int j, bit; @@ -989,6 +992,8 @@ static int fxls8962af_fifo_flush(struct iio_dev *indio_dev) tstamp += sample_period; } + iio_device_release_buffer_mode(indio_dev); + return count; } --- base-commit: 5c3fcb36c92443a9a037683626a2e43d8825f783 change-id: 20250524-fxlsrace-f4d20e29fb29 Best regards, -- Sean Nyekjaer <sean(a)geanix.com>

3 months, 3 weeks

4
9
0 0

[PATCH 5.10] xfs: add bounds checking to xlog_recover_process_data

by Denis Arefev

From: lei lu <llfamsec(a)gmail.com> commit fb63435b7c7dc112b1ae1baea5486e0a6e27b196 upstream. There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of bounds read by following these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crc Fix: Add a check to make sure there is sufficient space to access fixed members of xlog_op_header. Signed-off-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Dave Chinner <dchinner(a)redhat.com> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Chandan Babu R <chandanbabu(a)kernel.org> Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- Backport fix for CVE-2024-41014 Link: https://nvd.nist.gov/vuln/detail/cve-2024-41014 --- fs/xfs/xfs_log_recover.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index e61f28ce3e44..eafe76f304ef 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -2419,7 +2419,10 @@ xlog_recover_process_data( ohead = (struct xlog_op_header *)dp; dp += sizeof(*ohead); - ASSERT(dp <= end); + if (dp > end) { + xfs_warn(log->l_mp, "%s: op header overrun", __func__); + return -EFSCORRUPTED; + } /* errors will abort recovery */ error = xlog_recover_process_ophdr(log, rhash, rhead, ohead, -- 2.43.0

3 months, 3 weeks

1
0
0 0

Please pick 0c8e9c148e29 and da33e87bd2bf for linux-6.15.y

by Robin Murphy

Hi Greg, Sasha, Please could you pick these commits for linux-6.15.y: 0c8e9c148e29 ("iommu: Avoid introducing more races") da33e87bd2bf ("iommu: Handle yet another race around registration") which in hindsight should ideally have been merged as fixes during the cycle, but for various reasons were queued as 6.16 material at the time. Thanks, Robin.

3 months, 3 weeks

2
1
0 0

Re: [PATCH v5] virtio_blk: Fix disk deletion hang on device surprise removal

by ALOK TIWARI

On 02-06-2025 08:14, Parav Pandit wrote: > When the PCI device is surprise removed, requests may not complete > the device as the VQ is marked as broken. Due to this, the disk > deletion hangs. > > Fix it by aborting the requests when the VQ is broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however > when the driver knows about unresponsive block device, swiftly clearing > them enables users and upper layers to react quickly. > > Verified with multiple device unplug iterations with pending requests in > virtio used ring and some pending with the device. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") > Cc:stable@vger.kernel.org > Reported-by: Li RongQing<lirongqing(a)baidu.com> > Closes:https://urldefense.com/v3/__https://lore.kernel.org/virtualization/ > c45dd68698cd47238c55fb73ca9b4741(a)baidu.com/__;!!ACWV5N9M2RV99hQ! > OKusQ3sGH7nkVTy9MUDtaIS17UDtjabP3Lby9jTBdT3Ur38XLl2_DOFo0eVzx_dNeh16lD3Ss6ItE9eG$ > Reviewed-by: Max Gurtovoy<mgurtovoy(a)nvidia.com> > Reviewed-by: Israel Rukshin<israelr(a)nvidia.com> > Signed-off-by: Parav Pandit<parav(a)nvidia.com> look good to me. Reviewed-by: Alok Tiwari <alok.a.tiwari(a)oracle.com> Thanks, Alok

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] perf/arm-cmn: Initialise cmn->cpu earlier" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 597704e201068db3d104de3c7a4d447ff8209127 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060228-pureness-wildcat-f43e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 597704e201068db3d104de3c7a4d447ff8209127 Mon Sep 17 00:00:00 2001 From: Robin Murphy <robin.murphy(a)arm.com> Date: Mon, 12 May 2025 18:11:54 +0100 Subject: [PATCH] perf/arm-cmn: Initialise cmn->cpu earlier For all the complexity of handling affinity for CPU hotplug, what we've apparently managed to overlook is that arm_cmn_init_irqs() has in fact always been setting the *initial* affinity of all IRQs to CPU 0, not the CPU we subsequently choose for event scheduling. Oh dear. Cc: stable(a)vger.kernel.org Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver") Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Reviewed-by: Ilkka Koskinen <ilkka(a)os.amperecomputing.com> Link: https://lore.kernel.org/r/b12fccba6b5b4d2674944f59e4daad91cd63420b.17470699… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c index 83f4ef985255..668c581e932a 100644 --- a/drivers/perf/arm-cmn.c +++ b/drivers/perf/arm-cmn.c @@ -2551,6 +2551,7 @@ static int arm_cmn_probe(struct platform_device *pdev) cmn->dev = &pdev->dev; cmn->part = (unsigned long)device_get_match_data(cmn->dev); + cmn->cpu = cpumask_local_spread(0, dev_to_node(cmn->dev)); platform_set_drvdata(pdev, cmn); if (cmn->part == PART_CMN600 && has_acpi_companion(cmn->dev)) { @@ -2578,7 +2579,6 @@ static int arm_cmn_probe(struct platform_device *pdev) if (err) return err; - cmn->cpu = cpumask_local_spread(0, dev_to_node(cmn->dev)); cmn->pmu = (struct pmu) { .module = THIS_MODULE, .parent = cmn->dev,

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] perf/arm-cmn: Initialise cmn->cpu earlier" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 597704e201068db3d104de3c7a4d447ff8209127 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060228-output-connected-12d9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 597704e201068db3d104de3c7a4d447ff8209127 Mon Sep 17 00:00:00 2001 From: Robin Murphy <robin.murphy(a)arm.com> Date: Mon, 12 May 2025 18:11:54 +0100 Subject: [PATCH] perf/arm-cmn: Initialise cmn->cpu earlier For all the complexity of handling affinity for CPU hotplug, what we've apparently managed to overlook is that arm_cmn_init_irqs() has in fact always been setting the *initial* affinity of all IRQs to CPU 0, not the CPU we subsequently choose for event scheduling. Oh dear. Cc: stable(a)vger.kernel.org Fixes: 0ba64770a2f2 ("perf: Add Arm CMN-600 PMU driver") Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> Reviewed-by: Ilkka Koskinen <ilkka(a)os.amperecomputing.com> Link: https://lore.kernel.org/r/b12fccba6b5b4d2674944f59e4daad91cd63420b.17470699… Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c index 83f4ef985255..668c581e932a 100644 --- a/drivers/perf/arm-cmn.c +++ b/drivers/perf/arm-cmn.c @@ -2551,6 +2551,7 @@ static int arm_cmn_probe(struct platform_device *pdev) cmn->dev = &pdev->dev; cmn->part = (unsigned long)device_get_match_data(cmn->dev); + cmn->cpu = cpumask_local_spread(0, dev_to_node(cmn->dev)); platform_set_drvdata(pdev, cmn); if (cmn->part == PART_CMN600 && has_acpi_companion(cmn->dev)) { @@ -2578,7 +2579,6 @@ static int arm_cmn_probe(struct platform_device *pdev) if (err) return err; - cmn->cpu = cpumask_local_spread(0, dev_to_node(cmn->dev)); cmn->pmu = (struct pmu) { .module = THIS_MODULE, .parent = cmn->dev,

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x abf89bc4bb09c16a53d693b09ea85225cf57ff39 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060202-overtake-bankbook-283a@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From abf89bc4bb09c16a53d693b09ea85225cf57ff39 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:33 +0100 Subject: [PATCH] arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: bd50b1f5b6f3 ("arm64: dts: qcom: x1e80100: Add Compute Reference Device") Cc: stable(a)vger.kernel.org # 6.8 Cc: Abel Vesa <abel.vesa(a)linaro.org> Cc: Rajendra Nayak <quic_rjendra(a)quicinc.com> Cc: Sibi Sankar <quic_sibis(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-2-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1-crd.dtsi b/arch/arm64/boot/dts/qcom/x1-crd.dtsi index 5ea7b30983d9..f73f053a46a0 100644 --- a/arch/arm64/boot/dts/qcom/x1-crd.dtsi +++ b/arch/arm64/boot/dts/qcom/x1-crd.dtsi @@ -606,6 +606,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -627,6 +628,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x abf89bc4bb09c16a53d693b09ea85225cf57ff39 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060202-important-scribing-f981@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From abf89bc4bb09c16a53d693b09ea85225cf57ff39 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:33 +0100 Subject: [PATCH] arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: bd50b1f5b6f3 ("arm64: dts: qcom: x1e80100: Add Compute Reference Device") Cc: stable(a)vger.kernel.org # 6.8 Cc: Abel Vesa <abel.vesa(a)linaro.org> Cc: Rajendra Nayak <quic_rjendra(a)quicinc.com> Cc: Sibi Sankar <quic_sibis(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-2-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1-crd.dtsi b/arch/arm64/boot/dts/qcom/x1-crd.dtsi index 5ea7b30983d9..f73f053a46a0 100644 --- a/arch/arm64/boot/dts/qcom/x1-crd.dtsi +++ b/arch/arm64/boot/dts/qcom/x1-crd.dtsi @@ -606,6 +606,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -627,6 +628,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x abf89bc4bb09c16a53d693b09ea85225cf57ff39 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060201-licorice-bullfight-72d3@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From abf89bc4bb09c16a53d693b09ea85225cf57ff39 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:33 +0100 Subject: [PATCH] arm64: dts: qcom: x1e80100-crd: mark l12b and l15b always-on The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: bd50b1f5b6f3 ("arm64: dts: qcom: x1e80100: Add Compute Reference Device") Cc: stable(a)vger.kernel.org # 6.8 Cc: Abel Vesa <abel.vesa(a)linaro.org> Cc: Rajendra Nayak <quic_rjendra(a)quicinc.com> Cc: Sibi Sankar <quic_sibis(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-2-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1-crd.dtsi b/arch/arm64/boot/dts/qcom/x1-crd.dtsi index 5ea7b30983d9..f73f053a46a0 100644 --- a/arch/arm64/boot/dts/qcom/x1-crd.dtsi +++ b/arch/arm64/boot/dts/qcom/x1-crd.dtsi @@ -606,6 +606,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -627,6 +628,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l16b_2p9: ldo16 {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 673fa129e558c5f1196adb27d97ac90ddfe4f19c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060254-fling-reflex-4a17@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 673fa129e558c5f1196adb27d97ac90ddfe4f19c Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:34 +0100 Subject: [PATCH] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-3-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi index eff0e73640bc..160c052db1ec 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi @@ -456,6 +456,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -477,6 +478,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l17b_2p5: ldo17 {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 673fa129e558c5f1196adb27d97ac90ddfe4f19c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060254-gong-slimy-ea8d@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 673fa129e558c5f1196adb27d97ac90ddfe4f19c Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:34 +0100 Subject: [PATCH] arm64: dts: qcom: x1e78100-t14s: mark l12b and l15b always-on The l12b and l15b supplies are used by components that are not (fully) described (and some never will be) and must never be disabled. Mark the regulators as always-on to prevent them from being disabled, for example, when consumers probe defer or suspend. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-3-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi index eff0e73640bc..160c052db1ec 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi @@ -456,6 +456,7 @@ vreg_l12b_1p2: ldo12 { regulator-min-microvolt = <1200000>; regulator-max-microvolt = <1200000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l13b_3p0: ldo13 { @@ -477,6 +478,7 @@ vreg_l15b_1p8: ldo15 { regulator-min-microvolt = <1800000>; regulator-max-microvolt = <1800000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; + regulator-always-on; }; vreg_l17b_2p5: ldo17 {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 55e52d055393f11ba0193975d3db87af36f4b273 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060246-overstock-thumping-600e@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 55e52d055393f11ba0193975d3db87af36f4b273 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:40 +0100 Subject: [PATCH] arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies Add the missing HID supplies to avoid relying on other consumers to keep them on. This also avoids the following warnings on boot: i2c_hid_of 0-0010: supply vdd not found, using dummy regulator i2c_hid_of 0-0010: supply vddl not found, using dummy regulator i2c_hid_of 1-0015: supply vdd not found, using dummy regulator i2c_hid_of 1-002c: supply vdd not found, using dummy regulator i2c_hid_of 1-0015: supply vddl not found, using dummy regulator i2c_hid_of 1-002c: supply vddl not found, using dummy regulator i2c_hid_of 1-003a: supply vdd not found, using dummy regulator i2c_hid_of 1-003a: supply vddl not found, using dummy regulator Note that VCC3B is also used for things like the modem which are not yet described so mark the regulator as always-on for now. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-9-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi index 160c052db1ec..962fb050c55c 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi @@ -9,6 +9,7 @@ #include <dt-bindings/gpio/gpio.h> #include <dt-bindings/input/gpio-keys.h> #include <dt-bindings/input/input.h> +#include <dt-bindings/pinctrl/qcom,pmic-gpio.h> #include <dt-bindings/regulator/qcom,rpmh-regulator.h> #include "x1e80100.dtsi" @@ -169,6 +170,23 @@ vreg_edp_3p3: regulator-edp-3p3 { regulator-boot-on; }; + vreg_misc_3p3: regulator-misc-3p3 { + compatible = "regulator-fixed"; + + regulator-name = "VCC3B"; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + + gpio = <&pm8550ve_8_gpios 6 GPIO_ACTIVE_HIGH>; + enable-active-high; + + pinctrl-0 = <&misc_3p3_reg_en>; + pinctrl-names = "default"; + + regulator-boot-on; + regulator-always-on; + }; + vreg_nvme: regulator-nvme { compatible = "regulator-fixed"; @@ -692,6 +710,9 @@ touchpad@15 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -703,6 +724,9 @@ touchpad@2c { hid-descr-addr = <0x20>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -714,6 +738,9 @@ keyboard@3a { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 67 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&kybd_default>; pinctrl-names = "default"; @@ -896,6 +923,9 @@ touchscreen@10 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 51 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&ts0_default>; pinctrl-names = "default"; }; @@ -1037,6 +1067,19 @@ usb0_3p3_reg_en: usb0-3p3-reg-en-state { }; }; +&pm8550ve_8_gpios { + misc_3p3_reg_en: misc-3p3-reg-en-state { + pins = "gpio6"; + function = "normal"; + bias-disable; + drive-push-pull; + input-disable; + output-enable; + power-source = <1>; /* 1.8 V */ + qcom,drive-strength = <PMIC_GPIO_STRENGTH_LOW>; + }; +}; + &pm8550ve_9_gpios { usb0_1p8_reg_en: usb0-1p8-reg-en-state { pins = "gpio8";

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 55e52d055393f11ba0193975d3db87af36f4b273 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060244-reconvene-uncork-b34c@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 55e52d055393f11ba0193975d3db87af36f4b273 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:40 +0100 Subject: [PATCH] arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies Add the missing HID supplies to avoid relying on other consumers to keep them on. This also avoids the following warnings on boot: i2c_hid_of 0-0010: supply vdd not found, using dummy regulator i2c_hid_of 0-0010: supply vddl not found, using dummy regulator i2c_hid_of 1-0015: supply vdd not found, using dummy regulator i2c_hid_of 1-002c: supply vdd not found, using dummy regulator i2c_hid_of 1-0015: supply vddl not found, using dummy regulator i2c_hid_of 1-002c: supply vddl not found, using dummy regulator i2c_hid_of 1-003a: supply vdd not found, using dummy regulator i2c_hid_of 1-003a: supply vddl not found, using dummy regulator Note that VCC3B is also used for things like the modem which are not yet described so mark the regulator as always-on for now. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-9-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi index 160c052db1ec..962fb050c55c 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi @@ -9,6 +9,7 @@ #include <dt-bindings/gpio/gpio.h> #include <dt-bindings/input/gpio-keys.h> #include <dt-bindings/input/input.h> +#include <dt-bindings/pinctrl/qcom,pmic-gpio.h> #include <dt-bindings/regulator/qcom,rpmh-regulator.h> #include "x1e80100.dtsi" @@ -169,6 +170,23 @@ vreg_edp_3p3: regulator-edp-3p3 { regulator-boot-on; }; + vreg_misc_3p3: regulator-misc-3p3 { + compatible = "regulator-fixed"; + + regulator-name = "VCC3B"; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + + gpio = <&pm8550ve_8_gpios 6 GPIO_ACTIVE_HIGH>; + enable-active-high; + + pinctrl-0 = <&misc_3p3_reg_en>; + pinctrl-names = "default"; + + regulator-boot-on; + regulator-always-on; + }; + vreg_nvme: regulator-nvme { compatible = "regulator-fixed"; @@ -692,6 +710,9 @@ touchpad@15 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -703,6 +724,9 @@ touchpad@2c { hid-descr-addr = <0x20>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -714,6 +738,9 @@ keyboard@3a { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 67 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&kybd_default>; pinctrl-names = "default"; @@ -896,6 +923,9 @@ touchscreen@10 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 51 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&ts0_default>; pinctrl-names = "default"; }; @@ -1037,6 +1067,19 @@ usb0_3p3_reg_en: usb0-3p3-reg-en-state { }; }; +&pm8550ve_8_gpios { + misc_3p3_reg_en: misc-3p3-reg-en-state { + pins = "gpio6"; + function = "normal"; + bias-disable; + drive-push-pull; + input-disable; + output-enable; + power-source = <1>; /* 1.8 V */ + qcom,drive-strength = <PMIC_GPIO_STRENGTH_LOW>; + }; +}; + &pm8550ve_9_gpios { usb0_1p8_reg_en: usb0-1p8-reg-en-state { pins = "gpio8";

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 55e52d055393f11ba0193975d3db87af36f4b273 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060243-cheese-yield-b572@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 55e52d055393f11ba0193975d3db87af36f4b273 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 14 Mar 2025 15:54:40 +0100 Subject: [PATCH] arm64: dts: qcom: x1e78100-t14s: fix missing HID supplies Add the missing HID supplies to avoid relying on other consumers to keep them on. This also avoids the following warnings on boot: i2c_hid_of 0-0010: supply vdd not found, using dummy regulator i2c_hid_of 0-0010: supply vddl not found, using dummy regulator i2c_hid_of 1-0015: supply vdd not found, using dummy regulator i2c_hid_of 1-002c: supply vdd not found, using dummy regulator i2c_hid_of 1-0015: supply vddl not found, using dummy regulator i2c_hid_of 1-002c: supply vddl not found, using dummy regulator i2c_hid_of 1-003a: supply vdd not found, using dummy regulator i2c_hid_of 1-003a: supply vddl not found, using dummy regulator Note that VCC3B is also used for things like the modem which are not yet described so mark the regulator as always-on for now. Fixes: 7d1cbe2f4985 ("arm64: dts: qcom: Add X1E78100 ThinkPad T14s Gen 6") Cc: stable(a)vger.kernel.org # 6.12 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20250314145440.11371-9-johan+linaro@kernel.org Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi index 160c052db1ec..962fb050c55c 100644 --- a/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e78100-lenovo-thinkpad-t14s.dtsi @@ -9,6 +9,7 @@ #include <dt-bindings/gpio/gpio.h> #include <dt-bindings/input/gpio-keys.h> #include <dt-bindings/input/input.h> +#include <dt-bindings/pinctrl/qcom,pmic-gpio.h> #include <dt-bindings/regulator/qcom,rpmh-regulator.h> #include "x1e80100.dtsi" @@ -169,6 +170,23 @@ vreg_edp_3p3: regulator-edp-3p3 { regulator-boot-on; }; + vreg_misc_3p3: regulator-misc-3p3 { + compatible = "regulator-fixed"; + + regulator-name = "VCC3B"; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; + + gpio = <&pm8550ve_8_gpios 6 GPIO_ACTIVE_HIGH>; + enable-active-high; + + pinctrl-0 = <&misc_3p3_reg_en>; + pinctrl-names = "default"; + + regulator-boot-on; + regulator-always-on; + }; + vreg_nvme: regulator-nvme { compatible = "regulator-fixed"; @@ -692,6 +710,9 @@ touchpad@15 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -703,6 +724,9 @@ touchpad@2c { hid-descr-addr = <0x20>; interrupts-extended = <&tlmm 3 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l12b_1p2>; + wakeup-source; }; @@ -714,6 +738,9 @@ keyboard@3a { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 67 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&kybd_default>; pinctrl-names = "default"; @@ -896,6 +923,9 @@ touchscreen@10 { hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 51 IRQ_TYPE_LEVEL_LOW>; + vdd-supply = <&vreg_misc_3p3>; + vddl-supply = <&vreg_l15b_1p8>; + pinctrl-0 = <&ts0_default>; pinctrl-names = "default"; }; @@ -1037,6 +1067,19 @@ usb0_3p3_reg_en: usb0-3p3-reg-en-state { }; }; +&pm8550ve_8_gpios { + misc_3p3_reg_en: misc-3p3-reg-en-state { + pins = "gpio6"; + function = "normal"; + bias-disable; + drive-push-pull; + input-disable; + output-enable; + power-source = <1>; /* 1.8 V */ + qcom,drive-strength = <PMIC_GPIO_STRENGTH_LOW>; + }; +}; + &pm8550ve_9_gpios { usb0_1p8_reg_en: usb0-1p8-reg-en-state { pins = "gpio8";

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 5ce920e6a8db40e4b094c0d863cbd19fdcfbbb7a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060236-swimming-deodorize-a6f9@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5ce920e6a8db40e4b094c0d863cbd19fdcfbbb7a Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Wed, 23 Apr 2025 09:30:07 +0200 Subject: [PATCH] arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage In the ACPI DSDT table, PPP_RESOURCE_ID_LDO2_J is configured with 1256000 uV instead of the 1200000 uV we have currently in the device tree. Use the same for consistency and correctness. Cc: stable(a)vger.kernel.org Fixes: bd50b1f5b6f3 ("arm64: dts: qcom: x1e80100: Add Compute Reference Device") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Abel Vesa <abel.vesa(a)linaro.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Link: https://lore.kernel.org/r/20250423-x1e-vreg-l2j-voltage-v1-1-24b6a2043025@l… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1-crd.dtsi b/arch/arm64/boot/dts/qcom/x1-crd.dtsi index f73f053a46a0..dbdf542c7ce5 100644 --- a/arch/arm64/boot/dts/qcom/x1-crd.dtsi +++ b/arch/arm64/boot/dts/qcom/x1-crd.dtsi @@ -846,8 +846,8 @@ vreg_l1j_0p8: ldo1 { vreg_l2j_1p2: ldo2 { regulator-name = "vreg_l2j_1p2"; - regulator-min-microvolt = <1200000>; - regulator-max-microvolt = <1200000>; + regulator-min-microvolt = <1256000>; + regulator-max-microvolt = <1256000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; };

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 5ce920e6a8db40e4b094c0d863cbd19fdcfbbb7a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060236-coat-unsterile-20f5@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5ce920e6a8db40e4b094c0d863cbd19fdcfbbb7a Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Wed, 23 Apr 2025 09:30:07 +0200 Subject: [PATCH] arm64: dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage In the ACPI DSDT table, PPP_RESOURCE_ID_LDO2_J is configured with 1256000 uV instead of the 1200000 uV we have currently in the device tree. Use the same for consistency and correctness. Cc: stable(a)vger.kernel.org Fixes: bd50b1f5b6f3 ("arm64: dts: qcom: x1e80100: Add Compute Reference Device") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Abel Vesa <abel.vesa(a)linaro.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Link: https://lore.kernel.org/r/20250423-x1e-vreg-l2j-voltage-v1-1-24b6a2043025@l… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1-crd.dtsi b/arch/arm64/boot/dts/qcom/x1-crd.dtsi index f73f053a46a0..dbdf542c7ce5 100644 --- a/arch/arm64/boot/dts/qcom/x1-crd.dtsi +++ b/arch/arm64/boot/dts/qcom/x1-crd.dtsi @@ -846,8 +846,8 @@ vreg_l1j_0p8: ldo1 { vreg_l2j_1p2: ldo2 { regulator-name = "vreg_l2j_1p2"; - regulator-min-microvolt = <1200000>; - regulator-max-microvolt = <1200000>; + regulator-min-microvolt = <1256000>; + regulator-max-microvolt = <1256000>; regulator-initial-mode = <RPMH_REGULATOR_MODE_HPM>; };

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f55c9f087cc2e2252d44ffd9d58def2066fc176e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060219-mustang-rocker-6ae2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f55c9f087cc2e2252d44ffd9d58def2066fc176e Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Tue, 29 Apr 2025 12:30:08 -0500 Subject: [PATCH] arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 For am65x, add missing ITAPDLYSEL values for Default Speed and High Speed SDR modes to sdhci0 node according to the device datasheet [0]. [0] https://www.ti.com/lit/gpn/am6548 Fixes: eac99d38f861 ("arm64: dts: ti: k3-am654-main: Update otap-del-sel values") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Reviewed-by: Moteen Shah <m-shah(a)ti.com> Link: https://lore.kernel.org/r/20250429173009.33994-1-jm@ti.com Signed-off-by: Nishanth Menon <nm(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am65-main.dtsi b/arch/arm64/boot/dts/ti/k3-am65-main.dtsi index 6d3c467d7038..b085e7361116 100644 --- a/arch/arm64/boot/dts/ti/k3-am65-main.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am65-main.dtsi @@ -449,6 +449,8 @@ sdhci0: mmc@4f80000 { ti,otap-del-sel-mmc-hs = <0x0>; ti,otap-del-sel-ddr52 = <0x5>; ti,otap-del-sel-hs200 = <0x5>; + ti,itap-del-sel-legacy = <0xa>; + ti,itap-del-sel-mmc-hs = <0x1>; ti,itap-del-sel-ddr52 = <0x0>; dma-coherent; status = "disabled";

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: ti: k3-am62-main: Set eMMC clock parent to" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3a71cdfec94436079513d9adf4b1d4f7a7edd917 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060230-demote-sappiness-b940@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a71cdfec94436079513d9adf4b1d4f7a7edd917 Mon Sep 17 00:00:00 2001 From: Judith Mendez <jm(a)ti.com> Date: Tue, 29 Apr 2025 11:33:35 -0500 Subject: [PATCH] arm64: dts: ti: k3-am62-main: Set eMMC clock parent to default Set eMMC clock parents to the defaults which is MAIN_PLL0_HSDIV5_CLKOUT for eMMC. This change is necessary since DM is not implementing the correct procedure to switch PLL clock source for eMMC and MMC CLK mux is not glich-free. As a preventative action, lets switch back to the defaults. Fixes: c37c58fdeb8a ("arm64: dts: ti: k3-am62: Add more peripheral nodes") Cc: stable(a)vger.kernel.org Signed-off-by: Judith Mendez <jm(a)ti.com> Acked-by: Udit Kumar <u-kumar1(a)ti.com> Acked-by: Bryan Brattlof <bb(a)ti.com> Link: https://lore.kernel.org/r/20250429163337.15634-2-jm@ti.com Signed-off-by: Nishanth Menon <nm(a)ti.com> diff --git a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi index 7d355aa73ea2..0c286f600296 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-main.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62-main.dtsi @@ -552,8 +552,6 @@ sdhci0: mmc@fa10000 { power-domains = <&k3_pds 57 TI_SCI_PD_EXCLUSIVE>; clocks = <&k3_clks 57 5>, <&k3_clks 57 6>; clock-names = "clk_ahb", "clk_xin"; - assigned-clocks = <&k3_clks 57 6>; - assigned-clock-parents = <&k3_clks 57 8>; bus-width = <8>; mmc-ddr-1_8v; mmc-hs200-1_8v;

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e80100: Add GPU cooling" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 5ba21fa11f473c9827f378ace8c9f983de9e0287 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060212-chamomile-scorecard-ba20@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5ba21fa11f473c9827f378ace8c9f983de9e0287 Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Wed, 19 Feb 2025 12:36:20 +0100 Subject: [PATCH] arm64: dts: qcom: x1e80100: Add GPU cooling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Unlike the CPU, the GPU does not throttle its speed automatically when it reaches high temperatures. With certain high GPU loads it is possible to reach the critical hardware shutdown temperature of 120°C, endangering the hardware and making it impossible to run certain applications. Set up GPU cooling similar to the ACPI tables, by throttling the GPU speed when reaching 95°C and polling every 200ms. Cc: stable(a)vger.kernel.org Fixes: 721e38301b79 ("arm64: dts: qcom: x1e80100: Add gpu support") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Link: https://lore.kernel.org/r/20250219-x1e80100-thermal-fixes-v1-3-d110e44ac3f9… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index e0ef5665f862..9382a2fce2f3 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -20,6 +20,7 @@ #include <dt-bindings/soc/qcom,gpr.h> #include <dt-bindings/soc/qcom,rpmh-rsc.h> #include <dt-bindings/sound/qcom,q6dsp-lpass-ports.h> +#include <dt-bindings/thermal/thermal.h> / { interrupt-parent = <&intc>; @@ -9372,24 +9373,25 @@ nsp3-critical { }; gpuss-0-thermal { - polling-delay-passive = <10>; + polling-delay-passive = <200>; thermal-sensors = <&tsens3 5>; + cooling-maps { + map0 { + trip = <&gpuss0_alert0>; + cooling-device = <&gpu THERMAL_NO_LIMIT THERMAL_NO_LIMIT>; + }; + }; + trips { - trip-point0 { - temperature = <85000>; + gpuss0_alert0: trip-point0 { + temperature = <95000>; hysteresis = <1000>; type = "passive"; }; - trip-point1 { - temperature = <90000>; - hysteresis = <1000>; - type = "hot"; - }; - - trip-point2 { + gpu-critical { temperature = <115000>; hysteresis = <1000>; type = "critical"; @@ -9398,24 +9400,25 @@ trip-point2 { }; gpuss-1-thermal { - polling-delay-passive = <10>; + polling-delay-passive = <200>; thermal-sensors = <&tsens3 6>; + cooling-maps { + map0 { + trip = <&gpuss1_alert0>; + cooling-device = <&gpu THERMAL_NO_LIMIT THERMAL_NO_LIMIT>; + }; + }; + trips { - trip-point0 { - temperature = <85000>; + gpuss1_alert0: trip-point0 { + temperature = <95000>; hysteresis = <1000>; type = "passive"; }; - trip-point1 { - temperature = <90000>; - hysteresis = <1000>; - type = "hot"; - }; - - trip-point2 { + gpu-critical { temperature = <115000>; hysteresis = <1000>; type = "critical"; @@ -9424,24 +9427,25 @@ trip-point2 { }; gpuss-2-thermal { - polling-delay-passive = <10>; + polling-delay-passive = <200>; thermal-sensors = <&tsens3 7>; + cooling-maps { + map0 { + trip = <&gpuss2_alert0>; + cooling-device = <&gpu THERMAL_NO_LIMIT THERMAL_NO_LIMIT>; + }; + }; + trips { - trip-point0 { - temperature = <85000>; + gpuss2_alert0: trip-point0 { + temperature = <95000>; hysteresis = <1000>; type = "passive"; }; - trip-point1 { - temperature = <90000>; - hysteresis = <1000>; - type = "hot"; - }; - - trip-point2 { + gpu-critical { temperature = <115000>; hysteresis = <1000>; type = "critical"; @@ -9450,24 +9454,25 @@ trip-point2 { }; gpuss-3-thermal { - polling-delay-passive = <10>; + polling-delay-passive = <200>; thermal-sensors = <&tsens3 8>; + cooling-maps { + map0 { + trip = <&gpuss3_alert0>; + cooling-device = <&gpu THERMAL_NO_LIMIT THERMAL_NO_LIMIT>; + }; + }; + trips { - trip-point0 { - temperature = <85000>; + gpuss3_alert0: trip-point0 { + temperature = <95000>; hysteresis = <1000>; type = "passive"; }; - trip-point1 { - temperature = <90000>; - hysteresis = <1000>; - type = "hot"; - }; - - trip-point2 { + gpu-critical { temperature = <115000>; hysteresis = <1000>; type = "critical"; @@ -9476,24 +9481,25 @@ trip-point2 { }; gpuss-4-thermal { - polling-delay-passive = <10>; + polling-delay-passive = <200>; thermal-sensors = <&tsens3 9>; + cooling-maps { + map0 { + trip = <&gpuss4_alert0>; + cooling-device = <&gpu THERMAL_NO_LIMIT THERMAL_NO_LIMIT>; + }; + }; + trips { - trip-point0 { - temperature = <85000>; + gpuss4_alert0: trip-point0 { + temperature = <95000>; hysteresis = <1000>; type = "passive"; }; - trip-point1 { - temperature = <90000>; - hysteresis = <1000>; - type = "hot"; - }; - - trip-point2 { + gpu-critical { temperature = <115000>; hysteresis = <1000>; type = "critical"; @@ -9502,24 +9508,25 @@ trip-point2 { }; gpuss-5-thermal { - polling-delay-passive = <10>; + polling-delay-passive = <200>; thermal-sensors = <&tsens3 10>; + cooling-maps { + map0 { + trip = <&gpuss5_alert0>; + cooling-device = <&gpu THERMAL_NO_LIMIT THERMAL_NO_LIMIT>; + }; + }; + trips { - trip-point0 { - temperature = <85000>; + gpuss5_alert0: trip-point0 { + temperature = <95000>; hysteresis = <1000>; type = "passive"; }; - trip-point1 { - temperature = <90000>; - hysteresis = <1000>; - type = "hot"; - }; - - trip-point2 { + gpu-critical { temperature = <115000>; hysteresis = <1000>; type = "critical"; @@ -9528,24 +9535,25 @@ trip-point2 { }; gpuss-6-thermal { - polling-delay-passive = <10>; + polling-delay-passive = <200>; thermal-sensors = <&tsens3 11>; + cooling-maps { + map0 { + trip = <&gpuss6_alert0>; + cooling-device = <&gpu THERMAL_NO_LIMIT THERMAL_NO_LIMIT>; + }; + }; + trips { - trip-point0 { - temperature = <85000>; + gpuss6_alert0: trip-point0 { + temperature = <95000>; hysteresis = <1000>; type = "passive"; }; - trip-point1 { - temperature = <90000>; - hysteresis = <1000>; - type = "hot"; - }; - - trip-point2 { + gpu-critical { temperature = <115000>; hysteresis = <1000>; type = "critical"; @@ -9554,24 +9562,25 @@ trip-point2 { }; gpuss-7-thermal { - polling-delay-passive = <10>; + polling-delay-passive = <200>; thermal-sensors = <&tsens3 12>; + cooling-maps { + map0 { + trip = <&gpuss7_alert0>; + cooling-device = <&gpu THERMAL_NO_LIMIT THERMAL_NO_LIMIT>; + }; + }; + trips { - trip-point0 { - temperature = <85000>; + gpuss7_alert0: trip-point0 { + temperature = <95000>; hysteresis = <1000>; type = "passive"; }; - trip-point1 { - temperature = <90000>; - hysteresis = <1000>; - type = "hot"; - }; - - trip-point2 { + gpu-critical { temperature = <115000>; hysteresis = <1000>; type = "critical";

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: x1e80100: Apply consistent critical thermal" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 03f2b8eed73418269a158ccebad5d8d8f2f6daa1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060201-critter-racoon-92e9@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 03f2b8eed73418269a158ccebad5d8d8f2f6daa1 Mon Sep 17 00:00:00 2001 From: Stephan Gerhold <stephan.gerhold(a)linaro.org> Date: Wed, 19 Feb 2025 12:36:19 +0100 Subject: [PATCH] arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The firmware configures the TSENS controller with a maximum temperature of 120°C. When reaching that temperature, the hardware automatically triggers a reset of the entire platform. Some of the thermal zones in x1e80100.dtsi use a critical trip point of 125°C. It's impossible to reach those. It's preferable to shut down the system cleanly before reaching the hardware trip point. Make the critical temperature trip points consistent by setting all of them to 115°C and apply a consistent hysteresis. The ACPI tables also specify 115°C as critical shutdown temperature. Cc: stable(a)vger.kernel.org Fixes: 4e915987ff5b ("arm64: dts: qcom: x1e80100: Enable tsens and thermal zone nodes") Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> Link: https://lore.kernel.org/r/20250219-x1e80100-thermal-fixes-v1-2-d110e44ac3f9… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index 7d750a899e80..e0ef5665f862 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -8470,8 +8470,8 @@ trip-point0 { }; aoss0-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -8496,7 +8496,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8522,7 +8522,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8548,7 +8548,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8574,7 +8574,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8600,7 +8600,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8626,7 +8626,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8652,7 +8652,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8678,7 +8678,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8696,8 +8696,8 @@ trip-point0 { }; cpuss2-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -8714,8 +8714,8 @@ trip-point0 { }; cpuss2-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -8732,7 +8732,7 @@ trip-point0 { }; mem-critical { - temperature = <125000>; + temperature = <115000>; hysteresis = <0>; type = "critical"; }; @@ -8750,7 +8750,7 @@ trip-point0 { }; video-critical { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8768,8 +8768,8 @@ trip-point0 { }; aoss0-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -8794,7 +8794,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8820,7 +8820,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8846,7 +8846,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8872,7 +8872,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8898,7 +8898,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8924,7 +8924,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8950,7 +8950,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8976,7 +8976,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -8994,8 +8994,8 @@ trip-point0 { }; cpuss2-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9012,8 +9012,8 @@ trip-point0 { }; cpuss2-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9030,8 +9030,8 @@ trip-point0 { }; aoss0-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9056,7 +9056,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9082,7 +9082,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9108,7 +9108,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9134,7 +9134,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9160,7 +9160,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9186,7 +9186,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9212,7 +9212,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9238,7 +9238,7 @@ trip-point1 { }; cpu-critical { - temperature = <110000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9256,8 +9256,8 @@ trip-point0 { }; cpuss2-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9274,8 +9274,8 @@ trip-point0 { }; cpuss2-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9292,8 +9292,8 @@ trip-point0 { }; aoss0-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9310,8 +9310,8 @@ trip-point0 { }; nsp0-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9328,8 +9328,8 @@ trip-point0 { }; nsp1-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9346,8 +9346,8 @@ trip-point0 { }; nsp2-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9364,8 +9364,8 @@ trip-point0 { }; nsp3-critical { - temperature = <125000>; - hysteresis = <0>; + temperature = <115000>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9390,7 +9390,7 @@ trip-point1 { }; trip-point2 { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9416,7 +9416,7 @@ trip-point1 { }; trip-point2 { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9442,7 +9442,7 @@ trip-point1 { }; trip-point2 { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9468,7 +9468,7 @@ trip-point1 { }; trip-point2 { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9494,7 +9494,7 @@ trip-point1 { }; trip-point2 { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9520,7 +9520,7 @@ trip-point1 { }; trip-point2 { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9546,7 +9546,7 @@ trip-point1 { }; trip-point2 { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9572,7 +9572,7 @@ trip-point1 { }; trip-point2 { - temperature = <125000>; + temperature = <115000>; hysteresis = <1000>; type = "critical"; }; @@ -9591,7 +9591,7 @@ trip-point0 { camera0-critical { temperature = <115000>; - hysteresis = <0>; + hysteresis = <1000>; type = "critical"; }; }; @@ -9609,7 +9609,7 @@ trip-point0 { camera0-critical { temperature = <115000>; - hysteresis = <0>; + hysteresis = <1000>; type = "critical"; }; };

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: rockchip: fix internal USB hub instability on" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d7cc532df95f7f159e40595440e4e4b99481457b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060238-graffiti-woof-6b4f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7cc532df95f7f159e40595440e4e4b99481457b Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Date: Fri, 25 Apr 2025 17:18:08 +0200 Subject: [PATCH] arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, the onboard Cypress CYUSB3304 USB hub is not defined in the device tree, and hub reset pin is provided as vcc5v0_host regulator to usb phy. This causes instability issues, as a result of improper reset duration. The fixed regulator device requests the GPIO during probe in its inactive state (except if regulator-boot-on property is set, in which case it is requested in the active state). Considering gpio is GPIO_ACTIVE_LOW for Puma, it means it’s driving it high. Then the regulator gets enabled (because regulator-always-on property), which drives it to its active state, meaning driving it low. The Cypress CYUSB3304 USB hub actually requires the reset to be asserted for at least 5 ms, which we cannot guarantee right now since there's no delay in the current config, meaning the hub may sometimes work or not. We could add delay as offered by fixed-regulator but let's rather fix this by using the proper way to model onboard USB hubs. Define hub_2_0 and hub_3_0 nodes, as the onboard Cypress hub consist of two 'logical' hubs, for USB2.0 and USB3.0. Use the 'reset-gpios' property of hub to assign reset pin instead of using regulator. Rename the vcc5v0_host regulator to cy3304_reset to be more meaningful. Pin is configured to output-high by default, which sets the hub in reset state during pin controller initialization. This allows to avoid double enumeration of devices in case the bootloader has setup the USB hub before the kernel. The vdd-supply and vdd2-supply properties in hub nodes are added to provide correct dt-bindings, although power supplies are always enabled based on HW design. Fixes: 2c66fc34e945 ("arm64: dts: rockchip: add RK3399-Q7 (Puma) SoM") Cc: stable(a)vger.kernel.org # 6.6 Cc: stable(a)vger.kernel.org # Backport of the patch in this series fixing product ID in onboard_dev_id_table in drivers/usb/misc/onboard_usb_dev.c driver Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Link: https://lore.kernel.org/r/20250425-onboard_usb_dev-v2-3-4a76a474a010@thauma… Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi index e00fbaa8acc1..314d9dfdba57 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi @@ -60,16 +60,6 @@ vcc3v3_sys: regulator-vcc3v3-sys { vin-supply = <&vcc5v0_sys>; }; - vcc5v0_host: regulator-vcc5v0-host { - compatible = "regulator-fixed"; - gpio = <&gpio4 RK_PA3 GPIO_ACTIVE_LOW>; - pinctrl-names = "default"; - pinctrl-0 = <&vcc5v0_host_en>; - regulator-name = "vcc5v0_host"; - regulator-always-on; - vin-supply = <&vcc5v0_sys>; - }; - vcc5v0_sys: regulator-vcc5v0-sys { compatible = "regulator-fixed"; regulator-name = "vcc5v0_sys"; @@ -527,10 +517,10 @@ pmic_int_l: pmic-int-l { }; }; - usb2 { - vcc5v0_host_en: vcc5v0-host-en { + usb { + cy3304_reset: cy3304-reset { rockchip,pins = - <4 RK_PA3 RK_FUNC_GPIO &pcfg_pull_none>; + <4 RK_PA3 RK_FUNC_GPIO &pcfg_output_high>; }; }; @@ -597,7 +587,6 @@ u2phy1_otg: otg-port { }; u2phy1_host: host-port { - phy-supply = <&vcc5v0_host>; status = "okay"; }; }; @@ -609,6 +598,29 @@ &usbdrd3_1 { &usbdrd_dwc3_1 { status = "okay"; dr_mode = "host"; + pinctrl-names = "default"; + pinctrl-0 = <&cy3304_reset>; + #address-cells = <1>; + #size-cells = <0>; + + hub_2_0: hub@1 { + compatible = "usb4b4,6502", "usb4b4,6506"; + reg = <1>; + peer-hub = <&hub_3_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + + }; + + hub_3_0: hub@2 { + compatible = "usb4b4,6500", "usb4b4,6504"; + reg = <2>; + peer-hub = <&hub_2_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + }; }; &usb_host1_ehci {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: rockchip: fix internal USB hub instability on" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d7cc532df95f7f159e40595440e4e4b99481457b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060237-cactus-anew-7019@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7cc532df95f7f159e40595440e4e4b99481457b Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Date: Fri, 25 Apr 2025 17:18:08 +0200 Subject: [PATCH] arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, the onboard Cypress CYUSB3304 USB hub is not defined in the device tree, and hub reset pin is provided as vcc5v0_host regulator to usb phy. This causes instability issues, as a result of improper reset duration. The fixed regulator device requests the GPIO during probe in its inactive state (except if regulator-boot-on property is set, in which case it is requested in the active state). Considering gpio is GPIO_ACTIVE_LOW for Puma, it means it’s driving it high. Then the regulator gets enabled (because regulator-always-on property), which drives it to its active state, meaning driving it low. The Cypress CYUSB3304 USB hub actually requires the reset to be asserted for at least 5 ms, which we cannot guarantee right now since there's no delay in the current config, meaning the hub may sometimes work or not. We could add delay as offered by fixed-regulator but let's rather fix this by using the proper way to model onboard USB hubs. Define hub_2_0 and hub_3_0 nodes, as the onboard Cypress hub consist of two 'logical' hubs, for USB2.0 and USB3.0. Use the 'reset-gpios' property of hub to assign reset pin instead of using regulator. Rename the vcc5v0_host regulator to cy3304_reset to be more meaningful. Pin is configured to output-high by default, which sets the hub in reset state during pin controller initialization. This allows to avoid double enumeration of devices in case the bootloader has setup the USB hub before the kernel. The vdd-supply and vdd2-supply properties in hub nodes are added to provide correct dt-bindings, although power supplies are always enabled based on HW design. Fixes: 2c66fc34e945 ("arm64: dts: rockchip: add RK3399-Q7 (Puma) SoM") Cc: stable(a)vger.kernel.org # 6.6 Cc: stable(a)vger.kernel.org # Backport of the patch in this series fixing product ID in onboard_dev_id_table in drivers/usb/misc/onboard_usb_dev.c driver Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Link: https://lore.kernel.org/r/20250425-onboard_usb_dev-v2-3-4a76a474a010@thauma… Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi index e00fbaa8acc1..314d9dfdba57 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi @@ -60,16 +60,6 @@ vcc3v3_sys: regulator-vcc3v3-sys { vin-supply = <&vcc5v0_sys>; }; - vcc5v0_host: regulator-vcc5v0-host { - compatible = "regulator-fixed"; - gpio = <&gpio4 RK_PA3 GPIO_ACTIVE_LOW>; - pinctrl-names = "default"; - pinctrl-0 = <&vcc5v0_host_en>; - regulator-name = "vcc5v0_host"; - regulator-always-on; - vin-supply = <&vcc5v0_sys>; - }; - vcc5v0_sys: regulator-vcc5v0-sys { compatible = "regulator-fixed"; regulator-name = "vcc5v0_sys"; @@ -527,10 +517,10 @@ pmic_int_l: pmic-int-l { }; }; - usb2 { - vcc5v0_host_en: vcc5v0-host-en { + usb { + cy3304_reset: cy3304-reset { rockchip,pins = - <4 RK_PA3 RK_FUNC_GPIO &pcfg_pull_none>; + <4 RK_PA3 RK_FUNC_GPIO &pcfg_output_high>; }; }; @@ -597,7 +587,6 @@ u2phy1_otg: otg-port { }; u2phy1_host: host-port { - phy-supply = <&vcc5v0_host>; status = "okay"; }; }; @@ -609,6 +598,29 @@ &usbdrd3_1 { &usbdrd_dwc3_1 { status = "okay"; dr_mode = "host"; + pinctrl-names = "default"; + pinctrl-0 = <&cy3304_reset>; + #address-cells = <1>; + #size-cells = <0>; + + hub_2_0: hub@1 { + compatible = "usb4b4,6502", "usb4b4,6506"; + reg = <1>; + peer-hub = <&hub_3_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + + }; + + hub_3_0: hub@2 { + compatible = "usb4b4,6500", "usb4b4,6504"; + reg = <2>; + peer-hub = <&hub_2_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + }; }; &usb_host1_ehci {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: rockchip: fix internal USB hub instability on" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d7cc532df95f7f159e40595440e4e4b99481457b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060236-cone-armory-06ea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7cc532df95f7f159e40595440e4e4b99481457b Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Date: Fri, 25 Apr 2025 17:18:08 +0200 Subject: [PATCH] arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, the onboard Cypress CYUSB3304 USB hub is not defined in the device tree, and hub reset pin is provided as vcc5v0_host regulator to usb phy. This causes instability issues, as a result of improper reset duration. The fixed regulator device requests the GPIO during probe in its inactive state (except if regulator-boot-on property is set, in which case it is requested in the active state). Considering gpio is GPIO_ACTIVE_LOW for Puma, it means it’s driving it high. Then the regulator gets enabled (because regulator-always-on property), which drives it to its active state, meaning driving it low. The Cypress CYUSB3304 USB hub actually requires the reset to be asserted for at least 5 ms, which we cannot guarantee right now since there's no delay in the current config, meaning the hub may sometimes work or not. We could add delay as offered by fixed-regulator but let's rather fix this by using the proper way to model onboard USB hubs. Define hub_2_0 and hub_3_0 nodes, as the onboard Cypress hub consist of two 'logical' hubs, for USB2.0 and USB3.0. Use the 'reset-gpios' property of hub to assign reset pin instead of using regulator. Rename the vcc5v0_host regulator to cy3304_reset to be more meaningful. Pin is configured to output-high by default, which sets the hub in reset state during pin controller initialization. This allows to avoid double enumeration of devices in case the bootloader has setup the USB hub before the kernel. The vdd-supply and vdd2-supply properties in hub nodes are added to provide correct dt-bindings, although power supplies are always enabled based on HW design. Fixes: 2c66fc34e945 ("arm64: dts: rockchip: add RK3399-Q7 (Puma) SoM") Cc: stable(a)vger.kernel.org # 6.6 Cc: stable(a)vger.kernel.org # Backport of the patch in this series fixing product ID in onboard_dev_id_table in drivers/usb/misc/onboard_usb_dev.c driver Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Link: https://lore.kernel.org/r/20250425-onboard_usb_dev-v2-3-4a76a474a010@thauma… Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi index e00fbaa8acc1..314d9dfdba57 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi @@ -60,16 +60,6 @@ vcc3v3_sys: regulator-vcc3v3-sys { vin-supply = <&vcc5v0_sys>; }; - vcc5v0_host: regulator-vcc5v0-host { - compatible = "regulator-fixed"; - gpio = <&gpio4 RK_PA3 GPIO_ACTIVE_LOW>; - pinctrl-names = "default"; - pinctrl-0 = <&vcc5v0_host_en>; - regulator-name = "vcc5v0_host"; - regulator-always-on; - vin-supply = <&vcc5v0_sys>; - }; - vcc5v0_sys: regulator-vcc5v0-sys { compatible = "regulator-fixed"; regulator-name = "vcc5v0_sys"; @@ -527,10 +517,10 @@ pmic_int_l: pmic-int-l { }; }; - usb2 { - vcc5v0_host_en: vcc5v0-host-en { + usb { + cy3304_reset: cy3304-reset { rockchip,pins = - <4 RK_PA3 RK_FUNC_GPIO &pcfg_pull_none>; + <4 RK_PA3 RK_FUNC_GPIO &pcfg_output_high>; }; }; @@ -597,7 +587,6 @@ u2phy1_otg: otg-port { }; u2phy1_host: host-port { - phy-supply = <&vcc5v0_host>; status = "okay"; }; }; @@ -609,6 +598,29 @@ &usbdrd3_1 { &usbdrd_dwc3_1 { status = "okay"; dr_mode = "host"; + pinctrl-names = "default"; + pinctrl-0 = <&cy3304_reset>; + #address-cells = <1>; + #size-cells = <0>; + + hub_2_0: hub@1 { + compatible = "usb4b4,6502", "usb4b4,6506"; + reg = <1>; + peer-hub = <&hub_3_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + + }; + + hub_3_0: hub@2 { + compatible = "usb4b4,6500", "usb4b4,6504"; + reg = <2>; + peer-hub = <&hub_2_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + }; }; &usb_host1_ehci {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: rockchip: fix internal USB hub instability on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d7cc532df95f7f159e40595440e4e4b99481457b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060235-unroll-candy-0261@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7cc532df95f7f159e40595440e4e4b99481457b Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Date: Fri, 25 Apr 2025 17:18:08 +0200 Subject: [PATCH] arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, the onboard Cypress CYUSB3304 USB hub is not defined in the device tree, and hub reset pin is provided as vcc5v0_host regulator to usb phy. This causes instability issues, as a result of improper reset duration. The fixed regulator device requests the GPIO during probe in its inactive state (except if regulator-boot-on property is set, in which case it is requested in the active state). Considering gpio is GPIO_ACTIVE_LOW for Puma, it means it’s driving it high. Then the regulator gets enabled (because regulator-always-on property), which drives it to its active state, meaning driving it low. The Cypress CYUSB3304 USB hub actually requires the reset to be asserted for at least 5 ms, which we cannot guarantee right now since there's no delay in the current config, meaning the hub may sometimes work or not. We could add delay as offered by fixed-regulator but let's rather fix this by using the proper way to model onboard USB hubs. Define hub_2_0 and hub_3_0 nodes, as the onboard Cypress hub consist of two 'logical' hubs, for USB2.0 and USB3.0. Use the 'reset-gpios' property of hub to assign reset pin instead of using regulator. Rename the vcc5v0_host regulator to cy3304_reset to be more meaningful. Pin is configured to output-high by default, which sets the hub in reset state during pin controller initialization. This allows to avoid double enumeration of devices in case the bootloader has setup the USB hub before the kernel. The vdd-supply and vdd2-supply properties in hub nodes are added to provide correct dt-bindings, although power supplies are always enabled based on HW design. Fixes: 2c66fc34e945 ("arm64: dts: rockchip: add RK3399-Q7 (Puma) SoM") Cc: stable(a)vger.kernel.org # 6.6 Cc: stable(a)vger.kernel.org # Backport of the patch in this series fixing product ID in onboard_dev_id_table in drivers/usb/misc/onboard_usb_dev.c driver Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Link: https://lore.kernel.org/r/20250425-onboard_usb_dev-v2-3-4a76a474a010@thauma… Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi index e00fbaa8acc1..314d9dfdba57 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi @@ -60,16 +60,6 @@ vcc3v3_sys: regulator-vcc3v3-sys { vin-supply = <&vcc5v0_sys>; }; - vcc5v0_host: regulator-vcc5v0-host { - compatible = "regulator-fixed"; - gpio = <&gpio4 RK_PA3 GPIO_ACTIVE_LOW>; - pinctrl-names = "default"; - pinctrl-0 = <&vcc5v0_host_en>; - regulator-name = "vcc5v0_host"; - regulator-always-on; - vin-supply = <&vcc5v0_sys>; - }; - vcc5v0_sys: regulator-vcc5v0-sys { compatible = "regulator-fixed"; regulator-name = "vcc5v0_sys"; @@ -527,10 +517,10 @@ pmic_int_l: pmic-int-l { }; }; - usb2 { - vcc5v0_host_en: vcc5v0-host-en { + usb { + cy3304_reset: cy3304-reset { rockchip,pins = - <4 RK_PA3 RK_FUNC_GPIO &pcfg_pull_none>; + <4 RK_PA3 RK_FUNC_GPIO &pcfg_output_high>; }; }; @@ -597,7 +587,6 @@ u2phy1_otg: otg-port { }; u2phy1_host: host-port { - phy-supply = <&vcc5v0_host>; status = "okay"; }; }; @@ -609,6 +598,29 @@ &usbdrd3_1 { &usbdrd_dwc3_1 { status = "okay"; dr_mode = "host"; + pinctrl-names = "default"; + pinctrl-0 = <&cy3304_reset>; + #address-cells = <1>; + #size-cells = <0>; + + hub_2_0: hub@1 { + compatible = "usb4b4,6502", "usb4b4,6506"; + reg = <1>; + peer-hub = <&hub_3_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + + }; + + hub_3_0: hub@2 { + compatible = "usb4b4,6500", "usb4b4,6504"; + reg = <2>; + peer-hub = <&hub_2_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + }; }; &usb_host1_ehci {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: rockchip: fix internal USB hub instability on" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d7cc532df95f7f159e40595440e4e4b99481457b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060233-umpire-askew-5f0b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7cc532df95f7f159e40595440e4e4b99481457b Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Date: Fri, 25 Apr 2025 17:18:08 +0200 Subject: [PATCH] arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, the onboard Cypress CYUSB3304 USB hub is not defined in the device tree, and hub reset pin is provided as vcc5v0_host regulator to usb phy. This causes instability issues, as a result of improper reset duration. The fixed regulator device requests the GPIO during probe in its inactive state (except if regulator-boot-on property is set, in which case it is requested in the active state). Considering gpio is GPIO_ACTIVE_LOW for Puma, it means it’s driving it high. Then the regulator gets enabled (because regulator-always-on property), which drives it to its active state, meaning driving it low. The Cypress CYUSB3304 USB hub actually requires the reset to be asserted for at least 5 ms, which we cannot guarantee right now since there's no delay in the current config, meaning the hub may sometimes work or not. We could add delay as offered by fixed-regulator but let's rather fix this by using the proper way to model onboard USB hubs. Define hub_2_0 and hub_3_0 nodes, as the onboard Cypress hub consist of two 'logical' hubs, for USB2.0 and USB3.0. Use the 'reset-gpios' property of hub to assign reset pin instead of using regulator. Rename the vcc5v0_host regulator to cy3304_reset to be more meaningful. Pin is configured to output-high by default, which sets the hub in reset state during pin controller initialization. This allows to avoid double enumeration of devices in case the bootloader has setup the USB hub before the kernel. The vdd-supply and vdd2-supply properties in hub nodes are added to provide correct dt-bindings, although power supplies are always enabled based on HW design. Fixes: 2c66fc34e945 ("arm64: dts: rockchip: add RK3399-Q7 (Puma) SoM") Cc: stable(a)vger.kernel.org # 6.6 Cc: stable(a)vger.kernel.org # Backport of the patch in this series fixing product ID in onboard_dev_id_table in drivers/usb/misc/onboard_usb_dev.c driver Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Link: https://lore.kernel.org/r/20250425-onboard_usb_dev-v2-3-4a76a474a010@thauma… Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi index e00fbaa8acc1..314d9dfdba57 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi @@ -60,16 +60,6 @@ vcc3v3_sys: regulator-vcc3v3-sys { vin-supply = <&vcc5v0_sys>; }; - vcc5v0_host: regulator-vcc5v0-host { - compatible = "regulator-fixed"; - gpio = <&gpio4 RK_PA3 GPIO_ACTIVE_LOW>; - pinctrl-names = "default"; - pinctrl-0 = <&vcc5v0_host_en>; - regulator-name = "vcc5v0_host"; - regulator-always-on; - vin-supply = <&vcc5v0_sys>; - }; - vcc5v0_sys: regulator-vcc5v0-sys { compatible = "regulator-fixed"; regulator-name = "vcc5v0_sys"; @@ -527,10 +517,10 @@ pmic_int_l: pmic-int-l { }; }; - usb2 { - vcc5v0_host_en: vcc5v0-host-en { + usb { + cy3304_reset: cy3304-reset { rockchip,pins = - <4 RK_PA3 RK_FUNC_GPIO &pcfg_pull_none>; + <4 RK_PA3 RK_FUNC_GPIO &pcfg_output_high>; }; }; @@ -597,7 +587,6 @@ u2phy1_otg: otg-port { }; u2phy1_host: host-port { - phy-supply = <&vcc5v0_host>; status = "okay"; }; }; @@ -609,6 +598,29 @@ &usbdrd3_1 { &usbdrd_dwc3_1 { status = "okay"; dr_mode = "host"; + pinctrl-names = "default"; + pinctrl-0 = <&cy3304_reset>; + #address-cells = <1>; + #size-cells = <0>; + + hub_2_0: hub@1 { + compatible = "usb4b4,6502", "usb4b4,6506"; + reg = <1>; + peer-hub = <&hub_3_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + + }; + + hub_3_0: hub@2 { + compatible = "usb4b4,6500", "usb4b4,6504"; + reg = <2>; + peer-hub = <&hub_2_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + }; }; &usb_host1_ehci {

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: rockchip: fix internal USB hub instability on" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d7cc532df95f7f159e40595440e4e4b99481457b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060232-saga-chatty-ea5b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7cc532df95f7f159e40595440e4e4b99481457b Mon Sep 17 00:00:00 2001 From: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Date: Fri, 25 Apr 2025 17:18:08 +0200 Subject: [PATCH] arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, the onboard Cypress CYUSB3304 USB hub is not defined in the device tree, and hub reset pin is provided as vcc5v0_host regulator to usb phy. This causes instability issues, as a result of improper reset duration. The fixed regulator device requests the GPIO during probe in its inactive state (except if regulator-boot-on property is set, in which case it is requested in the active state). Considering gpio is GPIO_ACTIVE_LOW for Puma, it means it’s driving it high. Then the regulator gets enabled (because regulator-always-on property), which drives it to its active state, meaning driving it low. The Cypress CYUSB3304 USB hub actually requires the reset to be asserted for at least 5 ms, which we cannot guarantee right now since there's no delay in the current config, meaning the hub may sometimes work or not. We could add delay as offered by fixed-regulator but let's rather fix this by using the proper way to model onboard USB hubs. Define hub_2_0 and hub_3_0 nodes, as the onboard Cypress hub consist of two 'logical' hubs, for USB2.0 and USB3.0. Use the 'reset-gpios' property of hub to assign reset pin instead of using regulator. Rename the vcc5v0_host regulator to cy3304_reset to be more meaningful. Pin is configured to output-high by default, which sets the hub in reset state during pin controller initialization. This allows to avoid double enumeration of devices in case the bootloader has setup the USB hub before the kernel. The vdd-supply and vdd2-supply properties in hub nodes are added to provide correct dt-bindings, although power supplies are always enabled based on HW design. Fixes: 2c66fc34e945 ("arm64: dts: rockchip: add RK3399-Q7 (Puma) SoM") Cc: stable(a)vger.kernel.org # 6.6 Cc: stable(a)vger.kernel.org # Backport of the patch in this series fixing product ID in onboard_dev_id_table in drivers/usb/misc/onboard_usb_dev.c driver Signed-off-by: Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> Link: https://lore.kernel.org/r/20250425-onboard_usb_dev-v2-3-4a76a474a010@thauma… Signed-off-by: Heiko Stuebner <heiko(a)sntech.de> diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi index e00fbaa8acc1..314d9dfdba57 100644 --- a/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi @@ -60,16 +60,6 @@ vcc3v3_sys: regulator-vcc3v3-sys { vin-supply = <&vcc5v0_sys>; }; - vcc5v0_host: regulator-vcc5v0-host { - compatible = "regulator-fixed"; - gpio = <&gpio4 RK_PA3 GPIO_ACTIVE_LOW>; - pinctrl-names = "default"; - pinctrl-0 = <&vcc5v0_host_en>; - regulator-name = "vcc5v0_host"; - regulator-always-on; - vin-supply = <&vcc5v0_sys>; - }; - vcc5v0_sys: regulator-vcc5v0-sys { compatible = "regulator-fixed"; regulator-name = "vcc5v0_sys"; @@ -527,10 +517,10 @@ pmic_int_l: pmic-int-l { }; }; - usb2 { - vcc5v0_host_en: vcc5v0-host-en { + usb { + cy3304_reset: cy3304-reset { rockchip,pins = - <4 RK_PA3 RK_FUNC_GPIO &pcfg_pull_none>; + <4 RK_PA3 RK_FUNC_GPIO &pcfg_output_high>; }; }; @@ -597,7 +587,6 @@ u2phy1_otg: otg-port { }; u2phy1_host: host-port { - phy-supply = <&vcc5v0_host>; status = "okay"; }; }; @@ -609,6 +598,29 @@ &usbdrd3_1 { &usbdrd_dwc3_1 { status = "okay"; dr_mode = "host"; + pinctrl-names = "default"; + pinctrl-0 = <&cy3304_reset>; + #address-cells = <1>; + #size-cells = <0>; + + hub_2_0: hub@1 { + compatible = "usb4b4,6502", "usb4b4,6506"; + reg = <1>; + peer-hub = <&hub_3_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + + }; + + hub_3_0: hub@2 { + compatible = "usb4b4,6500", "usb4b4,6504"; + reg = <2>; + peer-hub = <&hub_2_0>; + reset-gpios = <&gpio4 RK_PA3 GPIO_ACTIVE_HIGH>; + vdd-supply = <&vcc1v2_phy>; + vdd2-supply = <&vcc3v3_sys>; + }; }; &usb_host1_ehci {

3 months, 3 weeks

1
0
0 0

[PATCH 6.1.y v2] selftests/vm: fix split huge page tests

by Guangming Wang

From: Zi Yan <ziy(a)nvidia.com> [ upstream commit dd63bd7df41a8f9393a2e3ff9157a441c08eb996 ] Fix two inputs to check_anon_huge() and one if condition, so the tests work as expected. Steps to reproduce the issue. make headers make -C tools/testing/selftests/vm Before patching:test fails with a non-zero exit code ~/linux$ sudo tools/testing/selftests/vm/split_huge_page_test \ > /dev/null 2>&1;echo $? 1 ~/linux$ ./split_huge_page_test No THP is allocated After patching: ~/linux$ sudo tools/testing/selftests/vm/split_huge_page_test \ > /dev/null 2>&1;echo $? 0 ~/linux$ sudo tools/testing/selftests/vm/split_huge_page_test Split huge pages successful ... Link: https://lkml.kernel.org/r/20230306160907.16804-1-zi.yan@sent.com Fixes: c07c343cda8e ("selftests/vm: dedup THP helpers") Cc: stable(a)vger.kernel.org Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Zach O'Keefe <zokeefe(a)google.com> Tested-by: Zach O'Keefe <zokeefe(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Guangming Wang <guangming.wang(a)windriver.com> --- tools/testing/selftests/vm/split_huge_page_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/vm/split_huge_page_test.c b/tools/testing/selftests/vm/split_huge_page_test.c index 76e1c36dd..b8558c7f1 100644 --- a/tools/testing/selftests/vm/split_huge_page_test.c +++ b/tools/testing/selftests/vm/split_huge_page_test.c @@ -106,7 +106,7 @@ void split_pmd_thp(void) for (i = 0; i < len; i++) one_page[i] = (char)i; - if (!check_huge_anon(one_page, 1, pmd_pagesize)) { + if (!check_huge_anon(one_page, 4, pmd_pagesize)) { printf("No THP is allocated\n"); exit(EXIT_FAILURE); } @@ -122,7 +122,7 @@ void split_pmd_thp(void) } - if (check_huge_anon(one_page, 0, pmd_pagesize)) { + if (!check_huge_anon(one_page, 0, pmd_pagesize)) { printf("Still AnonHugePages not split\n"); exit(EXIT_FAILURE); } @@ -169,7 +169,7 @@ void split_pte_mapped_thp(void) for (i = 0; i < len; i++) one_page[i] = (char)i; - if (!check_huge_anon(one_page, 1, pmd_pagesize)) { + if (!check_huge_anon(one_page, 4, pmd_pagesize)) { printf("No THP is allocated\n"); exit(EXIT_FAILURE); } -- 2.34.1

3 months, 3 weeks

3
2
0 0

[PATCH v2] mm: userfaultfd: fix race of userfaultfd_move and swap cache

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and try to move the found folio to the faulting vma when. Currently, it relies on the PTE value check to ensure the moved folio still belongs to the src swap entry, which turns out is not reliable. While working and reviewing the swap table series with Barry, following existing race is observed and reproduced [1]: ( move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 isn't in the swap cache.) CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < Somehow interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is just a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B could use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < Somehow interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry pte // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced [1]. It's also possible that folio (A) is swapped in, and swapped out again after the filemap_get_folio lookup, in such case folio (A) may stay in swap cache so it needs to be moved too. In this case we should also try again so kernel won't miss a folio move. Fix this by checking if the folio is the valid swap cache folio after acquiring the folio lock, and checking the swap cache again after acquiring the src_pte lock. SWP_SYNCRHONIZE_IO path does make the problem more complex, but so far we don't need to worry about that since folios only might get exposed to swap cache in the swap out path, and it's covered in this patch too by checking the swap cache again after acquiring src_pte lock. Testing with a simple C program to allocate and move several GB of memory did not show any observable performance change. Cc: <stable(a)vger.kernel.org> Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Signed-off-by: Kairui Song <kasong(a)tencent.com> --- V1: https://lore.kernel.org/linux-mm/20250530201710.81365-1-ryncsn@gmail.com/ Changes: - Check swap_map instead of doing a filemap lookup after acquiring the PTE lock to minimize critical section overhead [ Barry Song, Lokesh Gidra ] mm/userfaultfd.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index bc473ad21202..a74ede04996c 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1084,8 +1084,11 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, + struct swap_info_struct *si) { + swp_entry_t entry; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1105,16 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check if the swap entry is cached after acquiring the src_pte + * lock. Or we might miss a new loaded swap cache folio. + */ + entry = pte_to_swp_entry(orig_src_pte); + if (si->swap_map[swp_offset(entry)] & SWAP_HAS_CACHE) { + double_pt_unlock(dst_ptl, src_ptl); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1409,10 +1422,20 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, folio_lock(src_folio); goto retry; } + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (unlikely(!folio_test_swapcache(folio) || + entry.val != folio->swap.val)) { + err = -EAGAIN; + goto out; + } } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si); } out: -- 2.49.0

3 months, 3 weeks

3
3
0 0

[PATCH] mm: Fix vmstat after removing NR_BOUNCE

by Kirill A. Shutemov

Hongyu noticed that the nr_unaccepted counter kept growing even in the absence of unaccepted memory on the machine. This happens due to a commit that removed NR_BOUNCE: it removed the counter from the enum zone_stat_item, but left it in the vmstat_text array. As a result, all counters below nr_bounce in /proc/vmstat are shifted by one line, causing the numa_hit counter to be labeled as nr_unaccepted. To fix this issue, remove nr_bounce from the vmstat_text array. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Hongyu Ning <hongyu.ning(a)linux.intel.com> Fixes: 194df9f66db8 ("mm: remove NR_BOUNCE zone stat") Cc: stable(a)vger.kernel.org Cc: Christoph Hellwig <hch(a)lst.de> Cc: Hannes Reinecke <hare(a)suse.de> Cc: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Cc: Jens Axboe <axboe(a)kernel.dk> --- mm/vmstat.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/vmstat.c b/mm/vmstat.c index 4c268ce39ff2..ae9882063d89 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -1201,7 +1201,6 @@ const char * const vmstat_text[] = { "nr_zone_unevictable", "nr_zone_write_pending", "nr_mlock", - "nr_bounce", #if IS_ENABLED(CONFIG_ZSMALLOC) "nr_zspages", #endif -- 2.47.2

3 months, 3 weeks

8
11
0 0

Re: [PATCH v4] virtio_blk: Fix disk deletion hang on device surprise removal

by ALOK TIWARI

On 31-05-2025 11:03, Parav Pandit wrote: > + if (!virtqueue_is_broken(vblk->vqs[0].vq)) is it call, if the virtqueue is not broken ? > + virtblk_cleanup_broken_device(vblk); > + > del_gendisk(vblk->disk); > blk_mq_free_tag_set(&vblk->tag_set); Thanks, Alok

3 months, 3 weeks

2
1
0 0

[PATCH AUTOSEL 5.4 01/22] drm/amdgpu/gfx6: fix CSIB handling

by Sasha Levin

From: Alex Deucher <alexander.deucher(a)amd.com> [ Upstream commit 8307ebc15c1ea98a8a0b7837af1faa6c01514577 ] We shouldn't return after the last section. We need to update the rest of the CSIB. Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Now let me understand what the bug is. Looking at the original code: ```c for (sect = adev->gfx.rlc.cs_data; sect->section != NULL; ++sect) { for (ext = sect->section; ext->extent != NULL; ++ext) { if (sect->id == SECT_CONTEXT) { // process SECT_CONTEXT sections } else { return; // BUG: This returns early, skipping remaining code } } } // Important code that should always run: buffer[count++] = cpu_to_le32(PACKET3(PACKET3_SET_CONTEXT_REG, 1)); buffer[count++] = cpu_to_le32(mmPA_SC_RASTER_CONFIG - PACKET3_SET_CONTEXT_REG_START); // ... more important buffer initialization ``` The fix removes the early return so that all sections are processed and the important buffer initialization at the end always runs. **YES** This commit should be backported to stable kernel trees for the following reasons: 1. **Clear Bug Fix**: The commit fixes a clear logic error where an early return statement prevents critical buffer initialization code from executing. The original code would return immediately when encountering a non- SECT_CONTEXT section, skipping the important packet commands that should always be written to the buffer (PACKET3_SET_CONTEXT_REG, PACKET3_PREAMBLE_END_CLEAR_STATE, PACKET3_CLEAR_STATE). 2. **Functional Impact**: This bug affects the Clear State Indirect Buffer (CSIB) handling in AMD GPU driver for GFX6 hardware. The incomplete buffer initialization could lead to: - Incorrect GPU state during graphics operations - Potential rendering issues or GPU hangs - Inconsistent hardware behavior 3. **Small and Contained Fix**: The fix is minimal - it simply removes two lines (the else block with return statement). This is a low-risk change that doesn't introduce new functionality or alter the architecture. 4. **Hardware-Specific Bug**: This affects real users with GFX6 AMD GPUs. The bug prevents proper initialization of the GPU's clear state buffer, which is essential for correct GPU operation. 5. **Similar to Historical Backports**: Looking at commit 4 in the similar commits (marked as YES for backporting), which also fixed preamble handling issues in the AMD GPU driver, this follows a similar pattern of fixing command buffer handling bugs. The commit message clearly indicates this is a bug fix ("We shouldn't return after the last section. We need to update the rest of the CSIB"), and the code change confirms that critical buffer initialization was being skipped due to the premature return. drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c index 7f0a63628c43a..eac329fe27902 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c @@ -2901,8 +2901,6 @@ static void gfx_v6_0_get_csb_buffer(struct amdgpu_device *adev, buffer[count++] = cpu_to_le32(ext->reg_index - 0xa000); for (i = 0; i < ext->reg_count; i++) buffer[count++] = cpu_to_le32(ext->extent[i]); - } else { - return; } } } -- 2.39.5

3 months, 3 weeks

1
21
0 0

[PATCH AUTOSEL 5.10 01/34] drm/amdgpu/gfx6: fix CSIB handling

by Sasha Levin

From: Alex Deucher <alexander.deucher(a)amd.com> [ Upstream commit 8307ebc15c1ea98a8a0b7837af1faa6c01514577 ] We shouldn't return after the last section. We need to update the rest of the CSIB. Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Now let me understand what the bug is. Looking at the original code: ```c for (sect = adev->gfx.rlc.cs_data; sect->section != NULL; ++sect) { for (ext = sect->section; ext->extent != NULL; ++ext) { if (sect->id == SECT_CONTEXT) { // process SECT_CONTEXT sections } else { return; // BUG: This returns early, skipping remaining code } } } // Important code that should always run: buffer[count++] = cpu_to_le32(PACKET3(PACKET3_SET_CONTEXT_REG, 1)); buffer[count++] = cpu_to_le32(mmPA_SC_RASTER_CONFIG - PACKET3_SET_CONTEXT_REG_START); // ... more important buffer initialization ``` The fix removes the early return so that all sections are processed and the important buffer initialization at the end always runs. **YES** This commit should be backported to stable kernel trees for the following reasons: 1. **Clear Bug Fix**: The commit fixes a clear logic error where an early return statement prevents critical buffer initialization code from executing. The original code would return immediately when encountering a non- SECT_CONTEXT section, skipping the important packet commands that should always be written to the buffer (PACKET3_SET_CONTEXT_REG, PACKET3_PREAMBLE_END_CLEAR_STATE, PACKET3_CLEAR_STATE). 2. **Functional Impact**: This bug affects the Clear State Indirect Buffer (CSIB) handling in AMD GPU driver for GFX6 hardware. The incomplete buffer initialization could lead to: - Incorrect GPU state during graphics operations - Potential rendering issues or GPU hangs - Inconsistent hardware behavior 3. **Small and Contained Fix**: The fix is minimal - it simply removes two lines (the else block with return statement). This is a low-risk change that doesn't introduce new functionality or alter the architecture. 4. **Hardware-Specific Bug**: This affects real users with GFX6 AMD GPUs. The bug prevents proper initialization of the GPU's clear state buffer, which is essential for correct GPU operation. 5. **Similar to Historical Backports**: Looking at commit 4 in the similar commits (marked as YES for backporting), which also fixed preamble handling issues in the AMD GPU driver, this follows a similar pattern of fixing command buffer handling bugs. The commit message clearly indicates this is a bug fix ("We shouldn't return after the last section. We need to update the rest of the CSIB"), and the code change confirms that critical buffer initialization was being skipped due to the premature return. drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c index 79c52c7a02e3a..d447b2416b98b 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c @@ -2896,8 +2896,6 @@ static void gfx_v6_0_get_csb_buffer(struct amdgpu_device *adev, buffer[count++] = cpu_to_le32(ext->reg_index - 0xa000); for (i = 0; i < ext->reg_count; i++) buffer[count++] = cpu_to_le32(ext->extent[i]); - } else { - return; } } } -- 2.39.5

3 months, 3 weeks

1
33
0 0

[PATCH AUTOSEL 5.15 01/43] drm/amdgpu/gfx6: fix CSIB handling

by Sasha Levin

From: Alex Deucher <alexander.deucher(a)amd.com> [ Upstream commit 8307ebc15c1ea98a8a0b7837af1faa6c01514577 ] We shouldn't return after the last section. We need to update the rest of the CSIB. Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Now let me understand what the bug is. Looking at the original code: ```c for (sect = adev->gfx.rlc.cs_data; sect->section != NULL; ++sect) { for (ext = sect->section; ext->extent != NULL; ++ext) { if (sect->id == SECT_CONTEXT) { // process SECT_CONTEXT sections } else { return; // BUG: This returns early, skipping remaining code } } } // Important code that should always run: buffer[count++] = cpu_to_le32(PACKET3(PACKET3_SET_CONTEXT_REG, 1)); buffer[count++] = cpu_to_le32(mmPA_SC_RASTER_CONFIG - PACKET3_SET_CONTEXT_REG_START); // ... more important buffer initialization ``` The fix removes the early return so that all sections are processed and the important buffer initialization at the end always runs. **YES** This commit should be backported to stable kernel trees for the following reasons: 1. **Clear Bug Fix**: The commit fixes a clear logic error where an early return statement prevents critical buffer initialization code from executing. The original code would return immediately when encountering a non- SECT_CONTEXT section, skipping the important packet commands that should always be written to the buffer (PACKET3_SET_CONTEXT_REG, PACKET3_PREAMBLE_END_CLEAR_STATE, PACKET3_CLEAR_STATE). 2. **Functional Impact**: This bug affects the Clear State Indirect Buffer (CSIB) handling in AMD GPU driver for GFX6 hardware. The incomplete buffer initialization could lead to: - Incorrect GPU state during graphics operations - Potential rendering issues or GPU hangs - Inconsistent hardware behavior 3. **Small and Contained Fix**: The fix is minimal - it simply removes two lines (the else block with return statement). This is a low-risk change that doesn't introduce new functionality or alter the architecture. 4. **Hardware-Specific Bug**: This affects real users with GFX6 AMD GPUs. The bug prevents proper initialization of the GPU's clear state buffer, which is essential for correct GPU operation. 5. **Similar to Historical Backports**: Looking at commit 4 in the similar commits (marked as YES for backporting), which also fixed preamble handling issues in the AMD GPU driver, this follows a similar pattern of fixing command buffer handling bugs. The commit message clearly indicates this is a bug fix ("We shouldn't return after the last section. We need to update the rest of the CSIB"), and the code change confirms that critical buffer initialization was being skipped due to the premature return. drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c index 6a8dadea40f92..79074d22959b9 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c @@ -2897,8 +2897,6 @@ static void gfx_v6_0_get_csb_buffer(struct amdgpu_device *adev, buffer[count++] = cpu_to_le32(ext->reg_index - 0xa000); for (i = 0; i < ext->reg_count; i++) buffer[count++] = cpu_to_le32(ext->extent[i]); - } else { - return; } } } -- 2.39.5

3 months, 3 weeks

1
42
0 0

[PATCH AUTOSEL 6.1 01/58] drm/amdgpu/gfx6: fix CSIB handling

by Sasha Levin

From: Alex Deucher <alexander.deucher(a)amd.com> [ Upstream commit 8307ebc15c1ea98a8a0b7837af1faa6c01514577 ] We shouldn't return after the last section. We need to update the rest of the CSIB. Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Now let me understand what the bug is. Looking at the original code: ```c for (sect = adev->gfx.rlc.cs_data; sect->section != NULL; ++sect) { for (ext = sect->section; ext->extent != NULL; ++ext) { if (sect->id == SECT_CONTEXT) { // process SECT_CONTEXT sections } else { return; // BUG: This returns early, skipping remaining code } } } // Important code that should always run: buffer[count++] = cpu_to_le32(PACKET3(PACKET3_SET_CONTEXT_REG, 1)); buffer[count++] = cpu_to_le32(mmPA_SC_RASTER_CONFIG - PACKET3_SET_CONTEXT_REG_START); // ... more important buffer initialization ``` The fix removes the early return so that all sections are processed and the important buffer initialization at the end always runs. **YES** This commit should be backported to stable kernel trees for the following reasons: 1. **Clear Bug Fix**: The commit fixes a clear logic error where an early return statement prevents critical buffer initialization code from executing. The original code would return immediately when encountering a non- SECT_CONTEXT section, skipping the important packet commands that should always be written to the buffer (PACKET3_SET_CONTEXT_REG, PACKET3_PREAMBLE_END_CLEAR_STATE, PACKET3_CLEAR_STATE). 2. **Functional Impact**: This bug affects the Clear State Indirect Buffer (CSIB) handling in AMD GPU driver for GFX6 hardware. The incomplete buffer initialization could lead to: - Incorrect GPU state during graphics operations - Potential rendering issues or GPU hangs - Inconsistent hardware behavior 3. **Small and Contained Fix**: The fix is minimal - it simply removes two lines (the else block with return statement). This is a low-risk change that doesn't introduce new functionality or alter the architecture. 4. **Hardware-Specific Bug**: This affects real users with GFX6 AMD GPUs. The bug prevents proper initialization of the GPU's clear state buffer, which is essential for correct GPU operation. 5. **Similar to Historical Backports**: Looking at commit 4 in the similar commits (marked as YES for backporting), which also fixed preamble handling issues in the AMD GPU driver, this follows a similar pattern of fixing command buffer handling bugs. The commit message clearly indicates this is a bug fix ("We shouldn't return after the last section. We need to update the rest of the CSIB"), and the code change confirms that critical buffer initialization was being skipped due to the premature return. drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c index 204b246f0e3f9..0219f1175c078 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c @@ -2873,8 +2873,6 @@ static void gfx_v6_0_get_csb_buffer(struct amdgpu_device *adev, buffer[count++] = cpu_to_le32(ext->reg_index - 0xa000); for (i = 0; i < ext->reg_count; i++) buffer[count++] = cpu_to_le32(ext->extent[i]); - } else { - return; } } } -- 2.39.5

3 months, 3 weeks

1
57
0 0

[PATCH AUTOSEL 6.6 01/66] drm/amdgpu/gfx6: fix CSIB handling

by Sasha Levin

From: Alex Deucher <alexander.deucher(a)amd.com> [ Upstream commit 8307ebc15c1ea98a8a0b7837af1faa6c01514577 ] We shouldn't return after the last section. We need to update the rest of the CSIB. Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Now let me understand what the bug is. Looking at the original code: ```c for (sect = adev->gfx.rlc.cs_data; sect->section != NULL; ++sect) { for (ext = sect->section; ext->extent != NULL; ++ext) { if (sect->id == SECT_CONTEXT) { // process SECT_CONTEXT sections } else { return; // BUG: This returns early, skipping remaining code } } } // Important code that should always run: buffer[count++] = cpu_to_le32(PACKET3(PACKET3_SET_CONTEXT_REG, 1)); buffer[count++] = cpu_to_le32(mmPA_SC_RASTER_CONFIG - PACKET3_SET_CONTEXT_REG_START); // ... more important buffer initialization ``` The fix removes the early return so that all sections are processed and the important buffer initialization at the end always runs. **YES** This commit should be backported to stable kernel trees for the following reasons: 1. **Clear Bug Fix**: The commit fixes a clear logic error where an early return statement prevents critical buffer initialization code from executing. The original code would return immediately when encountering a non- SECT_CONTEXT section, skipping the important packet commands that should always be written to the buffer (PACKET3_SET_CONTEXT_REG, PACKET3_PREAMBLE_END_CLEAR_STATE, PACKET3_CLEAR_STATE). 2. **Functional Impact**: This bug affects the Clear State Indirect Buffer (CSIB) handling in AMD GPU driver for GFX6 hardware. The incomplete buffer initialization could lead to: - Incorrect GPU state during graphics operations - Potential rendering issues or GPU hangs - Inconsistent hardware behavior 3. **Small and Contained Fix**: The fix is minimal - it simply removes two lines (the else block with return statement). This is a low-risk change that doesn't introduce new functionality or alter the architecture. 4. **Hardware-Specific Bug**: This affects real users with GFX6 AMD GPUs. The bug prevents proper initialization of the GPU's clear state buffer, which is essential for correct GPU operation. 5. **Similar to Historical Backports**: Looking at commit 4 in the similar commits (marked as YES for backporting), which also fixed preamble handling issues in the AMD GPU driver, this follows a similar pattern of fixing command buffer handling bugs. The commit message clearly indicates this is a bug fix ("We shouldn't return after the last section. We need to update the rest of the CSIB"), and the code change confirms that critical buffer initialization was being skipped due to the premature return. drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c index 34f9211b26793..80316297374cc 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c @@ -2860,8 +2860,6 @@ static void gfx_v6_0_get_csb_buffer(struct amdgpu_device *adev, buffer[count++] = cpu_to_le32(ext->reg_index - 0xa000); for (i = 0; i < ext->reg_count; i++) buffer[count++] = cpu_to_le32(ext->extent[i]); - } else { - return; } } } -- 2.39.5

3 months, 3 weeks

1
65
0 0

[PATCH AUTOSEL 6.12 01/93] drm/amd/display: disable DPP RCG before DPP CLK enable

by Sasha Levin

From: Charlene Liu <Charlene.Liu(a)amd.com> [ Upstream commit 1bcd679209420305a86833bc357d50021909edaf ] [why] DPP CLK enable needs to disable DPPCLK RCG first. The DPPCLK_en in dccg should always be enabled when the corresponding pipe is enabled. Reviewed-by: Hansen Dsouza <hansen.dsouza(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of both the commit message and code changes, my answer is: **YES** This commit should be backported to stable kernel trees for the following reasons: ## Critical Hardware Sequencing Fix The commit addresses a fundamental hardware sequencing requirement where DPP (Display Pipes and Planes) Root Clock Gating (RCG) must be disabled before enabling the DPP clock. This is a critical timing constraint that, if violated, can cause severe system issues. ## Specific Code Evidence 1. **In `dccg35_update_dpp_dto()`**, the fix adds a crucial sequencing step: ```c + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, phase, DPPCLK0_DTO_MODULO, modulo); dcn35_set_dppclk_enable(dccg, dpp_inst, true); ``` This ensures RCG is disabled (false) before enabling the DPP clock. 2. **In `dcn35_enable_plane()`**, explicit clock control is added: ```c + /*make sure DPPCLK is on*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, true); + dpp->funcs->dpp_dppclk_control(dpp, false, true); ``` 3. **Removal of problematic init code** in `dcn35_init_hw()`: ```c - if (res_pool->dccg->funcs->dccg_root_gate_disable_control) { - for (i = 0; i < res_pool->pipe_count; i++) - res_pool->dccg->funcs->dccg_root_gate_disable_control(res_pool->dccg, i, 0); - } ``` ## Similarity to Previous Critical Fixes This commit follows the pattern of Similar Commit #1, which also addressed clock gating sequencing issues that could cause system hangs. The commit message explicitly states this is needed because "DPP CLK enable needs to disable DPPCLK RCG first." ## Impact and Risk Assessment - **Bug Fixed**: Incorrect clock sequencing that can cause system instability - **Scope**: Limited to DCN35 display hardware (recent AMD GPUs) - **Complexity**: Small, focused changes with clear purpose - **Risk**: Low risk of regression - adds proper sequencing without major architectural changes This fix meets all criteria for stable backporting: - Fixes a real bug affecting users (system stability) - Small and contained changes - No new features or architectural changes - Addresses hardware constraints that cannot be worked around The commit should be backported to all stable kernels that include DCN35 display support to ensure proper display functionality and system stability for users with affected AMD GPUs. .../amd/display/dc/dccg/dcn35/dcn35_dccg.c | 38 ++++++++++++------- .../amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 ++++++---- 2 files changed, 38 insertions(+), 21 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c index b363f5360818d..ad910065f463f 100644 --- a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c +++ b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c @@ -391,6 +391,7 @@ static void dccg35_set_dppclk_rcg(struct dccg *dccg, struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); + if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp && enable) return; @@ -411,6 +412,8 @@ static void dccg35_set_dppclk_rcg(struct dccg *dccg, BREAK_TO_DEBUGGER(); break; } + //DC_LOG_DEBUG("%s: inst(%d) DPPCLK rcg_disable: %d\n", __func__, inst, enable ? 0 : 1); + } static void dccg35_set_dpstreamclk_rcg( @@ -1112,30 +1115,24 @@ static void dcn35_set_dppclk_enable(struct dccg *dccg, { struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); + switch (dpp_inst) { case 0: REG_UPDATE(DPPCLK_CTRL, DPPCLK0_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); break; case 1: REG_UPDATE(DPPCLK_CTRL, DPPCLK1_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK1_ROOT_GATE_DISABLE, enable); break; case 2: REG_UPDATE(DPPCLK_CTRL, DPPCLK2_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK2_ROOT_GATE_DISABLE, enable); break; case 3: REG_UPDATE(DPPCLK_CTRL, DPPCLK3_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK3_ROOT_GATE_DISABLE, enable); break; default: break; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) DPPCLK_EN = %d\n", __func__, dpp_inst, enable); } @@ -1163,14 +1160,18 @@ static void dccg35_update_dpp_dto(struct dccg *dccg, int dpp_inst, ASSERT(false); phase = 0xff; } + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, phase, DPPCLK0_DTO_MODULO, modulo); dcn35_set_dppclk_enable(dccg, dpp_inst, true); - } else + } else { dcn35_set_dppclk_enable(dccg, dpp_inst, false); + /*we have this in hwss: disable_plane*/ + //dccg35_set_dppclk_rcg(dccg, dpp_inst, true); + } dccg->pipe_dppclk_khz[dpp_inst] = req_dppclk; } @@ -1182,6 +1183,7 @@ static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) return; + switch (dpp_inst) { case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); @@ -1198,6 +1200,8 @@ static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, default: break; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) rcg: %d\n", __func__, dpp_inst, enable); + } static void dccg35_get_pixel_rate_div( @@ -1521,28 +1525,30 @@ static void dccg35_set_physymclk_root_clock_gating( switch (phy_inst) { case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 1: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 2: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 3: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 4: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; default: BREAK_TO_DEBUGGER(); return; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) PHYESYMCLK_ROOT_GATE_DISABLE:\n", __func__, phy_inst, enable ? 0 : 1); + } static void dccg35_set_physymclk( @@ -1643,6 +1649,8 @@ static void dccg35_dpp_root_clock_control( return; if (clock_on) { + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); + /* turn off the DTO and leave phase/modulo at max */ dcn35_set_dppclk_enable(dccg, dpp_inst, 1); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, @@ -1654,6 +1662,8 @@ static void dccg35_dpp_root_clock_control( REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, 0, DPPCLK0_DTO_MODULO, 1); + /*we have this in hwss: disable_plane*/ + //dccg35_set_dppclk_rcg(dccg, dpp_inst, true); } dccg->dpp_clock_gated[dpp_inst] = !clock_on; diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index ca446e08f6a27..ff247689dd6d5 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -241,11 +241,6 @@ void dcn35_init_hw(struct dc *dc) dc->res_pool->hubbub->funcs->allow_self_refresh_control(dc->res_pool->hubbub, !dc->res_pool->hubbub->ctx->dc->debug.disable_stutter); } - if (res_pool->dccg->funcs->dccg_root_gate_disable_control) { - for (i = 0; i < res_pool->pipe_count; i++) - res_pool->dccg->funcs->dccg_root_gate_disable_control(res_pool->dccg, i, 0); - } - for (i = 0; i < res_pool->audio_count; i++) { struct audio *audio = res_pool->audios[i]; @@ -885,12 +880,18 @@ void dcn35_init_pipes(struct dc *dc, struct dc_state *context) void dcn35_enable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx, struct dc_state *context) { + struct dpp *dpp = pipe_ctx->plane_res.dpp; + struct dccg *dccg = dc->res_pool->dccg; + + /* enable DCFCLK current DCHUB */ pipe_ctx->plane_res.hubp->funcs->hubp_clk_cntl(pipe_ctx->plane_res.hubp, true); /* initialize HUBP on power up */ pipe_ctx->plane_res.hubp->funcs->hubp_init(pipe_ctx->plane_res.hubp); - + /*make sure DPPCLK is on*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, true); + dpp->funcs->dpp_dppclk_control(dpp, false, true); /* make sure OPP_PIPE_CLOCK_EN = 1 */ pipe_ctx->stream_res.opp->funcs->opp_pipe_clock_control( pipe_ctx->stream_res.opp, @@ -907,6 +908,7 @@ void dcn35_enable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx, // Program system aperture settings pipe_ctx->plane_res.hubp->funcs->hubp_set_vm_system_aperture_settings(pipe_ctx->plane_res.hubp, &apt); } + //DC_LOG_DEBUG("%s: dpp_inst(%d) =\n", __func__, dpp->inst); if (!pipe_ctx->top_pipe && pipe_ctx->plane_state @@ -922,6 +924,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) { struct hubp *hubp = pipe_ctx->plane_res.hubp; struct dpp *dpp = pipe_ctx->plane_res.dpp; + struct dccg *dccg = dc->res_pool->dccg; + dc->hwss.wait_for_mpcc_disconnect(dc, dc->res_pool, pipe_ctx); @@ -939,7 +943,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) hubp->funcs->hubp_clk_cntl(hubp, false); dpp->funcs->dpp_dppclk_control(dpp, false, false); -/*to do, need to support both case*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, false); + hubp->power_gated = true; hubp->funcs->hubp_reset(hubp); @@ -951,6 +956,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) pipe_ctx->top_pipe = NULL; pipe_ctx->bottom_pipe = NULL; pipe_ctx->plane_state = NULL; + //DC_LOG_DEBUG("%s: dpp_inst(%d)=\n", __func__, dpp->inst); + } void dcn35_disable_plane(struct dc *dc, struct dc_state *state, struct pipe_ctx *pipe_ctx) -- 2.39.5

3 months, 3 weeks

1
92
0 0

[PATCH AUTOSEL 6.14 001/102] drm/amd/display: disable DPP RCG before DPP CLK enable

by Sasha Levin

From: Charlene Liu <Charlene.Liu(a)amd.com> [ Upstream commit 1bcd679209420305a86833bc357d50021909edaf ] [why] DPP CLK enable needs to disable DPPCLK RCG first. The DPPCLK_en in dccg should always be enabled when the corresponding pipe is enabled. Reviewed-by: Hansen Dsouza <hansen.dsouza(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of both the commit message and code changes, my answer is: **YES** This commit should be backported to stable kernel trees for the following reasons: ## Critical Hardware Sequencing Fix The commit addresses a fundamental hardware sequencing requirement where DPP (Display Pipes and Planes) Root Clock Gating (RCG) must be disabled before enabling the DPP clock. This is a critical timing constraint that, if violated, can cause severe system issues. ## Specific Code Evidence 1. **In `dccg35_update_dpp_dto()`**, the fix adds a crucial sequencing step: ```c + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, phase, DPPCLK0_DTO_MODULO, modulo); dcn35_set_dppclk_enable(dccg, dpp_inst, true); ``` This ensures RCG is disabled (false) before enabling the DPP clock. 2. **In `dcn35_enable_plane()`**, explicit clock control is added: ```c + /*make sure DPPCLK is on*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, true); + dpp->funcs->dpp_dppclk_control(dpp, false, true); ``` 3. **Removal of problematic init code** in `dcn35_init_hw()`: ```c - if (res_pool->dccg->funcs->dccg_root_gate_disable_control) { - for (i = 0; i < res_pool->pipe_count; i++) - res_pool->dccg->funcs->dccg_root_gate_disable_control(res_pool->dccg, i, 0); - } ``` ## Similarity to Previous Critical Fixes This commit follows the pattern of Similar Commit #1, which also addressed clock gating sequencing issues that could cause system hangs. The commit message explicitly states this is needed because "DPP CLK enable needs to disable DPPCLK RCG first." ## Impact and Risk Assessment - **Bug Fixed**: Incorrect clock sequencing that can cause system instability - **Scope**: Limited to DCN35 display hardware (recent AMD GPUs) - **Complexity**: Small, focused changes with clear purpose - **Risk**: Low risk of regression - adds proper sequencing without major architectural changes This fix meets all criteria for stable backporting: - Fixes a real bug affecting users (system stability) - Small and contained changes - No new features or architectural changes - Addresses hardware constraints that cannot be worked around The commit should be backported to all stable kernels that include DCN35 display support to ensure proper display functionality and system stability for users with affected AMD GPUs. .../amd/display/dc/dccg/dcn35/dcn35_dccg.c | 38 ++++++++++++------- .../amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 ++++++---- 2 files changed, 38 insertions(+), 21 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c index b363f5360818d..ad910065f463f 100644 --- a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c +++ b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c @@ -391,6 +391,7 @@ static void dccg35_set_dppclk_rcg(struct dccg *dccg, struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); + if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp && enable) return; @@ -411,6 +412,8 @@ static void dccg35_set_dppclk_rcg(struct dccg *dccg, BREAK_TO_DEBUGGER(); break; } + //DC_LOG_DEBUG("%s: inst(%d) DPPCLK rcg_disable: %d\n", __func__, inst, enable ? 0 : 1); + } static void dccg35_set_dpstreamclk_rcg( @@ -1112,30 +1115,24 @@ static void dcn35_set_dppclk_enable(struct dccg *dccg, { struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); + switch (dpp_inst) { case 0: REG_UPDATE(DPPCLK_CTRL, DPPCLK0_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); break; case 1: REG_UPDATE(DPPCLK_CTRL, DPPCLK1_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK1_ROOT_GATE_DISABLE, enable); break; case 2: REG_UPDATE(DPPCLK_CTRL, DPPCLK2_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK2_ROOT_GATE_DISABLE, enable); break; case 3: REG_UPDATE(DPPCLK_CTRL, DPPCLK3_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK3_ROOT_GATE_DISABLE, enable); break; default: break; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) DPPCLK_EN = %d\n", __func__, dpp_inst, enable); } @@ -1163,14 +1160,18 @@ static void dccg35_update_dpp_dto(struct dccg *dccg, int dpp_inst, ASSERT(false); phase = 0xff; } + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, phase, DPPCLK0_DTO_MODULO, modulo); dcn35_set_dppclk_enable(dccg, dpp_inst, true); - } else + } else { dcn35_set_dppclk_enable(dccg, dpp_inst, false); + /*we have this in hwss: disable_plane*/ + //dccg35_set_dppclk_rcg(dccg, dpp_inst, true); + } dccg->pipe_dppclk_khz[dpp_inst] = req_dppclk; } @@ -1182,6 +1183,7 @@ static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) return; + switch (dpp_inst) { case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); @@ -1198,6 +1200,8 @@ static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, default: break; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) rcg: %d\n", __func__, dpp_inst, enable); + } static void dccg35_get_pixel_rate_div( @@ -1521,28 +1525,30 @@ static void dccg35_set_physymclk_root_clock_gating( switch (phy_inst) { case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 1: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 2: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 3: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 4: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; default: BREAK_TO_DEBUGGER(); return; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) PHYESYMCLK_ROOT_GATE_DISABLE:\n", __func__, phy_inst, enable ? 0 : 1); + } static void dccg35_set_physymclk( @@ -1643,6 +1649,8 @@ static void dccg35_dpp_root_clock_control( return; if (clock_on) { + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); + /* turn off the DTO and leave phase/modulo at max */ dcn35_set_dppclk_enable(dccg, dpp_inst, 1); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, @@ -1654,6 +1662,8 @@ static void dccg35_dpp_root_clock_control( REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, 0, DPPCLK0_DTO_MODULO, 1); + /*we have this in hwss: disable_plane*/ + //dccg35_set_dppclk_rcg(dccg, dpp_inst, true); } dccg->dpp_clock_gated[dpp_inst] = !clock_on; diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index 922b8d71cf1aa..63077c1fad859 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -241,11 +241,6 @@ void dcn35_init_hw(struct dc *dc) dc->res_pool->hubbub->funcs->allow_self_refresh_control(dc->res_pool->hubbub, !dc->res_pool->hubbub->ctx->dc->debug.disable_stutter); } - if (res_pool->dccg->funcs->dccg_root_gate_disable_control) { - for (i = 0; i < res_pool->pipe_count; i++) - res_pool->dccg->funcs->dccg_root_gate_disable_control(res_pool->dccg, i, 0); - } - for (i = 0; i < res_pool->audio_count; i++) { struct audio *audio = res_pool->audios[i]; @@ -901,12 +896,18 @@ void dcn35_init_pipes(struct dc *dc, struct dc_state *context) void dcn35_enable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx, struct dc_state *context) { + struct dpp *dpp = pipe_ctx->plane_res.dpp; + struct dccg *dccg = dc->res_pool->dccg; + + /* enable DCFCLK current DCHUB */ pipe_ctx->plane_res.hubp->funcs->hubp_clk_cntl(pipe_ctx->plane_res.hubp, true); /* initialize HUBP on power up */ pipe_ctx->plane_res.hubp->funcs->hubp_init(pipe_ctx->plane_res.hubp); - + /*make sure DPPCLK is on*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, true); + dpp->funcs->dpp_dppclk_control(dpp, false, true); /* make sure OPP_PIPE_CLOCK_EN = 1 */ pipe_ctx->stream_res.opp->funcs->opp_pipe_clock_control( pipe_ctx->stream_res.opp, @@ -923,6 +924,7 @@ void dcn35_enable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx, // Program system aperture settings pipe_ctx->plane_res.hubp->funcs->hubp_set_vm_system_aperture_settings(pipe_ctx->plane_res.hubp, &apt); } + //DC_LOG_DEBUG("%s: dpp_inst(%d) =\n", __func__, dpp->inst); if (!pipe_ctx->top_pipe && pipe_ctx->plane_state @@ -938,6 +940,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) { struct hubp *hubp = pipe_ctx->plane_res.hubp; struct dpp *dpp = pipe_ctx->plane_res.dpp; + struct dccg *dccg = dc->res_pool->dccg; + dc->hwss.wait_for_mpcc_disconnect(dc, dc->res_pool, pipe_ctx); @@ -955,7 +959,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) hubp->funcs->hubp_clk_cntl(hubp, false); dpp->funcs->dpp_dppclk_control(dpp, false, false); -/*to do, need to support both case*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, false); + hubp->power_gated = true; hubp->funcs->hubp_reset(hubp); @@ -967,6 +972,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) pipe_ctx->top_pipe = NULL; pipe_ctx->bottom_pipe = NULL; pipe_ctx->plane_state = NULL; + //DC_LOG_DEBUG("%s: dpp_inst(%d)=\n", __func__, dpp->inst); + } void dcn35_disable_plane(struct dc *dc, struct dc_state *state, struct pipe_ctx *pipe_ctx) -- 2.39.5

3 months, 3 weeks

1
101
0 0

[PATCH 5.15] x86/its: Fix undefined reference to cpu_wants_rethunk_at()

by Pawan Gupta

Below error was reported in a 32-bit kernel build: static_call.c:(.ref.text+0x46): undefined reference to `cpu_wants_rethunk_at' make[1]: [Makefile:1234: vmlinux] Error This is because the definition of cpu_wants_rethunk_at() depends on CONFIG_STACK_VALIDATION which is only enabled in 64-bit mode. Define the empty function for CONFIG_STACK_VALIDATION=n, rethunk mitigation is anyways not supported without it. Reported-by: Guenter Roeck <linux(a)roeck-us.net> Fixes: 5d19a0574b75 ("x86/its: Add support for ITS-safe return thunk") Signed-off-by: Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Link: https://lore.kernel.org/stable/0f597436-5da6-4319-b918-9f57bde5634a@roeck-u… --- arch/x86/include/asm/alternative.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h index 1797f80c10de..a5f704dbb4a1 100644 --- a/arch/x86/include/asm/alternative.h +++ b/arch/x86/include/asm/alternative.h @@ -98,7 +98,7 @@ static inline u8 *its_static_thunk(int reg) } #endif -#ifdef CONFIG_RETHUNK +#if defined(CONFIG_RETHUNK) && defined(CONFIG_STACK_VALIDATION) extern bool cpu_wants_rethunk(void); extern bool cpu_wants_rethunk_at(void *addr); #else -- 2.34.1

3 months, 3 weeks

2
1
0 0

[merged mm-stable] mm-khugepaged-fix-race-with-folio-split-free-using-temporary-reference.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/khugepaged: fix race with folio split/free using temporary reference has been removed from the -mm tree. Its filename was mm-khugepaged-fix-race-with-folio-split-free-using-temporary-reference.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Shivank Garg <shivankg(a)amd.com> Subject: mm/khugepaged: fix race with folio split/free using temporary reference Date: Mon, 26 May 2025 18:28:18 +0000 hpage_collapse_scan_file() calls is_refcount_suitable(), which in turn calls folio_mapcount(). folio_mapcount() checks folio_test_large() before proceeding to folio_large_mapcount(), but there is a race window where the folio may get split/freed between these checks, triggering: VM_WARN_ON_FOLIO(!folio_test_large(folio), folio) Take a temporary reference to the folio in hpage_collapse_scan_file(). This stabilizes the folio during refcount check and prevents incorrect large folio detection due to concurrent split/free. Use helper folio_expected_ref_count() + 1 to compare with folio_ref_count() instead of using is_refcount_suitable(). Link: https://lkml.kernel.org/r/20250526182818.37978-1-shivankg@amd.com Fixes: 05c5323b2a34 ("mm: track mapcount of large folios in single value") Signed-off-by: Shivank Garg <shivankg(a)amd.com> Reported-by: syzbot+2b99589e33edbe9475ca(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/6828470d.a70a0220.38f255.000c.GAE@google.com Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Dev Jain <dev.jain(a)arm.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Bharata B Rao <bharata(a)amd.com> Cc: Fengwei Yin <fengwei.yin(a)intel.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mariano Pache <npache(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/khugepaged.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) --- a/mm/khugepaged.c~mm-khugepaged-fix-race-with-folio-split-free-using-temporary-reference +++ a/mm/khugepaged.c @@ -2293,6 +2293,17 @@ static int hpage_collapse_scan_file(stru continue; } + if (!folio_try_get(folio)) { + xas_reset(&xas); + continue; + } + + if (unlikely(folio != xas_reload(&xas))) { + folio_put(folio); + xas_reset(&xas); + continue; + } + if (folio_order(folio) == HPAGE_PMD_ORDER && folio->index == start) { /* Maybe PMD-mapped */ @@ -2303,23 +2314,27 @@ static int hpage_collapse_scan_file(stru * it's safe to skip LRU and refcount checks before * returning. */ + folio_put(folio); break; } node = folio_nid(folio); if (hpage_collapse_scan_abort(node, cc)) { result = SCAN_SCAN_ABORT; + folio_put(folio); break; } cc->node_load[node]++; if (!folio_test_lru(folio)) { result = SCAN_PAGE_LRU; + folio_put(folio); break; } - if (!is_refcount_suitable(folio)) { + if (folio_expected_ref_count(folio) + 1 != folio_ref_count(folio)) { result = SCAN_PAGE_COUNT; + folio_put(folio); break; } @@ -2331,6 +2346,7 @@ static int hpage_collapse_scan_file(stru */ present += folio_nr_pages(folio); + folio_put(folio); if (need_resched()) { xas_pause(&xas); _ Patches currently in -mm which might be from shivankg(a)amd.com are

3 months, 3 weeks

1
0
0 0

+ kvm-s390-rename-prot_none-to-prot_type_dummy.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY has been added to the -mm mm-hotfixes-unstable branch. Its filename is kvm-s390-rename-prot_none-to-prot_type_dummy.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY Date: Mon, 19 May 2025 15:56:57 +0100 The enum type prot_type declared in arch/s390/kvm/gaccess.c declares an unfortunate identifier within it - PROT_NONE. This clashes with the protection bit define from the uapi for mmap() declared in include/uapi/asm-generic/mman-common.h, which is indeed what those casually reading this code would assume this to refer to. This means that any changes which subsequently alter headers in any way which results in the uapi header being imported here will cause build errors. Resolve the issue by renaming PROT_NONE to PROT_TYPE_DUMMY. Link: https://lkml.kernel.org/r/20250519145657.178365-1-lorenzo.stoakes@oracle.com Fixes: b3cefd6bf16e ("KVM: s390: Pass initialized arg even if unused") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Suggested-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202505140943.IgHDa9s7-lkp@intel.com/ Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com> Acked-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> Acked-by: Yang Shi <yang(a)os.amperecomputing.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Claudio Imbrenda <imbrenda(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: James Houghton <jthoughton(a)google.com> Cc: Janosch Frank <frankja(a)linux.ibm.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/s390/kvm/gaccess.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/arch/s390/kvm/gaccess.c~kvm-s390-rename-prot_none-to-prot_type_dummy +++ a/arch/s390/kvm/gaccess.c @@ -318,7 +318,7 @@ enum prot_type { PROT_TYPE_DAT = 3, PROT_TYPE_IEP = 4, /* Dummy value for passing an initialized value when code != PGM_PROTECTION */ - PROT_NONE, + PROT_TYPE_DUMMY, }; static int trans_exc_ending(struct kvm_vcpu *vcpu, int code, unsigned long gva, u8 ar, @@ -334,7 +334,7 @@ static int trans_exc_ending(struct kvm_v switch (code) { case PGM_PROTECTION: switch (prot) { - case PROT_NONE: + case PROT_TYPE_DUMMY: /* We should never get here, acts like termination */ WARN_ON_ONCE(1); break; @@ -804,7 +804,7 @@ static int guest_range_to_gpas(struct kv gpa = kvm_s390_real_to_abs(vcpu, ga); if (!kvm_is_gpa_in_memslot(vcpu->kvm, gpa)) { rc = PGM_ADDRESSING; - prot = PROT_NONE; + prot = PROT_TYPE_DUMMY; } } if (rc) @@ -962,7 +962,7 @@ int access_guest_with_key(struct kvm_vcp if (rc == PGM_PROTECTION) prot = PROT_TYPE_KEYC; else - prot = PROT_NONE; + prot = PROT_TYPE_DUMMY; rc = trans_exc_ending(vcpu, rc, ga, ar, mode, prot, terminate); } out_unlock: _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are kvm-s390-rename-prot_none-to-prot_type_dummy.patch tools-testing-vma-add-missing-function-stub.patch

3 months, 3 weeks

1
0
0 0

[PATCH v2] iio: adc: adi-axi-adc: fix ad7606_bus_reg_read()

by David Lechner

Mask the value read before returning it. The value read over the parallel bus via the AXI ADC IP block contains both the address and the data, but callers expect val to only contain the data. axi_adc_raw_write() takes a u32 parameter, so addr was the wrong type. This wasn't causing any issues but is corrected anyway since we are touching the same line to add a new variable. Cc: stable(a)vger.kernel.org Fixes: 79c47485e438 ("iio: adc: adi-axi-adc: add support for AD7606 register writing") Signed-off-by: David Lechner <dlechner(a)baylibre.com> --- Changes in v2: - Use ADI_AXI_REG_VALUE_MASK instead of hard-coding 0xFF. - Introduce local variable and use FIELD_PREP() instead of modifying val. - Link to v1: https://lore.kernel.org/r/20250530-iio-adc-adi-axi-adc-fix-ad7606_bus_reg_r… --- drivers/iio/adc/adi-axi-adc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/iio/adc/adi-axi-adc.c b/drivers/iio/adc/adi-axi-adc.c index cf942c043457ccea49207c3900153ee371b3774f..fc745297bcb82cf2cf7f30c7fcf9bba2d861a48c 100644 --- a/drivers/iio/adc/adi-axi-adc.c +++ b/drivers/iio/adc/adi-axi-adc.c @@ -445,7 +445,7 @@ static int axi_adc_raw_read(struct iio_backend *back, u32 *val) static int ad7606_bus_reg_read(struct iio_backend *back, u32 reg, u32 *val) { struct adi_axi_adc_state *st = iio_backend_get_priv(back); - int addr; + u32 addr, reg_val; guard(mutex)(&st->lock); @@ -455,7 +455,9 @@ static int ad7606_bus_reg_read(struct iio_backend *back, u32 reg, u32 *val) */ addr = FIELD_PREP(ADI_AXI_REG_ADDRESS_MASK, reg) | ADI_AXI_REG_READ_BIT; axi_adc_raw_write(back, addr); - axi_adc_raw_read(back, val); + axi_adc_raw_read(back, &reg_val); + + *val = FIELD_GET(ADI_AXI_REG_VALUE_MASK, reg_val); /* Write 0x0 on the bus to get back to ADC mode */ axi_adc_raw_write(back, 0); --- base-commit: 7cdfbc0113d087348b8e65dd79276d0f57b89a10 change-id: 20250530-iio-adc-adi-axi-adc-fix-ad7606_bus_reg_read-f2bbb503db8b Best regards, -- David Lechner <dlechner(a)baylibre.com>

3 months, 3 weeks

2
1
0 0

[PATCH 1/2] apparmor: Fix 8-byte alignment for initial dfa blob streams

by deller＠kernel.org

From: Helge Deller <deller(a)gmx.de> The dfa blob stream for the aa_dfa_unpack() function is expected to be aligned on a 8 byte boundary. The static nulldfa_src[] and stacksplitdfa_src[] arrays store the inital apparmor dfa blob streams, but since they are declared as an array-of-chars the compiler and linker will only ensure a "char" (1-byte) alignment. Add an __aligned(8) annotation to the arrays to tell the linker to always align them on a 8-byte boundary. This avoids runtime warnings at startup on alignment-sensitive platforms like parisc such as: Kernel: unaligned access to 0x7f2a584a in aa_dfa_unpack+0x124/0x788 (iir 0xca0109f) Kernel: unaligned access to 0x7f2a584e in aa_dfa_unpack+0x210/0x788 (iir 0xca8109c) Kernel: unaligned access to 0x7f2a586a in aa_dfa_unpack+0x278/0x788 (iir 0xcb01090) Signed-off-by: Helge Deller <deller(a)gmx.de> Cc: stable(a)vger.kernel.org --- security/apparmor/lsm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 9b6c2f157f83..531bde29cccb 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -2149,12 +2149,12 @@ static int __init apparmor_nf_ip_init(void) __initcall(apparmor_nf_ip_init); #endif -static char nulldfa_src[] = { +static char nulldfa_src[] __aligned(8) = { #include "nulldfa.in" }; static struct aa_dfa *nulldfa; -static char stacksplitdfa_src[] = { +static char stacksplitdfa_src[] __aligned(8) = { #include "stacksplitdfa.in" }; struct aa_dfa *stacksplitdfa; -- 2.47.0

3 months, 3 weeks

1
0
0 0

Re: 6.1.140 build failure(fs/btrfs/discard.c:247:5: error: implicit declaration of function 'ASSERT')

by Filipe Manana

On Mon, May 26, 2025 at 6:40 AM Wang Yugui <wangyugui(a)e16-tech.com> wrote: > > Hi, > Cc: Filipe Manana > > I noticed 6.1.140 build failure(fs/btrfs/discard.c:247:5: error: implicit declaration of function 'ASSERT') > > fs/btrfs/discard.c: In function 'peek_discard_list': > fs/btrfs/discard.c:247:5: error: implicit declaration of function 'ASSERT'; did you mean 'IS_ERR'? [-Werror=implicit-function-declaration] > ASSERT(block_group->discard_index != > ^~~~~~ > IS_ERR > > It seems realted to the patch(btrfs-fix-discard-worker-infinite-loop-after-disabling-discard.patch). Yes, it is. The patch, like most stable backports, was automatically picked by the stable scripts and added to stable releases. I assume that before the release was made, it was compile tested by the stable automatic processes. I just tried it, and it compiles successfully for me: fdmanana 11:56:26 ~/git/hub/linux ((v6.12))> git clean -xfd fdmanana 11:57:27 ~/git/hub/linux ((v6.12))> git co v6.1.140 fdmanana 11:59:53 ~/git/hub/linux ((v6.1.140))> make defconfig HOSTCC scripts/basic/fixdep HOSTCC scripts/kconfig/conf.o HOSTCC scripts/kconfig/confdata.o HOSTCC scripts/kconfig/expr.o LEX scripts/kconfig/lexer.lex.c YACC scripts/kconfig/parser.tab.[ch] HOSTCC scripts/kconfig/lexer.lex.o HOSTCC scripts/kconfig/menu.o HOSTCC scripts/kconfig/parser.tab.o HOSTCC scripts/kconfig/preprocess.o HOSTCC scripts/kconfig/symbol.o HOSTCC scripts/kconfig/util.o HOSTLD scripts/kconfig/conf *** Default configuration is based on 'x86_64_defconfig' # # configuration written to .config # # Run make menuconfig to enable btrfs and all its config options fdmanana 12:01:55 ~/git/hub/linux ((v6.1.140))> make menuconfig fdmanana 12:02:17 ~/git/hub/linux ((v6.1.140))> grep BTRFS .config CONFIG_BTRFS_FS=m CONFIG_BTRFS_FS_POSIX_ACL=y CONFIG_BTRFS_FS_CHECK_INTEGRITY=y CONFIG_BTRFS_FS_RUN_SANITY_TESTS=y CONFIG_BTRFS_DEBUG=y CONFIG_BTRFS_ASSERT=y CONFIG_BTRFS_FS_REF_VERIFY=y fdmanana 12:06:08 ~/git/hub/linux ((v6.1.140))> make fs/btrfs/btrfs.ko SYNC include/config/auto.conf CALL scripts/checksyscalls.sh DESCEND objtool CC [M] fs/btrfs/super.o CC [M] fs/btrfs/ctree.o CC [M] fs/btrfs/extent-tree.o CC [M] fs/btrfs/print-tree.o CC [M] fs/btrfs/root-tree.o CC [M] fs/btrfs/dir-item.o CC [M] fs/btrfs/file-item.o CC [M] fs/btrfs/inode-item.o CC [M] fs/btrfs/disk-io.o CC [M] fs/btrfs/transaction.o CC [M] fs/btrfs/inode.o CC [M] fs/btrfs/file.o CC [M] fs/btrfs/tree-defrag.o CC [M] fs/btrfs/extent_map.o CC [M] fs/btrfs/sysfs.o CC [M] fs/btrfs/struct-funcs.o CC [M] fs/btrfs/xattr.o CC [M] fs/btrfs/ordered-data.o CC [M] fs/btrfs/extent_io.o CC [M] fs/btrfs/volumes.o CC [M] fs/btrfs/async-thread.o CC [M] fs/btrfs/ioctl.o CC [M] fs/btrfs/locking.o CC [M] fs/btrfs/orphan.o CC [M] fs/btrfs/export.o CC [M] fs/btrfs/tree-log.o CC [M] fs/btrfs/free-space-cache.o CC [M] fs/btrfs/lzo.o CC [M] fs/btrfs/zstd.o CC [M] fs/btrfs/compression.o CC [M] fs/btrfs/delayed-ref.o CC [M] fs/btrfs/relocation.o CC [M] fs/btrfs/delayed-inode.o CC [M] fs/btrfs/scrub.o CC [M] fs/btrfs/backref.o CC [M] fs/btrfs/ulist.o CC [M] fs/btrfs/qgroup.o CC [M] fs/btrfs/send.o CC [M] fs/btrfs/dev-replace.o CC [M] fs/btrfs/raid56.o CC [M] fs/btrfs/uuid-tree.o CC [M] fs/btrfs/props.o CC [M] fs/btrfs/free-space-tree.o CC [M] fs/btrfs/tree-checker.o CC [M] fs/btrfs/space-info.o CC [M] fs/btrfs/block-rsv.o CC [M] fs/btrfs/delalloc-space.o CC [M] fs/btrfs/block-group.o CC [M] fs/btrfs/discard.o CC [M] fs/btrfs/reflink.o CC [M] fs/btrfs/subpage.o CC [M] fs/btrfs/tree-mod-log.o CC [M] fs/btrfs/extent-io-tree.o CC [M] fs/btrfs/acl.o CC [M] fs/btrfs/check-integrity.o CC [M] fs/btrfs/ref-verify.o CC [M] fs/btrfs/tests/free-space-tests.o CC [M] fs/btrfs/tests/extent-buffer-tests.o CC [M] fs/btrfs/tests/btrfs-tests.o CC [M] fs/btrfs/tests/extent-io-tests.o CC [M] fs/btrfs/tests/inode-tests.o CC [M] fs/btrfs/tests/qgroup-tests.o CC [M] fs/btrfs/tests/free-space-tree-tests.o CC [M] fs/btrfs/tests/extent-map-tests.o LD [M] fs/btrfs/btrfs.o make[3]: 'fs/btrfs/btrfs.mod' is up to date. MODPOST modules-only.symvers WARNING: vmlinux.o is missing. Modules may not have dependencies or modversions. You may get many unresolved symbol warnings. WARNING: modpost: "bio_associate_blkg" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "zstd_cstream_workspace_bound" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "folio_invalidate" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "__page_file_index" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "strcpy" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "inode_init_owner" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "generic_fillattr" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "is_vmalloc_addr" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "krealloc" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: "vfs_fsync_range" [fs/btrfs/btrfs.ko] undefined! WARNING: modpost: suppressed 521 unresolved symbol warnings because there were too many) LD [M] fs/btrfs/btrfs.ko fdmanana 12:11:12 ~/git/hub/linux ((v6.1.140))> gcc --version gcc (Debian 9.3.0-18) 9.3.0 > > I walked around it with the following patch. In the future please cc the stable list when you find problems with stable backports. > > diff --git a/fs/btrfs/discard.c b/fs/btrfs/discard.c > index 98bce18..9ffe5c4 100644 > --- a/fs/btrfs/discard.c > +++ b/fs/btrfs/discard.c > @@ -7,6 +7,7 @@ > #include <linux/math64.h> > #include <linux/sizes.h> > #include <linux/workqueue.h> > +#include "messages.h" > #include "ctree.h" > #include "block-group.h" > #include "discard.h" > > > Best Regards > Wang Yugui (wangyugui(a)e16-tech.com) > 2025/05/26 > > >

3 months, 3 weeks

2
1
0 0

ISE 2025 Visitors Contacts-20% OFF!

by Garnet Conwell

Hi, We’re excited to share exclusive access to the Integrated Systems Europe 2025 Visitor Contact List! Our database includes 88,351 verified visitor contacts, giving you a powerful resource to connect with key industry professionals. Each contact includes: Contact Name, Job Title, Company Name, Physical Address, Phone Number, Official Email Address, and more. Interested in the list? Simply reply with “Send me Pricing” to get full details. Kind regards, Garnet Conwell Sr. Marketing Manager To opt out of future messages, just reply “Unfollow.”

3 months, 3 weeks

1
0
0 0

[PATCH] mm: userfaultfd: fix race of userfaultfd_move and swap cache

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and try to move the found folio to the faulting vma when. Currently, it relies on the PTE value check to ensure the moved folio still belongs to the src swap entry, which turns out is not reliable. While working and reviewing the swap table series with Barry, following existing race is observed and reproduced [1]: ( move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 isn't in the swap cache.) CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < Somehow interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is just a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B could use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < Somehow interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry pte // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced [1]. It's also possible that folio (A) is swapped in, and swapped out again after the filemap_get_folio lookup, in such case folio (A) may stay in swap cache so it needs to be moved too. In this case we should also try again so kernel won't miss a folio move. Fix this by checking if the folio is the valid swap cache folio after acquiring the folio lock, and checking the swap cache again after acquiring the src_pte lock. SWP_SYNCRHONIZE_IO path does make the problem more complex, but so far we don't need to worry about that since folios only might get exposed to swap cache in the swap out path, and it's covered in this patch too by checking the swap cache again after acquiring src_pte lock. Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Signed-off-by: Kairui Song <kasong(a)tencent.com> --- mm/userfaultfd.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index bc473ad21202..a1564d205dfb 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -15,6 +15,7 @@ #include <linux/mmu_notifier.h> #include <linux/hugetlb.h> #include <linux/shmem_fs.h> +#include <linux/delay.h> #include <asm/tlbflush.h> #include <asm/tlb.h> #include "internal.h" @@ -1086,6 +1087,8 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, spinlock_t *dst_ptl, spinlock_t *src_ptl, struct folio *src_folio) { + swp_entry_t entry; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1105,19 @@ static int move_swap_pte(struct mm_struct *mm, struct vm_area_struct *dst_vma, if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check again after acquiring the src_pte lock. Or we might + * miss a new loaded swap cache folio. + */ + entry = pte_to_swp_entry(orig_src_pte); + src_folio = filemap_get_folio(swap_address_space(entry), + swap_cache_index(entry)); + if (!IS_ERR_OR_NULL(src_folio)) { + double_pt_unlock(dst_ptl, src_ptl); + folio_put(src_folio); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1409,6 +1425,16 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, folio_lock(src_folio); goto retry; } + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (unlikely(!folio_test_swapcache(folio) || + entry.val != folio->swap.val)) { + err = -EAGAIN; + goto out; + } } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, -- 2.49.0

3 months, 3 weeks

4
16
0 0

[PATCH net,v3] hv_netvsc: fix potential deadlock in netvsc_vf_setxdp()

by Saurabh Sengar

The MANA driver's probe registers netdevice via the following call chain: mana_probe() register_netdev() register_netdevice() register_netdevice() calls notifier callback for netvsc driver, holding the netdev mutex via netdev_lock_ops(). Further this netvsc notifier callback end up attempting to acquire the same lock again in dev_xdp_propagate() leading to deadlock. netvsc_netdev_event() netvsc_vf_setxdp() dev_xdp_propagate() This deadlock was not observed so far because net_shaper_ops was never set, and thus the lock was effectively a no-op in this case. Fix this by using netif_xdp_propagate() instead of dev_xdp_propagate() to avoid recursive locking in this path. And, since no deadlock is observed on the other path which is via netvsc_probe, add the lock exclusivly for that path. Also, clean up the unregistration path by removing the unnecessary call to netvsc_vf_setxdp(), since unregister_netdevice_many_notify() already performs this cleanup via dev_xdp_uninstall(). Fixes: 97246d6d21c2 ("net: hold netdev instance lock during ndo_bpf") Cc: stable(a)vger.kernel.org Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Tested-by: Erni Sri Satya Vennela <ernis(a)linux.microsoft.com> Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Reviewed-by: Subbaraya Sundeep <sbhatta(a)marvell.com> --- [V3] - Add the lock for netvsc probe path [V2] - Modified commit message drivers/net/hyperv/netvsc_bpf.c | 2 +- drivers/net/hyperv/netvsc_drv.c | 4 ++-- net/core/dev.c | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/hyperv/netvsc_bpf.c b/drivers/net/hyperv/netvsc_bpf.c index e01c5997a551..1dd3755d9e6d 100644 --- a/drivers/net/hyperv/netvsc_bpf.c +++ b/drivers/net/hyperv/netvsc_bpf.c @@ -183,7 +183,7 @@ int netvsc_vf_setxdp(struct net_device *vf_netdev, struct bpf_prog *prog) xdp.command = XDP_SETUP_PROG; xdp.prog = prog; - ret = dev_xdp_propagate(vf_netdev, &xdp); + ret = netif_xdp_propagate(vf_netdev, &xdp); if (ret && prog) bpf_prog_put(prog); diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 14a0d04e21ae..c41a025c66f0 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -2462,8 +2462,6 @@ static int netvsc_unregister_vf(struct net_device *vf_netdev) netdev_info(ndev, "VF unregistering: %s\n", vf_netdev->name); - netvsc_vf_setxdp(vf_netdev, NULL); - reinit_completion(&net_device_ctx->vf_add); netdev_rx_handler_unregister(vf_netdev); netdev_upper_dev_unlink(vf_netdev, ndev); @@ -2631,7 +2629,9 @@ static int netvsc_probe(struct hv_device *dev, continue; netvsc_prepare_bonding(vf_netdev); + netdev_lock_ops(vf_netdev); netvsc_register_vf(vf_netdev, VF_REG_IN_PROBE); + netdev_unlock_ops(vf_netdev); __netvsc_vf_setup(net, vf_netdev); break; } diff --git a/net/core/dev.c b/net/core/dev.c index 2b514d95c528..a388f459a366 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9968,6 +9968,7 @@ int netif_xdp_propagate(struct net_device *dev, struct netdev_bpf *bpf) return dev->netdev_ops->ndo_bpf(dev, bpf); } +EXPORT_SYMBOL_GPL(netif_xdp_propagate); u32 dev_xdp_prog_id(struct net_device *dev, enum bpf_xdp_mode mode) { -- 2.43.0

3 months, 3 weeks

2
1
0 0

[PATCH] iio: adc: adi-axi-adc: fix ad7606_bus_reg_read()

by David Lechner

Mask the value read before returning it. The value read over the parallel bus via the AXI ADC IP block contains both the address and the data, but callers expect val to only contain the data. Cc: stable(a)vger.kernel.org Fixes: 79c47485e438 ("iio: adc: adi-axi-adc: add support for AD7606 register writing") Signed-off-by: David Lechner <dlechner(a)baylibre.com> --- drivers/iio/adc/adi-axi-adc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/iio/adc/adi-axi-adc.c b/drivers/iio/adc/adi-axi-adc.c index cf942c043457ccea49207c3900153ee371b3774f..d4759a98b4062bc25ea088e3868806e82db03e8d 100644 --- a/drivers/iio/adc/adi-axi-adc.c +++ b/drivers/iio/adc/adi-axi-adc.c @@ -457,6 +457,9 @@ static int ad7606_bus_reg_read(struct iio_backend *back, u32 reg, u32 *val) axi_adc_raw_write(back, addr); axi_adc_raw_read(back, val); + /* Register value is 8 bits. Remove address bits. */ + *val &= 0xFF; + /* Write 0x0 on the bus to get back to ADC mode */ axi_adc_raw_write(back, 0); --- base-commit: 7cdfbc0113d087348b8e65dd79276d0f57b89a10 change-id: 20250530-iio-adc-adi-axi-adc-fix-ad7606_bus_reg_read-f2bbb503db8b Best regards, -- David Lechner <dlechner(a)baylibre.com>

3 months, 3 weeks

1
2
0 0

[PATCH resend 2/2] jffs2: initialize inocache earlier

by Fedor Pchelkin

Inside jffs2_new_inode() there is a small gap when jffs2_init_acl_pre() or jffs2_do_new_inode() may fail e.g. due to a memory allocation error while uninit inocache field is touched upon subsequent inode eviction. general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 0 PID: 10592 Comm: syz-executor.1 Not tainted 5.10.209-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:jffs2_xattr_delete_inode+0x35/0x130 fs/jffs2/xattr.c:602 Call Trace: jffs2_do_clear_inode+0x4c/0x570 fs/jffs2/readinode.c:1418 evict+0x281/0x6b0 fs/inode.c:577 iput_final fs/inode.c:1697 [inline] iput.part.0+0x4df/0x6d0 fs/inode.c:1723 iput+0x58/0x80 fs/inode.c:1713 jffs2_new_inode+0xb12/0xdb0 fs/jffs2/fs.c:469 jffs2_create+0x90/0x400 fs/jffs2/dir.c:177 lookup_open.isra.0+0xead/0x1260 fs/namei.c:3169 open_last_lookups fs/namei.c:3239 [inline] path_openat+0x96c/0x2670 fs/namei.c:3428 do_filp_open+0x1a4/0x3f0 fs/namei.c:3458 do_sys_openat2+0x171/0x420 fs/open.c:1186 do_sys_open fs/open.c:1202 [inline] __do_sys_openat fs/open.c:1218 [inline] __se_sys_openat fs/open.c:1213 [inline] __x64_sys_openat+0x13c/0x1f0 fs/open.c:1213 do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46 Initialize the inocache pointer to a NULL value while preparing an inode in jffs2_init_inode_info(). jffs2_xattr_delete_inode() will handle it later just fine. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Reviewed-by: Zhihao Cheng <chengzhihao1(a)huawei.com> --- fs/jffs2/os-linux.h | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/jffs2/os-linux.h b/fs/jffs2/os-linux.h index 86ab014a349c..39b6565f10c9 100644 --- a/fs/jffs2/os-linux.h +++ b/fs/jffs2/os-linux.h @@ -55,6 +55,7 @@ static inline void jffs2_init_inode_info(struct jffs2_inode_info *f) f->metadata = NULL; f->dents = NULL; f->target = NULL; + f->inocache = NULL; f->flags = 0; f->usercompr = 0; } -- 2.49.0

3 months, 3 weeks

1
0
0 0

[PATCH resend 1/2] jffs2: initialize filesystem-private inode info in ->alloc_inode callback

by Fedor Pchelkin

The symlink body (->target) should be freed at the same time as the inode itself per commit 4fdcfab5b553 ("jffs2: fix use-after-free on symlink traversal"). It is a filesystem-specific field but there exist several error paths during generic inode allocation when ->free_inode(), namely jffs2_free_inode(), is called with still uninitialized private info. The calltrace looks like: alloc_inode inode_init_always // fails i_callback free_inode jffs2_free_inode // touches uninit ->target field Commit af9a8730ddb6 ("jffs2: Fix potential illegal address access in jffs2_free_inode") approached the observed problem but fixed it only partially. Our local Syzkaller instance is still hitting these kinds of failures. The thing is that jffs2_i_init_once(), where the initialization of f->target has been moved, is called once per slab allocation so it won't be called for the object structure possibly retrieved later from the slab cache for reuse. The practice followed by many other filesystems is to initialize filesystem-private inode contents in the corresponding ->alloc_inode() callbacks. This also allows to drop initialization from jffs2_iget() and jffs2_new_inode() as ->alloc_inode() is called in those places. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 4fdcfab5b553 ("jffs2: fix use-after-free on symlink traversal") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Reviewed-by: Zhihao Cheng <chengzhihao1(a)huawei.com> --- fs/jffs2/fs.c | 2 -- fs/jffs2/super.c | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c index d175cccb7c55..85c4b273918f 100644 --- a/fs/jffs2/fs.c +++ b/fs/jffs2/fs.c @@ -271,7 +271,6 @@ struct inode *jffs2_iget(struct super_block *sb, unsigned long ino) f = JFFS2_INODE_INFO(inode); c = JFFS2_SB_INFO(inode->i_sb); - jffs2_init_inode_info(f); mutex_lock(&f->sem); ret = jffs2_do_read_inode(c, f, inode->i_ino, &latest_node); @@ -439,7 +438,6 @@ struct inode *jffs2_new_inode (struct inode *dir_i, umode_t mode, struct jffs2_r return ERR_PTR(-ENOMEM); f = JFFS2_INODE_INFO(inode); - jffs2_init_inode_info(f); mutex_lock(&f->sem); memset(ri, 0, sizeof(*ri)); diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c index 4545f885c41e..b56ff63357f3 100644 --- a/fs/jffs2/super.c +++ b/fs/jffs2/super.c @@ -42,6 +42,8 @@ static struct inode *jffs2_alloc_inode(struct super_block *sb) f = alloc_inode_sb(sb, jffs2_inode_cachep, GFP_KERNEL); if (!f) return NULL; + + jffs2_init_inode_info(f); return &f->vfs_inode; } @@ -58,7 +60,6 @@ static void jffs2_i_init_once(void *foo) struct jffs2_inode_info *f = foo; mutex_init(&f->sem); - f->target = NULL; inode_init_once(&f->vfs_inode); } -- 2.49.0

3 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] x86/mm/init: Handle the special case of device private pages" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7170130e4c72ce0caa0cb42a1627c635cc262821 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025052750-fondness-revocable-a23b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7170130e4c72ce0caa0cb42a1627c635cc262821 Mon Sep 17 00:00:00 2001 From: Balbir Singh <balbirs(a)nvidia.com> Date: Tue, 1 Apr 2025 11:07:52 +1100 Subject: [PATCH] x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As Bert Karwatzki reported, the following recent commit causes a performance regression on AMD iGPU and dGPU systems: 7ffb791423c7 ("x86/kaslr: Reduce KASLR entropy on most x86 systems") It exposed a bug with nokaslr and zone device interaction. The root cause of the bug is that, the GPU driver registers a zone device private memory region. When KASLR is disabled or the above commit is applied, the direct_map_physmem_end is set to much higher than 10 TiB typically to the 64TiB address. When zone device private memory is added to the system via add_pages(), it bumps up the max_pfn to the same value. This causes dma_addressing_limited() to return true, since the device cannot address memory all the way up to max_pfn. This caused a regression for games played on the iGPU, as it resulted in the DMA32 zone being used for GPU allocations. Fix this by not bumping up max_pfn on x86 systems, when pgmap is passed into add_pages(). The presence of pgmap is used to determine if device private memory is being added via add_pages(). More details: devm_request_mem_region() and request_free_mem_region() request for device private memory. iomem_resource is passed as the base resource with start and end parameters. iomem_resource's end depends on several factors, including the platform and virtualization. On x86 for example on bare metal, this value is set to boot_cpu_data.x86_phys_bits. boot_cpu_data.x86_phys_bits can change depending on support for MKTME. By default it is set to the same as log2(direct_map_physmem_end) which is 46 to 52 bits depending on the number of levels in the page table. The allocation routines used iomem_resource's end and direct_map_physmem_end to figure out where to allocate the region. [ arch/powerpc is also impacted by this problem, but this patch does not fix the issue for PowerPC. ] Testing: 1. Tested on a virtual machine with test_hmm for zone device inseration 2. A previous version of this patch was tested by Bert, please see: https://lore.kernel.org/lkml/d87680bab997fdc9fb4e638983132af235d9a03a.camel… [ mingo: Clarified the comments and the changelog. ] Reported-by: Bert Karwatzki <spasswolf(a)web.de> Tested-by: Bert Karwatzki <spasswolf(a)web.de> Fixes: 7ffb791423c7 ("x86/kaslr: Reduce KASLR entropy on most x86 systems") Signed-off-by: Balbir Singh <balbirs(a)nvidia.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Juergen Gross <jgross(a)suse.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Simona Vetter <simona(a)ffwll.ch> Link: https://lore.kernel.org/r/20250401000752.249348-1-balbirs@nvidia.com diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 519aa53114fa..821a0b53b21c 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -959,9 +959,18 @@ int add_pages(int nid, unsigned long start_pfn, unsigned long nr_pages, ret = __add_pages(nid, start_pfn, nr_pages, params); WARN_ON_ONCE(ret); - /* update max_pfn, max_low_pfn and high_memory */ - update_end_of_memory_vars(start_pfn << PAGE_SHIFT, - nr_pages << PAGE_SHIFT); + /* + * Special case: add_pages() is called by memremap_pages() for adding device + * private pages. Do not bump up max_pfn in the device private path, + * because max_pfn changes affect dma_addressing_limited(). + * + * dma_addressing_limited() returning true when max_pfn is the device's + * addressable memory can force device drivers to use bounce buffers + * and impact their performance negatively: + */ + if (!params->pgmap) + /* update max_pfn, max_low_pfn and high_memory */ + update_end_of_memory_vars(start_pfn << PAGE_SHIFT, nr_pages << PAGE_SHIFT); return ret; }

3 months, 3 weeks

4
5
0 0

[PATCH 3/3] ASoC: amd: acp3x-pdm-dma: free pdm device data on closing

by Fedor Pchelkin

Dynamic memory referenced by runtime->private_data pointer is allocated in acp_pdm_dma_open() and needs to be freed in the corresponding ->close() callback. Found by Linux Verification Center (linuxtesting.org). Fixes: 4a767b1d039a ("ASoC: amd: add acp3x pdm driver dma ops") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- sound/soc/amd/renoir/acp3x-pdm-dma.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/soc/amd/renoir/acp3x-pdm-dma.c b/sound/soc/amd/renoir/acp3x-pdm-dma.c index 95ac8c680037..6b294040e164 100644 --- a/sound/soc/amd/renoir/acp3x-pdm-dma.c +++ b/sound/soc/amd/renoir/acp3x-pdm-dma.c @@ -301,9 +301,11 @@ static int acp_pdm_dma_close(struct snd_soc_component *component, struct snd_pcm_substream *substream) { struct pdm_dev_data *adata = dev_get_drvdata(component->dev); + struct snd_pcm_runtime *runtime = substream->runtime; disable_pdm_interrupts(adata->acp_base); adata->capture_stream = NULL; + kfree(runtime->private_data); return 0; } -- 2.49.0

3 months, 3 weeks

1
0
0 0

[PATCH 2/3] ASoC: amd: acp3x-pcm-dma: free runtime private data on closing

by Fedor Pchelkin

Dynamic memory referenced by runtime->private_data pointer is allocated in acp3x_dma_open() and needs to be freed in the corresponding ->close() callback. Found by Linux Verification Center (linuxtesting.org). Fixes: c9fe7db6e884 ("ASoC: amd: Refactoring of DAI from DMA driver") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- sound/soc/amd/raven/acp3x-pcm-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/amd/raven/acp3x-pcm-dma.c b/sound/soc/amd/raven/acp3x-pcm-dma.c index bb9ed52d744d..90559c8304bc 100644 --- a/sound/soc/amd/raven/acp3x-pcm-dma.c +++ b/sound/soc/amd/raven/acp3x-pcm-dma.c @@ -353,7 +353,7 @@ static int acp3x_dma_close(struct snd_soc_component *component, adata->i2ssp_capture_stream = NULL; } } - + kfree(ins); return 0; } -- 2.49.0

3 months, 3 weeks

1
0
0 0

[PATCH 1/3] ASoC: amd: acp6x-pdm-dma: free pdm device data on closing

by Fedor Pchelkin

Dynamic memory referenced by runtime->private_data pointer is allocated in acp6x_pdm_dma_open() and needs to be freed in the corresponding ->close() callback. unreferenced object 0xffff88813525a940 (size 32): comm "pipewire", pid 1238, jiffies 4294728195 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 3c 03 00 c9 ff ff ..........<..... backtrace (crc 14400236): __kmalloc_cache_noprof+0x3a3/0x490 acp6x_pdm_dma_open+0x10d/0x680 [snd_acp6x_pdm_dma] snd_soc_component_open+0x71/0x150 [snd_soc_core] __soc_pcm_open+0x221/0xb40 [snd_soc_core] soc_pcm_open+0x99/0x110 [snd_soc_core] snd_pcm_open_substream+0x18b/0x4e0 [snd_pcm] snd_pcm_open+0x244/0x670 [snd_pcm] snd_pcm_capture_open+0x72/0xd0 [snd_pcm] chrdev_open+0x1eb/0x5e0 do_dentry_open+0x494/0x1820 vfs_open+0x7a/0x440 do_open+0x3d0/0xd30 path_openat+0x1d3/0x580 do_filp_open+0x1c5/0x450 do_sys_openat2+0xef/0x180 __x64_sys_openat+0x10e/0x210 Found by Linux Verification Center (linuxtesting.org). Fixes: ceb4fcc13ae5 ("ASoC: amd: add acp6x pdm driver dma ops") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- sound/soc/amd/yc/acp6x-pdm-dma.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/soc/amd/yc/acp6x-pdm-dma.c b/sound/soc/amd/yc/acp6x-pdm-dma.c index ac758b90f441..167cd792d33d 100644 --- a/sound/soc/amd/yc/acp6x-pdm-dma.c +++ b/sound/soc/amd/yc/acp6x-pdm-dma.c @@ -275,9 +275,11 @@ static int acp6x_pdm_dma_close(struct snd_soc_component *component, struct snd_pcm_substream *substream) { struct pdm_dev_data *adata = dev_get_drvdata(component->dev); + struct snd_pcm_runtime *runtime = substream->runtime; acp6x_disable_pdm_interrupts(adata->acp6x_base); adata->capture_stream = NULL; + kfree(runtime->private_data); return 0; } -- 2.49.0

3 months, 3 weeks

1
0
0 0

[PATCH AUTOSEL 5.4 1/6] ACPICA: fix acpi operand cache leak in dswstate.c

by Sasha Levin

From: Seunghun Han <kkamagui(a)gmail.com> [ Upstream commit 156fd20a41e776bbf334bd5e45c4f78dfc90ce1c ] ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ACPI table, Linux kernel terminates ACPI function and continues to boot process. While kernel terminates ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak. Boot log of ACPI operand cache leak is as follows: >[ 0.585957] ACPI: Added _OSI(Module Device) >[ 0.587218] ACPI: Added _OSI(Processor Device) >[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions) >[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device) >[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155) >[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88) >[ 0.597858] ACPI: Unable to start the ACPI Interpreter >[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281) >[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects >[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26 >[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 >[ 0.609177] Call Trace: >[ 0.610063] ? dump_stack+0x5c/0x81 >[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0 >[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.613906] ? acpi_os_delete_cache+0xa/0x10 >[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b >[ 0.619293] ? acpi_terminate+0xa/0x14 >[ 0.620394] ? acpi_init+0x2af/0x34f >[ 0.621616] ? __class_create+0x4c/0x80 >[ 0.623412] ? video_setup+0x7f/0x7f >[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.625861] ? do_one_initcall+0x4e/0x1a0 >[ 0.627513] ? kernel_init_freeable+0x19e/0x21f >[ 0.628972] ? rest_init+0x80/0x80 >[ 0.630043] ? kernel_init+0xa/0x100 >[ 0.631084] ? ret_from_fork+0x25/0x30 >[ 0.633343] vgaarb: loaded >[ 0.635036] EDAC MC: Ver: 3.0.0 >[ 0.638601] PCI: Probing PCI hardware >[ 0.639833] PCI host bridge to bus 0000:00 >[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] > ... Continue to boot and log is omitted ... I analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_ delete() function miscalculated the top of the stack. acpi_ds_obj_stack_push() function uses walk_state->operand_index for start position of the top, but acpi_ds_obj_stack_pop_and_delete() function considers index 0 for it. Therefore, this causes acpi operand memory leak. This cache leak causes a security threat because an old kernel (<= 4.9) shows memory locations of kernel functions in stack dump. Some malicious users could use this information to neutralize kernel ASLR. I made a patch to fix ACPI operand cache leak. Link: https://github.com/acpica/acpica/commit/987a3b5c Signed-off-by: Seunghun Han <kkamagui(a)gmail.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Link: https://patch.msgid.link/4999480.31r3eYUQgx@rjwysocki.net Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees based on the following analysis: ## Analysis of the Commit **1. Bug Fix Nature**: This commit fixes a clear memory leak bug in the ACPICA subsystem. The issue occurs when `acpi_ds_create_operands()` encounters an error during operand creation and needs to clean up allocated operands. **2. Root Cause**: The core issue is a mismatch between how operands are pushed and popped from the stack: - `acpi_ds_obj_stack_push()` uses `walk_state->operand_index` to track the current position - `acpi_ds_obj_stack_pop_and_delete()` incorrectly assumes operands start at index 0 - This causes incomplete cleanup when errors occur, leading to memory leaks **3. Code Analysis**: The fix correctly addresses the issue by: - Tracking the original operand count (`prev_num_operands`) - Calculating the correct number of operands to clean up (`new_num_operands`) - Setting `walk_state->num_operands = i` before cleanup to ensure proper indexing - Restoring the original operand count after cleanup **4. Security Implications**: The commit message explicitly mentions this is a security issue - the memory leak can expose kernel function addresses in older kernels (≤4.9), potentially defeating ASLR. This elevates the importance beyond a simple memory leak. **5. Pattern Consistency**: This follows the exact same pattern as other ACPICA operand cache leak fixes that were successfully backported (commits `97f3c0a4b057`, `2915f16bdce2`, etc.), all authored by the same developer addressing similar issues. **6. Stability Characteristics**: - **Small and contained**: Only 8 lines of actual logic changes - **Clear error path**: Only affects cleanup during error conditions - **No behavioral changes**: No impact on normal operation - **Low regression risk**: Only modifies error handling paths **7. Backport Suitability Criteria**: - ✅ Fixes important bug affecting users (memory leak) - ✅ Small, contained fix with minimal risk - ✅ No architectural changes - ✅ Addresses security concern (ASLR bypass potential) - ✅ Follows established patterns for ACPICA fixes - ✅ Critical kernel subsystem (ACPI) **8. Historical Precedent**: The similar commits in the reference examples (Similar Commits #1, #2, #3) all have "Backport Status: YES" and address nearly identical ACPICA operand cache leak issues with similar fixes and commit message patterns. This commit meets all criteria for stable tree backporting: it's an important bugfix, has minimal regression risk, affects a critical subsystem, and follows established patterns for similar fixes that were previously backported. drivers/acpi/acpica/dsutils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpica/dsutils.c b/drivers/acpi/acpica/dsutils.c index fb9ed5e1da89d..2bdae8a25e084 100644 --- a/drivers/acpi/acpica/dsutils.c +++ b/drivers/acpi/acpica/dsutils.c @@ -668,6 +668,8 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, union acpi_parse_object *arguments[ACPI_OBJ_NUM_OPERANDS]; u32 arg_count = 0; u32 index = walk_state->num_operands; + u32 prev_num_operands = walk_state->num_operands; + u32 new_num_operands; u32 i; ACPI_FUNCTION_TRACE_PTR(ds_create_operands, first_arg); @@ -696,6 +698,7 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, /* Create the interpreter arguments, in reverse order */ + new_num_operands = index; index--; for (i = 0; i < arg_count; i++) { arg = arguments[index]; @@ -720,7 +723,11 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, * pop everything off of the operand stack and delete those * objects */ - acpi_ds_obj_stack_pop_and_delete(arg_count, walk_state); + walk_state->num_operands = i; + acpi_ds_obj_stack_pop_and_delete(new_num_operands, walk_state); + + /* Restore operand count */ + walk_state->num_operands = prev_num_operands; ACPI_EXCEPTION((AE_INFO, status, "While creating Arg %u", index)); return_ACPI_STATUS(status); -- 2.39.5

3 months, 3 weeks

1
5
0 0

[PATCH AUTOSEL 5.10 01/10] ACPICA: fix acpi operand cache leak in dswstate.c

by Sasha Levin

From: Seunghun Han <kkamagui(a)gmail.com> [ Upstream commit 156fd20a41e776bbf334bd5e45c4f78dfc90ce1c ] ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ACPI table, Linux kernel terminates ACPI function and continues to boot process. While kernel terminates ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak. Boot log of ACPI operand cache leak is as follows: >[ 0.585957] ACPI: Added _OSI(Module Device) >[ 0.587218] ACPI: Added _OSI(Processor Device) >[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions) >[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device) >[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155) >[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88) >[ 0.597858] ACPI: Unable to start the ACPI Interpreter >[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281) >[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects >[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26 >[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 >[ 0.609177] Call Trace: >[ 0.610063] ? dump_stack+0x5c/0x81 >[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0 >[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.613906] ? acpi_os_delete_cache+0xa/0x10 >[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b >[ 0.619293] ? acpi_terminate+0xa/0x14 >[ 0.620394] ? acpi_init+0x2af/0x34f >[ 0.621616] ? __class_create+0x4c/0x80 >[ 0.623412] ? video_setup+0x7f/0x7f >[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.625861] ? do_one_initcall+0x4e/0x1a0 >[ 0.627513] ? kernel_init_freeable+0x19e/0x21f >[ 0.628972] ? rest_init+0x80/0x80 >[ 0.630043] ? kernel_init+0xa/0x100 >[ 0.631084] ? ret_from_fork+0x25/0x30 >[ 0.633343] vgaarb: loaded >[ 0.635036] EDAC MC: Ver: 3.0.0 >[ 0.638601] PCI: Probing PCI hardware >[ 0.639833] PCI host bridge to bus 0000:00 >[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] > ... Continue to boot and log is omitted ... I analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_ delete() function miscalculated the top of the stack. acpi_ds_obj_stack_push() function uses walk_state->operand_index for start position of the top, but acpi_ds_obj_stack_pop_and_delete() function considers index 0 for it. Therefore, this causes acpi operand memory leak. This cache leak causes a security threat because an old kernel (<= 4.9) shows memory locations of kernel functions in stack dump. Some malicious users could use this information to neutralize kernel ASLR. I made a patch to fix ACPI operand cache leak. Link: https://github.com/acpica/acpica/commit/987a3b5c Signed-off-by: Seunghun Han <kkamagui(a)gmail.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Link: https://patch.msgid.link/4999480.31r3eYUQgx@rjwysocki.net Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees based on the following analysis: ## Analysis of the Commit **1. Bug Fix Nature**: This commit fixes a clear memory leak bug in the ACPICA subsystem. The issue occurs when `acpi_ds_create_operands()` encounters an error during operand creation and needs to clean up allocated operands. **2. Root Cause**: The core issue is a mismatch between how operands are pushed and popped from the stack: - `acpi_ds_obj_stack_push()` uses `walk_state->operand_index` to track the current position - `acpi_ds_obj_stack_pop_and_delete()` incorrectly assumes operands start at index 0 - This causes incomplete cleanup when errors occur, leading to memory leaks **3. Code Analysis**: The fix correctly addresses the issue by: - Tracking the original operand count (`prev_num_operands`) - Calculating the correct number of operands to clean up (`new_num_operands`) - Setting `walk_state->num_operands = i` before cleanup to ensure proper indexing - Restoring the original operand count after cleanup **4. Security Implications**: The commit message explicitly mentions this is a security issue - the memory leak can expose kernel function addresses in older kernels (≤4.9), potentially defeating ASLR. This elevates the importance beyond a simple memory leak. **5. Pattern Consistency**: This follows the exact same pattern as other ACPICA operand cache leak fixes that were successfully backported (commits `97f3c0a4b057`, `2915f16bdce2`, etc.), all authored by the same developer addressing similar issues. **6. Stability Characteristics**: - **Small and contained**: Only 8 lines of actual logic changes - **Clear error path**: Only affects cleanup during error conditions - **No behavioral changes**: No impact on normal operation - **Low regression risk**: Only modifies error handling paths **7. Backport Suitability Criteria**: - ✅ Fixes important bug affecting users (memory leak) - ✅ Small, contained fix with minimal risk - ✅ No architectural changes - ✅ Addresses security concern (ASLR bypass potential) - ✅ Follows established patterns for ACPICA fixes - ✅ Critical kernel subsystem (ACPI) **8. Historical Precedent**: The similar commits in the reference examples (Similar Commits #1, #2, #3) all have "Backport Status: YES" and address nearly identical ACPICA operand cache leak issues with similar fixes and commit message patterns. This commit meets all criteria for stable tree backporting: it's an important bugfix, has minimal regression risk, affects a critical subsystem, and follows established patterns for similar fixes that were previously backported. drivers/acpi/acpica/dsutils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpica/dsutils.c b/drivers/acpi/acpica/dsutils.c index fb9ed5e1da89d..2bdae8a25e084 100644 --- a/drivers/acpi/acpica/dsutils.c +++ b/drivers/acpi/acpica/dsutils.c @@ -668,6 +668,8 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, union acpi_parse_object *arguments[ACPI_OBJ_NUM_OPERANDS]; u32 arg_count = 0; u32 index = walk_state->num_operands; + u32 prev_num_operands = walk_state->num_operands; + u32 new_num_operands; u32 i; ACPI_FUNCTION_TRACE_PTR(ds_create_operands, first_arg); @@ -696,6 +698,7 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, /* Create the interpreter arguments, in reverse order */ + new_num_operands = index; index--; for (i = 0; i < arg_count; i++) { arg = arguments[index]; @@ -720,7 +723,11 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, * pop everything off of the operand stack and delete those * objects */ - acpi_ds_obj_stack_pop_and_delete(arg_count, walk_state); + walk_state->num_operands = i; + acpi_ds_obj_stack_pop_and_delete(new_num_operands, walk_state); + + /* Restore operand count */ + walk_state->num_operands = prev_num_operands; ACPI_EXCEPTION((AE_INFO, status, "While creating Arg %u", index)); return_ACPI_STATUS(status); -- 2.39.5

3 months, 3 weeks

1
9
0 0

[PATCH AUTOSEL 5.15 01/11] ACPICA: fix acpi operand cache leak in dswstate.c

by Sasha Levin

From: Seunghun Han <kkamagui(a)gmail.com> [ Upstream commit 156fd20a41e776bbf334bd5e45c4f78dfc90ce1c ] ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ACPI table, Linux kernel terminates ACPI function and continues to boot process. While kernel terminates ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak. Boot log of ACPI operand cache leak is as follows: >[ 0.585957] ACPI: Added _OSI(Module Device) >[ 0.587218] ACPI: Added _OSI(Processor Device) >[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions) >[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device) >[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155) >[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88) >[ 0.597858] ACPI: Unable to start the ACPI Interpreter >[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281) >[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects >[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26 >[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 >[ 0.609177] Call Trace: >[ 0.610063] ? dump_stack+0x5c/0x81 >[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0 >[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.613906] ? acpi_os_delete_cache+0xa/0x10 >[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b >[ 0.619293] ? acpi_terminate+0xa/0x14 >[ 0.620394] ? acpi_init+0x2af/0x34f >[ 0.621616] ? __class_create+0x4c/0x80 >[ 0.623412] ? video_setup+0x7f/0x7f >[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.625861] ? do_one_initcall+0x4e/0x1a0 >[ 0.627513] ? kernel_init_freeable+0x19e/0x21f >[ 0.628972] ? rest_init+0x80/0x80 >[ 0.630043] ? kernel_init+0xa/0x100 >[ 0.631084] ? ret_from_fork+0x25/0x30 >[ 0.633343] vgaarb: loaded >[ 0.635036] EDAC MC: Ver: 3.0.0 >[ 0.638601] PCI: Probing PCI hardware >[ 0.639833] PCI host bridge to bus 0000:00 >[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] > ... Continue to boot and log is omitted ... I analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_ delete() function miscalculated the top of the stack. acpi_ds_obj_stack_push() function uses walk_state->operand_index for start position of the top, but acpi_ds_obj_stack_pop_and_delete() function considers index 0 for it. Therefore, this causes acpi operand memory leak. This cache leak causes a security threat because an old kernel (<= 4.9) shows memory locations of kernel functions in stack dump. Some malicious users could use this information to neutralize kernel ASLR. I made a patch to fix ACPI operand cache leak. Link: https://github.com/acpica/acpica/commit/987a3b5c Signed-off-by: Seunghun Han <kkamagui(a)gmail.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Link: https://patch.msgid.link/4999480.31r3eYUQgx@rjwysocki.net Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees based on the following analysis: ## Analysis of the Commit **1. Bug Fix Nature**: This commit fixes a clear memory leak bug in the ACPICA subsystem. The issue occurs when `acpi_ds_create_operands()` encounters an error during operand creation and needs to clean up allocated operands. **2. Root Cause**: The core issue is a mismatch between how operands are pushed and popped from the stack: - `acpi_ds_obj_stack_push()` uses `walk_state->operand_index` to track the current position - `acpi_ds_obj_stack_pop_and_delete()` incorrectly assumes operands start at index 0 - This causes incomplete cleanup when errors occur, leading to memory leaks **3. Code Analysis**: The fix correctly addresses the issue by: - Tracking the original operand count (`prev_num_operands`) - Calculating the correct number of operands to clean up (`new_num_operands`) - Setting `walk_state->num_operands = i` before cleanup to ensure proper indexing - Restoring the original operand count after cleanup **4. Security Implications**: The commit message explicitly mentions this is a security issue - the memory leak can expose kernel function addresses in older kernels (≤4.9), potentially defeating ASLR. This elevates the importance beyond a simple memory leak. **5. Pattern Consistency**: This follows the exact same pattern as other ACPICA operand cache leak fixes that were successfully backported (commits `97f3c0a4b057`, `2915f16bdce2`, etc.), all authored by the same developer addressing similar issues. **6. Stability Characteristics**: - **Small and contained**: Only 8 lines of actual logic changes - **Clear error path**: Only affects cleanup during error conditions - **No behavioral changes**: No impact on normal operation - **Low regression risk**: Only modifies error handling paths **7. Backport Suitability Criteria**: - ✅ Fixes important bug affecting users (memory leak) - ✅ Small, contained fix with minimal risk - ✅ No architectural changes - ✅ Addresses security concern (ASLR bypass potential) - ✅ Follows established patterns for ACPICA fixes - ✅ Critical kernel subsystem (ACPI) **8. Historical Precedent**: The similar commits in the reference examples (Similar Commits #1, #2, #3) all have "Backport Status: YES" and address nearly identical ACPICA operand cache leak issues with similar fixes and commit message patterns. This commit meets all criteria for stable tree backporting: it's an important bugfix, has minimal regression risk, affects a critical subsystem, and follows established patterns for similar fixes that were previously backported. drivers/acpi/acpica/dsutils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpica/dsutils.c b/drivers/acpi/acpica/dsutils.c index fb9ed5e1da89d..2bdae8a25e084 100644 --- a/drivers/acpi/acpica/dsutils.c +++ b/drivers/acpi/acpica/dsutils.c @@ -668,6 +668,8 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, union acpi_parse_object *arguments[ACPI_OBJ_NUM_OPERANDS]; u32 arg_count = 0; u32 index = walk_state->num_operands; + u32 prev_num_operands = walk_state->num_operands; + u32 new_num_operands; u32 i; ACPI_FUNCTION_TRACE_PTR(ds_create_operands, first_arg); @@ -696,6 +698,7 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, /* Create the interpreter arguments, in reverse order */ + new_num_operands = index; index--; for (i = 0; i < arg_count; i++) { arg = arguments[index]; @@ -720,7 +723,11 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, * pop everything off of the operand stack and delete those * objects */ - acpi_ds_obj_stack_pop_and_delete(arg_count, walk_state); + walk_state->num_operands = i; + acpi_ds_obj_stack_pop_and_delete(new_num_operands, walk_state); + + /* Restore operand count */ + walk_state->num_operands = prev_num_operands; ACPI_EXCEPTION((AE_INFO, status, "While creating Arg %u", index)); return_ACPI_STATUS(status); -- 2.39.5

3 months, 3 weeks

1
10
0 0

[PATCH AUTOSEL 6.1 01/13] ACPICA: fix acpi operand cache leak in dswstate.c

by Sasha Levin

From: Seunghun Han <kkamagui(a)gmail.com> [ Upstream commit 156fd20a41e776bbf334bd5e45c4f78dfc90ce1c ] ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ACPI table, Linux kernel terminates ACPI function and continues to boot process. While kernel terminates ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak. Boot log of ACPI operand cache leak is as follows: >[ 0.585957] ACPI: Added _OSI(Module Device) >[ 0.587218] ACPI: Added _OSI(Processor Device) >[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions) >[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device) >[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155) >[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88) >[ 0.597858] ACPI: Unable to start the ACPI Interpreter >[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281) >[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects >[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26 >[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 >[ 0.609177] Call Trace: >[ 0.610063] ? dump_stack+0x5c/0x81 >[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0 >[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.613906] ? acpi_os_delete_cache+0xa/0x10 >[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b >[ 0.619293] ? acpi_terminate+0xa/0x14 >[ 0.620394] ? acpi_init+0x2af/0x34f >[ 0.621616] ? __class_create+0x4c/0x80 >[ 0.623412] ? video_setup+0x7f/0x7f >[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.625861] ? do_one_initcall+0x4e/0x1a0 >[ 0.627513] ? kernel_init_freeable+0x19e/0x21f >[ 0.628972] ? rest_init+0x80/0x80 >[ 0.630043] ? kernel_init+0xa/0x100 >[ 0.631084] ? ret_from_fork+0x25/0x30 >[ 0.633343] vgaarb: loaded >[ 0.635036] EDAC MC: Ver: 3.0.0 >[ 0.638601] PCI: Probing PCI hardware >[ 0.639833] PCI host bridge to bus 0000:00 >[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] > ... Continue to boot and log is omitted ... I analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_ delete() function miscalculated the top of the stack. acpi_ds_obj_stack_push() function uses walk_state->operand_index for start position of the top, but acpi_ds_obj_stack_pop_and_delete() function considers index 0 for it. Therefore, this causes acpi operand memory leak. This cache leak causes a security threat because an old kernel (<= 4.9) shows memory locations of kernel functions in stack dump. Some malicious users could use this information to neutralize kernel ASLR. I made a patch to fix ACPI operand cache leak. Link: https://github.com/acpica/acpica/commit/987a3b5c Signed-off-by: Seunghun Han <kkamagui(a)gmail.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Link: https://patch.msgid.link/4999480.31r3eYUQgx@rjwysocki.net Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees based on the following analysis: ## Analysis of the Commit **1. Bug Fix Nature**: This commit fixes a clear memory leak bug in the ACPICA subsystem. The issue occurs when `acpi_ds_create_operands()` encounters an error during operand creation and needs to clean up allocated operands. **2. Root Cause**: The core issue is a mismatch between how operands are pushed and popped from the stack: - `acpi_ds_obj_stack_push()` uses `walk_state->operand_index` to track the current position - `acpi_ds_obj_stack_pop_and_delete()` incorrectly assumes operands start at index 0 - This causes incomplete cleanup when errors occur, leading to memory leaks **3. Code Analysis**: The fix correctly addresses the issue by: - Tracking the original operand count (`prev_num_operands`) - Calculating the correct number of operands to clean up (`new_num_operands`) - Setting `walk_state->num_operands = i` before cleanup to ensure proper indexing - Restoring the original operand count after cleanup **4. Security Implications**: The commit message explicitly mentions this is a security issue - the memory leak can expose kernel function addresses in older kernels (≤4.9), potentially defeating ASLR. This elevates the importance beyond a simple memory leak. **5. Pattern Consistency**: This follows the exact same pattern as other ACPICA operand cache leak fixes that were successfully backported (commits `97f3c0a4b057`, `2915f16bdce2`, etc.), all authored by the same developer addressing similar issues. **6. Stability Characteristics**: - **Small and contained**: Only 8 lines of actual logic changes - **Clear error path**: Only affects cleanup during error conditions - **No behavioral changes**: No impact on normal operation - **Low regression risk**: Only modifies error handling paths **7. Backport Suitability Criteria**: - ✅ Fixes important bug affecting users (memory leak) - ✅ Small, contained fix with minimal risk - ✅ No architectural changes - ✅ Addresses security concern (ASLR bypass potential) - ✅ Follows established patterns for ACPICA fixes - ✅ Critical kernel subsystem (ACPI) **8. Historical Precedent**: The similar commits in the reference examples (Similar Commits #1, #2, #3) all have "Backport Status: YES" and address nearly identical ACPICA operand cache leak issues with similar fixes and commit message patterns. This commit meets all criteria for stable tree backporting: it's an important bugfix, has minimal regression risk, affects a critical subsystem, and follows established patterns for similar fixes that were previously backported. drivers/acpi/acpica/dsutils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpica/dsutils.c b/drivers/acpi/acpica/dsutils.c index fb9ed5e1da89d..2bdae8a25e084 100644 --- a/drivers/acpi/acpica/dsutils.c +++ b/drivers/acpi/acpica/dsutils.c @@ -668,6 +668,8 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, union acpi_parse_object *arguments[ACPI_OBJ_NUM_OPERANDS]; u32 arg_count = 0; u32 index = walk_state->num_operands; + u32 prev_num_operands = walk_state->num_operands; + u32 new_num_operands; u32 i; ACPI_FUNCTION_TRACE_PTR(ds_create_operands, first_arg); @@ -696,6 +698,7 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, /* Create the interpreter arguments, in reverse order */ + new_num_operands = index; index--; for (i = 0; i < arg_count; i++) { arg = arguments[index]; @@ -720,7 +723,11 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, * pop everything off of the operand stack and delete those * objects */ - acpi_ds_obj_stack_pop_and_delete(arg_count, walk_state); + walk_state->num_operands = i; + acpi_ds_obj_stack_pop_and_delete(new_num_operands, walk_state); + + /* Restore operand count */ + walk_state->num_operands = prev_num_operands; ACPI_EXCEPTION((AE_INFO, status, "While creating Arg %u", index)); return_ACPI_STATUS(status); -- 2.39.5

3 months, 3 weeks

1
12
0 0

[PATCH AUTOSEL 6.6 01/18] ACPICA: fix acpi operand cache leak in dswstate.c

by Sasha Levin

From: Seunghun Han <kkamagui(a)gmail.com> [ Upstream commit 156fd20a41e776bbf334bd5e45c4f78dfc90ce1c ] ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. When early termination occurs due to malicious ACPI table, Linux kernel terminates ACPI function and continues to boot process. While kernel terminates ACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak. Boot log of ACPI operand cache leak is as follows: >[ 0.585957] ACPI: Added _OSI(Module Device) >[ 0.587218] ACPI: Added _OSI(Processor Device) >[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions) >[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device) >[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155) >[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88) >[ 0.597858] ACPI: Unable to start the ACPI Interpreter >[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281) >[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects >[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26 >[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006 >[ 0.609177] Call Trace: >[ 0.610063] ? dump_stack+0x5c/0x81 >[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0 >[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.613906] ? acpi_os_delete_cache+0xa/0x10 >[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b >[ 0.619293] ? acpi_terminate+0xa/0x14 >[ 0.620394] ? acpi_init+0x2af/0x34f >[ 0.621616] ? __class_create+0x4c/0x80 >[ 0.623412] ? video_setup+0x7f/0x7f >[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27 >[ 0.625861] ? do_one_initcall+0x4e/0x1a0 >[ 0.627513] ? kernel_init_freeable+0x19e/0x21f >[ 0.628972] ? rest_init+0x80/0x80 >[ 0.630043] ? kernel_init+0xa/0x100 >[ 0.631084] ? ret_from_fork+0x25/0x30 >[ 0.633343] vgaarb: loaded >[ 0.635036] EDAC MC: Ver: 3.0.0 >[ 0.638601] PCI: Probing PCI hardware >[ 0.639833] PCI host bridge to bus 0000:00 >[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] > ... Continue to boot and log is omitted ... I analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_ delete() function miscalculated the top of the stack. acpi_ds_obj_stack_push() function uses walk_state->operand_index for start position of the top, but acpi_ds_obj_stack_pop_and_delete() function considers index 0 for it. Therefore, this causes acpi operand memory leak. This cache leak causes a security threat because an old kernel (<= 4.9) shows memory locations of kernel functions in stack dump. Some malicious users could use this information to neutralize kernel ASLR. I made a patch to fix ACPI operand cache leak. Link: https://github.com/acpica/acpica/commit/987a3b5c Signed-off-by: Seunghun Han <kkamagui(a)gmail.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Link: https://patch.msgid.link/4999480.31r3eYUQgx@rjwysocki.net Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees based on the following analysis: ## Analysis of the Commit **1. Bug Fix Nature**: This commit fixes a clear memory leak bug in the ACPICA subsystem. The issue occurs when `acpi_ds_create_operands()` encounters an error during operand creation and needs to clean up allocated operands. **2. Root Cause**: The core issue is a mismatch between how operands are pushed and popped from the stack: - `acpi_ds_obj_stack_push()` uses `walk_state->operand_index` to track the current position - `acpi_ds_obj_stack_pop_and_delete()` incorrectly assumes operands start at index 0 - This causes incomplete cleanup when errors occur, leading to memory leaks **3. Code Analysis**: The fix correctly addresses the issue by: - Tracking the original operand count (`prev_num_operands`) - Calculating the correct number of operands to clean up (`new_num_operands`) - Setting `walk_state->num_operands = i` before cleanup to ensure proper indexing - Restoring the original operand count after cleanup **4. Security Implications**: The commit message explicitly mentions this is a security issue - the memory leak can expose kernel function addresses in older kernels (≤4.9), potentially defeating ASLR. This elevates the importance beyond a simple memory leak. **5. Pattern Consistency**: This follows the exact same pattern as other ACPICA operand cache leak fixes that were successfully backported (commits `97f3c0a4b057`, `2915f16bdce2`, etc.), all authored by the same developer addressing similar issues. **6. Stability Characteristics**: - **Small and contained**: Only 8 lines of actual logic changes - **Clear error path**: Only affects cleanup during error conditions - **No behavioral changes**: No impact on normal operation - **Low regression risk**: Only modifies error handling paths **7. Backport Suitability Criteria**: - ✅ Fixes important bug affecting users (memory leak) - ✅ Small, contained fix with minimal risk - ✅ No architectural changes - ✅ Addresses security concern (ASLR bypass potential) - ✅ Follows established patterns for ACPICA fixes - ✅ Critical kernel subsystem (ACPI) **8. Historical Precedent**: The similar commits in the reference examples (Similar Commits #1, #2, #3) all have "Backport Status: YES" and address nearly identical ACPICA operand cache leak issues with similar fixes and commit message patterns. This commit meets all criteria for stable tree backporting: it's an important bugfix, has minimal regression risk, affects a critical subsystem, and follows established patterns for similar fixes that were previously backported. drivers/acpi/acpica/dsutils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/acpica/dsutils.c b/drivers/acpi/acpica/dsutils.c index fb9ed5e1da89d..2bdae8a25e084 100644 --- a/drivers/acpi/acpica/dsutils.c +++ b/drivers/acpi/acpica/dsutils.c @@ -668,6 +668,8 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, union acpi_parse_object *arguments[ACPI_OBJ_NUM_OPERANDS]; u32 arg_count = 0; u32 index = walk_state->num_operands; + u32 prev_num_operands = walk_state->num_operands; + u32 new_num_operands; u32 i; ACPI_FUNCTION_TRACE_PTR(ds_create_operands, first_arg); @@ -696,6 +698,7 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, /* Create the interpreter arguments, in reverse order */ + new_num_operands = index; index--; for (i = 0; i < arg_count; i++) { arg = arguments[index]; @@ -720,7 +723,11 @@ acpi_ds_create_operands(struct acpi_walk_state *walk_state, * pop everything off of the operand stack and delete those * objects */ - acpi_ds_obj_stack_pop_and_delete(arg_count, walk_state); + walk_state->num_operands = i; + acpi_ds_obj_stack_pop_and_delete(new_num_operands, walk_state); + + /* Restore operand count */ + walk_state->num_operands = prev_num_operands; ACPI_EXCEPTION((AE_INFO, status, "While creating Arg %u", index)); return_ACPI_STATUS(status); -- 2.39.5

3 months, 3 weeks

1
17
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror