[PATCH rc] iommu: Skip PASID validation for devices without PASID capability
by Tushar Dave
Generally PASID support requires ACS settings that usually create
single device groups, but there are some niche cases where we can get
multi-device groups and still have working PASID support. The primary
issue is that PCI switches are not required to treat PASID tagged TLPs
specially so appropriate ACS settings are required to route all TLPs to
the host bridge if PASID is going to work properly.
pci_enable_pasid() does check that each device that will use PASID has
the proper ACS settings to achieve this routing.
However, no-PASID devices can be combined with PASID capable devices
within the same topology using non-uniform ACS settings. In this case
the no-PASID devices may not have strict route to host ACS flags and
end up being grouped with the PASID devices.
This configuration fails to allow use of the PASID within the iommu
core code which wrongly checks if the no-PASID device supports PASID.
Fix this by ignoring no-PASID devices during the PASID validation. They
will never issue a PASID TLP anyhow so they can be ignored.
Fixes: c404f55c26fc ("iommu: Validate the PASID in iommu_attach_device_pasid()")
Cc: stable(a)vger.kernel.org
Signed-off-by: Tushar Dave <tdave(a)nvidia.com>
---
drivers/iommu/iommu.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 4f91a740c15f..e01df4c3e709 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -3440,7 +3440,13 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
mutex_lock(&group->mutex);
for_each_group_device(group, device) {
- if (pasid >= device->dev->iommu->max_pasids) {
+ /*
+ * Skip PASID validation for devices without PASID support
+ * (max_pasids = 0). These devices cannot issue transactions
+ * with PASID, so they don't affect group's PASID usage.
+ */
+ if ((device->dev->iommu->max_pasids > 0) &&
+ (pasid >= device->dev->iommu->max_pasids)) {
ret = -EINVAL;
goto out_unlock;
}
--
2.34.1
4 months, 3 weeks
- 5
- 8
[PATCH AUTOSEL 6.14 01/31] staging: gpib: Use min for calculating transfer length
by Sasha Levin
From: Dave Penkler <dpenkler(a)gmail.com>
[ Upstream commit 76d54fd5471b10ee993c217928a39d7351eaff5c ]
In the accel read and write functions the transfer length
was being calculated by an if statement setting it to
the lesser of the remaining bytes to read/write and the
fifo size.
Replace both instances with min() which is clearer and
more compact.
Reported-by: kernel test robot <lkp(a)intel.com>
Reported-by: Julia Lawall <julia.lawall(a)inria.fr>
Closes: https://lore.kernel.org/r/202501182153.qHfL4Fbc-lkp@intel.com/
Signed-off-by: Dave Penkler <dpenkler(a)gmail.com>
Link: https://lore.kernel.org/r/20250120145030.29684-1-dpenkler@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/drivers/staging/gpib/agilent_82350b/agilent_82350b.c b/drivers/staging/gpib/agilent_82350b/agilent_82350b.c
index 3f4f95b7fe34a..0ba592dc98490 100644
--- a/drivers/staging/gpib/agilent_82350b/agilent_82350b.c
+++ b/drivers/staging/gpib/agilent_82350b/agilent_82350b.c
@@ -66,10 +66,7 @@ int agilent_82350b_accel_read(gpib_board_t *board, uint8_t *buffer, size_t lengt
int j;
int count;
- if (num_fifo_bytes - i < agilent_82350b_fifo_size)
- block_size = num_fifo_bytes - i;
- else
- block_size = agilent_82350b_fifo_size;
+ block_size = min(num_fifo_bytes - i, agilent_82350b_fifo_size);
set_transfer_counter(a_priv, block_size);
writeb(ENABLE_TI_TO_SRAM | DIRECTION_GPIB_TO_HOST,
a_priv->gpib_base + SRAM_ACCESS_CONTROL_REG);
@@ -200,10 +197,7 @@ int agilent_82350b_accel_write(gpib_board_t *board, uint8_t *buffer, size_t leng
for (i = 1; i < fifotransferlength;) {
clear_bit(WRITE_READY_BN, &tms_priv->state);
- if (fifotransferlength - i < agilent_82350b_fifo_size)
- block_size = fifotransferlength - i;
- else
- block_size = agilent_82350b_fifo_size;
+ block_size = min(fifotransferlength - i, agilent_82350b_fifo_size);
set_transfer_counter(a_priv, block_size);
for (j = 0; j < block_size; ++j, ++i) {
// load data into board's sram
--
2.39.5
4 months, 3 weeks
- 3
- 34
[PATCH AUTOSEL 6.13 01/28] staging: gpib: Use min for calculating transfer length
by Sasha Levin
From: Dave Penkler <dpenkler(a)gmail.com>
[ Upstream commit 76d54fd5471b10ee993c217928a39d7351eaff5c ]
In the accel read and write functions the transfer length
was being calculated by an if statement setting it to
the lesser of the remaining bytes to read/write and the
fifo size.
Replace both instances with min() which is clearer and
more compact.
Reported-by: kernel test robot <lkp(a)intel.com>
Reported-by: Julia Lawall <julia.lawall(a)inria.fr>
Closes: https://lore.kernel.org/r/202501182153.qHfL4Fbc-lkp@intel.com/
Signed-off-by: Dave Penkler <dpenkler(a)gmail.com>
Link: https://lore.kernel.org/r/20250120145030.29684-1-dpenkler@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/drivers/staging/gpib/agilent_82350b/agilent_82350b.c b/drivers/staging/gpib/agilent_82350b/agilent_82350b.c
index 8e2334fe5c9b8..533cc956b3f6c 100644
--- a/drivers/staging/gpib/agilent_82350b/agilent_82350b.c
+++ b/drivers/staging/gpib/agilent_82350b/agilent_82350b.c
@@ -69,10 +69,7 @@ int agilent_82350b_accel_read(gpib_board_t *board, uint8_t *buffer, size_t lengt
int j;
int count;
- if (num_fifo_bytes - i < agilent_82350b_fifo_size)
- block_size = num_fifo_bytes - i;
- else
- block_size = agilent_82350b_fifo_size;
+ block_size = min(num_fifo_bytes - i, agilent_82350b_fifo_size);
set_transfer_counter(a_priv, block_size);
writeb(ENABLE_TI_TO_SRAM | DIRECTION_GPIB_TO_HOST,
a_priv->gpib_base + SRAM_ACCESS_CONTROL_REG);
@@ -203,10 +200,7 @@ int agilent_82350b_accel_write(gpib_board_t *board, uint8_t *buffer, size_t leng
for (i = 1; i < fifotransferlength;) {
clear_bit(WRITE_READY_BN, &tms_priv->state);
- if (fifotransferlength - i < agilent_82350b_fifo_size)
- block_size = fifotransferlength - i;
- else
- block_size = agilent_82350b_fifo_size;
+ block_size = min(fifotransferlength - i, agilent_82350b_fifo_size);
set_transfer_counter(a_priv, block_size);
for (j = 0; j < block_size; ++j, ++i) {
// load data into board's sram
--
2.39.5
4 months, 3 weeks
- 2
- 30
[PATCH AUTOSEL 6.13 01/34] KVM: s390: Don't use %pK through tracepoints
by Sasha Levin
From: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
[ Upstream commit 6c9567e0850be2f0f94ab64fa6512413fd1a1eb1 ]
Restricted pointers ("%pK") are not meant to be used through TP_format().
It can unintentionally expose security sensitive, raw pointer values.
Use regular pointer formatting instead.
Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c70704…
Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
Reviewed-by: Michael Mueller <mimu(a)linux.ibm.com>
Link: https://lore.kernel.org/r/20250217-restricted-pointers-s390-v1-1-0e4ace75d8…
Signed-off-by: Janosch Frank <frankja(a)linux.ibm.com>
Message-ID: <20250217-restricted-pointers-s390-v1-1-0e4ace75d8aa(a)linutronix.de>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
arch/s390/kvm/trace-s390.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/s390/kvm/trace-s390.h b/arch/s390/kvm/trace-s390.h
index 9ac92dbf680db..9e28f165c114c 100644
--- a/arch/s390/kvm/trace-s390.h
+++ b/arch/s390/kvm/trace-s390.h
@@ -56,7 +56,7 @@ TRACE_EVENT(kvm_s390_create_vcpu,
__entry->sie_block = sie_block;
),
- TP_printk("create cpu %d at 0x%pK, sie block at 0x%pK",
+ TP_printk("create cpu %d at 0x%p, sie block at 0x%p",
__entry->id, __entry->vcpu, __entry->sie_block)
);
@@ -255,7 +255,7 @@ TRACE_EVENT(kvm_s390_enable_css,
__entry->kvm = kvm;
),
- TP_printk("enabling channel I/O support (kvm @ %pK)\n",
+ TP_printk("enabling channel I/O support (kvm @ %p)\n",
__entry->kvm)
);
--
2.39.5
4 months, 3 weeks
- 2
- 35
[PATCH] PCI: dw-rockchip: Fix function call sequence in rockchip_pcie_phy_deinit
by Diederik de Haas
The documentation for the phy_power_off() function explicitly says
Must be called before phy_exit().
So let's follow that instruction.
Fixes: 0e898eb8df4e ("PCI: rockchip-dwc: Add Rockchip RK356X host controller driver")
Cc: stable(a)vger.kernel.org # v5.15+
Signed-off-by: Diederik de Haas <didi.debian(a)cknow.org>
---
drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/controller/dwc/pcie-dw-rockchip.c b/drivers/pci/controller/dwc/pcie-dw-rockchip.c
index c624b7ebd118..4f92639650e3 100644
--- a/drivers/pci/controller/dwc/pcie-dw-rockchip.c
+++ b/drivers/pci/controller/dwc/pcie-dw-rockchip.c
@@ -410,8 +410,8 @@ static int rockchip_pcie_phy_init(struct rockchip_pcie *rockchip)
static void rockchip_pcie_phy_deinit(struct rockchip_pcie *rockchip)
{
- phy_exit(rockchip->phy);
phy_power_off(rockchip->phy);
+ phy_exit(rockchip->phy);
}
static const struct dw_pcie_ops dw_pcie_ops = {
--
2.49.0
4 months, 3 weeks
- 5
- 6
[PATCH 6.1.y] jfs: define xtree root and page independently
by Aditya Dutt
From: Dave Kleikamp <dave.kleikamp(a)oracle.com>
[ Upstream commit a779ed754e52d582b8c0e17959df063108bd0656 ]
In order to make array bounds checking sane, provide a separate
definition of the in-inode xtree root and the external xtree page.
Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com>
Tested-by: Manas Ghandat <ghandatmanas(a)gmail.com>
(cherry picked from commit a779ed754e52d582b8c0e17959df063108bd0656)
Closes: https://syzkaller.appspot.com/bug?extid=7cb897779f3c479d0615
Closes: https://syzkaller.appspot.com/bug?extid=6b1d79dad6cc6b3eef41
Closes: https://syzkaller.appspot.com/bug?extid=67f714a53ce18d5b542e
Closes: https://syzkaller.appspot.com/bug?extid=e829cfdd0de521302df4
Reported-by: syzbot+7cb897779f3c479d0615(a)syzkaller.appspotmail.com
Reported-by: syzbot+6b1d79dad6cc6b3eef41(a)syzkaller.appspotmail.com
Reported-by: syzbot+67f714a53ce18d5b542e(a)syzkaller.appspotmail.com
Reported-by: syzbot+e829cfdd0de521302df4(a)syzkaller.appspotmail.com
Signed-off-by: Aditya Dutt <duttaditya18(a)gmail.com>
---
I am sending this as per the suggestion by Greg to submit backports for
all the relevant stable trees:
https://lore.kernel.org/stable/2025042210-stylized-nearest-ea59@gregkh/
I will send one more mail for 5.15.
This patch has been applied in >= 6.12
and has been backported to 6.6: 2ff51719ec615e1b373c1811443efe93594c41a9
syzbot checked the patch against 6.1.y and confirmed that the
reproducer did not trigger any issues. check here:
https://lore.kernel.org/all/680e4455.050a0220.3b8549.0082.GAE@google.com/
I also tested the patch manually using the C reproducer:
https://syzkaller.appspot.com/text?tag=ReproC&x=15b291ef680000
(given in the syzkaller dashboard link)
fs/jfs/jfs_dinode.h | 2 +-
fs/jfs/jfs_imap.c | 6 +++---
fs/jfs/jfs_incore.h | 2 +-
fs/jfs/jfs_txnmgr.c | 4 ++--
fs/jfs/jfs_xtree.c | 4 ++--
fs/jfs/jfs_xtree.h | 37 +++++++++++++++++++++++--------------
6 files changed, 32 insertions(+), 23 deletions(-)
diff --git a/fs/jfs/jfs_dinode.h b/fs/jfs/jfs_dinode.h
index 6b231d0d0071..603aae17a693 100644
--- a/fs/jfs/jfs_dinode.h
+++ b/fs/jfs/jfs_dinode.h
@@ -96,7 +96,7 @@ struct dinode {
#define di_gengen u._file._u1._imap._gengen
union {
- xtpage_t _xtroot;
+ xtroot_t _xtroot;
struct {
u8 unused[16]; /* 16: */
dxd_t _dxd; /* 16: */
diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c
index 155f66812934..9adb29e7862c 100644
--- a/fs/jfs/jfs_imap.c
+++ b/fs/jfs/jfs_imap.c
@@ -673,7 +673,7 @@ int diWrite(tid_t tid, struct inode *ip)
* This is the special xtree inside the directory for storing
* the directory table
*/
- xtpage_t *p, *xp;
+ xtroot_t *p, *xp;
xad_t *xad;
jfs_ip->xtlid = 0;
@@ -687,7 +687,7 @@ int diWrite(tid_t tid, struct inode *ip)
* copy xtree root from inode to dinode:
*/
p = &jfs_ip->i_xtroot;
- xp = (xtpage_t *) &dp->di_dirtable;
+ xp = (xtroot_t *) &dp->di_dirtable;
lv = ilinelock->lv;
for (n = 0; n < ilinelock->index; n++, lv++) {
memcpy(&xp->xad[lv->offset], &p->xad[lv->offset],
@@ -716,7 +716,7 @@ int diWrite(tid_t tid, struct inode *ip)
* regular file: 16 byte (XAD slot) granularity
*/
if (type & tlckXTREE) {
- xtpage_t *p, *xp;
+ xtroot_t *p, *xp;
xad_t *xad;
/*
diff --git a/fs/jfs/jfs_incore.h b/fs/jfs/jfs_incore.h
index 721def69e732..dd4264aa9bed 100644
--- a/fs/jfs/jfs_incore.h
+++ b/fs/jfs/jfs_incore.h
@@ -66,7 +66,7 @@ struct jfs_inode_info {
lid_t xtlid; /* lid of xtree lock on directory */
union {
struct {
- xtpage_t _xtroot; /* 288: xtree root */
+ xtroot_t _xtroot; /* 288: xtree root */
struct inomap *_imap; /* 4: inode map header */
} file;
struct {
diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c
index ce4b4760fcb1..dccc8b3f1045 100644
--- a/fs/jfs/jfs_txnmgr.c
+++ b/fs/jfs/jfs_txnmgr.c
@@ -783,7 +783,7 @@ struct tlock *txLock(tid_t tid, struct inode *ip, struct metapage * mp,
if (mp->xflag & COMMIT_PAGE)
p = (xtpage_t *) mp->data;
else
- p = &jfs_ip->i_xtroot;
+ p = (xtpage_t *) &jfs_ip->i_xtroot;
xtlck->lwm.offset =
le16_to_cpu(p->header.nextindex);
}
@@ -1676,7 +1676,7 @@ static void xtLog(struct jfs_log * log, struct tblock * tblk, struct lrd * lrd,
if (tlck->type & tlckBTROOT) {
lrd->log.redopage.type |= cpu_to_le16(LOG_BTROOT);
- p = &JFS_IP(ip)->i_xtroot;
+ p = (xtpage_t *) &JFS_IP(ip)->i_xtroot;
if (S_ISDIR(ip->i_mode))
lrd->log.redopage.type |=
cpu_to_le16(LOG_DIR_XTREE);
diff --git a/fs/jfs/jfs_xtree.c b/fs/jfs/jfs_xtree.c
index 2d304cee884c..5ee618d17e77 100644
--- a/fs/jfs/jfs_xtree.c
+++ b/fs/jfs/jfs_xtree.c
@@ -1213,7 +1213,7 @@ xtSplitRoot(tid_t tid,
struct xtlock *xtlck;
int rc;
- sp = &JFS_IP(ip)->i_xtroot;
+ sp = (xtpage_t *) &JFS_IP(ip)->i_xtroot;
INCREMENT(xtStat.split);
@@ -2098,7 +2098,7 @@ int xtAppend(tid_t tid, /* transaction id */
*/
void xtInitRoot(tid_t tid, struct inode *ip)
{
- xtpage_t *p;
+ xtroot_t *p;
/*
* acquire a transaction lock on the root
diff --git a/fs/jfs/jfs_xtree.h b/fs/jfs/jfs_xtree.h
index 142caafc73b1..15da4e16d8b2 100644
--- a/fs/jfs/jfs_xtree.h
+++ b/fs/jfs/jfs_xtree.h
@@ -65,24 +65,33 @@ struct xadlist {
#define XTPAGEMAXSLOT 256
#define XTENTRYSTART 2
-/*
- * xtree page:
- */
-typedef union {
- struct xtheader {
- __le64 next; /* 8: */
- __le64 prev; /* 8: */
+struct xtheader {
+ __le64 next; /* 8: */
+ __le64 prev; /* 8: */
- u8 flag; /* 1: */
- u8 rsrvd1; /* 1: */
- __le16 nextindex; /* 2: next index = number of entries */
- __le16 maxentry; /* 2: max number of entries */
- __le16 rsrvd2; /* 2: */
+ u8 flag; /* 1: */
+ u8 rsrvd1; /* 1: */
+ __le16 nextindex; /* 2: next index = number of entries */
+ __le16 maxentry; /* 2: max number of entries */
+ __le16 rsrvd2; /* 2: */
- pxd_t self; /* 8: self */
- } header; /* (32) */
+ pxd_t self; /* 8: self */
+};
+/*
+ * xtree root (in inode):
+ */
+typedef union {
+ struct xtheader header;
xad_t xad[XTROOTMAXSLOT]; /* 16 * maxentry: xad array */
+} xtroot_t;
+
+/*
+ * xtree page:
+ */
+typedef union {
+ struct xtheader header;
+ xad_t xad[XTPAGEMAXSLOT]; /* 16 * maxentry: xad array */
} xtpage_t;
/*
--
2.34.1
4 months, 3 weeks
- 1
- 0
[PATCH v4] arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
by Wojciech Dubowik
Define vqmmc regulator-gpio for usdhc2 with vin-supply
coming from LDO5.
Without this definition LDO5 will be powered down, disabling
SD card after bootup. This has been introduced in commit
f5aab0438ef1 ("regulator: pca9450: Fix enable register for LDO5").
Fixes: 6a57f224f734 ("arm64: dts: freescale: add initial support for verdin imx8m mini")
Tested-by: Manuel Traut <manuel.traut(a)mt.com>
Reviewed-by: Philippe Schenker <philippe.schenker(a)impulsing.ch>
Tested-by: Francesco Dolcini <francesco.dolcini(a)toradex.com>
Reviewed-by: Francesco Dolcini <francesco.dolcini(a)toradex.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik(a)mt.com>
---
v1 -> v2: https://lore.kernel.org/all/20250417112012.785420-1-Wojciech.Dubowik@mt.com/
- define gpio regulator for LDO5 vin controlled by vselect signal
v2 -> v3: https://lore.kernel.org/all/20250422130127.GA238494@francesco-nb/
- specify vselect as gpio
v3 -> v4: https://lore.kernel.org/all/84dc6fdf295902044d49cafc4479eb75477bba5c.camel@…
- add reviewed and tested by tags and changed fixes
---
.../boot/dts/freescale/imx8mm-verdin.dtsi | 25 +++++++++++++++----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi b/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi
index 7251ad3a0017..b46566f3ce20 100644
--- a/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi
@@ -144,6 +144,19 @@ reg_usdhc2_vmmc: regulator-usdhc2 {
startup-delay-us = <20000>;
};
+ reg_usdhc2_vqmmc: regulator-usdhc2-vqmmc {
+ compatible = "regulator-gpio";
+ pinctrl-names = "default";
+ pinctrl-0 = <&pinctrl_usdhc2_vsel>;
+ gpios = <&gpio1 4 GPIO_ACTIVE_HIGH>;
+ regulator-max-microvolt = <3300000>;
+ regulator-min-microvolt = <1800000>;
+ states = <1800000 0x1>,
+ <3300000 0x0>;
+ regulator-name = "PMIC_USDHC_VSELECT";
+ vin-supply = <®_nvcc_sd>;
+ };
+
reserved-memory {
#address-cells = <2>;
#size-cells = <2>;
@@ -269,7 +282,7 @@ &gpio1 {
"SODIMM_19",
"",
"",
- "",
+ "PMIC_USDHC_VSELECT",
"",
"",
"",
@@ -785,6 +798,7 @@ &usdhc2 {
pinctrl-2 = <&pinctrl_usdhc2_200mhz>, <&pinctrl_usdhc2_cd>;
pinctrl-3 = <&pinctrl_usdhc2_sleep>, <&pinctrl_usdhc2_cd_sleep>;
vmmc-supply = <®_usdhc2_vmmc>;
+ vqmmc-supply = <®_usdhc2_vqmmc>;
};
&wdog1 {
@@ -1206,13 +1220,17 @@ pinctrl_usdhc2_pwr_en: usdhc2pwrengrp {
<MX8MM_IOMUXC_NAND_CLE_GPIO3_IO5 0x6>; /* SODIMM 76 */
};
+ pinctrl_usdhc2_vsel: usdhc2vselgrp {
+ fsl,pins =
+ <MX8MM_IOMUXC_GPIO1_IO04_GPIO1_IO4 0x10>; /* PMIC_USDHC_VSELECT */
+ };
+
/*
* Note: Due to ERR050080 we use discrete external on-module resistors pulling-up to the
* on-module +V3.3_1.8_SD (LDO5) rail and explicitly disable the internal pull-ups here.
*/
pinctrl_usdhc2: usdhc2grp {
fsl,pins =
- <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>,
<MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x90>, /* SODIMM 78 */
<MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x90>, /* SODIMM 74 */
<MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x90>, /* SODIMM 80 */
@@ -1223,7 +1241,6 @@ pinctrl_usdhc2: usdhc2grp {
pinctrl_usdhc2_100mhz: usdhc2-100mhzgrp {
fsl,pins =
- <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>,
<MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x94>,
<MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x94>,
<MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x94>,
@@ -1234,7 +1251,6 @@ pinctrl_usdhc2_100mhz: usdhc2-100mhzgrp {
pinctrl_usdhc2_200mhz: usdhc2-200mhzgrp {
fsl,pins =
- <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>,
<MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x96>,
<MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x96>,
<MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x96>,
@@ -1246,7 +1262,6 @@ pinctrl_usdhc2_200mhz: usdhc2-200mhzgrp {
/* Avoid backfeeding with removed card power */
pinctrl_usdhc2_sleep: usdhc2slpgrp {
fsl,pins =
- <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x0>,
<MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x0>,
<MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x0>,
<MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x0>,
--
2.47.2
4 months, 4 weeks
- 3
- 2
Hope to hear from you soon..
by MRS NORAH JANE
My Dear,
I am pleased to find your email address via google search when i was
searching for my lost childhood friend which I have not seen for the
past 30 years, i have been searching for him on all social media
platforms to no avail. Actually I was searching for him because of my
health, which started since covid 19, 2020, covid 19 killed every
member of my family, I am the only surviving member.
I Survived the pandemic through the assistance of the CDC, But my life
has never remained the same since ever then. my heart and lungs is
Severely affected and damaged, my life is gradually fading away before
me.
I was searching for my childhood friend to be the beneficiary of my
family estate and funds in the bank. When I saw your name there was
something fascinating about it. Please can you grant me the
opportunity to make you the beneficiary. I shall be awaiting your
response for more details.
Thanks
Mrs Norah Jane
4 months, 4 weeks
- 1
- 0
[PATCH 1/2] drm/dp: Correct Write_Status_Update_Request handling
by Wayne Lin
[Why]
Notice few problems under I2C-write-over-Aux with
Write_Status_Update_Request flag set cases:
- I2C-write-over-Aux request with
Write_Status_Update_Request flag set won't get sent
upon the reply of I2C_ACK|AUX_ACK followed by “M”
Value. Now just set the flag but won't send out
- The I2C-over-Aux request command with
Write_Status_Update_Request flag set is incorrect.
Should be "SYNC->COM3:0 (= 0110)|0000-> 0000|0000->
0|7-bit I2C address (the same as the last)-> STOP->".
Address only transaction without length and data.
- Upon I2C_DEFER|AUX_ACK Reply for I2C-read-over-Aux,
soure should repeat the identical I2C-read-over-AUX
transaction with the same LEN value. Not with
Write_Status_Update_Request set.
[How]
Refer to DP v2.1: 2.11.7.1.5.3 & 2.11.7.1.5.4
- Clean aux msg buffer and size when constructing
write status update request.
- Send out Write_Status_Update_Request upon reply of
I2C_ACK|AUX_ACK followed by “M”
- Send Write_Status_Update_Request upon I2C_DEFER|AUX_ACK
reply only when the request is I2C-write-over-Aux.
Fixes: 68ec2a2a2481 ("drm/dp: Use I2C_WRITE_STATUS_UPDATE to drain partial I2C_WRITE requests")
Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Cc: Jani Nikula <jani.nikula(a)intel.com>
Cc: Mario Limonciello <mario.limonciello(a)amd.com>
Cc: Harry Wentland <harry.wentland(a)amd.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com>
---
drivers/gpu/drm/display/drm_dp_helper.c | 27 +++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index 6ee51003de3c..28f0708c3b27 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -1631,6 +1631,12 @@ static void drm_dp_i2c_msg_write_status_update(struct drm_dp_aux_msg *msg)
msg->request &= DP_AUX_I2C_MOT;
msg->request |= DP_AUX_I2C_WRITE_STATUS_UPDATE;
}
+
+ /*
+ * Address only transaction
+ */
+ msg->buffer = NULL;
+ msg->size = 0;
}
#define AUX_PRECHARGE_LEN 10 /* 10 to 16 */
@@ -1797,10 +1803,22 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg)
case DP_AUX_I2C_REPLY_ACK:
/*
* Both native ACK and I2C ACK replies received. We
- * can assume the transfer was successful.
+ * can't assume the transfer was completed. Both I2C
+ * WRITE/READ request may get I2C ack reply with partially
+ * completion. We have to continue to poll for the
+ * completion of the request.
*/
- if (ret != msg->size)
- drm_dp_i2c_msg_write_status_update(msg);
+ if (ret != msg->size) {
+ drm_dbg_kms(aux->drm_dev,
+ "%s: I2C partially ack (result=%d, size=%zu)\n",
+ aux->name, ret, msg->size);
+ if (!(msg->request & DP_AUX_I2C_READ)) {
+ usleep_range(AUX_RETRY_INTERVAL, AUX_RETRY_INTERVAL + 100);
+ drm_dp_i2c_msg_write_status_update(msg);
+ }
+
+ continue;
+ }
return ret;
case DP_AUX_I2C_REPLY_NACK:
@@ -1819,7 +1837,8 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg)
if (defer_i2c < 7)
defer_i2c++;
usleep_range(AUX_RETRY_INTERVAL, AUX_RETRY_INTERVAL + 100);
- drm_dp_i2c_msg_write_status_update(msg);
+ if (!(msg->request & DP_AUX_I2C_READ))
+ drm_dp_i2c_msg_write_status_update(msg);
continue;
--
2.43.0
4 months, 4 weeks
- 3
- 2
[PATCH] MIPS: CPS: Fix potential NULL pointer dereferences in cps_prepare_cpus()
by Thorsten Blum
Check the return values of kcalloc() and exit early to avoid potential
NULL pointer dereferences.
Compile-tested only.
Cc: stable(a)vger.kernel.org
Fixes: 75fa6a583882e ("MIPS: CPS: Introduce struct cluster_boot_config")
Fixes: 0856c143e1cd3 ("MIPS: CPS: Boot CPUs in secondary clusters")
Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev>
---
arch/mips/kernel/smp-cps.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/mips/kernel/smp-cps.c b/arch/mips/kernel/smp-cps.c
index e85bd087467e..cc26d56f3ab6 100644
--- a/arch/mips/kernel/smp-cps.c
+++ b/arch/mips/kernel/smp-cps.c
@@ -332,6 +332,8 @@ static void __init cps_prepare_cpus(unsigned int max_cpus)
mips_cps_cluster_bootcfg = kcalloc(nclusters,
sizeof(*mips_cps_cluster_bootcfg),
GFP_KERNEL);
+ if (!mips_cps_cluster_bootcfg)
+ goto err_out;
if (nclusters > 1)
mips_cm_update_property();
@@ -348,6 +350,8 @@ static void __init cps_prepare_cpus(unsigned int max_cpus)
mips_cps_cluster_bootcfg[cl].core_power =
kcalloc(BITS_TO_LONGS(ncores), sizeof(unsigned long),
GFP_KERNEL);
+ if (!mips_cps_cluster_bootcfg[cl].core_power)
+ goto err_out;
/* Allocate VPE boot configuration structs */
for (c = 0; c < ncores; c++) {
--
2.49.0
4 months, 4 weeks
- 2
- 1
[PATCH v3] mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
by Khem Raj
GCC 15 changed the default C standard dialect from gnu17 to gnu23,
which should not have impacted the kernel because it explicitly requests
the gnu11 standard in the main Makefile. However, mips/vdso code uses
its own CFLAGS without a '-std=' value, which break with this dialect
change because of the kernel's own definitions of bool, false, and true
conflicting with the C23 reserved keywords.
include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant
11 | false = 0,
| ^~~~~
include/linux/stddef.h:11:9: note: 'false' is a keyword with '-std=c23' onwards
include/linux/types.h:35:33: error: 'bool' cannot be defined via 'typedef'
35 | typedef _Bool bool;
| ^~~~
include/linux/types.h:35:33: note: 'bool' is a keyword with '-std=c23' onwards
Add -std as specified in KBUILD_CFLAGS to the decompressor and purgatory
CFLAGS to eliminate these errors and make the C standard version of these
areas match the rest of the kernel.
Signed-off-by: Khem Raj <raj.khem(a)gmail.com>
Cc: stable(a)vger.kernel.org
---
v2: Filter the -std flag from KBUILD_CFLAGS instead of hardcoding
v3: Adjust subject and commit message
arch/mips/vdso/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/mips/vdso/Makefile b/arch/mips/vdso/Makefile
index fb4c493aaffa..69d4593f64fe 100644
--- a/arch/mips/vdso/Makefile
+++ b/arch/mips/vdso/Makefile
@@ -27,6 +27,7 @@ endif
# offsets.
cflags-vdso := $(ccflags-vdso) \
$(filter -W%,$(filter-out -Wa$(comma)%,$(KBUILD_CFLAGS))) \
+ $(filter -std=%,$(KBUILD_CFLAGS)) \
-O3 -g -fPIC -fno-strict-aliasing -fno-common -fno-builtin -G 0 \
-mrelax-pic-calls $(call cc-option, -mexplicit-relocs) \
-fno-stack-protector -fno-jump-tables -DDISABLE_BRANCH_PROFILING \
4 months, 4 weeks
- 2
- 1
[PATCH 0/3 V2] Fix erroneous ioctl returns
by Dave Penkler
Recent tests with timeouts > INT_MAX produced random error returns
with usbtmc_get_stb. This was caused by assigning the return value
of wait_event_interruptible_timeout to an int which overflowed to
negative values. Also return value on success was the remaining
number of jiffies instead of 0.
These patches fix all the cases where the return of
wait_event_interruptible_timeout was assigned to an int and
the case of the remaining jiffies return in usbtmc_get_stb.
Patch 1: Fixes usbtmc_get_stb
Patch 2: Fixes usbtmc488_ioctl_wait_srq
Patch 3: Fixes usbtmc_generic_read
Dave Penkler (3):
usb: usbtmc: Fix erroneous get_stb ioctl error returns
usb: usbtmc: Fix erroneous wait_srq ioctl return
usb: usbtmc: Fix erroneous generic_read ioctl return
drivers/usb/class/usbtmc.c | 53 ++++++++++++++++++++++----------------
1 file changed, 31 insertions(+), 22 deletions(-)
--
Changes V1 => V2 Add cc to stable line
2.49.0
4 months, 4 weeks
- 1
- 3
BUG:KASAN: slab-use-after-free Read in jfs_lazycommit in linux6.12.24 and linux6.12.25(longterm maintenance)
by Jianzhou Zhao
Hello, I found a potential bug titled " KASAN: slab-use-after-free Read in jfs_lazycommit " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025) and the Linux6.12.25(longterm maintenance, last updated on April 25, 2025)
I will put the C language reproduction program for this bug at the end.
If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com>
The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e
kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132
compiler: gcc version 11.4.0
------------[ cut here ]-----------------------------------------
TITLE: KASAN: slab-use-after-free Read in jfs_lazycommit
------------[ cut here ]------------
==================================================================
BUG: KASAN: slab-use-after-free in jfs_lazycommit+0xa1f/0xb10 fs/jfs/jfs_txnmgr.c:2736
Read of size 4 at addr ffff888060f7de94 by task jfsCommit/123
CPU: 1 UID: 0 PID: 123 Comm: jfsCommit Not tainted 6.12.24 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc0/0x5e0 mm/kasan/report.c:488
kasan_report+0xbd/0xf0 mm/kasan/report.c:601
jfs_lazycommit+0xa1f/0xb10 fs/jfs/jfs_txnmgr.c:2736
kthread+0x2c7/0x3b0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Allocated by task 18638:
kasan_save_stack+0x24/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
kmalloc_noprof include/linux/slab.h:878 [inline]
kzalloc_noprof include/linux/slab.h:1014 [inline]
jfs_fill_super+0xdd/0xd40 fs/jfs/super.c:495
mount_bdev+0x1e9/0x2e0 fs/super.c:1693
legacy_get_tree+0x109/0x220 fs/fs_context.c:662
vfs_get_tree+0x94/0x380 fs/super.c:1814
do_new_mount fs/namespace.c:3512 [inline]
path_mount+0x6b2/0x1ea0 fs/namespace.c:3839
do_mount fs/namespace.c:3852 [inline]
__do_sys_mount fs/namespace.c:4062 [inline]
__se_sys_mount fs/namespace.c:4039 [inline]
__x64_sys_mount+0x284/0x310 fs/namespace.c:4039
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 9521:
kasan_save_stack+0x24/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x54/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2363 [inline]
slab_free mm/slub.c:4601 [inline]
kfree+0x14b/0x4b0 mm/slub.c:4749
generic_shutdown_super+0x15c/0x3d0 fs/super.c:642
kill_block_super+0x3b/0x90 fs/super.c:1710
deactivate_locked_super+0xbc/0x1a0 fs/super.c:473
deactivate_super+0xb1/0xd0 fs/super.c:506
cleanup_mnt+0x2df/0x430 fs/namespace.c:1373
task_work_run+0x169/0x260 kernel/task_work.c:239
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xd8/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The buggy address belongs to the object at ffff888060f7de00
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 148 bytes inside of
freed 256-byte region [ffff888060f7de00, ffff888060f7df00)
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888060f7c800 pfn:0x60f7c
head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 04fff00000000040 ffff88801ac41b40 0000000000000000 dead000000000001
raw: ffff888060f7c800 000000000010000f 00000001f5000000 0000000000000000
head: 04fff00000000040 ffff88801ac41b40 0000000000000000 dead000000000001
head: ffff888060f7c800 000000000010000f 00000001f5000000 0000000000000000
head: 04fff00000000001 ffffea000183df01 ffffffffffffffff 0000000000000000
head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 9543, tgid 9543 (syz-executor), ts 103433205575, free_ts 103378736576
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x2e7/0x350 mm/page_alloc.c:1558
prep_new_page mm/page_alloc.c:1566 [inline]
get_page_from_freelist+0xe4e/0x2b20 mm/page_alloc.c:3476
__alloc_pages_noprof+0x219/0x21f0 mm/page_alloc.c:4754
alloc_pages_mpol_noprof+0x2b6/0x600 mm/mempolicy.c:2269
alloc_slab_page mm/slub.c:2433 [inline]
allocate_slab mm/slub.c:2599 [inline]
new_slab+0x2d5/0x420 mm/slub.c:2652
___slab_alloc+0xbb7/0x1860 mm/slub.c:3840
__slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3930
__slab_alloc_node mm/slub.c:3983 [inline]
slab_alloc_node mm/slub.c:4144 [inline]
__do_kmalloc_node mm/slub.c:4285 [inline]
__kmalloc_noprof+0x388/0x430 mm/slub.c:4298
kmalloc_noprof include/linux/slab.h:882 [inline]
kmalloc_array_noprof include/linux/slab.h:923 [inline]
batadv_hash_new+0x6f/0x2f0 net/batman-adv/hash.c:52
batadv_bla_init+0x3ff/0x750 net/batman-adv/bridge_loop_avoidance.c:1567
batadv_mesh_init+0x529/0x9b0 net/batman-adv/main.c:212
batadv_softif_init_late+0xbd6/0xf40 net/batman-adv/soft-interface.c:812
register_netdevice+0x651/0x1bf0 net/core/dev.c:10484
batadv_softif_newlink+0x72/0xa0 net/batman-adv/soft-interface.c:1089
rtnl_newlink_create net/core/rtnetlink.c:3542 [inline]
__rtnl_newlink+0x1138/0x18e0 net/core/rtnetlink.c:3762
rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3775
page last free pid 26 tgid 26 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1127 [inline]
free_unref_page+0x714/0x10c0 mm/page_alloc.c:2659
vfree+0x172/0x940 mm/vmalloc.c:3378
delayed_vfree_work+0x57/0x70 mm/vmalloc.c:3298
process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232
process_scheduled_works kernel/workqueue.c:3314 [inline]
worker_thread+0x677/0xe90 kernel/workqueue.c:3395
kthread+0x2c7/0x3b0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Memory state around the buggy address:
ffff888060f7dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888060f7de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888060f7de80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888060f7df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888060f7df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
#define _GNU_SOURCE
#include <dirent.h>
#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <pthread.h>
#include <setjmp.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <time.h>
#include <unistd.h>
#include <linux/futex.h>
#include <linux/loop.h>
#ifndef __NR_memfd_create
#define __NR_memfd_create 319
#endif
static unsigned long long procid;
static void sleep_ms(uint64_t ms)
{
usleep(ms * 1000);
}
static uint64_t current_time_ms(void)
{
struct timespec ts;
if (clock_gettime(CLOCK_MONOTONIC, &ts))
exit(1);
return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000;
}
static void use_temporary_dir(void)
{
char tmpdir_template[] = "./syzkaller.XXXXXX";
char* tmpdir = mkdtemp(tmpdir_template);
if (!tmpdir)
exit(1);
if (chmod(tmpdir, 0777))
exit(1);
if (chdir(tmpdir))
exit(1);
}
static void thread_start(void* (*fn)(void*), void* arg)
{
pthread_t th;
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setstacksize(&attr, 128 << 10);
int i = 0;
for (; i < 100; i++) {
if (pthread_create(&th, &attr, fn, arg) == 0) {
pthread_attr_destroy(&attr);
return;
}
if (errno == EAGAIN) {
usleep(50);
continue;
}
break;
}
exit(1);
}
typedef struct {
int state;
} event_t;
static void event_init(event_t* ev)
{
ev->state = 0;
}
static void event_reset(event_t* ev)
{
ev->state = 0;
}
static void event_set(event_t* ev)
{
if (ev->state)
exit(1);
__atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE);
syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000);
}
static void event_wait(event_t* ev)
{
while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0);
}
static int event_isset(event_t* ev)
{
return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE);
}
static int event_timedwait(event_t* ev, uint64_t timeout)
{
uint64_t start = current_time_ms();
uint64_t now = start;
for (;;) {
uint64_t remain = timeout - (now - start);
struct timespec ts;
ts.tv_sec = remain / 1000;
ts.tv_nsec = (remain % 1000) * 1000 * 1000;
syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts);
if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
return 1;
now = current_time_ms();
if (now - start > timeout)
return 0;
}
}
static bool write_file(const char* file, const char* what, ...)
{
char buf[1024];
va_list args;
va_start(args, what);
vsnprintf(buf, sizeof(buf), what, args);
va_end(args);
buf[sizeof(buf) - 1] = 0;
int len = strlen(buf);
int fd = open(file, O_WRONLY | O_CLOEXEC);
if (fd == -1)
return false;
if (write(fd, buf, len) != len) {
int err = errno;
close(fd);
errno = err;
return false;
}
close(fd);
return true;
}
//% This code is derived from puff.{c,h}, found in the zlib development. The
//% original files come with the following copyright notice:
//% Copyright (C) 2002-2013 Mark Adler, all rights reserved
//% version 2.3, 21 Jan 2013
//% This software is provided 'as-is', without any express or implied
//% warranty. In no event will the author be held liable for any damages
//% arising from the use of this software.
//% Permission is granted to anyone to use this software for any purpose,
//% including commercial applications, and to alter it and redistribute it
//% freely, subject to the following restrictions:
//% 1. The origin of this software must not be misrepresented; you must not
//% claim that you wrote the original software. If you use this software
//% in a product, an acknowledgment in the product documentation would be
//% appreciated but is not required.
//% 2. Altered source versions must be plainly marked as such, and must not be
//% misrepresented as being the original software.
//% 3. This notice may not be removed or altered from any source distribution.
//% Mark Adler madler(a)alumni.caltech.edu
//% BEGIN CODE DERIVED FROM puff.{c,h}
#define MAXBITS 15
#define MAXLCODES 286
#define MAXDCODES 30
#define MAXCODES (MAXLCODES + MAXDCODES)
#define FIXLCODES 288
struct puff_state {
unsigned char* out;
unsigned long outlen;
unsigned long outcnt;
const unsigned char* in;
unsigned long inlen;
unsigned long incnt;
int bitbuf;
int bitcnt;
jmp_buf env;
};
static int puff_bits(struct puff_state* s, int need)
{
long val = s->bitbuf;
while (s->bitcnt < need) {
if (s->incnt == s->inlen)
longjmp(s->env, 1);
val |= (long)(s->in[s->incnt++]) << s->bitcnt;
s->bitcnt += 8;
}
s->bitbuf = (int)(val >> need);
s->bitcnt -= need;
return (int)(val & ((1L << need) - 1));
}
static int puff_stored(struct puff_state* s)
{
s->bitbuf = 0;
s->bitcnt = 0;
if (s->incnt + 4 > s->inlen)
return 2;
unsigned len = s->in[s->incnt++];
len |= s->in[s->incnt++] << 8;
if (s->in[s->incnt++] != (~len & 0xff) ||
s->in[s->incnt++] != ((~len >> 8) & 0xff))
return -2;
if (s->incnt + len > s->inlen)
return 2;
if (s->outcnt + len > s->outlen)
return 1;
for (; len--; s->outcnt++, s->incnt++) {
if (s->in[s->incnt])
s->out[s->outcnt] = s->in[s->incnt];
}
return 0;
}
struct puff_huffman {
short* count;
short* symbol;
};
static int puff_decode(struct puff_state* s, const struct puff_huffman* h)
{
int first = 0;
int index = 0;
int bitbuf = s->bitbuf;
int left = s->bitcnt;
int code = first = index = 0;
int len = 1;
short* next = h->count + 1;
while (1) {
while (left--) {
code |= bitbuf & 1;
bitbuf >>= 1;
int count = *next++;
if (code - count < first) {
s->bitbuf = bitbuf;
s->bitcnt = (s->bitcnt - len) & 7;
return h->symbol[index + (code - first)];
}
index += count;
first += count;
first <<= 1;
code <<= 1;
len++;
}
left = (MAXBITS + 1) - len;
if (left == 0)
break;
if (s->incnt == s->inlen)
longjmp(s->env, 1);
bitbuf = s->in[s->incnt++];
if (left > 8)
left = 8;
}
return -10;
}
static int puff_construct(struct puff_huffman* h, const short* length, int n)
{
int len;
for (len = 0; len <= MAXBITS; len++)
h->count[len] = 0;
int symbol;
for (symbol = 0; symbol < n; symbol++)
(h->count[length[symbol]])++;
if (h->count[0] == n)
return 0;
int left = 1;
for (len = 1; len <= MAXBITS; len++) {
left <<= 1;
left -= h->count[len];
if (left < 0)
return left;
}
short offs[MAXBITS + 1];
offs[1] = 0;
for (len = 1; len < MAXBITS; len++)
offs[len + 1] = offs[len] + h->count[len];
for (symbol = 0; symbol < n; symbol++)
if (length[symbol] != 0)
h->symbol[offs[length[symbol]]++] = symbol;
return left;
}
static int puff_codes(struct puff_state* s, const struct puff_huffman* lencode,
const struct puff_huffman* distcode)
{
static const short lens[29] = {3, 4, 5, 6, 7, 8, 9, 10, 11, 13,
15, 17, 19, 23, 27, 31, 35, 43, 51, 59,
67, 83, 99, 115, 131, 163, 195, 227, 258};
static const short lext[29] = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2,
2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0};
static const short dists[30] = {
1, 2, 3, 4, 5, 7, 9, 13, 17, 25,
33, 49, 65, 97, 129, 193, 257, 385, 513, 769,
1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577};
static const short dext[30] = {0, 0, 0, 0, 1, 1, 2, 2, 3, 3,
4, 4, 5, 5, 6, 6, 7, 7, 8, 8,
9, 9, 10, 10, 11, 11, 12, 12, 13, 13};
int symbol;
do {
symbol = puff_decode(s, lencode);
if (symbol < 0)
return symbol;
if (symbol < 256) {
if (s->outcnt == s->outlen)
return 1;
if (symbol)
s->out[s->outcnt] = symbol;
s->outcnt++;
} else if (symbol > 256) {
symbol -= 257;
if (symbol >= 29)
return -10;
int len = lens[symbol] + puff_bits(s, lext[symbol]);
symbol = puff_decode(s, distcode);
if (symbol < 0)
return symbol;
unsigned dist = dists[symbol] + puff_bits(s, dext[symbol]);
if (dist > s->outcnt)
return -11;
if (s->outcnt + len > s->outlen)
return 1;
while (len--) {
if (dist <= s->outcnt && s->out[s->outcnt - dist])
s->out[s->outcnt] = s->out[s->outcnt - dist];
s->outcnt++;
}
}
} while (symbol != 256);
return 0;
}
static int puff_fixed(struct puff_state* s)
{
static int virgin = 1;
static short lencnt[MAXBITS + 1], lensym[FIXLCODES];
static short distcnt[MAXBITS + 1], distsym[MAXDCODES];
static struct puff_huffman lencode, distcode;
if (virgin) {
lencode.count = lencnt;
lencode.symbol = lensym;
distcode.count = distcnt;
distcode.symbol = distsym;
short lengths[FIXLCODES];
int symbol;
for (symbol = 0; symbol < 144; symbol++)
lengths[symbol] = 8;
for (; symbol < 256; symbol++)
lengths[symbol] = 9;
for (; symbol < 280; symbol++)
lengths[symbol] = 7;
for (; symbol < FIXLCODES; symbol++)
lengths[symbol] = 8;
puff_construct(&lencode, lengths, FIXLCODES);
for (symbol = 0; symbol < MAXDCODES; symbol++)
lengths[symbol] = 5;
puff_construct(&distcode, lengths, MAXDCODES);
virgin = 0;
}
return puff_codes(s, &lencode, &distcode);
}
static int puff_dynamic(struct puff_state* s)
{
static const short order[19] = {16, 17, 18, 0, 8, 7, 9, 6, 10, 5,
11, 4, 12, 3, 13, 2, 14, 1, 15};
int nlen = puff_bits(s, 5) + 257;
int ndist = puff_bits(s, 5) + 1;
int ncode = puff_bits(s, 4) + 4;
if (nlen > MAXLCODES || ndist > MAXDCODES)
return -3;
short lengths[MAXCODES];
int index;
for (index = 0; index < ncode; index++)
lengths[order[index]] = puff_bits(s, 3);
for (; index < 19; index++)
lengths[order[index]] = 0;
short lencnt[MAXBITS + 1], lensym[MAXLCODES];
struct puff_huffman lencode = {lencnt, lensym};
int err = puff_construct(&lencode, lengths, 19);
if (err != 0)
return -4;
index = 0;
while (index < nlen + ndist) {
int symbol;
int len;
symbol = puff_decode(s, &lencode);
if (symbol < 0)
return symbol;
if (symbol < 16)
lengths[index++] = symbol;
else {
len = 0;
if (symbol == 16) {
if (index == 0)
return -5;
len = lengths[index - 1];
symbol = 3 + puff_bits(s, 2);
} else if (symbol == 17)
symbol = 3 + puff_bits(s, 3);
else
symbol = 11 + puff_bits(s, 7);
if (index + symbol > nlen + ndist)
return -6;
while (symbol--)
lengths[index++] = len;
}
}
if (lengths[256] == 0)
return -9;
err = puff_construct(&lencode, lengths, nlen);
if (err && (err < 0 || nlen != lencode.count[0] + lencode.count[1]))
return -7;
short distcnt[MAXBITS + 1], distsym[MAXDCODES];
struct puff_huffman distcode = {distcnt, distsym};
err = puff_construct(&distcode, lengths + nlen, ndist);
if (err && (err < 0 || ndist != distcode.count[0] + distcode.count[1]))
return -8;
return puff_codes(s, &lencode, &distcode);
}
static int puff(unsigned char* dest, unsigned long* destlen,
const unsigned char* source, unsigned long sourcelen)
{
struct puff_state s = {
.out = dest,
.outlen = *destlen,
.outcnt = 0,
.in = source,
.inlen = sourcelen,
.incnt = 0,
.bitbuf = 0,
.bitcnt = 0,
};
int err;
if (setjmp(s.env) != 0)
err = 2;
else {
int last;
do {
last = puff_bits(&s, 1);
int type = puff_bits(&s, 2);
err = type == 0 ? puff_stored(&s)
: (type == 1 ? puff_fixed(&s)
: (type == 2 ? puff_dynamic(&s) : -1));
if (err != 0)
break;
} while (!last);
}
*destlen = s.outcnt;
return err;
}
//% END CODE DERIVED FROM puff.{c,h}
#define ZLIB_HEADER_WIDTH 2
static int puff_zlib_to_file(const unsigned char* source,
unsigned long sourcelen, int dest_fd)
{
if (sourcelen < ZLIB_HEADER_WIDTH)
return 0;
source += ZLIB_HEADER_WIDTH;
sourcelen -= ZLIB_HEADER_WIDTH;
const unsigned long max_destlen = 132 << 20;
void* ret = mmap(0, max_destlen, PROT_WRITE | PROT_READ,
MAP_PRIVATE | MAP_ANON, -1, 0);
if (ret == MAP_FAILED)
return -1;
unsigned char* dest = (unsigned char*)ret;
unsigned long destlen = max_destlen;
int err = puff(dest, &destlen, source, sourcelen);
if (err) {
munmap(dest, max_destlen);
errno = -err;
return -1;
}
if (write(dest_fd, dest, destlen) != (ssize_t)destlen) {
munmap(dest, max_destlen);
return -1;
}
return munmap(dest, max_destlen);
}
static int setup_loop_device(unsigned char* data, unsigned long size,
const char* loopname, int* loopfd_p)
{
int err = 0, loopfd = -1;
int memfd = syscall(__NR_memfd_create, "syzkaller", 0);
if (memfd == -1) {
err = errno;
goto error;
}
if (puff_zlib_to_file(data, size, memfd)) {
err = errno;
goto error_close_memfd;
}
loopfd = open(loopname, O_RDWR);
if (loopfd == -1) {
err = errno;
goto error_close_memfd;
}
if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
if (errno != EBUSY) {
err = errno;
goto error_close_loop;
}
ioctl(loopfd, LOOP_CLR_FD, 0);
usleep(1000);
if (ioctl(loopfd, LOOP_SET_FD, memfd)) {
err = errno;
goto error_close_loop;
}
}
close(memfd);
*loopfd_p = loopfd;
return 0;
error_close_loop:
close(loopfd);
error_close_memfd:
close(memfd);
error:
errno = err;
return -1;
}
static void reset_loop_device(const char* loopname)
{
int loopfd = open(loopname, O_RDWR);
if (loopfd == -1) {
return;
}
if (ioctl(loopfd, LOOP_CLR_FD, 0)) {
}
close(loopfd);
}
static long syz_mount_image(volatile long fsarg, volatile long dir,
volatile long flags, volatile long optsarg,
volatile long change_dir,
volatile unsigned long size, volatile long image)
{
unsigned char* data = (unsigned char*)image;
int res = -1, err = 0, need_loop_device = !!size;
char* mount_opts = (char*)optsarg;
char* target = (char*)dir;
char* fs = (char*)fsarg;
char* source = NULL;
char loopname[64];
if (need_loop_device) {
int loopfd;
memset(loopname, 0, sizeof(loopname));
snprintf(loopname, sizeof(loopname), "/dev/loop%llu", procid);
if (setup_loop_device(data, size, loopname, &loopfd) == -1)
return -1;
close(loopfd);
source = loopname;
}
mkdir(target, 0777);
char opts[256];
memset(opts, 0, sizeof(opts));
if (strlen(mount_opts) > (sizeof(opts) - 32)) {
}
strncpy(opts, mount_opts, sizeof(opts) - 32);
if (strcmp(fs, "iso9660") == 0) {
flags |= MS_RDONLY;
} else if (strncmp(fs, "ext", 3) == 0) {
bool has_remount_ro = false;
char* remount_ro_start = strstr(opts, "errors=remount-ro");
if (remount_ro_start != NULL) {
char after = *(remount_ro_start + strlen("errors=remount-ro"));
char before = remount_ro_start == opts ? '\0' : *(remount_ro_start - 1);
has_remount_ro = ((before == '\0' || before == ',') &&
(after == '\0' || after == ','));
}
if (strstr(opts, "errors=panic") || !has_remount_ro)
strcat(opts, ",errors=continue");
} else if (strcmp(fs, "xfs") == 0) {
strcat(opts, ",nouuid");
}
res = mount(source, target, fs, flags, opts);
if (res == -1) {
err = errno;
goto error_clear_loop;
}
res = open(target, O_RDONLY | O_DIRECTORY);
if (res == -1) {
err = errno;
goto error_clear_loop;
}
if (change_dir) {
res = chdir(target);
if (res == -1) {
err = errno;
}
}
error_clear_loop:
if (need_loop_device)
reset_loop_device(loopname);
errno = err;
return res;
}
#define FS_IOC_SETFLAGS _IOW('f', 2, long)
static void remove_dir(const char* dir)
{
int iter = 0;
DIR* dp = 0;
const int umount_flags = MNT_FORCE | UMOUNT_NOFOLLOW;
retry:
while (umount2(dir, umount_flags) == 0) {
}
dp = opendir(dir);
if (dp == NULL) {
if (errno == EMFILE) {
exit(1);
}
exit(1);
}
struct dirent* ep = 0;
while ((ep = readdir(dp))) {
if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0)
continue;
char filename[FILENAME_MAX];
snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name);
while (umount2(filename, umount_flags) == 0) {
}
struct stat st;
if (lstat(filename, &st))
exit(1);
if (S_ISDIR(st.st_mode)) {
remove_dir(filename);
continue;
}
int i;
for (i = 0;; i++) {
if (unlink(filename) == 0)
break;
if (errno == EPERM) {
int fd = open(filename, O_RDONLY);
if (fd != -1) {
long flags = 0;
if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) {
}
close(fd);
continue;
}
}
if (errno == EROFS) {
break;
}
if (errno != EBUSY || i > 100)
exit(1);
if (umount2(filename, umount_flags))
exit(1);
}
}
closedir(dp);
for (int i = 0;; i++) {
if (rmdir(dir) == 0)
break;
if (i < 100) {
if (errno == EPERM) {
int fd = open(dir, O_RDONLY);
if (fd != -1) {
long flags = 0;
if (ioctl(fd, FS_IOC_SETFLAGS, &flags) == 0) {
}
close(fd);
continue;
}
}
if (errno == EROFS) {
break;
}
if (errno == EBUSY) {
if (umount2(dir, umount_flags))
exit(1);
continue;
}
if (errno == ENOTEMPTY) {
if (iter < 100) {
iter++;
goto retry;
}
}
}
exit(1);
}
}
static void kill_and_wait(int pid, int* status)
{
kill(-pid, SIGKILL);
kill(pid, SIGKILL);
for (int i = 0; i < 100; i++) {
if (waitpid(-1, status, WNOHANG | __WALL) == pid)
return;
usleep(1000);
}
DIR* dir = opendir("/sys/fs/fuse/connections");
if (dir) {
for (;;) {
struct dirent* ent = readdir(dir);
if (!ent)
break;
if (strcmp(ent->d_name, ".") == 0 || strcmp(ent->d_name, "..") == 0)
continue;
char abort[300];
snprintf(abort, sizeof(abort), "/sys/fs/fuse/connections/%s/abort",
ent->d_name);
int fd = open(abort, O_WRONLY);
if (fd == -1) {
continue;
}
if (write(fd, abort, 1) < 0) {
}
close(fd);
}
closedir(dir);
} else {
}
while (waitpid(-1, status, __WALL) != pid) {
}
}
static void reset_loop()
{
char buf[64];
snprintf(buf, sizeof(buf), "/dev/loop%llu", procid);
int loopfd = open(buf, O_RDWR);
if (loopfd != -1) {
ioctl(loopfd, LOOP_CLR_FD, 0);
close(loopfd);
}
}
static void setup_test()
{
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
setpgrp();
write_file("/proc/self/oom_score_adj", "1000");
if (symlink("/dev/binderfs", "./binderfs")) {
}
}
struct thread_t {
int created, call;
event_t ready, done;
};
static struct thread_t threads[16];
static void execute_call(int call);
static int running;
static void* thr(void* arg)
{
struct thread_t* th = (struct thread_t*)arg;
for (;;) {
event_wait(&th->ready);
event_reset(&th->ready);
execute_call(th->call);
__atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED);
event_set(&th->done);
}
return 0;
}
static void execute_one(void)
{
if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
}
int i, call, thread;
for (call = 0; call < 4; call++) {
for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0]));
thread++) {
struct thread_t* th = &threads[thread];
if (!th->created) {
th->created = 1;
event_init(&th->ready);
event_init(&th->done);
event_set(&th->done);
thread_start(thr, th);
}
if (!event_isset(&th->done))
continue;
event_reset(&th->done);
th->call = call;
__atomic_fetch_add(&running, 1, __ATOMIC_RELAXED);
event_set(&th->ready);
event_timedwait(&th->done, 50 + (call == 0 ? 4000 : 0));
break;
}
}
for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++)
sleep_ms(1);
}
static void execute_one(void);
#define WAIT_FLAGS __WALL
static void loop(void)
{
int iter = 0;
for (;; iter++) {
char cwdbuf[32];
sprintf(cwdbuf, "./%d", iter);
if (mkdir(cwdbuf, 0777))
exit(1);
reset_loop();
int pid = fork();
if (pid < 0)
exit(1);
if (pid == 0) {
if (chdir(cwdbuf))
exit(1);
setup_test();
execute_one();
exit(0);
}
int status = 0;
uint64_t start = current_time_ms();
for (;;) {
sleep_ms(10);
if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid)
break;
if (current_time_ms() - start < 5000)
continue;
kill_and_wait(pid, &status);
break;
}
remove_dir(cwdbuf);
}
}
uint64_t r[2] = {0xffffffffffffffff, 0xffffffffffffffff};
void execute_call(int call)
{
intptr_t res = 0;
switch (call) {
case 0:
memcpy((void*)0x200000000000, "jfs\000", 4);
memcpy((void*)0x2000000004c0, "./bus\000", 6);
memcpy(
(void*)0x200000010140,
"\x78\x9c\xec\xdd\x4d\x6f\x1d\x57\x19\x07\xf0\xe7\xbe\xf8\xfa\xa5\xb4"
"\x8d\x2a\x54\x85\x88\x85\x9b\x42\x69\x29\xcd\x7b\x02\xe5\xad\x29\x0b"
"\x16\xb0\x00\x09\x75\x4d\x22\xd7\xad\x02\x29\xa0\x24\x20\x5a\x59\xc4"
"\x95\x17\x88\x0d\xf0\x11\x60\xd3\x0d\x8b\x7e\x05\x3e\x40\x3f\x03\xe2"
"\x03\x10\xc9\x66\xd5\x05\x65\xd0\xd8\xe7\x24\xe3\xf1\x75\xae\x43\xe2"
"\x3b\xd7\x3e\xbf\x9f\x74\x33\xf3\xcc\xb9\x63\x9f\xc9\xdf\xe3\xb9\xd7"
"\x33\x73\x4f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\xf1\x83\xef\xff\xe4\x7c\x2f\x22\xae\xfd\x26\x2d\x38\x11\xf1\xb9"
"\x18\x44\xf4\x23\x16\xeb\x7a\x39\xea\x99\xab\xf9\xf9\xc3\x88\x38\x19"
"\xdb\xcd\xf1\x7c\x44\x0c\xe6\x23\xea\xf5\xb7\xff\x79\x36\xe2\x52\x44"
"\x7c\xf2\x4c\xc4\xe6\xd6\xda\x4a\xbd\xf8\xc2\x01\xfb\x71\xf9\xdc\x9d"
"\x5b\x9f\xfd\xf0\x7b\xff\xf8\xfd\x9f\x36\x4e\xfe\xec\xed\x9f\x7e\xd4"
"\x6e\xff\xf1\xe7\x2f\x7e\xfc\x87\xbb\x11\x27\x7e\xf4\xfa\xc7\x9f\xdd"
"\x7d\x32\xdb\x0e\x00\x00\x00\xa5\xa8\xaa\xaa\xea\xa5\xb7\xf9\xa7\xd2"
"\xfb\xfb\x7e\xd7\x9d\x02\x00\xa6\x22\x1f\xff\xab\x24\x2f\x57\xab\xd5"
"\x6a\xf5\x13\xad\xff\xd8\x9f\xad\xfe\xa8\x0b\xad\x9b\xaa\xf1\xee\x36"
"\x8b\x88\x58\x6f\xae\x53\xbf\x66\x70\x3a\x1e\x00\x8e\x98\xf5\xf8\xb4"
"\xeb\x2e\xd0\x21\xf9\x17\x6d\x18\x11\x4f\x75\xdd\x09\x60\xa6\xf5\xba"
"\xee\x00\x87\x62\x73\x6b\x6d\xa5\x97\xf2\xed\x35\x8f\x07\xcb\x3b\xed"
"\xf9\xef\x94\xbb\xf2\x5f\xef\xdd\xbf\xbf\x63\xbf\xe9\x24\xed\x6b\x4c"
"\xa6\xf5\xf3\xb5\x11\x83\x78\x6e\x9f\xfe\x2c\x4e\xa9\x0f\xb3\x24\xe7"
"\xdf\x6f\xe7\x7f\x6d\xa7\x7d\x94\x9e\x77\xd8\xf9\x4f\xcb\x7e\xf9\x8f"
"\x76\x6e\x7d\x2a\x4e\xce\x7f\xd0\xce\xbf\x65\x57\xfe\x7f\x8e\x88\x23"
"\x9b\x7f\x7f\x6c\xfe\xa5\xca\xf9\x0f\x1f\x25\xff\xf5\xc1\x11\xde\xff"
"\xe5\x0f\x00\x00\x00\x00\xc0\xf1\x97\xff\xfe\x7f\xa2\xe3\xf3\xbf\xf3"
"\x8f\xbf\x29\x07\xf2\xb0\xf3\xbf\xcb\x53\xea\x03\x00\x00\x00\x00\x00"
"\x00\x00\x3c\x69\x8f\x3b\xfe\xdf\x7d\xc6\xff\x03\x00\x00\x80\x99\x55"
"\xbf\x57\xaf\xfd\xe5\x99\x07\xcb\xf6\xfb\x2c\xb6\x7a\xf9\x5b\xbd\x88"
"\xa7\x5b\xcf\x07\x0a\xb3\xdc\xf8\x70\x40\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x60\x3a\x86\x11\x4b\xe9\xba\xfe\xb9\x88\x78\x7a\x69\xa9"
"\xaa\xaa\xfa\xd1\xd4\xae\x1f\xd5\xe3\xae\x7f\xd4\x95\xbe\xfd\x50\xb2"
"\xae\x7f\xc9\x03\x00\xc0\x8e\x4f\x9e\x69\xdd\xcb\xdf\x8b\x58\x88\x88"
"\xb7\xd2\x67\xfd\xcd\x2d\x2d\x2d\x55\xd5\xc2\xe2\x52\xb5\x54\x2d\xce"
"\xe7\xd7\xb3\xa3\xf9\x85\x6a\xb1\xf1\xbe\x36\x4f\xeb\x65\xf3\xa3\x03"
"\xbc\x20\x1e\x8e\xaa\xfa\x8b\x2d\x34\xd6\x6b\x9a\xf4\x7e\x79\x52\x7b"
"\xfb\xeb\xd5\xdf\x6b\x54\x0d\x0e\xd0\xb1\xe9\xe8\x30\x70\x00\x88\x88"
"\x9d\xa3\xd1\xa6\x23\xd2\x31\x53\x55\xcf\x46\xd7\xaf\x72\x38\x1a\xec"
"\xff\xc7\x8f\xfd\x9f\x83\xe8\xfa\xe7\x14\x00\x00\x00\x38\x7c\x55\x55"
"\x55\xbd\xf4\x71\xde\xa7\xd2\x39\xff\x7e\xd7\x9d\x02\x00\xa6\x22\x1f"
"\xff\xdb\xe7\x05\xd4\x6a\xb5\x5a\xad\x56\x1f\xbf\xba\xa9\x1a\xef\x6e"
"\xb3\x88\x88\xf5\xe6\x3a\xf5\x6b\x06\xc3\xf1\x03\xc0\x11\xb3\x1e\x9f"
"\x76\xdd\x05\x3a\x24\xff\xa2\x0d\x23\xe2\x64\xd7\x9d\x00\x66\x5a\xaf"
"\xeb\x0e\x70\x28\x36\xb7\xd6\x56\x7a\x29\xdf\x5e\xf3\x78\xb0\xbc\xd3"
"\x9e\xaf\x05\xd9\x95\xff\x7a\x6f\x7b\xbd\xbc\xfe\xb8\xe9\x24\xed\x6b"
"\x4c\xa6\xf5\xf3\xb5\x11\x83\x78\x6e\x9f\xfe\x3c\x3f\xa5\x3e\xcc\x92"
"\x9c\x7f\xbf\x9d\xff\xb5\x9d\xf6\x3c\xc4\xff\x61\xe7\x3f\x2d\xfb\xe5"
"\x5f\x6f\xe7\x89\x0e\xfa\xd3\xb5\x9c\xff\xa0\x9d\x7f\xcb\xf1\xc9\xbf"
"\x3f\x36\xff\x52\xe5\xfc\x87\x8f\x94\xff\x40\xfe\x00\x00\x00\x00\x00"
"\x30\xc3\xf2\xdf\xff\x4f\x38\xff\x9b\x37\x19\x00\x00\x00\x00\x00\x00"
"\x00\x8e\x9c\xcd\xad\xb5\x95\x7c\xdf\x6b\x3e\xff\xff\xc5\x31\xcf\xeb"
"\x35\xe7\xdc\xff\x79\x6c\xe4\xfc\x7b\x07\xce\xdf\xfd\xbf\xc7\x49\xce"
"\xbf\xdf\xce\xbf\x75\x41\xce\xa0\x31\x7f\xef\xcd\x07\xf9\xff\x7b\x6b"
"\x6d\xe5\xa3\x3b\xff\xfa\x42\x9e\xce\x7c\xfe\x73\x83\x51\xfd\xbd\xe7"
"\x7a\xfd\xc1\x30\x5d\xf3\x53\xcd\xbd\x13\x37\xe2\x66\xac\xc6\xb9\x3d"
"\xcf\x1f\xee\x6a\x3f\xbf\xa7\x7d\x6e\x57\xfb\x85\x09\xed\x17\xf7\xb4"
"\x8f\xea\xf6\xc5\xdc\x7e\x26\x56\xe2\x97\x71\x33\xde\xbe\xdf\x3e\x3f"
"\xe1\xc2\xa8\x85\x09\xed\xd5\x84\xf6\x9c\xff\xc0\xfe\x5f\xa4\x9c\xff"
"\xb0\xf1\xa8\xf3\x5f\x4a\xed\xbd\xd6\xb4\x76\xef\xc3\xfe\x9e\xfd\xbe"
"\x39\x1d\xf7\x7d\xae\xfe\xed\x3f\x2f\xed\xdd\xbb\xa6\x6f\x23\x06\xf7"
"\xb7\xad\xa9\xde\xbe\xd3\x1d\xf4\x67\xfb\xff\xe4\xa9\x51\xfc\xfa\xf6"
"\xea\xad\x33\xbf\xbd\x7e\xe7\xce\xad\xf3\x91\x26\xbb\x96\x5e\x88\x34"
"\x79\xc2\x72\xfe\x73\xe9\x91\xf3\x7f\xf9\xc5\x9d\xf6\xfc\x7b\xbf\xb9"
"\xbf\xde\xfb\x70\xf4\xc8\xf9\xcf\x8a\x8d\x18\xee\x9b\xff\x8b\x8d\xf9"
"\x7a\x7b\x5f\x99\x72\xdf\xba\x90\xf3\x1f\xa5\x47\xce\x3f\x1f\x81\xc6"
"\xef\xff\x47\x39\xff\xfd\xf7\xff\x57\x3b\xe8\x0f\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x3c\x4c\x55\x55\xdb\xb7\x88\x5e\x8d\x88"
"\x2b\xe9\xfe\x9f\xae\xee\xcd\x04\x00\xa6\x2b\x1f\xff\xab\x24\x2f\x57"
"\xab\xd5\x6a\xb5\x5a\x7d\xfc\xea\xa6\x6a\xbc\x37\x9a\x45\x44\xfc\xbd"
"\xb9\x4e\xfd\x9a\xe1\x77\xe3\xbe\x18\x00\x30\xcb\xfe\x1b\x11\xff\xec"
"\xba\x13\x74\x46\xfe\x05\xcb\x9f\xf7\x57\x4f\xbf\xd4\x75\x67\x80\xa9"
"\xba\xfd\xfe\x07\x3f\xbf\x7e\xf3\xe6\xea\xad\xdb\x5d\xf7\x04\x00\x00"
"\x00\x00\x00\x00\x00\xf8\x7f\xe5\xf1\x3f\x97\x1b\xe3\x3f\x6f\x5f\x07"
"\xd4\x1a\x37\x7a\xd7\xf8\xaf\x6f\xc6\xf2\x8c\x8f\xff\xb9\xb8\x5f\xc3"
"\x46\x7f\x34\xd8\x1e\xeb\x3c\x6d\xd0\x0b\xf1\xf0\xf1\xbf\x4f\xc7\xc3"
"\xc7\xff\x1e\x4e\xe8\xc8\xdc\x84\xf6\xd1\x84\xf6\xf9\x09\xed\x0b\x13"
"\xda\xc7\xde\xe8\xd1\x90\xf3\x7f\x21\x65\x9c\xf3\x3f\x95\x36\xac\xa4"
"\xf1\x5f\x5f\xee\xa0\x3f\x5d\xcb\xf9\x9f\x4e\x63\x3d\xe7\xfc\xbf\xd2"
"\x7a\x5e\x33\xff\xea\xaf\x47\x39\xff\xfe\xae\xfc\xcf\xde\x79\xef\x57"
"\x67\x6f\xbf\xff\xc1\x6b\x37\xde\xbb\xfe\xee\xea\xbb\xab\xbf\x38\x7f"
"\xee\xca\xa5\x8b\x97\x2f\x5d\xbc\x7c\xf9\xec\x3b\x37\x6e\xae\x9e\xdb"
"\xf9\xb7\xc3\x1e\x1f\xae\x9c\x7f\x1e\xfb\xda\x75\xa0\x65\xc9\xf9\xe7"
"\xcc\xe5\x5f\x96\x9c\xff\x97\x53\x2d\xff\xb2\xe4\xfc\x5f\x4a\xb5\xfc"
"\xcb\x92\xf3\xcf\xaf\xf7\xe4\x5f\x96\x9c\x7f\x7e\xef\x23\xff\xb2\xe4"
"\xfc\x5f\x49\xb5\xfc\xcb\x92\xf3\xff\x6a\xaa\xe5\x5f\x96\x9c\xff\xab"
"\xa9\x96\x7f\x59\x72\xfe\x5f\x4b\xb5\xfc\xcb\x92\xf3\x7f\x2d\xd5\xf2"
"\x2f\x4b\xce\xff\x4c\xaa\xe5\x5f\x96\x9c\xff\xd9\x54\xcb\xbf\x2c\x39"
"\xff\x7c\x86\x4b\xfe\x65\xc9\xf9\xe7\x2b\x1b\xe4\x5f\x96\x9c\xff\x85"
"\x54\xcb\xbf\x2c\x39\xff\x8b\xa9\x96\x7f\x59\x72\xfe\x97\x52\x2d\xff"
"\xb2\xe4\xfc\x2f\xa7\x5a\xfe\x65\xc9\xf9\x5f\x49\xb5\xfc\xcb\x92\xf3"
"\xff\x7a\xaa\xe5\x5f\x96\x9c\xff\x37\x52\x2d\xff\xb2\xe4\xfc\x5f\x4f"
"\xb5\xfc\xcb\x92\xf3\xff\x66\xaa\xe5\x5f\x96\x9c\xff\xb7\x52\x2d\xff"
"\xb2\xe4\xfc\xbf\x9d\x6a\xf9\x97\x25\xe7\xff\x9d\x54\xcb\xbf\x2c\x39"
"\xff\xef\xa6\x5a\xfe\x65\xc9\xf9\xbf\x91\x6a\xf9\x97\xe5\xc1\xe7\xff"
"\x9b\x31\x63\xc6\x4c\x9e\xe9\xfa\x37\x13\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\xd0\x36\x8d\xcb\x89\xbb\xde\x46\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\xf8\x1f\x3b\x70\x20\x00\x00\x00\x00\x00\xe4\xff\xda\x08\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55"
"\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\xd8\x81\x03"
"\x01\x00\x00\x00\x00\x20\xff\xd7\x46\xa8\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xc2\xde\xdd\xc5\xc8\x55\xde\xf7\x03"
"\x3f\xfb\x66\xaf\x0d\x09\xfe\x87\x77\xe2\x80\x6d\xde\x0c\x2c\xec\xae"
"\xdf\xc0\x21\x06\x93\x84\xfc\x29\xe9\x0b\x25\x21\x6d\x5a\x52\xe3\xd8"
"\x6b\xe3\xc4\x6f\xf5\xee\x12\x40\xa8\xde\x14\xda\x12\x05\xa9\x48\xed"
"\x05\xbd\x68\x9a\x44\x69\x14\xa9\xad\x40\x55\xa4\xa6\x12\x8d\x90\x1a"
"\xa9\xbd\x6b\xae\x1a\x71\x13\xb5\x52\x2e\x7c\x01\x95\x83\x92\x56\xa9"
"\x02\x5b\x9d\x39\xcf\xf3\xec\xcc\xec\xec\xcc\x7a\xed\xf1\xce\x9c\xf3"
"\xf9\x20\xfc\xf3\xce\x9c\x99\x79\xe6\xcc\x99\xd9\xfd\xae\xf5\x9d\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x80\x7a\x9b\x3f\x36\xf5\x27\x03\x59\x96\xe5\xff"
"\xd7\xfe\xd8\x90\x65\x97\xe6\x7f\x5f\x97\xed\xcd\xbf\x9c\xdb\xb5\xda"
"\x2b\x04\x00\x00\x00\xce\xd7\xbb\xb5\x3f\xff\xf6\xb2\x74\xc2\xde\x65"
"\x5c\xa8\x6e\x9b\x7f\xb9\xfe\xdf\xbe\x3b\x3f\x3f\x3f\x9f\x7d\xfe\x9d"
"\x33\xef\xfd\xd9\xfc\x7c\x3a\x63\x53\x96\x0d\xad\xcd\xb2\xda\x79\xd1"
"\xbf\xfe\xe2\xe7\xf3\xf5\xdb\x04\xcf\x67\xa3\x03\x83\x75\x5f\x0f\x76"
"\xb8\xf9\xa1\x0e\xe7\x0f\x77\x38\x7f\xa4\xc3\xf9\x6b\x3a\x9c\xbf\xb6"
"\xc3\xf9\xa3\x1d\xce\x5f\xb4\x03\x16\x59\x57\xfc\x3e\xa6\x76\x65\x37"
"\xd5\xfe\xba\xa1\xd8\xa5\xd9\x15\xd9\x48\xed\xbc\x9b\x5a\x5c\xea\xf9"
"\x81\xb5\x83\x83\xf1\x77\x39\x35\x03\xb5\xcb\xcc\x8f\x1c\xca\x8e\x64"
"\x47\xb3\xa9\x6c\x62\xd1\x65\x06\x6a\xff\x65\xd9\xeb\x9b\xf3\xdb\x7a"
"\x28\x8b\xb7\x35\x58\x77\x5b\x1b\xb3\x2c\x3b\xfb\xd3\xe7\x0e\xc4\x35"
"\x0c\x84\x7d\x7c\x53\xd6\x70\x63\x35\xf5\x8f\xdd\xdb\x0f\x64\x9b\xde"
"\xf9\xe9\x73\x07\xbe\x3d\xf3\xd6\xb5\xad\x66\xc7\xdd\xb0\x68\xa5\x59"
"\xb6\x75\x4b\xbe\xce\x17\xb2\x6c\xe1\xd7\x55\xd9\x40\xb6\x36\xed\x93"
"\xb8\xce\xc1\xba\x75\x6e\x6c\xb1\xce\xa1\x86\x75\x0e\xd4\x2e\x97\xff"
"\xbd\x79\x9d\x67\x97\xb9\xce\x78\xbf\x47\xc3\x3a\x7f\xd8\x66\x9d\x1b"
"\xc3\x69\x4f\xdf\x98\x65\xd9\x5c\xb6\xe4\x36\xcd\x9e\xcf\x06\xb3\xf5"
"\x4d\xb7\x9a\xf6\xf7\x68\x71\x44\xe4\xd7\x91\x3f\x94\x1f\xc8\x86\xcf"
"\xe9\x38\xd9\xbc\x8c\xe3\x24\xbf\xcc\x4f\x6e\x6c\x3c\x4e\x9a\x8f\xc9"
"\xb8\xff\x37\x87\x7d\x32\xbc\xc4\x1a\xea\x1f\x8e\xb7\xbf\xbc\x66\xd1"
"\x7e\x5f\xe9\x71\x92\xdf\xeb\x5e\x38\x56\xf3\xeb\x7e\x24\xbf\xd1\xd1"
"\xd1\xfa\x5f\xad\x36\x1c\xab\xf9\x36\xcf\xdd\xbc\xf4\x31\xd0\xf2\xb1"
"\x6b\x71\x0c\xa4\x63\xb9\xee\x18\xd8\xd2\xe9\x18\x18\x5c\x33\x54\x3b"
"\x06\x06\x17\xd6\xbc\xa5\xe1\x18\x98\x5c\x74\x99\xc1\x6c\xa0\x76\x5b"
"\x67\x6e\x6e\x7f\x0c\x8c\xcf\x1c\x3b\x39\x3e\xfd\xcc\xb3\x77\x1e\x39"
"\xb6\xff\xf0\xd4\xe1\xa9\xe3\x93\x13\xbb\x76\x6c\xdf\xb9\x63\xfb\xce"
"\x9d\xe3\x87\x8e\x1c\x9d\x9a\x28\xfe\x3c\xb7\x5d\xda\x47\xd6\x67\x83"
"\xe9\x18\xdc\x12\x5e\x6b\xe2\x31\x78\x6b\xd3\xb6\xf5\x87\xe4\xfc\x37"
"\x2e\xdc\xf3\x60\xb4\x47\x9e\x07\xf9\x7d\xff\xf4\x2d\xf9\x82\x2e\x1d"
"\xcc\x96\x38\xc6\xf3\x6d\x5e\xd8\x7a\xfe\xcf\x83\xf4\x7d\xbf\xee\x79"
"\x30\x5c\xf7\x3c\x68\xf9\x9a\xda\xe2\x79\x30\xbc\x8c\xe7\x41\xbe\xcd"
"\xd9\xad\xcb\xfb\x9e\x39\x5c\xf7\x7f\xab\x35\x74\xeb\xb5\x70\x43\xdd"
"\x31\xb0\x9a\xdf\x0f\xf3\xdb\x7c\xfc\xb6\xa5\x5f\x0b\x37\x86\x75\xbd"
"\x78\xfb\xb9\x7e\x3f\x1c\x5a\x74\x0c\xc4\xbb\x35\x10\x9e\x7b\xf9\x29"
"\xe9\xe7\xbd\xd1\x7b\xc2\x7e\x59\x7c\x5c\x5c\x97\x9f\x71\xc9\x9a\x6c"
"\x76\x7a\xea\xd4\x5d\x4f\xef\x9f\x99\x39\x35\x99\x85\x71\x51\x5c\x5e"
"\xf7\x58\x35\x1f\x2f\xeb\xeb\xee\x53\xb6\xe8\x78\x19\x3c\xe7\xe3\x65"
"\xef\xdf\xfc\xf2\x96\xeb\x5a\x9c\xbe\x21\xec\xab\xd1\x3b\xda\x3f\x56"
"\xf9\x36\x3b\xc6\xda\x3f\x56\xb5\x57\xf7\xd6\xfb\xb3\xe1\xd4\x6d\x59"
"\x18\x17\xd8\xc5\xde\x9f\xad\xbe\x9b\xe5\xfb\x33\x65\x89\x36\xfb\x33"
"\xdf\xe6\x85\x3b\xcf\xff\x67\xc1\x94\x4b\xea\x5e\xff\x46\x3a\xbd\xfe"
"\x0d\x8d\x0c\x17\xaf\x7f\x43\x69\x6f\x8c\x34\xbc\xfe\x2d\x7e\x68\x86"
"\x6a\x2b\xcb\xb2\xb3\x77\x2e\xef\xf5\x6f\x24\xfc\x7f\xb1\x5f\xff\xae"
"\xe8\x91\xd7\xbf\x7c\x5f\x3d\x7e\x57\xfb\x63\x20\xdf\xe6\xc5\xf1\x73"
"\x3d\x06\x86\xdb\xbe\xfe\xdd\x18\xe6\x40\x58\xcf\x6d\x21\x31\x8c\xd6"
"\xe5\xfe\xf7\x6a\xe7\xcf\x15\x87\x69\xdd\x63\xd9\xf1\xb8\x19\x1e\x1e"
"\x09\xc7\xcd\x70\xbc\xc5\xc6\xe3\x66\xfb\xa2\xcb\xe4\xd7\x96\xdf\xf6"
"\xd6\x89\x95\x1d\x37\x5b\x6f\x6c\x7c\xac\x1a\x7e\x6e\x29\xe1\x71\x93"
"\xef\xab\x3f\x9f\x68\x7f\xdc\xe4\xdb\xbc\x31\x79\xfe\xaf\x1d\xeb\xe2"
"\x5f\xeb\x5e\x3b\xd6\x74\x3a\x06\x46\x86\xd6\xe4\xeb\x1d\x49\x07\x41"
"\xf1\x7a\x37\xbf\x2e\x1e\x03\x77\x65\x07\xb2\x13\xd9\xd1\xec\x60\xba"
"\x4c\xfe\x28\xe7\xb7\x35\xb6\x6d\x79\xc7\xc0\x9a\xf0\xff\xc5\x7e\xed"
"\xb8\xa6\x47\x8e\x81\x7c\x5f\xbd\xb2\xad\xfd\x31\x90\x6f\xf3\x83\xed"
"\x17\xf6\x67\xa7\xad\xe1\x94\xb4\x4d\xdd\xcf\x4e\xcd\xbf\x5f\x58\x2a"
"\xf3\x5f\x37\xbc\x70\x7d\xcd\xbb\xed\x42\x67\xfe\x7c\x9d\x1f\xdf\xd1"
"\xfe\x77\x43\xf9\x36\x6f\xed\x38\xd7\x9c\xd1\x7e\x3f\xdd\x11\x4e\xb9"
"\xa4\xc5\x7e\x6a\x7e\xfe\x2c\x75\x4c\x1f\xcc\x2e\xce\x7e\xba\x26\xac"
"\xf3\xe8\xce\xf6\xbf\x9b\xca\xb7\xb9\x62\xd7\x32\x8f\xa7\xbd\x59\x96"
"\xbd\x39\xf9\x66\xed\xf7\x5d\xe1\xf7\xbb\x7f\x3f\xfb\xef\xdf\x6d\xf8"
"\xbd\x6f\xab\xdf\x29\xbf\x39\xf9\xe6\xc3\xe3\x8f\xfe\xe8\x5c\xd6\x0f"
"\x00\xc0\xca\xbd\x57\xfb\x73\x6e\x4d\xf1\xb3\x66\xdd\xbf\x58\x2f\xe7"
"\xdf\xff\x01\x00\x00\x80\xbe\x10\x73\xff\x60\x98\x89\xfc\x0f\x00\x00"
"\x00\xa5\x11\x73\xff\x50\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73\xff"
"\x70\x98\x49\x45\xf2\xff\x93\xf7\xec\x7e\xf5\xdd\xd3\x59\x7a\x37\xc0"
"\xf9\x20\x9e\x1f\x77\xc3\x23\xf7\x15\xdb\xc5\x8e\xf7\x5c\xf8\x7a\xd3"
"\xfc\x82\xfc\xf4\x8f\x7e\x6b\xe4\xd5\xaf\x9c\x5e\xde\x6d\x0f\x66\x59"
"\xf6\xcb\x87\x3f\xd8\x72\xfb\x27\xef\x8b\xeb\x2a\x9c\x8c\xeb\xfc\x70"
"\xe3\xe9\x8b\x5c\x73\xc3\xb2\x6e\xff\x89\xc7\x16\xb6\xab\x7f\xff\x84"
"\xb3\xbb\x8b\xeb\x8f\xf7\x67\xb9\x87\x41\xec\x2a\xbf\x3e\xbe\xad\x76"
"\xbd\x9b\x9e\x99\xac\xcd\x37\x1e\xce\x6a\xf3\xd1\xb9\x17\x9f\x2f\xae"
"\xbf\xf8\x3a\x6e\x7f\x66\x7b\xb1\xfd\x5f\x86\x37\x2d\xd9\x7b\x68\xa0"
"\xe1\xf2\x5b\xc3\x7a\x6e\x0a\x73\x53\x78\x4f\x99\x47\xf6\x2e\xec\x87"
"\x7c\xc6\xcb\xbd\xba\xf1\xfa\x7f\xbe\xfc\x33\x0b\xb7\x17\x2f\x37\xb0"
"\xe5\xfd\xb5\xbb\xf9\xca\x1f\x14\xd7\x1b\xdf\x23\xea\xe5\xcb\x8b\xed"
"\xe3\xfd\x5e\x6a\xfd\xff\xf4\xd5\xef\xbc\x9a\x6f\xff\xf4\xcd\xad\xd7"
"\x7f\x7a\xb0\xf5\xfa\xcf\x84\xeb\xfd\x49\x98\xbf\xd8\x53\x6c\x5f\xbf"
"\xcf\xbf\x52\xb7\xfe\x3f\x0a\xeb\x8f\xb7\x17\x2f\x77\xd7\x37\xbf\xdf"
"\x72\xfd\xaf\x5d\x5d\x6c\xff\x5a\x38\x2e\xbe\x1e\x66\xf3\xfa\x1f\xf8"
"\xd3\x0f\xbd\xdb\xea\xf1\x8a\xb7\xb3\xf7\xde\xe2\x72\xf1\xf6\x27\xfe"
"\x7b\x47\xed\x72\xf1\xfa\xe2\xf5\x37\xaf\x7f\xf4\xf4\x64\xc3\xfe\x68"
"\xbe\xfe\x37\xde\x29\xae\x67\xcf\x53\x3f\x1b\xaa\xdf\x3e\x9e\x1e\x6f"
"\x27\x7a\xe2\xde\xc6\xe3\x7b\x20\x3c\xbe\x0d\x3d\xf2\x2c\xcb\xbe\xf3"
"\xc7\x59\xc3\x7e\xce\x3e\x52\x5c\xee\x1f\x9b\xd6\x1f\xaf\xef\xe4\xbd"
"\xad\xd7\x7f\x47\xd3\x3a\x4f\x0e\xdc\x50\xbb\xfc\xc2\xfd\xd9\xd0\x70"
"\xbf\xbe\xf6\xd7\xdb\x5a\xde\xdf\xb8\x9e\xbd\x7f\xb7\xa1\xe1\xfe\xbc"
"\xfc\x60\xd8\x7f\xef\x8c\xff\x20\xbf\xde\x33\x8f\x86\xe3\x31\x9c\xff"
"\xbf\x3f\x2c\xae\xaf\xf9\xbd\x4c\x5f\x7b\xb0\xf1\xf5\x26\x6e\xff\xf5"
"\x0d\xc5\xf3\x36\x5e\xdf\x78\xd3\xfa\x5f\x6e\x5a\xff\xdc\x0d\xf9\xbe"
"\xeb\xbc\xfe\x87\xde\x29\xd6\xff\xda\xfd\x6b\x1b\xd6\xbf\xf7\x13\xe1"
"\x78\x7a\xa8\x98\x9d\xd6\x7f\xf8\xaf\x2e\x6b\xb8\xfc\x37\xbe\x5d\x3c"
"\x1e\xa7\xbe\x34\x76\xfc\xc4\xf4\xec\x91\x83\x75\x7b\xb5\xfe\x79\xbc"
"\x76\x74\xdd\xfa\x4b\x2e\x7d\xdf\xfb\x2f\x0b\xaf\xa5\xcd\x5f\xef\x3b"
"\x31\xf3\xe4\xd4\xa9\x4d\x13\x9b\x26\xb2\x6c\x53\x1f\xbe\x65\x60\xb7"
"\xd7\xff\xcd\x30\xff\xab\x18\x73\x17\xfe\x16\x0a\x3f\xfa\x59\x71\xdc"
"\xbd\xf4\xc9\xe2\xfb\xd6\xad\x3f\x2f\xbe\x7e\x39\x9c\xfe\x44\x78\x3c"
"\xe3\xf7\xc7\xaf\xfd\xc5\x48\xc3\xf1\xda\xfc\xb8\xcf\xdd\x5f\xcc\xf3"
"\x5d\xff\xed\x61\x1d\xcb\x75\xf5\x57\xff\xf3\x86\x65\x6d\x78\xe6\x73"
"\xaf\xcf\xfe\xc3\x1f\xbe\xd5\xfc\x73\x41\xbc\x3f\x27\xaf\x1c\xad\xdd"
"\xbf\x57\x36\x5f\x55\x3b\x6f\xe0\x8d\xe2\xfc\xe6\xd7\xab\x4e\xfe\xe3"
"\xca\xc6\xe7\xf5\x8f\x87\x27\x6a\xf3\x7b\x61\xbf\xce\x87\x77\x66\xde"
"\x72\x55\x71\x7b\xcd\xd7\x1f\xdf\x9b\xe4\xa5\x4f\x15\xcf\xdf\xf8\x93"
"\x5c\xbc\x7c\xd6\xf4\x7e\x22\x1b\x86\x1a\xef\xc7\xf9\xae\xff\xc7\xe1"
"\xe7\x98\xef\x5f\xd3\xf8\xfa\x17\x8f\x8f\xef\x9d\x6e\x7a\x37\xe7\x0d"
"\xd9\x40\xbe\x84\xb9\xf0\xfa\x90\xcd\x15\xe7\xc7\xad\xe2\xfe\x7e\xe9"
"\xec\x55\x2d\x6f\x2f\xbe\x0f\x4f\x36\x77\xed\xb9\x2c\x73\x49\xd3\xcf"
"\x4c\x8f\x1f\x3d\x72\x7c\xf6\xe9\xf1\x99\xa9\xe9\x99\xf1\xe9\x67\x9e"
"\xdd\x77\xec\xc4\xec\xf1\x99\x7d\xb5\xf7\x2e\xdd\xf7\x85\x4e\x97\x5f"
"\x78\x7e\xaf\xaf\x3d\xbf\x0f\x4e\xed\xda\x91\xd5\x9e\xed\x27\x8a\xd1"
"\x65\xab\xbd\xfe\x93\x8f\x1d\x38\x78\xf7\xc4\x2d\x07\xa7\x0e\xed\x9f"
"\x3d\x34\xf3\xd8\xc9\xa9\x53\x87\x0f\x4c\x4f\x1f\x98\x3a\x38\x7d\xcb"
"\xfe\x43\x87\xa6\xbe\xd4\xe9\xf2\x47\x0e\xee\x99\xdc\xb6\x7b\xfb\xdd"
"\xdb\xc6\x0e\x1f\x39\xb8\xe7\x9e\xdd\xbb\xb7\xef\x1e\x3b\x72\xfc\x44"
"\xbe\x8c\x62\x51\x1d\xec\x9a\xf8\xe2\xd8\xf1\x53\xfb\x6a\x17\x99\xde"
"\xb3\x63\xf7\xe4\xce\x9d\x3b\x26\xc6\x8e\x9d\x38\x38\xb5\xe7\xee\x89"
"\x89\xb1\xd9\x4e\x97\xaf\x7d\x6f\x1a\xcb\x2f\xfd\xd4\xd8\xa9\xa9\xa3"
"\xfb\x67\x8e\x1c\x9b\x1a\x9b\x3e\xf2\xec\xd4\x9e\xc9\xdd\xbb\x76\x6d"
"\xeb\xf8\xee\x8f\xc7\x4e\x1e\x9a\xde\x34\x7e\x6a\xf6\xf8\xf8\xec\xf4"
"\xd4\xa9\xf1\xe2\xbe\x6c\x9a\xa9\x9d\x9c\x7f\xef\xeb\x74\x79\xaa\x61"
"\xfa\x44\x78\xbd\x6b\x32\x10\x7e\x3a\xff\xec\x1d\xbb\xd2\xfb\xe3\xe6"
"\xbe\xf5\xe5\x25\xaf\xaa\xd8\xa4\xf1\xc7\xd3\xec\xed\xf0\x5e\x50\xf1"
"\xfb\x5b\xa7\xaf\x63\xee\x1f\x09\x33\xa9\x48\xfe\x07\x00\x00\x80\x2a"
"\x88\xb9\x3f\xbc\xf1\xff\xc2\x19\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd"
"\x6b\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x47\xc3\x4c\x2a\x92"
"\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xbb\x49\xff\x5f"
"\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e\x5e\xbf\xfe\xbf\xfe\x3f\x9d\xf5\x5a"
"\xff\x3f\xe6\xfe\x75\x59\x56\xc9\xfc\x0f\x00\x00\x00\x55\x10\x73\xff"
"\xfa\x30\x13\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe\x4b\xc2\x4c\xe4\x7f"
"\x00\x00\x00\x28\x8d\x98\xfb\x2f\x0d\x33\xa9\x46\xfe\x1f\x59\xb8\xc7"
"\xfa\xff\x99\xfe\xbf\xfe\xff\xa2\xfe\x7f\xdc\x56\xff\x3f\xd3\xff\xd7"
"\xff\x5f\x21\xfd\x7f\xfd\xff\x76\xf4\xff\xf5\xff\xfb\x79\xfd\x3d\xd8"
"\xff\x5f\xa7\xff\x4f\xaf\xe9\xb5\xfe\x7f\xcc\xfd\xef\x0b\x33\xa9\x46"
"\xfe\x07\x00\x00\x80\x4a\x88\xb9\xff\xfd\x61\x26\xf2\x3f\x00\x00\x00"
"\x94\x46\xcc\xfd\x97\x85\x99\xc8\xff\x00\x00\x00\x50\x1a\x31\xf7\x6f"
"\x08\x33\xa9\x48\xfe\xf7\xf9\xff\xfa\xff\xfa\xff\x3e\xff\x5f\xff\x5f"
"\xff\xbf\x9b\xf4\xff\xf5\xff\xdb\xd1\xff\xd7\xff\xef\xe7\xf5\xf7\x60"
"\xff\xdf\xe7\xff\xd3\x73\x7a\xad\xff\x1f\x73\xff\xff\x0b\x33\xa9\x48"
"\xfe\x07\x00\x00\x80\x2a\x88\xb9\xff\x03\x61\x26\xf2\x3f\x00\x00\x00"
"\x94\x46\xcc\xfd\x97\x87\x99\xc8\xff\x00\x00\x00\x50\x1a\x31\xf7\x5f"
"\x11\x66\x52\x91\xfc\xaf\xff\xaf\xff\xaf\xff\xaf\xff\xaf\xff\xaf\xff"
"\xdf\x4d\xfa\xff\xfa\xff\xed\xe8\xff\xeb\xff\xf7\xf3\xfa\x2f\x74\xff"
"\x3f\x1e\xab\xfa\xff\x94\x49\xaf\xf5\xff\x63\xee\xbf\x32\xcc\xa4\x22"
"\xf9\x1f\x00\x00\x00\xaa\x20\xe6\xfe\xab\xc2\x4c\xe4\x7f\x00\x00\x00"
"\x28\x8d\x98\xfb\xaf\x0e\x33\x91\xff\x01\x00\x00\xa0\x34\x62\xee\xbf"
"\x26\xcc\xa4\x22\xf9\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff"
"\xbf\x9b\xf4\xff\xf5\xff\xdb\xd1\xff\xd7\xff\xef\xe7\xf5\xfb\xfc\x7f"
"\xfd\x7f\x3a\xeb\xb5\xfe\x7f\xcc\xfd\xd7\x86\x99\x54\x24\xff\x03\x00"
"\x00\x40\x15\xc4\xdc\x7f\x5d\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73"
"\xff\x07\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x37\x86\x99\x54"
"\x24\xff\xeb\xff\xeb\xff\xeb\xff\xeb\xff\xeb\xff\xeb\xff\x77\x53\x7f"
"\xf5\xff\x07\x97\x3c\x47\xff\xbf\xa0\xff\xdf\x48\xff\x5f\xff\x5f\xff"
"\x5f\xff\x9f\xf6\x7a\xad\xff\x1f\x73\xff\x87\xc2\x4c\x2a\x92\xff\x01"
"\x00\x00\xa0\x0a\x62\xee\xbf\x3e\xcc\x44\xfe\x07\x00\x00\x80\xd2\x88"
"\xb9\xff\x86\x30\x13\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe\x4d\x61\x26"
"\x15\xc9\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xdd\xd4"
"\x5f\xfd\xff\xa5\xe9\xff\x17\xf4\xff\x1b\xe9\xff\xeb\xff\xeb\xff\xeb"
"\xff\xd3\x5e\xaf\xf5\xff\x63\xee\xdf\x1c\x66\x52\x91\xfc\x0f\x00\x00"
"\x00\x55\x10\x73\xff\x96\x30\x13\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe"
"\x1b\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x6f\x0a\x33\xa9\x48"
"\xfe\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xef\x26\xfd\xff"
"\x32\xf6\xff\xff\x67\x5e\xff\xbf\xa0\xff\xaf\xff\xaf\xff\xdf\xb9\xff"
"\xbf\xa6\xd3\x15\x51\x6a\xbd\xd6\xff\x8f\xb9\xff\xe6\x30\x93\x8a\xe4"
"\x7f\x00\x00\x00\xa8\x82\x98\xfb\x6f\x09\x33\x91\xff\x01\x00\x00\xa0"
"\x34\x62\xee\xbf\x35\xcc\x44\xfe\x07\x00\x00\x80\xd2\x88\xb9\x7f\x6b"
"\x98\x49\x45\xf2\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\x7f"
"\x37\xe9\xff\x97\xb1\xff\xef\xf3\xff\x23\xfd\x7f\xfd\x7f\xfd\x7f\x9f"
"\xff\x4f\x7b\xbd\xd6\xff\x8f\xb9\xff\xb6\x30\x93\x8a\xe4\x7f\x00\x00"
"\x00\xa8\x82\x98\xfb\x6f\x0f\x33\x91\xff\x01\x00\x00\xa0\x34\x62\xee"
"\xbf\x23\xcc\x44\xfe\x07\x00\x00\x80\xd2\x88\xb9\x7f\x2c\xcc\xa4\x22"
"\xf9\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\xbf\x9b\xca\xda"
"\xff\x4f\xaf\xa3\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\xfa\xff\x2c"
"\xa9\xd7\xfa\xff\x31\xf7\xdf\x19\x66\x52\x91\xfc\x0f\x00\x00\x00\x55"
"\x10\x73\xff\x5d\x61\x26\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd\xe3\x61"
"\x26\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd\x13\x61\x26\xcd\xf9\x7f\xf4"
"\x62\xae\xea\xe2\xd1\xff\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xef"
"\xa6\xb2\xf6\xff\x57\xfb\xf3\xff\xd7\x85\xa9\xff\x5f\xd0\xff\x5f\x99"
"\xd5\xee\xcf\xf7\xfb\xfa\xf5\xff\xf5\xff\xe9\xac\xd7\xfa\xff\x31\xf7"
"\x4f\x86\x99\xf8\xf7\x7f\x00\x00\x00\x28\x8d\x98\xfb\xb7\x85\x99\xc8"
"\xff\x00\x00\x00\x50\x1a\x31\xf7\x6f\x0f\x33\x91\xff\x01\x00\x00\xa0"
"\x34\x62\xee\xdf\x11\x66\x52\x91\xfc\xaf\xff\xaf\xff\xaf\xff\xaf\xff"
"\xaf\xff\xaf\xff\xdf\x4d\xfa\xff\x3e\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e"
"\x5e\xbf\xfe\xbf\xfe\x3f\x8d\x06\x5b\x9c\xd6\x6b\xfd\xff\x98\xfb\x77"
"\x86\x99\x54\x24\xff\x03\x00\x00\x40\x15\xc4\xdc\xbf\x2b\xcc\x44\xfe"
"\x07\x00\x00\x80\xd2\x88\xb9\xff\xee\x30\x13\xf9\x1f\x00\x00\x00\x4a"
"\x23\xe6\xfe\x7b\xc2\x4c\x2a\x92\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff"
"\xf5\xff\xf5\xff\xbb\x49\xff\x5f\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e\x5e"
"\xbf\xfe\xbf\xfe\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\xdd\x61\x26\x15\xc9"
"\xff\x00\x00\x00\x50\x05\x31\xf7\x7f\x38\xcc\x44\xfe\x07\x00\x00\x80"
"\xd2\x88\xb9\xff\xde\x30\x13\xf9\x1f\x00\x00\x00\xfa\x4a\xab\xcf\x21"
"\x8c\x62\xee\xff\x48\x98\x49\x45\xf2\xbf\xfe\x7f\xd9\xfb\xff\xf3\x6b"
"\xf5\xff\xf5\xff\xf5\xff\xdb\xaf\xbf\x67\xfa\xff\xe1\x25\x58\xff\xff"
"\xdc\xe8\xff\xeb\xff\x67\xfa\xff\x2b\xb6\xda\xfd\xf9\x7e\x5f\xbf\xfe"
"\xbf\xfe\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\x3d\x61\x26\x15\xc9\xff\x00"
"\x00\x00\x50\x05\x31\xf7\xdf\x17\x66\x22\xff\x03\x00\x00\x40\x69\xc4"
"\xdc\x7f\x7f\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73\xff\xde\x30\x93"
"\x8a\xe4\x7f\xfd\xff\xb2\xf7\xff\x7d\xfe\xbf\xfe\x7f\x9f\xf6\xff\x47"
"\x2b\xd8\xff\xf7\xf9\xff\x2b\xa2\xff\xaf\xff\x9f\xe9\xff\xaf\xd8\x4a"
"\xfb\xf3\xe1\xc7\x16\xfd\xff\x1e\xea\xff\xe7\xc7\x90\xfe\x3f\xbd\xa8"
"\xd7\xfa\xff\x31\xf7\x3f\x10\x66\x52\x91\xfc\x0f\x00\x00\x00\x55\x10"
"\x73\xff\x47\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x3f\x16\x66"
"\x22\xff\x03\x00\x00\x40\x69\xc4\xdc\xff\xf1\x30\x93\x8a\xe4\x7f\xfd"
"\x7f\xfd\x7f\xfd\x7f\xfd\xff\x9e\xec\xff\x57\xf1\xf3\xff\xf5\xff\x57"
"\x44\xff\x5f\xff\x3f\xd3\xff\x5f\xb1\xd5\xee\xcf\xf7\xfb\xfa\x7b\xa9"
"\xff\xef\xf3\xff\xe9\x55\xbd\xd6\xff\x8f\xb9\xff\xc1\x30\x93\x8a\xe4"
"\x7f\x00\x00\x00\xa8\x82\x98\xfb\x3f\x11\x66\x22\xff\x03\x00\x00\x40"
"\x69\xc4\xdc\xff\xff\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x1f"
"\x0a\x33\xa9\x48\xfe\xd7\xff\xd7\xff\xd7\xff\xd7\xff\xaf\x70\xff\x7f"
"\x5d\xb6\xaa\xfd\xff\xe2\x9a\xf4\xff\xcf\x4f\xdf\xf7\xff\x4f\x9f\xdf"
"\xfa\xf5\xff\x0b\xfa\xff\x2b\xb3\xda\xfd\xf9\x7e\x5f\xbf\xfe\xbf\xfe"
"\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\x5f\x09\x33\xa9\x48\xfe\x07\x00\x00"
"\x80\x2a\x88\xb9\xff\xe1\x30\x13\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe"
"\x4f\x86\x99\xc8\xff\x00\x00\x00\x50\x1a\x31\xf7\xff\x6a\x98\x49\x45"
"\xf2\xbf\xfe\xff\xc5\xe9\xff\x0f\xa6\xeb\xd7\xff\xd7\xff\xaf\x6a\xff"
"\xff\x92\x5e\xec\xff\xd7\x9c\x7f\xff\x7f\x20\xb4\xb6\x7d\xfe\x7f\x2b"
"\xfa\xff\x3e\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e\x5e\xbf\xfe\xbf\xfe\x3f"
"\x9d\xf5\x5a\xff\x3f\xe6\xfe\x5f\x0b\x33\xa9\x48\xfe\x07\x00\x00\x80"
"\x2a\x88\xb9\xff\xd7\xc3\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\x7f"
"\x23\xcc\x44\xfe\x07\x00\x00\x80\xd2\x88\xb9\xff\x91\x30\x93\x8a\xe4"
"\x7f\xfd\x7f\x9f\xff\xaf\xff\xaf\xff\x5f\xe1\xcf\xff\xaf\x59\xbd\xcf"
"\xff\xd7\xff\xbf\x10\xf4\xff\xf5\xff\x33\xfd\xff\x15\x5b\xed\xfe\x7c"
"\xbf\xaf\x5f\xff\x5f\xff\x9f\xce\x7a\xad\xff\x1f\x73\xff\x6f\x86\x99"
"\x54\x24\xff\x03\x00\x00\x40\x15\xc4\xdc\xff\x68\x98\x49\xca\xff\x83"
"\xab\xb0\x2a\x00\x00\x00\xe0\x42\x8a\xb9\xff\x53\x61\x26\xfe\xfd\x1f"
"\x00\x00\x00\x4a\x23\xe6\xfe\x4f\x87\x99\x54\x24\xff\xeb\xff\xeb\xff"
"\xeb\xff\xeb\xff\x77\xa1\xff\x5f\xdb\x44\xff\x5f\xff\x3f\xd3\xff\xd7"
"\xff\xef\x40\xff\x5f\xff\xbf\x9f\xd7\xaf\xff\xaf\xff\x4f\x67\xbd\xd6"
"\xff\x8f\xb9\xff\xb1\x30\x93\x8a\xe4\x7f\x00\x00\x00\xa8\x82\x98\xfb"
"\x3f\x13\x66\x22\xff\x03\x00\x00\x40\x69\xc4\xdc\xff\x5b\x61\x26\xf2"
"\x3f\x00\x00\x00\x94\x46\xcc\xfd\xbf\x1d\x66\x52\x91\xfc\xaf\xff\xaf"
"\xff\xaf\xff\xaf\xff\xef\xf3\xff\xf5\xff\xbb\x49\xff\x7f\x71\xff\x3f"
"\x7f\x0d\x5b\xcd\xfe\xff\x9a\xe5\x6c\xa8\xff\xbf\x2c\xfa\xff\xfa\xff"
"\xfa\xff\xfa\xff\xb4\xd7\x6b\xfd\xff\x98\xfb\x3f\x1b\x66\x52\x91\xfc"
"\x0f\x00\x00\x00\x55\x10\x73\xff\xef\x84\x99\xc8\xff\x00\x00\x00\x50"
"\x1a\x31\xf7\xff\x6e\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73\xff\xe3"
"\x61\x26\x15\xc9\xff\xfa\xff\xfa\xff\xfa\xff\xe7\xde\xff\x0f\x0f\x97"
"\xfe\x7f\xd3\x7a\xf4\xff\xf5\xff\x5b\xd1\xff\xf7\xf9\xff\xed\xe8\xff"
"\xeb\xff\xf7\xf3\xfa\xf5\xff\xf5\xff\xe9\xac\xd7\xfa\xff\x31\xf7\x7f"
"\x2e\xcc\xa4\x22\xf9\x1f\x00\x00\x00\xaa\x20\xe6\xfe\xdf\x0b\x33\x91"
"\xff\x01\x00\x00\xa0\x34\x62\xee\xdf\x17\x66\x22\xff\x03\x00\x00\x40"
"\x69\xc4\xdc\xff\x44\x98\x49\x45\xf2\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xcf"
"\xff\xd7\xff\xd7\xff\xef\x26\xfd\x7f\xfd\xff\x76\xf4\xff\xf5\xff\xfb"
"\x79\xfd\xfa\xff\xfa\xff\x74\xd6\x6b\xfd\xff\x98\xfb\xf7\x87\x99\x54"
"\x24\xff\x03\x00\x00\x40\x15\xc4\xdc\xff\xf9\x30\x13\xf9\x1f\x00\x00"
"\x00\x4a\x23\xe6\xfe\x03\x61\x26\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd"
"\x07\xc3\x4c\x2a\x92\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xf5\xff\xf5"
"\xff\xbb\x49\xff\x5f\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e\x5e\xbf\xfe\xbf"
"\xfe\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\xa9\x30\x93\x8a\xe4\x7f\x00\x00"
"\x00\xa8\x82\x98\xfb\x0f\x85\x99\xc8\xff\x00\x00\x00\x50\x1a\x31\xf7"
"\x1f\x0e\x33\x91\xff\x01\x00\x00\xa0\x34\x62\xee\x7f\x32\xcc\xa4\x22"
"\xf9\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\xbf\x9b\xf4\xff"
"\xf5\xff\xdb\xd1\xff\xd7\xff\xef\xe7\xf5\xeb\xff\xeb\xff\xd3\x59\xaf"
"\xf5\xff\x63\xee\x3f\x12\x66\x52\x91\xfc\x0f\x00\x00\x00\x55\x10\x73"
"\xff\x17\xc2\x4c\xe4\x7f\x00\x00\x00\x28\x8d\x98\xfb\xbf\x18\x66\x22"
"\xff\x03\x00\x00\x40\x69\xc4\xdc\x7f\x34\xcc\xa4\x22\xf9\x5f\xff\x5f"
"\xff\x5f\xff\x5f\xff\x5f\xff\x5f\xff\xbf\x9b\xf4\xff\xf5\xff\xdb\xd1"
"\xff\xd7\xff\xef\xe7\xf5\xeb\xff\xeb\xff\xd3\x59\xaf\xf5\xff\x63\xee"
"\x3f\x16\x66\x52\x91\xfc\x0f\x00\x00\x00\x55\x10\x73\xff\xf1\x30\x13"
"\xf9\x1f\x00\x00\x00\x4a\x23\xe6\xfe\x13\x61\x26\xf2\x3f\x00\x00\x00"
"\x94\x46\xcc\xfd\x27\xc3\x4c\x2a\x92\xff\xf5\xff\xf5\xff\xf5\xff\xf5"
"\xff\xf5\xff\xf5\xff\xbb\x49\xff\x5f\xff\xbf\x1d\xfd\x7f\xfd\xff\x7e"
"\x5e\xbf\xfe\xbf\xfe\x3f\x9d\xf5\x5a\xff\x3f\xe6\xfe\xdf\x0f\x33\xa9"
"\x48\xfe\x07\x00\x00\x80\x2a\x88\xb9\xff\x54\x98\x89\xfc\x0f\x00\x00"
"\x00\xa5\x11\x73\xff\x74\x98\x89\xfc\x0f\x00\x00\x00\xa5\x11\x73\xff"
"\x4c\x98\x49\x45\xf2\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe\xbf\xfe"
"\x7f\x37\xe9\xff\xeb\xff\xb7\xa3\xff\xaf\xff\xdf\xcf\xeb\xd7\xff\xd7"
"\xff\xa7\xb3\x5e\xeb\xff\xc7\xdc\x3f\x1b\x66\x52\x91\xfc\x0f\x00\x00"
"\x00\x55\x10\x73\xff\x53\x61\x26\xf2\x3f\x00\x00\x00\x94\x46\xcc\xfd"
"\xff\xc7\xde\x7d\xed\xe8\x75\x56\x71\x1c\xfe\x02\x84\x04\x21\xc4\xb5"
"\x70\x05\x5c\x02\xc7\x1c\x72\x15\x74\x42\x87\xd0\x7b\xef\xbd\xf7\xde"
"\x7b\xef\x35\xf4\xde\x09\x84\x5e\x82\x64\x14\xcf\x5a\x2b\x91\x3d\xde"
"\xdb\x33\x9e\xcf\xdf\xbb\xdf\xf5\x3c\x07\x59\xb2\x30\xf6\x2b\x46\x08"
"\xfd\x85\x7e\xda\xf7\x8f\x5b\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\x07"
"\xc4\x2d\x4d\xf6\xbf\xfe\x5f\xff\xaf\xff\x1f\xa6\xff\x3f\xea\xfc\xf4"
"\xff\xfa\x7f\xfd\xff\x89\xe8\xff\xf5\xff\xbb\x89\xfb\xff\xeb\x2f\xf8"
"\xfb\xf4\xff\x63\xbd\x5f\xff\xaf\xff\x67\xdd\x68\xfd\x7f\xee\xfe\x07"
"\xc6\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x41\x71\x8b\xfd\x0f"
"\x00\x00\x00\xd3\xc8\xdd\xff\xe0\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4"
"\xee\x7f\x48\xdc\xd2\x64\xff\xeb\xff\xf5\xff\xfa\xff\x61\xfa\x7f\xdf"
"\xff\xcf\x9f\xab\xfe\x5f\xff\x7f\x02\xfa\x7f\xfd\xff\x6e\xe2\xfe\xff"
"\x42\xfa\xff\xb1\xde\xbf\xe1\xfe\xff\x6e\x3b\xfd\x3f\x57\xc9\x68\xfd"
"\x7f\xee\xfe\x87\xc6\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x61"
"\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\x7f\x43\xdc\x62\xff\x03\x00"
"\x00\xc0\x34\x72\xf7\x3f\x3c\x6e\x69\xb2\xff\xf5\xff\xfa\x7f\xfd\xbf"
"\xfe\x5f\xff\xaf\xff\xdf\x27\xfd\xbf\xfe\x7f\x89\xfe\x5f\xff\xbf\xe5"
"\xf7\x6f\xb8\xff\x3f\x4f\xff\xcf\xd5\x30\x5a\xff\x9f\xbb\xff\x11\x71"
"\x4b\x93\xfd\x0f\x00\x00\x00\x1d\xe4\xee\x7f\x64\xdc\x62\xff\x03\x00"
"\x00\xc0\x34\x72\xf7\x3f\x2a\x6e\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb"
"\x1f\x1d\xb7\x34\xd9\xff\xfa\x7f\xfd\xbf\xfe\x5f\xff\xaf\xff\xd7\xff"
"\xef\x93\xfe\x5f\xff\xbf\x44\xff\xaf\xff\xdf\xf2\xfb\xf5\xff\xfa\x7f"
"\xd6\x8d\xd6\xff\xe7\xee\x7f\x4c\xdc\xd2\x64\xff\x03\x00\x00\x40\x07"
"\xb9\xfb\x1f\x1b\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\x8f\x8b\x5b"
"\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\xc7\xc7\x2d\x4d\xf6\xbf\xfe\x5f"
"\xff\xbf\x95\xfe\xff\x2e\xfa\xff\xa2\xff\xd7\xff\x6f\x89\xfe\x5f\xff"
"\xbf\x44\xff\xaf\xff\xdf\xf2\xfb\xf5\xff\xfa\x7f\xd6\xed\xbd\xff\xbf"
"\xcf\x8d\xe7\xef\xe5\xf6\xff\xb9\xfb\x6f\x8c\x5b\x9a\xec\x7f\x00\x00"
"\x00\xe8\x20\x77\xff\x13\xe2\x16\xfb\x1f\x00\x00\x00\xa6\x91\xbb\xff"
"\x89\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xa4\xb8\xa5\xc9\xfe"
"\xd7\xff\xeb\xff\x6f\xef\xff\xcf\x5d\x33\x72\xff\x7f\xdc\xfb\xf5\xff"
"\xfa\xff\x9d\xfe\x7f\x78\x0b\xef\xbf\xee\x2c\xfe\x7c\xfd\xbf\xfe\x7f"
"\xa7\xff\x3f\xb5\x4b\xf7\xf3\x97\xf7\x9f\x84\xfe\x5f\xff\xaf\xff\x67"
"\xcd\xde\xfb\xff\x95\xde\xff\xc2\x5f\xe7\xee\x7f\x72\xdc\xd2\x64\xff"
"\x03\x00\x00\x40\x07\xb9\xfb\x9f\x12\xb7\xd8\xff\x00\x00\x00\x30\x8d"
"\xdc\xfd\x4f\x8d\x5b\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\xa7\xc5\x2d"
"\x4d\xf6\xbf\xfe\x5f\xff\xbf\x95\xef\xff\x1f\xf7\xfe\xd9\xfa\xff\x73"
"\x37\x1c\xfd\x3c\xef\xf8\xe7\xe8\xff\xf5\xff\x13\xf7\xff\x67\x42\xff"
"\xaf\xff\xdf\xe9\xff\x4f\xed\xd0\xfd\xfc\xd6\xdf\xbf\xd4\xff\xdf\xfb"
"\x32\xde\xaf\xff\xa7\x83\xd1\xfa\xff\xdc\xfd\x4f\x8f\x5b\x9a\xec\x7f"
"\x00\x00\x00\xe8\x20\x77\xff\x33\xe2\x16\xfb\x1f\x00\x00\x00\xa6\x91"
"\xbb\xff\x99\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xac\xb8\xa5"
"\xc9\xfe\xd7\xff\xeb\xff\xf5\xff\xe3\xf4\xff\xbe\xff\x1f\x3f\x57\xfd"
"\xbf\xfe\xff\x04\xf4\xff\xfa\xff\xdd\x69\xfb\xff\xbb\xea\xff\x0f\xdd"
"\xcf\x6f\xfd\xfd\xbe\xff\xaf\xff\x67\xdd\x68\xfd\x7f\xee\xfe\x67\xc7"
"\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x39\x71\x8b\xfd\x0f\x00"
"\x00\x00\xd3\xc8\xdd\xff\xdc\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4\xee"
"\x7f\x5e\xdc\xd2\x64\xff\xeb\xff\xf5\xff\xfa\x7f\xfd\xff\x15\xf5\xff"
"\x77\xd6\xff\xeb\xff\x97\xe9\xff\xf5\xff\x4b\x7c\xff\x5f\xff\xbf\xe5"
"\xf7\xeb\xff\xf5\xff\xac\x3b\x4c\xff\x7f\xdb\xb8\x3a\xbe\xff\xcf\xdd"
"\xff\xfc\xb8\xa5\xc9\xfe\x07\x00\x00\x80\x0e\x72\xf7\xbf\x20\x6e\xb1"
"\xff\x01\x00\x00\x60\x1a\xb9\xfb\x5f\x18\xb7\xd8\xff\x00\x00\x00\x30"
"\x8d\xdc\xfd\x2f\x8a\x5b\x9a\xec\x7f\xfd\xbf\xfe\x5f\xff\xaf\xff\xf7"
"\xfd\x7f\xfd\xff\x3e\xe9\xff\xa7\xeb\xff\xaf\xd1\xff\xdf\x4e\xff\xaf"
"\xff\xd7\xff\xeb\xff\x59\x76\x98\xfe\xff\xd2\xbf\xce\xdd\xff\xe2\xb8"
"\xa5\xc9\xfe\x07\x00\x00\x80\x0e\x72\xf7\xbf\x24\x6e\xb1\xff\x01\x00"
"\x00\x60\x1a\xb9\xfb\x5f\x1a\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd"
"\x2f\x8b\x5b\x9a\xec\x7f\xfd\xbf\xfe\x5f\xff\xaf\xff\xd7\xff\xeb\xff"
"\xf7\x49\xff\x3f\x5d\xff\xef\xfb\xff\x77\xa0\xff\xd7\xff\xeb\xff\xf5"
"\xff\x2c\x1b\xad\xff\xcf\xdd\xff\xf2\xb8\xa5\xc9\xfe\x07\x00\x00\x80"
"\x0e\x72\xf7\xbf\x22\x6e\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb\x5f\x19"
"\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\xaf\x8a\x5b\x9a\xec\x7f\xfd"
"\xbf\xfe\x5f\xff\xaf\xff\xd7\xff\xeb\xff\xf7\x49\xff\xaf\xff\x5f\xa2"
"\xff\x3f\xbe\xff\xbf\xfe\x12\x7f\x9f\xfe\x7f\xac\xf7\xeb\xff\xf5\xff"
"\xac\x1b\xad\xff\xcf\xdd\xff\xea\xb8\xa5\xc9\xfe\x07\x00\x00\x80\x0e"
"\x72\xf7\xbf\x26\x6e\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb\x5f\x1b\xb7"
"\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\xaf\x8b\x5b\x9a\xec\xff\x4b\xf5"
"\xff\xb7\xdc\xfd\xe8\x5f\xd7\xff\x5f\x1e\xfd\xff\xf1\xef\xd7\xff\xeb"
"\xff\xf5\xff\xfa\x7f\xfd\xbf\xfe\x7f\x89\xfe\xdf\xf7\xff\xb7\xfc\x7e"
"\xfd\xbf\xfe\x9f\x75\xa7\xef\xff\x6f\xbd\xe0\x7f\x81\xce\xa6\xff\xcf"
"\xdd\xff\xfa\xb8\xa5\xc9\xfe\x07\x00\x00\x80\x0e\x72\xf7\xbf\x21\x6e"
"\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb\xdf\x18\xb7\xd8\xff\x00\x00\x00"
"\x30\x8d\xdc\xfd\x6f\x8a\x5b\x9a\xec\x7f\xdf\xff\xd7\xff\xeb\xff\xf5"
"\xff\xfa\x7f\xfd\xff\x3e\xe9\xff\xf5\xff\x4b\xf4\xff\xfa\xff\x2d\xbf"
"\x5f\xff\xaf\xff\x67\xdd\xe9\xfb\xff\x8b\xff\x2d\xe7\xff\x79\x85\xfd"
"\x7f\xee\xfe\x37\xc7\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x2d"
"\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xd6\xb8\xc5\xfe\x07\x00"
"\x00\x80\x69\xe4\xee\x7f\x5b\xdc\xd2\x64\xff\xeb\xff\xf5\xff\x07\xef"
"\xff\xef\xa4\xff\x4f\xfa\xff\xf8\xb9\xea\xff\xf5\xff\x27\xa0\xff\xd7"
"\xff\xef\xf4\xff\xa7\x76\xe8\x7e\x7e\xeb\xef\xd7\xff\xeb\xff\x59\x37"
"\x5a\xff\x9f\xbb\xff\xed\x71\x4b\x93\xfd\x0f\x00\x00\x00\x1d\xe4\xee"
"\x7f\x47\xdc\x62\xff\x03\x00\x00\xc0\x34\xce\xef\xfe\x6b\xf3\x57\xf6"
"\x3f\x00\x00\x00\xcc\xe8\x9d\xe7\xff\x79\xfd\xee\x5d\x71\x4b\x93\xfd"
"\xaf\xff\xd7\xff\x1f\xbc\xff\xf7\xfd\xff\xa2\xff\x8f\x9f\xab\xfe\x5f"
"\xff\x7f\x02\xfa\x7f\xfd\xff\x4e\xff\x7f\x6a\x87\xee\xe7\xb7\xfe\x7e"
"\xfd\xbf\xfe\x9f\x75\xa3\xf5\xff\xb9\xfb\xdf\x1d\xb7\x34\xd9\xff\x00"
"\x00\x00\xd0\x41\xee\xfe\xf7\xc4\x2d\xf6\x3f\x00\x00\x00\x4c\x23\x77"
"\xff\x7b\xe3\x16\xfb\x1f\x00\x00\x00\xa6\x91\xbb\xff\x7d\x71\x4b\x93"
"\xfd\xaf\xff\xd7\xff\xeb\xff\xf5\xff\xfa\x7f\xfd\xff\x3e\xe9\xff\xf5"
"\xff\x4b\xf4\xff\xfa\xff\x2d\xbf\x5f\xff\xaf\xff\x67\xdd\x68\xfd\x7f"
"\xee\xfe\xf7\xc7\x2d\x4d\xf6\x3f\x00\x00\x00\x74\x90\xbb\xff\x03\x71"
"\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xc1\xb8\xc5\xfe\x07\x00\x00"
"\x80\x69\xe4\xee\xff\x50\xdc\xd2\x64\xff\xeb\xff\xb7\xde\xff\xdf\xef"
"\xe6\x78\x81\xfe\x5f\xff\xaf\xff\xd7\xff\x0f\x49\xff\xaf\xff\x5f\xa2"
"\xff\xd7\xff\x6f\xf9\xfd\xfa\x7f\xfd\x3f\xeb\x46\xeb\xff\x73\xf7\x7f"
"\x38\x6e\x69\xb2\xff\x01\x00\x00\xa0\x83\xdc\xfd\x1f\x89\x5b\xec\x7f"
"\x00\x00\x00\x98\x46\xee\xfe\x8f\xc6\x2d\xf6\x3f\x00\x00\x00\x4c\x23"
"\x77\xff\xc7\xe2\x96\x26\xfb\xbf\x47\xff\x7f\xed\x45\xbf\x6d\x9e\xfe"
"\xdf\xf7\xff\xf5\xff\xfa\x7f\xfd\xff\xd8\xf4\xff\xfa\xff\x25\xfa\x7f"
"\xfd\xff\x96\xdf\xaf\xff\xd7\xff\xb3\x6e\xb4\xfe\x3f\x77\xff\xc7\xe3"
"\x96\x26\xfb\x1f\x00\x00\x00\x3a\xc8\xdd\xff\x89\xb8\xc5\xfe\x07\x00"
"\x00\x80\x69\xe4\xee\xff\x64\xdc\x62\xff\x03\x00\x00\xc0\x34\x72\xf7"
"\x7f\x2a\x6e\x69\xb2\xff\x7b\xf4\xff\x17\xd3\xff\x1f\x39\xf3\xfe\xff"
"\xdc\x3d\xf5\xff\xfa\xff\xa2\xff\xd7\xff\xef\xf4\xff\xfa\xff\x15\xfa"
"\x7f\xfd\xff\x96\xdf\xaf\xff\xd7\xff\xb3\x6e\xb4\xfe\x3f\x77\xff\xa7"
"\xe3\x96\x26\xfb\x1f\x00\x00\x00\x3a\xc8\xdd\xff\x99\xb8\xc5\xfe\x07"
"\x00\x00\x80\x69\xe4\xee\xff\x6c\xdc\x62\xff\x03\x00\x00\xc0\x34\x72"
"\xf7\x7f\x2e\x6e\xb8\xd7\x3d\x0e\xf7\xa4\xab\x4a\xff\xaf\xff\xf7\xfd"
"\x7f\xfd\xbf\xfe\x5f\xff\xbf\x4f\xfa\x7f\xfd\xff\x12\xfd\xbf\xfe\x7f"
"\xcb\xef\xd7\xff\xeb\xff\x59\x37\x5a\xff\x9f\xbb\xff\xf3\x71\x8b\xff"
"\xff\x1f\x00\x00\x00\xa6\x91\xbb\xff\x0b\x71\x8b\xfd\x0f\x00\x00\x00"
"\xd3\xc8\xdd\xff\xc5\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4\xee\xff\x52"
"\xdc\xd2\x64\xff\xeb\xff\xf5\xff\xfa\x7f\xfd\xbf\xfe\x5f\xff\xbf\x4f"
"\xfa\x7f\xfd\xff\x12\xfd\xbf\xfe\x7f\xcb\xef\xd7\xff\xeb\xff\x59\x37"
"\x5a\xff\x9f\xbb\xff\xcb\x71\x4b\x93\xfd\x0f\x00\x00\x00\x1d\xe4\xee"
"\xff\x4a\xdc\x62\xff\x03\x00\x00\xc0\x34\x72\xf7\x7f\x35\x6e\xb1\xff"
"\x01\x00\x00\x60\x1a\xb9\xfb\xbf\x16\xb7\x34\xd9\xff\xfa\x7f\xfd\xbf"
"\xfe\x5f\xff\xaf\xff\xd7\xff\xef\x93\xfe\x5f\xff\xbf\x44\xff\xaf\xff"
"\xdf\xf2\xfb\xf5\xff\xfa\x7f\xd6\x8d\xd6\xff\xe7\xee\xff\x7a\xdc\xd2"
"\x64\xff\x03\x00\x00\x40\x07\xb9\xfb\xbf\x11\xb7\xd8\xff\x00\x00\x00"
"\x30\x8d\xdc\xfd\xdf\x8c\x5b\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\x6f"
"\xc5\x2d\x4d\xf6\xbf\xfe\x5f\xff\xaf\xff\xd7\xff\xeb\xff\xf5\xff\xfb"
"\xa4\xff\xd7\xff\x2f\xd1\xff\xeb\xff\xb7\xfc\x7e\xfd\xbf\xfe\x9f\x75"
"\xa3\xf5\xff\xb9\xfb\xbf\x1d\xb7\x34\xd9\xff\x00\x00\x00\xd0\x41\xee"
"\xfe\xef\xc4\x2d\xf6\x3f\x00\x00\x00\x4c\x23\x77\xff\x77\xe3\x16\xfb"
"\x1f\x00\x00\x00\xa6\x91\xbb\xff\xa6\xb8\xa5\xc9\xfe\x9f\xb9\xff\x5f"
"\xfa\x6d\xfa\xff\x23\xfa\x7f\xfd\xff\x4e\xff\xaf\xff\xdf\x33\xfd\xbf"
"\xfe\x7f\xc9\xa9\xfb\xff\xf8\x2f\x9e\xfe\xff\xca\x1c\xba\x9f\xdf\xfa"
"\xfb\xf5\xff\xfa\x7f\xd6\x8d\xd6\xff\xe7\xee\xff\x5e\xdc\xd2\x64\xff"
"\x03\x00\x00\x40\x07\xb9\xfb\xbf\x1f\xb7\xd8\xff\x00\x00\x00\x30\x8d"
"\xdc\xfd\x3f\x88\x5b\xec\x7f\x00\x00\x00\x98\x46\xee\xfe\x1f\xc6\x2d"
"\x4d\xf6\xff\xcc\xfd\xff\x12\xfd\xff\x11\xfd\xbf\xfe\x7f\xa7\xff\xd7"
"\xff\xef\x99\xfe\x5f\xff\xbf\xc4\xf7\xff\xf5\xff\x5b\x7e\xbf\xfe\x5f"
"\xff\xcf\xba\xd1\xfa\xff\xdc\xfd\x3f\x8a\x5b\x9a\xec\x7f\x00\x00\x00"
"\xe8\x20\x77\xff\x8f\xe3\x16\xfb\x1f\x00\x00\x00\xa6\x91\xbb\xff\x27"
"\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff\xd3\xb8\xa5\xc9\xfe\xd7"
"\xff\xeb\xff\xf5\xff\xfa\x7f\xfd\xbf\xfe\x7f\x9f\xf4\xff\xfa\xff\x25"
"\xfa\x7f\xfd\xff\x96\xdf\xaf\xff\xd7\xff\xb3\x6e\xb4\xfe\x3f\x77\xff"
"\xcf\xe2\x96\x26\xfb\x1f\x00\x00\x00\x3a\xc8\xdd\xff\xf3\xb8\xc5\xfe"
"\x07\x00\x00\x80\x69\xe4\xee\xff\x45\xdc\x62\xff\x03\x00\x00\xc0\x34"
"\x72\xf7\xff\x32\x6e\x69\xb2\xff\xf5\xff\xfa\x7f\xfd\xbf\xfe\x5f\xff"
"\xaf\xff\xdf\x27\xfd\xbf\xfe\x7f\x89\xfe\x5f\xff\xbf\xe5\xf7\xeb\xff"
"\xf5\xff\xac\x1b\xad\xff\xcf\xdd\xff\xab\xb8\xa5\xc9\xfe\x07\x00\x00"
"\x80\x0e\x72\xf7\xff\x3a\x6e\xb1\xff\x01\x00\x00\x60\x1a\xb9\xfb\x7f"
"\x13\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\xbf\x8d\x5b\x9a\xec\x7f"
"\xfd\xbf\xfe\x5f\xff\xaf\xff\xd7\xff\xeb\xff\xf7\x49\xff\xaf\xff\x5f"
"\xa2\xff\xd7\xff\x6f\xf9\xfd\xfa\x7f\xfd\x3f\xeb\x46\xeb\xff\x73\xf7"
"\xff\x2e\x6e\x69\xb2\xff\x01\x00\x00\xa0\x83\xdc\xfd\xbf\x8f\x5b\xec"
"\x7f\x00\x00\x00\x98\x46\xee\xfe\x3f\xc4\x2d\xf6\x3f\x00\x00\x00\x4c"
"\x23\x77\xff\x1f\xe3\x96\x26\xfb\x5f\xff\xaf\xff\xd7\xff\xeb\xff\xf5"
"\xff\xfa\xff\x7d\xd2\xff\xeb\xff\x97\xe8\xff\xf5\xff\x5b\x7e\xbf\xfe"
"\x5f\xff\xcf\xba\xd1\xfa\xff\xdc\xfd\x37\xc7\x2d\x4d\xf6\x3f\x00\x00"
"\x00\x74\x90\xbb\xff\x4f\x71\x8b\xfd\x0f\x00\x00\x00\xd3\xc8\xdd\xff"
"\xe7\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4\xee\xbf\x25\x6e\x69\xb2\xff"
"\xf5\xff\xfa\xff\x29\xfb\xff\xeb\xf4\xff\xfa\x7f\xfd\xff\x28\xf4\xff"
"\xfa\xff\x25\xfa\x7f\xfd\xff\x96\xdf\xaf\xff\xd7\xff\xb3\x6e\xb4\xfe"
"\x3f\x77\xff\x5f\xe2\x96\x26\xfb\x1f\x00\x00\x00\x3a\xc8\xdd\xff\xd7"
"\xb8\xc5\xfe\x07\x00\x00\x80\x69\xe4\xee\xff\x5b\xdc\x62\xff\x03\x00"
"\x00\xc0\x34\x72\xf7\xff\x3d\x6e\x69\xb2\xff\xf5\xff\xfa\xff\x29\xfb"
"\x7f\xdf\xff\xd7\xff\xeb\xff\x87\xa1\xff\xd7\xff\x2f\xd1\xff\xeb\xff"
"\xb7\xfc\x7e\xfd\xbf\xfe\x9f\x75\xa3\xf5\xff\xb9\xfb\xff\x11\xb7\x34"
"\xd9\xff\x00\x00\x00\xd0\x41\xee\xfe\x7f\xc6\x2d\xf6\x3f\x00\x00\x00"
"\x4c\x23\x77\xff\xbf\xe2\x16\xfb\x1f\x00\x00\x00\xa6\x91\xbb\xff\xdf"
"\x71\x4b\x93\xfd\xaf\xff\xbf\xec\xfe\x7f\xb1\xc9\xd4\xff\x1f\xff\x7e"
"\xfd\xff\x6d\x7f\xce\x4d\xf7\xdd\x5d\xf0\xfb\xf5\xff\x47\xf4\xff\xfa"
"\xff\xb3\xa0\xff\xd7\xff\xef\xf4\xff\xa7\x76\xe8\x7e\x7e\xeb\xef\xd7"
"\xff\xeb\xff\x59\x37\x5a\xff\x9f\xbb\xff\x3f\x71\x4b\x93\xfd\x0f\x00"
"\x00\x00\x1d\xe4\xee\xff\x6f\xdc\x62\xff\x03\x00\x00\xc0\x34\x72\xf7"
"\xdf\x1a\xb7\xd8\xff\x00\x00\x00\x30\x8d\xdc\xfd\xff\x8b\x5b\x9a\xec"
"\x7f\xfd\xbf\xef\xff\xeb\xff\x7d\xff\x5f\xff\xaf\xff\xdf\x27\xfd\xbf"
"\xfe\x7f\x89\xfe\x5f\xff\xbf\xe5\xf7\xeb\xff\xf5\xff\xac\x1b\xad\xff"
"\xcf\xdd\xff\xff\x00\x00\x00\xff\xff\xfd\x4a\x32\xe9",
24306);
syz_mount_image(/*fs=*/0x200000000000, /*dir=*/0x2000000004c0,
/*flags=MS_LAZYTIME|MS_REC|MS_NODEV*/ 0x2004004,
/*opts=*/0x2000000001c0, /*chdir=*/1, /*size=*/0x5ef2,
/*img=*/0x200000010140);
break;
case 1:
memcpy((void*)0x200000000300, "./file1\000", 8);
res = syscall(
__NR_openat, /*fd=*/0xffffff9c, /*file=*/0x200000000300ul,
/*flags=O_NOATIME|O_DIRECT|O_CREAT|O_CLOEXEC|0x2*/ 0xc4042,
/*mode=S_IXOTH|S_IWOTH|S_IROTH|S_IXGRP|S_IWGRP|S_IRGRP|S_IXUSR|S_IWUSR|0x100*/
0x1ff);
if (res != -1)
r[0] = res;
break;
case 2:
memcpy((void*)0x200000000040, "/dev/nullb0\000", 12);
res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul,
/*file=*/0x200000000040ul, /*flags=*/0, /*mode=*/0);
if (res != -1)
r[1] = res;
break;
case 3:
syscall(__NR_sendfile, /*fdout=*/r[0], /*fdin=*/r[1], /*off=*/0ul,
/*count=*/0xfffe82ul);
break;
}
}
int main(void)
{
syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
/*offset=*/0ul);
syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
/*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
/*offset=*/0ul);
syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul, /*fd=*/-1,
/*offset=*/0ul);
const char* reason;
(void)reason;
for (procid = 0; procid < 5; procid++) {
if (fork() == 0) {
use_temporary_dir();
loop();
}
}
sleep(1000000);
return 0;
}
===================================================================
I hope it helps.
Best regards
Jianzhou Zhao
4 months, 4 weeks
- 1
- 0
Potential Linux Crash: possible deadlock in kernfs_unlink_sibling in linux6.12.24(longterm maintenance)
by Jianzhou Zhao
Hello, I found a potential bug titled " possible deadlock in kernfs_unlink_sibling " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025).
(The latest version of 6.12 is 6.12-25 at present. However, after comparison, I found that there seems to be no fix for this bug in the latest version.)
Unfortunately, I am unable to reproduce this bug.
If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com>,Penglei Jiang <superman.xpt(a)gmail.com>
The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e
kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132
compiler: gcc version 11.4.0
------------[ cut here ]-----------------------------------------
TITLE: possible deadlock in kernfs_unlink_sibling
------------[ cut here ]------------
======================================================
======================================================
WARNING: possible circular locking dependency detected
6.12.24 #3 Not tainted
------------------------------------------------------
syz-executor/42274 is trying to acquire lock:
ffff88801bae51e0 (&root->kernfs_iattr_rwsem){++++}-{3:3}, at: kernfs_unlink_sibling+0xad/0x2c0 fs/kernfs/dir.c:413
but task is already holding lock:
ffff88801bae5148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove_by_name_ns+0x89/0x130 fs/kernfs/dir.c:1689
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #13 (&root->kernfs_rwsem){++++}-{3:3}:
down_write+0x92/0x200 kernel/locking/rwsem.c:1577
kernfs_add_one+0xac/0x530 fs/kernfs/dir.c:778
kernfs_create_dir_ns+0xfa/0x160 fs/kernfs/dir.c:1071
internal_create_group+0x338/0xeb0 fs/sysfs/group.c:167
cpuhp_invoke_callback+0x3d2/0x9d0 kernel/cpu.c:194
cpuhp_issue_call+0x1c1/0x8d0 kernel/cpu.c:2370
__cpuhp_setup_state_cpuslocked+0x400/0x700 kernel/cpu.c:2516
__cpuhp_setup_state+0x106/0x320 kernel/cpu.c:2545
do_one_initcall+0x10e/0x6d0 init/main.c:1269
do_initcall_level init/main.c:1331 [inline]
do_initcalls init/main.c:1347 [inline]
do_basic_setup init/main.c:1366 [inline]
kernel_init_freeable+0x5ae/0x8a0 init/main.c:1580
kernel_init+0x1e/0x2d0 init/main.c:1469
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #12 (cpuhp_state_mutex){+.+.}-{3:3}:
-> #11 (cpu_hotplug_lock){++++}-{0:0}:
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
cpus_read_lock+0x42/0x160 kernel/cpu.c:490
__static_call_update+0x8b/0x630 kernel/static_call_inline.c:139
tracepoint_update_call kernel/tracepoint.c:317 [inline]
tracepoint_add_func+0xa18/0xe50 kernel/tracepoint.c:358
tracepoint_probe_register_prio kernel/tracepoint.c:511 [inline]
tracepoint_probe_register+0xa5/0xf0 kernel/tracepoint.c:531
register_trace_sched_wakeup include/trace/events/sched.h:178 [inline]
tracing_sched_register kernel/trace/trace_sched_switch.c:56 [inline]
tracing_start_sched_switch+0x97/0x1e0 kernel/trace/trace_sched_switch.c:110
__ftrace_event_enable_disable+0x68b/0x8a0 kernel/trace/trace_events.c:831
ftrace_event_enable_disable kernel/trace/trace_events.c:871 [inline]
__ftrace_set_clr_event_nolock+0x29b/0x390 kernel/trace/trace_events.c:1200
__ftrace_set_clr_event kernel/trace/trace_events.c:1222 [inline]
trace_set_clr_event+0xec/0x150 kernel/trace/trace_events.c:1287
__set_printk_clr_event kernel/trace/bpf_trace.c:416 [inline]
bpf_get_trace_printk_proto+0x22/0x90 kernel/trace/bpf_trace.c:422
bpf_base_func_proto+0x9d6/0xbb0 kernel/bpf/helpers.c:2024
bpf_sk_base_func_proto+0x167/0x190 net/core/filter.c:11925
tc_cls_act_func_proto+0x506/0x510 net/core/filter.c:8289
get_helper_proto kernel/bpf/verifier.c:10430 [inline]
mark_fastcall_pattern_for_call+0x242/0xd50 kernel/bpf/verifier.c:16305
mark_fastcall_patterns kernel/bpf/verifier.c:16416 [inline]
bpf_check+0x85e6/0xb370 kernel/bpf/verifier.c:22458
bpf_prog_load+0x14d9/0x25d0 kernel/bpf/syscall.c:2847
__sys_bpf+0x1711/0x4f20 kernel/bpf/syscall.c:5667
__do_sys_bpf kernel/bpf/syscall.c:5774 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5772 [inline]
__x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5772
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #10 (tracepoints_mutex){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x147/0x930 kernel/locking/mutex.c:752
tracepoint_probe_register_prio kernel/tracepoint.c:507 [inline]
tracepoint_probe_register+0x7c/0xf0 kernel/tracepoint.c:531
register_trace_block_rq_insert include/trace/events/block.h:238 [inline]
blk_register_tracepoints+0x1b/0x3c0 kernel/trace/blktrace.c:1094
get_probe_ref kernel/trace/blktrace.c:337 [inline]
do_blk_trace_setup+0x98a/0xbc0 kernel/trace/blktrace.c:611
__blk_trace_setup+0xca/0x180 kernel/trace/blktrace.c:630
blk_trace_setup+0x47/0x70 kernel/trace/blktrace.c:648
sg_ioctl_common drivers/scsi/sg.c:1114 [inline]
sg_ioctl+0x65e/0x2720 drivers/scsi/sg.c:1156
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #9 (blk_probe_mutex){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x147/0x930 kernel/locking/mutex.c:752
get_probe_ref kernel/trace/blktrace.c:335 [inline]
do_blk_trace_setup+0x797/0xbc0 kernel/trace/blktrace.c:611
__blk_trace_setup+0xca/0x180 kernel/trace/blktrace.c:630
blk_trace_setup+0x47/0x70 kernel/trace/blktrace.c:648
sg_ioctl_common drivers/scsi/sg.c:1114 [inline]
sg_ioctl+0x65e/0x2720 drivers/scsi/sg.c:1156
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #8 (&q->debugfs_mutex){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x147/0x930 kernel/locking/mutex.c:752
blk_mq_init_sched+0x436/0x650 block/blk-mq-sched.c:473
elevator_init_mq+0x2cc/0x420 block/elevator.c:610
device_add_disk+0x10e/0x12f0 block/genhd.c:411
sd_probe+0xa0e/0xf80 drivers/scsi/sd.c:4024
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x24f/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1df/0x450 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830
__device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958
bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459
__device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987
async_run_entry_fn+0x9c/0x530 kernel/async.c:129
process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232
process_scheduled_works kernel/workqueue.c:3314 [inline]
worker_thread+0x677/0xe90 kernel/workqueue.c:3395
kthread+0x2c7/0x3b0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #7 (&q->q_usage_counter(queue)#51){++++}-{0:0}:
blk_queue_enter+0x4d0/0x600 block/blk-core.c:328
blk_mq_alloc_request+0x422/0x9c0 block/blk-mq.c:680
scsi_alloc_request drivers/scsi/scsi_lib.c:1227 [inline]
scsi_execute_cmd+0x1fe/0xf20 drivers/scsi/scsi_lib.c:304
read_capacity_16+0x1f2/0xe60 drivers/scsi/sd.c:2655
sd_read_capacity drivers/scsi/sd.c:2824 [inline]
sd_revalidate_disk.isra.0+0x1989/0xa440 drivers/scsi/sd.c:3734
sd_probe+0x887/0xf80 drivers/scsi/sd.c:4010
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x24f/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1df/0x450 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830
__device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958
bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459
__device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987
async_run_entry_fn+0x9c/0x530 kernel/async.c:129
process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232
process_scheduled_works kernel/workqueue.c:3314 [inline]
worker_thread+0x677/0xe90 kernel/workqueue.c:3395
kthread+0x2c7/0x3b0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #6 (&q->limits_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x147/0x930 kernel/locking/mutex.c:752
queue_limits_start_update include/linux/blkdev.h:935 [inline]
loop_reconfigure_limits+0x1f2/0x960 drivers/block/loop.c:1004
loop_set_block_size drivers/block/loop.c:1474 [inline]
lo_simple_ioctl drivers/block/loop.c:1497 [inline]
lo_ioctl+0xb92/0x1870 drivers/block/loop.c:1560
blkdev_ioctl+0x27b/0x6c0 block/ioctl.c:693
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #5 (&q->q_usage_counter(io)#19){++++}-{0:0}:
bio_queue_enter block/blk.h:76 [inline]
blk_mq_submit_bio+0x2167/0x2b70 block/blk-mq.c:3090
__submit_bio+0x399/0x630 block/blk-core.c:629
__submit_bio_noacct_mq block/blk-core.c:716 [inline]
submit_bio_noacct_nocheck+0x6c3/0xd00 block/blk-core.c:745
submit_bio_noacct+0x57a/0x1fa0 block/blk-core.c:868
nilfs_btnode_submit_block+0x58a/0x6e0 fs/nilfs2/btnode.c:139
__nilfs_btree_get_block+0x10b/0x6b0 fs/nilfs2/btree.c:481
nilfs_btree_do_lookup+0x3ea/0x8e0 fs/nilfs2/btree.c:579
nilfs_btree_lookup+0x4b/0x110 fs/nilfs2/btree.c:696
nilfs_bmap_lookup_at_level+0xd4/0x460 fs/nilfs2/bmap.c:69
nilfs_bmap_lookup fs/nilfs2/bmap.h:182 [inline]
nilfs_mdt_submit_block+0x1a1/0x870 fs/nilfs2/mdt.c:141
nilfs_mdt_read_block+0x92/0x3c0 fs/nilfs2/mdt.c:175
nilfs_mdt_get_block+0xd2/0xa40 fs/nilfs2/mdt.c:250
nilfs_palloc_get_block+0xc0/0x310 fs/nilfs2/alloc.c:217
nilfs_palloc_get_entry_block+0x16b/0x1d0 fs/nilfs2/alloc.c:319
nilfs_dat_translate+0x82/0x3b0 fs/nilfs2/dat.c:413
nilfs_bmap_lookup_at_level+0x250/0x460 fs/nilfs2/bmap.c:74
nilfs_bmap_lookup fs/nilfs2/bmap.h:182 [inline]
nilfs_mdt_submit_block+0x1a1/0x870 fs/nilfs2/mdt.c:141
nilfs_mdt_read_block+0x92/0x3c0 fs/nilfs2/mdt.c:175
nilfs_mdt_get_block+0xd2/0xa40 fs/nilfs2/mdt.c:250
nilfs_sufile_read+0x20f/0x5f0 fs/nilfs2/sufile.c:1254
nilfs_load_super_root fs/nilfs2/the_nilfs.c:128 [inline]
load_nilfs+0x69d/0x1300 fs/nilfs2/the_nilfs.c:299
nilfs_fill_super fs/nilfs2/super.c:1067 [inline]
nilfs_get_tree+0xa62/0x10d0 fs/nilfs2/super.c:1220
vfs_get_tree+0x94/0x380 fs/super.c:1814
do_new_mount fs/namespace.c:3512 [inline]
path_mount+0x6b2/0x1ea0 fs/namespace.c:3839
do_mount fs/namespace.c:3852 [inline]
__do_sys_mount fs/namespace.c:4062 [inline]
__se_sys_mount fs/namespace.c:4039 [inline]
__x64_sys_mount+0x284/0x310 fs/namespace.c:4039
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #4 (&nilfs_bmap_dat_lock_key){++++}-{3:3}:
down_read+0x9a/0x330 kernel/locking/rwsem.c:1524
nilfs_bmap_lookup_at_level+0x7f/0x460 fs/nilfs2/bmap.c:68
nilfs_bmap_lookup fs/nilfs2/bmap.h:182 [inline]
nilfs_mdt_submit_block+0x1a1/0x870 fs/nilfs2/mdt.c:141
nilfs_mdt_read_block+0x92/0x3c0 fs/nilfs2/mdt.c:175
nilfs_mdt_get_block+0xd2/0xa40 fs/nilfs2/mdt.c:250
nilfs_palloc_get_block+0xc0/0x310 fs/nilfs2/alloc.c:217
nilfs_palloc_get_entry_block+0x16b/0x1d0 fs/nilfs2/alloc.c:319
nilfs_dat_translate+0x82/0x3b0 fs/nilfs2/dat.c:413
nilfs_direct_lookup_contig+0x294/0x330 fs/nilfs2/direct.c:67
nilfs_bmap_lookup_contig+0x89/0x190 fs/nilfs2/bmap.c:100
nilfs_get_block+0x1fc/0xa70 fs/nilfs2/inode.c:82
do_mpage_readpage+0x6e2/0x16a0 fs/mpage.c:225
mpage_readahead+0x344/0x580 fs/mpage.c:374
read_pages+0x19b/0xd50 mm/readahead.c:160
page_cache_ra_unbounded+0x3ac/0x680 mm/readahead.c:290
do_page_cache_ra mm/readahead.c:320 [inline]
page_cache_ra_order+0x8ee/0xb70 mm/readahead.c:519
page_cache_sync_ra+0x4e3/0x9e0 mm/readahead.c:607
page_cache_sync_readahead include/linux/pagemap.h:1394 [inline]
filemap_get_pages+0x327/0x19f0 mm/filemap.c:2558
filemap_read+0x3a2/0xc70 mm/filemap.c:2656
generic_file_read_iter+0x349/0x450 mm/filemap.c:2844
__kernel_read+0x3c6/0xb20 fs/read_write.c:527
integrity_kernel_read+0x7f/0xb0 security/integrity/iint.c:28
ima_calc_file_hash_tfm+0x2bd/0x3c0 security/integrity/ima/ima_crypto.c:480
ima_calc_file_shash security/integrity/ima/ima_crypto.c:511 [inline]
ima_calc_file_hash+0x1b5/0x490 security/integrity/ima/ima_crypto.c:568
ima_collect_measurement+0x86c/0xa20 security/integrity/ima/ima_api.c:293
process_measurement+0xff9/0x1fb0 security/integrity/ima/ima_main.c:383
ima_file_check+0xb9/0x100 security/integrity/ima/ima_main.c:583
security_file_post_open+0x95/0x230 security/security.c:3129
do_open fs/namei.c:3776 [inline]
path_openat+0x14d8/0x2960 fs/namei.c:3933
do_filp_open+0x1c7/0x410 fs/namei.c:3960
do_sys_openat2+0x164/0x1d0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x140/0x1f0 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #3 (&bmap->b_sem){++++}-{3:3}:
down_write+0x92/0x200 kernel/locking/rwsem.c:1577
nilfs_bmap_clear+0x1c/0xa0 fs/nilfs2/bmap.c:319
nilfs_clear_inode+0x21c/0x330 fs/nilfs2/inode.c:869
nilfs_evict_inode+0x3c1/0x530 fs/nilfs2/inode.c:889
evict+0x3ef/0x940 fs/inode.c:725
dispose_list+0x117/0x1e0 fs/inode.c:774
prune_icache_sb+0xeb/0x150 fs/inode.c:963
super_cache_scan+0x37f/0x570 fs/super.c:223
do_shrink_slab+0x44b/0x1190 mm/shrinker.c:437
shrink_slab_memcg mm/shrinker.c:550 [inline]
shrink_slab+0xb61/0x12a0 mm/shrinker.c:628
shrink_one+0x4ad/0x7c0 mm/vmscan.c:4835
shrink_many mm/vmscan.c:4896 [inline]
lru_gen_shrink_node mm/vmscan.c:4974 [inline]
shrink_node+0x2420/0x3890 mm/vmscan.c:5954
kswapd_shrink_node mm/vmscan.c:6782 [inline]
balance_pgdat+0xbe5/0x18c0 mm/vmscan.c:6974
kswapd+0x702/0xd50 mm/vmscan.c:7243
kthread+0x2c7/0x3b0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #2 (fs_reclaim){+.+.}-{0:0}:
__fs_reclaim_acquire mm/page_alloc.c:3853 [inline]
fs_reclaim_acquire+0x102/0x150 mm/page_alloc.c:3867
might_alloc include/linux/sched/mm.h:318 [inline]
slab_pre_alloc_hook mm/slub.c:4058 [inline]
slab_alloc_node mm/slub.c:4136 [inline]
kmem_cache_alloc_noprof+0x4e/0x2f0 mm/slub.c:4163
__kernfs_iattrs+0xbc/0x3f0 fs/kernfs/inode.c:37
kernfs_iattrs fs/kernfs/inode.c:60 [inline]
kernfs_xattr_set fs/kernfs/inode.c:309 [inline]
kernfs_vfs_xattr_set+0x5d/0xe0 fs/kernfs/inode.c:340
__vfs_setxattr+0x173/0x1e0 fs/xattr.c:200
__vfs_setxattr_noperm+0x129/0x670 fs/xattr.c:234
__vfs_setxattr_locked+0x1d7/0x260 fs/xattr.c:295
vfs_setxattr+0x143/0x360 fs/xattr.c:321
do_setxattr+0x171/0x1e0 fs/xattr.c:629
path_setxattr+0x202/0x260 fs/xattr.c:658
__do_sys_setxattr fs/xattr.c:676 [inline]
__se_sys_setxattr fs/xattr.c:672 [inline]
__x64_sys_setxattr+0xc4/0x160 fs/xattr.c:672
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (iattr_mutex){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x147/0x930 kernel/locking/mutex.c:752
__kernfs_iattrs+0x2b/0x3f0 fs/kernfs/inode.c:32
kernfs_iattrs fs/kernfs/inode.c:60 [inline]
__kernfs_setattr+0x4d/0x3d0 fs/kernfs/inode.c:73
kernfs_iop_setattr+0x12b/0x190 fs/kernfs/inode.c:127
notify_change+0x6d3/0x1280 fs/attr.c:503
do_truncate+0x143/0x200 fs/open.c:65
handle_truncate fs/namei.c:3395 [inline]
do_open fs/namei.c:3778 [inline]
path_openat+0x22b6/0x2960 fs/namei.c:3933
do_filp_open+0x1c7/0x410 fs/namei.c:3960
do_sys_openat2+0x164/0x1d0 fs/open.c:1415
do_sys_open fs/open.c:1430 [inline]
__do_sys_openat fs/open.c:1446 [inline]
__se_sys_openat fs/open.c:1441 [inline]
__x64_sys_openat+0x140/0x1f0 fs/open.c:1441
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&root->kernfs_iattr_rwsem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202
lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825
down_write+0x92/0x200 kernel/locking/rwsem.c:1577
kernfs_unlink_sibling+0xad/0x2c0 fs/kernfs/dir.c:413
__kernfs_remove+0x2b3/0x670 fs/kernfs/dir.c:1492
kernfs_remove_by_name_ns+0xb4/0x130 fs/kernfs/dir.c:1694
kernfs_remove_by_name include/linux/kernfs.h:625 [inline]
remove_files+0x96/0x1c0 fs/sysfs/group.c:28
sysfs_remove_group+0x8b/0x180 fs/sysfs/group.c:319
sysfs_remove_groups fs/sysfs/group.c:343 [inline]
sysfs_remove_groups+0x60/0xa0 fs/sysfs/group.c:335
__kobject_del+0x89/0x1f0 lib/kobject.c:595
kobject_cleanup lib/kobject.c:680 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x2e5/0x4c0 lib/kobject.c:737
net_rx_queue_update_kobjects+0x4d4/0x640 net/core/net-sysfs.c:1178
remove_queue_kobjects net/core/net-sysfs.c:1953 [inline]
netdev_unregister_kobject+0x150/0x270 net/core/net-sysfs.c:2107
unregister_netdevice_many_notify+0x1202/0x1ce0 net/core/dev.c:11503
unregister_netdevice_many net/core/dev.c:11531 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11405
unregister_netdevice include/linux/netdevice.h:3126 [inline]
nsim_destroy+0x102/0x6c0 drivers/net/netdevsim/netdev.c:778
__nsim_dev_port_del+0x189/0x240 drivers/net/netdevsim/dev.c:1428
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1440 [inline]
nsim_dev_reload_destroy+0x105/0x490 drivers/net/netdevsim/dev.c:1661
nsim_drv_remove+0x52/0x1d0 drivers/net/netdevsim/dev.c:1676
device_remove+0xc8/0x170 drivers/base/dd.c:567
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x443/0x620 drivers/base/dd.c:1296
bus_remove_device+0x22f/0x420 drivers/base/bus.c:576
device_del+0x395/0x9d0 drivers/base/core.c:3855
device_unregister+0x1e/0xc0 drivers/base/core.c:3896
nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline]
del_device_store+0x34e/0x4b0 drivers/net/netdevsim/bus.c:226
bus_attr_store+0x71/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136
kernfs_fop_write_iter+0x335/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xbfc/0x10d0 fs/read_write.c:683
ksys_write+0x122/0x250 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
&root->kernfs_iattr_rwsem --> cpuhp_state_mutex --> &root->kernfs_rwsem
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&root->kernfs_rwsem);
lock(cpuhp_state_mutex);
lock(&root->kernfs_rwsem);
lock(&root->kernfs_iattr_rwsem);
*** DEADLOCK ***
8 locks held by syz-executor/42274:
#0: ffff8880454fe420 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x122/0x250 fs/read_write.c:736
#1: ffff88806a42d488 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x27a/0x500 fs/kernfs/file.c:325
#2: ffff888043faf0f8 (kn->active#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 fs/kernfs/file.c:326
#3: ffffffff8f280da8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xc9/0x4b0 drivers/net/netdevsim/bus.c:216
#4: ffff88801fc9c0e8 (&dev->mutex){....}-{3:3}, at: device_lock include/linux/device.h:1014 [inline]
#4: ffff88801fc9c0e8 (&dev->mutex){....}-{3:3}, at: __device_driver_lock drivers/base/dd.c:1095 [inline]
#4: ffff88801fc9c0e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xa4/0x620 drivers/base/dd.c:1293
#5: ffff88801fc9d250 (&devlink->lock_key#42){+.+.}-{3:3}, at: nsim_drv_remove+0x4a/0x1d0 drivers/net/netdevsim/dev.c:1675
#6: ffffffff8fce93a8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x6b/0x6c0 drivers/net/netdevsim/netdev.c:773
#7: ffff88801bae5148 (&root->kernfs_rwsem){++++}-{3:3}, at: kernfs_remove_by_name_ns+0x89/0x130 fs/kernfs/dir.c:1689
stack backtrace:
CPU: 1 UID: 0 PID: 42274 Comm: syz-executor Not tainted 6.12.24 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120
print_circular_bug+0x406/0x5c0 kernel/locking/lockdep.c:2074
check_noncircular+0x2f7/0x3e0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202
lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825
down_write+0x92/0x200 kernel/locking/rwsem.c:1577
kernfs_unlink_sibling+0xad/0x2c0 fs/kernfs/dir.c:413
__kernfs_remove+0x2b3/0x670 fs/kernfs/dir.c:1492
kernfs_remove_by_name_ns+0xb4/0x130 fs/kernfs/dir.c:1694
kernfs_remove_by_name include/linux/kernfs.h:625 [inline]
remove_files+0x96/0x1c0 fs/sysfs/group.c:28
sysfs_remove_group+0x8b/0x180 fs/sysfs/group.c:319
sysfs_remove_groups fs/sysfs/group.c:343 [inline]
sysfs_remove_groups+0x60/0xa0 fs/sysfs/group.c:335
__kobject_del+0x89/0x1f0 lib/kobject.c:595
kobject_cleanup lib/kobject.c:680 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x2e5/0x4c0 lib/kobject.c:737
net_rx_queue_update_kobjects+0x4d4/0x640 net/core/net-sysfs.c:1178
remove_queue_kobjects net/core/net-sysfs.c:1953 [inline]
netdev_unregister_kobject+0x150/0x270 net/core/net-sysfs.c:2107
unregister_netdevice_many_notify+0x1202/0x1ce0 net/core/dev.c:11503
unregister_netdevice_many net/core/dev.c:11531 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11405
unregister_netdevice include/linux/netdevice.h:3126 [inline]
nsim_destroy+0x102/0x6c0 drivers/net/netdevsim/netdev.c:778
__nsim_dev_port_del+0x189/0x240 drivers/net/netdevsim/dev.c:1428
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1440 [inline]
nsim_dev_reload_destroy+0x105/0x490 drivers/net/netdevsim/dev.c:1661
nsim_drv_remove+0x52/0x1d0 drivers/net/netdevsim/dev.c:1676
device_remove+0xc8/0x170 drivers/base/dd.c:567
__device_release_driver drivers/base/dd.c:1273 [inline]
device_release_driver_internal+0x443/0x620 drivers/base/dd.c:1296
bus_remove_device+0x22f/0x420 drivers/base/bus.c:576
device_del+0x395/0x9d0 drivers/base/core.c:3855
device_unregister+0x1e/0xc0 drivers/base/core.c:3896
nsim_bus_dev_del drivers/net/netdevsim/bus.c:462 [inline]
del_device_store+0x34e/0x4b0 drivers/net/netdevsim/bus.c:226
bus_attr_store+0x71/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136
kernfs_fop_write_iter+0x335/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xbfc/0x10d0 fs/read_write.c:683
ksys_write+0x122/0x250 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feb2b1ac01f
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 79 0d 03 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 bc 0d 03 00 48
RSP: 002b:00007ffdd4ed8e70 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007feb2b1ac01f
RDX: 0000000000000001 RSI: 00007ffdd4ed8ec0 RDI: 0000000000000005
RBP: 0000000000000005 R08: 0000000000000000 R09: 00007ffdd4ed8e10
R10: 0000000000000000 R11: 0000000000000293 R12: 00007feb2b247e34
R13: 00007ffdd4ed8ec0 R14: 0000000000000000 R15: 00007ffdd4ed9aa0
</TASK>
netdevsim netdevsim4 netdevsim0: renamed from eth0
netdevsim netdevsim4 netdevsim1: renamed from eth1
netdevsim netdevsim4 netdevsim2: renamed from eth2
netdevsim netdevsim4 netdevsim3: renamed from eth3
8021q: adding VLAN 0 to HW filter on device bond0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device batadv0
veth0_vlan: entered promiscuous mode
veth1_vlan: entered promiscuous mode
veth0_macvtap: entered promiscuous mode
veth1_macvtap: entered promiscuous mode
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_0
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
batman_adv: batadv0: Interface activated: batadv_slave_1
netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
ieee80211 phy54: Selected rate control algorithm 'minstrel_ht'
ieee80211 phy55: Selected rate control algorithm 'minstrel_ht'
==================================================================
I hope it helps.
Best regards
Jianzhou Zhao
4 months, 4 weeks
- 1
- 0
Re: Patch "lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP" has been added to the 6.14-stable tree
by Kees Cook
On April 26, 2025 6:25:09 AM PDT, Sasha Levin <sashal(a)kernel.org> wrote:
>This is a note to let you know that I've just added the patch titled
>
> lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP
>
>to the 6.14-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
>The filename of the patch is:
> lib-kconfig.ubsan-remove-default-ubsan-from-ubsan_in.patch
>and it can be found in the queue-6.14 subdirectory.
>
>If you, or anyone else, feels it should not be added to the stable tree,
>please let <stable(a)vger.kernel.org> know about it.
Please drop this; it's fixing the other patch that should not be backported. :)
-Kees
--
Kees Cook
4 months, 4 weeks
- 3
- 5
[PATCH] securityfs: fix missing of d_delete() in securityfs_remove()
by alexjlzheng@gmail.com
From: Jinliang Zheng <alexjlzheng(a)tencent.com>
Consider the following module code:
static struct dentry *dentry;
static int __init securityfs_test_init(void)
{
dentry = securityfs_create_dir("standon", NULL);
return PTR_ERR(dentry);
}
static void __exit securityfs_test_exit(void)
{
securityfs_remove(dentry);
}
module_init(securityfs_test_init);
module_exit(securityfs_test_exit);
and then:
insmod /path/to/thismodule
cd /sys/kernel/security/standon <- we hold 'standon'
rmmod thismodule <- 'standon' don't go away
insmod /path/to/thismodule <- Failed: File exists!
Fix this by adding d_delete() in securityfs_remove().
Fixes: b67dbf9d4c198 ("[PATCH] add securityfs for all LSMs to use")
Signed-off-by: Jinliang Zheng <alexjlzheng(a)tencent.com>
Cc: <stable(a)vger.kernel.org>
---
security/inode.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/inode.c b/security/inode.c
index da3ab44c8e57..d99baf26350a 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -306,6 +306,7 @@ void securityfs_remove(struct dentry *dentry)
simple_rmdir(dir, dentry);
else
simple_unlink(dir, dentry);
+ d_delete(dentry);
dput(dentry);
}
inode_unlock(dir);
--
2.49.0
4 months, 4 weeks
- 4
- 4
Re: Patch "lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP" has been added to the 6.12-stable tree
by Kees Cook
On April 26, 2025 6:27:11 AM PDT, Sasha Levin <sashal(a)kernel.org> wrote:
>This is a note to let you know that I've just added the patch titled
>
> lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP
>
>to the 6.12-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
>The filename of the patch is:
> lib-kconfig.ubsan-remove-default-ubsan-from-ubsan_in.patch
>and it can be found in the queue-6.12 subdirectory.
>
>If you, or anyone else, feels it should not be added to the stable tree,
>please let <stable(a)vger.kernel.org> know about it.
And this too; please drop. :)
-Kees
--
Kees Cook
4 months, 4 weeks
- 1
- 0
Re: Patch "ubsan/overflow: Rework integer overflow sanitizer option to turn on everything" has been added to the 6.12-stable tree
by Kees Cook
On April 26, 2025 6:27:07 AM PDT, Sasha Levin <sashal(a)kernel.org> wrote:
>This is a note to let you know that I've just added the patch titled
>
> ubsan/overflow: Rework integer overflow sanitizer option to turn on everything
>
>to the 6.12-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
>The filename of the patch is:
> ubsan-overflow-rework-integer-overflow-sanitizer-opt.patch
>and it can be found in the queue-6.12 subdirectory.
>
>If you, or anyone else, feels it should not be added to the stable tree,
>please let <stable(a)vger.kernel.org> know about it.
Same as the other email; please drop.
-Kees
--
Kees Cook
4 months, 4 weeks
- 1
- 0
Re: Patch "ubsan/overflow: Rework integer overflow sanitizer option to turn on everything" has been added to the 6.14-stable tree
by Kees Cook
On April 26, 2025 6:25:06 AM PDT, Sasha Levin <sashal(a)kernel.org> wrote:
>This is a note to let you know that I've just added the patch titled
>
> ubsan/overflow: Rework integer overflow sanitizer option to turn on everything
>
>to the 6.14-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
>The filename of the patch is:
> ubsan-overflow-rework-integer-overflow-sanitizer-opt.patch
>and it can be found in the queue-6.14 subdirectory.
>
>If you, or anyone else, feels it should not be added to the stable tree,
>please let <stable(a)vger.kernel.org> know about it.
Please drop this; it is a config change and should not be backported.
-Kees
--
Kees Cook
4 months, 4 weeks
- 1
- 0
FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041736-abrasion-yonder-b301@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david(a)redhat.com>
Date: Wed, 2 Apr 2025 22:36:21 +0200
Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing
queues
If we finds a vq without a name in our input array in
virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer
to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq.
Consequently, we create only a queue if it actually exists (name != NULL)
and assign an incremental queue index to each such existing queue.
However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we
will not ignore these "non-existing queues", but instead assign an airq
indicator to them.
Besides never releasing them in virtio_ccw_drop_indicators() (because
there is no virtqueue), the bigger issue seems to be that there will be a
disagreement between the device and the Linux guest about the airq
indicator to be used for notifying a queue, because the indicator bit
for adapter I/O interrupt is derived from the queue index.
The virtio spec states under "Setting Up Two-Stage Queue Indicators":
... indicator contains the guest address of an area wherein the
indicators for the devices are contained, starting at bit_nr, one
bit per virtqueue of the device.
And further in "Notification via Adapter I/O Interrupts":
For notifying the driver of virtqueue buffers, the device sets the
bit in the guest-provided indicator area at the corresponding
offset.
For example, QEMU uses in virtio_ccw_notify() the queue index (passed as
"vector") to select the relevant indicator bit. If a queue does not exist,
it does not have a corresponding indicator bit assigned, because it
effectively doesn't have a queue index.
Using a virtio-balloon-ccw device under QEMU with free-page-hinting
disabled ("free-page-hint=off") but free-page-reporting enabled
("free-page-reporting=on") will result in free page reporting
not working as expected: in the virtio_balloon driver, we'll be stuck
forever in virtballoon_free_page_report()->wait_event(), because the
waitqueue will not be woken up as the notification from the device is
lost: it would use the wrong indicator bit.
Free page reporting stops working and we get splats (when configured to
detect hung wqs) like:
INFO: task kworker/1:3:463 blocked for more than 61 seconds.
Not tainted 6.14.0 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 [...]
Workqueue: events page_reporting_process
Call Trace:
[<000002f404e6dfb2>] __schedule+0x402/0x1640
[<000002f404e6f22e>] schedule+0x3e/0xe0
[<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon]
[<000002f40435c8a4>] page_reporting_process+0x2e4/0x740
[<000002f403fd3ee2>] process_one_work+0x1c2/0x400
[<000002f403fd4b96>] worker_thread+0x296/0x420
[<000002f403fe10b4>] kthread+0x124/0x290
[<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60
[<000002f404e77272>] ret_from_fork+0xa/0x38
There was recently a discussion [1] whether the "holes" should be
treated differently again, effectively assigning also non-existing
queues a queue index: that should also fix the issue, but requires other
workarounds to not break existing setups.
Let's fix it without affecting existing setups for now by properly ignoring
the non-existing queues, so the indicator bits will match the queue
indexes.
[1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/
Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL")
Reported-by: Chandra Merla <cmerla(a)redhat.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: David Hildenbrand <david(a)redhat.com>
Tested-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Cornelia Huck <cohuck(a)redhat.com>
Acked-by: Michael S. Tsirkin <mst(a)redhat.com>
Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com>
Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com
Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com>
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 21fa7ac849e5..4904b831c0a7 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index)
static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
u64 *first, void **airq_info)
{
- int i, j;
+ int i, j, queue_idx, highest_queue_idx = -1;
struct airq_info *info;
unsigned long *indicator_addr = NULL;
unsigned long bit, flags;
+ /* Array entries without an actual queue pointer must be ignored. */
+ for (i = 0; i < nvqs; i++) {
+ if (vqs[i])
+ highest_queue_idx++;
+ }
+
for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) {
mutex_lock(&airq_areas_lock);
if (!airq_areas[i])
@@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
if (!info)
return NULL;
write_lock_irqsave(&info->lock, flags);
- bit = airq_iv_alloc(info->aiv, nvqs);
+ bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1);
if (bit == -1UL) {
/* Not enough vacancies. */
write_unlock_irqrestore(&info->lock, flags);
@@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
*first = bit;
*airq_info = info;
indicator_addr = info->aiv->vector;
- for (j = 0; j < nvqs; j++) {
- airq_iv_set_ptr(info->aiv, bit + j,
+ for (j = 0, queue_idx = 0; j < nvqs; j++) {
+ if (!vqs[j])
+ continue;
+ airq_iv_set_ptr(info->aiv, bit + queue_idx++,
(unsigned long)vqs[j]);
}
write_unlock_irqrestore(&info->lock, flags);
4 months, 4 weeks
- 3
- 2
[PATCH stable 6.12 0/4] Fix xdp_devmap_attach failure in BPF selftests
by Shung-Hsi Yu
This patchset backport commit to fix BPF selftests failure in stable
6.12 since commit 972bafed67ca ("bpf, test_run: Fix use-after-free issue
in eth_skb_pkt_type()"), which is backport of upstream commit
6b3d638ca897.
The fix needed is upstream commit c7f2188d68c1 ("selftests/bpf: Adjust
data size to have ETH_HLEN"), which in turn depends on upstream commit
d5fbcf46ee82 "selftests/bpf: make xdp_cpumap_attach keep redirect prog
attached". Latter is part of "selftests/bpf: add coverage for
xdp_features in test_progs"[1], and I opt to backport the series entirely
since it adds coverage. With these patches the xdp_devmap_attach no
longer fails[2].
BPF selftests failure log below for completeness. See [3] for the
raw log.
Error: #566 xdp_devmap_attach
Error: #566/1 xdp_devmap_attach/DEVMAP with programs in entries
test_xdp_with_devmap_helpers:PASS:ip netns add devmap_attach_ns 0 nsec
test_xdp_with_devmap_helpers:PASS:open_netns 0 nsec
test_xdp_with_devmap_helpers:PASS:ip link set dev lo up 0 nsec
test_xdp_with_devmap_helpers:PASS:test_xdp_with_devmap_helpers__open_and_load 0 nsec
test_xdp_with_devmap_helpers:PASS:Generic attach of program with 8-byte devmap 0 nsec
test_xdp_with_devmap_helpers:PASS:bpf_prog_get_info_by_fd 0 nsec
test_xdp_with_devmap_helpers:PASS:Add program to devmap entry 0 nsec
test_xdp_with_devmap_helpers:PASS:Read devmap entry 0 nsec
test_xdp_with_devmap_helpers:PASS:Match program id to devmap entry prog_id 0 nsec
test_xdp_with_devmap_helpers:FAIL:XDP test run unexpected error: -22 (errno 22)
test_xdp_with_devmap_helpers:PASS:XDP program detach 0 nsec
libbpf: Kernel error message: BPF_XDP_DEVMAP programs can not be attached to a device
test_xdp_with_devmap_helpers:PASS:Attach of BPF_XDP_DEVMAP program 0 nsec
test_xdp_with_devmap_helpers:PASS:Add non-BPF_XDP_DEVMAP program to devmap entry 0 nsec
test_xdp_with_devmap_helpers:PASS:Add BPF_XDP program with frags to devmap entry 0 nsec
Error: #566/4 xdp_devmap_attach/DEVMAP with programs in entries on veth
test_xdp_with_devmap_helpers_veth:PASS:ip netns add devmap_attach_ns 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:open_netns 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:ip link add veth_src type veth peer name veth_dst 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:ip link set dev veth_src up 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:ip link set dev veth_dst up 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:val.ifindex 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:ifindex_dst 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:test_xdp_with_devmap_helpers__open_and_load 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:Attach of program with 8-byte devmap 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:bpf_prog_get_info_by_fd 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:Add program to devmap entry 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:Read devmap entry 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:Match program id to devmap entry prog_id 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:Attach of dummy XDP 0 nsec
test_xdp_with_devmap_helpers_veth:FAIL:XDP test run unexpected error: -22 (errno 22)
test_xdp_with_devmap_helpers_veth:PASS:XDP program detach 0 nsec
test_xdp_with_devmap_helpers_veth:PASS:XDP program detach 0 nsec
1: https://lore.kernel.org/all/20241009-convert_xdp_tests-v3-0-51cea913710c@bo…
2: https://github.com/shunghsiyu/libbpf/actions/runs/14569651139/job/408644287…
3: https://github.com/shunghsiyu/libbpf/actions/runs/14562221313/job/408469275…
Alexis Lothoré (eBPF Foundation) (3):
selftests/bpf: fix bpf_map_redirect call for cpu map test
selftests/bpf: make xdp_cpumap_attach keep redirect prog attached
selftests/bpf: check program redirect in xdp_cpumap_attach
Shigeru Yoshida (1):
selftests/bpf: Adjust data size to have ETH_HLEN
.../bpf/prog_tests/xdp_cpumap_attach.c | 44 +++++++++++++++----
.../bpf/prog_tests/xdp_devmap_attach.c | 8 ++--
.../bpf/progs/test_xdp_with_cpumap_helpers.c | 7 ++-
3 files changed, 46 insertions(+), 13 deletions(-)
--
2.49.0
4 months, 4 weeks
- 2
- 8
FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041737-impart-slacker-8722@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david(a)redhat.com>
Date: Wed, 2 Apr 2025 22:36:21 +0200
Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing
queues
If we finds a vq without a name in our input array in
virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer
to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq.
Consequently, we create only a queue if it actually exists (name != NULL)
and assign an incremental queue index to each such existing queue.
However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we
will not ignore these "non-existing queues", but instead assign an airq
indicator to them.
Besides never releasing them in virtio_ccw_drop_indicators() (because
there is no virtqueue), the bigger issue seems to be that there will be a
disagreement between the device and the Linux guest about the airq
indicator to be used for notifying a queue, because the indicator bit
for adapter I/O interrupt is derived from the queue index.
The virtio spec states under "Setting Up Two-Stage Queue Indicators":
... indicator contains the guest address of an area wherein the
indicators for the devices are contained, starting at bit_nr, one
bit per virtqueue of the device.
And further in "Notification via Adapter I/O Interrupts":
For notifying the driver of virtqueue buffers, the device sets the
bit in the guest-provided indicator area at the corresponding
offset.
For example, QEMU uses in virtio_ccw_notify() the queue index (passed as
"vector") to select the relevant indicator bit. If a queue does not exist,
it does not have a corresponding indicator bit assigned, because it
effectively doesn't have a queue index.
Using a virtio-balloon-ccw device under QEMU with free-page-hinting
disabled ("free-page-hint=off") but free-page-reporting enabled
("free-page-reporting=on") will result in free page reporting
not working as expected: in the virtio_balloon driver, we'll be stuck
forever in virtballoon_free_page_report()->wait_event(), because the
waitqueue will not be woken up as the notification from the device is
lost: it would use the wrong indicator bit.
Free page reporting stops working and we get splats (when configured to
detect hung wqs) like:
INFO: task kworker/1:3:463 blocked for more than 61 seconds.
Not tainted 6.14.0 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 [...]
Workqueue: events page_reporting_process
Call Trace:
[<000002f404e6dfb2>] __schedule+0x402/0x1640
[<000002f404e6f22e>] schedule+0x3e/0xe0
[<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon]
[<000002f40435c8a4>] page_reporting_process+0x2e4/0x740
[<000002f403fd3ee2>] process_one_work+0x1c2/0x400
[<000002f403fd4b96>] worker_thread+0x296/0x420
[<000002f403fe10b4>] kthread+0x124/0x290
[<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60
[<000002f404e77272>] ret_from_fork+0xa/0x38
There was recently a discussion [1] whether the "holes" should be
treated differently again, effectively assigning also non-existing
queues a queue index: that should also fix the issue, but requires other
workarounds to not break existing setups.
Let's fix it without affecting existing setups for now by properly ignoring
the non-existing queues, so the indicator bits will match the queue
indexes.
[1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/
Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL")
Reported-by: Chandra Merla <cmerla(a)redhat.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: David Hildenbrand <david(a)redhat.com>
Tested-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Cornelia Huck <cohuck(a)redhat.com>
Acked-by: Michael S. Tsirkin <mst(a)redhat.com>
Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com>
Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com
Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com>
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 21fa7ac849e5..4904b831c0a7 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index)
static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
u64 *first, void **airq_info)
{
- int i, j;
+ int i, j, queue_idx, highest_queue_idx = -1;
struct airq_info *info;
unsigned long *indicator_addr = NULL;
unsigned long bit, flags;
+ /* Array entries without an actual queue pointer must be ignored. */
+ for (i = 0; i < nvqs; i++) {
+ if (vqs[i])
+ highest_queue_idx++;
+ }
+
for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) {
mutex_lock(&airq_areas_lock);
if (!airq_areas[i])
@@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
if (!info)
return NULL;
write_lock_irqsave(&info->lock, flags);
- bit = airq_iv_alloc(info->aiv, nvqs);
+ bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1);
if (bit == -1UL) {
/* Not enough vacancies. */
write_unlock_irqrestore(&info->lock, flags);
@@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
*first = bit;
*airq_info = info;
indicator_addr = info->aiv->vector;
- for (j = 0; j < nvqs; j++) {
- airq_iv_set_ptr(info->aiv, bit + j,
+ for (j = 0, queue_idx = 0; j < nvqs; j++) {
+ if (!vqs[j])
+ continue;
+ airq_iv_set_ptr(info->aiv, bit + queue_idx++,
(unsigned long)vqs[j]);
}
write_unlock_irqrestore(&info->lock, flags);
4 months, 4 weeks
- 3
- 2
[PATCH stable 6.12 6.14 1/1] selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure
by Shung-Hsi Yu
From: Ihor Solodrai <ihor.solodrai(a)linux.dev>
commit 5071a1e606b30c0c11278d3c6620cd6a24724cf6 upstream.
"sockmap_ktls disconnect_after_delete" test has been failing on BPF CI
after recent merges from netdev:
* https://github.com/kernel-patches/bpf/actions/runs/14458537639
* https://github.com/kernel-patches/bpf/actions/runs/14457178732
It happens because disconnect has been disabled for TLS [1], and it
renders the test case invalid.
Removing all the test code creates a conflict between bpf and
bpf-next, so for now only remove the offending assert [2].
The test will be removed later on bpf-next.
[1] https://lore.kernel.org/netdev/20250404180334.3224206-1-kuba@kernel.org/
[2] https://lore.kernel.org/bpf/cfc371285323e1a3f3b006bfcf74e6cf7ad65258@linux.…
Signed-off-by: Ihor Solodrai <ihor.solodrai(a)linux.dev>
Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org>
Reviewed-by: Jiayuan Chen <jiayuan.chen(a)linux.dev>
Link: https://lore.kernel.org/bpf/20250416170246.2438524-1-ihor.solodrai@linux.dev
[ shung-hsi.yu: needed because upstream commit 5071a1e606b3 ("net: tls:
explicitly disallow disconnect") is backported ]
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com>
---
tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c b/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c
index 2d0796314862..0a99fd404f6d 100644
--- a/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c
+++ b/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c
@@ -68,7 +68,6 @@ static void test_sockmap_ktls_disconnect_after_delete(int family, int map)
goto close_cli;
err = disconnect(cli);
- ASSERT_OK(err, "disconnect");
close_cli:
close(cli);
--
2.49.0
4 months, 4 weeks
- 3
- 5
[PATCH 5.10.y] perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
by kan.liang@linux.intel.com
From: Kan Liang <kan.liang(a)linux.intel.com>
[ Upstream commit 96a720db59ab330c8562b2437153faa45dac705f ]
(The existing patch in queue-5.10 was wrong.
queue-5.10/perf-x86-intel-uncore-fix-the-scale-of-iio-free-running-counters-on-snr.patch
It's supposed to change the array snr_uncore_iio_freerunning_events[]
rather than icx_uncore_iio_freerunning_events[]. Send the patch to
replace the wrong one.
With this fix the https://lore.kernel.org/stable/2025042139-protector-rickety-a72d@gregkh/
can be applied then.)
There was a mistake in the SNR uncore spec. The counter increments for
every 32 bytes of data sent from the IO agent to the SOC, not 4 bytes
which was documented in the spec.
The event list has been updated:
"EventName": "UNC_IIO_BANDWIDTH_IN.PART0_FREERUN",
"BriefDescription": "Free running counter that increments for every 32
bytes of data sent from the IO agent to the SOC",
Update the scale of the IIO bandwidth in free running counters as well.
Fixes: 210cc5f9db7a ("perf/x86/intel/uncore: Add uncore support for Snow Ridge server")
Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Acked-by: Peter Zijlstra <a.p.zijlstra(a)chello.nl>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/r/20250416142426.3933977-1-kan.liang@linux.intel.com
---
arch/x86/events/intel/uncore_snbep.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c
index ad084a5a1463..dd70a6b7879b 100644
--- a/arch/x86/events/intel/uncore_snbep.c
+++ b/arch/x86/events/intel/uncore_snbep.c
@@ -4487,28 +4487,28 @@ static struct uncore_event_desc snr_uncore_iio_freerunning_events[] = {
INTEL_UNCORE_EVENT_DESC(ioclk, "event=0xff,umask=0x10"),
/* Free-Running IIO BANDWIDTH IN Counters */
INTEL_UNCORE_EVENT_DESC(bw_in_port0, "event=0xff,umask=0x20"),
- INTEL_UNCORE_EVENT_DESC(bw_in_port0.scale, "3.814697266e-6"),
+ INTEL_UNCORE_EVENT_DESC(bw_in_port0.scale, "3.0517578125e-5"),
INTEL_UNCORE_EVENT_DESC(bw_in_port0.unit, "MiB"),
INTEL_UNCORE_EVENT_DESC(bw_in_port1, "event=0xff,umask=0x21"),
- INTEL_UNCORE_EVENT_DESC(bw_in_port1.scale, "3.814697266e-6"),
+ INTEL_UNCORE_EVENT_DESC(bw_in_port1.scale, "3.0517578125e-5"),
INTEL_UNCORE_EVENT_DESC(bw_in_port1.unit, "MiB"),
INTEL_UNCORE_EVENT_DESC(bw_in_port2, "event=0xff,umask=0x22"),
- INTEL_UNCORE_EVENT_DESC(bw_in_port2.scale, "3.814697266e-6"),
+ INTEL_UNCORE_EVENT_DESC(bw_in_port2.scale, "3.0517578125e-5"),
INTEL_UNCORE_EVENT_DESC(bw_in_port2.unit, "MiB"),
INTEL_UNCORE_EVENT_DESC(bw_in_port3, "event=0xff,umask=0x23"),
- INTEL_UNCORE_EVENT_DESC(bw_in_port3.scale, "3.814697266e-6"),
+ INTEL_UNCORE_EVENT_DESC(bw_in_port3.scale, "3.0517578125e-5"),
INTEL_UNCORE_EVENT_DESC(bw_in_port3.unit, "MiB"),
INTEL_UNCORE_EVENT_DESC(bw_in_port4, "event=0xff,umask=0x24"),
- INTEL_UNCORE_EVENT_DESC(bw_in_port4.scale, "3.814697266e-6"),
+ INTEL_UNCORE_EVENT_DESC(bw_in_port4.scale, "3.0517578125e-5"),
INTEL_UNCORE_EVENT_DESC(bw_in_port4.unit, "MiB"),
INTEL_UNCORE_EVENT_DESC(bw_in_port5, "event=0xff,umask=0x25"),
- INTEL_UNCORE_EVENT_DESC(bw_in_port5.scale, "3.814697266e-6"),
+ INTEL_UNCORE_EVENT_DESC(bw_in_port5.scale, "3.0517578125e-5"),
INTEL_UNCORE_EVENT_DESC(bw_in_port5.unit, "MiB"),
INTEL_UNCORE_EVENT_DESC(bw_in_port6, "event=0xff,umask=0x26"),
- INTEL_UNCORE_EVENT_DESC(bw_in_port6.scale, "3.814697266e-6"),
+ INTEL_UNCORE_EVENT_DESC(bw_in_port6.scale, "3.0517578125e-5"),
INTEL_UNCORE_EVENT_DESC(bw_in_port6.unit, "MiB"),
INTEL_UNCORE_EVENT_DESC(bw_in_port7, "event=0xff,umask=0x27"),
- INTEL_UNCORE_EVENT_DESC(bw_in_port7.scale, "3.814697266e-6"),
+ INTEL_UNCORE_EVENT_DESC(bw_in_port7.scale, "3.0517578125e-5"),
INTEL_UNCORE_EVENT_DESC(bw_in_port7.unit, "MiB"),
{ /* end: all zeroes */ },
};
--
2.38.1
4 months, 4 weeks
- 2
- 1
[PATCH 6.1.y] of: module: add buffer overflow check in of_modalias()
by Uwe Kleine-König
From: Sergey Shtylyov <s.shtylyov(a)omp.ru>
[ Upstream commit cf7385cb26ac4f0ee6c7385960525ad534323252 ]
In of_modalias(), if the buffer happens to be too small even for the 1st
snprintf() call, the len parameter will become negative and str parameter
(if not NULL initially) will point beyond the buffer's end. Add the buffer
overflow check after the 1st snprintf() call and fix such check after the
strlen() call (accounting for the terminating NUL char).
Fixes: bc575064d688 ("of/device: use of_property_for_each_string to parse compatible strings")
Signed-off-by: Sergey Shtylyov <s.shtylyov(a)omp.ru>
Link: https://lore.kernel.org/r/bbfc6be0-c687-62b6-d015-5141b93f313e@omp.ru
Signed-off-by: Rob Herring <robh(a)kernel.org>
Signed-off-by: Uwe Kleine-König <ukleinek(a)debian.org>
---
Hello,
commit cf7385cb26ac4f0ee6c7385960525ad534323252 was already backported to
stable/linux-6.6.y as commit 0b0d5701a8bf02f8fee037e81aacf6746558bfd6.
In 6.1 the function to fix is in a different file and differently named
since v6.1 lacks commits 5c3d15e127eb ("of: Update
of_device_get_modalias()") and bd7a7ed774af ("of: Move of_modalias() to
module.c")
This is the respective backport to 6.1. Looking into that commit was
triggered by https://bugs.debian.org/1103277 and my backport is
identical to this bug's reporter's. Thanks for considering it for the
next 6.1.y update.
Best regards
Uwe
drivers/of/device.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/of/device.c b/drivers/of/device.c
index ce225d2590b5..91d92bfe5735 100644
--- a/drivers/of/device.c
+++ b/drivers/of/device.c
@@ -264,14 +264,15 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len
csize = snprintf(str, len, "of:N%pOFn%c%s", dev->of_node, 'T',
of_node_get_device_type(dev->of_node));
tsize = csize;
+ if (csize >= len)
+ csize = len > 0 ? len - 1 : 0;
len -= csize;
- if (str)
- str += csize;
+ str += csize;
of_property_for_each_string(dev->of_node, "compatible", p, compat) {
csize = strlen(compat) + 1;
tsize += csize;
- if (csize > len)
+ if (csize >= len)
continue;
csize = snprintf(str, len, "C%s", compat);
base-commit: 535ec20c50273d81b2cc7985fed2108dee0e65d7
--
2.47.2
4 months, 4 weeks
- 2
- 1
FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041733-cosmetics-brigade-9ed7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david(a)redhat.com>
Date: Wed, 2 Apr 2025 22:36:21 +0200
Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing
queues
If we finds a vq without a name in our input array in
virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer
to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq.
Consequently, we create only a queue if it actually exists (name != NULL)
and assign an incremental queue index to each such existing queue.
However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we
will not ignore these "non-existing queues", but instead assign an airq
indicator to them.
Besides never releasing them in virtio_ccw_drop_indicators() (because
there is no virtqueue), the bigger issue seems to be that there will be a
disagreement between the device and the Linux guest about the airq
indicator to be used for notifying a queue, because the indicator bit
for adapter I/O interrupt is derived from the queue index.
The virtio spec states under "Setting Up Two-Stage Queue Indicators":
... indicator contains the guest address of an area wherein the
indicators for the devices are contained, starting at bit_nr, one
bit per virtqueue of the device.
And further in "Notification via Adapter I/O Interrupts":
For notifying the driver of virtqueue buffers, the device sets the
bit in the guest-provided indicator area at the corresponding
offset.
For example, QEMU uses in virtio_ccw_notify() the queue index (passed as
"vector") to select the relevant indicator bit. If a queue does not exist,
it does not have a corresponding indicator bit assigned, because it
effectively doesn't have a queue index.
Using a virtio-balloon-ccw device under QEMU with free-page-hinting
disabled ("free-page-hint=off") but free-page-reporting enabled
("free-page-reporting=on") will result in free page reporting
not working as expected: in the virtio_balloon driver, we'll be stuck
forever in virtballoon_free_page_report()->wait_event(), because the
waitqueue will not be woken up as the notification from the device is
lost: it would use the wrong indicator bit.
Free page reporting stops working and we get splats (when configured to
detect hung wqs) like:
INFO: task kworker/1:3:463 blocked for more than 61 seconds.
Not tainted 6.14.0 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 [...]
Workqueue: events page_reporting_process
Call Trace:
[<000002f404e6dfb2>] __schedule+0x402/0x1640
[<000002f404e6f22e>] schedule+0x3e/0xe0
[<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon]
[<000002f40435c8a4>] page_reporting_process+0x2e4/0x740
[<000002f403fd3ee2>] process_one_work+0x1c2/0x400
[<000002f403fd4b96>] worker_thread+0x296/0x420
[<000002f403fe10b4>] kthread+0x124/0x290
[<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60
[<000002f404e77272>] ret_from_fork+0xa/0x38
There was recently a discussion [1] whether the "holes" should be
treated differently again, effectively assigning also non-existing
queues a queue index: that should also fix the issue, but requires other
workarounds to not break existing setups.
Let's fix it without affecting existing setups for now by properly ignoring
the non-existing queues, so the indicator bits will match the queue
indexes.
[1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/
Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL")
Reported-by: Chandra Merla <cmerla(a)redhat.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: David Hildenbrand <david(a)redhat.com>
Tested-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Cornelia Huck <cohuck(a)redhat.com>
Acked-by: Michael S. Tsirkin <mst(a)redhat.com>
Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com>
Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com
Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com>
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 21fa7ac849e5..4904b831c0a7 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index)
static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
u64 *first, void **airq_info)
{
- int i, j;
+ int i, j, queue_idx, highest_queue_idx = -1;
struct airq_info *info;
unsigned long *indicator_addr = NULL;
unsigned long bit, flags;
+ /* Array entries without an actual queue pointer must be ignored. */
+ for (i = 0; i < nvqs; i++) {
+ if (vqs[i])
+ highest_queue_idx++;
+ }
+
for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) {
mutex_lock(&airq_areas_lock);
if (!airq_areas[i])
@@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
if (!info)
return NULL;
write_lock_irqsave(&info->lock, flags);
- bit = airq_iv_alloc(info->aiv, nvqs);
+ bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1);
if (bit == -1UL) {
/* Not enough vacancies. */
write_unlock_irqrestore(&info->lock, flags);
@@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
*first = bit;
*airq_info = info;
indicator_addr = info->aiv->vector;
- for (j = 0; j < nvqs; j++) {
- airq_iv_set_ptr(info->aiv, bit + j,
+ for (j = 0, queue_idx = 0; j < nvqs; j++) {
+ if (!vqs[j])
+ continue;
+ airq_iv_set_ptr(info->aiv, bit + queue_idx++,
(unsigned long)vqs[j]);
}
write_unlock_irqrestore(&info->lock, flags);
4 months, 4 weeks
- 3
- 2
FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041734-deport-antennae-d763@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david(a)redhat.com>
Date: Wed, 2 Apr 2025 22:36:21 +0200
Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing
queues
If we finds a vq without a name in our input array in
virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer
to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq.
Consequently, we create only a queue if it actually exists (name != NULL)
and assign an incremental queue index to each such existing queue.
However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we
will not ignore these "non-existing queues", but instead assign an airq
indicator to them.
Besides never releasing them in virtio_ccw_drop_indicators() (because
there is no virtqueue), the bigger issue seems to be that there will be a
disagreement between the device and the Linux guest about the airq
indicator to be used for notifying a queue, because the indicator bit
for adapter I/O interrupt is derived from the queue index.
The virtio spec states under "Setting Up Two-Stage Queue Indicators":
... indicator contains the guest address of an area wherein the
indicators for the devices are contained, starting at bit_nr, one
bit per virtqueue of the device.
And further in "Notification via Adapter I/O Interrupts":
For notifying the driver of virtqueue buffers, the device sets the
bit in the guest-provided indicator area at the corresponding
offset.
For example, QEMU uses in virtio_ccw_notify() the queue index (passed as
"vector") to select the relevant indicator bit. If a queue does not exist,
it does not have a corresponding indicator bit assigned, because it
effectively doesn't have a queue index.
Using a virtio-balloon-ccw device under QEMU with free-page-hinting
disabled ("free-page-hint=off") but free-page-reporting enabled
("free-page-reporting=on") will result in free page reporting
not working as expected: in the virtio_balloon driver, we'll be stuck
forever in virtballoon_free_page_report()->wait_event(), because the
waitqueue will not be woken up as the notification from the device is
lost: it would use the wrong indicator bit.
Free page reporting stops working and we get splats (when configured to
detect hung wqs) like:
INFO: task kworker/1:3:463 blocked for more than 61 seconds.
Not tainted 6.14.0 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 [...]
Workqueue: events page_reporting_process
Call Trace:
[<000002f404e6dfb2>] __schedule+0x402/0x1640
[<000002f404e6f22e>] schedule+0x3e/0xe0
[<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon]
[<000002f40435c8a4>] page_reporting_process+0x2e4/0x740
[<000002f403fd3ee2>] process_one_work+0x1c2/0x400
[<000002f403fd4b96>] worker_thread+0x296/0x420
[<000002f403fe10b4>] kthread+0x124/0x290
[<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60
[<000002f404e77272>] ret_from_fork+0xa/0x38
There was recently a discussion [1] whether the "holes" should be
treated differently again, effectively assigning also non-existing
queues a queue index: that should also fix the issue, but requires other
workarounds to not break existing setups.
Let's fix it without affecting existing setups for now by properly ignoring
the non-existing queues, so the indicator bits will match the queue
indexes.
[1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/
Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL")
Reported-by: Chandra Merla <cmerla(a)redhat.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: David Hildenbrand <david(a)redhat.com>
Tested-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Cornelia Huck <cohuck(a)redhat.com>
Acked-by: Michael S. Tsirkin <mst(a)redhat.com>
Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com>
Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com
Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com>
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 21fa7ac849e5..4904b831c0a7 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index)
static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
u64 *first, void **airq_info)
{
- int i, j;
+ int i, j, queue_idx, highest_queue_idx = -1;
struct airq_info *info;
unsigned long *indicator_addr = NULL;
unsigned long bit, flags;
+ /* Array entries without an actual queue pointer must be ignored. */
+ for (i = 0; i < nvqs; i++) {
+ if (vqs[i])
+ highest_queue_idx++;
+ }
+
for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) {
mutex_lock(&airq_areas_lock);
if (!airq_areas[i])
@@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
if (!info)
return NULL;
write_lock_irqsave(&info->lock, flags);
- bit = airq_iv_alloc(info->aiv, nvqs);
+ bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1);
if (bit == -1UL) {
/* Not enough vacancies. */
write_unlock_irqrestore(&info->lock, flags);
@@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
*first = bit;
*airq_info = info;
indicator_addr = info->aiv->vector;
- for (j = 0; j < nvqs; j++) {
- airq_iv_set_ptr(info->aiv, bit + j,
+ for (j = 0, queue_idx = 0; j < nvqs; j++) {
+ if (!vqs[j])
+ continue;
+ airq_iv_set_ptr(info->aiv, bit + queue_idx++,
(unsigned long)vqs[j]);
}
write_unlock_irqrestore(&info->lock, flags);
4 months, 4 weeks
- 3
- 2
FAILED: patch "[PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 2ccd42b959aaf490333dbd3b9b102eaf295c036a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025041731-release-charity-8e70@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2ccd42b959aaf490333dbd3b9b102eaf295c036a Mon Sep 17 00:00:00 2001
From: David Hildenbrand <david(a)redhat.com>
Date: Wed, 2 Apr 2025 22:36:21 +0200
Subject: [PATCH] s390/virtio_ccw: Don't allocate/assign airqs for non-existing
queues
If we finds a vq without a name in our input array in
virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer
to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq.
Consequently, we create only a queue if it actually exists (name != NULL)
and assign an incremental queue index to each such existing queue.
However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we
will not ignore these "non-existing queues", but instead assign an airq
indicator to them.
Besides never releasing them in virtio_ccw_drop_indicators() (because
there is no virtqueue), the bigger issue seems to be that there will be a
disagreement between the device and the Linux guest about the airq
indicator to be used for notifying a queue, because the indicator bit
for adapter I/O interrupt is derived from the queue index.
The virtio spec states under "Setting Up Two-Stage Queue Indicators":
... indicator contains the guest address of an area wherein the
indicators for the devices are contained, starting at bit_nr, one
bit per virtqueue of the device.
And further in "Notification via Adapter I/O Interrupts":
For notifying the driver of virtqueue buffers, the device sets the
bit in the guest-provided indicator area at the corresponding
offset.
For example, QEMU uses in virtio_ccw_notify() the queue index (passed as
"vector") to select the relevant indicator bit. If a queue does not exist,
it does not have a corresponding indicator bit assigned, because it
effectively doesn't have a queue index.
Using a virtio-balloon-ccw device under QEMU with free-page-hinting
disabled ("free-page-hint=off") but free-page-reporting enabled
("free-page-reporting=on") will result in free page reporting
not working as expected: in the virtio_balloon driver, we'll be stuck
forever in virtballoon_free_page_report()->wait_event(), because the
waitqueue will not be woken up as the notification from the device is
lost: it would use the wrong indicator bit.
Free page reporting stops working and we get splats (when configured to
detect hung wqs) like:
INFO: task kworker/1:3:463 blocked for more than 61 seconds.
Not tainted 6.14.0 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 [...]
Workqueue: events page_reporting_process
Call Trace:
[<000002f404e6dfb2>] __schedule+0x402/0x1640
[<000002f404e6f22e>] schedule+0x3e/0xe0
[<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon]
[<000002f40435c8a4>] page_reporting_process+0x2e4/0x740
[<000002f403fd3ee2>] process_one_work+0x1c2/0x400
[<000002f403fd4b96>] worker_thread+0x296/0x420
[<000002f403fe10b4>] kthread+0x124/0x290
[<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60
[<000002f404e77272>] ret_from_fork+0xa/0x38
There was recently a discussion [1] whether the "holes" should be
treated differently again, effectively assigning also non-existing
queues a queue index: that should also fix the issue, but requires other
workarounds to not break existing setups.
Let's fix it without affecting existing setups for now by properly ignoring
the non-existing queues, so the indicator bits will match the queue
indexes.
[1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/
Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL")
Reported-by: Chandra Merla <cmerla(a)redhat.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: David Hildenbrand <david(a)redhat.com>
Tested-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Thomas Huth <thuth(a)redhat.com>
Reviewed-by: Cornelia Huck <cohuck(a)redhat.com>
Acked-by: Michael S. Tsirkin <mst(a)redhat.com>
Acked-by: Christian Borntraeger <borntraeger(a)linux.ibm.com>
Link: https://lore.kernel.org/r/20250402203621.940090-1-david@redhat.com
Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com>
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 21fa7ac849e5..4904b831c0a7 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index)
static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
u64 *first, void **airq_info)
{
- int i, j;
+ int i, j, queue_idx, highest_queue_idx = -1;
struct airq_info *info;
unsigned long *indicator_addr = NULL;
unsigned long bit, flags;
+ /* Array entries without an actual queue pointer must be ignored. */
+ for (i = 0; i < nvqs; i++) {
+ if (vqs[i])
+ highest_queue_idx++;
+ }
+
for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) {
mutex_lock(&airq_areas_lock);
if (!airq_areas[i])
@@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
if (!info)
return NULL;
write_lock_irqsave(&info->lock, flags);
- bit = airq_iv_alloc(info->aiv, nvqs);
+ bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1);
if (bit == -1UL) {
/* Not enough vacancies. */
write_unlock_irqrestore(&info->lock, flags);
@@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
*first = bit;
*airq_info = info;
indicator_addr = info->aiv->vector;
- for (j = 0; j < nvqs; j++) {
- airq_iv_set_ptr(info->aiv, bit + j,
+ for (j = 0, queue_idx = 0; j < nvqs; j++) {
+ if (!vqs[j])
+ continue;
+ airq_iv_set_ptr(info->aiv, bit + queue_idx++,
(unsigned long)vqs[j]);
}
write_unlock_irqrestore(&info->lock, flags);
4 months, 4 weeks
- 3
- 2
[tip: irq/urgent] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
by tip-bot2 for Suzuki K Poulose
The following commit has been merged into the irq/urgent branch of tip:
Commit-ID: 3318dc299b072a0511d6dfd8367f3304fb6d9827
Gitweb: https://git.kernel.org/tip/3318dc299b072a0511d6dfd8367f3304fb6d9827
Author: Suzuki K Poulose <suzuki.poulose(a)arm.com>
AuthorDate: Tue, 22 Apr 2025 17:16:16 +01:00
Committer: Ingo Molnar <mingo(a)kernel.org>
CommitterDate: Sat, 26 Apr 2025 10:17:24 +02:00
irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
With ACPI in place, gicv2m_get_fwnode() is registered with the pci
subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime
during a PCI host bridge probe. But, the call back is wrongly marked as
__init, causing it to be freed, while being registered with the PCI
subsystem and could trigger:
Unable to handle kernel paging request at virtual address ffff8000816c0400
gicv2m_get_fwnode+0x0/0x58 (P)
pci_set_bus_msi_domain+0x74/0x88
pci_register_host_bridge+0x194/0x548
This is easily reproducible on a Juno board with ACPI boot.
Retain the function for later use.
Fixes: 0644b3daca28 ("irqchip/gic-v2m: acpi: Introducing GICv2m ACPI support")
Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Reviewed-by: Marc Zyngier <maz(a)kernel.org>
Cc: stable(a)vger.kernel.org
---
drivers/irqchip/irq-gic-v2m.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c
index c698948..dc98c39 100644
--- a/drivers/irqchip/irq-gic-v2m.c
+++ b/drivers/irqchip/irq-gic-v2m.c
@@ -421,7 +421,7 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle,
#ifdef CONFIG_ACPI
static int acpi_num_msi;
-static __init struct fwnode_handle *gicv2m_get_fwnode(struct device *dev)
+static struct fwnode_handle *gicv2m_get_fwnode(struct device *dev)
{
struct v2m_data *data;
4 months, 4 weeks
- 1
- 0
Re: G R A N T
by U N
Dear,
Send your Ref: FSG2025 / Name / Phone Number / Country to Mr. Andrej
Mahecic on un.grant(a)socialworker.net, +1 888 673 0430 for your £100,000.00
payment.
Sincerely
Mr. C. Gunness
On behalf of the UN.
4 months, 4 weeks
- 1
- 0
[PATCH] Revert "rndis_host: Flag RNDIS modems as WWAN devices"
by Christian Heusel
This reverts commit 67d1a8956d2d62fe6b4c13ebabb57806098511d8. Since this
commit has been proven to be problematic for the setup of USB-tethered
ethernet connections and the related breakage is very noticeable for
users it should be reverted until a fixed version of the change can be
rolled out.
Closes: https://lore.kernel.org/all/e0df2d85-1296-4317-b717-bd757e3ab928@heusel.eu/
Link: https://chaos.social/@gromit/114377862699921553
Link: https://bugzilla.kernel.org/show_bug.cgi?id=220002
Link: https://bugs.gentoo.org/953555
Link: https://bbs.archlinux.org/viewtopic.php?id=304892
Cc: stable(a)vger.kernel.org
Acked-by: Lubomir Rintel <lkundrak(a)v3.sk>
Signed-off-by: Christian Heusel <christian(a)heusel.eu>
---
drivers/net/usb/rndis_host.c | 16 ++--------------
1 file changed, 2 insertions(+), 14 deletions(-)
diff --git a/drivers/net/usb/rndis_host.c b/drivers/net/usb/rndis_host.c
index bb0bf1415872745aea177ce0ba7d6eb578cb4a47..7b3739b29c8f72b7b108c5f4ae11fdfcf243237d 100644
--- a/drivers/net/usb/rndis_host.c
+++ b/drivers/net/usb/rndis_host.c
@@ -630,16 +630,6 @@ static const struct driver_info zte_rndis_info = {
.tx_fixup = rndis_tx_fixup,
};
-static const struct driver_info wwan_rndis_info = {
- .description = "Mobile Broadband RNDIS device",
- .flags = FLAG_WWAN | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
- .bind = rndis_bind,
- .unbind = rndis_unbind,
- .status = rndis_status,
- .rx_fixup = rndis_rx_fixup,
- .tx_fixup = rndis_tx_fixup,
-};
-
/*-------------------------------------------------------------------------*/
static const struct usb_device_id products [] = {
@@ -676,11 +666,9 @@ static const struct usb_device_id products [] = {
USB_INTERFACE_INFO(USB_CLASS_WIRELESS_CONTROLLER, 1, 3),
.driver_info = (unsigned long) &rndis_info,
}, {
- /* Mobile Broadband Modem, seen in Novatel Verizon USB730L and
- * Telit FN990A (RNDIS)
- */
+ /* Novatel Verizon USB730L */
USB_INTERFACE_INFO(USB_CLASS_MISC, 4, 1),
- .driver_info = (unsigned long)&wwan_rndis_info,
+ .driver_info = (unsigned long) &rndis_info,
},
{ }, // END
};
---
base-commit: 9c32cda43eb78f78c73aee4aa344b777714e259b
change-id: 20250424-usb-tethering-fix-398688b32dad
Best regards,
--
Christian Heusel <christian(a)heusel.eu>
4 months, 4 weeks
- 4
- 3
+ mm-vmalloc-support-more-granular-vrealloc-sizing.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm: vmalloc: support more granular vrealloc() sizing
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-vmalloc-support-more-granular-vrealloc-sizing.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Kees Cook <kees(a)kernel.org>
Subject: mm: vmalloc: support more granular vrealloc() sizing
Date: Fri, 25 Apr 2025 17:11:07 -0700
Introduce struct vm_struct::requested_size so that the requested
(re)allocation size is retained separately from the allocated area size.
This means that KASAN will correctly poison the correct spans of requested
bytes. This also means we can support growing the usable portion of an
allocation that can already be supported by the existing area's existing
allocation.
Link: https://lkml.kernel.org/r/20250426001105.it.679-kees@kernel.org
Fixes: 3ddc2fefe6f3 ("mm: vmalloc: implement vrealloc()")
Signed-off-by: Kees Cook <kees(a)kernel.org>
Reported-by: Erhard Furtner <erhard_f(a)mailbox.org>
Closes: https://lore.kernel.org/all/20250408192503.6149a816@outsider.home/
Cc: Danilo Krummrich <dakr(a)kernel.org>
Cc: Michal Hocko <mhocko(a)suse.com>
Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/vmalloc.h | 1 +
mm/vmalloc.c | 31 ++++++++++++++++++++++++-------
2 files changed, 25 insertions(+), 7 deletions(-)
--- a/include/linux/vmalloc.h~mm-vmalloc-support-more-granular-vrealloc-sizing
+++ a/include/linux/vmalloc.h
@@ -61,6 +61,7 @@ struct vm_struct {
unsigned int nr_pages;
phys_addr_t phys_addr;
const void *caller;
+ unsigned long requested_size;
};
struct vmap_area {
--- a/mm/vmalloc.c~mm-vmalloc-support-more-granular-vrealloc-sizing
+++ a/mm/vmalloc.c
@@ -1940,7 +1940,7 @@ static inline void setup_vmalloc_vm(stru
{
vm->flags = flags;
vm->addr = (void *)va->va_start;
- vm->size = va_size(va);
+ vm->size = vm->requested_size = va_size(va);
vm->caller = caller;
va->vm = vm;
}
@@ -3133,6 +3133,7 @@ struct vm_struct *__get_vm_area_node(uns
area->flags = flags;
area->caller = caller;
+ area->requested_size = requested_size;
va = alloc_vmap_area(size, align, start, end, node, gfp_mask, 0, area);
if (IS_ERR(va)) {
@@ -4063,6 +4064,8 @@ EXPORT_SYMBOL(vzalloc_node_noprof);
*/
void *vrealloc_noprof(const void *p, size_t size, gfp_t flags)
{
+ struct vm_struct *vm = NULL;
+ size_t alloced_size = 0;
size_t old_size = 0;
void *n;
@@ -4072,15 +4075,17 @@ void *vrealloc_noprof(const void *p, siz
}
if (p) {
- struct vm_struct *vm;
-
vm = find_vm_area(p);
if (unlikely(!vm)) {
WARN(1, "Trying to vrealloc() nonexistent vm area (%p)\n", p);
return NULL;
}
- old_size = get_vm_area_size(vm);
+ alloced_size = get_vm_area_size(vm);
+ old_size = vm->requested_size;
+ if (WARN(alloced_size < old_size,
+ "vrealloc() has mismatched area vs requested sizes (%p)\n", p))
+ return NULL;
}
/*
@@ -4088,14 +4093,26 @@ void *vrealloc_noprof(const void *p, siz
* would be a good heuristic for when to shrink the vm_area?
*/
if (size <= old_size) {
- /* Zero out spare memory. */
- if (want_init_on_alloc(flags))
+ /* Zero out "freed" memory. */
+ if (want_init_on_free())
memset((void *)p + size, 0, old_size - size);
+ vm->requested_size = size;
kasan_poison_vmalloc(p + size, old_size - size);
- kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL);
return (void *)p;
}
+ /*
+ * We already have the bytes available in the allocation; use them.
+ */
+ if (size <= alloced_size) {
+ kasan_unpoison_vmalloc(p + old_size, size - old_size,
+ KASAN_VMALLOC_PROT_NORMAL);
+ /* Zero out "alloced" memory. */
+ if (want_init_on_alloc(flags))
+ memset((void *)p + old_size, 0, size - old_size);
+ vm->requested_size = size;
+ }
+
/* TODO: Grow the vm_area, i.e. allocate and map additional pages. */
n = __vmalloc_noprof(size, flags);
if (!n)
_
Patches currently in -mm which might be from kees(a)kernel.org are
mm-vmalloc-support-more-granular-vrealloc-sizing.patch
4 months, 4 weeks
- 1
- 0
[PATCH v2] usb: dwc3: Abort suspend on soft disconnect failure
by Kuen-Han Tsai
When dwc3_gadget_soft_disconnect() fails, dwc3_suspend_common() keeps
going with the suspend, resulting in a period where the power domain is
off, but the gadget driver remains connected. Within this time frame,
invoking vbus_event_work() will cause an error as it attempts to access
DWC3 registers for endpoint disabling after the power domain has been
completely shut down.
Abort the suspend sequence when dwc3_gadget_suspend() cannot halt the
controller and proceeds with a soft connect.
Fixes: c8540870af4c ("usb: dwc3: gadget: Improve dwc3_gadget_suspend()
and dwc3_gadget_resume()")
CC: stable(a)vger.kernel.org
Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com>
---
Kernel panic - not syncing: Asynchronous SError Interrupt
Workqueue: events vbus_event_work
Call trace:
dump_backtrace+0xf4/0x118
show_stack+0x18/0x24
dump_stack_lvl+0x60/0x7c
dump_stack+0x18/0x3c
panic+0x16c/0x390
nmi_panic+0xa4/0xa8
arm64_serror_panic+0x6c/0x94
do_serror+0xc4/0xd0
el1h_64_error_handler+0x34/0x48
el1h_64_error+0x68/0x6c
readl+0x4c/0x8c
__dwc3_gadget_ep_disable+0x48/0x230
dwc3_gadget_ep_disable+0x50/0xc0
usb_ep_disable+0x44/0xe4
ffs_func_eps_disable+0x64/0xc8
ffs_func_set_alt+0x74/0x368
ffs_func_disable+0x18/0x28
composite_disconnect+0x90/0xec
configfs_composite_disconnect+0x64/0x88
usb_gadget_disconnect_locked+0xc0/0x168
vbus_event_work+0x3c/0x58
process_one_work+0x1e4/0x43c
worker_thread+0x25c/0x430
kthread+0x104/0x1d4
ret_from_fork+0x10/0x20
---
Changelog:
v2:
- move declarations in separate lines
- add the Fixes tag
drivers/usb/dwc3/core.c | 9 +++++++--
drivers/usb/dwc3/gadget.c | 22 +++++++++-------------
2 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index 66a08b527165..1cf1996ae1fb 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -2388,6 +2388,7 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg)
{
u32 reg;
int i;
+ int ret;
if (!pm_runtime_suspended(dwc->dev) && !PMSG_IS_AUTO(msg)) {
dwc->susphy_state = (dwc3_readl(dwc->regs, DWC3_GUSB2PHYCFG(0)) &
@@ -2406,7 +2407,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg)
case DWC3_GCTL_PRTCAP_DEVICE:
if (pm_runtime_suspended(dwc->dev))
break;
- dwc3_gadget_suspend(dwc);
+ ret = dwc3_gadget_suspend(dwc);
+ if (ret)
+ return ret
synchronize_irq(dwc->irq_gadget);
dwc3_core_exit(dwc);
break;
@@ -2441,7 +2444,9 @@ static int dwc3_suspend_common(struct dwc3 *dwc, pm_message_t msg)
break;
if (dwc->current_otg_role == DWC3_OTG_ROLE_DEVICE) {
- dwc3_gadget_suspend(dwc);
+ ret = dwc3_gadget_suspend(dwc);
+ if (ret)
+ return ret;
synchronize_irq(dwc->irq_gadget);
}
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 89a4dc8ebf94..316c1589618e 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -4776,26 +4776,22 @@ int dwc3_gadget_suspend(struct dwc3 *dwc)
int ret;
ret = dwc3_gadget_soft_disconnect(dwc);
- if (ret)
- goto err;
-
- spin_lock_irqsave(&dwc->lock, flags);
- if (dwc->gadget_driver)
- dwc3_disconnect_gadget(dwc);
- spin_unlock_irqrestore(&dwc->lock, flags);
-
- return 0;
-
-err:
/*
* Attempt to reset the controller's state. Likely no
* communication can be established until the host
* performs a port reset.
*/
- if (dwc->softconnect)
+ if (ret && dwc->softconnect) {
dwc3_gadget_soft_connect(dwc);
+ return ret;
+ }
- return ret;
+ spin_lock_irqsave(&dwc->lock, flags);
+ if (dwc->gadget_driver)
+ dwc3_disconnect_gadget(dwc);
+ spin_unlock_irqrestore(&dwc->lock, flags);
+
+ return 0;
}
int dwc3_gadget_resume(struct dwc3 *dwc)
--
2.49.0.395.g12beb8f557-goog
4 months, 4 weeks
- 3
- 4
+ tools-testing-selftests-fix-guard-region-test-tmpfs-assumption.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: tools/testing/selftests: fix guard region test tmpfs assumption
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
tools-testing-selftests-fix-guard-region-test-tmpfs-assumption.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Subject: tools/testing/selftests: fix guard region test tmpfs assumption
Date: Fri, 25 Apr 2025 17:24:36 +0100
The current implementation of the guard region tests assume that /tmp is
mounted as tmpfs, that is shmem.
This isn't always the case, and at least one instance of a spurious test
failure has been reported as a result.
This assumption is unsafe, rushed and silly - and easily remedied by
simply using memfd, so do so.
We also have to fixup the readonly_file test to explicitly only be
applicable to file-backed cases.
Link: https://lkml.kernel.org/r/20250425162436.564002-1-lorenzo.stoakes@oracle.com
Fixes: 272f37d3e99a ("tools/selftests: expand all guard region tests to file-backed")
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Reported-by: Ryan Roberts <ryan.roberts(a)arm.com>
Closes: https://lore.kernel.org/linux-mm/a2d2766b-0ab4-437b-951a-8595a7506fe9@arm.c…
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
tools/testing/selftests/mm/guard-regions.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- a/tools/testing/selftests/mm/guard-regions.c~tools-testing-selftests-fix-guard-region-test-tmpfs-assumption
+++ a/tools/testing/selftests/mm/guard-regions.c
@@ -271,12 +271,16 @@ FIXTURE_SETUP(guard_regions)
self->page_size = (unsigned long)sysconf(_SC_PAGESIZE);
setup_sighandler();
- if (variant->backing == ANON_BACKED)
+ switch (variant->backing) {
+ case ANON_BACKED:
return;
-
- self->fd = open_file(
- variant->backing == SHMEM_BACKED ? "/tmp/" : "",
- self->path);
+ case LOCAL_FILE_BACKED:
+ self->fd = open_file("", self->path);
+ break;
+ case SHMEM_BACKED:
+ self->fd = memfd_create(self->path, 0);
+ break;
+ }
/* We truncate file to at least 100 pages, tests can modify as needed. */
ASSERT_EQ(ftruncate(self->fd, 100 * self->page_size), 0);
@@ -1696,7 +1700,7 @@ TEST_F(guard_regions, readonly_file)
char *ptr;
int i;
- if (variant->backing == ANON_BACKED)
+ if (variant->backing != LOCAL_FILE_BACKED)
SKIP(return, "Read-only test specific to file-backed");
/* Map shared so we can populate with pattern, populate it, unmap. */
_
Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are
maintainers-add-reverse-mapping-section.patch
maintainers-add-core-mm-section.patch
maintainers-add-mm-thp-section.patch
maintainers-add-mm-thp-section-fix.patch
tools-testing-selftests-fix-guard-region-test-tmpfs-assumption.patch
mm-vma-fix-incorrectly-disallowed-anonymous-vma-merges.patch
tools-testing-add-procmap_query-helper-functions-in-mm-self-tests.patch
tools-testing-selftests-assert-that-anon-merge-cases-behave-as-expected.patch
mm-move-mmap-vma-locking-logic-into-specific-files.patch
4 months, 4 weeks
- 1
- 0
[PATCH v3] KVM: SVM: forcibly leave SMM mode on vCPU reset
by Mikhail Lobanov
Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode
on vCPU reset") addressed an issue where a triple fault occurring in
nested mode could lead to use-after-free scenarios. However, the commit
did not handle the analogous situation for System Management Mode (SMM).
This omission results in triggering a WARN when a vCPU reset occurs
while still in SMM mode, due to the check in kvm_vcpu_reset(). This
situation was reprodused using Syzkaller by:
1) Creating a KVM VM and vCPU
2) Sending a KVM_SMI ioctl to explicitly enter SMM
3) Executing invalid instructions causing consecutive exceptions and
eventually a triple fault
The issue manifests as follows:
WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112
kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112
Modules linked in:
CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted
6.1.130-syzkaller-00157-g164fe5dde9b6 #0
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112
Call Trace:
<TASK>
shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136
svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395
svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457
vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline]
vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062
kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283
kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Architecturally, hardware CPUs exit SMM upon receiving a triple
fault as part of a hardware reset. To reflect this behavior and
avoid triggering the WARN, this patch explicitly calls
kvm_smm_changed(vcpu, false) in the SVM-specific shutdown_interception()
handler prior to resetting the vCPU.
The initial version of this patch attempted to address the issue by calling
kvm_smm_changed() inside kvm_vcpu_reset(). However, this approach was not
architecturally accurate, as INIT is blocked during SMM and SMM should not
be exited implicitly during a generic vCPU reset. This version moves the
fix into shutdown_interception() for SVM, where the triple fault is
actually handled, and where exiting SMM explicitly is appropriate.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset")
Cc: stable(a)vger.kernel.org
Suggested-by: Sean Christopherson <seanjc(a)google.com>
Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru>
---
v2: Move SMM exit from kvm_vcpu_reset() to SVM's shutdown_interception(),
per suggestion from Sean Christopherson <seanjc(a)google.com>.
v3: -Export kvm_smm_changed() using EXPORT_SYMBOL_GPL.
-Wrap the call to kvm_smm_changed() in svm.c with #ifdef CONFIG_KVM_SMM
to avoid build errors when SMM support is disabled.
arch/x86/kvm/smm.c | 1 +
arch/x86/kvm/svm/svm.c | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/arch/x86/kvm/smm.c b/arch/x86/kvm/smm.c
index 699e551ec93b..9864c057187d 100644
--- a/arch/x86/kvm/smm.c
+++ b/arch/x86/kvm/smm.c
@@ -131,6 +131,7 @@ void kvm_smm_changed(struct kvm_vcpu *vcpu, bool entering_smm)
kvm_mmu_reset_context(vcpu);
}
+EXPORT_SYMBOL_GPL(kvm_smm_changed);
void process_smi(struct kvm_vcpu *vcpu)
{
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index d5d0c5c3300b..c5470d842aed 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2231,6 +2231,10 @@ static int shutdown_interception(struct kvm_vcpu *vcpu)
*/
if (!sev_es_guest(vcpu->kvm)) {
clear_page(svm->vmcb);
+#ifdef CONFIG_KVM_SMM
+ if (is_smm(vcpu))
+ kvm_smm_changed(vcpu, false);
+#endif
kvm_vcpu_reset(vcpu, true);
}
--
2.47.2
4 months, 4 weeks
- 2
- 1
[PATCH] arm64: dts: ti: k3-j784s4-j742s2-main-common: fix length of serdes_ln_ctrl
by Siddharth Vadapalli
Commit under Fixes corrected the "mux-reg-masks" property but did not
update the "length" field of the "reg" property to account for the newly
added register offsets which extend the region. Fix this.
Fixes: 38e7f9092efb ("arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks")
Cc: stable(a)vger.kernel.org
Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com>
---
Hello,
This patch is based on commit
bc3372351d0c Merge tag 'for-6.15-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
of Mainline Linux.
Regards,
Siddharth.
arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi b/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi
index 1944616ab357..1fc0a11c5ab4 100644
--- a/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi
+++ b/arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi
@@ -77,7 +77,7 @@ pcie1_ctrl: pcie1-ctrl@4074 {
serdes_ln_ctrl: mux-controller@4080 {
compatible = "reg-mux";
- reg = <0x00004080 0x30>;
+ reg = <0x00004080 0x50>;
#mux-control-cells = <1>;
mux-reg-masks = <0x0 0x3>, <0x4 0x3>, /* SERDES0 lane0/1 select */
<0x8 0x3>, <0xc 0x3>, /* SERDES0 lane2/3 select */
--
2.34.1
4 months, 4 weeks
- 3
- 2
[PATCH 1/2] mm/userfaultfd: Fix uninitialized output field for -EAGAIN race
by Peter Xu
While discussing some userfaultfd relevant issues recently, Andrea noticed
a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s.
Quote from Andrea, explaining how -EAGAIN was processed, and how this
should fix it (taking example of UFFDIO_COPY ioctl):
The "mmap_changing" and "stale pmd" conditions are already reported as
-EAGAIN written in the copy field, this does not change it. This change
removes the subnormal case that left copy.copy uninitialized and required
apps to explicitly set the copy field to get deterministic
behavior (which is a requirement contrary to the documentation in both
the manpage and source code). In turn there's no alteration to backwards
compatibility as result of this change because userland will find the
copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN
and sometime uninitialized.
Even then the change only can make a difference to non cooperative users
of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not
true for the vast majority of apps using userfaultfd or this unintended
uninitialized field may have been noticed sooner.
Meanwhile, since this bug existed for years, it also almost affects all
ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also
get affected in the same way:
- UFFDIO_CONTINUE
- UFFDIO_POISON
- UFFDIO_MOVE
This patch should have fixed all of them.
Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races")
Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl")
Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl")
Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI")
Cc: linux-stable <stable(a)vger.kernel.org>
Cc: Mike Rapoport <rppt(a)kernel.org>
Cc: Axel Rasmussen <axelrasmussen(a)google.com>
Cc: Suren Baghdasaryan <surenb(a)google.com>
Reported-by: Andrea Arcangeli <aarcange(a)redhat.com>
Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com>
Signed-off-by: Peter Xu <peterx(a)redhat.com>
---
fs/userfaultfd.c | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index d80f94346199..22f4bf956ba1 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx,
user_uffdio_copy = (struct uffdio_copy __user *) arg;
ret = -EAGAIN;
- if (atomic_read(&ctx->mmap_changing))
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_copy->copy)))
+ return -EFAULT;
goto out;
+ }
ret = -EFAULT;
if (copy_from_user(&uffdio_copy, user_uffdio_copy,
@@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct userfaultfd_ctx *ctx,
user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg;
ret = -EAGAIN;
- if (atomic_read(&ctx->mmap_changing))
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage)))
+ return -EFAULT;
goto out;
+ }
ret = -EFAULT;
if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage,
@@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct userfaultfd_ctx *ctx, unsigned long arg)
user_uffdio_continue = (struct uffdio_continue __user *)arg;
ret = -EAGAIN;
- if (atomic_read(&ctx->mmap_changing))
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_continue->mapped)))
+ return -EFAULT;
goto out;
+ }
ret = -EFAULT;
if (copy_from_user(&uffdio_continue, user_uffdio_continue,
@@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(struct userfaultfd_ctx *ctx, unsigned long
user_uffdio_poison = (struct uffdio_poison __user *)arg;
ret = -EAGAIN;
- if (atomic_read(&ctx->mmap_changing))
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_poison->updated)))
+ return -EFAULT;
goto out;
+ }
ret = -EFAULT;
if (copy_from_user(&uffdio_poison, user_uffdio_poison,
@@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userfaultfd_ctx *ctx,
user_uffdio_move = (struct uffdio_move __user *) arg;
- if (atomic_read(&ctx->mmap_changing))
- return -EAGAIN;
+ ret = -EAGAIN;
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_move->move)))
+ return -EFAULT;
+ goto out;
+ }
if (copy_from_user(&uffdio_move, user_uffdio_move,
/* don't copy "move" last field */
--
2.48.1
4 months, 4 weeks
- 3
- 3
Potential Linux Crash: possible deadlock in udf_page_mkwrite in linux6.12.24(longterm maintenance)
by Jianzhou Zhao
Hello, I found a potential bug titled " possible deadlock in udf_page_mkwrite " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025).
Unfortunately, I am unable to reproduce this bug.
If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <luckd0g(a)163.com>, xingwei lee <xrivendell7(a)gmail.com>,Penglei Jiang <superman.xpt(a)gmail.com>
The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e
kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132
compiler: gcc version 11.4.0
------------[ cut here ]-----------------------------------------
TITLE: possible deadlock in udf_page_mkwrite
------------[ cut here ]------------
======================================================
WARNING: possible circular locking dependency detected
6.12.24 #3 Not tainted
------------------------------------------------------
syz.6.870/18445 is trying to acquire lock:
ffff888053607700 (mapping.invalidate_lock#4){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:870 [inline]
ffff888053607700 (mapping.invalidate_lock#4){++++}-{3:3}, at: udf_page_mkwrite+0x2af/0xa20 fs/udf/file.c:50
but task is already holding lock:
ffff888044124518 (sb_pagefaults#2){.+.+}-{0:0}, at: do_page_mkwrite+0x17d/0x390 mm/memory.c:3161
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #9 (sb_pagefaults#2){.+.+}-{0:0}:
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1716 [inline]
sb_start_pagefault include/linux/fs.h:1881 [inline]
udf_page_mkwrite+0x18b/0xa20 fs/udf/file.c:48
do_page_mkwrite+0x17d/0x390 mm/memory.c:3161
wp_page_shared mm/memory.c:3562 [inline]
do_wp_page+0x1291/0x4860 mm/memory.c:3712
handle_pte_fault mm/memory.c:5786 [inline]
__handle_mm_fault+0x150c/0x2a20 mm/memory.c:5913
handle_mm_fault+0x404/0xab0 mm/memory.c:6081
do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
-> #8 (&vma->vm_lock->lock){++++}-{3:3}:
down_write+0x92/0x200 kernel/locking/rwsem.c:1577
vma_start_write include/linux/mm.h:757 [inline]
vma_link+0x268/0x490 mm/vma.c:1604
insert_vm_struct+0x197/0x3f0 mm/mmap.c:2011
__bprm_mm_init fs/exec.c:289 [inline]
bprm_mm_init fs/exec.c:393 [inline]
alloc_bprm+0x6d1/0xd30 fs/exec.c:1578
kernel_execve+0xb0/0x3d0 fs/exec.c:2010
try_to_run_init_process init/main.c:1397 [inline]
kernel_init+0x154/0x2d0 init/main.c:1525
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #7 (&mm->mmap_lock){++++}-{3:3}:
__might_fault mm/memory.c:6719 [inline]
__might_fault+0x118/0x190 mm/memory.c:6713
_inline_copy_from_user include/linux/uaccess.h:162 [inline]
_copy_from_user+0x2b/0xd0 lib/usercopy.c:18
copy_from_user include/linux/uaccess.h:212 [inline]
__blk_trace_setup+0x96/0x180 kernel/trace/blktrace.c:626
blk_trace_setup+0x47/0x70 kernel/trace/blktrace.c:648
sg_ioctl_common drivers/scsi/sg.c:1114 [inline]
sg_ioctl+0x65e/0x2720 drivers/scsi/sg.c:1156
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #6 (&q->debugfs_mutex){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x147/0x930 kernel/locking/mutex.c:752
blk_mq_init_sched+0x436/0x650 block/blk-mq-sched.c:473
elevator_init_mq+0x2cc/0x420 block/elevator.c:610
device_add_disk+0x10e/0x12f0 block/genhd.c:411
sd_probe+0xa0e/0xf80 drivers/scsi/sd.c:4024
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x24f/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1df/0x450 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830
__device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958
bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459
__device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987
async_run_entry_fn+0x9c/0x530 kernel/async.c:129
process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232
process_scheduled_works kernel/workqueue.c:3314 [inline]
worker_thread+0x677/0xe90 kernel/workqueue.c:3395
kthread+0x2c7/0x3b0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #5 (&q->q_usage_counter(queue)#51){++++}-{0:0}:
blk_queue_enter+0x4d0/0x600 block/blk-core.c:328
blk_mq_alloc_request+0x422/0x9c0 block/blk-mq.c:680
scsi_alloc_request drivers/scsi/scsi_lib.c:1227 [inline]
scsi_execute_cmd+0x1fe/0xf20 drivers/scsi/scsi_lib.c:304
read_capacity_16+0x1f2/0xe60 drivers/scsi/sd.c:2655
sd_read_capacity drivers/scsi/sd.c:2824 [inline]
sd_revalidate_disk.isra.0+0x1989/0xa440 drivers/scsi/sd.c:3734
sd_probe+0x887/0xf80 drivers/scsi/sd.c:4010
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x24f/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1df/0x450 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:830
__device_attach_driver+0x1db/0x2f0 drivers/base/dd.c:958
bus_for_each_drv+0x149/0x1d0 drivers/base/bus.c:459
__device_attach_async_helper+0x1d1/0x290 drivers/base/dd.c:987
async_run_entry_fn+0x9c/0x530 kernel/async.c:129
process_one_work+0xa02/0x1bf0 kernel/workqueue.c:3232
process_scheduled_works kernel/workqueue.c:3314 [inline]
worker_thread+0x677/0xe90 kernel/workqueue.c:3395
kthread+0x2c7/0x3b0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #4 (&q->limits_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x147/0x930 kernel/locking/mutex.c:752
queue_limits_start_update include/linux/blkdev.h:935 [inline]
loop_reconfigure_limits+0x1f2/0x960 drivers/block/loop.c:1004
loop_set_block_size drivers/block/loop.c:1474 [inline]
lo_simple_ioctl drivers/block/loop.c:1497 [inline]
lo_ioctl+0xb92/0x1870 drivers/block/loop.c:1560
blkdev_ioctl+0x27b/0x6c0 block/ioctl.c:693
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x19d/0x210 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #3 (&q->q_usage_counter(io)#19){++++}-{0:0}:
bio_queue_enter block/blk.h:76 [inline]
blk_mq_submit_bio+0x2167/0x2b70 block/blk-mq.c:3090
__submit_bio+0x399/0x630 block/blk-core.c:629
__submit_bio_noacct_mq block/blk-core.c:716 [inline]
submit_bio_noacct_nocheck+0x6c3/0xd00 block/blk-core.c:745
submit_bio_noacct+0x57a/0x1fa0 block/blk-core.c:868
submit_bh fs/buffer.c:2824 [inline]
__bread_slow fs/buffer.c:1270 [inline]
__bread_gfp+0x189/0x340 fs/buffer.c:1494
sb_bread include/linux/buffer_head.h:346 [inline]
read_block_bitmap fs/udf/balloc.c:43 [inline]
load_block_bitmap+0x1ff/0x570 fs/udf/balloc.c:99
udf_bitmap_free_blocks fs/udf/balloc.c:150 [inline]
udf_free_blocks+0x57c/0x10a0 fs/udf/balloc.c:674
udf_evict_inode+0x34c/0x590 fs/udf/inode.c:163
evict+0x3ef/0x940 fs/inode.c:725
iput_final fs/inode.c:1877 [inline]
iput fs/inode.c:1903 [inline]
iput+0x511/0x7f0 fs/inode.c:1889
do_unlinkat+0x58f/0x710 fs/namei.c:4540
__do_sys_unlink fs/namei.c:4581 [inline]
__se_sys_unlink fs/namei.c:4579 [inline]
__x64_sys_unlink+0xc7/0x110 fs/namei.c:4579
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #2 (&sbi->s_alloc_mutex){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x147/0x930 kernel/locking/mutex.c:752
udf_bitmap_new_block fs/udf/balloc.c:236 [inline]
udf_new_block+0x7e2/0x1750 fs/udf/balloc.c:721
inode_getblk+0xe88/0x3bb0 fs/udf/inode.c:895
udf_map_block+0x2e3/0x5a0 fs/udf/inode.c:447
__udf_get_block+0x9c/0x340 fs/udf/inode.c:461
__block_write_begin_int+0x4e5/0x1670 fs/buffer.c:2121
block_write_begin+0x9a/0x1d0 fs/buffer.c:2231
udf_write_begin+0x1bc/0x280 fs/udf/inode.c:256
generic_perform_write+0x2bd/0x900 mm/filemap.c:4065
__generic_file_write_iter+0x1f6/0x240 mm/filemap.c:4166
udf_file_write_iter+0x233/0x740 fs/udf/file.c:111
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0xbfc/0x10d0 fs/read_write.c:683
ksys_write+0x122/0x250 fs/read_write.c:736
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&ei->i_data_sem#2){++++}-{3:3}:
down_write+0x92/0x200 kernel/locking/rwsem.c:1577
udf_expand_file_adinicb+0x174/0x970 fs/udf/inode.c:363
udf_setsize+0x4b2/0x10f0 fs/udf/inode.c:1289
udf_setattr+0x523/0x6c0 fs/udf/file.c:236
notify_change+0x6d3/0x1280 fs/attr.c:503
do_truncate+0x143/0x200 fs/open.c:65
vfs_truncate+0x3e3/0x4c0 fs/open.c:111
do_sys_truncate.part.0+0xf7/0x140 fs/open.c:134
do_sys_truncate fs/open.c:128 [inline]
__do_sys_truncate fs/open.c:146 [inline]
__se_sys_truncate fs/open.c:144 [inline]
__x64_sys_truncate+0x6d/0xa0 fs/open.c:144
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (mapping.invalidate_lock#4){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202
lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825
down_read+0x9a/0x330 kernel/locking/rwsem.c:1524
filemap_invalidate_lock_shared include/linux/fs.h:870 [inline]
udf_page_mkwrite+0x2af/0xa20 fs/udf/file.c:50
do_page_mkwrite+0x17d/0x390 mm/memory.c:3161
wp_page_shared mm/memory.c:3562 [inline]
do_wp_page+0x1291/0x4860 mm/memory.c:3712
handle_pte_fault mm/memory.c:5786 [inline]
__handle_mm_fault+0x150c/0x2a20 mm/memory.c:5913
handle_mm_fault+0x404/0xab0 mm/memory.c:6081
do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
other info that might help us debug this:
Chain exists of:
mapping.invalidate_lock#4 --> &vma->vm_lock->lock --> sb_pagefaults#2
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
rlock(sb_pagefaults#2);
lock(&vma->vm_lock->lock);
lock(sb_pagefaults#2);
rlock(mapping.invalidate_lock#4);
*** DEADLOCK ***
2 locks held by syz.6.870/18445:
#0: ffff888050dbed18 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:704 [inline]
#0: ffff888050dbed18 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x141/0x9a0 mm/memory.c:6247
#1: ffff888044124518 (sb_pagefaults#2){.+.+}-{0:0}, at: do_page_mkwrite+0x17d/0x390 mm/memory.c:3161
stack backtrace:
CPU: 0 UID: 0 PID: 18445 Comm: syz.6.870 Not tainted 6.12.24 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120
print_circular_bug+0x406/0x5c0 kernel/locking/lockdep.c:2074
check_noncircular+0x2f7/0x3e0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x2425/0x3b90 kernel/locking/lockdep.c:5202
lock_acquire.part.0+0x11b/0x370 kernel/locking/lockdep.c:5825
down_read+0x9a/0x330 kernel/locking/rwsem.c:1524
filemap_invalidate_lock_shared include/linux/fs.h:870 [inline]
udf_page_mkwrite+0x2af/0xa20 fs/udf/file.c:50
do_page_mkwrite+0x17d/0x390 mm/memory.c:3161
wp_page_shared mm/memory.c:3562 [inline]
do_wp_page+0x1291/0x4860 mm/memory.c:3712
handle_pte_fault mm/memory.c:5786 [inline]
__handle_mm_fault+0x150c/0x2a20 mm/memory.c:5913
handle_mm_fault+0x404/0xab0 mm/memory.c:6081
do_user_addr_fault+0x61b/0x13a0 arch/x86/mm/fault.c:1338
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x98/0x180 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fc9b0c4f002
Code: f0 48 8b 54 24 f0 8b 8a 80 00 00 00 8b 82 04 01 00 00 21 c8 83 c1 01 c1 e0 04 48 8b b4 02 40 01 00 00 48 8b 84 02 48 01 00 00 <89> 8a 80 00 00 00 48 81 fe 45 23 01 00 74 09 48 81 fe 56 34 02 00
RSP: 002b:00007fc9b1c9af88 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00007fc9b0fe6080 RCX: 0000000000000001
RDX: 0000200000ff9000 RSI: 0000000000000000 RDI: 0000200000ff9000
RBP: 00007fc9b0e46d56 R08: 0000000000000000 R09: 0000000000000000
R10: 0000200000ff9000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc9b0fe6080 R15: 00007fc9b1c7b000
</TASK>
==================================================================
I hope it helps.
Best regards
Jianzhou Zhao
4 months, 4 weeks
- 1
- 0
[PATCH] usb: uhci-platform: Make the clock really optional
by Alexey Charkov
Device tree bindings state that the clock is optional for UHCI platform
controllers, and some existing device trees don't provide those - such
as those for VIA/WonderMedia devices.
The driver however fails to probe now if no clock is provided, because
devm_clk_get returns an error pointer in such case.
Switch to devm_clk_get_optional instead, so that it could probe again
on those platforms where no clocks are given.
Cc: stable(a)vger.kernel.org
Fixes: 26c502701c52 ("usb: uhci: Add clk support to uhci-platform")
Signed-off-by: Alexey Charkov <alchark(a)gmail.com>
---
drivers/usb/host/uhci-platform.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/uhci-platform.c b/drivers/usb/host/uhci-platform.c
index a7c934404ebc7ed74f64265fafa7830809979ba5..62318291f5664c9ec94f24535c71d962e28354f3 100644
--- a/drivers/usb/host/uhci-platform.c
+++ b/drivers/usb/host/uhci-platform.c
@@ -121,7 +121,7 @@ static int uhci_hcd_platform_probe(struct platform_device *pdev)
}
/* Get and enable clock if any specified */
- uhci->clk = devm_clk_get(&pdev->dev, NULL);
+ uhci->clk = devm_clk_get_optional(&pdev->dev, NULL);
if (IS_ERR(uhci->clk)) {
ret = PTR_ERR(uhci->clk);
goto err_rmr;
---
base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8
change-id: 20250425-uhci-clock-optional-9a9d09560e17
Best regards,
--
Alexey Charkov <alchark(a)gmail.com>
5 months
- 2
- 2
[PATCH RESEND v3 0/3] Add ti,suppress-v1p8-ena
by Judith Mendez
Resend patch series to fix cc list
There are MMC boot failures seen with V1P8_SIGNAL_ENA on Kingston eMMC
and Microcenter/Patriot SD cards on Sitara K3 boards due to the HS200
initialization sequence involving V1P8_SIGNAL_ENA. Since V1P8_SIGNAL_ENA
is optional for eMMC, do not set V1P8_SIGNAL_ENA by default for eMMC.
For SD cards we shall parse DT for ti,suppress-v1p8-ena property to
determine whether to suppress V1P8_SIGNAL_ENA. Add new ti,suppress-v1p8-ena
to am62x, am62ax, and am62px SoC dtsi files since there is no internal LDO
tied to sdhci1 interface so V1P8_SIGNAL_ENA only affects timing.
This fix was previously merged in the kernel, but was reverted due
to the "heuristics for enabling the quirk"[0]. This issue is adressed
in this patch series by adding optional ti,suppress-v1p8-ena DT property
which determines whether to apply the quirk for SD.
Changes since v2:
- Include patch 3/3
- Reword cover letter
- Reword binding patch description
- Add fixes/cc tags to driver patch
- Reorder patches according to binding patch first
- Resend to fix cc list in original v3 series
Link to v2:
https://lore.kernel.org/linux-mmc/20250417182652.3521104-1-jm@ti.com/
Link to v1:
https://lore.kernel.org/linux-mmc/20250407222702.2199047-1-jm@ti.com/
[0] https://lore.kernel.org/linux-mmc/20250127-am654-mmc-regression-v2-1-9bb39f…
Judith Mendez (3):
dt-bindings: mmc: sdhci-am654: Add ti,suppress-v1p8-ena
mmc: sdhci_am654: Add sdhci_am654_start_signal_voltage_switch
arm64: dts: ti: k3-am62*: add ti,suppress-v1p8-ena
.../devicetree/bindings/mmc/sdhci-am654.yaml | 5 +++
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 +
arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 +
.../dts/ti/k3-am62p-j722s-common-main.dtsi | 1 +
drivers/mmc/host/sdhci_am654.c | 32 +++++++++++++++++++
5 files changed, 40 insertions(+)
base-commit: 1be38f81251f6d276713c259ecf4414f82f22c29
--
2.49.0
5 months
- 4
- 8
[PATCH v2 1/4] firmware: arm_scmi: Ensure that the message-id supports fastchannel
by Cristian Marussi
From: Sibi Sankar <quic_sibis(a)quicinc.com>
Currently the perf and powercap protocol relies on the protocol domain
attributes, which just ensures that one fastchannel per domain, before
instantiating fastchannels for all possible message-ids. Fix this by
ensuring that each message-id supports fastchannel before initialization.
Logs:
scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:0] - ret:-95. Using regular messaging.
scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:1] - ret:-95. Using regular messaging.
scmi: Failed to get FC for protocol 13 [MSG_ID:6 / RES_ID:2] - ret:-95. Using regular messaging.
CC: stable(a)vger.kernel.org
Reported-by: Johan Hovold <johan+linaro(a)kernel.org>
Closes: https://lore.kernel.org/lkml/ZoQjAWse2YxwyRJv@hovoldconsulting.com/
Fixes: 6f9ea4dabd2d ("firmware: arm_scmi: Generalize the fast channel support")
Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org>
Tested-by: Johan Hovold <johan+linaro(a)kernel.org>
Signed-off-by: Sibi Sankar <quic_sibis(a)quicinc.com>
[Cristian: Modified the condition checked to establish support or not]
Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com>
---
RFC -> V1
- picked up a few tags
Since PROTOCOL_MESSAGE_ATTRIBUTES, used to check if message_id is supported,
is a mandatory command, it cannot fail so we must bail-out NOT only if FC was
not supported for that command but also if the query fails as a whole; so the
condition checked for bailing out is modified to:
if (ret || !MSG_SUPPORTS_FASTCHANNEL(attributes)) {
---
drivers/firmware/arm_scmi/driver.c | 76 +++++++++++++++------------
drivers/firmware/arm_scmi/protocols.h | 2 +
2 files changed, 45 insertions(+), 33 deletions(-)
diff --git a/drivers/firmware/arm_scmi/driver.c b/drivers/firmware/arm_scmi/driver.c
index 1cf18cc8e63f..0e281fca0a38 100644
--- a/drivers/firmware/arm_scmi/driver.c
+++ b/drivers/firmware/arm_scmi/driver.c
@@ -1738,6 +1738,39 @@ static int scmi_common_get_max_msg_size(const struct scmi_protocol_handle *ph)
return info->desc->max_msg_size;
}
+/**
+ * scmi_protocol_msg_check - Check protocol message attributes
+ *
+ * @ph: A reference to the protocol handle.
+ * @message_id: The ID of the message to check.
+ * @attributes: A parameter to optionally return the retrieved message
+ * attributes, in case of Success.
+ *
+ * An helper to check protocol message attributes for a specific protocol
+ * and message pair.
+ *
+ * Return: 0 on SUCCESS
+ */
+static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph,
+ u32 message_id, u32 *attributes)
+{
+ int ret;
+ struct scmi_xfer *t;
+
+ ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES,
+ sizeof(__le32), 0, &t);
+ if (ret)
+ return ret;
+
+ put_unaligned_le32(message_id, t->tx.buf);
+ ret = do_xfer(ph, t);
+ if (!ret && attributes)
+ *attributes = get_unaligned_le32(t->rx.buf);
+ xfer_put(ph, t);
+
+ return ret;
+}
+
/**
* struct scmi_iterator - Iterator descriptor
* @msg: A reference to the message TX buffer; filled by @prepare_message with
@@ -1879,6 +1912,7 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph,
int ret;
u32 flags;
u64 phys_addr;
+ u32 attributes;
u8 size;
void __iomem *addr;
struct scmi_xfer *t;
@@ -1887,6 +1921,15 @@ scmi_common_fastchannel_init(const struct scmi_protocol_handle *ph,
struct scmi_msg_resp_desc_fc *resp;
const struct scmi_protocol_instance *pi = ph_to_pi(ph);
+ /* Check if the MSG_ID supports fastchannel */
+ ret = scmi_protocol_msg_check(ph, message_id, &attributes);
+ if (ret || !MSG_SUPPORTS_FASTCHANNEL(attributes)) {
+ dev_dbg(ph->dev,
+ "Skip FC init for 0x%02X/%d domain:%d - ret:%d\n",
+ pi->proto->id, message_id, domain, ret);
+ return;
+ }
+
if (!p_addr) {
ret = -EINVAL;
goto err_out;
@@ -2004,39 +2047,6 @@ static void scmi_common_fastchannel_db_ring(struct scmi_fc_db_info *db)
SCMI_PROTO_FC_RING_DB(64);
}
-/**
- * scmi_protocol_msg_check - Check protocol message attributes
- *
- * @ph: A reference to the protocol handle.
- * @message_id: The ID of the message to check.
- * @attributes: A parameter to optionally return the retrieved message
- * attributes, in case of Success.
- *
- * An helper to check protocol message attributes for a specific protocol
- * and message pair.
- *
- * Return: 0 on SUCCESS
- */
-static int scmi_protocol_msg_check(const struct scmi_protocol_handle *ph,
- u32 message_id, u32 *attributes)
-{
- int ret;
- struct scmi_xfer *t;
-
- ret = xfer_get_init(ph, PROTOCOL_MESSAGE_ATTRIBUTES,
- sizeof(__le32), 0, &t);
- if (ret)
- return ret;
-
- put_unaligned_le32(message_id, t->tx.buf);
- ret = do_xfer(ph, t);
- if (!ret && attributes)
- *attributes = get_unaligned_le32(t->rx.buf);
- xfer_put(ph, t);
-
- return ret;
-}
-
static const struct scmi_proto_helpers_ops helpers_ops = {
.extended_name_get = scmi_common_extended_name_get,
.get_max_msg_size = scmi_common_get_max_msg_size,
diff --git a/drivers/firmware/arm_scmi/protocols.h b/drivers/firmware/arm_scmi/protocols.h
index aaee57cdcd55..d62c4469d1fd 100644
--- a/drivers/firmware/arm_scmi/protocols.h
+++ b/drivers/firmware/arm_scmi/protocols.h
@@ -31,6 +31,8 @@
#define SCMI_PROTOCOL_VENDOR_BASE 0x80
+#define MSG_SUPPORTS_FASTCHANNEL(x) ((x) & BIT(0))
+
enum scmi_common_cmd {
PROTOCOL_VERSION = 0x0,
PROTOCOL_ATTRIBUTES = 0x1,
--
2.47.0
5 months
- 1
- 0
[PATCH] ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS()
by Claudiu
From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
In the latest kernel versions system crashes were noticed occasionally
during suspend/resume. This occurs because the RZ SSI suspend trigger
(called from snd_soc_suspend()) is executed after rz_ssi_pm_ops->suspend()
and it accesses IP registers. After the rz_ssi_pm_ops->suspend() is
executed the IP clocks are disabled and its reset line is asserted.
Since snd_soc_suspend() is invoked through snd_soc_pm_ops->suspend(),
snd_soc_pm_ops is associated with soc_driver (defined in
sound/soc/soc-core.c), and there is no parent-child relationship between
soc_driver and rz_ssi_driver the power management subsystem does not
enforce a specific suspend/resume order between the RZ SSI platform driver
and soc_driver.
To ensure that the suspend/resume function of rz-ssi is executed after
snd_soc_suspend(), use NOIRQ_SYSTEM_SLEEP_PM_OPS().
Fixes: 1fc778f7c833 ("ASoC: renesas: rz-ssi: Add suspend to RAM support")
Cc: stable(a)vger.kernel.org
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
---
sound/soc/renesas/rz-ssi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/renesas/rz-ssi.c b/sound/soc/renesas/rz-ssi.c
index 3a0af4ca7ab6..0f7458a43901 100644
--- a/sound/soc/renesas/rz-ssi.c
+++ b/sound/soc/renesas/rz-ssi.c
@@ -1244,7 +1244,7 @@ static int rz_ssi_runtime_resume(struct device *dev)
static const struct dev_pm_ops rz_ssi_pm_ops = {
RUNTIME_PM_OPS(rz_ssi_runtime_suspend, rz_ssi_runtime_resume, NULL)
- SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend, pm_runtime_force_resume)
+ NOIRQ_SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend, pm_runtime_force_resume)
};
static struct platform_driver rz_ssi_driver = {
--
2.43.0
5 months
- 2
- 1
[PATCH] ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
by Martin Blumenstingl
Commit c141ecc3cecd ("of: Warn when of_property_read_bool() is used on
non-boolean properties") added a warning when trying to parse a property
with a value (boolean properties are defined as: absent = false, present
without any value = true). This causes a warning from meson-card-utils.
meson-card-utils needs to know about the existence of the
"audio-routing" and/or "audio-widgets" properties in order to properly
parse them. Switch to of_property_present() in order to silence the
following warning messages during boot:
OF: /sound: Read of boolean property 'audio-routing' with a value.
OF: /sound: Read of boolean property 'audio-widgets' with a value.
Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support")
Tested-by: Christian Hewitt <christianshewitt(a)gmail.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>
---
sound/soc/meson/meson-card-utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sound/soc/meson/meson-card-utils.c b/sound/soc/meson/meson-card-utils.c
index cfc7f6e41ab5..68531183fb60 100644
--- a/sound/soc/meson/meson-card-utils.c
+++ b/sound/soc/meson/meson-card-utils.c
@@ -231,7 +231,7 @@ static int meson_card_parse_of_optional(struct snd_soc_card *card,
const char *p))
{
/* If property is not provided, don't fail ... */
- if (!of_property_read_bool(card->dev->of_node, propname))
+ if (!of_property_present(card->dev->of_node, propname))
return 0;
/* ... but do fail if it is provided and the parsing fails */
--
2.49.0
5 months
- 2
- 1
[PATCH RESEND] usb: renesas_usbhs: Add error handling for usbhsf_fifo_select()
by Wentao Liang
In usbhsf_dcp_data_stage_prepare_pop(), the return value of
usbhsf_fifo_select() needs to be checked. A proper implementation
can be found in usbhsf_dma_try_pop_with_rx_irq().
Add an error check and jump to PIO pop when FIFO selection fails.
Fixes: 9e74d601de8a ("usb: gadget: renesas_usbhs: add data/status stage handler")
Cc: stable(a)vger.kernel.org # v3.2+
Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn>
---
drivers/usb/renesas_usbhs/fifo.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c
index 10607e273879..6cc07ab4782d 100644
--- a/drivers/usb/renesas_usbhs/fifo.c
+++ b/drivers/usb/renesas_usbhs/fifo.c
@@ -466,6 +466,7 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt,
struct usbhs_pipe *pipe = pkt->pipe;
struct usbhs_priv *priv = usbhs_pipe_to_priv(pipe);
struct usbhs_fifo *fifo = usbhsf_get_cfifo(priv);
+ int ret;
if (usbhs_pipe_is_busy(pipe))
return 0;
@@ -480,10 +481,14 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt,
usbhs_pipe_sequence_data1(pipe); /* DATA1 */
- usbhsf_fifo_select(pipe, fifo, 0);
+ ret = usbhsf_fifo_select(pipe, fifo, 0);
+ if (ret < 0)
+ goto usbhsf_pio_prepare_pop;
+
usbhsf_fifo_clear(pipe, fifo);
usbhsf_fifo_unselect(pipe, fifo);
+usbhsf_pio_prepare_pop:
/*
* change handler to PIO pop
*/
--
2.42.0.windows.2
5 months
- 2
- 1
[PATCH v2 1/2] platform/x86: int3472: add hpd pin support
by Dongcheng Yan
Typically HDMI to MIPI CSI-2 bridges have a pin to signal image data is
being received. On the host side this is wired to a GPIO for polling or
interrupts. This includes the Lontium HDMI to MIPI CSI-2 bridges
lt6911uxe and lt6911uxc.
The GPIO "hpd" is used already by other HDMI to CSI-2 bridges, use it
here as well.
Signed-off-by: Dongcheng Yan <dongcheng.yan(a)intel.com>
---
drivers/platform/x86/intel/int3472/common.h | 1 +
drivers/platform/x86/intel/int3472/discrete.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/drivers/platform/x86/intel/int3472/common.h b/drivers/platform/x86/intel/int3472/common.h
index 145dec66df64..db4cd3720e24 100644
--- a/drivers/platform/x86/intel/int3472/common.h
+++ b/drivers/platform/x86/intel/int3472/common.h
@@ -22,6 +22,7 @@
#define INT3472_GPIO_TYPE_POWER_ENABLE 0x0b
#define INT3472_GPIO_TYPE_CLK_ENABLE 0x0c
#define INT3472_GPIO_TYPE_PRIVACY_LED 0x0d
+#define INT3472_GPIO_TYPE_HOTPLUG_DETECT 0x13
#define INT3472_PDEV_MAX_NAME_LEN 23
#define INT3472_MAX_SENSOR_GPIOS 3
diff --git a/drivers/platform/x86/intel/int3472/discrete.c b/drivers/platform/x86/intel/int3472/discrete.c
index 30ff8f3ea1f5..26215d1b63a2 100644
--- a/drivers/platform/x86/intel/int3472/discrete.c
+++ b/drivers/platform/x86/intel/int3472/discrete.c
@@ -186,6 +186,10 @@ static void int3472_get_con_id_and_polarity(struct acpi_device *adev, u8 *type,
*con_id = "privacy-led";
*gpio_flags = GPIO_ACTIVE_HIGH;
break;
+ case INT3472_GPIO_TYPE_HOTPLUG_DETECT:
+ *con_id = "hpd";
+ *gpio_flags = GPIO_ACTIVE_HIGH;
+ break;
case INT3472_GPIO_TYPE_POWER_ENABLE:
*con_id = "power-enable";
*gpio_flags = GPIO_ACTIVE_HIGH;
@@ -212,6 +216,7 @@ static void int3472_get_con_id_and_polarity(struct acpi_device *adev, u8 *type,
* 0x0b Power enable
* 0x0c Clock enable
* 0x0d Privacy LED
+ * 0x13 Hotplug detect
*
* There are some known platform specific quirks where that does not quite
* hold up; for example where a pin with type 0x01 (Power down) is mapped to
@@ -281,6 +286,7 @@ static int skl_int3472_handle_gpio_resources(struct acpi_resource *ares,
switch (type) {
case INT3472_GPIO_TYPE_RESET:
case INT3472_GPIO_TYPE_POWERDOWN:
+ case INT3472_GPIO_TYPE_HOTPLUG_DETECT:
ret = skl_int3472_map_gpio_to_sensor(int3472, agpio, con_id, gpio_flags);
if (ret)
err_msg = "Failed to map GPIO pin to sensor\n";
base-commit: 01c6df60d5d4ae00cd5c1648818744838bba7763
--
2.34.1
5 months
- 4
- 4
Linux 6.14.4
by Greg Kroah-Hartman
I'm announcing the release of the 6.14.4 kernel.
All users of the 6.14 kernel series must upgrade.
The updated 6.14.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/arch/arm64/booting.rst | 22 +
Documentation/devicetree/bindings/soc/fsl/fsl,ls1028a-reset.yaml | 2
Documentation/netlink/specs/ovs_vport.yaml | 4
Documentation/netlink/specs/rt_link.yaml | 20 -
Documentation/netlink/specs/rt_neigh.yaml | 14
Documentation/wmi/devices/msi-wmi-platform.rst | 4
Makefile | 3
arch/arm64/include/asm/el2_setup.h | 25 +
arch/arm64/tools/sysreg | 103 ++++++
arch/mips/dec/prom/init.c | 2
arch/mips/include/asm/ds1287.h | 2
arch/mips/kernel/cevt-ds1287.c | 1
arch/riscv/include/asm/kgdb.h | 9
arch/riscv/include/asm/syscall.h | 7
arch/riscv/kernel/kgdb.c | 6
arch/riscv/kernel/module-sections.c | 13
arch/riscv/kernel/module.c | 11
arch/riscv/kernel/setup.c | 36 ++
arch/x86/boot/compressed/mem.c | 5
arch/x86/boot/compressed/sev.c | 67 ----
arch/x86/boot/compressed/sev.h | 2
arch/x86/events/intel/ds.c | 8
arch/x86/events/intel/uncore_snbep.c | 107 ------
arch/x86/kernel/cpu/amd.c | 19 -
arch/x86/kernel/cpu/microcode/amd.c | 9
arch/x86/xen/multicalls.c | 26 -
arch/x86/xen/smp_pv.c | 1
arch/x86/xen/xen-ops.h | 3
block/bio-integrity.c | 17 -
block/blk-sysfs.c | 2
drivers/accel/ivpu/ivpu_drv.c | 4
drivers/accel/ivpu/ivpu_fw.c | 3
drivers/accel/ivpu/ivpu_hw.h | 11
drivers/accel/ivpu/ivpu_hw_btrs.c | 126 +++-----
drivers/accel/ivpu/ivpu_hw_btrs.h | 6
drivers/ata/libata-sata.c | 15
drivers/block/loop.c | 121 +------
drivers/bluetooth/btqca.c | 2
drivers/bluetooth/btrtl.c | 2
drivers/bluetooth/hci_vhci.c | 10
drivers/cpufreq/cpufreq.c | 8
drivers/crypto/caam/qi.c | 6
drivers/crypto/tegra/tegra-se-aes.c | 5
drivers/dma-buf/sw_sync.c | 19 -
drivers/firmware/cirrus/test/cs_dsp_mock_mem_maps.c | 30 -
drivers/firmware/cirrus/test/cs_dsp_test_bin.c | 2
drivers/firmware/cirrus/test/cs_dsp_test_bin_error.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 34 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4
drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4
drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 21 -
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 64 +++-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 6
drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 28 +
drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 15
drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6
drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 7
drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 55 +++
drivers/gpu/drm/ast/ast_dp.c | 6
drivers/gpu/drm/i915/display/intel_bw.c | 14
drivers/gpu/drm/i915/display/intel_display.c | 4
drivers/gpu/drm/i915/display/intel_display_device.h | 1
drivers/gpu/drm/i915/display/intel_dp.c | 56 ++-
drivers/gpu/drm/i915/display/intel_vblank.c | 4
drivers/gpu/drm/i915/gvt/opregion.c | 7
drivers/gpu/drm/i915/i915_drv.h | 1
drivers/gpu/drm/i915/soc/intel_dram.c | 4
drivers/gpu/drm/imagination/pvr_fw.c | 27 +
drivers/gpu/drm/imagination/pvr_job.c | 7
drivers/gpu/drm/imagination/pvr_queue.c | 4
drivers/gpu/drm/mgag200/mgag200_mode.c | 2
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 ++--
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 8
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_14_msm8937.h | 2
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_15_msm8917.h | 1
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_16_msm8953.h | 3
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_7_msm8996.h | 4
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_2_sdm660.h | 3
drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_3_sdm630.h | 2
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 3
drivers/gpu/drm/msm/dsi/dsi_host.c | 9
drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 7
drivers/gpu/drm/nouveau/nouveau_bo.c | 3
drivers/gpu/drm/nouveau/nouveau_gem.c | 3
drivers/gpu/drm/sti/Makefile | 2
drivers/gpu/drm/tiny/repaper.c | 4
drivers/gpu/drm/v3d/v3d_sched.c | 16 -
drivers/gpu/drm/virtio/virtgpu_gem.c | 11
drivers/gpu/drm/virtio/virtgpu_plane.c | 20 -
drivers/gpu/drm/xe/xe_device_types.h | 1
drivers/gpu/drm/xe/xe_dma_buf.c | 5
drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 12
drivers/gpu/drm/xe/xe_guc_ads.c | 75 ++--
drivers/gpu/drm/xe/xe_hmm.c | 24 -
drivers/gpu/drm/xe/xe_migrate.c | 2
drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3
drivers/i2c/i2c-atr.c | 2
drivers/infiniband/core/cma.c | 4
drivers/infiniband/core/umem_odp.c | 6
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 10
drivers/infiniband/hw/hns/hns_roce_main.c | 2
drivers/infiniband/hw/usnic/usnic_ib_main.c | 14
drivers/md/md-bitmap.c | 5
drivers/md/raid10.c | 1
drivers/net/can/rockchip/rockchip_canfd-core.c | 7
drivers/net/dsa/b53/b53_common.c | 10
drivers/net/dsa/mv88e6xxx/chip.c | 13
drivers/net/dsa/mv88e6xxx/devlink.c | 3
drivers/net/ethernet/amd/pds_core/debugfs.c | 5
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4
drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1
drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 3
drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 7
drivers/net/ethernet/hisilicon/hibmcge/hbg_main.c | 6
drivers/net/ethernet/hisilicon/hibmcge/hbg_reg.h | 3
drivers/net/ethernet/intel/igc/igc.h | 1
drivers/net/ethernet/intel/igc/igc_defines.h | 6
drivers/net/ethernet/intel/igc/igc_main.c | 1
drivers/net/ethernet/intel/igc/igc_ptp.c | 113 ++++---
drivers/net/ethernet/marvell/octeontx2/nic/rep.c | 2
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 49 +--
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 15
drivers/net/ethernet/ti/icssg/icss_iep.c | 154 ++++++----
drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3
drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 3
drivers/net/wireless/ath/ath12k/dp_mon.c | 4
drivers/net/wireless/atmel/at76c50x-usb.c | 2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 4
drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 8
drivers/net/wireless/ti/wl1251/tx.c | 4
drivers/nvme/target/fc.c | 14
drivers/nvme/target/pci-epf.c | 74 +++-
drivers/pci/pci.c | 4
drivers/platform/mellanox/mlxbf-bootctl.c | 4
drivers/platform/x86/amd/pmf/auto-mode.c | 4
drivers/platform/x86/amd/pmf/cnqf.c | 8
drivers/platform/x86/amd/pmf/core.c | 14
drivers/platform/x86/amd/pmf/pmf.h | 1
drivers/platform/x86/amd/pmf/sps.c | 12
drivers/platform/x86/amd/pmf/tee-if.c | 6
drivers/platform/x86/asus-laptop.c | 9
drivers/platform/x86/dell/alienware-wmi.c | 56 +++
drivers/platform/x86/msi-wmi-platform.c | 99 ++++--
drivers/ptp/ptp_ocp.c | 1
drivers/ras/amd/atl/internal.h | 3
drivers/ras/amd/atl/umc.c | 19 +
drivers/ras/amd/fmpm.c | 9
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14
drivers/scsi/megaraid/megaraid_sas_base.c | 9
drivers/scsi/megaraid/megaraid_sas_fusion.c | 5
drivers/scsi/scsi_transport_iscsi.c | 7
drivers/scsi/smartpqi/smartpqi_init.c | 13
drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c | 33 +-
drivers/ufs/host/ufs-exynos.c | 41 ++
drivers/ufs/host/ufs-exynos.h | 5
fs/Kconfig | 1
fs/btrfs/ioctl.c | 2
fs/btrfs/super.c | 3
fs/eventpoll.c | 38 +-
fs/fuse/virtio_fs.c | 3
fs/hfs/bnode.c | 6
fs/hfsplus/bnode.c | 6
fs/isofs/export.c | 2
fs/nfs/Kconfig | 2
fs/nfs/internal.h | 7
fs/nfs/nfs4session.h | 4
fs/nfsd/Kconfig | 1
fs/nfsd/nfs4state.c | 2
fs/nfsd/nfsfh.h | 7
fs/overlayfs/overlayfs.h | 2
fs/overlayfs/super.c | 5
fs/smb/client/cifsproto.h | 2
fs/smb/client/connect.c | 34 --
fs/smb/client/file.c | 28 +
fs/smb/server/connection.c | 4
fs/smb/server/oplock.c | 29 -
fs/smb/server/oplock.h | 1
fs/smb/server/smb2pdu.c | 4
fs/smb/server/transport_ipc.c | 7
fs/smb/server/transport_tcp.c | 14
fs/smb/server/transport_tcp.h | 1
fs/smb/server/vfs.c | 3
include/drm/intel/pciids.h | 1
include/linux/backing-dev.h | 1
include/linux/firmware/cirrus/cs_dsp_test_utils.h | 1
include/linux/nfs.h | 7
include/uapi/drm/ivpu_accel.h | 4
io_uring/rsrc.c | 17 +
kernel/sched/cpufreq_schedutil.c | 46 ++
kernel/trace/ftrace.c | 7
kernel/trace/trace_events_filter.c | 4
lib/alloc_tag.c | 15
lib/iov_iter.c | 2
lib/string.c | 13
mm/compaction.c | 6
mm/filemap.c | 1
mm/gup.c | 4
mm/memory.c | 4
mm/slub.c | 10
mm/userfaultfd.c | 13
mm/vma.c | 38 ++
mm/vma.h | 9
net/bluetooth/hci_event.c | 5
net/bluetooth/l2cap_core.c | 21 +
net/bridge/br_vlan.c | 4
net/dsa/dsa.c | 59 +++
net/dsa/tag_8021q.c | 2
net/ethtool/cmis_cdb.c | 2
net/ipv6/route.c | 1
net/mac80211/iface.c | 3
net/mctp/af_mctp.c | 3
net/netfilter/nf_flow_table_core.c | 10
net/openvswitch/flow_netlink.c | 3
net/smc/af_smc.c | 5
rust/Makefile | 2
rust/helpers/io.c | 34 +-
scripts/Makefile.compiler | 4
scripts/generate_rust_analyzer.py | 12
sound/pci/hda/Kconfig | 4
sound/pci/hda/patch_realtek.c | 23 -
sound/soc/codecs/cs42l43-jack.c | 3
sound/soc/codecs/lpass-wsa-macro.c | 117 +++++--
sound/soc/dwc/dwc-i2s.c | 13
sound/soc/fsl/fsl_qmc_audio.c | 3
sound/soc/intel/avs/pcm.c | 3
sound/soc/intel/boards/sof_sdw.c | 1
sound/soc/qcom/lpass.h | 3
tools/objtool/check.c | 1
tools/perf/util/evsel.c | 22 -
tools/testing/kunit/qemu_configs/sh.py | 4
tools/testing/selftests/mincore/mincore_selftest.c | 16 -
tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4
tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 2
tools/testing/shared/linux.c | 4
246 files changed, 2157 insertions(+), 1271 deletions(-)
Abdun Nihaal (7):
wifi: at76c50x: fix use after free access in at76_disconnect
wifi: brcmfmac: fix memory leak in brcmf_get_module_param
wifi: wl1251: fix memory leak in wl1251_tx_work
pds_core: fix memory leak in pdsc_debugfs_add_qcq()
net: ngbe: fix memory leak in ngbe_probe() error path
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
net: txgbe: fix memory leak in txgbe_probe() error path
Akhil P Oommen (1):
drm/msm/a6xx: Fix stale rpmh votes from GPU
Akhil R (1):
crypto: tegra - Fix IV usage for AES ECB
Alex Deucher (3):
drm/amdgpu/mes12: optimize MES pipe FW version fetching
drm/amdgpu/mes11: optimize MES pipe FW version fetching
drm/amd/display/dml2: use vzalloc rather than kzalloc
Alex Williamson (1):
Revert "PCI: Avoid reset when disabled via sysfs"
Alexander Tsoy (1):
Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process"
Andreas Gruenbacher (1):
writeback: fix false warning in inode_to_wb()
Andrzej Kacprowski (1):
accel/ivpu: Fix the NPU's DPU frequency calculation
Andy Shevchenko (1):
i2c: atr: Fix wrong include
Ankit Nautiyal (3):
drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed
drm/i915/display: Add macro for checking 3 DSC engines
drm/i915/dp: Check for HAS_DSC_3ENGINES while configuring DSC slices
Anshuman Khandual (7):
arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1
arm64/sysreg: Add register fields for HDFGRTR2_EL2
arm64/sysreg: Add register fields for HDFGWTR2_EL2
arm64/sysreg: Add register fields for HFGITR2_EL2
arm64/sysreg: Add register fields for HFGRTR2_EL2
arm64/sysreg: Add register fields for HFGWTR2_EL2
arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
Ard Biesheuvel (1):
x86/boot/sev: Avoid shared GHCB page for early memory acceptance
Armin Wolf (2):
platform/x86: msi-wmi-platform: Rename "data" variable
platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug
Aurabindo Pillai (1):
drm/amd/display: Temporarily disable hostvm on DCN31
Baolin Wang (1):
selftests: mincore: fix tmpfs mincore test failure
Baoquan He (1):
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
Björn Töpel (1):
riscv: Properly export reserved regions in /proc/iomem
Bo-Cun Chen (3):
net: ethernet: mtk_eth_soc: reapply mdc divider on reset
net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps
net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings
Borislav Petkov (AMD) (1):
x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches
Brady Norander (1):
ASoC: dwc: always enable/disable i2s irqs
Brendan King (2):
drm/imagination: fix firmware memory leaks
drm/imagination: take paired job reference
Brendan Tam (1):
drm/amd/display: prevent hang on link training fail
Chandrakanth Patil (1):
scsi: megaraid_sas: Block zero-length ATA VPD inquiry
Charles Keepax (1):
ASoC: cs42l43: Reset clamp override on jack removal
Chengchang Tang (1):
RDMA/hns: Fix wrong maximum DMA segment size
Chenyuan Yang (2):
octeontx2-pf: handle otx2_mbox_get_rsp errors
drm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check
Chris Bainbridge (1):
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
Christian König (1):
drm/amdgpu: immediately use GTT for new allocations
Christoph Hellwig (1):
loop: stop using vfs_iter_{read,write} for buffered I/O
Christopher S M Hall (6):
igc: fix PTM cycle trigger logic
igc: increase wait time before retrying PTM
igc: move ktime snapshot into PTM retry loop
igc: handle the IGC_PTP_ENABLED flag correctly
igc: cleanup PTP module if probe fails
igc: add lock preventing multiple simultaneous PTM transactions
Chunjie Zhu (1):
smb3 client: fix open hardlink on deferred close file error
Damien Le Moal (2):
nvmet: pci-epf: always fully initialize completion entries
nvmet: pci-epf: clear CC and CSTS when disabling the controller
Damodharam Ammepalli (1):
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
Dan Carpenter (2):
Bluetooth: btrtl: Prevent potential NULL dereference
dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline()
Dapeng Mi (1):
perf/x86/intel: Allow to update user space GPRs from PEBS records
David Thompson (1):
mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show()
Denis Arefev (8):
asus-laptop: Fix an uninitialized variable
ksmbd: Prevent integer overflow in calculation of deadtime
drm/amd/pm: Prevent division by zero
drm/amd/pm/powerplay: Prevent division by zero
drm/amd/pm/smu11: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
Dmitry Baryshkov (2):
Bluetooth: qca: fix NV variant for one of WCN3950 SoCs
drm/msm/dpu: drop rogue intr_tear_rd_ptr values
Dmitry Osipenko (2):
drm/virtio: Don't attach GEM to a non-created context in gem_object_open()
drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb()
Edward Adam Davis (1):
isofs: Prevent the use of too small fid
Eric Biggers (1):
nfs: add missing selections of CONFIG_CRC32
Evgeny Pimenov (1):
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
FUJITA Tomonori (1):
rust: helpers: Remove volatile qualifier from io helpers
Florian Westphal (1):
netfilter: conntrack: fix erronous removal of offload bit
Frédéric Danis (2):
Bluetooth: l2cap: Check encryption key size on incoming connection
Bluetooth: l2cap: Process valid commands in too long frame
Geert Uytterhoeven (1):
dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry
Giuseppe Scrivano (1):
ovl: remove unused forward declaration
Greg Kroah-Hartman (1):
Linux 6.14.4
Haoxiang Li (1):
drm/msm/dsi: Add check for devm_kstrdup()
Henry Martin (1):
ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
Herbert Xu (1):
crypto: caam/qi - Fix drv_ctx refcount bug
Herve Codina (1):
ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event
Huacai Chen (3):
drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()
drm/amd/display: Protect FPU in dml21_copy()
drm/amd/display: Protect FPU in dml2_init()/dml21_init()
Ilya Maximets (1):
net: openvswitch: fix nested key length validation in the set() action
Jakub Kicinski (6):
netlink: specs: ovs_vport: align with C codegen capabilities
eth: bnxt: fix missing ring index trim on error path
netlink: specs: rt-link: add an attr layer around alt-ifname
netlink: specs: rtnetlink: attribute naming corrections
netlink: specs: rt-link: adjust mctp attribute naming
netlink: specs: rt-neigh: prefix struct nfmsg members with ndm
Jani Nikula (1):
drm/i915/gvt: fix unterminated-string-initialization warning
Jens Axboe (1):
eventpoll: abstract out ep_try_send_events() helper
Jijie Shao (4):
net: hibmcge: fix incorrect pause frame statistics issue
net: hibmcge: fix incorrect multicast filtering issue
net: hibmcge: fix wrong mtu log issue
net: hibmcge: fix not restore rx pause mac addr after reset issue
Jocelyn Falempe (1):
drm/ast: Fix ast_dp connection status
Joe Damato (1):
eventpoll: Set epoll timeout if it's in the future
Johannes Berg (2):
wifi: iwlwifi: pcie: set state to no-FW before reset handshake
Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Johannes Kimmel (1):
btrfs: correctly escape subvol in btrfs_show_options()
Jonas Gorski (2):
net: b53: enable BPDU reception for management port
net: bridge: switchdev: do not notify new brentries as changed
Juergen Gross (1):
xen: fix multicall debug feature
Kailang Yang (1):
ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
Kan Liang (3):
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
Kashyap Desai (1):
RDMA/bnxt_re: Fix budget handling of notification queue
Kees Cook (1):
Bluetooth: vhci: Avoid needless snprintf() calls
Kirill A. Shutemov (1):
mm: fix apply_to_existing_page_range()
Kuniyuki Iwashima (3):
smc: Fix lockdep false-positive for IPPROTO_SMC.
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
Revert "smb: client: fix TCP timers deadlock after rmmod"
Kurt Borja (2):
platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1
platform/x86: alienware-wmi-wmax: Extend support to more laptops
Leo Li (2):
drm/amd/display: Actually do immediate vblank disable
drm/amd/display: Increase vblank offdelay for PSR panels
Leon Romanovsky (1):
RDMA/bnxt_re: Remove unusable nq variable
Li Lingfeng (1):
nfsd: decrease sc_count directly if fail to queue dl_recall
Lijo Lazar (1):
drm/amdgpu: Prefer shadow rom when available
Lorenzo Stoakes (1):
mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
Lucas De Marchi (1):
drm/xe: Set LRC addresses before guc load
Luiz Augusto von Dentz (1):
Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
Lukas Fischer (1):
scripts: generate_rust_analyzer: Add ffi crate
Mario Limonciello (4):
platform/x86: amd: pmf: Fix STT limits
drm/amd: Handle being compiled without SI or CIK support better
drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1
drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1
Mark Brown (1):
selftests/mm: generate a temporary mountpoint for cgroup filesystem
Martin K. Petersen (1):
block: integrity: Do not call set_page_dirty_lock()
Martin Wilck (1):
scsi: smartpqi: Use is_kdump_kernel() to check for kdump
Matt Johnston (1):
net: mctp: Set SOCK_RCU_FREE
Matt Roper (1):
drm/xe/bmg: Add one additional PCI ID
Matthew Auld (3):
drm/amdgpu/dma_buf: fix page_link check
drm/xe/dma_buf: stop relying on placement in unmap
drm/xe/userptr: fix notifier vs folio deadlock
Matthew Brost (1):
drm/xe: Use local fence in error path of xe_migrate_clear
Matthew Wilcox (Oracle) (1):
test suite: use %zu to print size_t
Maíra Canal (1):
drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later
Meghana Malladi (3):
net: ti: icss-iep: Add pwidth configuration for perout signal
net: ti: icss-iep: Add phase offset configuration for perout signal
net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
Menglong Dong (1):
ftrace: fix incorrect hash size in register_ftrace_direct()
Miaoqian Lin (1):
scsi: iscsi: Fix missing scsi_host_put() in error path
Michael Walle (1):
net: ethernet: ti: am65-cpsw: fix port_np reference counting
Miguel Ojeda (4):
objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0
rust: kasan/kbuild: fix missing flags on first build
rust: disable `clippy::needless_continue`
rust: kbuild: use `pound` to support GNU Make < 4.3
Miklos Szeredi (1):
ovl: don't allow datadir only
Namhyung Kim (1):
perf tools: Remove evsel__handle_error_quirks()
Namjae Jeon (3):
ksmbd: fix use-after-free in __smb2_lease_break_noti()
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
ksmbd: fix the warning from __kernel_write_iter
Nathan Chancellor (1):
riscv: Avoid fortify warning in syscall_get_arguments()
Nikita Zhandarovich (1):
drm/repaper: fix integer overflows in repeat functions
Niklas Cassel (1):
ata: libata-sata: Save all fields from sense data descriptor
P Praneesh (1):
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
Pavel Begunkov (1):
io_uring: don't post tag CQEs on file/buffer registration failure
Peter Collingbourne (1):
string: Add load_unaligned_zeropad() code path to sized_strscpy()
Peter Griffin (3):
scsi: ufs: exynos: Move UFS shareability value to drvdata
scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
scsi: ufs: exynos: Ensure consistent phy reference counts
Peter Ujfalusi (1):
ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16
Rafael J. Wysocki (3):
cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
cpufreq/sched: Explicitly synchronize limits_changed flag handling
cpufreq: Reference count policy in cpufreq_update_limits()
Remi Pommarel (2):
wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
Richard Fitzgerald (2):
ALSA: hda/cirrus_scodec_test: Don't select dependencies
firmware: cs_dsp: test_bin_error: Fix uninitialized data used as fw version
Rob Clark (1):
drm/msm/a6xx+: Don't let IB_SIZE overflow
Rolf Eike Beer (1):
drm/sti: remove duplicate object names
Sagi Maimon (1):
ptp: ocp: fix start time alignment in ptp_ocp_signal_set
Sami Tolvanen (1):
rust: kbuild: Don't export __pfx symbols
Samuel Holland (2):
riscv: module: Fix out-of-bounds relocation access
riscv: module: Allocate PLT entries for R_RISCV_PLT32
Sandipan Das (1):
x86/cpu/amd: Fix workaround for erratum 1054
Sean Heelan (1):
ksmbd: Fix dangling pointer in krb_authenticate
Sharath Srinivasan (1):
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
Shay Drory (1):
RDMA/core: Silence oversized kvmalloc() warning
Sheng Yong (1):
lib/iov_iter: fix to increase non slab folio refcount
Sidong Yang (1):
btrfs: ioctl: don't free iov when btrfs_encoded_read() returns -EAGAIN
Srinivas Kandagatla (2):
ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
Srinivas Pandruvada (1):
thermal: intel: int340x: Fix Panther Lake DLVR support
Steven Rostedt (1):
tracing: Fix filter string testing
Suren Baghdasaryan (1):
slab: ensure slab->obj_exts is clear in a newly allocated slab page
T.J. Mercier (1):
alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate
Thadeu Lima de Souza Cascardo (1):
i2c: cros-ec-tunnel: defer probe if parent EC is not present
Thomas Hellström (1):
drm/xe: Fix an out-of-bounds shift when invalidating TLB
Thomas Weißschuh (3):
kunit: qemu_configs: SH: Respect kunit cmdline
loop: properly send KOBJ_CHANGED uevent for disk device
loop: LOOP_SET_FD: send uevents for partitions
Thomas Zimmermann (1):
drm/mgag200: Fix value in <VBLKSTR> register
Tom Chung (1):
drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes()
Tomasz Pakuła (1):
drm/amd/pm: Add zero RPM enabled OD setting support for SMU14.0.2
Vasiliy Kovalev (1):
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
Ville Syrjälä (2):
drm/i915: Fix scanline_offset for LNL+ and BMG+
drm/i915/dp: Reject HBR3 when sink doesn't support TPS4
Vishal Moola (Oracle) (2):
mm/compaction: fix bug in hugetlb handling pathway
mm: fix filemap_get_folios_contig returning batches of identical folios
Vivek Kasireddy (1):
drm/i915/xe2hpd: Identify the memory type for SKUs with GDDR + ECC
Vladimir Oltean (5):
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
net: dsa: clean up FDB, MDB, VLAN entries on unbind
net: dsa: free routing table on probe failure
net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
WangYuli (6):
riscv: KGDB: Do not inline arch_kgdb_breakpoint()
riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
nvmet-fc: Remove unused functions
MIPS: dec: Declare which_prom() as static
MIPS: cevt-ds1287: Add missing ds1287.h include
MIPS: ds1287: Match ds1287_set_base_clock() function types
Weizhao Ouyang (1):
can: rockchip_canfd: fix broken quirks checks
Will Pierce (1):
riscv: Use kvmalloc_array on relocation_hashtable
Xiangsheng Hou (1):
virtiofs: add filesystem context source name check
Xin Long (1):
ipv6: add exception routes to GC list in rt6_insert_exception
Xingui Yang (1):
scsi: hisi_sas: Enable force phy when SATA disk directly connected
Yazen Ghannam (2):
RAS/AMD/ATL: Include row[13] bit in row retirement
RAS/AMD/FMPM: Get masked address
Yu Kuai (1):
md/raid10: fix missing discard IO accounting
Yue Haibing (1):
RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
Yunlong Xing (1):
loop: aio inherit the ioprio of original request
ZhenGuo Yin (1):
drm/amdgpu: fix warning of drm_mm_clean
Zheng Qixing (2):
md/md-bitmap: fix stats collection for external bitmaps
block: fix resource leak in blk_register_queue() error path
5 months
- 1
- 1
Linux 6.12.25
by Greg Kroah-Hartman
I'm announcing the release of the 6.12.25 kernel.
All users of the 6.12 kernel series must upgrade.
The updated 6.12.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/arch/arm64/booting.rst | 22 +
Documentation/devicetree/bindings/soc/fsl/fsl,ls1028a-reset.yaml | 2
Documentation/netlink/specs/ovs_vport.yaml | 4
Documentation/netlink/specs/rt_link.yaml | 14
Documentation/wmi/devices/msi-wmi-platform.rst | 4
Makefile | 6
arch/arm64/include/asm/el2_setup.h | 25 +
arch/arm64/tools/sysreg | 104 ++++++
arch/loongarch/kernel/acpi.c | 12
arch/mips/dec/prom/init.c | 2
arch/mips/include/asm/ds1287.h | 2
arch/mips/kernel/cevt-ds1287.c | 1
arch/riscv/include/asm/kgdb.h | 9
arch/riscv/include/asm/syscall.h | 7
arch/riscv/kernel/kgdb.c | 6
arch/riscv/kernel/module-sections.c | 13
arch/riscv/kernel/module.c | 11
arch/riscv/kernel/setup.c | 36 ++
arch/x86/boot/compressed/mem.c | 5
arch/x86/boot/compressed/sev.c | 67 ----
arch/x86/boot/compressed/sev.h | 2
arch/x86/events/intel/ds.c | 8
arch/x86/events/intel/uncore_snbep.c | 107 ------
arch/x86/kernel/cpu/amd.c | 19 -
arch/x86/kernel/cpu/microcode/amd.c | 9
arch/x86/xen/multicalls.c | 26 -
arch/x86/xen/smp_pv.c | 1
arch/x86/xen/xen-ops.h | 3
block/bio-integrity.c | 17 -
block/blk-core.c | 6
block/blk-merge.c | 2
block/blk-mq-cpumap.c | 37 ++
block/blk-mq.c | 42 +-
block/blk-mq.h | 2
block/blk-sysfs.c | 2
drivers/ata/libata-sata.c | 15
drivers/block/loop.c | 121 +------
drivers/block/null_blk/main.c | 9
drivers/block/virtio_blk.c | 13
drivers/bluetooth/btrtl.c | 2
drivers/bluetooth/hci_vhci.c | 10
drivers/cpufreq/cpufreq.c | 8
drivers/crypto/caam/qi.c | 6
drivers/crypto/tegra/tegra-se-aes.c | 131 ++++----
drivers/crypto/tegra/tegra-se-hash.c | 38 +-
drivers/crypto/tegra/tegra-se.h | 2
drivers/dma-buf/sw_sync.c | 19 -
drivers/firmware/efi/libstub/efistub.h | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 34 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4
drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4
drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 21 -
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 64 +++-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 6
drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 17 -
drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 9
drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6
drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 7
drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 2
drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2
drivers/gpu/drm/ast/ast_dp.c | 6
drivers/gpu/drm/i915/display/intel_display.c | 4
drivers/gpu/drm/i915/gvt/opregion.c | 7
drivers/gpu/drm/imagination/pvr_fw.c | 27 +
drivers/gpu/drm/imagination/pvr_job.c | 7
drivers/gpu/drm/imagination/pvr_queue.c | 4
drivers/gpu/drm/mgag200/mgag200_mode.c | 2
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 ++--
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 8
drivers/gpu/drm/msm/dsi/dsi_host.c | 9
drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 7
drivers/gpu/drm/nouveau/nouveau_bo.c | 3
drivers/gpu/drm/nouveau/nouveau_gem.c | 3
drivers/gpu/drm/sti/Makefile | 2
drivers/gpu/drm/tiny/repaper.c | 4
drivers/gpu/drm/v3d/v3d_sched.c | 16 -
drivers/gpu/drm/xe/xe_dma_buf.c | 5
drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 12
drivers/gpu/drm/xe/xe_guc_ads.c | 75 ++--
drivers/gpu/drm/xe/xe_hmm.c | 24 -
drivers/gpu/drm/xe/xe_migrate.c | 2
drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3
drivers/i2c/i2c-atr.c | 2
drivers/infiniband/core/cma.c | 4
drivers/infiniband/core/umem_odp.c | 6
drivers/infiniband/hw/hns/hns_roce_main.c | 2
drivers/infiniband/hw/usnic/usnic_ib_main.c | 14
drivers/md/md-bitmap.c | 5
drivers/md/md.c | 22 -
drivers/md/raid10.c | 1
drivers/misc/pci_endpoint_test.c | 4
drivers/net/can/rockchip/rockchip_canfd-core.c | 7
drivers/net/dsa/b53/b53_common.c | 10
drivers/net/dsa/mv88e6xxx/chip.c | 13
drivers/net/dsa/mv88e6xxx/devlink.c | 3
drivers/net/ethernet/amd/pds_core/debugfs.c | 5
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4
drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1
drivers/net/ethernet/intel/igc/igc.h | 1
drivers/net/ethernet/intel/igc/igc_defines.h | 6
drivers/net/ethernet/intel/igc/igc_main.c | 1
drivers/net/ethernet/intel/igc/igc_ptp.c | 113 ++++---
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 49 +--
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 15
drivers/net/ethernet/ti/icssg/icss_iep.c | 154 ++++++----
drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3
drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 3
drivers/net/wireless/ath/ath12k/dp_mon.c | 4
drivers/net/wireless/atmel/at76c50x-usb.c | 2
drivers/net/wireless/ti/wl1251/tx.c | 4
drivers/nvme/host/apple.c | 2
drivers/nvme/host/pci.c | 15
drivers/nvme/target/fc.c | 14
drivers/pci/pci.c | 4
drivers/platform/x86/amd/pmf/auto-mode.c | 4
drivers/platform/x86/amd/pmf/cnqf.c | 8
drivers/platform/x86/amd/pmf/core.c | 14
drivers/platform/x86/amd/pmf/pmf.h | 1
drivers/platform/x86/amd/pmf/sps.c | 12
drivers/platform/x86/amd/pmf/tee-if.c | 6
drivers/platform/x86/asus-laptop.c | 9
drivers/platform/x86/msi-wmi-platform.c | 99 ++++--
drivers/ptp/ptp_ocp.c | 1
drivers/ras/amd/atl/internal.h | 3
drivers/ras/amd/atl/umc.c | 19 +
drivers/ras/amd/fmpm.c | 9
drivers/scsi/fnic/fnic_main.c | 3
drivers/scsi/hisi_sas/hisi_sas.h | 1
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 18 -
drivers/scsi/megaraid/megaraid_sas_base.c | 12
drivers/scsi/megaraid/megaraid_sas_fusion.c | 5
drivers/scsi/mpi3mr/mpi3mr.h | 1
drivers/scsi/mpi3mr/mpi3mr_os.c | 2
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 3
drivers/scsi/pm8001/pm8001_init.c | 2
drivers/scsi/pm8001/pm8001_sas.h | 1
drivers/scsi/qla2xxx/qla_nvme.c | 3
drivers/scsi/qla2xxx/qla_os.c | 4
drivers/scsi/scsi_transport_iscsi.c | 7
drivers/scsi/smartpqi/smartpqi_init.c | 20 -
drivers/ufs/host/ufs-exynos.c | 6
fs/Kconfig | 1
fs/btrfs/super.c | 3
fs/fuse/virtio_fs.c | 3
fs/hfs/bnode.c | 6
fs/hfsplus/bnode.c | 6
fs/isofs/export.c | 2
fs/nfs/Kconfig | 2
fs/nfs/internal.h | 7
fs/nfs/nfs4session.h | 4
fs/nfsd/Kconfig | 1
fs/nfsd/nfs4state.c | 2
fs/nfsd/nfsfh.h | 7
fs/overlayfs/overlayfs.h | 2
fs/overlayfs/super.c | 5
fs/smb/client/cifsproto.h | 2
fs/smb/client/connect.c | 34 --
fs/smb/client/file.c | 28 +
fs/smb/server/oplock.c | 29 -
fs/smb/server/oplock.h | 1
fs/smb/server/smb2pdu.c | 4
fs/smb/server/transport_ipc.c | 7
fs/smb/server/vfs.c | 3
include/linux/backing-dev.h | 1
include/linux/blk-mq.h | 101 +++---
include/linux/blkdev.h | 11
include/linux/bpf.h | 1
include/linux/bpf_verifier.h | 1
include/linux/device/bus.h | 3
include/linux/nfs.h | 7
io_uring/rw.c | 4
kernel/bpf/verifier.c | 79 ++++-
kernel/sched/cpufreq_schedutil.c | 46 ++
kernel/trace/ftrace.c | 7
kernel/trace/trace_events_filter.c | 4
lib/string.c | 13
mm/compaction.c | 6
mm/filemap.c | 1
mm/gup.c | 4
mm/memory.c | 4
mm/slub.c | 10
mm/userfaultfd.c | 13
mm/vma.c | 38 ++
mm/vma.h | 9
net/bluetooth/hci_event.c | 5
net/bluetooth/l2cap_core.c | 21 +
net/bridge/br_vlan.c | 4
net/dsa/dsa.c | 59 +++
net/dsa/tag_8021q.c | 2
net/ethtool/cmis_cdb.c | 2
net/ipv6/route.c | 1
net/mac80211/iface.c | 3
net/mctp/af_mctp.c | 3
net/openvswitch/flow_netlink.c | 3
net/smc/af_smc.c | 5
scripts/Makefile.compiler | 4
scripts/generate_rust_analyzer.py | 12
sound/pci/hda/Kconfig | 4
sound/pci/hda/patch_realtek.c | 55 +++
sound/soc/codecs/cs42l43-jack.c | 3
sound/soc/codecs/lpass-wsa-macro.c | 117 +++++--
sound/soc/dwc/dwc-i2s.c | 13
sound/soc/fsl/fsl_qmc_audio.c | 3
sound/soc/intel/avs/pcm.c | 3
sound/soc/intel/boards/sof_sdw.c | 1
sound/soc/qcom/lpass.h | 3
tools/objtool/check.c | 1
tools/testing/kunit/qemu_configs/sh.py | 4
tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c | 107 ++++++
tools/testing/selftests/bpf/progs/changes_pkt_data.c | 39 ++
tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c | 18 +
tools/testing/selftests/bpf/progs/raw_tp_null.c | 19 -
tools/testing/selftests/bpf/progs/verifier_sock.c | 56 +++
tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4
tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 2
tools/testing/shared/linux.c | 4
226 files changed, 2243 insertions(+), 1187 deletions(-)
Abdun Nihaal (6):
wifi: at76c50x: fix use after free access in at76_disconnect
wifi: wl1251: fix memory leak in wl1251_tx_work
pds_core: fix memory leak in pdsc_debugfs_add_qcq()
net: ngbe: fix memory leak in ngbe_probe() error path
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
net: txgbe: fix memory leak in txgbe_probe() error path
Akhil P Oommen (1):
drm/msm/a6xx: Fix stale rpmh votes from GPU
Akhil R (2):
crypto: tegra - Do not use fixed size buffers
crypto: tegra - Fix IV usage for AES ECB
Alex Deucher (2):
drm/amdgpu/mes12: optimize MES pipe FW version fetching
drm/amdgpu/mes11: optimize MES pipe FW version fetching
Alex Williamson (1):
Revert "PCI: Avoid reset when disabled via sysfs"
Alexander Tsoy (1):
Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process"
Andreas Gruenbacher (1):
writeback: fix false warning in inode_to_wb()
Andy Shevchenko (1):
i2c: atr: Fix wrong include
Ankit Nautiyal (1):
drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed
Anshuman Khandual (7):
arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1
arm64/sysreg: Add register fields for HDFGRTR2_EL2
arm64/sysreg: Add register fields for HDFGWTR2_EL2
arm64/sysreg: Add register fields for HFGITR2_EL2
arm64/sysreg: Add register fields for HFGRTR2_EL2
arm64/sysreg: Add register fields for HFGWTR2_EL2
arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
Ard Biesheuvel (1):
x86/boot/sev: Avoid shared GHCB page for early memory acceptance
Armin Wolf (2):
platform/x86: msi-wmi-platform: Rename "data" variable
platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug
Aurabindo Pillai (1):
drm/amd/display: Temporarily disable hostvm on DCN31
Baoquan He (1):
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
Björn Töpel (1):
riscv: Properly export reserved regions in /proc/iomem
Bo-Cun Chen (3):
net: ethernet: mtk_eth_soc: reapply mdc divider on reset
net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps
net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings
Borislav Petkov (AMD) (1):
x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches
Brady Norander (1):
ASoC: dwc: always enable/disable i2s irqs
Brendan King (2):
drm/imagination: fix firmware memory leaks
drm/imagination: take paired job reference
Brendan Tam (1):
drm/amd/display: prevent hang on link training fail
Chandrakanth Patil (1):
scsi: megaraid_sas: Block zero-length ATA VPD inquiry
Charles Keepax (1):
ASoC: cs42l43: Reset clamp override on jack removal
Chengchang Tang (1):
RDMA/hns: Fix wrong maximum DMA segment size
Chris Bainbridge (1):
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
Christian König (1):
drm/amdgpu: immediately use GTT for new allocations
Christoph Hellwig (4):
loop: stop using vfs_iter_{read,write} for buffered I/O
block: remove rq_list_move
block: add a rq_list type
block: don't reorder requests in blk_add_rq_to_plug
Christopher S M Hall (6):
igc: fix PTM cycle trigger logic
igc: increase wait time before retrying PTM
igc: move ktime snapshot into PTM retry loop
igc: handle the IGC_PTP_ENABLED flag correctly
igc: cleanup PTP module if probe fails
igc: add lock preventing multiple simultaneous PTM transactions
Chunjie Zhu (1):
smb3 client: fix open hardlink on deferred close file error
Colin Ian King (1):
crypto: tegra - remove redundant error check on ret
Damodharam Ammepalli (1):
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
Dan Carpenter (2):
Bluetooth: btrtl: Prevent potential NULL dereference
dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline()
Daniel Wagner (3):
driver core: bus: add irq_get_affinity callback to bus_type
blk-mq: introduce blk_mq_map_hw_queues
scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues
Dapeng Mi (1):
perf/x86/intel: Allow to update user space GPRs from PEBS records
Denis Arefev (8):
asus-laptop: Fix an uninitialized variable
ksmbd: Prevent integer overflow in calculation of deadtime
drm/amd/pm: Prevent division by zero
drm/amd/pm/powerplay: Prevent division by zero
drm/amd/pm/smu11: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
Eduard Zingerman (8):
bpf: add find_containing_subprog() utility function
bpf: track changes_pkt_data property for global functions
selftests/bpf: test for changing packet data from global functions
bpf: check changes_pkt_data property for extension programs
selftests/bpf: freplace tests for tracking of changes_packet_data
selftests/bpf: validate that tail call invalidates packet pointers
bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs
selftests/bpf: extend changes_pkt_data with cases w/o subprograms
Edward Adam Davis (1):
isofs: Prevent the use of too small fid
Eric Biggers (1):
nfs: add missing selections of CONFIG_CRC32
Evgeny Pimenov (1):
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
Frédéric Danis (2):
Bluetooth: l2cap: Check encryption key size on incoming connection
Bluetooth: l2cap: Process valid commands in too long frame
Geert Uytterhoeven (1):
dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry
Giuseppe Scrivano (1):
ovl: remove unused forward declaration
Greg Kroah-Hartman (1):
Linux 6.12.25
Hamza Mahfooz (1):
efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
Haoxiang Li (1):
drm/msm/dsi: Add check for devm_kstrdup()
Henry Martin (1):
ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
Herbert Xu (1):
crypto: caam/qi - Fix drv_ctx refcount bug
Herve Codina (1):
ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event
Huacai Chen (3):
drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()
drm/amd/display: Protect FPU in dml21_copy()
drm/amd/display: Protect FPU in dml2_init()/dml21_init()
Ilya Maximets (1):
net: openvswitch: fix nested key length validation in the set() action
Jakub Kicinski (4):
netlink: specs: ovs_vport: align with C codegen capabilities
eth: bnxt: fix missing ring index trim on error path
netlink: specs: rt-link: add an attr layer around alt-ifname
netlink: specs: rt-link: adjust mctp attribute naming
Jani Nikula (1):
drm/i915/gvt: fix unterminated-string-initialization warning
Jaroslav Kysela (1):
ALSA: hda: improve bass speaker support for ASUS Zenbook UM5606WA
Jens Axboe (1):
block: make struct rq_list available for !CONFIG_BLOCK
Jocelyn Falempe (1):
drm/ast: Fix ast_dp connection status
Johannes Berg (1):
Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Johannes Kimmel (1):
btrfs: correctly escape subvol in btrfs_show_options()
Jonas Gorski (2):
net: b53: enable BPDU reception for management port
net: bridge: switchdev: do not notify new brentries as changed
Juergen Gross (1):
xen: fix multicall debug feature
Kailang Yang (1):
ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
Kan Liang (3):
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
Kees Cook (1):
Bluetooth: vhci: Avoid needless snprintf() calls
Kirill A. Shutemov (1):
mm: fix apply_to_existing_page_range()
Kunihiko Hayashi (2):
misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
Kuniyuki Iwashima (3):
smc: Fix lockdep false-positive for IPPROTO_SMC.
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
Revert "smb: client: fix TCP timers deadlock after rmmod"
Leo Li (2):
drm/amd/display: Actually do immediate vblank disable
drm/amd/display: Increase vblank offdelay for PSR panels
Li Lingfeng (1):
nfsd: decrease sc_count directly if fail to queue dl_recall
Lijo Lazar (1):
drm/amdgpu: Prefer shadow rom when available
Lorenzo Stoakes (1):
mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
Lucas De Marchi (1):
drm/xe: Set LRC addresses before guc load
Luiz Augusto von Dentz (1):
Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
Lukas Fischer (1):
scripts: generate_rust_analyzer: Add ffi crate
Mario Limonciello (4):
platform/x86: amd: pmf: Fix STT limits
drm/amd: Handle being compiled without SI or CIK support better
drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1
drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1
Mark Brown (1):
selftests/mm: generate a temporary mountpoint for cgroup filesystem
Martin K. Petersen (1):
block: integrity: Do not call set_page_dirty_lock()
Martin Wilck (1):
scsi: smartpqi: Use is_kdump_kernel() to check for kdump
Matt Johnston (1):
net: mctp: Set SOCK_RCU_FREE
Matthew Auld (3):
drm/amdgpu/dma_buf: fix page_link check
drm/xe/dma_buf: stop relying on placement in unmap
drm/xe/userptr: fix notifier vs folio deadlock
Matthew Brost (1):
drm/xe: Use local fence in error path of xe_migrate_clear
Matthew Wilcox (Oracle) (1):
test suite: use %zu to print size_t
Maíra Canal (1):
drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later
Meghana Malladi (3):
net: ti: icss-iep: Add pwidth configuration for perout signal
net: ti: icss-iep: Add phase offset configuration for perout signal
net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
Menglong Dong (1):
ftrace: fix incorrect hash size in register_ftrace_direct()
Miaoqian Lin (1):
scsi: iscsi: Fix missing scsi_host_put() in error path
Michael Walle (1):
net: ethernet: ti: am65-cpsw: fix port_np reference counting
Miguel Ojeda (4):
objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0
rust: kasan/kbuild: fix missing flags on first build
rust: disable `clippy::needless_continue`
rust: kbuild: use `pound` to support GNU Make < 4.3
Miklos Szeredi (1):
ovl: don't allow datadir only
Namjae Jeon (2):
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
ksmbd: fix the warning from __kernel_write_iter
Nathan Chancellor (2):
riscv: Avoid fortify warning in syscall_get_arguments()
kbuild: Add '-fno-builtin-wcslen'
Nikita Zhandarovich (1):
drm/repaper: fix integer overflows in repeat functions
Niklas Cassel (1):
ata: libata-sata: Save all fields from sense data descriptor
P Praneesh (1):
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
Peter Collingbourne (1):
string: Add load_unaligned_zeropad() code path to sized_strscpy()
Peter Griffin (1):
scsi: ufs: exynos: Ensure consistent phy reference counts
Peter Ujfalusi (1):
ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16
Rafael J. Wysocki (3):
cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
cpufreq/sched: Explicitly synchronize limits_changed flag handling
cpufreq: Reference count policy in cpufreq_update_limits()
Remi Pommarel (2):
wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
Richard Fitzgerald (1):
ALSA: hda/cirrus_scodec_test: Don't select dependencies
Rob Clark (1):
drm/msm/a6xx+: Don't let IB_SIZE overflow
Rolf Eike Beer (1):
drm/sti: remove duplicate object names
Sagi Maimon (1):
ptp: ocp: fix start time alignment in ptp_ocp_signal_set
Samuel Holland (2):
riscv: module: Fix out-of-bounds relocation access
riscv: module: Allocate PLT entries for R_RISCV_PLT32
Sandipan Das (1):
x86/cpu/amd: Fix workaround for erratum 1054
Sean Heelan (1):
ksmbd: Fix dangling pointer in krb_authenticate
Sharath Srinivasan (1):
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
Shay Drory (1):
RDMA/core: Silence oversized kvmalloc() warning
Shung-Hsi Yu (1):
selftests/bpf: Fix raw_tp null handling test
Srinivas Kandagatla (2):
ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
Steven Rostedt (1):
tracing: Fix filter string testing
Suren Baghdasaryan (1):
slab: ensure slab->obj_exts is clear in a newly allocated slab page
Takashi Iwai (1):
ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130
Thadeu Lima de Souza Cascardo (1):
i2c: cros-ec-tunnel: defer probe if parent EC is not present
Thomas Hellström (1):
drm/xe: Fix an out-of-bounds shift when invalidating TLB
Thomas Weißschuh (3):
kunit: qemu_configs: SH: Respect kunit cmdline
loop: properly send KOBJ_CHANGED uevent for disk device
loop: LOOP_SET_FD: send uevents for partitions
Thomas Zimmermann (1):
drm/mgag200: Fix value in <VBLKSTR> register
Tom Chung (1):
drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes()
Vasiliy Kovalev (1):
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
Vishal Moola (Oracle) (2):
mm/compaction: fix bug in hugetlb handling pathway
mm: fix filemap_get_folios_contig returning batches of identical folios
Vladimir Oltean (5):
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
net: dsa: clean up FDB, MDB, VLAN entries on unbind
net: dsa: free routing table on probe failure
net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
WangYuli (6):
riscv: KGDB: Do not inline arch_kgdb_breakpoint()
riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
nvmet-fc: Remove unused functions
MIPS: dec: Declare which_prom() as static
MIPS: cevt-ds1287: Add missing ds1287.h include
MIPS: ds1287: Match ds1287_set_base_clock() function types
Weizhao Ouyang (1):
can: rockchip_canfd: fix broken quirks checks
Will Pierce (1):
riscv: Use kvmalloc_array on relocation_hashtable
Xiangsheng Hou (1):
virtiofs: add filesystem context source name check
Xin Long (1):
ipv6: add exception routes to GC list in rt6_insert_exception
Xingui Yang (1):
scsi: hisi_sas: Enable force phy when SATA disk directly connected
Yazen Ghannam (2):
RAS/AMD/ATL: Include row[13] bit in row retirement
RAS/AMD/FMPM: Get masked address
Yu Kuai (2):
md/raid10: fix missing discard IO accounting
md: fix mddev uaf while iterating all_mddevs list
Yue Haibing (1):
RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
Yuli Wang (1):
LoongArch: Eliminate superfluous get_numa_distances_cnt()
Yunlong Xing (1):
loop: aio inherit the ioprio of original request
ZhenGuo Yin (1):
drm/amdgpu: fix warning of drm_mm_clean
Zheng Qixing (2):
md/md-bitmap: fix stats collection for external bitmaps
block: fix resource leak in blk_register_queue() error path
5 months
- 1
- 1
Linux 6.6.88
by Greg Kroah-Hartman
I'm announcing the release of the 6.6.88 kernel.
All users of the 6.6 kernel series must upgrade.
The updated 6.6.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/arm/qcom,coresight-tpda.yaml | 3
Documentation/devicetree/bindings/arm/qcom,coresight-tpdm.yaml | 3
Documentation/devicetree/bindings/media/i2c/st,st-mipid02.yaml | 2
Documentation/netlink/specs/rt_link.yaml | 14
MAINTAINERS | 1
Makefile | 5
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6
arch/arm64/include/asm/cputype.h | 4
arch/arm64/include/asm/spectre.h | 1
arch/arm64/include/asm/tlbflush.h | 22 -
arch/arm64/kernel/proton-pack.c | 218 +++++-----
arch/arm64/kvm/arm.c | 6
arch/arm64/mm/mmu.c | 3
arch/loongarch/kernel/acpi.c | 12
arch/mips/dec/prom/init.c | 2
arch/mips/include/asm/ds1287.h | 2
arch/mips/kernel/cevt-ds1287.c | 1
arch/powerpc/kernel/rtas.c | 4
arch/riscv/include/asm/kgdb.h | 9
arch/riscv/include/asm/syscall.h | 7
arch/riscv/kernel/kgdb.c | 6
arch/riscv/kernel/setup.c | 36 +
arch/sparc/include/asm/pgtable_64.h | 2
arch/sparc/mm/tlb.c | 5
arch/x86/Kconfig | 1
arch/x86/boot/compressed/mem.c | 5
arch/x86/boot/compressed/sev.c | 67 ---
arch/x86/boot/compressed/sev.h | 2
arch/x86/coco/tdx/tdx.c | 26 +
arch/x86/events/intel/ds.c | 8
arch/x86/events/intel/uncore_snbep.c | 107 ----
arch/x86/include/asm/irqflags.h | 40 +
arch/x86/include/asm/paravirt.h | 20
arch/x86/include/asm/paravirt_types.h | 3
arch/x86/include/asm/tdx.h | 4
arch/x86/include/asm/xen/hypervisor.h | 5
arch/x86/kernel/cpu/amd.c | 21
arch/x86/kernel/cpu/intel.c | 20
arch/x86/kernel/cpu/microcode/amd.c | 9
arch/x86/kernel/e820.c | 17
arch/x86/kernel/paravirt.c | 14
arch/x86/kernel/process.c | 2
arch/x86/kernel/signal_32.c | 62 +-
arch/x86/kvm/cpuid.c | 8
arch/x86/kvm/x86.c | 4
arch/x86/mm/pat/set_memory.c | 6
arch/x86/platform/pvh/enlighten.c | 3
arch/x86/xen/enlighten.c | 10
arch/x86/xen/enlighten_pvh.c | 93 ++--
arch/x86/xen/setup.c | 3
block/blk-sysfs.c | 2
certs/Makefile | 2
certs/extract-cert.c | 138 +++---
drivers/acpi/platform_profile.c | 20
drivers/ata/ahci.c | 2
drivers/ata/libata-eh.c | 11
drivers/ata/libata-sata.c | 15
drivers/ata/pata_pxa.c | 6
drivers/ata/sata_sx4.c | 13
drivers/base/devres.c | 7
drivers/block/loop.c | 7
drivers/bluetooth/btqca.c | 13
drivers/bluetooth/btrtl.c | 2
drivers/bluetooth/hci_ldisc.c | 19
drivers/bluetooth/hci_uart.h | 1
drivers/bluetooth/hci_vhci.c | 10
drivers/bus/mhi/host/main.c | 16
drivers/char/tpm/tpm-chip.c | 5
drivers/char/tpm/tpm-interface.c | 7
drivers/char/tpm/tpm_tis_core.c | 20
drivers/char/tpm/tpm_tis_core.h | 1
drivers/clk/qcom/clk-branch.c | 4
drivers/clk/qcom/gdsc.c | 61 +-
drivers/clocksource/timer-stm32-lp.c | 4
drivers/cpufreq/cpufreq.c | 8
drivers/crypto/caam/qi.c | 6
drivers/crypto/ccp/sp-pci.c | 15
drivers/firmware/efi/libstub/efistub.h | 2
drivers/gpio/gpio-tegra186.c | 27 -
drivers/gpio/gpio-zynq.c | 1
drivers/gpu/drm/Kconfig | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10
drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +-
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5
drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17
drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14
drivers/gpu/drm/amd/display/dc/dc.h | 2
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 -
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2
drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c | 2
drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5
drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2
drivers/gpu/drm/drm_atomic_helper.c | 2
drivers/gpu/drm/drm_panel.c | 5
drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 ++
drivers/gpu/drm/i915/gt/intel_engine_cs.c | 3
drivers/gpu/drm/i915/gt/intel_mocs.c | 4
drivers/gpu/drm/i915/gt/intel_rc6.c | 19
drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11
drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1
drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1
drivers/gpu/drm/i915/gvt/opregion.c | 7
drivers/gpu/drm/i915/i915_debugfs.c | 2
drivers/gpu/drm/i915/selftests/i915_selftest.c | 54 ++
drivers/gpu/drm/mediatek/mtk_dpi.c | 23 -
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 +--
drivers/gpu/drm/nouveau/nouveau_bo.c | 3
drivers/gpu/drm/nouveau/nouveau_gem.c | 3
drivers/gpu/drm/sti/Makefile | 2
drivers/gpu/drm/tests/drm_client_modeset_test.c | 3
drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10
drivers/gpu/drm/tests/drm_kunit_helpers.c | 213 +++++++++
drivers/gpu/drm/tests/drm_modes_test.c | 22 +
drivers/gpu/drm/tests/drm_probe_helper_test.c | 8
drivers/gpu/drm/tiny/repaper.c | 4
drivers/hid/Kconfig | 14
drivers/hid/Makefile | 1
drivers/hid/hid-ids.h | 31 +
drivers/hid/hid-universal-pidff.c | 197 +++++++++
drivers/hid/usbhid/hid-pidff.c | 173 +++++--
drivers/hsi/clients/ssi_protocol.c | 1
drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3
drivers/i2c/i2c-atr.c | 2
drivers/i3c/master.c | 3
drivers/i3c/master/svc-i3c-master.c | 2
drivers/infiniband/core/cma.c | 4
drivers/infiniband/core/umem_odp.c | 6
drivers/infiniband/hw/hns/hns_roce_main.c | 2
drivers/infiniband/hw/usnic/usnic_ib_main.c | 14
drivers/iommu/iommufd/device.c | 18
drivers/iommu/mtk_iommu.c | 26 -
drivers/leds/rgb/leds-qcom-lpg.c | 8
drivers/mailbox/tegra-hsp.c | 72 ++-
drivers/md/dm-ebs-target.c | 7
drivers/md/dm-integrity.c | 3
drivers/md/dm-verity-target.c | 8
drivers/md/md-bitmap.c | 5
drivers/md/md.c | 22 -
drivers/md/raid10.c | 1
drivers/media/common/siano/smsdvb-main.c | 2
drivers/media/i2c/adv748x/adv748x.h | 2
drivers/media/i2c/ccs/ccs-core.c | 6
drivers/media/i2c/imx219.c | 13
drivers/media/i2c/ov7251.c | 4
drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5
drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp9_req_lat_if.c | 3
drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c | 6
drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++-
drivers/media/platform/qcom/venus/hfi_venus.c | 18
drivers/media/platform/st/stm32/dma2d/dma2d.c | 3
drivers/media/rc/streamzap.c | 68 +--
drivers/media/test-drivers/vim2m.c | 6
drivers/media/test-drivers/visl/visl-core.c | 12
drivers/media/usb/uvc/uvc_driver.c | 9
drivers/media/v4l2-core/v4l2-dv-timings.c | 4
drivers/mfd/ene-kb3930.c | 2
drivers/misc/pci_endpoint_test.c | 6
drivers/mmc/host/dw_mmc.c | 94 ++++
drivers/mmc/host/dw_mmc.h | 27 +
drivers/mtd/inftlcore.c | 9
drivers/mtd/mtdpstore.c | 12
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2
drivers/mtd/nand/raw/r852.c | 3
drivers/net/dsa/b53/b53_common.c | 10
drivers/net/dsa/mv88e6xxx/chip.c | 30 +
drivers/net/dsa/mv88e6xxx/devlink.c | 3
drivers/net/ethernet/amd/pds_core/debugfs.c | 5
drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1
drivers/net/ethernet/google/gve/gve_ethtool.c | 4
drivers/net/ethernet/intel/igc/igc.h | 1
drivers/net/ethernet/intel/igc/igc_defines.h | 6
drivers/net/ethernet/intel/igc/igc_main.c | 1
drivers/net/ethernet/intel/igc/igc_ptp.c | 113 +++--
drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 10
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 19
drivers/net/ethernet/ti/am65-cpsw-nuss.h | 2
drivers/net/ethernet/ti/icssg/icss_iep.c | 154 ++++---
drivers/net/ethernet/wangxun/libwx/wx_lib.c | 3
drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3
drivers/net/phy/sfp.c | 2
drivers/net/ppp/ppp_synctty.c | 5
drivers/net/usb/asix_devices.c | 17
drivers/net/usb/cdc_ether.c | 7
drivers/net/usb/r8152.c | 6
drivers/net/usb/r8153_ecm.c | 6
drivers/net/wireless/ath/ath12k/dp_mon.c | 2
drivers/net/wireless/ath/ath12k/dp_rx.c | 42 +
drivers/net/wireless/atmel/at76c50x-usb.c | 2
drivers/net/wireless/mediatek/mt76/eeprom.c | 4
drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1
drivers/net/wireless/realtek/rtw89/core.c | 2
drivers/net/wireless/realtek/rtw89/core.h | 6
drivers/net/wireless/realtek/rtw89/pci.c | 10
drivers/net/wireless/ti/wl1251/tx.c | 4
drivers/ntb/ntb_transport.c | 2
drivers/nvme/host/rdma.c | 8
drivers/nvme/target/fc.c | 14
drivers/nvme/target/fcloop.c | 2
drivers/of/irq.c | 80 ++-
drivers/pci/controller/pcie-brcmstb.c | 13
drivers/pci/controller/vmd.c | 12
drivers/pci/pci.c | 4
drivers/pci/probe.c | 5
drivers/perf/arm_pmu.c | 8
drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11
drivers/pinctrl/qcom/pinctrl-msm.c | 12
drivers/platform/x86/asus-laptop.c | 9
drivers/ptp/ptp_ocp.c | 1
drivers/pwm/pwm-fsl-ftm.c | 6
drivers/pwm/pwm-mediatek.c | 8
drivers/pwm/pwm-rcar.c | 24 -
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14
drivers/scsi/megaraid/megaraid_sas_base.c | 9
drivers/scsi/megaraid/megaraid_sas_fusion.c | 5
drivers/scsi/scsi_transport_iscsi.c | 7
drivers/scsi/st.c | 2
drivers/soc/samsung/exynos-chipid.c | 2
drivers/spi/spi-cadence-quadspi.c | 6
drivers/target/target_core_spc.c | 2
drivers/thermal/rockchip_thermal.c | 1
drivers/ufs/host/ufs-exynos.c | 6
drivers/usb/typec/ucsi/ucsi_ccg.c | 5
drivers/vdpa/mlx5/core/mr.c | 7
drivers/video/backlight/led_bl.c | 5
drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6
drivers/xen/balloon.c | 34 +
drivers/xen/xenfs/xensyms.c | 4
fs/Kconfig | 1
fs/btrfs/disk-io.c | 12
fs/btrfs/inode.c | 6
fs/btrfs/super.c | 3
fs/btrfs/zoned.c | 6
fs/ext4/inode.c | 68 ++-
fs/ext4/namei.c | 2
fs/ext4/super.c | 17
fs/ext4/xattr.c | 11
fs/f2fs/checkpoint.c | 21
fs/f2fs/f2fs.h | 32 +
fs/f2fs/inode.c | 8
fs/f2fs/node.c | 110 +----
fs/f2fs/super.c | 4
fs/file.c | 26 -
fs/fuse/virtio_fs.c | 3
fs/hfs/bnode.c | 6
fs/hfsplus/bnode.c | 6
fs/isofs/export.c | 2
fs/jbd2/journal.c | 1
fs/jfs/jfs_dmap.c | 10
fs/jfs/jfs_imap.c | 4
fs/namespace.c | 3
fs/nfs/Kconfig | 2
fs/nfs/internal.h | 7
fs/nfs/nfs4session.h | 4
fs/nfsd/Kconfig | 1
fs/nfsd/nfs4state.c | 2
fs/nfsd/nfsfh.h | 7
fs/overlayfs/overlayfs.h | 2
fs/overlayfs/super.c | 5
fs/smb/client/cifsproto.h | 2
fs/smb/client/connect.c | 36 -
fs/smb/client/file.c | 28 +
fs/smb/client/fs_context.c | 5
fs/smb/client/inode.c | 10
fs/smb/client/reparse.c | 4
fs/smb/client/smb2misc.c | 9
fs/smb/server/oplock.c | 29 -
fs/smb/server/oplock.h | 1
fs/smb/server/smb2pdu.c | 4
fs/smb/server/transport_ipc.c | 7
fs/smb/server/vfs.c | 3
fs/udf/inode.c | 1
fs/userfaultfd.c | 51 +-
include/drm/drm_kunit_helpers.h | 28 +
include/linux/backing-dev.h | 1
include/linux/hid.h | 9
include/linux/nfs.h | 7
include/linux/pgtable.h | 14
include/linux/rtnetlink.h | 22 +
include/linux/tpm.h | 1
include/net/sctp/structs.h | 3
include/net/xdp.h | 9
include/uapi/linux/kfd_ioctl.h | 2
include/uapi/linux/landlock.h | 2
include/xen/interface/xen-mca.h | 2
io_uring/kbuf.c | 2
io_uring/net.c | 2
kernel/locking/lockdep.c | 3
kernel/sched/cpufreq_schedutil.c | 18
kernel/trace/ftrace.c | 8
kernel/trace/trace_events.c | 4
kernel/trace/trace_events_filter.c | 4
kernel/trace/trace_events_synth.c | 1
kernel/trace/trace_probe.c | 28 +
lib/sg_split.c | 2
lib/string.c | 13
lib/zstd/common/portability_macros.h | 2
mm/filemap.c | 1
mm/gup.c | 4
mm/hugetlb.c | 2
mm/memory-failure.c | 11
mm/memory.c | 4
mm/mremap.c | 10
mm/page_vma_mapped.c | 13
mm/rmap.c | 2
mm/vmscan.c | 2
net/8021q/vlan_dev.c | 31 -
net/bluetooth/hci_event.c | 5
net/bluetooth/l2cap_core.c | 21
net/bridge/br_vlan.c | 4
net/core/filter.c | 80 ++-
net/core/page_pool.c | 8
net/dsa/dsa.c | 59 ++
net/dsa/tag_8021q.c | 2
net/ethtool/netlink.c | 8
net/ipv6/route.c | 8
net/mac80211/iface.c | 3
net/mac80211/mesh_hwmp.c | 14
net/mctp/af_mctp.c | 3
net/mptcp/sockopt.c | 28 +
net/mptcp/subflow.c | 19
net/netfilter/nft_set_pipapo_avx2.c | 3
net/openvswitch/flow_netlink.c | 3
net/sched/cls_api.c | 74 ++-
net/sched/sch_codel.c | 5
net/sched/sch_fq_codel.c | 6
net/sched/sch_sfq.c | 66 ++-
net/sctp/socket.c | 22 -
net/sctp/transport.c | 2
net/tipc/link.c | 1
net/tls/tls_main.c | 6
scripts/sign-file.c | 132 +++---
scripts/ssl-common.h | 32 +
security/landlock/errata.h | 87 +++
security/landlock/setup.c | 30 +
security/landlock/setup.h | 3
security/landlock/syscalls.c | 22 -
sound/pci/hda/hda_intel.c | 44 +-
sound/pci/hda/patch_realtek.c | 1
sound/soc/amd/yc/acp6x-mach.c | 14
sound/soc/codecs/cs42l43-jack.c | 3
sound/soc/codecs/lpass-wsa-macro.c | 117 +++--
sound/soc/dwc/dwc-i2s.c | 13
sound/soc/fsl/fsl_audmix.c | 16
sound/soc/intel/avs/pcm.c | 3
sound/soc/qcom/lpass.h | 3
sound/soc/qcom/qdsp6/q6apm-dai.c | 9
sound/soc/qcom/qdsp6/q6apm.c | 18
sound/soc/qcom/qdsp6/q6apm.h | 3
sound/soc/qcom/qdsp6/q6asm-dai.c | 19
sound/soc/sof/topology.c | 4
sound/usb/midi.c | 80 +++
tools/objtool/check.c | 5
tools/power/cpupower/bench/parse.c | 4
tools/testing/ktest/ktest.pl | 8
tools/testing/kunit/qemu_configs/sh.py | 4
tools/testing/radix-tree/linux.c | 4
tools/testing/selftests/futex/functional/futex_wait_wouldblock.c | 2
tools/testing/selftests/landlock/base_test.c | 46 ++
tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4
tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 2
tools/testing/selftests/net/mptcp/diag.sh | 23 -
tools/testing/selftests/net/mptcp/mptcp_connect.c | 11
tools/testing/selftests/net/mptcp/mptcp_connect.sh | 19
tools/testing/selftests/net/mptcp/mptcp_join.sh | 20
tools/testing/selftests/net/mptcp/mptcp_lib.sh | 18
tools/testing/selftests/net/mptcp/simult_flows.sh | 19
376 files changed, 4203 insertions(+), 1859 deletions(-)
Abdun Nihaal (5):
wifi: at76c50x: fix use after free access in at76_disconnect
wifi: wl1251: fix memory leak in wl1251_tx_work
pds_core: fix memory leak in pdsc_debugfs_add_qcq()
net: ngbe: fix memory leak in ngbe_probe() error path
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
Abel Vesa (2):
leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs
Abhinav Kumar (1):
drm: allow encoder mode_set even when connectors change for crtc
Ajit Pandey (1):
clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks
Akhil P Oommen (1):
drm/msm/a6xx: Fix stale rpmh votes from GPU
Alain Volmat (1):
dt-bindings: media: st,stmipid02: correct lane-polarities maxItems
Alex Williamson (1):
Revert "PCI: Avoid reset when disabled via sysfs"
Alexander Sverdlin (1):
net: ethernet: ti: am65-cpsw-nuss: rename phy_node -> port_np
Alexandra Diupina (1):
cifs: avoid NULL pointer dereference in dbg call
Alexandre Torgue (1):
clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup
Alexey Klimov (1):
ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
Andreas Gruenbacher (1):
writeback: fix false warning in inode_to_wb()
Andrew Wyatt (5):
drm: panel-orientation-quirks: Add support for AYANEO 2S
drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
drm: panel-orientation-quirks: Add new quirk for GPD Win 2
drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
Andy Shevchenko (1):
i2c: atr: Fix wrong include
AngeloGioacchino Del Regno (2):
drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
Ard Biesheuvel (1):
x86/boot/sev: Avoid shared GHCB page for early memory acceptance
Arnaud Lecomte (1):
net: ppp: Add bound checking for skb data on ppp_sync_txmung
Arnd Bergmann (2):
media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline
Arseniy Krasnov (2):
Bluetooth: hci_uart: fix race during initialization
Bluetooth: hci_uart: Fix another race during initialization
Artem Sadovnikov (1):
ext4: fix off-by-one error in do_split
Ayush Jain (1):
ktest: Fix Test Failures Due to Missing LOG_FILE Directories
Badal Nilawar (1):
drm/i915: Disable RPG during live selftest
Baoquan He (1):
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
Bhupesh (1):
ext4: ignore xattrs past end
Birger Koblitz (1):
net: sfp: add quirk for 2.5G OEM BX SFP
Björn Töpel (1):
riscv: Properly export reserved regions in /proc/iomem
Bo-Cun Chen (2):
net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps
net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings
Boqun Feng (1):
locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
Boris Burkov (1):
btrfs: fix qgroup reserve leaks in cow_file_range
Borislav Petkov (AMD) (1):
x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches
Brady Norander (1):
ASoC: dwc: always enable/disable i2s irqs
Brendan Tam (1):
drm/amd/display: add workaround flag to link to force FFE preset
Bryan O'Donoghue (2):
clk: qcom: gdsc: Release pm subdomains in reverse add order
clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
Chandrakanth Patil (1):
scsi: megaraid_sas: Block zero-length ATA VPD inquiry
Chao Yu (3):
f2fs: don't retry IO for corrupted data scenario
f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
Revert "f2fs: rebuild nat_bits during umount"
Chaohai Chen (1):
scsi: target: spc: Fix RSOC parameter data header size
Charles Keepax (1):
ASoC: cs42l43: Reset clamp override on jack removal
Chen-Yu Tsai (1):
arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
Chengchang Tang (1):
RDMA/hns: Fix wrong maximum DMA segment size
Chenyuan Yang (3):
net: libwx: handle page_pool_dev_alloc_pages error
soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
mfd: ene-kb3930: Fix a potential NULL pointer dereference
Chris Bainbridge (1):
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
Christian König (1):
drm/amdgpu: grab an additional reference on the gang fence v2
Christopher S M Hall (6):
igc: fix PTM cycle trigger logic
igc: increase wait time before retrying PTM
igc: move ktime snapshot into PTM retry loop
igc: handle the IGC_PTP_ENABLED flag correctly
igc: cleanup PTP module if probe fails
igc: add lock preventing multiple simultaneous PTM transactions
Chunguang.xu (1):
nvme-rdma: unquiesce admin_q before destroy it
Chunjie Zhu (1):
smb3 client: fix open hardlink on deferred close file error
Cong Liu (1):
selftests: mptcp: fix incorrect fd checks in main_loop
Cong Wang (1):
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Dan Carpenter (2):
Bluetooth: btrtl: Prevent potential NULL dereference
usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
Daniel Kral (1):
ahci: add PCI ID for Marvell 88SE9215 SATA Controller
Daniel Wagner (1):
nvmet-fcloop: swap list_add_tail arguments
Daniele Ceraolo Spurio (1):
drm/i915/dg2: wait for HuC load completion before running selftests
Dapeng Mi (1):
perf/x86/intel: Allow to update user space GPRs from PEBS records
David Hildenbrand (1):
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
David Yat Sin (1):
drm/amdkfd: clamp queue size to minimum
Denis Arefev (8):
asus-laptop: Fix an uninitialized variable
ksmbd: Prevent integer overflow in calculation of deadtime
drm/amd/pm: Prevent division by zero
drm/amd/pm/powerplay: Prevent division by zero
drm/amd/pm/smu11: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
Dmitry Baryshkov (1):
Bluetooth: qca: simplify WCN399x NVM loading
Douglas Anderson (6):
arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
arm64: cputype: Add MIDR_CORTEX_A76AE
arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists
Edward Adam Davis (3):
jfs: Prevent copying of nlink with value 0 from disk inode
jfs: add sanity check for agwidth in dbMount
isofs: Prevent the use of too small fid
Edward Liaw (1):
selftests/futex: futex_waitv wouldblock test should fail
Eric Biggers (1):
nfs: add missing selections of CONFIG_CRC32
Evgeny Pimenov (1):
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
Fedor Pchelkin (1):
ntb: use 64-bit arithmetic for the MSI doorbell mask
Filipe Manana (1):
btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers
Florian Westphal (1):
nft_set_pipapo: fix incorrect avx2 match of 5th field octet
Frédéric Danis (2):
Bluetooth: l2cap: Check encryption key size on incoming connection
Bluetooth: l2cap: Process valid commands in too long frame
GONG Ruiqi (1):
usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
Gabriele Paoloni (1):
tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER
Gang Yan (1):
mptcp: fix NULL pointer in can_accept_new_subflow
Gavrilov Ilia (1):
wifi: mac80211: fix integer overflow in hwmp_route_info_get()
Geliang Tang (2):
selftests: mptcp: close fd_in before returning in main_loop
selftests: mptcp: add mptcp_lib_wait_local_port_listen
Giuseppe Scrivano (1):
ovl: remove unused forward declaration
Greg Kroah-Hartman (1):
Linux 6.6.88
Guixin Liu (1):
gpio: tegra186: fix resource handling in ACPI probe path
Haisu Wang (1):
btrfs: fix the length of reserved qgroup to free
Hamza Mahfooz (1):
efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
Haoxiang Li (1):
wifi: mt76: Add check for devm_kstrdup()
Hariprasad Kelam (1):
octeontx2-pf: qos: fix VF root node parent queue index
Harish Chegondi (1):
drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+
Henry Martin (2):
ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
Herbert Xu (1):
crypto: caam/qi - Fix drv_ctx refcount bug
Hersen Wu (1):
drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
Herve Codina (1):
backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
Icenowy Zheng (1):
wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
Ido Schimmel (1):
ipv6: Align behavior across nexthops during path selection
Ilya Maximets (1):
net: openvswitch: fix nested key length validation in the set() action
Ingo Molnar (1):
zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault
Jakub Kicinski (3):
net: tls: explicitly disallow disconnect
netlink: specs: rt-link: add an attr layer around alt-ifname
netlink: specs: rt-link: adjust mctp attribute naming
Jamal Hadi Salim (1):
rtnl: add helper to check if rtnl group has listeners
Jan Beulich (1):
xenfs/xensyms: respect hypervisor's "next" indication
Jan Kara (2):
udf: Fix inode_getblk() return value
jbd2: remove wrong sb->s_sequence check
Jan Stancek (3):
sign-file,extract-cert: move common SSL helper functions to a header
sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
Jane Chu (1):
mm: make page_mapped_in_vma() hugetlb walk aware
Jani Nikula (2):
drm/i915/mocs: use to_gt() instead of direct &i915->gt
drm/i915/gvt: fix unterminated-string-initialization warning
Jann Horn (1):
ext4: don't treat fhandle lookup of ea_inode as FS corruption
Janusz Krzysztofik (1):
drm/i915/huc: Fix fence not released on early probe errors
Jason Xing (1):
page_pool: avoid infinite loop to schedule delayed worker
Jeff Hugo (1):
bus: mhi: host: Fix race between unprepare and queue_buf
Jens Axboe (1):
io_uring/kbuf: reject zero sized provided buffers
Jiasheng Jiang (4):
media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization
media: platform: stm32: Add check for clk_enable()
mtd: Add check for devm_kcalloc()
mtd: Replace kcalloc() with devm_kcalloc()
Jinjie Ruan (1):
drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic()
Johannes Berg (1):
Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Johannes Kimmel (1):
btrfs: correctly escape subvol in btrfs_show_options()
Johannes Thumshirn (2):
btrfs: zoned: fix zone activation with missing devices
btrfs: zoned: fix zone finishing with missing devices
Jonas Gorski (2):
net: b53: enable BPDU reception for management port
net: bridge: switchdev: do not notify new brentries as changed
Jonathan McDowell (2):
tpm, tpm_tis: Workaround failed command reception on Infineon devices
tpm, tpm_tis: Fix timeout handling when waiting for TPM status
Josh Poimboeuf (2):
objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret()
pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
Joshua Washington (1):
gve: handle overflow when reporting TX consumed descriptors
Kai Mäkisara (1):
scsi: st: Fix array overflow in st_setup()
Kaixin Wang (1):
HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
Kamal Dasu (1):
mtd: rawnand: brcmnand: fix PM resume warning
Kan Liang (3):
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
Karina Yankevich (1):
media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
Karolina Stolarek (1):
drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled
Kartik Rajput (1):
mailbox: tegra-hsp: Define dimensioning masks in SoC data
Kaustabh Chakraborty (1):
mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves
Kees Cook (2):
xen/mcelog: Add __nonstring annotations for unterminated strings
Bluetooth: vhci: Avoid needless snprintf() calls
Kirill A. Shutemov (2):
x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
mm: fix apply_to_existing_page_range()
Krzysztof Kozlowski (3):
dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg'
dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg'
gpio: zynq: Fix wakeup source leaks on device unbind
Kunihiko Hayashi (3):
misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error
misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
Kuniyuki Iwashima (2):
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
Revert "smb: client: fix TCP timers deadlock after rmmod"
Leonid Arapov (1):
fbdev: omapfb: Add 'plane' value check
Li Lingfeng (1):
nfsd: decrease sc_count directly if fail to queue dl_recall
Lorenzo Stoakes (1):
mm/mremap: correctly handle partial mremap() of VMA starting at 0
Louis-Alexis Eyraud (1):
iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
Luca Ceresoli (1):
drm/bridge: panel: forbid initializing a panel with unknown connector type
Lucas De Marchi (1):
drivers: base: devres: Allow to release group on device release
Luiz Augusto von Dentz (1):
Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
Ma Ke (1):
PCI: Fix reference leak in pci_alloc_child_bus()
Maksim Davydov (1):
x86/split_lock: Fix the delayed detection logic
Manish Dharanenthiran (1):
wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
Manjunatha Venkatesh (1):
i3c: Add NULL pointer check in i3c_master_queue_ibi()
Marc Herbert (1):
mm/hugetlb: move hugetlb_sysctl_init() to the __init section
Marek Behún (1):
net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family
Mario Limonciello (1):
drm/amd: Handle being compiled without SI or CIK support better
Mark Brown (1):
selftests/mm: generate a temporary mountpoint for cgroup filesystem
Mark Rutland (1):
perf: arm_pmu: Don't disable counter in armpmu_add()
Masami Hiramatsu (Google) (1):
tracing: probe-events: Add comments about entry data storing code
Mateusz Guzik (1):
fs: consistently deref the files table with rcu_dereference_raw()
Mathieu Desnoyers (1):
mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
Matt Johnston (1):
net: mctp: Set SOCK_RCU_FREE
Matthew Auld (1):
drm/amdgpu/dma_buf: fix page_link check
Matthew Majewski (1):
media: vim2m: print device name after registering device
Matthew Wilcox (Oracle) (2):
x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW
test suite: use %zu to print size_t
Matthieu Baerts (NGI0) (3):
mptcp: sockopt: fix getting IPV6_V6ONLY
mptcp: only inc MPJoinAckHMacFailure for HMAC failures
mptcp: sockopt: fix getting freebind & transparent
Max Grobecker (1):
x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine
Max Schulze (1):
net: usb: asix_devices: add FiberGecko DeviceID
Maxim Mikityanskiy (2):
ALSA: hda: intel: Fix Optimus when GPU has no sound
ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
Maxime Chevallier (1):
net: ethtool: Don't call .cleanup_data when prepare_data fails
Maxime Ripard (8):
drm/tests: modeset: Fix drm_display_mode memory leak
drm/tests: helpers: Add atomic helpers
drm/tests: Add helper to create mock plane
drm/tests: Add helper to create mock crtc
drm/tests: helpers: Create kunit helper to destroy a drm_display_mode
drm/tests: cmdline: Fix drm_display_mode memory leak
drm/tests: modes: Fix drm_display_mode memory leak
drm/tests: probe-helper: Fix drm_display_mode memory leak
Meghana Malladi (3):
net: ti: icss-iep: Add pwidth configuration for perout signal
net: ti: icss-iep: Add phase offset configuration for perout signal
net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
Menglong Dong (1):
ftrace: fix incorrect hash size in register_ftrace_direct()
Miaoqian Lin (1):
scsi: iscsi: Fix missing scsi_host_put() in error path
Michael Walle (1):
net: ethernet: ti: am65-cpsw: fix port_np reference counting
Mickaël Salaün (1):
landlock: Add the errata interface
Miklos Szeredi (1):
ovl: don't allow datadir only
Mikulas Patocka (3):
dm-ebs: fix prefetch-vs-suspend race
dm-integrity: set ti->error on memory allocation failure
dm-verity: fix prefetch-vs-suspend race
Miquel Raynal (1):
spi: cadence-qspi: Fix probe on AM62A LP SK
Murad Masimov (1):
media: streamzap: prevent processing IR data on URB failure
Myrrh Periwinkle (1):
x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions()
Namjae Jeon (2):
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
ksmbd: fix the warning from __kernel_write_iter
Nathan Chancellor (3):
ACPI: platform-profile: Fix CFI violation when accessing sysfs files
riscv: Avoid fortify warning in syscall_get_arguments()
kbuild: Add '-fno-builtin-wcslen'
Nathan Lynch (1):
powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
Nicolas Dufresne (1):
media: visl: Fix ERANGE error when setting enum controls
Nicolin Chen (1):
iommufd: Fix uninitialized rc in iommufd_access_rw()
Nikita Zhandarovich (1):
drm/repaper: fix integer overflows in repeat functions
Niklas Cassel (2):
ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
ata: libata-sata: Save all fields from sense data descriptor
Niklas Söderlund (1):
media: i2c: adv748x: Fix test pattern selection mask
Octavian Purdila (2):
net_sched: sch_sfq: use a temporary work area for validating configuration
net_sched: sch_sfq: move the limit validation
Ojaswin Mujoo (1):
ext4: protect ext4_release_dquot against freezing
P Praneesh (1):
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
Pali Rohár (1):
cifs: Ensure that all non-client-specific reparse points are processed by the server
Pavel Begunkov (1):
io_uring/net: fix accept multishot handling
Pedro Tammela (1):
net/sched: cls_api: conditional notification of events
Peter Collingbourne (1):
string: Add load_unaligned_zeropad() code path to sized_strscpy()
Peter Griffin (1):
scsi: ufs: exynos: Ensure consistent phy reference counts
Peter Xu (1):
mm/userfaultfd: fix release hang over concurrent GUP
Philip Yang (3):
drm/amdkfd: Fix mode1 reset crash issue
drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
drm/amdkfd: debugfs hang_hws skip GPU with MES
Philipp Hahn (1):
cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk
Ping-Ke Shih (2):
wifi: rtw89: pci: add pre_deinit to be called after probe complete
wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit
Piotr Jaroszynski (1):
Fix mmu notifiers for range-based invalidates
Rafael J. Wysocki (2):
cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
cpufreq: Reference count policy in cpufreq_update_limits()
Rand Deeb (2):
fs/jfs: cast inactags to s64 to prevent potential overflow
fs/jfs: Prevent integer overflow in AG size calculation
Remi Pommarel (2):
wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
Ricard Wanderlof (1):
ALSA: usb-audio: Fix CME quirk for UF series keyboards
Ricardo Cañuelo Navarro (1):
sctp: detect and prevent references to a freed transport in sendmsg
Ricardo Ribalda (1):
media: uvcvideo: Add quirk for Actions UVC05
Roger Pau Monne (3):
x86/xen: fix balloon target initialization for PVH dom0
x86/xen: move xen_reserve_extra_memory()
x86/xen: fix memblock_reserve() usage on PVH
Rolf Eike Beer (1):
drm/sti: remove duplicate object names
Roman Smirnov (1):
cifs: fix integer overflow in match_server()
Ryan Roberts (3):
sparc/mm: disable preemption in lazy mmu mode
sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes
mm: fix lazy mmu docs and usage
Ryo Takakura (1):
PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
Sagi Maimon (1):
ptp: ocp: fix start time alignment in ptp_ocp_signal_set
Sakari Ailus (5):
media: i2c: ccs: Set the device's runtime PM status correctly in remove
media: i2c: ccs: Set the device's runtime PM status correctly in probe
media: i2c: ov7251: Set enable GPIO low in probe
media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
media: i2c: imx219: Rectify runtime PM handling in probe and remove
Sandipan Das (1):
x86/cpu/amd: Fix workaround for erratum 1054
Sean Christopherson (2):
KVM: x86: Explicitly zero-initialize on-stack CPUID unions
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
Sean Heelan (1):
ksmbd: Fix dangling pointer in krb_authenticate
Sebastian Andrzej Siewior (1):
xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
Sharath Srinivasan (1):
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
Shay Drory (1):
RDMA/core: Silence oversized kvmalloc() warning
Shengjiu Wang (1):
ASoC: fsl_audmix: register card device depends on 'dais' property
Shuai Xue (1):
mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
Si-Wei Liu (1):
vdpa/mlx5: Fix oversized null mkey longer than 32bit
Srinivas Kandagatla (5):
ASoC: q6apm: add q6apm_get_hw_pointer helper
ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.
ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.
ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
Stanimir Varbanov (1):
PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
Stanislav Fomichev (1):
net: vlan: don't propagate flags on open
Stanley Chu (1):
i3c: master: svc: Use readsb helper for reading MDB
Stefan Eichenberger (1):
phy: freescale: imx8m-pcie: assert phy reset and perst in power off
Stephan Gerhold (1):
pinctrl: qcom: Clear latched interrupt status when changing IRQ type
Steve French (1):
smb311 client: fix missing tcon check when mounting with linux/posix extensions
Steven Rostedt (2):
tracing: Do not add length to print format in synthetic events
tracing: Fix filter string testing
Syed Saba kareem (1):
ASoC: amd: yc: update quirk data for new Lenovo model
T Pratham (1):
lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets
Takashi Iwai (1):
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
Taniya Das (1):
clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
Thadeu Lima de Souza Cascardo (2):
tpm: do not start chip while suspended
i2c: cros-ec-tunnel: defer probe if parent EC is not present
Thomas Weißschuh (3):
kunit: qemu_configs: SH: Respect kunit cmdline
loop: properly send KOBJ_CHANGED uevent for disk device
loop: LOOP_SET_FD: send uevents for partitions
Toke Høiland-Jørgensen (1):
tc: Ensure we have enough buffer space when sending filter netlink notifications
Tom Lendacky (1):
crypto: ccp - Fix check for the primary ASP device
Tomasz Pakuła (10):
HID: pidff: Convert infinite length from Linux API to PID standard
HID: pidff: Do not send effect envelope if it's empty
HID: pidff: Add MISSING_DELAY quirk and its detection
HID: pidff: Add MISSING_PBO quirk and its detection
HID: pidff: Add PERMISSIVE_CONTROL quirk
HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol
HID: pidff: Add FIX_WHEEL_DIRECTION quirk
HID: Add hid-universal-pidff driver and supported device ids
HID: pidff: Add PERIODIC_SINE_ONLY quirk
HID: pidff: Fix null pointer dereference in pidff_find_fields
Trevor Woerner (1):
thermal/drivers/rockchip: Add missing rk3328 mapping entry
Trond Myklebust (1):
umount: Allow superblock owners to force umount
Tung Nguyen (1):
tipc: fix memory leak in tipc_link_xmit
Uwe Kleine-König (2):
pwm: rcar: Improve register calculation
pwm: fsl-ftm: Handle clk_get_rate() returning 0
Vasiliy Kovalev (1):
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
Victor Nogueira (1):
rtnl: add helper to check if a notification is needed
Vikash Garodia (4):
media: venus: hfi: add a check to handle OOB in sfr region
media: venus: hfi: add check to handle incorrect queue size
media: venus: hfi_parser: add check to avoid out of bound access
media: venus: hfi_parser: refactor hfi packet parsing logic
Vishal Annapurve (1):
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
Vishal Moola (Oracle) (1):
mm: fix filemap_get_folios_contig returning batches of identical folios
Vladimir Oltean (5):
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
net: dsa: clean up FDB, MDB, VLAN entries on unbind
net: dsa: free routing table on probe failure
net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
WangYuli (6):
riscv: KGDB: Do not inline arch_kgdb_breakpoint()
riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
nvmet-fc: Remove unused functions
MIPS: dec: Declare which_prom() as static
MIPS: cevt-ds1287: Add missing ds1287.h include
MIPS: ds1287: Match ds1287_set_base_clock() function types
Wentao Liang (4):
ata: sata_sx4: Add error handling in pdc20621_i2c_read()
drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
mtd: inftlcore: Add error check for inftl_read_oob()
mtd: rawnand: Add status chack in r852_ready()
Will Deacon (1):
KVM: arm64: Tear down vGIC on failed vCPU creation
Willem de Bruijn (1):
bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
Xiangsheng Hou (1):
virtiofs: add filesystem context source name check
Xin Li (Intel) (1):
x86/ia32: Leave NULL selector values 0~3 unchanged
Xingui Yang (1):
scsi: hisi_sas: Enable force phy when SATA disk directly connected
Yeongjin Gil (1):
f2fs: fix to avoid atomicity corruption of atomic file
Yi Liu (1):
iommufd: Fail replace if device has not been attached
Yu Kuai (2):
md/raid10: fix missing discard IO accounting
md: fix mddev uaf while iterating all_mddevs list
Yu-Chun Lin (1):
drm/tests: helpers: Fix compiler warning
Yuan Can (1):
media: siano: Fix error handling in smsdvb_module_init()
Yue Haibing (1):
RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
Yuli Wang (1):
LoongArch: Eliminate superfluous get_numa_distances_cnt()
Zhang Heng (1):
ASoC: SOF: topology: Use krealloc_array() to replace krealloc()
Zheng Qixing (2):
md/md-bitmap: fix stats collection for external bitmaps
block: fix resource leak in blk_register_queue() error path
Zhenhua Huang (1):
arm64: mm: Correct the update of max_pfn
Zhikai Zhai (1):
drm/amd/display: Update Cursor request mode to the beginning prefetch always
Zhongqiu Han (2):
pm: cpupower: bench: Prevent NULL dereference on malloc failure
jfs: Fix uninit-value access of imap allocated in the diMount() function
Zijun Hu (5):
of/irq: Fix device node refcount leakage in API of_irq_parse_one()
of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
of/irq: Fix device node refcount leakages in of_irq_count()
of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
of/irq: Fix device node refcount leakages in of_irq_init()
keenplify (1):
ASoC: amd: Add DMI quirk for ACP6X mic support
zhoumin (1):
ftrace: Add cond_resched() to ftrace_graph_set_hash()
5 months
- 1
- 1
Linux 6.1.135
by Greg Kroah-Hartman
I'm announcing the release of the 6.1.135 kernel.
All users of the 6.1 kernel series must upgrade.
The updated 6.1.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
MAINTAINERS | 1
Makefile | 5
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6
arch/arm64/include/asm/cputype.h | 4
arch/arm64/include/asm/fpsimd.h | 4
arch/arm64/include/asm/kvm_host.h | 19
arch/arm64/include/asm/kvm_hyp.h | 1
arch/arm64/include/asm/processor.h | 7
arch/arm64/include/asm/spectre.h | 1
arch/arm64/kernel/fpsimd.c | 69 ++-
arch/arm64/kernel/process.c | 2
arch/arm64/kernel/proton-pack.c | 218 +++++-----
arch/arm64/kernel/ptrace.c | 3
arch/arm64/kernel/signal.c | 7
arch/arm64/kvm/arm.c | 7
arch/arm64/kvm/fpsimd.c | 92 +---
arch/arm64/kvm/hyp/entry.S | 5
arch/arm64/kvm/hyp/include/hyp/switch.h | 106 +++-
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 8
arch/arm64/kvm/hyp/nvhe/pkvm.c | 17
arch/arm64/kvm/hyp/nvhe/switch.c | 91 ++--
arch/arm64/kvm/hyp/vhe/switch.c | 12
arch/arm64/kvm/reset.c | 3
arch/arm64/mm/mmu.c | 3
arch/loongarch/kernel/acpi.c | 12
arch/loongarch/net/bpf_jit.c | 2
arch/loongarch/net/bpf_jit.h | 5
arch/mips/dec/prom/init.c | 2
arch/mips/include/asm/ds1287.h | 2
arch/mips/kernel/cevt-ds1287.c | 1
arch/powerpc/kernel/rtas.c | 4
arch/riscv/include/asm/kgdb.h | 9
arch/riscv/include/asm/syscall.h | 7
arch/riscv/kernel/kgdb.c | 6
arch/riscv/kernel/setup.c | 36 +
arch/sparc/mm/tlb.c | 5
arch/x86/events/intel/ds.c | 8
arch/x86/events/intel/uncore_snbep.c | 107 ----
arch/x86/kernel/cpu/amd.c | 2
arch/x86/kernel/cpu/intel.c | 20
arch/x86/kernel/e820.c | 17
arch/x86/kvm/x86.c | 4
arch/x86/platform/pvh/head.S | 7
block/blk-cgroup.c | 24 -
block/blk-cgroup.h | 1
block/blk-iocost.c | 7
certs/Makefile | 2
certs/extract-cert.c | 138 +++---
drivers/acpi/platform_profile.c | 20
drivers/ata/ahci.c | 2
drivers/ata/libata-eh.c | 11
drivers/ata/pata_pxa.c | 6
drivers/ata/sata_sx4.c | 13
drivers/base/devres.c | 7
drivers/block/loop.c | 7
drivers/bluetooth/btqca.c | 13
drivers/bluetooth/btrtl.c | 2
drivers/bluetooth/hci_ldisc.c | 19
drivers/bluetooth/hci_uart.h | 1
drivers/bus/mhi/host/main.c | 16
drivers/char/tpm/tpm_tis_core.c | 20
drivers/char/tpm/tpm_tis_core.h | 1
drivers/clk/qcom/gdsc.c | 61 +-
drivers/clocksource/timer-stm32-lp.c | 4
drivers/cpufreq/cpufreq.c | 8
drivers/crypto/caam/qi.c | 6
drivers/crypto/ccp/sp-pci.c | 15
drivers/gpio/gpio-tegra186.c | 27 -
drivers/gpio/gpio-zynq.c | 1
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10
drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +-
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10
drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17
drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 -
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2
drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5
drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4
drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2
drivers/gpu/drm/drm_atomic_helper.c | 2
drivers/gpu/drm/drm_panel.c | 5
drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 ++
drivers/gpu/drm/i915/gvt/opregion.c | 7
drivers/gpu/drm/mediatek/mtk_dpi.c | 23 -
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 72 +--
drivers/gpu/drm/nouveau/nouveau_bo.c | 3
drivers/gpu/drm/nouveau/nouveau_gem.c | 3
drivers/gpu/drm/sti/Makefile | 2
drivers/gpu/drm/tiny/repaper.c | 4
drivers/hid/usbhid/hid-pidff.c | 60 +-
drivers/hsi/clients/ssi_protocol.c | 1
drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3
drivers/i3c/master.c | 3
drivers/i3c/master/svc-i3c-master.c | 2
drivers/infiniband/core/cma.c | 4
drivers/infiniband/core/umem_odp.c | 6
drivers/infiniband/hw/hns/hns_roce_main.c | 2
drivers/infiniband/hw/usnic/usnic_ib_main.c | 14
drivers/iommu/mtk_iommu.c | 26 -
drivers/md/dm-ebs-target.c | 7
drivers/md/dm-integrity.c | 3
drivers/md/dm-verity-target.c | 8
drivers/md/md-bitmap.c | 5
drivers/md/md.c | 50 +-
drivers/md/raid10.c | 1
drivers/media/common/siano/smsdvb-main.c | 2
drivers/media/i2c/adv748x/adv748x.h | 2
drivers/media/i2c/ccs/ccs-core.c | 6
drivers/media/i2c/ov7251.c | 4
drivers/media/platform/mediatek/vcodec/vdec/vdec_vp9_req_lat_if.c | 3
drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++-
drivers/media/platform/qcom/venus/hfi_venus.c | 18
drivers/media/platform/st/stm32/dma2d/dma2d.c | 3
drivers/media/rc/streamzap.c | 68 +--
drivers/media/test-drivers/vim2m.c | 6
drivers/media/v4l2-core/v4l2-dv-timings.c | 4
drivers/mfd/ene-kb3930.c | 2
drivers/misc/pci_endpoint_test.c | 6
drivers/mmc/host/dw_mmc.c | 94 ++++
drivers/mmc/host/dw_mmc.h | 27 +
drivers/mtd/inftlcore.c | 9
drivers/mtd/mtdpstore.c | 12
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2
drivers/mtd/nand/raw/r852.c | 3
drivers/net/dsa/b53/b53_common.c | 10
drivers/net/dsa/mv88e6xxx/chip.c | 30 +
drivers/net/dsa/mv88e6xxx/devlink.c | 3
drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1
drivers/net/ethernet/google/gve/gve_ethtool.c | 4
drivers/net/ethernet/intel/igc/igc_defines.h | 1
drivers/net/ethernet/intel/igc/igc_main.c | 1
drivers/net/ethernet/intel/igc/igc_ptp.c | 93 ++--
drivers/net/ppp/ppp_synctty.c | 5
drivers/net/wireless/atmel/at76c50x-usb.c | 2
drivers/net/wireless/mediatek/mt76/eeprom.c | 4
drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1
drivers/net/wireless/ti/wl1251/tx.c | 4
drivers/ntb/ntb_transport.c | 2
drivers/nvme/target/fc.c | 14
drivers/nvme/target/fcloop.c | 2
drivers/of/irq.c | 80 ++-
drivers/pci/controller/pcie-brcmstb.c | 13
drivers/pci/controller/vmd.c | 12
drivers/pci/pci.c | 4
drivers/pci/probe.c | 5
drivers/perf/arm_pmu.c | 8
drivers/pinctrl/qcom/pinctrl-msm.c | 12
drivers/platform/x86/asus-laptop.c | 9
drivers/ptp/ptp_ocp.c | 1
drivers/pwm/pwm-fsl-ftm.c | 6
drivers/pwm/pwm-mediatek.c | 8
drivers/pwm/pwm-rcar.c | 24 -
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14
drivers/scsi/megaraid/megaraid_sas_base.c | 9
drivers/scsi/megaraid/megaraid_sas_fusion.c | 5
drivers/scsi/scsi_transport_iscsi.c | 7
drivers/scsi/st.c | 2
drivers/soc/samsung/exynos-chipid.c | 2
drivers/spi/spi-cadence-quadspi.c | 6
drivers/thermal/rockchip_thermal.c | 1
drivers/ufs/host/ufs-exynos.c | 6
drivers/vdpa/mlx5/core/mr.c | 7
drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6
drivers/xen/swiotlb-xen.c | 2
drivers/xen/xenfs/xensyms.c | 4
fs/Kconfig | 1
fs/btrfs/disk-io.c | 12
fs/btrfs/inode.c | 6
fs/btrfs/super.c | 3
fs/btrfs/zoned.c | 6
fs/ext4/inode.c | 68 ++-
fs/ext4/namei.c | 2
fs/ext4/super.c | 17
fs/ext4/xattr.c | 11
fs/f2fs/inode.c | 4
fs/f2fs/node.c | 9
fs/file.c | 26 -
fs/fuse/virtio_fs.c | 3
fs/hfs/bnode.c | 6
fs/hfsplus/bnode.c | 6
fs/isofs/export.c | 2
fs/jbd2/journal.c | 1
fs/jfs/jfs_dmap.c | 10
fs/jfs/jfs_imap.c | 4
fs/namespace.c | 3
fs/nfs/Kconfig | 2
fs/nfs/internal.h | 22 -
fs/nfs/nfs4session.h | 4
fs/nfsd/Kconfig | 1
fs/nfsd/nfs4state.c | 2
fs/nfsd/nfsfh.h | 7
fs/smb/client/cifs_dfs_ref.c | 34 +
fs/smb/client/cifsproto.h | 23 +
fs/smb/client/connect.c | 2
fs/smb/client/dir.c | 21
fs/smb/client/file.c | 28 +
fs/smb/client/fs_context.c | 5
fs/smb/client/smb2misc.c | 9
fs/smb/server/oplock.c | 2
fs/smb/server/smb2pdu.c | 6
fs/smb/server/transport_ipc.c | 7
fs/smb/server/vfs.c | 3
include/linux/backing-dev.h | 1
include/linux/bpf.h | 1
include/linux/nfs.h | 13
include/linux/rtnetlink.h | 22 +
include/linux/tpm.h | 1
include/net/sctp/structs.h | 3
include/uapi/linux/kfd_ioctl.h | 2
include/uapi/linux/landlock.h | 2
include/xen/interface/xen-mca.h | 2
io_uring/kbuf.c | 2
io_uring/net.c | 2
kernel/bpf/core.c | 19
kernel/bpf/syscall.c | 17
kernel/locking/lockdep.c | 3
kernel/sched/cpufreq_schedutil.c | 18
kernel/trace/ftrace.c | 1
kernel/trace/trace_events.c | 4
kernel/trace/trace_events_filter.c | 4
lib/sg_split.c | 2
lib/string.c | 13
mm/filemap.c | 1
mm/gup.c | 6
mm/memory-failure.c | 11
mm/memory.c | 4
mm/rmap.c | 2
mm/vmscan.c | 2
net/8021q/vlan_dev.c | 31 -
net/bluetooth/hci_event.c | 5
net/bluetooth/l2cap_core.c | 3
net/bridge/br_vlan.c | 4
net/core/filter.c | 80 ++-
net/core/page_pool.c | 8
net/dsa/tag_8021q.c | 2
net/ethtool/netlink.c | 8
net/ipv6/route.c | 8
net/mac80211/iface.c | 3
net/mac80211/mesh_hwmp.c | 14
net/mctp/af_mctp.c | 3
net/mptcp/sockopt.c | 28 +
net/mptcp/subflow.c | 19
net/netfilter/nft_set_pipapo_avx2.c | 3
net/openvswitch/flow_netlink.c | 3
net/sched/cls_api.c | 74 ++-
net/sched/sch_codel.c | 5
net/sched/sch_fq_codel.c | 6
net/sched/sch_sfq.c | 66 ++-
net/sctp/socket.c | 22 -
net/sctp/transport.c | 2
net/tipc/link.c | 1
net/tls/tls_main.c | 6
scripts/sign-file.c | 132 +++---
scripts/ssl-common.h | 32 +
security/landlock/errata.h | 87 +++
security/landlock/setup.c | 30 +
security/landlock/setup.h | 3
security/landlock/syscalls.c | 22 -
sound/pci/hda/hda_intel.c | 44 +-
sound/pci/hda/patch_realtek.c | 1
sound/soc/amd/yc/acp6x-mach.c | 7
sound/soc/codecs/lpass-wsa-macro.c | 117 +++--
sound/soc/fsl/fsl_audmix.c | 16
sound/soc/qcom/qdsp6/q6apm-dai.c | 9
sound/soc/qcom/qdsp6/q6asm-dai.c | 19
sound/usb/midi.c | 80 +++
tools/power/cpupower/bench/parse.c | 4
tools/testing/ktest/ktest.pl | 8
tools/testing/radix-tree/linux.c | 4
tools/testing/selftests/futex/functional/futex_wait_wouldblock.c | 2
tools/testing/selftests/landlock/base_test.c | 46 ++
tools/testing/selftests/net/mptcp/mptcp_connect.c | 7
279 files changed, 2897 insertions(+), 1409 deletions(-)
Abdun Nihaal (3):
wifi: at76c50x: fix use after free access in at76_disconnect
wifi: wl1251: fix memory leak in wl1251_tx_work
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
Abhinav Kumar (1):
drm: allow encoder mode_set even when connectors change for crtc
Akhil P Oommen (1):
drm/msm/a6xx: Fix stale rpmh votes from GPU
Alex Williamson (2):
Revert "PCI: Avoid reset when disabled via sysfs"
mm: Fix is_zero_page() usage in try_grab_page()
Alexandra Diupina (1):
cifs: avoid NULL pointer dereference in dbg call
Alexandre Torgue (1):
clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup
Alexey Klimov (1):
ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
Andreas Gruenbacher (1):
writeback: fix false warning in inode_to_wb()
Andrew Wyatt (5):
drm: panel-orientation-quirks: Add support for AYANEO 2S
drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
drm: panel-orientation-quirks: Add new quirk for GPD Win 2
drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
Andrii Nakryiko (1):
bpf: avoid holding freeze_mutex during mmap operation
AngeloGioacchino Del Regno (2):
drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
Ard Biesheuvel (1):
x86/pvh: Call C code via the kernel virtual mapping
Arnaud Lecomte (1):
net: ppp: Add bound checking for skb data on ppp_sync_txmung
Arnd Bergmann (1):
media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline
Arseniy Krasnov (2):
Bluetooth: hci_uart: fix race during initialization
Bluetooth: hci_uart: Fix another race during initialization
Artem Sadovnikov (1):
ext4: fix off-by-one error in do_split
Ayush Jain (1):
ktest: Fix Test Failures Due to Missing LOG_FILE Directories
Baoquan He (1):
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
Bhupesh (1):
ext4: ignore xattrs past end
Björn Töpel (1):
riscv: Properly export reserved regions in /proc/iomem
Boqun Feng (1):
locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
Boris Burkov (1):
btrfs: fix qgroup reserve leaks in cow_file_range
Bryan O'Donoghue (2):
clk: qcom: gdsc: Release pm subdomains in reverse add order
clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
Chandrakanth Patil (1):
scsi: megaraid_sas: Block zero-length ATA VPD inquiry
Chao Yu (2):
f2fs: don't retry IO for corrupted data scenario
f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
Chen-Yu Tsai (1):
arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
ChenXiaoSong (1):
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
Chengchang Tang (1):
RDMA/hns: Fix wrong maximum DMA segment size
Chenyuan Yang (2):
soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
mfd: ene-kb3930: Fix a potential NULL pointer dereference
Chris Bainbridge (1):
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
Christian König (1):
drm/amdgpu: grab an additional reference on the gang fence v2
Christopher S M Hall (4):
igc: fix PTM cycle trigger logic
igc: move ktime snapshot into PTM retry loop
igc: handle the IGC_PTP_ENABLED flag correctly
igc: cleanup PTP module if probe fails
Chunjie Zhu (1):
smb3 client: fix open hardlink on deferred close file error
Cong Wang (1):
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Dan Carpenter (1):
Bluetooth: btrtl: Prevent potential NULL dereference
Daniel Kral (1):
ahci: add PCI ID for Marvell 88SE9215 SATA Controller
Daniel Wagner (1):
nvmet-fcloop: swap list_add_tail arguments
Dapeng Mi (1):
perf/x86/intel: Allow to update user space GPRs from PEBS records
David Hildenbrand (1):
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
David Yat Sin (1):
drm/amdkfd: clamp queue size to minimum
Denis Arefev (8):
asus-laptop: Fix an uninitialized variable
ksmbd: Prevent integer overflow in calculation of deadtime
drm/amd/pm: Prevent division by zero
drm/amd/pm/powerplay: Prevent division by zero
drm/amd/pm/smu11: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
Dmitry Baryshkov (1):
Bluetooth: qca: simplify WCN399x NVM loading
Douglas Anderson (6):
arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
arm64: cputype: Add MIDR_CORTEX_A76AE
arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists
Edward Adam Davis (3):
jfs: Prevent copying of nlink with value 0 from disk inode
jfs: add sanity check for agwidth in dbMount
isofs: Prevent the use of too small fid
Edward Liaw (1):
selftests/futex: futex_waitv wouldblock test should fail
Eric Biggers (1):
nfs: add missing selections of CONFIG_CRC32
Fedor Pchelkin (1):
ntb: use 64-bit arithmetic for the MSI doorbell mask
Filipe Manana (1):
btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers
Florian Westphal (1):
nft_set_pipapo: fix incorrect avx2 match of 5th field octet
Frédéric Danis (1):
Bluetooth: l2cap: Check encryption key size on incoming connection
Fuad Tabba (1):
KVM: arm64: Calculate cptr_el2 traps on activating traps
Gabriele Paoloni (1):
tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER
Gang Yan (1):
mptcp: fix NULL pointer in can_accept_new_subflow
Gavrilov Ilia (1):
wifi: mac80211: fix integer overflow in hwmp_route_info_get()
Geliang Tang (1):
selftests: mptcp: close fd_in before returning in main_loop
Greg Kroah-Hartman (3):
Revert "Xen/swiotlb: mark xen_swiotlb_fixup() __init"
Revert "LoongArch: BPF: Fix off-by-one error in build_prologue()"
Linux 6.1.135
Guixin Liu (1):
gpio: tegra186: fix resource handling in ACPI probe path
Haisu Wang (1):
btrfs: fix the length of reserved qgroup to free
Haoxiang Li (1):
wifi: mt76: Add check for devm_kstrdup()
Henry Martin (1):
ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
Herbert Xu (1):
crypto: caam/qi - Fix drv_ctx refcount bug
Hersen Wu (1):
drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
Icenowy Zheng (1):
wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
Ido Schimmel (1):
ipv6: Align behavior across nexthops during path selection
Ilya Maximets (1):
net: openvswitch: fix nested key length validation in the set() action
Jakub Kicinski (1):
net: tls: explicitly disallow disconnect
Jamal Hadi Salim (1):
rtnl: add helper to check if rtnl group has listeners
Jan Beulich (1):
xenfs/xensyms: respect hypervisor's "next" indication
Jan Kara (1):
jbd2: remove wrong sb->s_sequence check
Jan Stancek (3):
sign-file,extract-cert: move common SSL helper functions to a header
sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
Jani Nikula (1):
drm/i915/gvt: fix unterminated-string-initialization warning
Jann Horn (1):
ext4: don't treat fhandle lookup of ea_inode as FS corruption
Jason Xing (1):
page_pool: avoid infinite loop to schedule delayed worker
Jeff Hugo (1):
bus: mhi: host: Fix race between unprepare and queue_buf
Jeff Layton (1):
nfs: move nfs_fhandle_hash to common include file
Jens Axboe (1):
io_uring/kbuf: reject zero sized provided buffers
Jiasheng Jiang (3):
media: platform: stm32: Add check for clk_enable()
mtd: Add check for devm_kcalloc()
mtd: Replace kcalloc() with devm_kcalloc()
Johannes Berg (1):
Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Johannes Kimmel (1):
btrfs: correctly escape subvol in btrfs_show_options()
Johannes Thumshirn (2):
btrfs: zoned: fix zone activation with missing devices
btrfs: zoned: fix zone finishing with missing devices
Jonas Gorski (2):
net: b53: enable BPDU reception for management port
net: bridge: switchdev: do not notify new brentries as changed
Jonathan McDowell (2):
tpm, tpm_tis: Workaround failed command reception on Infineon devices
tpm, tpm_tis: Fix timeout handling when waiting for TPM status
Josh Poimboeuf (1):
pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
Joshua Washington (1):
gve: handle overflow when reporting TX consumed descriptors
Kai Mäkisara (1):
scsi: st: Fix array overflow in st_setup()
Kaixin Wang (1):
HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
Kamal Dasu (1):
mtd: rawnand: brcmnand: fix PM resume warning
Kan Liang (3):
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
Karina Yankevich (1):
media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
Kaustabh Chakraborty (1):
mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves
Kees Cook (1):
xen/mcelog: Add __nonstring annotations for unterminated strings
Kirill A. Shutemov (1):
mm: fix apply_to_existing_page_range()
Krzysztof Kozlowski (1):
gpio: zynq: Fix wakeup source leaks on device unbind
Kunihiko Hayashi (3):
misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error
misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
Leonid Arapov (1):
fbdev: omapfb: Add 'plane' value check
Li Lingfeng (1):
nfsd: decrease sc_count directly if fail to queue dl_recall
Li Nan (1):
blk-iocost: do not WARN if iocg was already offlined
Louis-Alexis Eyraud (1):
iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
Luca Ceresoli (1):
drm/bridge: panel: forbid initializing a panel with unknown connector type
Lucas De Marchi (1):
drivers: base: devres: Allow to release group on device release
Luiz Augusto von Dentz (1):
Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
Ma Ke (1):
PCI: Fix reference leak in pci_alloc_child_bus()
Maksim Davydov (1):
x86/split_lock: Fix the delayed detection logic
Manjunatha Venkatesh (1):
i3c: Add NULL pointer check in i3c_master_queue_ibi()
Marek Behún (1):
net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family
Mario Limonciello (1):
drm/amd: Handle being compiled without SI or CIK support better
Mark Brown (4):
KVM: arm64: Discard any SVE state when entering KVM guests
arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
arm64/fpsimd: Have KVM explicitly say which FP registers to save
arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM
Mark Rutland (8):
perf: arm_pmu: Don't disable counter in armpmu_add()
KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
KVM: arm64: Remove host FPSIMD saving for non-protected KVM
KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
KVM: arm64: Refactor exit handlers
KVM: arm64: Mark some header functions as inline
KVM: arm64: Eagerly switch ZCR_EL{1,2}
Mateusz Guzik (1):
fs: consistently deref the files table with rcu_dereference_raw()
Mathieu Desnoyers (1):
mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
Matt Johnston (1):
net: mctp: Set SOCK_RCU_FREE
Matthew Auld (1):
drm/amdgpu/dma_buf: fix page_link check
Matthew Majewski (1):
media: vim2m: print device name after registering device
Matthew Wilcox (Oracle) (1):
test suite: use %zu to print size_t
Matthieu Baerts (NGI0) (3):
mptcp: sockopt: fix getting IPV6_V6ONLY
mptcp: only inc MPJoinAckHMacFailure for HMAC failures
mptcp: sockopt: fix getting freebind & transparent
Max Grobecker (1):
x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine
Maxim Mikityanskiy (2):
ALSA: hda: intel: Fix Optimus when GPU has no sound
ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
Maxime Chevallier (1):
net: ethtool: Don't call .cleanup_data when prepare_data fails
Miaoqian Lin (1):
scsi: iscsi: Fix missing scsi_host_put() in error path
Mickaël Salaün (1):
landlock: Add the errata interface
Mikulas Patocka (3):
dm-ebs: fix prefetch-vs-suspend race
dm-integrity: set ti->error on memory allocation failure
dm-verity: fix prefetch-vs-suspend race
Miquel Raynal (1):
spi: cadence-qspi: Fix probe on AM62A LP SK
Murad Masimov (1):
media: streamzap: prevent processing IR data on URB failure
Myrrh Periwinkle (1):
x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions()
Namjae Jeon (1):
ksmbd: fix the warning from __kernel_write_iter
Nathan Chancellor (3):
ACPI: platform-profile: Fix CFI violation when accessing sysfs files
riscv: Avoid fortify warning in syscall_get_arguments()
kbuild: Add '-fno-builtin-wcslen'
Nathan Lynch (1):
powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
Nikita Zhandarovich (1):
drm/repaper: fix integer overflows in repeat functions
Niklas Cassel (1):
ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
Niklas Söderlund (1):
media: i2c: adv748x: Fix test pattern selection mask
Octavian Purdila (2):
net_sched: sch_sfq: use a temporary work area for validating configuration
net_sched: sch_sfq: move the limit validation
Ojaswin Mujoo (1):
ext4: protect ext4_release_dquot against freezing
Paulo Alcantara (1):
cifs: use origin fullpath for automounts
Pavel Begunkov (1):
io_uring/net: fix accept multishot handling
Pedro Tammela (1):
net/sched: cls_api: conditional notification of events
Peter Collingbourne (1):
string: Add load_unaligned_zeropad() code path to sized_strscpy()
Peter Griffin (1):
scsi: ufs: exynos: Ensure consistent phy reference counts
Philip Yang (2):
drm/amdkfd: Fix mode1 reset crash issue
drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
Rafael J. Wysocki (2):
cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
cpufreq: Reference count policy in cpufreq_update_limits()
Rand Deeb (2):
fs/jfs: cast inactags to s64 to prevent potential overflow
fs/jfs: Prevent integer overflow in AG size calculation
Remi Pommarel (2):
wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
Ricard Wanderlof (1):
ALSA: usb-audio: Fix CME quirk for UF series keyboards
Ricardo Cañuelo Navarro (1):
sctp: detect and prevent references to a freed transport in sendmsg
Rolf Eike Beer (1):
drm/sti: remove duplicate object names
Roman Smirnov (1):
cifs: fix integer overflow in match_server()
Ryan Roberts (1):
sparc/mm: disable preemption in lazy mmu mode
Ryo Takakura (1):
PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
Sagi Maimon (1):
ptp: ocp: fix start time alignment in ptp_ocp_signal_set
Sakari Ailus (4):
media: i2c: ccs: Set the device's runtime PM status correctly in remove
media: i2c: ccs: Set the device's runtime PM status correctly in probe
media: i2c: ov7251: Set enable GPIO low in probe
media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
Sean Christopherson (1):
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
Sean Heelan (1):
ksmbd: Fix dangling pointer in krb_authenticate
Sharath Srinivasan (1):
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
Shay Drory (1):
RDMA/core: Silence oversized kvmalloc() warning
Shengjiu Wang (1):
ASoC: fsl_audmix: register card device depends on 'dais' property
Shuai Xue (1):
mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
Si-Wei Liu (1):
vdpa/mlx5: Fix oversized null mkey longer than 32bit
Srinivas Kandagatla (4):
ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.
ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.
ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
Stanimir Varbanov (1):
PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
Stanislav Fomichev (1):
net: vlan: don't propagate flags on open
Stanley Chu (1):
i3c: master: svc: Use readsb helper for reading MDB
Stephan Gerhold (1):
pinctrl: qcom: Clear latched interrupt status when changing IRQ type
Steve French (1):
smb311 client: fix missing tcon check when mounting with linux/posix extensions
Steven Rostedt (1):
tracing: Fix filter string testing
T Pratham (1):
lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets
Takashi Iwai (1):
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
Taniya Das (1):
clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
Thadeu Lima de Souza Cascardo (1):
i2c: cros-ec-tunnel: defer probe if parent EC is not present
Thomas Weißschuh (2):
loop: properly send KOBJ_CHANGED uevent for disk device
loop: LOOP_SET_FD: send uevents for partitions
Toke Høiland-Jørgensen (1):
tc: Ensure we have enough buffer space when sending filter netlink notifications
Tom Lendacky (1):
crypto: ccp - Fix check for the primary ASP device
Tomasz Pakuła (3):
HID: pidff: Convert infinite length from Linux API to PID standard
HID: pidff: Do not send effect envelope if it's empty
HID: pidff: Fix null pointer dereference in pidff_find_fields
Trevor Woerner (1):
thermal/drivers/rockchip: Add missing rk3328 mapping entry
Trond Myklebust (1):
umount: Allow superblock owners to force umount
Tung Nguyen (1):
tipc: fix memory leak in tipc_link_xmit
Uwe Kleine-König (2):
pwm: rcar: Improve register calculation
pwm: fsl-ftm: Handle clk_get_rate() returning 0
Vasiliy Kovalev (1):
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
Victor Nogueira (1):
rtnl: add helper to check if a notification is needed
Vikash Garodia (4):
media: venus: hfi: add a check to handle OOB in sfr region
media: venus: hfi: add check to handle incorrect queue size
media: venus: hfi_parser: add check to avoid out of bound access
media: venus: hfi_parser: refactor hfi packet parsing logic
Vishal Moola (Oracle) (1):
mm: fix filemap_get_folios_contig returning batches of identical folios
Vladimir Oltean (3):
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
WangYuli (6):
riscv: KGDB: Do not inline arch_kgdb_breakpoint()
riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
nvmet-fc: Remove unused functions
MIPS: dec: Declare which_prom() as static
MIPS: cevt-ds1287: Add missing ds1287.h include
MIPS: ds1287: Match ds1287_set_base_clock() function types
Wentao Liang (4):
ata: sata_sx4: Add error handling in pdc20621_i2c_read()
drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
mtd: inftlcore: Add error check for inftl_read_oob()
mtd: rawnand: Add status chack in r852_ready()
Will Deacon (1):
KVM: arm64: Tear down vGIC on failed vCPU creation
Willem de Bruijn (1):
bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
Xiangsheng Hou (1):
virtiofs: add filesystem context source name check
Xingui Yang (1):
scsi: hisi_sas: Enable force phy when SATA disk directly connected
Xu Kuohai (1):
bpf: Prevent tail call between progs attached to different hooks
Yu Kuai (4):
md/raid10: fix missing discard IO accounting
blk-cgroup: support to track if policy is online
md: factor out a helper from mddev_put()
md: fix mddev uaf while iterating all_mddevs list
Yuan Can (1):
media: siano: Fix error handling in smsdvb_module_init()
Yue Haibing (1):
RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
Yuli Wang (1):
LoongArch: Eliminate superfluous get_numa_distances_cnt()
Zheng Qixing (1):
md/md-bitmap: fix stats collection for external bitmaps
Zhenhua Huang (1):
arm64: mm: Correct the update of max_pfn
Zhikai Zhai (1):
drm/amd/display: Update Cursor request mode to the beginning prefetch always
Zhongqiu Han (2):
pm: cpupower: bench: Prevent NULL dereference on malloc failure
jfs: Fix uninit-value access of imap allocated in the diMount() function
Zijun Hu (5):
of/irq: Fix device node refcount leakage in API of_irq_parse_one()
of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
of/irq: Fix device node refcount leakages in of_irq_count()
of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
of/irq: Fix device node refcount leakages in of_irq_init()
keenplify (1):
ASoC: amd: Add DMI quirk for ACP6X mic support
zhoumin (1):
ftrace: Add cond_resched() to ftrace_graph_set_hash()
5 months
- 1
- 1
[PATCH v4 1/2] serial: sifive: lock port in startup()/shutdown() callbacks
by Ryo Takakura
startup()/shutdown() callbacks access SIFIVE_SERIAL_IE_OFFS.
The register is also accessed from write() callback.
If console were printing and startup()/shutdown() callback
gets called, its access to the register could be overwritten.
Add port->lock to startup()/shutdown() callbacks to make sure
their access to SIFIVE_SERIAL_IE_OFFS is synchronized against
write() callback.
Signed-off-by: Ryo Takakura <ryotkkr98(a)gmail.com>
Cc: stable(a)vger.kernel.org
---
drivers/tty/serial/sifive.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c
index 5904a2d4c..054a8e630 100644
--- a/drivers/tty/serial/sifive.c
+++ b/drivers/tty/serial/sifive.c
@@ -563,8 +563,11 @@ static void sifive_serial_break_ctl(struct uart_port *port, int break_state)
static int sifive_serial_startup(struct uart_port *port)
{
struct sifive_serial_port *ssp = port_to_sifive_serial_port(port);
+ unsigned long flags;
+ uart_port_lock_irqsave(&ssp->port, &flags);
__ssp_enable_rxwm(ssp);
+ uart_port_unlock_irqrestore(&ssp->port, flags);
return 0;
}
@@ -572,9 +575,12 @@ static int sifive_serial_startup(struct uart_port *port)
static void sifive_serial_shutdown(struct uart_port *port)
{
struct sifive_serial_port *ssp = port_to_sifive_serial_port(port);
+ unsigned long flags;
+ uart_port_lock_irqsave(&ssp->port, &flags);
__ssp_disable_rxwm(ssp);
__ssp_disable_txwm(ssp);
+ uart_port_unlock_irqrestore(&ssp->port, flags);
}
/**
--
2.34.1
5 months
- 4
- 7
Re: [PATCH 1/3 v5.4.y] dmaengine: ti: edma: Add support for handling reserved channels
by Greg KH
On Tue, Apr 22, 2025 at 07:33:03PM +0530, Hardik Gohil wrote:
> >
> > > I'm sorry, I have no idea what to do here :(
> > >
> please add all the patches 1/3,2/3 and 3/3 to v5.4.y.
Please do not post in html format :(
Anyway, I do not see patches 2/3 or 3/3 at all.
Please resend them all as a full patch series, don't just give links.
thanks,
greg k-h
5 months
- 3
- 16
[PATCH v2] media: ov2740: Move pm-runtime cleanup on probe-errors to proper place
by Hans de Goede
When v4l2_subdev_init_finalize() fails no changes have been made to
the runtime-pm device state yet, so the probe_error_media_entity_cleanup
rollback path should not touch the runtime-pm device state.
Instead this should be done from the probe_error_v4l2_subdev_cleanup
rollback path. Note the pm_runtime_xxx() calls are put above
the v4l2_subdev_cleanup() call to have the reverse call order of probe().
Fixes: 289c25923ecd ("media: ov2740: Use sub-device active state")
Cc: stable(a)vger.kernel.org
Reviewed-by: Bingbu Cao <bingbu.cao(a)intel.com>
Signed-off-by: Hans de Goede <hdegoede(a)redhat.com>
---
Changes in v2:
- Add Fixes: tag
---
drivers/media/i2c/ov2740.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/i2c/ov2740.c b/drivers/media/i2c/ov2740.c
index 80d151e8ae29..6cf461e3373c 100644
--- a/drivers/media/i2c/ov2740.c
+++ b/drivers/media/i2c/ov2740.c
@@ -1456,12 +1456,12 @@ static int ov2740_probe(struct i2c_client *client)
return 0;
probe_error_v4l2_subdev_cleanup:
+ pm_runtime_disable(&client->dev);
+ pm_runtime_set_suspended(&client->dev);
v4l2_subdev_cleanup(&ov2740->sd);
probe_error_media_entity_cleanup:
media_entity_cleanup(&ov2740->sd.entity);
- pm_runtime_disable(&client->dev);
- pm_runtime_set_suspended(&client->dev);
probe_error_v4l2_ctrl_handler_free:
v4l2_ctrl_handler_free(ov2740->sd.ctrl_handler);
--
2.49.0
5 months
- 2
- 1
[PATCH] wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
by Ladislav Michl
From: Ladislav Michl <ladis(a)triops.cz>
corresponding upstream commit 3e5e4a801aaf4283390cc34959c6c48f910ca5ea
When removing kernel modules driver uses skb_queue_purge() to purge TX skb,
but not report tx status causing "Have pending ack frames!" warning.
Use ieee80211_purge_tx_queue() to correct this.
As upstream commit mentioned above does not apply on linux-6.1.y tree
it has been rewritten.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4072 at net/mac80211/main.c:1506 ieee80211_free_ack_frame+0x74/0xa0 [mac80211]
Have pending ack frames!
Modules linked in: rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core mac80211 libarc4 cfg80211 qmi_wwan usbnet mii cdc_acm [last unloaded: cfg80211]
CPU: 0 PID: 4072 Comm: sh Not tainted 6.1.104 #2
Stack : 0000000000000000 000000000000068d 0000000000000008 000b24caa995d315
000b24caa995d315 0000000000000000 8000000002813958 ffffffff818f4a30
ffffffff81a673c8 0000000000000001 0000000000000001 0000000000000000
00000000000817bd 0000000000000010 ffffffff817f3720 0000000000000002
800000000281384f ffffffff81a20000 ffffffff818f4a30 0000000000000009
ffffffff81a20000 8000000003a41df8 ffffffff81a20000 0000000000000001
8000000002651570 8000000082813847 ffffffff8143a6c0 0000000000000000
ffffffff81b10000 8000000002810000 8000000002813950 0000000000000030
ffffffff817ca460 0000000000000000 ffffffff818f4a30 ffffffff817ca3e0
0000000000000001 ffffffff818f4a30 ffffffff811198b8 0000000000000000
...
Call Trace:
[<ffffffff811198b8>] show_stack+0x38/0x118
[<ffffffff817ca460>] dump_stack_lvl+0x30/0x54
[<ffffffff81130f6c>] __warn+0x9c/0xe4
[<ffffffff81131054>] warn_slowpath_fmt+0xa0/0xd4
[<ffffffffc02770ec>] ieee80211_free_ack_frame+0x74/0xa0 [mac80211]
[<ffffffff817ccfd8>] idr_for_each+0x88/0x150
[<ffffffffc0277538>] ieee80211_free_hw+0x48/0xf8 [mac80211]
[<ffffffff813f2a54>] pci_device_remove+0x2c/0x78
[<ffffffff8144c7dc>] device_release_driver_internal+0x1e4/0x288
[<ffffffff813e8998>] pci_stop_bus_device+0x88/0xb8
[<ffffffff813e8a84>] pci_stop_and_remove_bus_device_locked+0x1c/0x38
[<ffffffff813f52d0>] remove_store+0xa0/0xb0
[<ffffffff81279be4>] kernfs_fop_write_iter+0x10c/0x230
[<ffffffff811fc49c>] vfs_write+0x1cc/0x388
[<ffffffff811fc7f8>] ksys_write+0x78/0x120
[<ffffffff81121420>] syscall_common+0x34/0x58
---[ end trace 0000000000000000 ]---
Cc: stable(a)vger.kernel.org # 6.1.x: 53bc1b7: wifi: mac80211: export ieee80211_purge_tx_queue() for drivers
Cc: stable(a)vger.kernel.org # 6.1.x
Cc: Ping-Ke Shih <pkshih(a)realtek.com>
Signed-off-by: Ladislav Michl <ladis(a)triops.cz>
---
drivers/net/wireless/realtek/rtw88/main.c | 2 +-
drivers/net/wireless/realtek/rtw88/tx.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/main.c b/drivers/net/wireless/realtek/rtw88/main.c
index 4620a0d5c77b..7c390c2c608d 100644
--- a/drivers/net/wireless/realtek/rtw88/main.c
+++ b/drivers/net/wireless/realtek/rtw88/main.c
@@ -2146,7 +2146,7 @@ void rtw_core_deinit(struct rtw_dev *rtwdev)
destroy_workqueue(rtwdev->tx_wq);
spin_lock_irqsave(&rtwdev->tx_report.q_lock, flags);
- skb_queue_purge(&rtwdev->tx_report.queue);
+ ieee80211_purge_tx_queue(rtwdev->hw, &rtwdev->tx_report.queue);
skb_queue_purge(&rtwdev->coex.queue);
spin_unlock_irqrestore(&rtwdev->tx_report.q_lock, flags);
diff --git a/drivers/net/wireless/realtek/rtw88/tx.c b/drivers/net/wireless/realtek/rtw88/tx.c
index ab39245e9c2f..05e6911a4044 100644
--- a/drivers/net/wireless/realtek/rtw88/tx.c
+++ b/drivers/net/wireless/realtek/rtw88/tx.c
@@ -169,7 +169,7 @@ void rtw_tx_report_purge_timer(struct timer_list *t)
rtw_warn(rtwdev, "failed to get tx report from firmware\n");
spin_lock_irqsave(&tx_report->q_lock, flags);
- skb_queue_purge(&tx_report->queue);
+ ieee80211_purge_tx_queue(rtwdev->hw, &tx_report->queue);
spin_unlock_irqrestore(&tx_report->q_lock, flags);
}
--
2.39.5
5 months
- 2
- 2
[PATCH 6.14 000/241] 6.14.4-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.14.4 release.
There are 241 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 25 Apr 2025 14:25:27 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.4-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.14.4-rc1
P Praneesh <quic_ppranees(a)quicinc.com>
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
WangYuli <wangyuli(a)uniontech.com>
MIPS: ds1287: Match ds1287_set_base_clock() function types
WangYuli <wangyuli(a)uniontech.com>
MIPS: cevt-ds1287: Add missing ds1287.h include
WangYuli <wangyuli(a)uniontech.com>
MIPS: dec: Declare which_prom() as static
Alexander Tsoy <alexander(a)tsoy.me>
Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process"
Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
WangYuli <wangyuli(a)uniontech.com>
nvmet-fc: Remove unused functions
Aurabindo Pillai <aurabindo.pillai(a)amd.com>
drm/amd/display: Temporarily disable hostvm on DCN31
Armin Wolf <W_Armin(a)gmx.de>
platform/x86: msi-wmi-platform: Workaround a ACPI firmware bug
Armin Wolf <W_Armin(a)gmx.de>
platform/x86: msi-wmi-platform: Rename "data" variable
Kurt Borja <kuurtb(a)gmail.com>
platform/x86: alienware-wmi-wmax: Extend support to more laptops
Kurt Borja <kuurtb(a)gmail.com>
platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1
Lukas Fischer <kernel(a)o1oo11oo.de>
scripts: generate_rust_analyzer: Add ffi crate
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: Reference count policy in cpufreq_update_limits()
Anshuman Khandual <anshuman.khandual(a)arm.com>
arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
Anshuman Khandual <anshuman.khandual(a)arm.com>
arm64/sysreg: Add register fields for HFGWTR2_EL2
Anshuman Khandual <anshuman.khandual(a)arm.com>
arm64/sysreg: Add register fields for HFGRTR2_EL2
Anshuman Khandual <anshuman.khandual(a)arm.com>
arm64/sysreg: Add register fields for HFGITR2_EL2
Anshuman Khandual <anshuman.khandual(a)arm.com>
arm64/sysreg: Add register fields for HDFGWTR2_EL2
Anshuman Khandual <anshuman.khandual(a)arm.com>
arm64/sysreg: Add register fields for HDFGRTR2_EL2
Anshuman Khandual <anshuman.khandual(a)arm.com>
arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: don't post tag CQEs on file/buffer registration failure
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/mgag200: Fix value in <VBLKSTR> register
ZhenGuo Yin <zhenguo.yin(a)amd.com>
drm/amdgpu: fix warning of drm_mm_clean
Alex Deucher <alexander.deucher(a)amd.com>
drm/amd/display/dml2: use vzalloc rather than kzalloc
Ankit Nautiyal <ankit.k.nautiyal(a)intel.com>
drm/i915/dp: Check for HAS_DSC_3ENGINES while configuring DSC slices
Ankit Nautiyal <ankit.k.nautiyal(a)intel.com>
drm/i915/display: Add macro for checking 3 DSC engines
Lucas De Marchi <lucas.demarchi(a)intel.com>
drm/xe: Set LRC addresses before guc load
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/userptr: fix notifier vs folio deadlock
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/dma_buf: stop relying on placement in unmap
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on DP1
Huacai Chen <chenhuacai(a)kernel.org>
drm/amd/display: Protect FPU in dml2_init()/dml21_init()
Tom Chung <chiahsuan.chung(a)amd.com>
drm/amd/display: Do not enable Replay and PSR while VRR is on in amdgpu_dm_commit_planes()
Christian König <christian.koenig(a)amd.com>
drm/amdgpu: immediately use GTT for new allocations
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915/dp: Reject HBR3 when sink doesn't support TPS4
Vivek Kasireddy <vivek.kasireddy(a)intel.com>
drm/i915/xe2hpd: Identify the memory type for SKUs with GDDR + ECC
Jani Nikula <jani.nikula(a)intel.com>
drm/i915/gvt: fix unterminated-string-initialization warning
Matt Roper <matthew.d.roper(a)intel.com>
drm/xe/bmg: Add one additional PCI ID
Thomas Hellström <thomas.hellstrom(a)linux.intel.com>
drm/xe: Fix an out-of-bounds shift when invalidating TLB
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/i915: Fix scanline_offset for LNL+ and BMG+
Rolf Eike Beer <eb(a)emlix.com>
drm/sti: remove duplicate object names
Dmitry Osipenko <dmitry.osipenko(a)collabora.com>
drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb()
Brendan King <Brendan.King(a)imgtec.com>
drm/imagination: take paired job reference
Brendan King <Brendan.King(a)imgtec.com>
drm/imagination: fix firmware memory leaks
Chris Bainbridge <chris.bainbridge(a)gmail.com>
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
Matthew Auld <matthew.auld(a)intel.com>
drm/amdgpu/dma_buf: fix page_link check
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/mes11: optimize MES pipe FW version fetching
Huacai Chen <chenhuacai(a)kernel.org>
drm/amd/display: Protect FPU in dml21_copy()
Huacai Chen <chenhuacai(a)kernel.org>
drm/amd/display: Protect FPU in dml2_validate()/dml21_validate()
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1
Dmitry Osipenko <dmitry.osipenko(a)collabora.com>
drm/virtio: Don't attach GEM to a non-created context in gem_object_open()
Matthew Brost <matthew.brost(a)intel.com>
drm/xe: Use local fence in error path of xe_migrate_clear
Ankit Nautiyal <ankit.k.nautiyal(a)intel.com>
drm/i915/vrr: Add vrr.vsync_{start, end} in vrr_params_changed
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/mes12: optimize MES pipe FW version fetching
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/smu11: Prevent division by zero
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
drm/amd/pm: Add zero RPM enabled OD setting support for SMU14.0.2
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/powerplay: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm: Prevent division by zero
Leo Li <sunpeng.li(a)amd.com>
drm/amd/display: Increase vblank offdelay for PSR panels
Leo Li <sunpeng.li(a)amd.com>
drm/amd/display: Actually do immediate vblank disable
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Handle being compiled without SI or CIK support better
Brendan Tam <Brendan.Tam(a)amd.com>
drm/amd/display: prevent hang on link training fail
Lijo Lazar <lijo.lazar(a)amd.com>
drm/amdgpu: Prefer shadow rom when available
Akhil P Oommen <quic_akhilpo(a)quicinc.com>
drm/msm/a6xx: Fix stale rpmh votes from GPU
Haoxiang Li <haoxiang_li2024(a)163.com>
drm/msm/dsi: Add check for devm_kstrdup()
Jocelyn Falempe <jfalempe(a)redhat.com>
drm/ast: Fix ast_dp connection status
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
drm/repaper: fix integer overflows in repeat functions
Kan Liang <kan.liang(a)linux.intel.com>
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
Kan Liang <kan.liang(a)linux.intel.com>
perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
Kan Liang <kan.liang(a)linux.intel.com>
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
Dapeng Mi <dapeng1.mi(a)linux.intel.com>
perf/x86/intel: Allow to update user space GPRs from PEBS records
Mario Limonciello <mario.limonciello(a)amd.com>
platform/x86: amd: pmf: Fix STT limits
Yazen Ghannam <yazen.ghannam(a)amd.com>
RAS/AMD/FMPM: Get masked address
Yazen Ghannam <yazen.ghannam(a)amd.com>
RAS/AMD/ATL: Include row[13] bit in row retirement
Sharath Srinivasan <sharath.srinivasan(a)oracle.com>
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
Peter Griffin <peter.griffin(a)linaro.org>
scsi: ufs: exynos: Ensure consistent phy reference counts
Peter Griffin <peter.griffin(a)linaro.org>
scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
Peter Griffin <peter.griffin(a)linaro.org>
scsi: ufs: exynos: Move UFS shareability value to drvdata
Chandrakanth Patil <chandrakanth.patil(a)broadcom.com>
scsi: megaraid_sas: Block zero-length ATA VPD inquiry
Ard Biesheuvel <ardb(a)kernel.org>
x86/boot/sev: Avoid shared GHCB page for early memory acceptance
Sandipan Das <sandipan.das(a)amd.com>
x86/cpu/amd: Fix workaround for erratum 1054
Borislav Petkov (AMD) <bp(a)alien8.de>
x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches
Xiangsheng Hou <xiangsheng.hou(a)mediatek.com>
virtiofs: add filesystem context source name check
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Fix filter string testing
Peter Collingbourne <pcc(a)google.com>
string: Add load_unaligned_zeropad() code path to sized_strscpy()
Chunjie Zhu <chunjie.zhu(a)cloud.com>
smb3 client: fix open hardlink on deferred close file error
Suren Baghdasaryan <surenb(a)google.com>
slab: ensure slab->obj_exts is clear in a newly allocated slab page
Mark Brown <broonie(a)kernel.org>
selftests/mm: generate a temporary mountpoint for cgroup filesystem
Nathan Chancellor <nathan(a)kernel.org>
riscv: Avoid fortify warning in syscall_get_arguments()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
Revert "smb: client: fix TCP timers deadlock after rmmod"
Kuniyuki Iwashima <kuniyu(a)amazon.com>
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix the warning from __kernel_write_iter
Denis Arefev <arefev(a)swemel.ru>
ksmbd: Prevent integer overflow in calculation of deadtime
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix use-after-free in __smb2_lease_break_noti()
Sean Heelan <seanheelan(a)gmail.com>
ksmbd: Fix dangling pointer in krb_authenticate
Miklos Szeredi <mszeredi(a)redhat.com>
ovl: don't allow datadir only
Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
mm: fix apply_to_existing_page_range()
Vishal Moola (Oracle) <vishal.moola(a)gmail.com>
mm: fix filemap_get_folios_contig returning batches of identical folios
Baoquan He <bhe(a)redhat.com>
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
Vishal Moola (Oracle) <vishal.moola(a)gmail.com>
mm/compaction: fix bug in hugetlb handling pathway
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
loop: LOOP_SET_FD: send uevents for partitions
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
loop: properly send KOBJ_CHANGED uevent for disk device
Sheng Yong <shengyong1(a)xiaomi.com>
lib/iov_iter: fix to increase non slab folio refcount
Edward Adam Davis <eadavis(a)qq.com>
isofs: Prevent the use of too small fid
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
i2c: cros-ec-tunnel: defer probe if parent EC is not present
Vasiliy Kovalev <kovalev(a)altlinux.org>
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: caam/qi - Fix drv_ctx refcount bug
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: Avoid using inconsistent policy->min and policy->max
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq/sched: Explicitly synchronize limits_changed flag handling
Johannes Kimmel <kernel(a)bareminimum.eu>
btrfs: correctly escape subvol in btrfs_show_options()
Sidong Yang <sidong.yang(a)furiosa.ai>
btrfs: ioctl: don't free iov when btrfs_encoded_read() returns -EAGAIN
Kees Cook <kees(a)kernel.org>
Bluetooth: vhci: Avoid needless snprintf() calls
Frédéric Danis <frederic.danis(a)collabora.com>
Bluetooth: l2cap: Process valid commands in too long frame
Rob Clark <robdclark(a)chromium.org>
drm/msm/a6xx+: Don't let IB_SIZE overflow
Menglong Dong <menglong8.dong(a)gmail.com>
ftrace: fix incorrect hash size in register_ftrace_direct()
Christoph Hellwig <hch(a)lst.de>
fs: move the bdex_statx call to vfs_getattr_nosec
Joe Damato <jdamato(a)fastly.com>
eventpoll: Set epoll timeout if it's in the future
Jens Axboe <axboe(a)kernel.dk>
eventpoll: abstract out ep_try_send_events() helper
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
i2c: atr: Fix wrong include
Li Lingfeng <lilingfeng3(a)huawei.com>
nfsd: decrease sc_count directly if fail to queue dl_recall
Eric Biggers <ebiggers(a)google.com>
nfs: add missing selections of CONFIG_CRC32
Dan Carpenter <dan.carpenter(a)linaro.org>
dma-buf/sw_sync: Decrement refcount on error in sw_sync_ioctl_get_deadline()
Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com>
drm/msm/dpu: drop rogue intr_tear_rd_ptr values
Chenyuan Yang <chenyuan0y(a)gmail.com>
drm/msm/dpu: Fix error pointers in dpu_plane_virtual_atomic_check
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later
Martin K. Petersen <martin.petersen(a)oracle.com>
block: integrity: Do not call set_page_dirty_lock()
Denis Arefev <arefev(a)swemel.ru>
asus-laptop: Fix an uninitialized variable
T.J. Mercier <tjmercier(a)google.com>
alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate
Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com>
accel/ivpu: Fix the NPU's DPU frequency calculation
Evgeny Pimenov <pimenoveu12(a)gmail.com>
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: Intel: sof_sdw: Add quirk for Asus Zenbook S16
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
Herve Codina <herve.codina(a)bootlin.com>
ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START event
Alex Williamson <alex.williamson(a)redhat.com>
Revert "PCI: Avoid reset when disabled via sysfs"
Andreas Gruenbacher <agruenba(a)redhat.com>
writeback: fix false warning in inode_to_wb()
Miguel Ojeda <ojeda(a)kernel.org>
rust: kbuild: use `pound` to support GNU Make < 4.3
Sami Tolvanen <samitolvanen(a)google.com>
rust: kbuild: Don't export __pfx symbols
Miguel Ojeda <ojeda(a)kernel.org>
rust: disable `clippy::needless_continue`
Miguel Ojeda <ojeda(a)kernel.org>
rust: kasan/kbuild: fix missing flags on first build
FUJITA Tomonori <fujita.tomonori(a)gmail.com>
rust: helpers: Remove volatile qualifier from io helpers
Miguel Ojeda <ojeda(a)kernel.org>
objtool/rust: add one more `noreturn` Rust function for Rust 1.86.0
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
WangYuli <wangyuli(a)uniontech.com>
riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
WangYuli <wangyuli(a)uniontech.com>
riscv: KGDB: Do not inline arch_kgdb_breakpoint()
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
thermal: intel: int340x: Fix Panther Lake DLVR support
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
kunit: qemu_configs: SH: Respect kunit cmdline
Samuel Holland <samuel.holland(a)sifive.com>
riscv: module: Allocate PLT entries for R_RISCV_PLT32
Samuel Holland <samuel.holland(a)sifive.com>
riscv: module: Fix out-of-bounds relocation access
Björn Töpel <bjorn(a)rivosinc.com>
riscv: Properly export reserved regions in /proc/iomem
Will Pierce <wgpierce17(a)gmail.com>
riscv: Use kvmalloc_array on relocation_hashtable
Bo-Cun Chen <bc-bocun.chen(a)mediatek.com>
net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings
Bo-Cun Chen <bc-bocun.chen(a)mediatek.com>
net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps
Bo-Cun Chen <bc-bocun.chen(a)mediatek.com>
net: ethernet: mtk_eth_soc: reapply mdc divider on reset
Meghana Malladi <m-malladi(a)ti.com>
net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
Meghana Malladi <m-malladi(a)ti.com>
net: ti: icss-iep: Add phase offset configuration for perout signal
Meghana Malladi <m-malladi(a)ti.com>
net: ti: icss-iep: Add pwidth configuration for perout signal
Florian Westphal <fw(a)strlen.de>
netfilter: conntrack: fix erronous removal of offload bit
Sagi Maimon <maimon.sagi(a)gmail.com>
ptp: ocp: fix start time alignment in ptp_ocp_signal_set
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: free routing table on probe failure
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: clean up FDB, MDB, VLAN entries on unbind
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
Abdun Nihaal <abdun.nihaal(a)gmail.com>
net: txgbe: fix memory leak in txgbe_probe() error path
Jonas Gorski <jonas.gorski(a)gmail.com>
net: bridge: switchdev: do not notify new brentries as changed
Jonas Gorski <jonas.gorski(a)gmail.com>
net: b53: enable BPDU reception for management port
Jakub Kicinski <kuba(a)kernel.org>
netlink: specs: rt-neigh: prefix struct nfmsg members with ndm
Jakub Kicinski <kuba(a)kernel.org>
netlink: specs: rt-link: adjust mctp attribute naming
Jakub Kicinski <kuba(a)kernel.org>
netlink: specs: rtnetlink: attribute naming corrections
Jakub Kicinski <kuba(a)kernel.org>
netlink: specs: rt-link: add an attr layer around alt-ifname
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl-gen: make sure we validate subtype of array-nest
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl-gen: individually free previous values on double set
Abdun Nihaal <abdun.nihaal(a)gmail.com>
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
Niklas Cassel <cassel(a)kernel.org>
ata: libata-sata: Save all fields from sense data descriptor
Damien Le Moal <dlemoal(a)kernel.org>
nvmet: pci-epf: clear CC and CSTS when disabling the controller
Damien Le Moal <dlemoal(a)kernel.org>
nvmet: pci-epf: always fully initialize completion entries
Christoph Hellwig <hch(a)lst.de>
loop: stop using vfs_iter_{read,write} for buffered I/O
Yunlong Xing <yunlong.xing(a)unisoc.com>
loop: aio inherit the ioprio of original request
Jakub Kicinski <kuba(a)kernel.org>
eth: bnxt: fix missing ring index trim on error path
Michael Walle <mwalle(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix port_np reference counting
Chenyuan Yang <chenyuan0y(a)gmail.com>
octeontx2-pf: handle otx2_mbox_get_rsp errors
Abdun Nihaal <abdun.nihaal(a)gmail.com>
net: ngbe: fix memory leak in ngbe_probe() error path
Weizhao Ouyang <o451686892(a)gmail.com>
can: rockchip_canfd: fix broken quirks checks
Ilya Maximets <i.maximets(a)ovn.org>
net: openvswitch: fix nested key length validation in the set() action
Jakub Kicinski <kuba(a)kernel.org>
netlink: specs: ovs_vport: align with C codegen capabilities
Zheng Qixing <zhengqixing(a)huawei.com>
block: fix resource leak in blk_register_queue() error path
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix not restore rx pause mac addr after reset issue
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix wrong mtu log issue
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix incorrect multicast filtering issue
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix incorrect pause frame statistics issue
Matt Johnston <matt(a)codeconstruct.com.au>
net: mctp: Set SOCK_RCU_FREE
Damodharam Ammepalli <damodharam.ammepalli(a)broadcom.com>
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll()
Abdun Nihaal <abdun.nihaal(a)gmail.com>
pds_core: fix memory leak in pdsc_debugfs_add_qcq()
Baolin Wang <baolin.wang(a)linux.alibaba.com>
selftests: mincore: fix tmpfs mincore test failure
Matthew Wilcox (Oracle) <willy(a)infradead.org>
test suite: use %zu to print size_t
Kuniyuki Iwashima <kuniyu(a)amazon.com>
smc: Fix lockdep false-positive for IPPROTO_SMC.
Geert Uytterhoeven <geert+renesas(a)glider.be>
dt-bindings: soc: fsl: fsl,ls1028a-reset: Fix maintainer entry
Namhyung Kim <namhyung(a)kernel.org>
perf tools: Remove evsel__handle_error_quirks()
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: add lock preventing multiple simultaneous PTM transactions
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: cleanup PTP module if probe fails
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: handle the IGC_PTP_ENABLED flag correctly
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: move ktime snapshot into PTM retry loop
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: increase wait time before retrying PTM
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: fix PTM cycle trigger logic
Johannes Berg <johannes.berg(a)intel.com>
Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: pcie: set state to no-FW before reset handshake
David Thompson <davthompson(a)nvidia.com>
mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show()
Juergen Gross <jgross(a)suse.com>
xen: fix multicall debug feature
Xin Long <lucien.xin(a)gmail.com>
ipv6: add exception routes to GC list in rt6_insert_exception
Leon Romanovsky <leon(a)kernel.org>
RDMA/bnxt_re: Remove unusable nq variable
Frédéric Danis <frederic.danis(a)collabora.com>
Bluetooth: l2cap: Check encryption key size on incoming connection
Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com>
Bluetooth: qca: fix NV variant for one of WCN3950 SoCs
Dan Carpenter <dan.carpenter(a)linaro.org>
Bluetooth: btrtl: Prevent potential NULL dereference
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
Richard Fitzgerald <rf(a)opensource.cirrus.com>
firmware: cs_dsp: test_bin_error: Fix uninitialized data used as fw version
Shay Drory <shayd(a)nvidia.com>
RDMA/core: Silence oversized kvmalloc() warning
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: cs42l43: Reset clamp override on jack removal
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
Richard Fitzgerald <rf(a)opensource.cirrus.com>
ALSA: hda/cirrus_scodec_test: Don't select dependencies
Chengchang Tang <tangchengchang(a)huawei.com>
RDMA/hns: Fix wrong maximum DMA segment size
Yue Haibing <yuehaibing(a)huawei.com>
RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
Kashyap Desai <kashyap.desai(a)broadcom.com>
RDMA/bnxt_re: Fix budget handling of notification queue
Giuseppe Scrivano <gscrivan(a)redhat.com>
ovl: remove unused forward declaration
Akhil R <akhilrajeev(a)nvidia.com>
crypto: tegra - Fix IV usage for AES ECB
Henry Martin <bsdhenrymartin(a)gmail.com>
ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
Brady Norander <bradynorander(a)gmail.com>
ASoC: dwc: always enable/disable i2s irqs
Zheng Qixing <zhengqixing(a)huawei.com>
md/md-bitmap: fix stats collection for external bitmaps
Yu Kuai <yukuai3(a)huawei.com>
md/raid10: fix missing discard IO accounting
Martin Wilck <mwilck(a)suse.com>
scsi: smartpqi: Use is_kdump_kernel() to check for kdump
Miaoqian Lin <linmq006(a)gmail.com>
scsi: iscsi: Fix missing scsi_host_put() in error path
Abdun Nihaal <abdun.nihaal(a)gmail.com>
wifi: wl1251: fix memory leak in wl1251_tx_work
Abdun Nihaal <abdun.nihaal(a)gmail.com>
wifi: brcmfmac: fix memory leak in brcmf_get_module_param
Remi Pommarel <repk(a)triplefau.lt>
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
Remi Pommarel <repk(a)triplefau.lt>
wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
Abdun Nihaal <abdun.nihaal(a)gmail.com>
wifi: at76c50x: fix use after free access in at76_disconnect
Xingui Yang <yangxingui(a)huawei.com>
scsi: hisi_sas: Enable force phy when SATA disk directly connected
-------------
Diffstat:
Documentation/arch/arm64/booting.rst | 22 +++
.../bindings/soc/fsl/fsl,ls1028a-reset.yaml | 2 +-
Documentation/netlink/specs/ovs_vport.yaml | 4 +-
Documentation/netlink/specs/rt_link.yaml | 20 ++-
Documentation/netlink/specs/rt_neigh.yaml | 14 +-
Documentation/wmi/devices/msi-wmi-platform.rst | 4 +
Makefile | 5 +-
arch/arm64/include/asm/el2_setup.h | 25 ++++
arch/arm64/tools/sysreg | 103 ++++++++++++++
arch/mips/dec/prom/init.c | 2 +-
arch/mips/include/asm/ds1287.h | 2 +-
arch/mips/kernel/cevt-ds1287.c | 1 +
arch/riscv/include/asm/kgdb.h | 9 +-
arch/riscv/include/asm/syscall.h | 7 +-
arch/riscv/kernel/kgdb.c | 6 +
arch/riscv/kernel/module-sections.c | 13 +-
arch/riscv/kernel/module.c | 11 +-
arch/riscv/kernel/setup.c | 36 ++++-
arch/x86/boot/compressed/mem.c | 5 +-
arch/x86/boot/compressed/sev.c | 67 +++------
arch/x86/boot/compressed/sev.h | 2 +
arch/x86/events/intel/ds.c | 8 +-
arch/x86/events/intel/uncore_snbep.c | 107 ++-------------
arch/x86/kernel/cpu/amd.c | 19 ++-
arch/x86/kernel/cpu/microcode/amd.c | 9 +-
arch/x86/xen/multicalls.c | 26 ++--
arch/x86/xen/smp_pv.c | 1 -
arch/x86/xen/xen-ops.h | 3 -
block/bdev.c | 3 +-
block/bio-integrity.c | 17 +--
block/blk-sysfs.c | 2 +
drivers/accel/ivpu/ivpu_drv.c | 4 +-
drivers/accel/ivpu/ivpu_fw.c | 3 +-
drivers/accel/ivpu/ivpu_hw.h | 11 +-
drivers/accel/ivpu/ivpu_hw_btrs.c | 126 ++++++++---------
drivers/accel/ivpu/ivpu_hw_btrs.h | 6 +-
drivers/ata/libata-sata.c | 15 +++
drivers/block/loop.c | 121 +++--------------
drivers/bluetooth/btqca.c | 2 +-
drivers/bluetooth/btrtl.c | 2 +
drivers/bluetooth/hci_vhci.c | 10 +-
drivers/cpufreq/cpufreq.c | 40 +++++-
drivers/crypto/caam/qi.c | 6 +-
drivers/crypto/tegra/tegra-se-aes.c | 5 +-
drivers/dma-buf/sw_sync.c | 19 ++-
.../firmware/cirrus/test/cs_dsp_mock_mem_maps.c | 30 -----
drivers/firmware/cirrus/test/cs_dsp_test_bin.c | 2 +-
.../firmware/cirrus/test/cs_dsp_test_bin_error.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 34 ++++-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +++---
drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 4 +-
drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 +
drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 21 +--
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 62 ++++++++-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 6 +-
.../drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 28 +++-
drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 15 ++-
.../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 +-
.../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 7 +-
.../amd/display/dc/resource/dcn31/dcn31_resource.c | 2 +-
.../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +-
.../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +-
.../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 +
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +-
.../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 55 +++++++-
drivers/gpu/drm/ast/ast_dp.c | 6 +
drivers/gpu/drm/i915/display/intel_bw.c | 14 +-
drivers/gpu/drm/i915/display/intel_display.c | 4 +-
.../gpu/drm/i915/display/intel_display_device.h | 1 +
drivers/gpu/drm/i915/display/intel_dp.c | 58 ++++++--
drivers/gpu/drm/i915/display/intel_vblank.c | 4 +-
drivers/gpu/drm/i915/gvt/opregion.c | 7 +-
drivers/gpu/drm/i915/i915_drv.h | 1 +
drivers/gpu/drm/i915/soc/intel_dram.c | 4 +
drivers/gpu/drm/imagination/pvr_fw.c | 27 +++-
drivers/gpu/drm/imagination/pvr_job.c | 7 +
drivers/gpu/drm/imagination/pvr_queue.c | 4 +
drivers/gpu/drm/mgag200/mgag200_mode.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 82 +++++------
drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 8 +-
.../drm/msm/disp/dpu1/catalog/dpu_1_14_msm8937.h | 2 -
.../drm/msm/disp/dpu1/catalog/dpu_1_15_msm8917.h | 1 -
.../drm/msm/disp/dpu1/catalog/dpu_1_16_msm8953.h | 3 -
.../drm/msm/disp/dpu1/catalog/dpu_1_7_msm8996.h | 4 -
.../gpu/drm/msm/disp/dpu1/catalog/dpu_3_2_sdm660.h | 3 -
.../gpu/drm/msm/disp/dpu1/catalog/dpu_3_3_sdm630.h | 2 -
drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 3 +
drivers/gpu/drm/msm/dsi/dsi_host.c | 9 +-
.../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 7 +
drivers/gpu/drm/nouveau/nouveau_bo.c | 3 +
drivers/gpu/drm/nouveau/nouveau_gem.c | 3 -
drivers/gpu/drm/sti/Makefile | 2 -
drivers/gpu/drm/tiny/repaper.c | 4 +-
drivers/gpu/drm/v3d/v3d_sched.c | 16 ++-
drivers/gpu/drm/virtio/virtgpu_gem.c | 11 +-
drivers/gpu/drm/virtio/virtgpu_plane.c | 20 ++-
drivers/gpu/drm/xe/xe_device_types.h | 1 +
drivers/gpu/drm/xe/xe_dma_buf.c | 5 +-
drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 12 +-
drivers/gpu/drm/xe/xe_guc_ads.c | 75 ++++++-----
drivers/gpu/drm/xe/xe_hmm.c | 24 ----
drivers/gpu/drm/xe/xe_migrate.c | 2 +-
drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 +
drivers/i2c/i2c-atr.c | 2 +-
drivers/infiniband/core/cma.c | 4 +-
drivers/infiniband/core/umem_odp.c | 6 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 10 --
drivers/infiniband/hw/hns/hns_roce_main.c | 2 +-
drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +-
drivers/md/md-bitmap.c | 5 +-
drivers/md/raid10.c | 1 +
drivers/net/can/rockchip/rockchip_canfd-core.c | 7 +-
drivers/net/dsa/b53/b53_common.c | 10 ++
drivers/net/dsa/mv88e6xxx/chip.c | 13 +-
drivers/net/dsa/mv88e6xxx/devlink.c | 3 +-
drivers/net/ethernet/amd/pds_core/debugfs.c | 5 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 4 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 +
drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 3 +
drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 7 +
drivers/net/ethernet/hisilicon/hibmcge/hbg_main.c | 6 +-
drivers/net/ethernet/hisilicon/hibmcge/hbg_reg.h | 3 +
drivers/net/ethernet/intel/igc/igc.h | 1 +
drivers/net/ethernet/intel/igc/igc_defines.h | 6 +-
drivers/net/ethernet/intel/igc/igc_main.c | 1 +
drivers/net/ethernet/intel/igc/igc_ptp.c | 113 ++++++++++------
drivers/net/ethernet/marvell/octeontx2/nic/rep.c | 2 +
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 49 ++++---
drivers/net/ethernet/mediatek/mtk_eth_soc.h | 1 +
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 15 ++-
drivers/net/ethernet/ti/icssg/icss_iep.c | 150 ++++++++++++++-------
drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 +-
drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 3 +-
drivers/net/wireless/ath/ath12k/dp_mon.c | 4 +-
drivers/net/wireless/atmel/at76c50x-usb.c | 2 +-
.../wireless/broadcom/brcm80211/brcmfmac/common.c | 4 +-
.../net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 8 +-
drivers/net/wireless/ti/wl1251/tx.c | 4 +-
drivers/nvme/target/fc.c | 14 --
drivers/nvme/target/pci-epf.c | 74 ++++++----
drivers/pci/pci.c | 4 -
drivers/platform/mellanox/mlxbf-bootctl.c | 4 +-
drivers/platform/x86/amd/pmf/auto-mode.c | 4 +-
drivers/platform/x86/amd/pmf/cnqf.c | 8 +-
drivers/platform/x86/amd/pmf/core.c | 14 ++
drivers/platform/x86/amd/pmf/pmf.h | 1 +
drivers/platform/x86/amd/pmf/sps.c | 12 +-
drivers/platform/x86/amd/pmf/tee-if.c | 6 +-
drivers/platform/x86/asus-laptop.c | 9 +-
drivers/platform/x86/dell/alienware-wmi.c | 56 +++++++-
drivers/platform/x86/msi-wmi-platform.c | 99 +++++++++-----
drivers/ptp/ptp_ocp.c | 1 +
drivers/ras/amd/atl/internal.h | 3 +
drivers/ras/amd/atl/umc.c | 19 ++-
drivers/ras/amd/fmpm.c | 9 +-
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 +-
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 9 +-
drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 +-
drivers/scsi/scsi_transport_iscsi.c | 7 +-
drivers/scsi/smartpqi/smartpqi_init.c | 13 +-
.../intel/int340x_thermal/processor_thermal_rfim.c | 33 ++---
drivers/ufs/host/ufs-exynos.c | 41 ++++--
drivers/ufs/host/ufs-exynos.h | 5 +-
fs/Kconfig | 1 +
fs/btrfs/ioctl.c | 2 +
fs/btrfs/super.c | 3 +-
fs/eventpoll.c | 38 ++++--
fs/fuse/virtio_fs.c | 3 +
fs/hfs/bnode.c | 6 +
fs/hfsplus/bnode.c | 6 +
fs/isofs/export.c | 2 +-
fs/nfs/Kconfig | 2 +-
fs/nfs/internal.h | 7 -
fs/nfs/nfs4session.h | 4 -
fs/nfsd/Kconfig | 1 +
fs/nfsd/nfs4state.c | 2 +-
fs/nfsd/nfsfh.h | 7 -
fs/overlayfs/overlayfs.h | 2 -
fs/overlayfs/super.c | 5 +
fs/smb/client/cifsproto.h | 2 +
fs/smb/client/connect.c | 34 ++---
fs/smb/client/file.c | 28 ++++
fs/smb/server/connection.c | 4 +-
fs/smb/server/oplock.c | 29 ++--
fs/smb/server/oplock.h | 1 -
fs/smb/server/smb2pdu.c | 4 +-
fs/smb/server/transport_ipc.c | 7 +-
fs/smb/server/transport_tcp.c | 14 +-
fs/smb/server/transport_tcp.h | 1 +
fs/smb/server/vfs.c | 3 +-
fs/stat.c | 32 +++--
include/drm/intel/pciids.h | 1 +
include/linux/backing-dev.h | 1 +
include/linux/blkdev.h | 6 +-
include/linux/firmware/cirrus/cs_dsp_test_utils.h | 1 -
include/linux/nfs.h | 7 -
include/uapi/drm/ivpu_accel.h | 4 +-
io_uring/rsrc.c | 17 ++-
kernel/sched/cpufreq_schedutil.c | 46 ++++++-
kernel/trace/ftrace.c | 7 +-
kernel/trace/trace_events_filter.c | 4 +-
lib/alloc_tag.c | 15 ++-
lib/iov_iter.c | 2 +-
lib/string.c | 13 +-
mm/compaction.c | 6 +-
mm/filemap.c | 1 +
mm/gup.c | 4 +-
mm/memory.c | 4 +-
mm/slub.c | 10 ++
mm/userfaultfd.c | 13 +-
mm/vma.c | 38 +++++-
mm/vma.h | 9 +-
net/bluetooth/hci_event.c | 5 +-
net/bluetooth/l2cap_core.c | 21 ++-
net/bridge/br_vlan.c | 4 +-
net/dsa/dsa.c | 59 ++++++--
net/dsa/tag_8021q.c | 2 +-
net/ethtool/cmis_cdb.c | 2 +-
net/ipv6/route.c | 1 +
net/mac80211/iface.c | 3 +
net/mctp/af_mctp.c | 3 +
net/netfilter/nf_flow_table_core.c | 10 +-
net/openvswitch/flow_netlink.c | 3 +-
net/smc/af_smc.c | 5 +
rust/Makefile | 2 +-
rust/helpers/io.c | 34 ++---
scripts/Makefile.compiler | 4 +-
scripts/generate_rust_analyzer.py | 12 +-
sound/pci/hda/Kconfig | 4 +-
sound/pci/hda/patch_realtek.c | 23 ++--
sound/soc/codecs/cs42l43-jack.c | 3 +
sound/soc/codecs/lpass-wsa-macro.c | 139 +++++++++++++------
sound/soc/dwc/dwc-i2s.c | 13 +-
sound/soc/fsl/fsl_qmc_audio.c | 3 +
sound/soc/intel/avs/pcm.c | 3 +-
sound/soc/intel/boards/sof_sdw.c | 1 +
sound/soc/qcom/lpass.h | 3 +-
tools/net/ynl/pyynl/ynl_gen_c.py | 69 +++++++---
tools/objtool/check.c | 1 +
tools/perf/util/evsel.c | 22 ---
tools/testing/kunit/qemu_configs/sh.py | 4 +-
tools/testing/selftests/mincore/mincore_selftest.c | 16 +--
.../selftests/mm/charge_reserved_hugetlb.sh | 4 +-
.../selftests/mm/hugetlb_reparenting_test.sh | 2 +-
tools/testing/shared/linux.c | 4 +-
250 files changed, 2269 insertions(+), 1331 deletions(-)
5 months
- 19
- 261
[PATCH v4 1/2] staging: iio: frequency: ad9832: Use SLEEP bit instead of RESET to disable output
by Gabriel Shahrouzi
According to the AD9832 datasheet (Table 10, D12 description), setting
the RESET bit forces the phase accumulator to zero, which corresponds to
a full-scale DC output, rather than disabling the output signal.
The correct way to disable the output and enter a low-power state is to
set the AD9832_SLEEP bit (Table 10, D13 description), which powers down
the internal DAC current sources and disables internal clocks.
Fixes: ea707584bac1 ("Staging: IIO: DDS: AD9832 / AD9835 driver")
Cc: stable(a)vger.kernel.org
Signed-off-by: Gabriel Shahrouzi <gshahrouzi(a)gmail.com>
---
v3 -> v4:
- Rebase changes ontop of most recent changes.
v2 -> v3:
v1 -> v2:
---
drivers/staging/iio/frequency/ad9832.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/iio/frequency/ad9832.c b/drivers/staging/iio/frequency/ad9832.c
index 49388da5a684a..2e555084ff98a 100644
--- a/drivers/staging/iio/frequency/ad9832.c
+++ b/drivers/staging/iio/frequency/ad9832.c
@@ -236,7 +236,7 @@ static ssize_t ad9832_write(struct device *dev, struct device_attribute *attr,
if (val)
st->ctrl_src &= ~(AD9832_RESET | AD9832_SLEEP | AD9832_CLR);
else
- st->ctrl_src |= FIELD_PREP(AD9832_RESET, 1);
+ st->ctrl_src |= FIELD_PREP(AD9832_SLEEP, 1);
st->data = cpu_to_be16(FIELD_PREP(AD9832_CMD_MSK, AD9832_CMD_SLEEPRESCLR) |
st->ctrl_src);
--
2.43.0
5 months
- 2
- 1
[PATCH 6.6 000/393] 6.6.88-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.6.88 release.
There are 393 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 25 Apr 2025 14:25:27 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.88-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.6.88-rc1
Karolina Stolarek <karolina.stolarek(a)intel.com>
drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled
Haisu Wang <haisuwang(a)tencent.com>
btrfs: fix the length of reserved qgroup to free
WangYuli <wangyuli(a)uniontech.com>
MIPS: ds1287: Match ds1287_set_base_clock() function types
WangYuli <wangyuli(a)uniontech.com>
MIPS: cevt-ds1287: Add missing ds1287.h include
WangYuli <wangyuli(a)uniontech.com>
MIPS: dec: Declare which_prom() as static
Jan Stancek <jstancek(a)redhat.com>
sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
Jan Stancek <jstancek(a)redhat.com>
sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
Jan Stancek <jstancek(a)redhat.com>
sign-file,extract-cert: move common SSL helper functions to a header
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
WangYuli <wangyuli(a)uniontech.com>
nvmet-fc: Remove unused functions
Mickaël Salaün <mic(a)digikod.net>
landlock: Add the errata interface
Hersen Wu <hersenxs.wu(a)amd.com>
drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit
Ping-Ke Shih <pkshih(a)realtek.com>
wifi: rtw89: pci: add pre_deinit to be called after probe complete
Boris Burkov <boris(a)bur.io>
btrfs: fix qgroup reserve leaks in cow_file_range
GONG Ruiqi <gongruiqi1(a)huawei.com>
usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
Dan Carpenter <dan.carpenter(a)linaro.org>
usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
Yuli Wang <wangyuli(a)uniontech.com>
LoongArch: Eliminate superfluous get_numa_distances_cnt()
Nathan Lynch <nathanl(a)linux.ibm.com>
powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
Chunguang.xu <chunguang.xu(a)shopee.com>
nvme-rdma: unquiesce admin_q before destroy it
Maksim Davydov <davydov-max(a)yandex-team.ru>
x86/split_lock: Fix the delayed detection logic
Vishal Annapurve <vannapurve(a)google.com>
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
Roger Pau Monne <roger.pau(a)citrix.com>
x86/xen: fix memblock_reserve() usage on PVH
Roger Pau Monne <roger.pau(a)citrix.com>
x86/xen: move xen_reserve_extra_memory()
Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com>
efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
Piotr Jaroszynski <pjaroszynski(a)nvidia.com>
Fix mmu notifiers for range-based invalidates
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
Geliang Tang <geliang.tang(a)suse.com>
selftests: mptcp: add mptcp_lib_wait_local_port_listen
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: sockopt: fix getting freebind & transparent
Yu Kuai <yukuai3(a)huawei.com>
md: fix mddev uaf while iterating all_mddevs list
Nathan Chancellor <nathan(a)kernel.org>
kbuild: Add '-fno-builtin-wcslen'
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: Reference count policy in cpufreq_update_limits()
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring/net: fix accept multishot handling
Jani Nikula <jani.nikula(a)intel.com>
drm/i915/gvt: fix unterminated-string-initialization warning
Rolf Eike Beer <eb(a)emlix.com>
drm/sti: remove duplicate object names
Chris Bainbridge <chris.bainbridge(a)gmail.com>
drm/nouveau: prime: fix ttm_bo_delayed_delete oops
Matthew Auld <matthew.auld(a)intel.com>
drm/amdgpu/dma_buf: fix page_link check
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/smu11: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm/powerplay: Prevent division by zero
Denis Arefev <arefev(a)swemel.ru>
drm/amd/pm: Prevent division by zero
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Handle being compiled without SI or CIK support better
Akhil P Oommen <quic_akhilpo(a)quicinc.com>
drm/msm/a6xx: Fix stale rpmh votes from GPU
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
drm/repaper: fix integer overflows in repeat functions
Kan Liang <kan.liang(a)linux.intel.com>
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
Kan Liang <kan.liang(a)linux.intel.com>
perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
Kan Liang <kan.liang(a)linux.intel.com>
perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
Dapeng Mi <dapeng1.mi(a)linux.intel.com>
perf/x86/intel: Allow to update user space GPRs from PEBS records
Sharath Srinivasan <sharath.srinivasan(a)oracle.com>
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
Peter Griffin <peter.griffin(a)linaro.org>
scsi: ufs: exynos: Ensure consistent phy reference counts
Chandrakanth Patil <chandrakanth.patil(a)broadcom.com>
scsi: megaraid_sas: Block zero-length ATA VPD inquiry
Ard Biesheuvel <ardb(a)kernel.org>
x86/boot/sev: Avoid shared GHCB page for early memory acceptance
Sandipan Das <sandipan.das(a)amd.com>
x86/cpu/amd: Fix workaround for erratum 1054
Borislav Petkov (AMD) <bp(a)alien8.de>
x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches
Xiangsheng Hou <xiangsheng.hou(a)mediatek.com>
virtiofs: add filesystem context source name check
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Fix filter string testing
Peter Collingbourne <pcc(a)google.com>
string: Add load_unaligned_zeropad() code path to sized_strscpy()
Chunjie Zhu <chunjie.zhu(a)cloud.com>
smb3 client: fix open hardlink on deferred close file error
Mark Brown <broonie(a)kernel.org>
selftests/mm: generate a temporary mountpoint for cgroup filesystem
Nathan Chancellor <nathan(a)kernel.org>
riscv: Avoid fortify warning in syscall_get_arguments()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
Revert "smb: client: fix TCP timers deadlock after rmmod"
Kuniyuki Iwashima <kuniyu(a)amazon.com>
Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free"
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix the warning from __kernel_write_iter
Denis Arefev <arefev(a)swemel.ru>
ksmbd: Prevent integer overflow in calculation of deadtime
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix use-after-free in smb_break_all_levII_oplock()
Sean Heelan <seanheelan(a)gmail.com>
ksmbd: Fix dangling pointer in krb_authenticate
Miklos Szeredi <mszeredi(a)redhat.com>
ovl: don't allow datadir only
Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
mm: fix apply_to_existing_page_range()
Vishal Moola (Oracle) <vishal.moola(a)gmail.com>
mm: fix filemap_get_folios_contig returning batches of identical folios
Baoquan He <bhe(a)redhat.com>
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
loop: LOOP_SET_FD: send uevents for partitions
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
loop: properly send KOBJ_CHANGED uevent for disk device
Edward Adam Davis <eadavis(a)qq.com>
isofs: Prevent the use of too small fid
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
i2c: cros-ec-tunnel: defer probe if parent EC is not present
Vasiliy Kovalev <kovalev(a)altlinux.org>
hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: caam/qi - Fix drv_ctx refcount bug
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: Avoid using inconsistent policy->min and policy->max
Johannes Kimmel <kernel(a)bareminimum.eu>
btrfs: correctly escape subvol in btrfs_show_options()
Kees Cook <kees(a)kernel.org>
Bluetooth: vhci: Avoid needless snprintf() calls
Frédéric Danis <frederic.danis(a)collabora.com>
Bluetooth: l2cap: Process valid commands in too long frame
Menglong Dong <menglong8.dong(a)gmail.com>
ftrace: fix incorrect hash size in register_ftrace_direct()
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
i2c: atr: Fix wrong include
Li Lingfeng <lilingfeng3(a)huawei.com>
nfsd: decrease sc_count directly if fail to queue dl_recall
Eric Biggers <ebiggers(a)google.com>
nfs: add missing selections of CONFIG_CRC32
Denis Arefev <arefev(a)swemel.ru>
asus-laptop: Fix an uninitialized variable
Evgeny Pimenov <pimenoveu12(a)gmail.com>
ASoC: qcom: Fix sc7280 lpass potential buffer overflow
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
Alex Williamson <alex.williamson(a)redhat.com>
Revert "PCI: Avoid reset when disabled via sysfs"
Andreas Gruenbacher <agruenba(a)redhat.com>
writeback: fix false warning in inode_to_wb()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
WangYuli <wangyuli(a)uniontech.com>
riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
WangYuli <wangyuli(a)uniontech.com>
riscv: KGDB: Do not inline arch_kgdb_breakpoint()
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
kunit: qemu_configs: SH: Respect kunit cmdline
Björn Töpel <bjorn(a)rivosinc.com>
riscv: Properly export reserved regions in /proc/iomem
Bo-Cun Chen <bc-bocun.chen(a)mediatek.com>
net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings
Bo-Cun Chen <bc-bocun.chen(a)mediatek.com>
net: ethernet: mtk_eth_soc: correct the max weight of the queue limit for 100Mbps
Meghana Malladi <m-malladi(a)ti.com>
net: ti: icss-iep: Fix possible NULL pointer dereference for perout request
Meghana Malladi <m-malladi(a)ti.com>
net: ti: icss-iep: Add phase offset configuration for perout signal
Meghana Malladi <m-malladi(a)ti.com>
net: ti: icss-iep: Add pwidth configuration for perout signal
Sagi Maimon <maimon.sagi(a)gmail.com>
ptp: ocp: fix start time alignment in ptp_ocp_signal_set
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: free routing table on probe failure
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: clean up FDB, MDB, VLAN entries on unbind
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
Jonas Gorski <jonas.gorski(a)gmail.com>
net: bridge: switchdev: do not notify new brentries as changed
Jonas Gorski <jonas.gorski(a)gmail.com>
net: b53: enable BPDU reception for management port
Jakub Kicinski <kuba(a)kernel.org>
netlink: specs: rt-link: adjust mctp attribute naming
Jakub Kicinski <kuba(a)kernel.org>
netlink: specs: rt-link: add an attr layer around alt-ifname
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl-gen: individually free previous values on double set
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl-gen: store recursive nests by a pointer
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl-gen: re-sort ignoring recursive nests
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl-gen: record information about recursive nests
Jakub Kicinski <kuba(a)kernel.org>
tools: ynl-gen: track attribute use
Abdun Nihaal <abdun.nihaal(a)gmail.com>
cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
Niklas Cassel <cassel(a)kernel.org>
ata: libata-sata: Save all fields from sense data descriptor
Michael Walle <mwalle(a)kernel.org>
net: ethernet: ti: am65-cpsw: fix port_np reference counting
Alexander Sverdlin <alexander.sverdlin(a)siemens.com>
net: ethernet: ti: am65-cpsw-nuss: rename phy_node -> port_np
Abdun Nihaal <abdun.nihaal(a)gmail.com>
net: ngbe: fix memory leak in ngbe_probe() error path
Ilya Maximets <i.maximets(a)ovn.org>
net: openvswitch: fix nested key length validation in the set() action
Zheng Qixing <zhengqixing(a)huawei.com>
block: fix resource leak in blk_register_queue() error path
Matt Johnston <matt(a)codeconstruct.com.au>
net: mctp: Set SOCK_RCU_FREE
Abdun Nihaal <abdun.nihaal(a)gmail.com>
pds_core: fix memory leak in pdsc_debugfs_add_qcq()
Matthew Wilcox (Oracle) <willy(a)infradead.org>
test suite: use %zu to print size_t
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: add lock preventing multiple simultaneous PTM transactions
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: cleanup PTP module if probe fails
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: handle the IGC_PTP_ENABLED flag correctly
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: move ktime snapshot into PTM retry loop
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: increase wait time before retrying PTM
Christopher S M Hall <christopher.s.hall(a)intel.com>
igc: fix PTM cycle trigger logic
Johannes Berg <johannes.berg(a)intel.com>
Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Frédéric Danis <frederic.danis(a)collabora.com>
Bluetooth: l2cap: Check encryption key size on incoming connection
Dan Carpenter <dan.carpenter(a)linaro.org>
Bluetooth: btrtl: Prevent potential NULL dereference
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
Shay Drory <shayd(a)nvidia.com>
RDMA/core: Silence oversized kvmalloc() warning
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: cs42l43: Reset clamp override on jack removal
Chengchang Tang <tangchengchang(a)huawei.com>
RDMA/hns: Fix wrong maximum DMA segment size
Yue Haibing <yuehaibing(a)huawei.com>
RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
Giuseppe Scrivano <gscrivan(a)redhat.com>
ovl: remove unused forward declaration
Henry Martin <bsdhenrymartin(a)gmail.com>
ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
Brady Norander <bradynorander(a)gmail.com>
ASoC: dwc: always enable/disable i2s irqs
Zheng Qixing <zhengqixing(a)huawei.com>
md/md-bitmap: fix stats collection for external bitmaps
Yu Kuai <yukuai3(a)huawei.com>
md/raid10: fix missing discard IO accounting
Miaoqian Lin <linmq006(a)gmail.com>
scsi: iscsi: Fix missing scsi_host_put() in error path
Abdun Nihaal <abdun.nihaal(a)gmail.com>
wifi: wl1251: fix memory leak in wl1251_tx_work
Remi Pommarel <repk(a)triplefau.lt>
wifi: mac80211: Purge vif txq in ieee80211_do_stop()
Remi Pommarel <repk(a)triplefau.lt>
wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
Abdun Nihaal <abdun.nihaal(a)gmail.com>
wifi: at76c50x: fix use after free access in at76_disconnect
Xingui Yang <yangxingui(a)huawei.com>
scsi: hisi_sas: Enable force phy when SATA disk directly connected
Kaixin Wang <kxwang23(a)m.fudan.edu.cn>
HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
Arseniy Krasnov <avkrasnov(a)salutedevices.com>
Bluetooth: hci_uart: Fix another race during initialization
Arnd Bergmann <arnd(a)arndb.de>
media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions()
Yi Liu <yi.l.liu(a)intel.com>
iommufd: Fail replace if device has not been attached
Nathan Chancellor <nathan(a)kernel.org>
ACPI: platform-profile: Fix CFI violation when accessing sysfs files
Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists
Cong Liu <liucong2(a)kylinos.cn>
selftests: mptcp: fix incorrect fd checks in main_loop
Geliang Tang <tanggeliang(a)kylinos.cn>
selftests: mptcp: close fd_in before returning in main_loop
Stephan Gerhold <stephan.gerhold(a)linaro.org>
pinctrl: qcom: Clear latched interrupt status when changing IRQ type
Stefan Eichenberger <stefan.eichenberger(a)toradex.com>
phy: freescale: imx8m-pcie: assert phy reset and perst in power off
Ma Ke <make24(a)iscas.ac.cn>
PCI: Fix reference leak in pci_alloc_child_bus()
Stanimir Varbanov <svarbanov(a)suse.de>
PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakages in of_irq_init()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakages in of_irq_count()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakage in API of_irq_parse_one()
Fedor Pchelkin <pchelkin(a)ispras.ru>
ntb: use 64-bit arithmetic for the MSI doorbell mask
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Explicitly zero-initialize on-stack CPUID unions
Joshua Washington <joshwash(a)google.com>
gve: handle overflow when reporting TX consumed descriptors
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
gpio: zynq: Fix wakeup source leaks on device unbind
Guixin Liu <kanie(a)linux.alibaba.com>
gpio: tegra186: fix resource handling in ACPI probe path
zhoumin <teczm(a)foxmail.com>
ftrace: Add cond_resched() to ftrace_graph_set_hash()
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg'
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg'
Mikulas Patocka <mpatocka(a)redhat.com>
dm-verity: fix prefetch-vs-suspend race
Mikulas Patocka <mpatocka(a)redhat.com>
dm-integrity: set ti->error on memory allocation failure
Mikulas Patocka <mpatocka(a)redhat.com>
dm-ebs: fix prefetch-vs-suspend race
Tom Lendacky <thomas.lendacky(a)amd.com>
crypto: ccp - Fix check for the primary ASP device
Taniya Das <quic_tdas(a)quicinc.com>
clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: gdsc: Release pm subdomains in reverse add order
Ajit Pandey <quic_ajipan(a)quicinc.com>
clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks
Pali Rohár <pali(a)kernel.org>
cifs: Ensure that all non-client-specific reparse points are processed by the server
Roman Smirnov <r.smirnov(a)omp.ru>
cifs: fix integer overflow in match_server()
Alexandra Diupina <adiupina(a)astralinux.ru>
cifs: avoid NULL pointer dereference in dbg call
Trevor Woerner <twoerner(a)gmail.com>
thermal/drivers/rockchip: Add missing rk3328 mapping entry
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Do not add length to print format in synthetic events
Roger Pau Monne <roger.pau(a)citrix.com>
x86/xen: fix balloon target initialization for PVH dom0
Ricardo Cañuelo Navarro <rcn(a)igalia.com>
sctp: detect and prevent references to a freed transport in sendmsg
Marc Herbert <Marc.Herbert(a)linux.intel.com>
mm/hugetlb: move hugetlb_sysctl_init() to the __init section
Shuai Xue <xueshuai(a)linux.alibaba.com>
mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
Peter Xu <peterx(a)redhat.com>
mm/userfaultfd: fix release hang over concurrent GUP
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
mm/mremap: correctly handle partial mremap() of VMA starting at 0
Ryan Roberts <ryan.roberts(a)arm.com>
mm: fix lazy mmu docs and usage
Jane Chu <jane.chu(a)oracle.com>
mm: make page_mapped_in_vma() hugetlb walk aware
David Hildenbrand <david(a)redhat.com>
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
Ryan Roberts <ryan.roberts(a)arm.com>
sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes
Ryan Roberts <ryan.roberts(a)arm.com>
sparc/mm: disable preemption in lazy mmu mode
Nicolin Chen <nicolinc(a)nvidia.com>
iommufd: Fix uninitialized rc in iommufd_access_rw()
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: fix zone finishing with missing devices
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: fix zone activation with missing devices
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers
Herve Codina <herve.codina(a)bootlin.com>
backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
Zhenhua Huang <quic_zhenhuah(a)quicinc.com>
arm64: mm: Correct the update of max_pfn
Wentao Liang <vulab(a)iscas.ac.cn>
mtd: rawnand: Add status chack in r852_ready()
Wentao Liang <vulab(a)iscas.ac.cn>
mtd: inftlcore: Add error check for inftl_read_oob()
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: only inc MPJoinAckHMacFailure for HMAC failures
Gang Yan <yangang(a)kylinos.cn>
mptcp: fix NULL pointer in can_accept_new_subflow
T Pratham <t-pratham(a)ti.com>
lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets
Boqun Feng <boqun.feng(a)gmail.com>
locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
Kartik Rajput <kkartik(a)nvidia.com>
mailbox: tegra-hsp: Define dimensioning masks in SoC data
Chenyuan Yang <chenyuan0y(a)gmail.com>
mfd: ene-kb3930: Fix a potential NULL pointer dereference
Abel Vesa <abel.vesa(a)linaro.org>
leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs
Abel Vesa <abel.vesa(a)linaro.org>
leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
Jan Kara <jack(a)suse.cz>
jbd2: remove wrong sb->s_sequence check
Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com>
i3c: Add NULL pointer check in i3c_master_queue_ibi()
Stanley Chu <yschu(a)nuvoton.com>
i3c: master: svc: Use readsb helper for reading MDB
Steve French <stfrench(a)microsoft.com>
smb311 client: fix missing tcon check when mounting with linux/posix extensions
Chenyuan Yang <chenyuan0y(a)gmail.com>
soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
tpm: do not start chip while suspended
Jan Kara <jack(a)suse.cz>
udf: Fix inode_getblk() return value
Si-Wei Liu <si-wei.liu(a)oracle.com>
vdpa/mlx5: Fix oversized null mkey longer than 32bit
Yeongjin Gil <youngjin.gil(a)samsung.com>
f2fs: fix to avoid atomicity corruption of atomic file
Artem Sadovnikov <a.sadovnikov(a)ispras.ru>
ext4: fix off-by-one error in do_split
Jeff Hugo <quic_jhugo(a)quicinc.com>
bus: mhi: host: Fix race between unprepare and queue_buf
Alexey Klimov <alexey.klimov(a)linaro.org>
ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: q6apm: add q6apm_get_hw_pointer helper
Jens Axboe <axboe(a)kernel.dk>
io_uring/kbuf: reject zero sized provided buffers
Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru>
wifi: mac80211: fix integer overflow in hwmp_route_info_get()
Haoxiang Li <haoxiang_li2024(a)163.com>
wifi: mt76: Add check for devm_kstrdup()
Alexandre Torgue <alexandre.torgue(a)foss.st.com>
clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
mtd: Replace kcalloc() with devm_kcalloc()
Marek Behún <kabel(a)kernel.org>
net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
mtd: Add check for devm_kcalloc()
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: sockopt: fix getting IPV6_V6ONLY
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: imx219: Rectify runtime PM handling in probe and remove
Vikash Garodia <quic_vgarodia(a)quicinc.com>
media: venus: hfi_parser: refactor hfi packet parsing logic
Vikash Garodia <quic_vgarodia(a)quicinc.com>
media: venus: hfi_parser: add check to avoid out of bound access
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: ov7251: Set enable GPIO low in probe
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: ccs: Set the device's runtime PM status correctly in probe
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: ccs: Set the device's runtime PM status correctly in remove
Karina Yankevich <k.yankevich(a)omp.ru>
media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: platform: stm32: Add check for clk_enable()
Nicolas Dufresne <nicolas.dufresne(a)collabora.com>
media: visl: Fix ERANGE error when setting enum controls
Murad Masimov <m.masimov(a)mt-integration.ru>
media: streamzap: prevent processing IR data on URB failure
Jonathan McDowell <noodles(a)meta.com>
tpm, tpm_tis: Fix timeout handling when waiting for TPM status
Kamal Dasu <kamal.dasu(a)broadcom.com>
mtd: rawnand: brcmnand: fix PM resume warning
Miquel Raynal <miquel.raynal(a)bootlin.com>
spi: cadence-qspi: Fix probe on AM62A LP SK
Will Deacon <will(a)kernel.org>
KVM: arm64: Tear down vGIC on failed vCPU creation
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
Douglas Anderson <dianders(a)chromium.org>
arm64: cputype: Add MIDR_CORTEX_A76AE
Jan Beulich <jbeulich(a)suse.com>
xenfs/xensyms: respect hypervisor's "next" indication
Yuan Can <yuancan(a)huawei.com>
media: siano: Fix error handling in smsdvb_module_init()
Matthew Majewski <mattwmajewski(a)gmail.com>
media: vim2m: print device name after registering device
Vikash Garodia <quic_vgarodia(a)quicinc.com>
media: venus: hfi: add check to handle incorrect queue size
Vikash Garodia <quic_vgarodia(a)quicinc.com>
media: venus: hfi: add a check to handle OOB in sfr region
Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se>
media: i2c: adv748x: Fix test pattern selection mask
Arnd Bergmann <arnd(a)arndb.de>
media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization
Alain Volmat <alain.volmat(a)foss.st.com>
dt-bindings: media: st,stmipid02: correct lane-polarities maxItems
Jann Horn <jannh(a)google.com>
ext4: don't treat fhandle lookup of ea_inode as FS corruption
Willem de Bruijn <willemb(a)google.com>
bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: fsl-ftm: Handle clk_get_rate() returning 0
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: rcar: Improve register calculation
Josh Poimboeuf <jpoimboe(a)kernel.org>
pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
Jonathan McDowell <noodles(a)meta.com>
tpm, tpm_tis: Workaround failed command reception on Infineon devices
Ayush Jain <Ayush.jain3(a)amd.com>
ktest: Fix Test Failures Due to Missing LOG_FILE Directories
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing: probe-events: Add comments about entry data storing code
Leonid Arapov <arapovl839(a)gmail.com>
fbdev: omapfb: Add 'plane' value check
Christian König <christian.koenig(a)amd.com>
drm/amdgpu: grab an additional reference on the gang fence v2
Ryo Takakura <ryotkkr98(a)gmail.com>
PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
Wentao Liang <vulab(a)iscas.ac.cn>
drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: debugfs hang_hws skip GPU with MES
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: Fix mode1 reset crash issue
David Yat Sin <David.YatSin(a)amd.com>
drm/amdkfd: clamp queue size to minimum
Lucas De Marchi <lucas.demarchi(a)intel.com>
drivers: base: devres: Allow to release group on device release
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
drm/bridge: panel: forbid initializing a panel with unknown connector type
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add new quirk for GPD Win 2
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add support for AYANEO 2S
Brendan Tam <Brendan.Tam(a)amd.com>
drm/amd/display: add workaround flag to link to force FFE preset
Zhikai Zhai <zhikai.zhai(a)amd.com>
drm/amd/display: Update Cursor request mode to the beginning prefetch always
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm: allow encoder mode_set even when connectors change for crtc
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Bluetooth: qca: simplify WCN399x NVM loading
Arseniy Krasnov <avkrasnov(a)salutedevices.com>
Bluetooth: hci_uart: fix race during initialization
Gabriele Paoloni <gpaoloni(a)redhat.com>
tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER
Stanislav Fomichev <sdf(a)fomichev.me>
net: vlan: don't propagate flags on open
Icenowy Zheng <uwu(a)icenowy.me>
wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
Kai Mäkisara <Kai.Makisara(a)kolumbus.fi>
scsi: st: Fix array overflow in st_setup()
Philipp Hahn <phahn-oss(a)avm.de>
cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk
Bhupesh <bhupesh(a)igalia.com>
ext4: ignore xattrs past end
Chao Yu <chao(a)kernel.org>
Revert "f2fs: rebuild nat_bits during umount"
Ojaswin Mujoo <ojaswin(a)linux.ibm.com>
ext4: protect ext4_release_dquot against freezing
Daniel Kral <d.kral(a)proxmox.com>
ahci: add PCI ID for Marvell 88SE9215 SATA Controller
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
Manish Dharanenthiran <quic_mdharane(a)quicinc.com>
wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
Birger Koblitz <mail(a)birger-koblitz.de>
net: sfp: add quirk for 2.5G OEM BX SFP
Niklas Cassel <cassel(a)kernel.org>
ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
Edward Adam Davis <eadavis(a)qq.com>
jfs: add sanity check for agwidth in dbMount
Edward Adam Davis <eadavis(a)qq.com>
jfs: Prevent copying of nlink with value 0 from disk inode
Rand Deeb <rand.sec96(a)gmail.com>
fs/jfs: Prevent integer overflow in AG size calculation
Rand Deeb <rand.sec96(a)gmail.com>
fs/jfs: cast inactags to s64 to prevent potential overflow
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
jfs: Fix uninit-value access of imap allocated in the diMount() function
Jason Xing <kerneljasonxing(a)gmail.com>
page_pool: avoid infinite loop to schedule delayed worker
Max Schulze <max.schulze(a)online.de>
net: usb: asix_devices: add FiberGecko DeviceID
Chaohai Chen <wdhh66(a)163.com>
scsi: target: spc: Fix RSOC parameter data header size
Chao Yu <chao(a)kernel.org>
f2fs: don't retry IO for corrupted data scenario
P Praneesh <quic_ppranees(a)quicinc.com>
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
Syed Saba kareem <syed.sabakareem(a)amd.com>
ASoC: amd: yc: update quirk data for new Lenovo model
keenplify <keenplify(a)gmail.com>
ASoC: amd: Add DMI quirk for ACP6X mic support
Ricard Wanderlof <ricard2013(a)butoba.net>
ALSA: usb-audio: Fix CME quirk for UF series keyboards
Kaustabh Chakraborty <kauschluss(a)disroot.org>
mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Add quirk for Actions UVC05
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_audmix: register card device depends on 'dais' property
Maxim Mikityanskiy <maxtram95(a)gmail.com>
ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
Maxim Mikityanskiy <maxtram95(a)gmail.com>
ALSA: hda: intel: Fix Optimus when GPU has no sound
Tomasz Pakuła <forest10pl(a)gmail.com>
HID: pidff: Fix null pointer dereference in pidff_find_fields
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add PERIODIC_SINE_ONLY quirk
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: Add hid-universal-pidff driver and supported device ids
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add FIX_WHEEL_DIRECTION quirk
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add PERMISSIVE_CONTROL quirk
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add MISSING_PBO quirk and its detection
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add MISSING_DELAY quirk and its detection
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Do not send effect envelope if it's empty
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Convert infinite length from Linux API to PID standard
Zhang Heng <zhangheng(a)kylinos.cn>
ASoC: SOF: topology: Use krealloc_array() to replace krealloc()
Ingo Molnar <mingo(a)kernel.org>
zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault
Kees Cook <kees(a)kernel.org>
xen/mcelog: Add __nonstring annotations for unterminated strings
Douglas Anderson <dianders(a)chromium.org>
arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
Mark Rutland <mark.rutland(a)arm.com>
perf: arm_pmu: Don't disable counter in armpmu_add()
Max Grobecker <max(a)grobecker.info>
x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine
Xin Li (Intel) <xin(a)zytor.com>
x86/ia32: Leave NULL selector values 0~3 unchanged
Matthew Wilcox (Oracle) <willy(a)infradead.org>
x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
pm: cpupower: bench: Prevent NULL dereference on malloc failure
Trond Myklebust <trond.myklebust(a)hammerspace.com>
umount: Allow superblock owners to force umount
Mateusz Guzik <mjguzik(a)gmail.com>
fs: consistently deref the files table with rcu_dereference_raw()
Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com>
iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
Florian Westphal <fw(a)strlen.de>
nft_set_pipapo: fix incorrect avx2 match of 5th field octet
Arnaud Lecomte <contact(a)arnaud-lcm.com>
net: ppp: Add bound checking for skb data on ppp_sync_txmung
Ido Schimmel <idosch(a)nvidia.com>
ipv6: Align behavior across nexthops during path selection
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: move the limit validation
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: use a temporary work area for validating configuration
Daniel Wagner <wagi(a)kernel.org>
nvmet-fcloop: swap list_add_tail arguments
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/i915/huc: Fix fence not released on early probe errors
Wentao Liang <vulab(a)iscas.ac.cn>
ata: sata_sx4: Add error handling in pdc20621_i2c_read()
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: libwx: handle page_pool_dev_alloc_pages error
Maxime Ripard <mripard(a)kernel.org>
drm/tests: probe-helper: Fix drm_display_mode memory leak
Maxime Ripard <mripard(a)kernel.org>
drm/tests: modes: Fix drm_display_mode memory leak
Maxime Ripard <mripard(a)kernel.org>
drm/tests: cmdline: Fix drm_display_mode memory leak
Maxime Ripard <mripard(a)kernel.org>
drm/tests: helpers: Create kunit helper to destroy a drm_display_mode
Yu-Chun Lin <eleanor15x(a)gmail.com>
drm/tests: helpers: Fix compiler warning
Jinjie Ruan <ruanjinjie(a)huawei.com>
drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic()
Maxime Ripard <mripard(a)kernel.org>
drm/tests: Add helper to create mock crtc
Maxime Ripard <mripard(a)kernel.org>
drm/tests: Add helper to create mock plane
Maxime Ripard <mripard(a)kernel.org>
drm/tests: helpers: Add atomic helpers
Maxime Ripard <mripard(a)kernel.org>
drm/tests: modeset: Fix drm_display_mode memory leak
Maxime Chevallier <maxime.chevallier(a)bootlin.com>
net: ethtool: Don't call .cleanup_data when prepare_data fails
Toke Høiland-Jørgensen <toke(a)redhat.com>
tc: Ensure we have enough buffer space when sending filter netlink notifications
Pedro Tammela <pctammela(a)mojatatu.com>
net/sched: cls_api: conditional notification of events
Victor Nogueira <victor(a)mojatatu.com>
rtnl: add helper to check if a notification is needed
Jamal Hadi Salim <jhs(a)mojatatu.com>
rtnl: add helper to check if rtnl group has listeners
Hariprasad Kelam <hkelam(a)marvell.com>
octeontx2-pf: qos: fix VF root node parent queue index
Jakub Kicinski <kuba(a)kernel.org>
net: tls: explicitly disallow disconnect
Cong Wang <xiyou.wangcong(a)gmail.com>
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Tung Nguyen <tung.quang.nguyen(a)est.tech>
tipc: fix memory leak in tipc_link_xmit
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret()
Henry Martin <bsdhenrymartin(a)gmail.com>
ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
Badal Nilawar <badal.nilawar(a)intel.com>
drm/i915: Disable RPG during live selftest
Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com>
drm/i915/dg2: wait for HuC load completion before running selftests
Harish Chegondi <harish.chegondi(a)intel.com>
drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+
Jani Nikula <jani.nikula(a)intel.com>
drm/i915/mocs: use to_gt() instead of direct &i915->gt
Edward Liaw <edliaw(a)google.com>
selftests/futex: futex_waitv wouldblock test should fail
-------------
Diffstat:
.../bindings/arm/qcom,coresight-tpda.yaml | 3 +-
.../bindings/arm/qcom,coresight-tpdm.yaml | 3 +-
.../bindings/media/i2c/st,st-mipid02.yaml | 2 +-
Documentation/netlink/specs/rt_link.yaml | 14 +-
MAINTAINERS | 1 +
Makefile | 7 +-
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +-
arch/arm64/include/asm/cputype.h | 4 +
arch/arm64/include/asm/spectre.h | 1 -
arch/arm64/include/asm/tlbflush.h | 22 ++-
arch/arm64/kernel/proton-pack.c | 208 +++++++++++---------
arch/arm64/kvm/arm.c | 6 +-
arch/arm64/mm/mmu.c | 3 +-
arch/loongarch/kernel/acpi.c | 12 --
arch/mips/dec/prom/init.c | 2 +-
arch/mips/include/asm/ds1287.h | 2 +-
arch/mips/kernel/cevt-ds1287.c | 1 +
arch/powerpc/kernel/rtas.c | 4 +
arch/riscv/include/asm/kgdb.h | 9 +-
arch/riscv/include/asm/syscall.h | 7 +-
arch/riscv/kernel/kgdb.c | 6 +
arch/riscv/kernel/setup.c | 36 +++-
arch/sparc/include/asm/pgtable_64.h | 2 -
arch/sparc/mm/tlb.c | 5 +-
arch/x86/Kconfig | 1 +
arch/x86/boot/compressed/mem.c | 5 +-
arch/x86/boot/compressed/sev.c | 67 ++-----
arch/x86/boot/compressed/sev.h | 2 +
arch/x86/coco/tdx/tdx.c | 26 ++-
arch/x86/events/intel/ds.c | 8 +-
arch/x86/events/intel/uncore_snbep.c | 107 +----------
arch/x86/include/asm/irqflags.h | 40 ++--
arch/x86/include/asm/paravirt.h | 20 +-
arch/x86/include/asm/paravirt_types.h | 3 +-
arch/x86/include/asm/tdx.h | 4 +-
arch/x86/include/asm/xen/hypervisor.h | 5 -
arch/x86/kernel/cpu/amd.c | 21 +-
arch/x86/kernel/cpu/intel.c | 20 +-
arch/x86/kernel/cpu/microcode/amd.c | 9 +-
arch/x86/kernel/e820.c | 17 +-
arch/x86/kernel/paravirt.c | 14 +-
arch/x86/kernel/process.c | 2 +-
arch/x86/kernel/signal_32.c | 62 ++++--
arch/x86/kvm/cpuid.c | 8 +-
arch/x86/kvm/x86.c | 4 +
arch/x86/mm/pat/set_memory.c | 6 +-
arch/x86/platform/pvh/enlighten.c | 3 -
arch/x86/xen/enlighten.c | 10 +
arch/x86/xen/enlighten_pvh.c | 93 +++++----
arch/x86/xen/setup.c | 3 -
block/blk-sysfs.c | 2 +
certs/Makefile | 2 +-
certs/extract-cert.c | 138 ++++++-------
drivers/acpi/platform_profile.c | 20 +-
drivers/ata/ahci.c | 2 +
drivers/ata/libata-eh.c | 11 +-
drivers/ata/libata-sata.c | 15 ++
drivers/ata/pata_pxa.c | 6 +
drivers/ata/sata_sx4.c | 13 +-
drivers/base/devres.c | 7 +
drivers/block/loop.c | 7 +-
drivers/bluetooth/btqca.c | 13 +-
drivers/bluetooth/btrtl.c | 2 +
drivers/bluetooth/hci_ldisc.c | 19 +-
drivers/bluetooth/hci_uart.h | 1 +
drivers/bluetooth/hci_vhci.c | 10 +-
drivers/bus/mhi/host/main.c | 16 +-
drivers/char/tpm/tpm-chip.c | 5 +
drivers/char/tpm/tpm-interface.c | 7 -
drivers/char/tpm/tpm_tis_core.c | 20 +-
drivers/char/tpm/tpm_tis_core.h | 1 +
drivers/clk/qcom/clk-branch.c | 4 +-
drivers/clk/qcom/gdsc.c | 61 +++---
drivers/clocksource/timer-stm32-lp.c | 4 +-
drivers/cpufreq/cpufreq.c | 40 +++-
drivers/crypto/caam/qi.c | 6 +-
drivers/crypto/ccp/sp-pci.c | 15 +-
drivers/firmware/efi/libstub/efistub.h | 2 +-
drivers/gpio/gpio-tegra186.c | 25 +--
drivers/gpio/gpio-zynq.c | 1 +
drivers/gpu/drm/Kconfig | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 44 +++--
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 +
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 +
drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 ++
.../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +-
drivers/gpu/drm/amd/display/dc/dc.h | 2 +
.../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 +--
drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2 +-
.../display/dc/link/protocols/link_dp_training.c | 2 +
drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 +
.../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +-
.../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +-
.../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 +
drivers/gpu/drm/amd/pm/swsmu/smu11/smu_v11_0.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +-
drivers/gpu/drm/drm_atomic_helper.c | 2 +-
drivers/gpu/drm/drm_panel.c | 5 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 ++++-
drivers/gpu/drm/i915/gt/intel_engine_cs.c | 3 +-
drivers/gpu/drm/i915/gt/intel_mocs.c | 4 +-
drivers/gpu/drm/i915/gt/intel_rc6.c | 19 +-
drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11 +-
drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1 +
drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1 +
drivers/gpu/drm/i915/gvt/opregion.c | 7 +-
drivers/gpu/drm/i915/i915_debugfs.c | 2 +-
drivers/gpu/drm/i915/selftests/i915_selftest.c | 54 +++++-
drivers/gpu/drm/mediatek/mtk_dpi.c | 23 ++-
drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 82 ++++----
drivers/gpu/drm/nouveau/nouveau_bo.c | 3 +
drivers/gpu/drm/nouveau/nouveau_gem.c | 3 -
drivers/gpu/drm/sti/Makefile | 2 -
drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 +
drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10 +-
drivers/gpu/drm/tests/drm_kunit_helpers.c | 213 +++++++++++++++++++++
drivers/gpu/drm/tests/drm_modes_test.c | 22 +++
drivers/gpu/drm/tests/drm_probe_helper_test.c | 8 +-
drivers/gpu/drm/tiny/repaper.c | 4 +-
drivers/hid/Kconfig | 14 ++
drivers/hid/Makefile | 1 +
drivers/hid/hid-ids.h | 31 +++
drivers/hid/hid-universal-pidff.c | 197 +++++++++++++++++++
drivers/hid/usbhid/hid-pidff.c | 173 ++++++++++++-----
drivers/hsi/clients/ssi_protocol.c | 1 +
drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 +
drivers/i2c/i2c-atr.c | 2 +-
drivers/i3c/master.c | 3 +
drivers/i3c/master/svc-i3c-master.c | 2 +-
drivers/infiniband/core/cma.c | 4 +-
drivers/infiniband/core/umem_odp.c | 6 +-
drivers/infiniband/hw/hns/hns_roce_main.c | 2 +-
drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +-
drivers/iommu/iommufd/device.c | 18 +-
drivers/iommu/mtk_iommu.c | 26 +--
drivers/leds/rgb/leds-qcom-lpg.c | 8 +-
drivers/mailbox/tegra-hsp.c | 72 +++++--
drivers/md/dm-ebs-target.c | 7 +
drivers/md/dm-integrity.c | 3 +
drivers/md/dm-verity-target.c | 8 +
drivers/md/md-bitmap.c | 5 +-
drivers/md/md.c | 22 ++-
drivers/md/raid10.c | 1 +
drivers/media/common/siano/smsdvb-main.c | 2 +
drivers/media/i2c/adv748x/adv748x.h | 2 +-
drivers/media/i2c/ccs/ccs-core.c | 6 +-
drivers/media/i2c/imx219.c | 13 +-
drivers/media/i2c/ov7251.c | 4 +-
.../mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +-
.../vcodec/decoder/vdec/vdec_vp9_req_lat_if.c | 3 +-
.../mediatek/vcodec/encoder/venc/venc_h264_if.c | 6 +-
drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++++++---
drivers/media/platform/qcom/venus/hfi_venus.c | 18 +-
drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 +-
drivers/media/rc/streamzap.c | 68 ++++---
drivers/media/test-drivers/vim2m.c | 6 +-
drivers/media/test-drivers/visl/visl-core.c | 12 ++
drivers/media/usb/uvc/uvc_driver.c | 9 +
drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +-
drivers/mfd/ene-kb3930.c | 2 +-
drivers/misc/pci_endpoint_test.c | 6 +-
drivers/mmc/host/dw_mmc.c | 94 ++++++++-
drivers/mmc/host/dw_mmc.h | 27 +++
drivers/mtd/inftlcore.c | 9 +-
drivers/mtd/mtdpstore.c | 12 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +-
drivers/mtd/nand/raw/r852.c | 3 +
drivers/net/dsa/b53/b53_common.c | 10 +
drivers/net/dsa/mv88e6xxx/chip.c | 30 ++-
drivers/net/dsa/mv88e6xxx/devlink.c | 3 +-
drivers/net/ethernet/amd/pds_core/debugfs.c | 5 +-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 +
drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +-
drivers/net/ethernet/intel/igc/igc.h | 1 +
drivers/net/ethernet/intel/igc/igc_defines.h | 6 +-
drivers/net/ethernet/intel/igc/igc_main.c | 1 +
drivers/net/ethernet/intel/igc/igc_ptp.c | 113 +++++++----
drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5 +
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 10 +-
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 19 +-
drivers/net/ethernet/ti/am65-cpsw-nuss.h | 2 +-
drivers/net/ethernet/ti/icssg/icss_iep.c | 150 ++++++++++-----
drivers/net/ethernet/wangxun/libwx/wx_lib.c | 3 +-
drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 3 +-
drivers/net/phy/sfp.c | 2 +
drivers/net/ppp/ppp_synctty.c | 5 +
drivers/net/usb/asix_devices.c | 17 ++
drivers/net/usb/cdc_ether.c | 7 +
drivers/net/usb/r8152.c | 6 +
drivers/net/usb/r8153_ecm.c | 6 +
drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +-
drivers/net/wireless/ath/ath12k/dp_rx.c | 42 +++-
drivers/net/wireless/atmel/at76c50x-usb.c | 2 +-
drivers/net/wireless/mediatek/mt76/eeprom.c | 4 +
drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 +
drivers/net/wireless/realtek/rtw89/core.c | 2 +
drivers/net/wireless/realtek/rtw89/core.h | 6 +
drivers/net/wireless/realtek/rtw89/pci.c | 10 +
drivers/net/wireless/ti/wl1251/tx.c | 4 +-
drivers/ntb/ntb_transport.c | 2 +-
drivers/nvme/host/rdma.c | 8 +-
drivers/nvme/target/fc.c | 14 --
drivers/nvme/target/fcloop.c | 2 +-
drivers/of/irq.c | 78 ++++----
drivers/pci/controller/pcie-brcmstb.c | 13 +-
drivers/pci/controller/vmd.c | 12 +-
drivers/pci/pci.c | 4 -
drivers/pci/probe.c | 5 +-
drivers/perf/arm_pmu.c | 8 +-
drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 ++
drivers/pinctrl/qcom/pinctrl-msm.c | 12 +-
drivers/platform/x86/asus-laptop.c | 9 +-
drivers/ptp/ptp_ocp.c | 1 +
drivers/pwm/pwm-fsl-ftm.c | 6 +
drivers/pwm/pwm-mediatek.c | 8 +-
drivers/pwm/pwm-rcar.c | 24 +--
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 9 +-
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 14 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 9 +-
drivers/scsi/megaraid/megaraid_sas_fusion.c | 5 +-
drivers/scsi/scsi_transport_iscsi.c | 7 +-
drivers/scsi/st.c | 2 +-
drivers/soc/samsung/exynos-chipid.c | 2 +
drivers/spi/spi-cadence-quadspi.c | 6 +
drivers/target/target_core_spc.c | 2 +-
drivers/thermal/rockchip_thermal.c | 1 +
drivers/ufs/host/ufs-exynos.c | 6 +
drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +
drivers/vdpa/mlx5/core/mr.c | 7 +-
drivers/video/backlight/led_bl.c | 5 +-
drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +-
drivers/xen/balloon.c | 34 +++-
drivers/xen/xenfs/xensyms.c | 4 +-
fs/Kconfig | 1 +
fs/btrfs/disk-io.c | 12 ++
fs/btrfs/inode.c | 6 +-
fs/btrfs/super.c | 3 +-
fs/btrfs/zoned.c | 6 +
fs/ext4/inode.c | 68 +++++--
fs/ext4/namei.c | 2 +-
fs/ext4/super.c | 17 ++
fs/ext4/xattr.c | 11 +-
fs/f2fs/checkpoint.c | 21 +-
fs/f2fs/f2fs.h | 32 +++-
fs/f2fs/inode.c | 8 +-
fs/f2fs/node.c | 110 +++--------
fs/f2fs/super.c | 4 +
fs/file.c | 26 ++-
fs/fuse/virtio_fs.c | 3 +
fs/hfs/bnode.c | 6 +
fs/hfsplus/bnode.c | 6 +
fs/isofs/export.c | 2 +-
fs/jbd2/journal.c | 1 -
fs/jfs/jfs_dmap.c | 10 +-
fs/jfs/jfs_imap.c | 4 +-
fs/namespace.c | 3 +-
fs/nfs/Kconfig | 2 +-
fs/nfs/internal.h | 7 -
fs/nfs/nfs4session.h | 4 -
fs/nfsd/Kconfig | 1 +
fs/nfsd/nfs4state.c | 2 +-
fs/nfsd/nfsfh.h | 7 -
fs/overlayfs/overlayfs.h | 2 -
fs/overlayfs/super.c | 5 +
fs/smb/client/cifsproto.h | 2 +
fs/smb/client/connect.c | 36 ++--
fs/smb/client/file.c | 28 +++
fs/smb/client/fs_context.c | 5 +
fs/smb/client/inode.c | 10 +
fs/smb/client/reparse.c | 4 -
fs/smb/client/smb2misc.c | 9 +-
fs/smb/server/oplock.c | 29 +--
fs/smb/server/oplock.h | 1 -
fs/smb/server/smb2pdu.c | 4 +-
fs/smb/server/transport_ipc.c | 7 +-
fs/smb/server/vfs.c | 3 +-
fs/udf/inode.c | 1 +
fs/userfaultfd.c | 51 +++--
include/drm/drm_kunit_helpers.h | 28 +++
include/linux/backing-dev.h | 1 +
include/linux/hid.h | 9 +
include/linux/nfs.h | 7 -
include/linux/pgtable.h | 14 +-
include/linux/rtnetlink.h | 22 +++
include/linux/tpm.h | 1 +
include/net/sctp/structs.h | 3 +-
include/net/xdp.h | 9 +-
include/uapi/linux/kfd_ioctl.h | 2 +
include/uapi/linux/landlock.h | 2 +
include/xen/interface/xen-mca.h | 2 +-
io_uring/kbuf.c | 2 +
io_uring/net.c | 2 +
kernel/locking/lockdep.c | 3 +
kernel/sched/cpufreq_schedutil.c | 18 +-
kernel/trace/ftrace.c | 8 +-
kernel/trace/trace_events.c | 4 +-
kernel/trace/trace_events_filter.c | 4 +-
kernel/trace/trace_events_synth.c | 1 -
kernel/trace/trace_probe.c | 28 +++
lib/sg_split.c | 2 -
lib/string.c | 13 +-
lib/zstd/common/portability_macros.h | 2 +-
mm/filemap.c | 1 +
mm/gup.c | 4 +-
mm/hugetlb.c | 2 +-
mm/memory-failure.c | 11 +-
mm/memory.c | 4 +-
mm/mremap.c | 10 +-
mm/page_vma_mapped.c | 13 +-
mm/rmap.c | 2 +-
mm/vmscan.c | 2 +-
net/8021q/vlan_dev.c | 31 +--
net/bluetooth/hci_event.c | 5 +-
net/bluetooth/l2cap_core.c | 21 +-
net/bridge/br_vlan.c | 4 +-
net/core/filter.c | 80 ++++----
net/core/page_pool.c | 8 +-
net/dsa/dsa.c | 59 +++++-
net/dsa/tag_8021q.c | 2 +-
net/ethtool/netlink.c | 8 +-
net/ipv6/route.c | 8 +-
net/mac80211/iface.c | 3 +
net/mac80211/mesh_hwmp.c | 14 +-
net/mctp/af_mctp.c | 3 +
net/mptcp/sockopt.c | 28 +++
net/mptcp/subflow.c | 19 +-
net/netfilter/nft_set_pipapo_avx2.c | 3 +-
net/openvswitch/flow_netlink.c | 3 +-
net/sched/cls_api.c | 74 +++++--
net/sched/sch_codel.c | 5 +-
net/sched/sch_fq_codel.c | 6 +-
net/sched/sch_sfq.c | 66 +++++--
net/sctp/socket.c | 22 ++-
net/sctp/transport.c | 2 +
net/tipc/link.c | 1 +
net/tls/tls_main.c | 6 +
scripts/sign-file.c | 132 ++++++-------
scripts/ssl-common.h | 32 ++++
security/landlock/errata.h | 87 +++++++++
security/landlock/setup.c | 30 +++
security/landlock/setup.h | 3 +
security/landlock/syscalls.c | 22 ++-
sound/pci/hda/hda_intel.c | 44 ++++-
sound/soc/amd/yc/acp6x-mach.c | 14 ++
sound/soc/codecs/cs42l43-jack.c | 3 +
sound/soc/codecs/lpass-wsa-macro.c | 139 +++++++++-----
sound/soc/dwc/dwc-i2s.c | 13 +-
sound/soc/fsl/fsl_audmix.c | 16 +-
sound/soc/intel/avs/pcm.c | 3 +-
sound/soc/qcom/lpass.h | 3 +-
sound/soc/qcom/qdsp6/q6apm-dai.c | 9 +-
sound/soc/qcom/qdsp6/q6apm.c | 18 +-
sound/soc/qcom/qdsp6/q6apm.h | 3 +
sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +-
sound/soc/sof/topology.c | 4 +-
sound/usb/midi.c | 80 +++++++-
tools/net/ynl/ynl-gen-c.py | 165 ++++++++++++----
tools/objtool/check.c | 5 +
tools/power/cpupower/bench/parse.c | 4 +
tools/testing/ktest/ktest.pl | 8 +
tools/testing/kunit/qemu_configs/sh.py | 4 +-
tools/testing/radix-tree/linux.c | 4 +-
.../futex/functional/futex_wait_wouldblock.c | 2 +-
tools/testing/selftests/landlock/base_test.c | 46 ++++-
.../selftests/mm/charge_reserved_hugetlb.sh | 4 +-
.../selftests/mm/hugetlb_reparenting_test.sh | 2 +-
tools/testing/selftests/net/mptcp/diag.sh | 23 +--
tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 +-
tools/testing/selftests/net/mptcp/mptcp_connect.sh | 19 +-
tools/testing/selftests/net/mptcp/mptcp_join.sh | 20 +-
tools/testing/selftests/net/mptcp/mptcp_lib.sh | 18 ++
tools/testing/selftests/net/mptcp/simult_flows.sh | 19 +-
376 files changed, 4360 insertions(+), 1914 deletions(-)
5 months
- 9
- 400
Re: [PATCH v3 1/1] iommu: Allow attaching static domains in iommu_attach_device_pasid()
by Dave Jiang
On 4/24/25 5:55 PM, Jack Vogel wrote:
>
>
>> On Apr 24, 2025, at 16:15, Dave Jiang <dave.jiang(a)intel.com> wrote:
>>
>>
>>
>> On 4/24/25 3:59 PM, Jack Vogel wrote:
>>>
>>>
>>>> On Apr 24, 2025, at 15:40, Dave Jiang <dave.jiang(a)intel.com> wrote:
>>>>
>>>>
>>>>
>>>> On 4/24/25 3:34 PM, Jack Vogel wrote:
>>>>> I am having test issues with this patch, test system is running OL9, basically RHEL 9.5, the kernel boots ok, and the dmesg is clean… but the tests in accel-config dont pass. Specifically the crypto tests, this is due to vfio_pci_core not loading. Right now I’m not sure if any of this is my mistake, but at least it’s something I need to keep looking at.
>>>>>
>>>>> Also, since I saw that issue on the latest I did a backport to our UEK8 kernel which is 6.12.23, and on that kernel it still exhibited these messages on boot:
>>>>>
>>>>> *idxd*0000:6a:01.0: enabling device (0144 -> 0146)
>>>>>
>>>>> [ 21.112733] *idxd*0000:6a:01.0: failed to attach device pasid 1, domain type 4
>>>>>
>>>>> [ 21.120770] *idxd*0000:6a:01.0: No in-kernel DMA with PASID. -95
>>>>>
>>>>>
>>>>> Again, maybe an issue in my backporting… however I’d like to be sure.
>>>>
>>>> Can you verify against latest upstream kernel plus the patch and see if you still see the error?
>>>>
>>>> DJ
>>>
>>> Yes, the kernel was build from the tip this morning. Like I said, it got no messages booting up, all looked fine. But when running the actual test suite in the accel-config tarball specifically the iaa crypt tests, they failed and the dmesg was from vfio_pci_core failed to load with an unknown symbol.
>>
>> I'm not sure what the test consists of (haven't worked on this device for almost 2 years). But usually the device is either bound to the idxd driver or the vfio_pci driver. Not both. And if the idxd driver didn't emit any errors while loading, then the test failure may be something else...
>>
>> Another way to verify is to set CONFIG_IOMMU_DEFAULT_DMA_LAZY vs PASSTHROUGH. If the tests still fail then it's something else.
>>
>> DJ
>
> There isn’t a lot of ways to test this driver, yes DPDK will use it, but apart from that? So, the tests that are part of your (Intel) accel-config package are the only convenient way that I’ve found to do so. It is also convenient, there is a “make check” target in the top Makefile that will invoke both set of DMA tests, and some crypto (IAA) tests. I have been planning to give this to our QA group as a verification suite. Do you have an alternative to this?
This should be the right test package. Let me talk to our QA people and see if there are any issues. We can resolve this off list. If there's any issues that end up pointing to the original bug, we can raise that then.
DJ
>
> Jack
>
>>
>>>
>>> This sounds like the module was wrong, but i would think it was installed with the v6.15 kernel…..
>>>
>>> Jack
>>>
>>>>
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Jack
>>>>>
>>>>>
>>>>>> On Apr 23, 2025, at 20:41, Lu Baolu <baolu.lu(a)linux.intel.com> wrote:
>>>>>>
>>>>>> The idxd driver attaches the default domain to a PASID of the device to
>>>>>> perform kernel DMA using that PASID. The domain is attached to the
>>>>>> device's PASID through iommu_attach_device_pasid(), which checks if the
>>>>>> domain->owner matches the iommu_ops retrieved from the device. If they
>>>>>> do not match, it returns a failure.
>>>>>>
>>>>>> if (ops != domain->owner || pasid == IOMMU_NO_PASID)
>>>>>> return -EINVAL;
>>>>>>
>>>>>> The static identity domain implemented by the intel iommu driver doesn't
>>>>>> specify the domain owner. Therefore, kernel DMA with PASID doesn't work
>>>>>> for the idxd driver if the device translation mode is set to passthrough.
>>>>>>
>>>>>> Generally the owner field of static domains are not set because they are
>>>>>> already part of iommu ops. Add a helper domain_iommu_ops_compatible()
>>>>>> that checks if a domain is compatible with the device's iommu ops. This
>>>>>> helper explicitly allows the static blocked and identity domains associated
>>>>>> with the device's iommu_ops to be considered compatible.
>>>>>>
>>>>>> Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain")
>>>>>> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031
>>>>>> Cc: stable(a)vger.kernel.org
>>>>>> Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com>
>>>>>> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/
>>>>>> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com>
>>>>>> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com>
>>>>>> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com>
>>>>>> ---
>>>>>> drivers/iommu/iommu.c | 21 ++++++++++++++++++---
>>>>>> 1 file changed, 18 insertions(+), 3 deletions(-)
>>>>>>
>>>>>> Change log:
>>>>>> v3:
>>>>>> - Convert all places checking domain->owner to the new helper.
>>>>>> v2: https://lore.kernel.org/linux-iommu/20250423021839.2189204-1-baolu.lu@linux…
>>>>>> - Make the solution generic for all static domains as suggested by
>>>>>> Jason.
>>>>>> v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux…
>>>>>>
>>>>>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
>>>>>> index 4f91a740c15f..b26fc3ed9f01 100644
>>>>>> --- a/drivers/iommu/iommu.c
>>>>>> +++ b/drivers/iommu/iommu.c
>>>>>> @@ -2204,6 +2204,19 @@ static void *iommu_make_pasid_array_entry(struct iommu_domain *domain,
>>>>>> return xa_tag_pointer(domain, IOMMU_PASID_ARRAY_DOMAIN);
>>>>>> }
>>>>>>
>>>>>> +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops,
>>>>>> +struct iommu_domain *domain)
>>>>>> +{
>>>>>> +if (domain->owner == ops)
>>>>>> +return true;
>>>>>> +
>>>>>> +/* For static domains, owner isn't set. */
>>>>>> +if (domain == ops->blocked_domain || domain == ops->identity_domain)
>>>>>> +return true;
>>>>>> +
>>>>>> +return false;
>>>>>> +}
>>>>>> +
>>>>>> static int __iommu_attach_group(struct iommu_domain *domain,
>>>>>> struct iommu_group *group)
>>>>>> {
>>>>>> @@ -2214,7 +2227,8 @@ static int __iommu_attach_group(struct iommu_domain *domain,
>>>>>> return -EBUSY;
>>>>>>
>>>>>> dev = iommu_group_first_dev(group);
>>>>>> -if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner)
>>>>>> +if (!dev_has_iommu(dev) ||
>>>>>> + !domain_iommu_ops_compatible(dev_iommu_ops(dev), domain))
>>>>>> return -EINVAL;
>>>>>>
>>>>>> return __iommu_group_set_domain(group, domain);
>>>>>> @@ -3435,7 +3449,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
>>>>>> !ops->blocked_domain->ops->set_dev_pasid)
>>>>>> return -EOPNOTSUPP;
>>>>>>
>>>>>> -if (ops != domain->owner || pasid == IOMMU_NO_PASID)
>>>>>> +if (!domain_iommu_ops_compatible(ops, domain) ||
>>>>>> + pasid == IOMMU_NO_PASID)
>>>>>> return -EINVAL;
>>>>>>
>>>>>> mutex_lock(&group->mutex);
>>>>>> @@ -3511,7 +3526,7 @@ int iommu_replace_device_pasid(struct iommu_domain *domain,
>>>>>> if (!domain->ops->set_dev_pasid)
>>>>>> return -EOPNOTSUPP;
>>>>>>
>>>>>> -if (dev_iommu_ops(dev) != domain->owner ||
>>>>>> +if (!domain_iommu_ops_compatible(dev_iommu_ops(dev), domain) ||
>>>>>> pasid == IOMMU_NO_PASID || !handle)
>>>>>> return -EINVAL;
>>>>>>
>>>>>> --
>>>>>> 2.43.0
>
5 months
- 1
- 0
+ mm-userfaultfd-fix-uninitialized-output-field-for-eagain-race.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm/userfaultfd: fix uninitialized output field for -EAGAIN race
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-userfaultfd-fix-uninitialized-output-field-for-eagain-race.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Peter Xu <peterx(a)redhat.com>
Subject: mm/userfaultfd: fix uninitialized output field for -EAGAIN race
Date: Thu, 24 Apr 2025 17:57:28 -0400
While discussing some userfaultfd relevant issues recently, Andrea noticed
a potential ABI breakage with -EAGAIN on almost all userfaultfd ioctl()s.
Quote from Andrea, explaining how -EAGAIN was processed, and how this
should fix it (taking example of UFFDIO_COPY ioctl):
The "mmap_changing" and "stale pmd" conditions are already reported as
-EAGAIN written in the copy field, this does not change it. This change
removes the subnormal case that left copy.copy uninitialized and required
apps to explicitly set the copy field to get deterministic
behavior (which is a requirement contrary to the documentation in both
the manpage and source code). In turn there's no alteration to backwards
compatibility as result of this change because userland will find the
copy field consistently set to -EAGAIN, and not anymore sometime -EAGAIN
and sometime uninitialized.
Even then the change only can make a difference to non cooperative users
of userfaultfd, so when UFFD_FEATURE_EVENT_* is enabled, which is not
true for the vast majority of apps using userfaultfd or this unintended
uninitialized field may have been noticed sooner.
Meanwhile, since this bug existed for years, it also almost affects all
ioctl()s that was introduced later. Besides UFFDIO_ZEROPAGE, these also
get affected in the same way:
- UFFDIO_CONTINUE
- UFFDIO_POISON
- UFFDIO_MOVE
This patch should have fixed all of them.
Link: https://lkml.kernel.org/r/20250424215729.194656-2-peterx@redhat.com
Fixes: df2cc96e7701 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races")
Fixes: f619147104c8 ("userfaultfd: add UFFDIO_CONTINUE ioctl")
Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl")
Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI")
Signed-off-by: Peter Xu <peterx(a)redhat.com>
Reported-by: Andrea Arcangeli <aarcange(a)redhat.com>
Suggested-by: Andrea Arcangeli <aarcange(a)redhat.com>
Cc: Mike Rapoport <rppt(a)kernel.org>
Cc: Axel Rasmussen <axelrasmussen(a)google.com>
Cc: Suren Baghdasaryan <surenb(a)google.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
fs/userfaultfd.c | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
--- a/fs/userfaultfd.c~mm-userfaultfd-fix-uninitialized-output-field-for-eagain-race
+++ a/fs/userfaultfd.c
@@ -1585,8 +1585,11 @@ static int userfaultfd_copy(struct userf
user_uffdio_copy = (struct uffdio_copy __user *) arg;
ret = -EAGAIN;
- if (atomic_read(&ctx->mmap_changing))
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_copy->copy)))
+ return -EFAULT;
goto out;
+ }
ret = -EFAULT;
if (copy_from_user(&uffdio_copy, user_uffdio_copy,
@@ -1641,8 +1644,11 @@ static int userfaultfd_zeropage(struct u
user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg;
ret = -EAGAIN;
- if (atomic_read(&ctx->mmap_changing))
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage)))
+ return -EFAULT;
goto out;
+ }
ret = -EFAULT;
if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage,
@@ -1744,8 +1750,11 @@ static int userfaultfd_continue(struct u
user_uffdio_continue = (struct uffdio_continue __user *)arg;
ret = -EAGAIN;
- if (atomic_read(&ctx->mmap_changing))
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_continue->mapped)))
+ return -EFAULT;
goto out;
+ }
ret = -EFAULT;
if (copy_from_user(&uffdio_continue, user_uffdio_continue,
@@ -1801,8 +1810,11 @@ static inline int userfaultfd_poison(str
user_uffdio_poison = (struct uffdio_poison __user *)arg;
ret = -EAGAIN;
- if (atomic_read(&ctx->mmap_changing))
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_poison->updated)))
+ return -EFAULT;
goto out;
+ }
ret = -EFAULT;
if (copy_from_user(&uffdio_poison, user_uffdio_poison,
@@ -1870,8 +1882,12 @@ static int userfaultfd_move(struct userf
user_uffdio_move = (struct uffdio_move __user *) arg;
- if (atomic_read(&ctx->mmap_changing))
- return -EAGAIN;
+ ret = -EAGAIN;
+ if (unlikely(atomic_read(&ctx->mmap_changing))) {
+ if (unlikely(put_user(ret, &user_uffdio_move->move)))
+ return -EFAULT;
+ goto out;
+ }
if (copy_from_user(&uffdio_move, user_uffdio_move,
/* don't copy "move" last field */
_
Patches currently in -mm which might be from peterx(a)redhat.com are
mm-userfaultfd-fix-uninitialized-output-field-for-eagain-race.patch
mm-selftests-add-a-test-to-verify-mmap_changing-race-with-eagain.patch
5 months
- 1
- 0
[PATCH stable] xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
by Sebastian Andrzej Siewior
Ricardo reported a KASAN discovered use after free in v6.6-stable.
The syzbot starts a BPF program via xdp_test_run_batch() which assigns
ri->tgt_value via dev_hash_map_redirect() and the return code isn't
XDP_REDIRECT it looks like nonsense. So the output in
bpf_warn_invalid_xdp_action() appears once.
Then the TUN driver runs another BPF program (on the same CPU) which
returns XDP_REDIRECT without setting ri->tgt_value first. It invokes
bpf_trace_printk() to print four characters and obtain the required
return value. This is enough to get xdp_do_redirect() invoked which
then accesses the pointer in tgt_value which might have been already
deallocated.
This problem does not affect upstream because since commit
401cb7dae8130 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.")
the per-CPU variable is referenced via task's task_struct and exists on
the stack during NAPI callback. Therefore it is cleared once before the
first invocation and remains valid within the RCU section of the NAPI
callback.
Instead of performing the huge backport of the commit (plus its fix ups)
here is an alternative version which only resets the variable in
question prior invoking the BPF program.
Acked-by: Toke Høiland-Jørgensen <toke(a)kernel.org>
Reported-by: Ricardo Cañuelo Navarro <rcn(a)igalia.com>
Closes: https://lore.kernel.org/all/20250226-20250204-kasan-slab-use-after-free-rea…
Fixes: 97f91a7cf04ff ("bpf: add bpf_redirect_map helper routine")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
---
I discussed this with Toke, thread starts at
https://lore.kernel.org/all/20250313183911.SPAmGLyw@linutronix.de/
The commit, which this by accident, is part of v6.11-rc1.
I added the commit introducing map redirects as the origin of the
problem which is v4.14-rc1. The code is a bit different there but it
seems to work similar.
Affected kernels would be from v4.14 to v6.10.
include/net/xdp.h | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/include/net/xdp.h b/include/net/xdp.h
index de08c8e0d1348..b39ac83618a55 100644
--- a/include/net/xdp.h
+++ b/include/net/xdp.h
@@ -486,7 +486,14 @@ static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog,
* under local_bh_disable(), which provides the needed RCU protection
* for accessing map entries.
*/
- u32 act = __bpf_prog_run(prog, xdp, BPF_DISPATCHER_FUNC(xdp));
+ struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
+ u32 act;
+
+ if (ri->map_id || ri->map_type) {
+ ri->map_id = 0;
+ ri->map_type = BPF_MAP_TYPE_UNSPEC;
+ }
+ act = __bpf_prog_run(prog, xdp, BPF_DISPATCHER_FUNC(xdp));
if (static_branch_unlikely(&bpf_master_redirect_enabled_key)) {
if (act == XDP_TX && netif_is_bond_slave(xdp->rxq->dev))
--
2.49.0
5 months
- 3
- 7
[PATCH 5.15] Bluetooth: SCO: Fix UAF on sco_sock_timeout
by Xiangyu Chen
From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
[ Upstream commit 1bf4470a3939c678fb822073e9ea77a0560bc6bb ]
conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock
so this checks if the conn->sk is still valid by checking if it part of
sco_sk_list.
Reported-by: syzbot+4c0d0c4cde787116d465(a)syzkaller.appspotmail.com
Tested-by: syzbot+4c0d0c4cde787116d465(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=4c0d0c4cde787116d465
Fixes: ba316be1b6a0 ("Bluetooth: schedule SCO timeouts with delayed_work")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified on the build test
---
include/net/bluetooth/bluetooth.h | 1 +
net/bluetooth/af_bluetooth.c | 22 ++++++++++++++++++++++
net/bluetooth/sco.c | 18 ++++++++++++------
3 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index 7d2bd562da4b..b08b559f5242 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -314,6 +314,7 @@ int bt_sock_register(int proto, const struct net_proto_family *ops);
void bt_sock_unregister(int proto);
void bt_sock_link(struct bt_sock_list *l, struct sock *s);
void bt_sock_unlink(struct bt_sock_list *l, struct sock *s);
+bool bt_sock_linked(struct bt_sock_list *l, struct sock *s);
int bt_sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
int flags);
int bt_sock_stream_recvmsg(struct socket *sock, struct msghdr *msg,
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 9c9c855b9736..aebef5cf12d4 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -154,6 +154,28 @@ void bt_sock_unlink(struct bt_sock_list *l, struct sock *sk)
}
EXPORT_SYMBOL(bt_sock_unlink);
+bool bt_sock_linked(struct bt_sock_list *l, struct sock *s)
+{
+ struct sock *sk;
+
+ if (!l || !s)
+ return false;
+
+ read_lock(&l->lock);
+
+ sk_for_each(sk, &l->head) {
+ if (s == sk) {
+ read_unlock(&l->lock);
+ return true;
+ }
+ }
+
+ read_unlock(&l->lock);
+
+ return false;
+}
+EXPORT_SYMBOL(bt_sock_linked);
+
void bt_accept_enqueue(struct sock *parent, struct sock *sk, bool bh)
{
BT_DBG("parent %p, sk %p", parent, sk);
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index f5192116922d..83412efe2895 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -76,6 +76,16 @@ struct sco_pinfo {
#define SCO_CONN_TIMEOUT (HZ * 40)
#define SCO_DISCONN_TIMEOUT (HZ * 2)
+static struct sock *sco_sock_hold(struct sco_conn *conn)
+{
+ if (!conn || !bt_sock_linked(&sco_sk_list, conn->sk))
+ return NULL;
+
+ sock_hold(conn->sk);
+
+ return conn->sk;
+}
+
static void sco_sock_timeout(struct work_struct *work)
{
struct sco_conn *conn = container_of(work, struct sco_conn,
@@ -87,9 +97,7 @@ static void sco_sock_timeout(struct work_struct *work)
sco_conn_unlock(conn);
return;
}
- sk = conn->sk;
- if (sk)
- sock_hold(sk);
+ sk = sco_sock_hold(conn);
sco_conn_unlock(conn);
if (!sk)
@@ -191,9 +199,7 @@ static void sco_conn_del(struct hci_conn *hcon, int err)
/* Kill socket */
sco_conn_lock(conn);
- sk = conn->sk;
- if (sk)
- sock_hold(sk);
+ sk = sco_sock_hold(conn);
sco_conn_unlock(conn);
if (sk) {
--
2.43.0
5 months
- 2
- 1
[PATCH 5.15.y] drm/amd/display: fix double free issue during amdgpu module unload
by Xiangyu Chen
From: Tim Huang <tim.huang(a)amd.com>
[ Upstream commit 20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d ]
Flexible endpoints use DIGs from available inflexible endpoints,
so only the encoders of inflexible links need to be freed.
Otherwise, a double free issue may occur when unloading the
amdgpu module.
[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0
[ 279.190577] Call Trace:
[ 279.190580] <TASK>
[ 279.190582] ? show_regs+0x69/0x80
[ 279.190590] ? die+0x3b/0x90
[ 279.190595] ? do_trap+0xc8/0xe0
[ 279.190601] ? do_error_trap+0x73/0xa0
[ 279.190605] ? __slab_free+0x152/0x2f0
[ 279.190609] ? exc_invalid_op+0x56/0x70
[ 279.190616] ? __slab_free+0x152/0x2f0
[ 279.190642] ? asm_exc_invalid_op+0x1f/0x30
[ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]
[ 279.191096] ? __slab_free+0x152/0x2f0
[ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]
[ 279.191469] kfree+0x260/0x2b0
[ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]
[ 279.191821] link_destroy+0xd7/0x130 [amdgpu]
[ 279.192248] dc_destruct+0x90/0x270 [amdgpu]
[ 279.192666] dc_destroy+0x19/0x40 [amdgpu]
[ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]
[ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]
[ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]
[ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]
[ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]
[ 279.194632] pci_device_remove+0x3a/0xa0
[ 279.194638] device_remove+0x40/0x70
[ 279.194642] device_release_driver_internal+0x1ad/0x210
[ 279.194647] driver_detach+0x4e/0xa0
[ 279.194650] bus_remove_driver+0x6f/0xf0
[ 279.194653] driver_unregister+0x33/0x60
[ 279.194657] pci_unregister_driver+0x44/0x90
[ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]
[ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0
[ 279.194946] __x64_sys_delete_module+0x16/0x20
[ 279.194950] do_syscall_64+0x58/0x120
[ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ 279.194980] </TASK>
Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com>
Signed-off-by: Tim Huang <tim.huang(a)amd.com>
Reviewed-by: Roman Li <roman.li(a)amd.com>
Signed-off-by: Roman Li <roman.li(a)amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
[ dc_link_destruct() moved from core/dc_link.c to link/link_factory.c since
commit: 54618888d1ea ("drm/amd/display: break down dc_link.c"), so modified
the path to apply on 5.15.y ]
Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified on the build test
---
drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
index b727bd7e039d..6696372b82f4 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
@@ -79,7 +79,7 @@ static void dc_link_destruct(struct dc_link *link)
if (link->panel_cntl)
link->panel_cntl->funcs->destroy(&link->panel_cntl);
- if (link->link_enc) {
+ if (link->link_enc && !link->is_dig_mapping_flexible) {
/* Update link encoder resource tracking variables. These are used for
* the dynamic assignment of link encoders to streams. Virtual links
* are not assigned encoder resources on creation.
--
2.34.1
5 months
- 2
- 1
Re: [PATCH v3 1/1] iommu: Allow attaching static domains in iommu_attach_device_pasid()
by Dave Jiang
On 4/24/25 3:59 PM, Jack Vogel wrote:
>
>
>> On Apr 24, 2025, at 15:40, Dave Jiang <dave.jiang(a)intel.com> wrote:
>>
>>
>>
>> On 4/24/25 3:34 PM, Jack Vogel wrote:
>>> I am having test issues with this patch, test system is running OL9, basically RHEL 9.5, the kernel boots ok, and the dmesg is clean… but the tests in accel-config dont pass. Specifically the crypto tests, this is due to vfio_pci_core not loading. Right now I’m not sure if any of this is my mistake, but at least it’s something I need to keep looking at.
>>>
>>> Also, since I saw that issue on the latest I did a backport to our UEK8 kernel which is 6.12.23, and on that kernel it still exhibited these messages on boot:
>>>
>>> *idxd*0000:6a:01.0: enabling device (0144 -> 0146)
>>>
>>> [ 21.112733] *idxd*0000:6a:01.0: failed to attach device pasid 1, domain type 4
>>>
>>> [ 21.120770] *idxd*0000:6a:01.0: No in-kernel DMA with PASID. -95
>>>
>>>
>>> Again, maybe an issue in my backporting… however I’d like to be sure.
>>
>> Can you verify against latest upstream kernel plus the patch and see if you still see the error?
>>
>> DJ
>
> Yes, the kernel was build from the tip this morning. Like I said, it got no messages booting up, all looked fine. But when running the actual test suite in the accel-config tarball specifically the iaa crypt tests, they failed and the dmesg was from vfio_pci_core failed to load with an unknown symbol.
I'm not sure what the test consists of (haven't worked on this device for almost 2 years). But usually the device is either bound to the idxd driver or the vfio_pci driver. Not both. And if the idxd driver didn't emit any errors while loading, then the test failure may be something else...
Another way to verify is to set CONFIG_IOMMU_DEFAULT_DMA_LAZY vs PASSTHROUGH. If the tests still fail then it's something else.
DJ
>
> This sounds like the module was wrong, but i would think it was installed with the v6.15 kernel…..
>
> Jack
>
>>
>>>
>>> Cheers,
>>>
>>> Jack
>>>
>>>
>>>> On Apr 23, 2025, at 20:41, Lu Baolu <baolu.lu(a)linux.intel.com> wrote:
>>>>
>>>> The idxd driver attaches the default domain to a PASID of the device to
>>>> perform kernel DMA using that PASID. The domain is attached to the
>>>> device's PASID through iommu_attach_device_pasid(), which checks if the
>>>> domain->owner matches the iommu_ops retrieved from the device. If they
>>>> do not match, it returns a failure.
>>>>
>>>> if (ops != domain->owner || pasid == IOMMU_NO_PASID)
>>>> return -EINVAL;
>>>>
>>>> The static identity domain implemented by the intel iommu driver doesn't
>>>> specify the domain owner. Therefore, kernel DMA with PASID doesn't work
>>>> for the idxd driver if the device translation mode is set to passthrough.
>>>>
>>>> Generally the owner field of static domains are not set because they are
>>>> already part of iommu ops. Add a helper domain_iommu_ops_compatible()
>>>> that checks if a domain is compatible with the device's iommu ops. This
>>>> helper explicitly allows the static blocked and identity domains associated
>>>> with the device's iommu_ops to be considered compatible.
>>>>
>>>> Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain")
>>>> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031
>>>> Cc: stable(a)vger.kernel.org
>>>> Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com>
>>>> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/
>>>> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com>
>>>> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com>
>>>> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com>
>>>> ---
>>>> drivers/iommu/iommu.c | 21 ++++++++++++++++++---
>>>> 1 file changed, 18 insertions(+), 3 deletions(-)
>>>>
>>>> Change log:
>>>> v3:
>>>> - Convert all places checking domain->owner to the new helper.
>>>> v2: https://lore.kernel.org/linux-iommu/20250423021839.2189204-1-baolu.lu@linux…
>>>> - Make the solution generic for all static domains as suggested by
>>>> Jason.
>>>> v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux…
>>>>
>>>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
>>>> index 4f91a740c15f..b26fc3ed9f01 100644
>>>> --- a/drivers/iommu/iommu.c
>>>> +++ b/drivers/iommu/iommu.c
>>>> @@ -2204,6 +2204,19 @@ static void *iommu_make_pasid_array_entry(struct iommu_domain *domain,
>>>> return xa_tag_pointer(domain, IOMMU_PASID_ARRAY_DOMAIN);
>>>> }
>>>>
>>>> +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops,
>>>> +struct iommu_domain *domain)
>>>> +{
>>>> +if (domain->owner == ops)
>>>> +return true;
>>>> +
>>>> +/* For static domains, owner isn't set. */
>>>> +if (domain == ops->blocked_domain || domain == ops->identity_domain)
>>>> +return true;
>>>> +
>>>> +return false;
>>>> +}
>>>> +
>>>> static int __iommu_attach_group(struct iommu_domain *domain,
>>>> struct iommu_group *group)
>>>> {
>>>> @@ -2214,7 +2227,8 @@ static int __iommu_attach_group(struct iommu_domain *domain,
>>>> return -EBUSY;
>>>>
>>>> dev = iommu_group_first_dev(group);
>>>> -if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner)
>>>> +if (!dev_has_iommu(dev) ||
>>>> + !domain_iommu_ops_compatible(dev_iommu_ops(dev), domain))
>>>> return -EINVAL;
>>>>
>>>> return __iommu_group_set_domain(group, domain);
>>>> @@ -3435,7 +3449,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
>>>> !ops->blocked_domain->ops->set_dev_pasid)
>>>> return -EOPNOTSUPP;
>>>>
>>>> -if (ops != domain->owner || pasid == IOMMU_NO_PASID)
>>>> +if (!domain_iommu_ops_compatible(ops, domain) ||
>>>> + pasid == IOMMU_NO_PASID)
>>>> return -EINVAL;
>>>>
>>>> mutex_lock(&group->mutex);
>>>> @@ -3511,7 +3526,7 @@ int iommu_replace_device_pasid(struct iommu_domain *domain,
>>>> if (!domain->ops->set_dev_pasid)
>>>> return -EOPNOTSUPP;
>>>>
>>>> -if (dev_iommu_ops(dev) != domain->owner ||
>>>> +if (!domain_iommu_ops_compatible(dev_iommu_ops(dev), domain) ||
>>>> pasid == IOMMU_NO_PASID || !handle)
>>>> return -EINVAL;
>>>>
>>>> --
>>>> 2.43.0
>
5 months
- 1
- 0
Re: [PATCH v3 1/1] iommu: Allow attaching static domains in iommu_attach_device_pasid()
by Dave Jiang
On 4/24/25 3:34 PM, Jack Vogel wrote:
> I am having test issues with this patch, test system is running OL9, basically RHEL 9.5, the kernel boots ok, and the dmesg is clean… but the tests in accel-config dont pass. Specifically the crypto tests, this is due to vfio_pci_core not loading. Right now I’m not sure if any of this is my mistake, but at least it’s something I need to keep looking at.
>
> Also, since I saw that issue on the latest I did a backport to our UEK8 kernel which is 6.12.23, and on that kernel it still exhibited these messages on boot:
>
> *idxd*0000:6a:01.0: enabling device (0144 -> 0146)
>
> [ 21.112733] *idxd*0000:6a:01.0: failed to attach device pasid 1, domain type 4
>
> [ 21.120770] *idxd*0000:6a:01.0: No in-kernel DMA with PASID. -95
>
>
> Again, maybe an issue in my backporting… however I’d like to be sure.
Can you verify against latest upstream kernel plus the patch and see if you still see the error?
DJ
>
> Cheers,
>
> Jack
>
>
>> On Apr 23, 2025, at 20:41, Lu Baolu <baolu.lu(a)linux.intel.com> wrote:
>>
>> The idxd driver attaches the default domain to a PASID of the device to
>> perform kernel DMA using that PASID. The domain is attached to the
>> device's PASID through iommu_attach_device_pasid(), which checks if the
>> domain->owner matches the iommu_ops retrieved from the device. If they
>> do not match, it returns a failure.
>>
>> if (ops != domain->owner || pasid == IOMMU_NO_PASID)
>> return -EINVAL;
>>
>> The static identity domain implemented by the intel iommu driver doesn't
>> specify the domain owner. Therefore, kernel DMA with PASID doesn't work
>> for the idxd driver if the device translation mode is set to passthrough.
>>
>> Generally the owner field of static domains are not set because they are
>> already part of iommu ops. Add a helper domain_iommu_ops_compatible()
>> that checks if a domain is compatible with the device's iommu ops. This
>> helper explicitly allows the static blocked and identity domains associated
>> with the device's iommu_ops to be considered compatible.
>>
>> Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain")
>> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031
>> Cc: stable(a)vger.kernel.org
>> Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com>
>> Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/
>> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com>
>> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com>
>> Reviewed-by: Robin Murphy <robin.murphy(a)arm.com>
>> ---
>> drivers/iommu/iommu.c | 21 ++++++++++++++++++---
>> 1 file changed, 18 insertions(+), 3 deletions(-)
>>
>> Change log:
>> v3:
>> - Convert all places checking domain->owner to the new helper.
>> v2: https://lore.kernel.org/linux-iommu/20250423021839.2189204-1-baolu.lu@linux…
>> - Make the solution generic for all static domains as suggested by
>> Jason.
>> v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux…
>>
>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
>> index 4f91a740c15f..b26fc3ed9f01 100644
>> --- a/drivers/iommu/iommu.c
>> +++ b/drivers/iommu/iommu.c
>> @@ -2204,6 +2204,19 @@ static void *iommu_make_pasid_array_entry(struct iommu_domain *domain,
>> return xa_tag_pointer(domain, IOMMU_PASID_ARRAY_DOMAIN);
>> }
>>
>> +static bool domain_iommu_ops_compatible(const struct iommu_ops *ops,
>> +struct iommu_domain *domain)
>> +{
>> +if (domain->owner == ops)
>> +return true;
>> +
>> +/* For static domains, owner isn't set. */
>> +if (domain == ops->blocked_domain || domain == ops->identity_domain)
>> +return true;
>> +
>> +return false;
>> +}
>> +
>> static int __iommu_attach_group(struct iommu_domain *domain,
>> struct iommu_group *group)
>> {
>> @@ -2214,7 +2227,8 @@ static int __iommu_attach_group(struct iommu_domain *domain,
>> return -EBUSY;
>>
>> dev = iommu_group_first_dev(group);
>> -if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner)
>> +if (!dev_has_iommu(dev) ||
>> + !domain_iommu_ops_compatible(dev_iommu_ops(dev), domain))
>> return -EINVAL;
>>
>> return __iommu_group_set_domain(group, domain);
>> @@ -3435,7 +3449,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
>> !ops->blocked_domain->ops->set_dev_pasid)
>> return -EOPNOTSUPP;
>>
>> -if (ops != domain->owner || pasid == IOMMU_NO_PASID)
>> +if (!domain_iommu_ops_compatible(ops, domain) ||
>> + pasid == IOMMU_NO_PASID)
>> return -EINVAL;
>>
>> mutex_lock(&group->mutex);
>> @@ -3511,7 +3526,7 @@ int iommu_replace_device_pasid(struct iommu_domain *domain,
>> if (!domain->ops->set_dev_pasid)
>> return -EOPNOTSUPP;
>>
>> -if (dev_iommu_ops(dev) != domain->owner ||
>> +if (!domain_iommu_ops_compatible(dev_iommu_ops(dev), domain) ||
>> pasid == IOMMU_NO_PASID || !handle)
>> return -EINVAL;
>>
>> --
>> 2.43.0
>>
>
5 months
- 1
- 0
[alternative-merged] smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: smaps: fix crash in smaps_hugetlb_range for non-present hugetlb entries
has been removed from the -mm tree. Its filename was
smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries.patch
This patch was dropped because an alternative patch was or shall be merged
------------------------------------------------------
From: Ming Wang <wangming01(a)loongson.cn>
Subject: smaps: fix crash in smaps_hugetlb_range for non-present hugetlb entries
Date: Wed, 23 Apr 2025 09:03:59 +0800
When reading /proc/pid/smaps for a process that has mapped a hugetlbfs
file with MAP_PRIVATE, the kernel might crash inside
pfn_swap_entry_to_page. This occurs on LoongArch under specific
conditions.
The root cause involves several steps:
1. When the hugetlbfs file is mapped (MAP_PRIVATE), the initial PMD
(or relevant level) entry is often populated by the kernel during
mmap() with a non-present entry pointing to the architecture's
invalid_pte_table On the affected LoongArch system, this address was
observed to be 0x90000000031e4000.
2. The smaps walker (walk_hugetlb_range -> smaps_hugetlb_range) reads
this entry.
3. The generic is_swap_pte() macro checks `!pte_present() &&
!pte_none()`. The entry (invalid_pte_table address) is not present.
Crucially, the generic pte_none() check (`!(pte_val(pte) &
~_PAGE_GLOBAL)`) returns false because the invalid_pte_table address is
non-zero. Therefore, is_swap_pte() incorrectly returns true.
4. The code enters the `else if (is_swap_pte(...))` block.
5. Inside this block, it checks `is_pfn_swap_entry()`. Due to a bit
pattern coincidence in the invalid_pte_table address on LoongArch, the
embedded generic `is_migration_entry()` check happens to return true
(misinterpreting parts of the address as a migration type).
6. This leads to a call to pfn_swap_entry_to_page() with the bogus
swap entry derived from the invalid table address.
7. pfn_swap_entry_to_page() extracts a meaningless PFN, finds an
unrelated struct page, checks its lock status (unlocked), and hits the
`BUG_ON(is_migration_entry(entry) && !PageLocked(p))` assertion.
The original code's intent in the `else if` block seems aimed at handling
potential migration entries, as indicated by the inner
`is_pfn_swap_entry()` check. The issue arises because the outer
`is_swap_pte()` check incorrectly includes the invalid table pointer case
on LoongArch.
This patch fixes the issue by changing the condition in
smaps_hugetlb_range() from the broad `is_swap_pte()` to the specific
`is_hugetlb_entry_migration()`.
The `is_hugetlb_entry_migration()` helper function correctly handles this
by first checking `huge_pte_none()`. Architectures like LoongArch can
provide an override for `huge_pte_none()` that specifically recognizes the
`invalid_pte_table` address as a "none" state for HugeTLB entries. This
ensures `is_hugetlb_entry_migration()` returns false for the invalid
entry, preventing the code from entering the faulty block.
This change makes the code reflect the likely original intent (handling
migration) more accurately and leverages architecture-specific helpers
(`huge_pte_none`) to correctly interpret special PTE/PMD values in the
HugeTLB context, fixing the crash on LoongArch without altering the
generic is_swap_pte() behavior.
Link: https://lkml.kernel.org/r/20250423010359.2030576-1-wangming01@loongson.cn
Fixes: 25ee01a2fca0 ("mm: hugetlb: proc: add hugetlb-related fields to /proc/PID/smaps")
Co-developed-by: Hongchen Zhang <zhanghongchen(a)loongson.cn>
Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn>
Signed-off-by: Ming Wang <wangming01(a)loongson.cn>
Cc: Andrii Nakryiko <andrii(a)kernel.org>
Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Huacai Chen <chenhuacai(a)kernel.org>
Cc: Hugh Dickins <hughd(a)google.com>
Cc: Joern Engel <joern(a)logfs.org>
Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org>
Cc: Michal Hocko <mhocko(a)suse.cz>
Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
fs/proc/task_mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/proc/task_mmu.c~smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries
+++ a/fs/proc/task_mmu.c
@@ -1027,7 +1027,7 @@ static int smaps_hugetlb_range(pte_t *pt
if (pte_present(ptent)) {
folio = page_folio(pte_page(ptent));
present = true;
- } else if (is_swap_pte(ptent)) {
+ } else if (is_hugetlb_entry_migration(ptent)) {
swp_entry_t swpent = pte_to_swp_entry(ptent);
if (is_pfn_swap_entry(swpent))
_
Patches currently in -mm which might be from wangming01(a)loongson.cn are
5 months
- 1
- 0
[PATCH] btrfs: adjust subpage bit start based on sectorsize
by Josef Bacik
When running machines with 64k page size and a 16k nodesize we started
seeing tree log corruption in production. This turned out to be because
we were not writing out dirty blocks sometimes, so this in fact affects
all metadata writes.
When writing out a subpage EB we scan the subpage bitmap for a dirty
range. If the range isn't dirty we do
bit_start++;
to move onto the next bit. The problem is the bitmap is based on the
number of sectors that an EB has. So in this case, we have a 64k
pagesize, 16k nodesize, but a 4k sectorsize. This means our bitmap is 4
bits for every node. With a 64k page size we end up with 4 nodes per
page.
To make this easier this is how everything looks
[0 16k 32k 48k ] logical address
[0 4 8 12 ] radix tree offset
[ 64k page ] folio
[ 16k eb ][ 16k eb ][ 16k eb ][ 16k eb ] extent buffers
[ | | | | | | | | | | | | | | | | ] bitmap
Now we use all of our addressing based on fs_info->sectorsize_bits, so
as you can see the above our 16k eb->start turns into radix entry 4.
When we find a dirty range for our eb, we correctly do bit_start +=
sectors_per_node, because if we start at bit 0, the next bit for the
next eb is 4, to correspond to eb->start 16k.
However if our range is clean, we will do bit_start++, which will now
put us offset from our radix tree entries.
In our case, assume that the first time we check the bitmap the block is
not dirty, we increment bit_start so now it == 1, and then we loop
around and check again. This time it is dirty, and we go to find that
start using the following equation
start = folio_start + bit_start * fs_info->sectorsize;
so in the case above, eb->start 0 is now dirty, and we calculate start
as
0 + 1 * fs_info->sectorsize = 4096
4096 >> 12 = 1
Now we're looking up the radix tree for 1, and we won't find an eb.
What's worse is now we're using bit_start == 1, so we do bit_start +=
sectors_per_node, which is now 5. If that eb is dirty we will run into
the same thing, we will look at an offset that is not populated in the
radix tree, and now we're skipping the writeout of dirty extent buffers.
The best fix for this is to not use sectorsize_bits to address nodes,
but that's a larger change. Since this is a fs corruption problem fix
it simply by always using sectors_per_node to increment the start bit.
cc: stable(a)vger.kernel.org
Fixes: c4aec299fa8f ("btrfs: introduce submit_eb_subpage() to submit a subpage metadata page")
Reviewed-by: Boris Burkov <boris(a)bur.io>
Signed-off-by: Josef Bacik <josef(a)toxicpanda.com>
---
- Further testing indicated that the page tagging theoretical race isn't getting
hit in practice, so we're going to limit the "hotfix" to this specific patch,
and then send subsequent patches to address the other issues we're hitting. My
simplify metadata writebback patches are the more wholistic fix.
fs/btrfs/extent_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 5f08615b334f..6cfd286b8bbc 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -2034,7 +2034,7 @@ static int submit_eb_subpage(struct folio *folio, struct writeback_control *wbc)
subpage->bitmaps)) {
spin_unlock_irqrestore(&subpage->lock, flags);
spin_unlock(&folio->mapping->i_private_lock);
- bit_start++;
+ bit_start += sectors_per_node;
continue;
}
--
2.48.1
5 months
- 3
- 3
[PATCH v2] x86/sev: Fix SNP guest kdump hang/softlockup/panic
by Ashish Kalra
From: Ashish Kalra <ashish.kalra(a)amd.com>
When kdump is running makedumpfile to generate vmcore and dumping SNP
guest memory it touches the VMSA page of the vCPU executing kdump which
then results in unrecoverable #NPF/RMP faults as the VMSA page is
marked busy/in-use when the vCPU is running.
This leads to guest softlockup/hang:
[ 117.111097] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [cp:318]
[ 117.111165] CPU: 0 UID: 0 PID: 318 Comm: cp Not tainted 6.14.0-next-20250328-snp-host-f2a41ff576cc-dirty #414 VOLUNTARY
[ 117.111171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022
[ 117.111176] RIP: 0010:rep_movs_alternative+0x5b/0x70
[ 117.111200] Call Trace:
[ 117.111204] <TASK>
[ 117.111206] ? _copy_to_iter+0xc1/0x720
[ 117.111216] ? srso_return_thunk+0x5/0x5f
[ 117.111220] ? _raw_spin_unlock+0x27/0x40
[ 117.111234] ? srso_return_thunk+0x5/0x5f
[ 117.111236] ? find_vmap_area+0xd6/0xf0
[ 117.111251] ? srso_return_thunk+0x5/0x5f
[ 117.111253] ? __check_object_size+0x18d/0x2e0
[ 117.111268] __copy_oldmem_page.part.0+0x64/0xa0
[ 117.111281] copy_oldmem_page_encrypted+0x1d/0x30
[ 117.111285] read_from_oldmem.part.0+0xf4/0x200
[ 117.111306] read_vmcore+0x206/0x3c0
[ 117.111309] ? srso_return_thunk+0x5/0x5f
[ 117.111325] proc_reg_read_iter+0x59/0x90
[ 117.111334] vfs_read+0x26e/0x350
Additionally other APs may be halted in guest mode and their VMSA pages
are marked busy and touching these VMSA pages during guest memory dump
will also cause #NPF.
Issue AP_DESTROY GHCB calls on other APs to ensure they are kicked out
of guest mode and then clear the VMSA bit on their VMSA pages.
If the vCPU running kdump is an AP, mark it's VMSA page as offline to
ensure that makedumpfile excludes that page while dumping guest memory.
Cc: stable(a)vger.kernel.org
Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec")
Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com>
---
arch/x86/coco/sev/core.c | 129 ++++++++++++++++++++++++++++++---------
1 file changed, 101 insertions(+), 28 deletions(-)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index dcfaa698d6cf..870f4994a13d 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -113,6 +113,8 @@ DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa);
DEFINE_PER_CPU(struct svsm_ca *, svsm_caa);
DEFINE_PER_CPU(u64, svsm_caa_pa);
+static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa, int apic_id);
+
static __always_inline bool on_vc_stack(struct pt_regs *regs)
{
unsigned long sp = regs->sp;
@@ -877,6 +879,42 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t end)
set_pages_state(vaddr, npages, SNP_PAGE_STATE_PRIVATE);
}
+static int issue_vmgexit_ap_create_destroy(u64 event, struct sev_es_save_area *vmsa, u32 apic_id)
+{
+ struct ghcb_state state;
+ unsigned long flags;
+ struct ghcb *ghcb;
+ int ret = 0;
+
+ local_irq_save(flags);
+
+ ghcb = __sev_get_ghcb(&state);
+
+ vc_ghcb_invalidate(ghcb);
+ ghcb_set_rax(ghcb, vmsa->sev_features);
+ ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_AP_CREATION);
+ ghcb_set_sw_exit_info_1(ghcb,
+ ((u64)apic_id << 32) |
+ ((u64)snp_vmpl << 16) |
+ event);
+ ghcb_set_sw_exit_info_2(ghcb, __pa(vmsa));
+
+ sev_es_wr_ghcb_msr(__pa(ghcb));
+ VMGEXIT();
+
+ if (!ghcb_sw_exit_info_1_is_valid(ghcb) ||
+ lower_32_bits(ghcb->save.sw_exit_info_1)) {
+ pr_err("SNP AP %s error\n", (event == SVM_VMGEXIT_AP_CREATE ? "CREATE" : "DESTROY"));
+ ret = -EINVAL;
+ }
+
+ __sev_put_ghcb(&state);
+
+ local_irq_restore(flags);
+
+ return ret;
+}
+
static void set_pte_enc(pte_t *kpte, int level, void *va)
{
struct pte_enc_desc d = {
@@ -973,6 +1011,66 @@ void snp_kexec_begin(void)
pr_warn("Failed to stop shared<->private conversions\n");
}
+/*
+ * Shutdown all APs except the one handling kexec/kdump and clearing
+ * the VMSA tag on AP's VMSA pages as they are not being used as
+ * VMSA page anymore.
+ */
+static void snp_shutdown_all_aps(void)
+{
+ struct sev_es_save_area *vmsa;
+ int apic_id, cpu;
+
+ /*
+ * APs are already in HLT loop when kexec_finish() is invoked.
+ */
+ for_each_present_cpu(cpu) {
+ vmsa = per_cpu(sev_vmsa, cpu);
+
+ /*
+ * BSP does not have guest allocated VMSA, so it's in-use/busy
+ * VMSA cannot touch a guest page and there is no need to clear
+ * the VMSA tag for this page.
+ */
+ if (!vmsa)
+ continue;
+
+ /*
+ * Cannot clear the VMSA tag for the currently running vCPU.
+ */
+ if (get_cpu() == cpu) {
+ unsigned long pa;
+ struct page *p;
+
+ pa = __pa(vmsa);
+ p = pfn_to_online_page(pa >> PAGE_SHIFT);
+ /*
+ * Mark the VMSA page of the running vCPU as Offline
+ * so that is excluded and not touched by makedumpfile
+ * while generating vmcore during kdump boot.
+ */
+ if (p)
+ __SetPageOffline(p);
+ put_cpu();
+ continue;
+ }
+ put_cpu();
+
+ apic_id = cpuid_to_apicid[cpu];
+
+ /*
+ * Issue AP destroy on all APs (to ensure they are kicked out
+ * of guest mode) to allow using RMPADJUST to remove the VMSA
+ * tag on VMSA pages especially for guests that allow HLT to
+ * not be intercepted.
+ */
+
+ issue_vmgexit_ap_create_destroy(SVM_VMGEXIT_AP_DESTROY, vmsa, apic_id);
+
+ snp_cleanup_vmsa(vmsa, apic_id);
+ }
+}
+
void snp_kexec_finish(void)
{
struct sev_es_runtime_data *data;
@@ -987,6 +1085,8 @@ void snp_kexec_finish(void)
if (!IS_ENABLED(CONFIG_KEXEC_CORE))
return;
+ snp_shutdown_all_aps();
+
unshare_all_memory();
/*
@@ -1098,10 +1198,7 @@ static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa, int apic_id)
static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip)
{
struct sev_es_save_area *cur_vmsa, *vmsa;
- struct ghcb_state state;
struct svsm_ca *caa;
- unsigned long flags;
- struct ghcb *ghcb;
u8 sipi_vector;
int cpu, ret;
u64 cr4;
@@ -1215,31 +1312,7 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip)
}
/* Issue VMGEXIT AP Creation NAE event */
- local_irq_save(flags);
-
- ghcb = __sev_get_ghcb(&state);
-
- vc_ghcb_invalidate(ghcb);
- ghcb_set_rax(ghcb, vmsa->sev_features);
- ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_AP_CREATION);
- ghcb_set_sw_exit_info_1(ghcb,
- ((u64)apic_id << 32) |
- ((u64)snp_vmpl << 16) |
- SVM_VMGEXIT_AP_CREATE);
- ghcb_set_sw_exit_info_2(ghcb, __pa(vmsa));
-
- sev_es_wr_ghcb_msr(__pa(ghcb));
- VMGEXIT();
-
- if (!ghcb_sw_exit_info_1_is_valid(ghcb) ||
- lower_32_bits(ghcb->save.sw_exit_info_1)) {
- pr_err("SNP AP Creation error\n");
- ret = -EINVAL;
- }
-
- __sev_put_ghcb(&state);
-
- local_irq_restore(flags);
+ ret = issue_vmgexit_ap_create_destroy(SVM_VMGEXIT_AP_CREATE, vmsa, apic_id);
/* Perform cleanup if there was an error */
if (ret) {
--
2.34.1
5 months
- 4
- 4
[PATCH] x86/sev: Fix making shared pages private during kdump
by Ashish Kalra
From: Ashish Kalra <ashish.kalra(a)amd.com>
When the shared pages are being made private during kdump preparation
there are additional checks to handle shared GHCB pages.
These additional checks include handling the case of GHCB page being
contained within a 2MB page.
There is a bug in this additional check for GHCB page contained
within a 2MB page which causes any shared page just below the
per-cpu GHCB getting skipped from being transitioned back to private
before kdump preparation which subsequently causes a 0x404 #VC
exception when this shared page is accessed later while dumping guest
memory during vmcore generation via kdump.
Correct the detection and handling of GHCB pages contained within
a 2MB page.
Cc: stable(a)vger.kernel.org
Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec")
Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com>
---
arch/x86/coco/sev/core.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 2c27d4b3985c..16d874f4dcd3 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -926,7 +926,13 @@ static void unshare_all_memory(void)
data = per_cpu(runtime_data, cpu);
ghcb = (unsigned long)&data->ghcb_page;
- if (addr <= ghcb && ghcb <= addr + size) {
+ /* Handle the case of 2MB page containing the GHCB page */
+ if (level == PG_LEVEL_4K && addr == ghcb) {
+ skipped_addr = true;
+ break;
+ }
+ if (level > PG_LEVEL_4K && addr <= ghcb &&
+ ghcb < addr + size) {
skipped_addr = true;
break;
}
@@ -1106,6 +1112,9 @@ void snp_kexec_finish(void)
ghcb = &data->ghcb_page;
pte = lookup_address((unsigned long)ghcb, &level);
size = page_level_size(level);
+ /* Handle the case of 2MB page containing the GHCB page */
+ if (level > PG_LEVEL_4K)
+ ghcb = (struct ghcb *)((unsigned long)ghcb & PMD_MASK);
set_pte_enc(pte, level, (void *)ghcb);
snp_set_memory_private((unsigned long)ghcb, (size / PAGE_SIZE));
}
--
2.34.1
5 months
- 3
- 2
[PATCH net] gve: Add adminq lock for creating and destroying multiple queues
by Harshitha Ramamurthy
From: Ziwei Xiao <ziweixiao(a)google.com>
The original adminq lock is only protecting the gve_adminq_execute_cmd
which is aimed for sending out single adminq command. However, there are
other callers of gve_adminq_kick_and_wait and gve_adminq_issue_cmd that
need to take the mutex lock for mutual exclusion between them, which are
creating and destroying rx/tx queues. Add the adminq lock for those
unprotected callers.
Also this patch cleans up the error handling code of
gve_adminq_destroy_tx_queue.
Cc: stable(a)vger.kernel.org
Fixes: 1108566ca509 ("gve: Add adminq mutex lock")
Reviewed-by: Willem de Bruijn <willemb(a)google.com>
Signed-off-by: Ziwei Xiao <ziweixiao(a)google.com>
Signed-off-by: Harshitha Ramamurthy <hramamurthy(a)google.com>
---
drivers/net/ethernet/google/gve/gve_adminq.c | 54 ++++++++++++++------
1 file changed, 37 insertions(+), 17 deletions(-)
diff --git a/drivers/net/ethernet/google/gve/gve_adminq.c b/drivers/net/ethernet/google/gve/gve_adminq.c
index 3e8fc33cc11f..659460812276 100644
--- a/drivers/net/ethernet/google/gve/gve_adminq.c
+++ b/drivers/net/ethernet/google/gve/gve_adminq.c
@@ -442,6 +442,8 @@ static int gve_adminq_kick_and_wait(struct gve_priv *priv)
int tail, head;
int i;
+ lockdep_assert_held(&priv->adminq_lock);
+
tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
head = priv->adminq_prod_cnt;
@@ -467,9 +469,6 @@ static int gve_adminq_kick_and_wait(struct gve_priv *priv)
return 0;
}
-/* This function is not threadsafe - the caller is responsible for any
- * necessary locks.
- */
static int gve_adminq_issue_cmd(struct gve_priv *priv,
union gve_adminq_command *cmd_orig)
{
@@ -477,6 +476,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
u32 opcode;
u32 tail;
+ lockdep_assert_held(&priv->adminq_lock);
+
tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
// Check if next command will overflow the buffer.
@@ -709,13 +710,19 @@ int gve_adminq_create_tx_queues(struct gve_priv *priv, u32 start_id, u32 num_que
int err;
int i;
+ mutex_lock(&priv->adminq_lock);
+
for (i = start_id; i < start_id + num_queues; i++) {
err = gve_adminq_create_tx_queue(priv, i);
if (err)
- return err;
+ goto out;
}
- return gve_adminq_kick_and_wait(priv);
+ err = gve_adminq_kick_and_wait(priv);
+
+out:
+ mutex_unlock(&priv->adminq_lock);
+ return err;
}
static void gve_adminq_get_create_rx_queue_cmd(struct gve_priv *priv,
@@ -788,19 +795,24 @@ int gve_adminq_create_rx_queues(struct gve_priv *priv, u32 num_queues)
int err;
int i;
+ mutex_lock(&priv->adminq_lock);
+
for (i = 0; i < num_queues; i++) {
err = gve_adminq_create_rx_queue(priv, i);
if (err)
- return err;
+ goto out;
}
- return gve_adminq_kick_and_wait(priv);
+ err = gve_adminq_kick_and_wait(priv);
+
+out:
+ mutex_unlock(&priv->adminq_lock);
+ return err;
}
static int gve_adminq_destroy_tx_queue(struct gve_priv *priv, u32 queue_index)
{
union gve_adminq_command cmd;
- int err;
memset(&cmd, 0, sizeof(cmd));
cmd.opcode = cpu_to_be32(GVE_ADMINQ_DESTROY_TX_QUEUE);
@@ -808,11 +820,7 @@ static int gve_adminq_destroy_tx_queue(struct gve_priv *priv, u32 queue_index)
.queue_id = cpu_to_be32(queue_index),
};
- err = gve_adminq_issue_cmd(priv, &cmd);
- if (err)
- return err;
-
- return 0;
+ return gve_adminq_issue_cmd(priv, &cmd);
}
int gve_adminq_destroy_tx_queues(struct gve_priv *priv, u32 start_id, u32 num_queues)
@@ -820,13 +828,19 @@ int gve_adminq_destroy_tx_queues(struct gve_priv *priv, u32 start_id, u32 num_qu
int err;
int i;
+ mutex_lock(&priv->adminq_lock);
+
for (i = start_id; i < start_id + num_queues; i++) {
err = gve_adminq_destroy_tx_queue(priv, i);
if (err)
- return err;
+ goto out;
}
- return gve_adminq_kick_and_wait(priv);
+ err = gve_adminq_kick_and_wait(priv);
+
+out:
+ mutex_unlock(&priv->adminq_lock);
+ return err;
}
static void gve_adminq_make_destroy_rx_queue_cmd(union gve_adminq_command *cmd,
@@ -861,13 +875,19 @@ int gve_adminq_destroy_rx_queues(struct gve_priv *priv, u32 num_queues)
int err;
int i;
+ mutex_lock(&priv->adminq_lock);
+
for (i = 0; i < num_queues; i++) {
err = gve_adminq_destroy_rx_queue(priv, i);
if (err)
- return err;
+ goto out;
}
- return gve_adminq_kick_and_wait(priv);
+ err = gve_adminq_kick_and_wait(priv);
+
+out:
+ mutex_unlock(&priv->adminq_lock);
+ return err;
}
static void gve_set_default_desc_cnt(struct gve_priv *priv,
--
2.49.0.777.g153de2bbd5-goog
5 months
- 4
- 3
[PATCH] x86/insn: Fix CTEST instruction decoding
by Kirill A. Shutemov
insn_decoder_test found a problem with decoding APX CTEST instruction:
Found an x86 instruction decoder bug, please report this.
ffffffff810021df 62 54 94 05 85 ff ctestneq
objdump says 6 bytes, but insn_get_length() says 5
It happens because x86-opcode-map.txt doesn't specify arguments for the
instruction and the decoder doesn't expect to see ModRM byte.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Fixes: 690ca3a3067f ("x86/insn: Add support for APX EVEX instructions to the opcode map")
Cc: stable(a)vger.kernel.org # v6.10+
Cc: Adrian Hunter <adrian.hunter(a)intel.com>
---
arch/x86/lib/x86-opcode-map.txt | 4 ++--
tools/arch/x86/lib/x86-opcode-map.txt | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt
index caedb3ef6688..f5dd84eb55dc 100644
--- a/arch/x86/lib/x86-opcode-map.txt
+++ b/arch/x86/lib/x86-opcode-map.txt
@@ -996,8 +996,8 @@ AVXcode: 4
83: Grp1 Ev,Ib (1A),(es)
# CTESTSCC instructions are: CTESTB, CTESTBE, CTESTF, CTESTL, CTESTLE, CTESTNB, CTESTNBE, CTESTNL,
# CTESTNLE, CTESTNO, CTESTNS, CTESTNZ, CTESTO, CTESTS, CTESTT, CTESTZ
-84: CTESTSCC (ev)
-85: CTESTSCC (es) | CTESTSCC (66),(es)
+84: CTESTSCC Eb,Gb (ev)
+85: CTESTSCC Ev,Gv (es) | CTESTSCC Ev,Gv (66),(es)
88: POPCNT Gv,Ev (es) | POPCNT Gv,Ev (66),(es)
8f: POP2 Bq,Rq (000),(11B),(ev)
a5: SHLD Ev,Gv,CL (es) | SHLD Ev,Gv,CL (66),(es)
diff --git a/tools/arch/x86/lib/x86-opcode-map.txt b/tools/arch/x86/lib/x86-opcode-map.txt
index caedb3ef6688..f5dd84eb55dc 100644
--- a/tools/arch/x86/lib/x86-opcode-map.txt
+++ b/tools/arch/x86/lib/x86-opcode-map.txt
@@ -996,8 +996,8 @@ AVXcode: 4
83: Grp1 Ev,Ib (1A),(es)
# CTESTSCC instructions are: CTESTB, CTESTBE, CTESTF, CTESTL, CTESTLE, CTESTNB, CTESTNBE, CTESTNL,
# CTESTNLE, CTESTNO, CTESTNS, CTESTNZ, CTESTO, CTESTS, CTESTT, CTESTZ
-84: CTESTSCC (ev)
-85: CTESTSCC (es) | CTESTSCC (66),(es)
+84: CTESTSCC Eb,Gb (ev)
+85: CTESTSCC Ev,Gv (es) | CTESTSCC Ev,Gv (66),(es)
88: POPCNT Gv,Ev (es) | POPCNT Gv,Ev (66),(es)
8f: POP2 Bq,Rq (000),(11B),(ev)
a5: SHLD Ev,Gv,CL (es) | SHLD Ev,Gv,CL (66),(es)
--
2.47.2
5 months
- 2
- 1
[PATCH v2] mm, slab: clean up slab->obj_exts always
by Zhenhua Huang
When memory allocation profiling is disabled at runtime or due to an
error, shutdown_mem_profiling() is called: slab->obj_exts which
previously allocated remains.
It won't be cleared by unaccount_slab() because of
mem_alloc_profiling_enabled() not true. It's incorrect, slab->obj_exts
should always be cleaned up in unaccount_slab() to avoid following error:
[...]BUG: Bad page state in process...
..
[...]page dumped because: page still charged to cgroup
Cc: stable(a)vger.kernel.org
Fixes: 21c690a349ba ("mm: introduce slabobj_ext to support slab object extensions")
Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com>
Acked-by: David Rientjes <rientjes(a)google.com>
Acked-by: Harry Yoo <harry.yoo(a)oracle.com>
Tested-by: Harry Yoo <harry.yoo(a)oracle.com>
---
mm/slub.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index 566eb8b8282d..a98ce1426076 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2028,8 +2028,8 @@ int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s,
return 0;
}
-/* Should be called only if mem_alloc_profiling_enabled() */
-static noinline void free_slab_obj_exts(struct slab *slab)
+/* Free only if slab_obj_exts(slab) */
+static inline void free_slab_obj_exts(struct slab *slab)
{
struct slabobj_ext *obj_exts;
@@ -2601,8 +2601,12 @@ static __always_inline void account_slab(struct slab *slab, int order,
static __always_inline void unaccount_slab(struct slab *slab, int order,
struct kmem_cache *s)
{
- if (memcg_kmem_online() || need_slab_obj_ext())
- free_slab_obj_exts(slab);
+ /*
+ * The slab object extensions should now be freed regardless of
+ * whether mem_alloc_profiling_enabled() or not because profiling
+ * might have been disabled after slab->obj_exts got allocated.
+ */
+ free_slab_obj_exts(slab);
mod_node_page_state(slab_pgdat(slab), cache_vmstat_idx(s),
-(PAGE_SIZE << order));
--
2.34.1
5 months
- 4
- 7
[PATCH v2 2/2] usb: typec: ucsi: displayport: Fix NULL pointer access
by Andrei Kuchynski
This patch ensures that the UCSI driver waits for all pending tasks in the
ucsi_displayport_work workqueue to finish executing before proceeding with
the partner removal.
Cc: stable(a)vger.kernel.org
Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode")
Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org>
Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
---
drivers/usb/typec/ucsi/displayport.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c
index acd053d4e38c..8aae80b457d7 100644
--- a/drivers/usb/typec/ucsi/displayport.c
+++ b/drivers/usb/typec/ucsi/displayport.c
@@ -299,6 +299,8 @@ void ucsi_displayport_remove_partner(struct typec_altmode *alt)
if (!dp)
return;
+ cancel_work_sync(&dp->work);
+
dp->data.conf = 0;
dp->data.status = 0;
dp->initialized = false;
--
2.49.0.805.g082f7c87e0-goog
5 months
- 2
- 1
Please apply commit 8983dc1b66c0 ("ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model") to v6.1.y (and v6.6.y)
by Salvatore Bonaccorso
Hi
As per subject, can you please apply commit 8983dc1b66c0 ("ALSA:
hda/realtek: Fix built-in mic on another ASUS VivoBook model") to
v6.1.y?
The commit fixes 3b4309546b48 ("ALSA: hda: Fix headset detection
failure due to unstable sort"), which is in 6.14-rc1 *but* it got
backported to other stable series as well: 6.1.129, 6.6.78, 6.12.14
and 6.13.3.
While 8983dc1b66c0 got then backported down to 6.12.23, 6.13.11 and
and 6.14.2 it was not backported further down, the reason is likely
the commit does not apply cleanly due to context changes in the struct
hda_quirk alc269_fixup_tbl (as some entries are missing in older
series).
For context see as well:
https://lore.kernel.org/linux-sound/Z95s5T6OXFPjRnKf@eldamar.lan
https://lore.kernel.org/linux-sound/Z_aq9kkdswrGZRUQ@eldamar.lan/
https://bugs.debian.org/1100928
Can you please apply it down for 6.1.y?
Attached is a manual backport of the change in case needed.
Regards,
Salvatore
From 336110525d8a24cd8bbc4cfe61c2aaf6aee511d4 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai(a)suse.de>
Date: Wed, 2 Apr 2025 09:42:07 +0200
Subject: [PATCH] ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook
model
[ Upstream commit 8983dc1b66c0e1928a263b8af0bb06f6cb9229c4 ]
There is another VivoBook model which built-in mic got broken recently
by the fix of the pin sort. Apply the correct quirk
ALC256_FIXUP_ASUS_MIC_NO_PRESENCE to this model for addressing the
regression, too.
Fixes: 3b4309546b48 ("ALSA: hda: Fix headset detection failure due to unstable sort")
Closes: https://lore.kernel.org/Z95s5T6OXFPjRnKf@eldamar.lan
Link: https://patch.msgid.link/20250402074208.7347-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai(a)suse.de>
[Salvatore Bonaccorso: Update for context change due to missing other
quirk entries in the struct snd_pci_quirk alc269_fixup_tbl]
Signed-off-by: Salvatore Bonaccorso <carnil(a)debian.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 93e8990c23bc..61b48f2418bf 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -10071,6 +10071,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
SND_PCI_QUIRK(0x1043, 0x1bbd, "ASUS Z550MA", ALC255_FIXUP_ASUS_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1043, 0x1c23, "Asus X55U", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
SND_PCI_QUIRK(0x1043, 0x1c62, "ASUS GU603", ALC289_FIXUP_ASUS_GA401),
+ SND_PCI_QUIRK(0x1043, 0x1c80, "ASUS VivoBook TP401", ALC256_FIXUP_ASUS_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1043, 0x1c92, "ASUS ROG Strix G15", ALC285_FIXUP_ASUS_G533Z_PINS),
SND_PCI_QUIRK(0x1043, 0x1caf, "ASUS G634JYR/JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS),
SND_PCI_QUIRK(0x1043, 0x1ccd, "ASUS X555UB", ALC256_FIXUP_ASUS_MIC),
--
2.49.0
5 months
- 2
- 1
[PATCH net V2] amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload
by Vishal Badole
According to the XGMAC specification, enabling features such as Layer 3
and Layer 4 Packet Filtering, Split Header, Receive Side Scaling (RSS),
and Virtualized Network support automatically selects the IPC Full
Checksum Offload Engine on the receive side.
When RX checksum offload is disabled, these dependent features must also
be disabled to prevent abnormal behavior caused by mismatched feature
dependencies.
Ensure that toggling RX checksum offload (disabling or enabling) properly
disables or enables all dependent features, maintaining consistent and
expected behavior in the network device.
v1->v2:
-------
- Combine 2 patches into a single patch
- Update the "Fix: tag"
- Add necessary changes to support earlier versions of the hardware as well
Cc: stable(a)vger.kernel.org
Fixes: 1a510ccf5869 ("amd-xgbe: Add support for VXLAN offload capabilities")
Signed-off-by: Vishal Badole <Vishal.Badole(a)amd.com>
---
drivers/net/ethernet/amd/xgbe/xgbe-desc.c | 9 +++++++--
drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 24 +++++++++++++++++++++--
drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 21 ++++++++++++++++++--
drivers/net/ethernet/amd/xgbe/xgbe.h | 4 ++++
4 files changed, 52 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-desc.c b/drivers/net/ethernet/amd/xgbe/xgbe-desc.c
index 230726d7b74f..d41b58fad37b 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-desc.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-desc.c
@@ -373,8 +373,13 @@ static int xgbe_map_rx_buffer(struct xgbe_prv_data *pdata,
}
/* Set up the header page info */
- xgbe_set_buffer_data(&rdata->rx.hdr, &ring->rx_hdr_pa,
- XGBE_SKB_ALLOC_SIZE);
+ if (pdata->netdev->features & NETIF_F_RXCSUM) {
+ xgbe_set_buffer_data(&rdata->rx.hdr, &ring->rx_hdr_pa,
+ XGBE_SKB_ALLOC_SIZE);
+ } else {
+ xgbe_set_buffer_data(&rdata->rx.hdr, &ring->rx_hdr_pa,
+ pdata->rx_buf_size);
+ }
/* Set up the buffer page info */
xgbe_set_buffer_data(&rdata->rx.buf, &ring->rx_buf_pa,
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
index 7a923b6e83df..d0a35aab7355 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
@@ -321,6 +321,18 @@ static void xgbe_config_sph_mode(struct xgbe_prv_data *pdata)
XGMAC_IOWRITE_BITS(pdata, MAC_RCR, HDSMS, XGBE_SPH_HDSMS_SIZE);
}
+static void xgbe_disable_sph_mode(struct xgbe_prv_data *pdata)
+{
+ unsigned int i;
+
+ for (i = 0; i < pdata->channel_count; i++) {
+ if (!pdata->channel[i]->rx_ring)
+ break;
+
+ XGMAC_DMA_IOWRITE_BITS(pdata->channel[i], DMA_CH_CR, SPH, 0);
+ }
+}
+
static int xgbe_write_rss_reg(struct xgbe_prv_data *pdata, unsigned int type,
unsigned int index, unsigned int val)
{
@@ -3750,8 +3762,12 @@ static int xgbe_init(struct xgbe_prv_data *pdata)
xgbe_config_tx_coalesce(pdata);
xgbe_config_rx_buffer_size(pdata);
xgbe_config_tso_mode(pdata);
- xgbe_config_sph_mode(pdata);
- xgbe_config_rss(pdata);
+
+ if (pdata->netdev->features & NETIF_F_RXCSUM) {
+ xgbe_config_sph_mode(pdata);
+ xgbe_config_rss(pdata);
+ }
+
desc_if->wrapper_tx_desc_init(pdata);
desc_if->wrapper_rx_desc_init(pdata);
xgbe_enable_dma_interrupts(pdata);
@@ -3910,5 +3926,9 @@ void xgbe_init_function_ptrs_dev(struct xgbe_hw_if *hw_if)
hw_if->disable_vxlan = xgbe_disable_vxlan;
hw_if->set_vxlan_id = xgbe_set_vxlan_id;
+ /* For Split Header*/
+ hw_if->enable_sph = xgbe_config_sph_mode;
+ hw_if->disable_sph = xgbe_disable_sph_mode;
+
DBGPR("<--xgbe_init_function_ptrs\n");
}
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
index f249f89fec38..4d290ec934a8 100755
--- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
@@ -2267,6 +2267,16 @@ static netdev_features_t xgbe_fix_features(struct net_device *netdev,
}
}
+ if (features & NETIF_F_RXCSUM) {
+ netdev_notice(netdev,
+ "forcing receive hashing on\n");
+ features |= NETIF_F_RXHASH;
+ } else {
+ netdev_notice(netdev,
+ "forcing receive hashing off\n");
+ features &= ~NETIF_F_RXHASH;
+ }
+
return features;
}
@@ -2290,10 +2300,17 @@ static int xgbe_set_features(struct net_device *netdev,
if (ret)
return ret;
- if ((features & NETIF_F_RXCSUM) && !rxcsum)
+ if ((features & NETIF_F_RXCSUM) && !rxcsum) {
+ hw_if->enable_sph(pdata);
+ hw_if->enable_vxlan(pdata);
hw_if->enable_rx_csum(pdata);
- else if (!(features & NETIF_F_RXCSUM) && rxcsum)
+ schedule_work(&pdata->restart_work);
+ } else if (!(features & NETIF_F_RXCSUM) && rxcsum) {
+ hw_if->disable_sph(pdata);
+ hw_if->disable_vxlan(pdata);
hw_if->disable_rx_csum(pdata);
+ schedule_work(&pdata->restart_work);
+ }
if ((features & NETIF_F_HW_VLAN_CTAG_RX) && !rxvlan)
hw_if->enable_rx_vlan_stripping(pdata);
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe.h b/drivers/net/ethernet/amd/xgbe/xgbe.h
index db73c8f8b139..92b61a318f66 100755
--- a/drivers/net/ethernet/amd/xgbe/xgbe.h
+++ b/drivers/net/ethernet/amd/xgbe/xgbe.h
@@ -902,6 +902,10 @@ struct xgbe_hw_if {
void (*enable_vxlan)(struct xgbe_prv_data *);
void (*disable_vxlan)(struct xgbe_prv_data *);
void (*set_vxlan_id)(struct xgbe_prv_data *);
+
+ /* For Split Header */
+ void (*enable_sph)(struct xgbe_prv_data *pdata);
+ void (*disable_sph)(struct xgbe_prv_data *pdata);
};
/* This structure represents implementation specific routines for an
--
2.34.1
5 months
- 5
- 5
FAILED: patch "[PATCH] lib/Kconfig.ubsan: Remove 'default UBSAN' from" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x cdc2e1d9d929d7f7009b3a5edca52388a2b0891f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042120-backward-waged-41cf@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From cdc2e1d9d929d7f7009b3a5edca52388a2b0891f Mon Sep 17 00:00:00 2001
From: Nathan Chancellor <nathan(a)kernel.org>
Date: Mon, 14 Apr 2025 15:00:59 -0700
Subject: [PATCH] lib/Kconfig.ubsan: Remove 'default UBSAN' from
UBSAN_INTEGER_WRAP
CONFIG_UBSAN_INTEGER_WRAP is 'default UBSAN', which is problematic for a
couple of reasons.
The first is that this sanitizer is under active development on the
compiler side to come up with a solution that is maintainable on the
compiler side and usable on the kernel side. As a result of this, there
are many warnings when the sanitizer is enabled that have no clear path
to resolution yet but users may see them and report them in the meantime.
The second is that this option was renamed from
CONFIG_UBSAN_SIGNED_WRAP, meaning that if a configuration has
CONFIG_UBSAN=y but CONFIG_UBSAN_SIGNED_WRAP=n and it is upgraded via
olddefconfig (common in non-interactive scenarios such as CI),
CONFIG_UBSAN_INTEGER_WRAP will be silently enabled again.
Remove 'default UBSAN' from CONFIG_UBSAN_INTEGER_WRAP until it is ready
for regular usage and testing from a broader community than the folks
actively working on the feature.
Cc: stable(a)vger.kernel.org
Fixes: 557f8c582a9b ("ubsan: Reintroduce signed overflow sanitizer")
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
Link: https://lore.kernel.org/r/20250414-drop-default-ubsan-integer-wrap-v1-1-392…
Signed-off-by: Kees Cook <kees(a)kernel.org>
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index 4216b3a4ff21..f6ea0c5b5da3 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -118,7 +118,6 @@ config UBSAN_UNREACHABLE
config UBSAN_INTEGER_WRAP
bool "Perform checking for integer arithmetic wrap-around"
- default UBSAN
depends on !COMPILE_TEST
depends on $(cc-option,-fsanitize-undefined-ignore-overflow-pattern=all)
depends on $(cc-option,-fsanitize=signed-integer-overflow)
5 months
- 5
- 6
FAILED: patch "[PATCH] lib/Kconfig.ubsan: Remove 'default UBSAN' from" failed to apply to 6.14-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.14-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y
git checkout FETCH_HEAD
git cherry-pick -x cdc2e1d9d929d7f7009b3a5edca52388a2b0891f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042119-imbecile-greeter-0ce1@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From cdc2e1d9d929d7f7009b3a5edca52388a2b0891f Mon Sep 17 00:00:00 2001
From: Nathan Chancellor <nathan(a)kernel.org>
Date: Mon, 14 Apr 2025 15:00:59 -0700
Subject: [PATCH] lib/Kconfig.ubsan: Remove 'default UBSAN' from
UBSAN_INTEGER_WRAP
CONFIG_UBSAN_INTEGER_WRAP is 'default UBSAN', which is problematic for a
couple of reasons.
The first is that this sanitizer is under active development on the
compiler side to come up with a solution that is maintainable on the
compiler side and usable on the kernel side. As a result of this, there
are many warnings when the sanitizer is enabled that have no clear path
to resolution yet but users may see them and report them in the meantime.
The second is that this option was renamed from
CONFIG_UBSAN_SIGNED_WRAP, meaning that if a configuration has
CONFIG_UBSAN=y but CONFIG_UBSAN_SIGNED_WRAP=n and it is upgraded via
olddefconfig (common in non-interactive scenarios such as CI),
CONFIG_UBSAN_INTEGER_WRAP will be silently enabled again.
Remove 'default UBSAN' from CONFIG_UBSAN_INTEGER_WRAP until it is ready
for regular usage and testing from a broader community than the folks
actively working on the feature.
Cc: stable(a)vger.kernel.org
Fixes: 557f8c582a9b ("ubsan: Reintroduce signed overflow sanitizer")
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
Link: https://lore.kernel.org/r/20250414-drop-default-ubsan-integer-wrap-v1-1-392…
Signed-off-by: Kees Cook <kees(a)kernel.org>
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
index 4216b3a4ff21..f6ea0c5b5da3 100644
--- a/lib/Kconfig.ubsan
+++ b/lib/Kconfig.ubsan
@@ -118,7 +118,6 @@ config UBSAN_UNREACHABLE
config UBSAN_INTEGER_WRAP
bool "Perform checking for integer arithmetic wrap-around"
- default UBSAN
depends on !COMPILE_TEST
depends on $(cc-option,-fsanitize-undefined-ignore-overflow-pattern=all)
depends on $(cc-option,-fsanitize=signed-integer-overflow)
5 months
- 5
- 8
[PATCH 5.10/5.15/6.1] netfilter: ipt_CLUSTERIP: change mutex location
by Evgeny Pimenov
No upstream commit exists for this patch.
The file ipt_CLUSTERIP.c was deleted in commit 9db5d918e2c0
("netfilter: ip_tables: remove clusterip target"), but races still exist
in stable branches.
Thread A in clusterip_config_entry_put() decrements refcount and removes
config from the list but doesn't call proc_remove(). Thread B searches
the config, doesn't find it, re-adds it to the list, and calls
proc_create_data() with an IP that still exists in the tree.
|A| refcount_dec_and_lock()
|A| list_del_rcu()
=== Must be here
|A| proc_remove()
===
|B| __clusterip_config_find()
|B| list_add_rcu()
|B| proc_create_data()
|B| WARN()
As a fix, also cover with mutex the places of interaction with the list of
configs before proc_remove() and proc_create_data() functions.
------------[ cut here ]------------
proc_dir_entry 'ipt_CLUSTERIP/100.1.1.2' already registered
WARNING: CPU: 0 PID: 2597 at fs/proc/generic.c:381 proc_register+0x517/0x6e0 fs/proc/generic.c:381
[...]
Call Trace:
proc_create_data+0x130/0x1a0 fs/proc/generic.c:583
clusterip_config_init net/ipv4/netfilter/ipt_CLUSTERIP.c:281 [inline]
clusterip_tg_check+0xb8d/0x1380 net/ipv4/netfilter/ipt_CLUSTERIP.c:502
xt_check_target+0x27c/0xa00 net/netfilter/x_tables.c:1018
check_target net/ipv4/netfilter/ip_tables.c:511 [inline]
find_check_entry.constprop.0+0x7b0/0x9b0 net/ipv4/netfilter/ip_tables.c:553
translate_table+0xc6a/0x16a0 net/ipv4/netfilter/ip_tables.c:717
do_replace net/ipv4/netfilter/ip_tables.c:1138 [inline]
do_ipt_set_ctl+0x54e/0xb00 net/ipv4/netfilter/ip_tables.c:1636
nf_setsockopt+0x88/0xf0 net/netfilter/nf_sockopt.c:101
ip_setsockopt+0xe4d/0x3d10 net/ipv4/ip_sockglue.c:1442
sctp_setsockopt+0x135/0xa390 net/sctp/socket.c:4475
__sys_setsockopt+0x234/0x5a0 net/socket.c:2145
__do_sys_setsockopt net/socket.c:2156 [inline]
__se_sys_setsockopt net/socket.c:2153 [inline]
__x64_sys_setsockopt+0xb9/0x150 net/socket.c:2153
do_syscall_64+0x30/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x67/0xd1
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 2a61d8b883bb ("netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put()")
Cc: stable(a)vger.kernel.org # v5.4+
Suggested-by: Fedor Pchelkin <pchelkin(a)ispras.ru>
Suggested-by: Alexey Khoroshilov <khoroshilov(a)ispras.ru>
Signed-off-by: Evgeny Pimenov <pimenoveu12(a)gmail.com>
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 30 ++++++++++++++++++++++++------
1 file changed, 24 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 77e3b67e8790..61ccfd97841f 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -79,6 +79,22 @@ static inline struct clusterip_net *clusterip_pernet(struct net *net)
return net_generic(net, clusterip_net_id);
}
+static inline void
+clusterip_net_lock(struct clusterip_net *cn)
+{
+#ifdef CONFIG_PROC_FS
+ mutex_lock(&cn->mutex);
+#endif
+};
+
+static inline void
+clusterip_net_unlock(struct clusterip_net *cn)
+{
+#ifdef CONFIG_PROC_FS
+ mutex_unlock(&cn->mutex);
+#endif
+};
+
static inline void
clusterip_config_get(struct clusterip_config *c)
{
@@ -114,6 +130,7 @@ clusterip_config_entry_put(struct clusterip_config *c)
{
struct clusterip_net *cn = clusterip_pernet(c->net);
+ clusterip_net_lock(cn);
local_bh_disable();
if (refcount_dec_and_lock(&c->entries, &cn->lock)) {
list_del_rcu(&c->list);
@@ -123,14 +140,14 @@ clusterip_config_entry_put(struct clusterip_config *c)
* functions are also incrementing the refcount on their own,
* so it's safe to remove the entry even if it's in use. */
#ifdef CONFIG_PROC_FS
- mutex_lock(&cn->mutex);
if (cn->procdir)
proc_remove(c->pde);
- mutex_unlock(&cn->mutex);
#endif
+ clusterip_net_unlock(cn);
return;
}
local_bh_enable();
+ clusterip_net_unlock(cn);
}
static struct clusterip_config *
@@ -262,6 +279,7 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
c->net = net;
refcount_set(&c->refcount, 1);
+ clusterip_net_lock(cn);
spin_lock_bh(&cn->lock);
if (__clusterip_config_find(net, ip)) {
err = -EBUSY;
@@ -277,11 +295,9 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
/* create proc dir entry */
sprintf(buffer, "%pI4", &ip);
- mutex_lock(&cn->mutex);
c->pde = proc_create_data(buffer, 0600,
cn->procdir,
&clusterip_proc_ops, c);
- mutex_unlock(&cn->mutex);
if (!c->pde) {
err = -ENOMEM;
goto err;
@@ -290,6 +306,7 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
#endif
refcount_set(&c->entries, 1);
+ clusterip_net_unlock(cn);
return c;
#ifdef CONFIG_PROC_FS
@@ -300,6 +317,7 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
out_config_put:
spin_unlock_bh(&cn->lock);
clusterip_config_put(c);
+ clusterip_net_unlock(cn);
return ERR_PTR(err);
}
@@ -848,10 +866,10 @@ static void clusterip_net_exit(struct net *net)
#ifdef CONFIG_PROC_FS
struct clusterip_net *cn = clusterip_pernet(net);
- mutex_lock(&cn->mutex);
+ clusterip_net_lock(cn);
proc_remove(cn->procdir);
cn->procdir = NULL;
- mutex_unlock(&cn->mutex);
+ clusterip_net_unlock(cn);
#endif
nf_unregister_net_hook(net, &cip_arp_ops);
}
--
2.39.5
5 months
- 2
- 1
[tip: irq/urgent] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
by tip-bot2 for Suzuki K Poulose
The following commit has been merged into the irq/urgent branch of tip:
Commit-ID: 637cf959dac97d5b7b5ce5e6cd91dd3a2c2fc324
Gitweb: https://git.kernel.org/tip/637cf959dac97d5b7b5ce5e6cd91dd3a2c2fc324
Author: Suzuki K Poulose <suzuki.poulose(a)arm.com>
AuthorDate: Tue, 22 Apr 2025 17:16:16 +01:00
Committer: Thomas Gleixner <tglx(a)linutronix.de>
CommitterDate: Thu, 24 Apr 2025 14:47:52 +02:00
irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
With ACPI in place, gicv2m_get_fwnode() is registered with the pci
subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime
during a PCI host bridge probe. But, the call back is wrongly marked as
__init, causing it to be freed, while being registered with the PCI
subsystem and could trigger:
Unable to handle kernel paging request at virtual address ffff8000816c0400
gicv2m_get_fwnode+0x0/0x58 (P)
pci_set_bus_msi_domain+0x74/0x88
pci_register_host_bridge+0x194/0x548
This is easily reproducible on a Juno board with ACPI boot.
Retain the function for later use.
Fixes: 0644b3daca28 ("irqchip/gic-v2m: acpi: Introducing GICv2m ACPI support")
Signed-off-by: Suzuki K Poulose <suzuki.poulose(a)arm.com>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Reviewed-by: Marc Zyngier <maz(a)kernel.org>
Cc: stable(a)vger.kernel.org
Link: https://lkml.kernel.org/all/20250422161616.1584405-1-suzuki.poulose@arm.com
Link: https://lkml.kernel.org/r/68053cf43bb54_7205294cc@dwillia2-xfh.jf.intel.com…
---
drivers/irqchip/irq-gic-v2m.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c
index c698948..dc98c39 100644
--- a/drivers/irqchip/irq-gic-v2m.c
+++ b/drivers/irqchip/irq-gic-v2m.c
@@ -421,7 +421,7 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle,
#ifdef CONFIG_ACPI
static int acpi_num_msi;
-static __init struct fwnode_handle *gicv2m_get_fwnode(struct device *dev)
+static struct fwnode_handle *gicv2m_get_fwnode(struct device *dev)
{
struct v2m_data *data;
5 months
- 1
- 0
+ smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: smaps: fix crash in smaps_hugetlb_range for non-present hugetlb entries
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Ming Wang <wangming01(a)loongson.cn>
Subject: smaps: fix crash in smaps_hugetlb_range for non-present hugetlb entries
Date: Wed, 23 Apr 2025 09:03:59 +0800
When reading /proc/pid/smaps for a process that has mapped a hugetlbfs
file with MAP_PRIVATE, the kernel might crash inside
pfn_swap_entry_to_page. This occurs on LoongArch under specific
conditions.
The root cause involves several steps:
1. When the hugetlbfs file is mapped (MAP_PRIVATE), the initial PMD
(or relevant level) entry is often populated by the kernel during
mmap() with a non-present entry pointing to the architecture's
invalid_pte_table On the affected LoongArch system, this address was
observed to be 0x90000000031e4000.
2. The smaps walker (walk_hugetlb_range -> smaps_hugetlb_range) reads
this entry.
3. The generic is_swap_pte() macro checks `!pte_present() &&
!pte_none()`. The entry (invalid_pte_table address) is not present.
Crucially, the generic pte_none() check (`!(pte_val(pte) &
~_PAGE_GLOBAL)`) returns false because the invalid_pte_table address is
non-zero. Therefore, is_swap_pte() incorrectly returns true.
4. The code enters the `else if (is_swap_pte(...))` block.
5. Inside this block, it checks `is_pfn_swap_entry()`. Due to a bit
pattern coincidence in the invalid_pte_table address on LoongArch, the
embedded generic `is_migration_entry()` check happens to return true
(misinterpreting parts of the address as a migration type).
6. This leads to a call to pfn_swap_entry_to_page() with the bogus
swap entry derived from the invalid table address.
7. pfn_swap_entry_to_page() extracts a meaningless PFN, finds an
unrelated struct page, checks its lock status (unlocked), and hits the
`BUG_ON(is_migration_entry(entry) && !PageLocked(p))` assertion.
The original code's intent in the `else if` block seems aimed at handling
potential migration entries, as indicated by the inner
`is_pfn_swap_entry()` check. The issue arises because the outer
`is_swap_pte()` check incorrectly includes the invalid table pointer case
on LoongArch.
This patch fixes the issue by changing the condition in
smaps_hugetlb_range() from the broad `is_swap_pte()` to the specific
`is_hugetlb_entry_migration()`.
The `is_hugetlb_entry_migration()` helper function correctly handles this
by first checking `huge_pte_none()`. Architectures like LoongArch can
provide an override for `huge_pte_none()` that specifically recognizes the
`invalid_pte_table` address as a "none" state for HugeTLB entries. This
ensures `is_hugetlb_entry_migration()` returns false for the invalid
entry, preventing the code from entering the faulty block.
This change makes the code reflect the likely original intent (handling
migration) more accurately and leverages architecture-specific helpers
(`huge_pte_none`) to correctly interpret special PTE/PMD values in the
HugeTLB context, fixing the crash on LoongArch without altering the
generic is_swap_pte() behavior.
Link: https://lkml.kernel.org/r/20250423010359.2030576-1-wangming01@loongson.cn
Fixes: 25ee01a2fca0 ("mm: hugetlb: proc: add hugetlb-related fields to /proc/PID/smaps")
Co-developed-by: Hongchen Zhang <zhanghongchen(a)loongson.cn>
Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn>
Signed-off-by: Ming Wang <wangming01(a)loongson.cn>
Cc: Andrii Nakryiko <andrii(a)kernel.org>
Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: David Rientjes <rientjes(a)google.com>
Cc: Huacai Chen <chenhuacai(a)kernel.org>
Cc: Hugh Dickins <hughd(a)google.com>
Cc: Joern Engel <joern(a)logfs.org>
Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org>
Cc: Michal Hocko <mhocko(a)suse.cz>
Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
fs/proc/task_mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/proc/task_mmu.c~smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries
+++ a/fs/proc/task_mmu.c
@@ -1027,7 +1027,7 @@ static int smaps_hugetlb_range(pte_t *pt
if (pte_present(ptent)) {
folio = page_folio(pte_page(ptent));
present = true;
- } else if (is_swap_pte(ptent)) {
+ } else if (is_hugetlb_entry_migration(ptent)) {
swp_entry_t swpent = pte_to_swp_entry(ptent);
if (is_pfn_swap_entry(swpent))
_
Patches currently in -mm which might be from wangming01(a)loongson.cn are
smaps-fix-crash-in-smaps_hugetlb_range-for-non-present-hugetlb-entries.patch
5 months
- 2
- 1
[PATCH] usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
by Pawel Laszczak
The controllers with rtl version greeter than
RTL_REVISION_NEW_LPM (0x00002700) has bug which causes that controller
doesn't resume from L1 state. It happens if after receiving LPM packet
controller starts transitioning to L1 and in this moment the driver force
resuming by write operation to PORTSC.PLS.
It's corner case and happens when write operation to PORTSC occurs during
device delay before transitioning to L1 after transmitting ACK
time (TL1TokenRetry).
Forcing transition from L1->L0 by driver for revision greeter than
RTL_REVISION_NEW_LPM is not needed, so driver can simply fix this issue
through block call of cdnsp_force_l0_go function.
Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
cc: stable(a)vger.kernel.org
Signed-off-by: Pawel Laszczak <pawell(a)cadence.com>
---
drivers/usb/cdns3/cdnsp-gadget.c | 2 ++
drivers/usb/cdns3/cdnsp-gadget.h | 3 +++
drivers/usb/cdns3/cdnsp-ring.c | 3 ++-
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c
index 7f5534db2086..4824a10df07e 100644
--- a/drivers/usb/cdns3/cdnsp-gadget.c
+++ b/drivers/usb/cdns3/cdnsp-gadget.c
@@ -1793,6 +1793,8 @@ static void cdnsp_get_rev_cap(struct cdnsp_device *pdev)
reg += cdnsp_find_next_ext_cap(reg, 0, RTL_REV_CAP);
pdev->rev_cap = reg;
+ pdev->rtl_revision = readl(&pdev->rev_cap->rtl_revision);
+
dev_info(pdev->dev, "Rev: %08x/%08x, eps: %08x, buff: %08x/%08x\n",
readl(&pdev->rev_cap->ctrl_revision),
readl(&pdev->rev_cap->rtl_revision),
diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h
index 87ac0cd113e7..fa02f861217f 100644
--- a/drivers/usb/cdns3/cdnsp-gadget.h
+++ b/drivers/usb/cdns3/cdnsp-gadget.h
@@ -1360,6 +1360,7 @@ struct cdnsp_port {
* @rev_cap: Controller Capabilities Registers.
* @hcs_params1: Cached register copies of read-only HCSPARAMS1
* @hcc_params: Cached register copies of read-only HCCPARAMS1
+ * @rtl_revision: Cached controller rtl revision.
* @setup: Temporary buffer for setup packet.
* @ep0_preq: Internal allocated request used during enumeration.
* @ep0_stage: ep0 stage during enumeration process.
@@ -1414,6 +1415,8 @@ struct cdnsp_device {
__u32 hcs_params1;
__u32 hcs_params3;
__u32 hcc_params;
+ #define RTL_REVISION_NEW_LPM 0x00002701
+ __u32 rtl_revision;
/* Lock used in interrupt thread context. */
spinlock_t lock;
struct usb_ctrlrequest setup;
diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c
index 46852529499d..fd06cb85c4ea 100644
--- a/drivers/usb/cdns3/cdnsp-ring.c
+++ b/drivers/usb/cdns3/cdnsp-ring.c
@@ -308,7 +308,8 @@ static bool cdnsp_ring_ep_doorbell(struct cdnsp_device *pdev,
writel(db_value, reg_addr);
- cdnsp_force_l0_go(pdev);
+ if (pdev->rtl_revision < RTL_REVISION_NEW_LPM)
+ cdnsp_force_l0_go(pdev);
/* Doorbell was set. */
return true;
--
2.43.0
5 months
- 2
- 3
[PATCH 6.1 0/2] md: fix mddev uaf while iterating all_mddevs list
by Yu Kuai
From: Yu Kuai <yukuai3(a)huawei.com>
Hi, Greg
This is the manual adaptation version for 6.1, for 6.6/6.12 commit
8542870237c3 ("md: fix mddev uaf while iterating all_mddevs list") can
be applied cleanly, can you queue them as well?
Thanks!
Yu Kuai (2):
md: factor out a helper from mddev_put()
md: fix mddev uaf while iterating all_mddevs list
drivers/md/md.c | 50 +++++++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 20 deletions(-)
--
2.39.2
5 months
- 4
- 8
[PATCH 6.13 000/414] 6.13.12-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.13.12 release.
There are 414 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Sat, 19 Apr 2025 17:49:48 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.12-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.13.12-rc1
Thomas Richter <tmricht(a)linux.ibm.com>
s390/cpumf: Fix double free on error in cpumf_pmu_event_init()
Arseniy Krasnov <avkrasnov(a)salutedevices.com>
Bluetooth: hci_uart: Fix another race during initialization
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions()
Jeff Layton <jlayton(a)kernel.org>
nfsd: don't ignore the return code of svc_proc_register()
Chuck Lever <chuck.lever(a)oracle.com>
NFSD: Fix CB_GETATTR status fix
Olga Kornievskaia <okorniev(a)redhat.com>
NFSD: fix decoding in nfs4_xdr_dec_cb_getattr
Nathan Chancellor <nathan(a)kernel.org>
ACPI: platform-profile: Fix CFI violation when accessing sysfs files
Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
Yi Liu <yi.l.liu(a)intel.com>
iommufd: Fail replace if device has not been attached
Nicolin Chen <nicolinc(a)nvidia.com>
iommufd: Make attach_handle generic than fault specific
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
thermal/drivers/mediatek/lvts: Disable monitor mode during suspend
Kevin Hao <haokexin(a)gmail.com>
spi: fsl-qspi: Fix double cleanup in probe error path
Han Xu <han.xu(a)nxp.com>
spi: fsl-qspi: use devm function instead of driver remove
Cong Liu <liucong2(a)kylinos.cn>
selftests: mptcp: fix incorrect fd checks in main_loop
Geliang Tang <geliang(a)kernel.org>
selftests: mptcp: close fd_in before returning in main_loop
Jake Hillion <jake(a)hillion.co.uk>
sched_ext: create_dsq: Return -EEXIST on duplicate request
Sumanth Korikkar <sumanthk(a)linux.ibm.com>
s390: Fix linker error when -no-pie option is unavailable
David Hildenbrand <david(a)redhat.com>
s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues
Niklas Schnelle <schnelle(a)linux.ibm.com>
s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs
Steven Rostedt <rostedt(a)goodmis.org>
ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio()
Peter Griffin <peter.griffin(a)linaro.org>
pinctrl: samsung: add support for eint_fltcon_offset
Stephan Gerhold <stephan.gerhold(a)linaro.org>
pinctrl: qcom: Clear latched interrupt status when changing IRQ type
Stefan Eichenberger <stefan.eichenberger(a)toradex.com>
phy: freescale: imx8m-pcie: assert phy reset and perst in power off
Philipp Stanner <phasta(a)kernel.org>
PCI: Fix wrong length of devres array
Ma Ke <make24(a)iscas.ac.cn>
PCI: Fix reference leak in pci_register_host_bridge()
Ma Ke <make24(a)iscas.ac.cn>
PCI: Fix reference leak in pci_alloc_child_bus()
Lukas Wunner <lukas(a)wunner.de>
PCI: pciehp: Avoid unnecessary device replacement check
Siddharth Vadapalli <s-vadapalli(a)ti.com>
PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4
Stanimir Varbanov <svarbanov(a)suse.de>
PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakages in of_irq_init()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakages in of_irq_count()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
Zijun Hu <quic_zijuhu(a)quicinc.com>
of/irq: Fix device node refcount leakage in API of_irq_parse_one()
Fedor Pchelkin <pchelkin(a)ispras.ru>
ntb: use 64-bit arithmetic for the MSI doorbell mask
Haiyang Zhang <haiyangz(a)microsoft.com>
net: mana: Switch to page pool for jumbo frames
Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com>
misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Add a new test for setuid()
Mickaël Salaün <mic(a)digikod.net>
selftests/landlock: Split signal_scoping_threads tests
Mickaël Salaün <mic(a)digikod.net>
landlock: Prepare to add second errata
Mickaël Salaün <mic(a)digikod.net>
landlock: Always allow signals between threads of the same process
Mickaël Salaün <mic(a)digikod.net>
landlock: Add erratum for TCP fix
Mickaël Salaün <mic(a)digikod.net>
landlock: Add the errata interface
Mickaël Salaün <mic(a)digikod.net>
landlock: Move code to ease future backports
Tudor Ambarus <tudor.ambarus(a)linaro.org>
scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Explicitly zero-initialize on-stack CPUID unions
Amit Machhiwal <amachhiw(a)linux.ibm.com>
KVM: PPC: Enable CAP_SPAPR_TCE_VFIO on pSeries KVM guests
Sean Christopherson <seanjc(a)google.com>
KVM: Allow building irqbypass.ko as as module when kvm.ko is a module
Joshua Washington <joshwash(a)google.com>
gve: handle overflow when reporting TX consumed descriptors
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
gpio: zynq: Fix wakeup source leaks on device unbind
Guixin Liu <kanie(a)linux.alibaba.com>
gpio: tegra186: fix resource handling in ACPI probe path
Andy Chiu <andybnac(a)gmail.com>
ftrace: Properly merge notrace hashes
zhoumin <teczm(a)foxmail.com>
ftrace: Add cond_resched() to ftrace_graph_set_hash()
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg'
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg'
Mikulas Patocka <mpatocka(a)redhat.com>
dm-verity: fix prefetch-vs-suspend race
Jo Van Bulck <jo.vanbulck(a)kuleuven.be>
dm-integrity: fix non-constant-time tag verification
Mikulas Patocka <mpatocka(a)redhat.com>
dm-integrity: set ti->error on memory allocation failure
Mikulas Patocka <mpatocka(a)redhat.com>
dm-ebs: fix prefetch-vs-suspend race
Alexander Aring <aahringo(a)redhat.com>
dlm: fix error if active rsb is not hashed
Alexander Aring <aahringo(a)redhat.com>
dlm: fix error if inactive rsb is not hashed
Dionna Glaze <dionnaglaze(a)google.com>
crypto: ccp - Fix uAPI definitions of PSP errors
Tom Lendacky <thomas.lendacky(a)amd.com>
crypto: ccp - Fix check for the primary ASP device
Taniya Das <quic_tdas(a)quicinc.com>
clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>
clk: qcom: gdsc: Release pm subdomains in reverse add order
Ajit Pandey <quic_ajipan(a)quicinc.com>
clk: qcom: clk-branch: Fix invert halt status bit check for votable clocks
Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com>
clk: renesas: r9a07g043: Fix HP clock source for RZ/Five
Pali Rohár <pali(a)kernel.org>
cifs: Ensure that all non-client-specific reparse points are processed by the server
Roman Smirnov <r.smirnov(a)omp.ru>
cifs: fix integer overflow in match_server()
Alexandra Diupina <adiupina(a)astralinux.ru>
cifs: avoid NULL pointer dereference in dbg call
Aman <aman1(a)microsoft.com>
CIFS: Propagate min offload along with other parameters from primary to secondary channels.
Trevor Woerner <twoerner(a)gmail.com>
thermal/drivers/rockchip: Add missing rk3328 mapping entry
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Do not add length to print format in synthetic events
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing: fprobe events: Fix possible UAF on modules
Roger Pau Monne <roger.pau(a)citrix.com>
x86/xen: fix balloon target initialization for PVH dom0
Ricardo Cañuelo Navarro <rcn(a)igalia.com>
sctp: detect and prevent references to a freed transport in sendmsg
Jinjiang Tu <tujinjiang(a)huawei.com>
mm/hwpoison: introduce folio_contain_hwpoisoned_page() helper
Marc Herbert <Marc.Herbert(a)linux.intel.com>
mm/hugetlb: move hugetlb_sysctl_init() to the __init section
Shuai Xue <xueshuai(a)linux.alibaba.com>
mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
Peter Xu <peterx(a)redhat.com>
mm/userfaultfd: fix release hang over concurrent GUP
Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
mm/mremap: correctly handle partial mremap() of VMA starting at 0
Ryan Roberts <ryan.roberts(a)arm.com>
mm: fix lazy mmu docs and usage
Jane Chu <jane.chu(a)oracle.com>
mm: make page_mapped_in_vma() hugetlb walk aware
David Hildenbrand <david(a)redhat.com>
mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
Usama Arif <usamaarif642(a)gmail.com>
mm/damon/ops: have damon_get_folio return folio even for tail pages
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
Ryan Roberts <ryan.roberts(a)arm.com>
sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes
Ryan Roberts <ryan.roberts(a)arm.com>
sparc/mm: disable preemption in lazy mmu mode
Sean Christopherson <seanjc(a)google.com>
iommu/vt-d: Wire up irq_ack() to irq_move_irq() for posted MSIs
Lu Baolu <baolu.lu(a)linux.intel.com>
iommu/vt-d: Fix possible circular locking dependency
Sean Christopherson <seanjc(a)google.com>
iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes
Sean Christopherson <seanjc(a)google.com>
iommu/vt-d: Put IRTE back into posted MSI mode if vCPU posting is disabled
Nicolin Chen <nicolinc(a)nvidia.com>
iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()
Nicolin Chen <nicolinc(a)nvidia.com>
iommufd: Fix uninitialized rc in iommufd_access_rw()
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: fix zone finishing with missing devices
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: fix zone activation with missing devices
Filipe Manana <fdmanana(a)suse.com>
btrfs: tests: fix chunk map leak after failure to add it to the tree
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers
Herve Codina <herve.codina(a)bootlin.com>
backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
Peter Griffin <peter.griffin(a)linaro.org>
arm64: dts: exynos: gs101: disable pinctrl_gsacore node
Chen-Yu Tsai <wenst(a)chromium.org>
arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
Nícolas F. R. A. Prado <nfraprado(a)collabora.com>
arm64: dts: mediatek: mt8188: Assign apll1 clock as parent to avoid hang
Siddharth Vadapalli <s-vadapalli(a)ti.com>
arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks
Keerthy <j-keerthy(a)ti.com>
arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size
Zhenhua Huang <quic_zhenhuah(a)quicinc.com>
arm64: mm: Correct the update of max_pfn
Ninad Malwade <nmalwade(a)nvidia.com>
arm64: tegra: Remove the Orin NX/Nano suspend key
Keir Fraser <keirf(a)google.com>
arm64: mops: Do not dereference src reg for a set operation
Wentao Liang <vulab(a)iscas.ac.cn>
mtd: rawnand: Add status chack in r852_ready()
Wentao Liang <vulab(a)iscas.ac.cn>
mtd: inftlcore: Add error check for inftl_read_oob()
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: only inc MPJoinAckHMacFailure for HMAC failures
Gang Yan <yangang(a)kylinos.cn>
mptcp: fix NULL pointer in can_accept_new_subflow
T Pratham <t-pratham(a)ti.com>
lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets
Boqun Feng <boqun.feng(a)gmail.com>
locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
Kartik Rajput <kkartik(a)nvidia.com>
mailbox: tegra-hsp: Define dimensioning masks in SoC data
Chenyuan Yang <chenyuan0y(a)gmail.com>
mfd: ene-kb3930: Fix a potential NULL pointer dereference
Abel Vesa <abel.vesa(a)linaro.org>
leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs
Abel Vesa <abel.vesa(a)linaro.org>
leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
Nathan Chancellor <nathan(a)kernel.org>
kbuild: Add '-fno-builtin-wcslen'
Kris Van Hees <kris.van.hees(a)oracle.com>
kbuild: exclude .rodata.(cst|str)* when building ranges
Jan Kara <jack(a)suse.cz>
jbd2: remove wrong sb->s_sequence check
Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com>
i3c: Add NULL pointer check in i3c_master_queue_ibi()
Stanley Chu <yschu(a)nuvoton.com>
i3c: master: svc: Use readsb helper for reading MDB
Mimi Zohar <zohar(a)linux.ibm.com>
ima: limit the number of ToMToU integrity violations
Mimi Zohar <zohar(a)linux.ibm.com>
ima: limit the number of open-writers integrity violations
Steve French <stfrench(a)microsoft.com>
smb311 client: fix missing tcon check when mounting with linux/posix extensions
Chenyuan Yang <chenyuan0y(a)gmail.com>
soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
Olga Kornievskaia <okorniev(a)redhat.com>
svcrdma: do not unregister device for listeners
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
tpm: do not start chip while suspended
Jan Kara <jack(a)suse.cz>
udf: Fix inode_getblk() return value
Si-Wei Liu <si-wei.liu(a)oracle.com>
vdpa/mlx5: Fix oversized null mkey longer than 32bit
Yeongjin Gil <youngjin.gil(a)samsung.com>
f2fs: fix to avoid atomicity corruption of atomic file
Jaegeuk Kim <jaegeuk(a)kernel.org>
f2fs: fix the missing write pointer correction
Artem Sadovnikov <a.sadovnikov(a)ispras.ru>
ext4: fix off-by-one error in do_split
Jeff Hugo <quic_jhugo(a)quicinc.com>
bus: mhi: host: Fix race between unprepare and queue_buf
Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com>
accel/ivpu: Fix deadlock in ivpu_ms_cleanup()
Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com>
accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal()
Sharan Kumar M <sharweshraajan(a)gmail.com>
ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx
Alexey Klimov <alexey.klimov(a)linaro.org>
ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: q6apm-dai: make use of q6apm_get_hw_pointer
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs
Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org>
ASoC: q6apm: add q6apm_get_hw_pointer helper
Haoxiang Li <haoxiang_li2024(a)163.com>
ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe()
Jens Axboe <axboe(a)kernel.dk>
io_uring/kbuf: reject zero sized provided buffers
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring/net: fix io_req_post_cqe abuse by send bundle
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring/net: fix accept multishot handling
Qingfang Deng <dqfext(a)gmail.com>
net: stmmac: Fix accessing freed irq affinity_hint
Ewan D. Milne <emilne(a)redhat.com>
scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the wrong simultaneous cap for MLO
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix the wrong link_idx when a p2p_device is present
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: fix country count limitation for CLC
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: ensure wow pattern command align fw format
Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru>
wifi: mac80211: fix integer overflow in hwmp_route_info_get()
Haoxiang Li <haoxiang_li2024(a)163.com>
wifi: mt76: Add check for devm_kstrdup()
Alexandre Torgue <alexandre.torgue(a)foss.st.com>
clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
mtd: Replace kcalloc() with devm_kcalloc()
Marek Behún <kabel(a)kernel.org>
net: dsa: mv88e6xxx: fix internal PHYs for 6320 family
Marek Behún <kabel(a)kernel.org>
net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
mtd: Add check for devm_kcalloc()
Ming Lei <ming.lei(a)redhat.com>
block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: sockopt: fix getting freebind & transparent
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: sockopt: fix getting IPV6_V6ONLY
Harshitha Ramamurthy <hramamurthy(a)google.com>
gve: unlink old napi only if page pool exists
Biju Das <biju.das.jz(a)bp.renesas.com>
irqchip/renesas-rzv2h: Fix wrong variable usage in rzv2h_tint_set_type()
Jackson.lee <jackson.lee(a)chipsnmedia.com>
media: chips-media: wave5: Fix timeout while testing 10bit hevc fluster
Jackson.lee <jackson.lee(a)chipsnmedia.com>
media: chips-media: wave5: Fix a hang after seeking
Jackson.lee <jackson.lee(a)chipsnmedia.com>
media: chips-media: wave5: Avoid race condition in the interrupt handler
Jackson.lee <jackson.lee(a)chipsnmedia.com>
media: chips-media: wave5: Fix gray color on screen
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: imx214: Rectify probe error handling related to runtime PM
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: imx219: Rectify runtime PM handling in probe and remove
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: imx319: Rectify runtime PM handling probe and remove
Vikash Garodia <quic_vgarodia(a)quicinc.com>
media: venus: hfi_parser: refactor hfi packet parsing logic
Vikash Garodia <quic_vgarodia(a)quicinc.com>
media: venus: hfi_parser: add check to avoid out of bound access
Ricardo Ribalda <ribalda(a)chromium.org>
media: nuvoton: Fix reference handling of ece_pdev
Ricardo Ribalda <ribalda(a)chromium.org>
media: nuvoton: Fix reference handling of ece_node
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: ov7251: Set enable GPIO low in probe
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: ccs: Set the device's runtime PM status correctly in probe
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: i2c: ccs: Set the device's runtime PM status correctly in remove
Sakari Ailus <sakari.ailus(a)linux.intel.com>
Revert "media: imx214: Fix the error handling in imx214_probe()"
Karina Yankevich <k.yankevich(a)omp.ru>
media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: imx219: Adjust PLL settings based on the number of MIPI lanes
Dan Carpenter <dan.carpenter(a)linaro.org>
media: xilinx-tpg: fix double put in xtpg_parse_of()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: platform: stm32: Add check for clk_enable()
Nicolas Dufresne <nicolas.dufresne(a)collabora.com>
media: visl: Fix ERANGE error when setting enum controls
Hans de Goede <hdegoede(a)redhat.com>
media: hi556: Fix memory leak (on error) in hi556_check_hwcfg()
Murad Masimov <m.masimov(a)mt-integration.ru>
media: streamzap: prevent processing IR data on URB failure
Hans de Goede <hdegoede(a)redhat.com>
media: ov08x40: Properly turn sensor on/off when runtime-suspended
Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com>
accel/ivpu: Fix PM related deadlocks in MS IOCTLs
Jonathan McDowell <noodles(a)meta.com>
tpm, tpm_tis: Fix timeout handling when waiting for TPM status
Kamal Dasu <kamal.dasu(a)broadcom.com>
mtd: rawnand: brcmnand: fix PM resume warning
Miquel Raynal <miquel.raynal(a)bootlin.com>
spi: cadence-qspi: Fix probe on AM62A LP SK
Oliver Upton <oliver.upton(a)linux.dev>
KVM: arm64: Set HCR_EL2.TID1 unconditionally
Will Deacon <will(a)kernel.org>
KVM: arm64: Tear down vGIC on failed vCPU creation
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
Douglas Anderson <dianders(a)chromium.org>
arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
Douglas Anderson <dianders(a)chromium.org>
arm64: cputype: Add MIDR_CORTEX_A76AE
Akihiko Odaki <akihiko.odaki(a)daynix.com>
KVM: arm64: PMU: Set raw values from user to PM{C,I}NTEN{SET,CLR}, PMOVS{SET,CLR}
Jan Beulich <jbeulich(a)suse.com>
xenfs/xensyms: respect hypervisor's "next" indication
John Keeping <jkeeping(a)inmusicbrands.com>
media: rockchip: rga: fix rga offset lookup
Yuan Can <yuancan(a)huawei.com>
media: siano: Fix error handling in smsdvb_module_init()
Matthew Majewski <mattwmajewski(a)gmail.com>
media: vim2m: print device name after registering device
Vikash Garodia <quic_vgarodia(a)quicinc.com>
media: venus: hfi: add check to handle incorrect queue size
Vikash Garodia <quic_vgarodia(a)quicinc.com>
media: venus: hfi: add a check to handle OOB in sfr region
Bingbu Cao <bingbu.cao(a)intel.com>
media: intel/ipu6: set the dev_parent of video device to pdev
Martin Tůma <martin.tuma(a)digiteqautomotive.com>
media: mgb4: Fix switched CMT frequency range "magic values" sets
Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se>
media: i2c: adv748x: Fix test pattern selection mask
Martin Tůma <martin.tuma(a)digiteqautomotive.com>
media: mgb4: Fix CMT registers update logic
Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se>
media: uapi: rkisp1-config: Fix typo in extensible params example
Arnd Bergmann <arnd(a)arndb.de>
media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization
Alain Volmat <alain.volmat(a)foss.st.com>
dt-bindings: media: st,stmipid02: correct lane-polarities maxItems
Haoxiang Li <haoxiang_li2024(a)163.com>
auxdisplay: hd44780: Fix an API misuse in hd44780.c
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Fix set_device_control()
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Fix 90 degrees direction name North -> East
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Clamp effect playback LOOP_COUNT value
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Rename two functions to align them with naming convention
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Remove redundant call to pidff_find_special_keys
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Support device error response from PID_BLOCK_LOAD
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Comment and code style update
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: hid-universal-pidff: Add Asetek wheelbases support
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Factor out pool report fetch and remove excess declaration
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Use macros instead of hardcoded min/max values for shorts
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Simplify pidff_rescale_signed
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Move all hid-pidff definitions to a dedicated header
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Factor out code for setting gain
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Rescale time values to match field units
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Define values used in pidff_find_special_fields
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Simplify pidff_upload_effect function
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Completely rework and fix pidff_reset function
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Stop all effects before enabling actuators
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Clamp PERIODIC effect period to device's logical range
Niklas Schnelle <schnelle(a)linux.ibm.com>
s390/pci: Fix s390_mmio_read/write syscall page fault handling
Jann Horn <jannh(a)google.com>
ext4: don't treat fhandle lookup of ea_inode as FS corruption
Willem de Bruijn <willemb(a)google.com>
bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
Sheng Yong <shengyong1(a)xiaomi.com>
erofs: set error to bio if file-backed IO fails
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: stm32: Search an appropriate duty_cycle if period cannot be modified
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: fsl-ftm: Handle clk_get_rate() returning 0
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: rcar: Improve register calculation
Josh Poimboeuf <jpoimboe(a)kernel.org>
pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
Jonathan McDowell <noodles(a)meta.com>
tpm: End any active auth session before shutdown
Jonathan McDowell <noodles(a)meta.com>
tpm, tpm_tis: Workaround failed command reception on Infineon devices
Ayush Jain <Ayush.jain3(a)amd.com>
ktest: Fix Test Failures Due to Missing LOG_FILE Directories
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing: probe-events: Add comments about entry data storing code
Leonid Arapov <arapovl839(a)gmail.com>
fbdev: omapfb: Add 'plane' value check
Christian König <christian.koenig(a)amd.com>
drm/amdgpu: grab an additional reference on the gang fence v2
Ryo Takakura <ryotkkr98(a)gmail.com>
PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
Philipp Stanner <phasta(a)kernel.org>
PCI: Check BAR index for validity
Emily Deng <Emily.Deng(a)amd.com>
drm/amdgpu: Fix the race condition for draining retry fault
Bjorn Helgaas <bhelgaas(a)google.com>
PCI: Enable Configuration RRS SV early
Ryan Seto <ryanseto(a)amd.com>
drm/amd/display: Prevent VStartup Overflow
Wentao Liang <vulab(a)iscas.ac.cn>
drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
Shawn Lin <shawn.lin(a)rock-chips.com>
PCI: Add Rockchip Vendor ID
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com>
drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: debugfs hang_hws skip GPU with MES
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
Philip Yang <Philip.Yang(a)amd.com>
drm/amdkfd: Fix mode1 reset crash issue
David Yat Sin <David.YatSin(a)amd.com>
drm/amdkfd: clamp queue size to minimum
Lucas De Marchi <lucas.demarchi(a)intel.com>
drivers: base: devres: Allow to release group on device release
Mike Katsnelson <mike.katsnelson(a)amd.com>
drm/amd/display: stop DML2 from removing pipes based on planes
Michael Strauss <michael.strauss(a)amd.com>
drm/amd/display: Update FIXED_VS Link Rate Toggle Workaround Usage
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
drm/bridge: panel: forbid initializing a panel with unknown connector type
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
drm/debugfs: fix printk format for bridge index
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add new quirk for GPD Win 2
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
Andrew Wyatt <fewtarius(a)steamfork.org>
drm: panel-orientation-quirks: Add support for AYANEO 2S
Philip Yang <Philip.Yang(a)amd.com>
drm/amdgpu: Unlocked unmap only clear page table leaves
Brendan Tam <Brendan.Tam(a)amd.com>
drm/amd/display: add workaround flag to link to force FFE preset
Zhikai Zhai <zhikai.zhai(a)amd.com>
drm/amd/display: Update Cursor request mode to the beginning prefetch always
Michal Wajdeczko <michal.wajdeczko(a)intel.com>
drm/xe/vf: Don't try to trigger a full GT reset if VF
Michal Wajdeczko <michal.wajdeczko(a)intel.com>
drm/xe/pf: Don't send BEGIN_ID if VF has no context/doorbells
Shekhar Chauhan <shekhar.chauhan(a)intel.com>
drm/xe/bmg: Add new PCI IDs
Abhinav Kumar <quic_abhinavk(a)quicinc.com>
drm: allow encoder mode_set even when connectors change for crtc
Pedro Nishiyama <nishiyama.pedro(a)gmail.com>
Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE
Pedro Nishiyama <nishiyama.pedro(a)gmail.com>
Bluetooth: Add quirk for broken READ_VOICE_SETTING
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Bluetooth: qca: simplify WCN399x NVM loading
Janaki Ramaiah Thota <quic_janathot(a)quicinc.com>
Bluetooth: hci_qca: use the power sequencer for wcn6750
Jiande Lu <jiande.lu(a)mediatek.com>
Bluetooth: btusb: Add 2 HWIDs for MT7922
Arseniy Krasnov <avkrasnov(a)salutedevices.com>
Bluetooth: hci_uart: fix race during initialization
Zijun Hu <quic_zijuhu(a)quicinc.com>
Bluetooth: btusb: Add 13 USB device IDs for Qualcomm WCN785x
Kiran K <kiran.k(a)intel.com>
Bluetooth: btintel_pcie: Add device id of Whale Peak
Dorian Cruveiller <doriancruveiller(a)gmail.com>
Bluetooth: btusb: Add new VID/PID for WCN785x
Gabriele Paoloni <gpaoloni(a)redhat.com>
tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER
Stanislav Fomichev <sdf(a)fomichev.me>
net: vlan: don't propagate flags on open
Icenowy Zheng <uwu(a)icenowy.me>
wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
Boris Burkov <boris(a)bur.io>
btrfs: harden block_group::bg_list against list_del() races
Huacai Chen <chenhuacai(a)kernel.org>
ahci: Marvell 88SE9215 controllers prefer DMA for ATAPI
Kai Mäkisara <Kai.Makisara(a)kolumbus.fi>
scsi: st: Fix array overflow in st_setup()
Philipp Hahn <phahn-oss(a)avm.de>
cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk
Bhupesh <bhupesh(a)igalia.com>
ext4: ignore xattrs past end
Chao Yu <chao(a)kernel.org>
Revert "f2fs: rebuild nat_bits during umount"
Ojaswin Mujoo <ojaswin(a)linux.ibm.com>
ext4: protect ext4_release_dquot against freezing
Daniel Kral <d.kral(a)proxmox.com>
ahci: add PCI ID for Marvell 88SE9215 SATA Controller
Martin Schiller <ms(a)dev.tdt.de>
net: sfp: add quirk for FS SFP-10GM-T copper SFP+ module
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
Manish Dharanenthiran <quic_mdharane(a)quicinc.com>
wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
Birger Koblitz <mail(a)birger-koblitz.de>
net: sfp: add quirk for 2.5G OEM BX SFP
Niklas Cassel <cassel(a)kernel.org>
ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
Edward Adam Davis <eadavis(a)qq.com>
jfs: add sanity check for agwidth in dbMount
Edward Adam Davis <eadavis(a)qq.com>
jfs: Prevent copying of nlink with value 0 from disk inode
Rand Deeb <rand.sec96(a)gmail.com>
fs/jfs: Prevent integer overflow in AG size calculation
Rand Deeb <rand.sec96(a)gmail.com>
fs/jfs: cast inactags to s64 to prevent potential overflow
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
jfs: Fix uninit-value access of imap allocated in the diMount() function
Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com>
can: flexcan: add NXP S32G2/S32G3 SoC support
Ciprian Marian Costea <ciprianmarian.costea(a)oss.nxp.com>
can: flexcan: Add quirk to handle separate interrupt lines for mailboxes
Jason Xing <kerneljasonxing(a)gmail.com>
page_pool: avoid infinite loop to schedule delayed worker
Max Schulze <max.schulze(a)online.de>
net: usb: asix_devices: add FiberGecko DeviceID
Chaohai Chen <wdhh66(a)163.com>
scsi: target: spc: Fix RSOC parameter data header size
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: mac80211: ensure sdata->work is canceled before initialized.
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: add strict mode disabling workarounds
Chao Yu <chao(a)kernel.org>
f2fs: don't retry IO for corrupted data scenario
Pavel Begunkov <asml.silence(a)gmail.com>
net: page_pool: don't cast mp param to devmem
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: mpi3mr: Avoid reply queue full condition
Niklas Cassel <cassel(a)kernel.org>
ata: libata-core: Add 'external' to the libata.force kernel parameter
P Praneesh <quic_ppranees(a)quicinc.com>
wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
Miaoqing Pan <quic_miaoqing(a)quicinc.com>
wifi: ath12k: fix memory leak in ath12k_pci_remove()
Miaoqing Pan <quic_miaoqing(a)quicinc.com>
wifi: ath11k: fix memory leak in ath11k_xxx_remove()
P Praneesh <quic_ppranees(a)quicinc.com>
wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues
Hans de Goede <hdegoede(a)redhat.com>
platform/x86: x86-android-tablets: Add select POWER_SUPPLY to Kconfig
Syed Saba kareem <syed.sabakareem(a)amd.com>
ASoC: amd: yc: update quirk data for new Lenovo model
keenplify <keenplify(a)gmail.com>
ASoC: amd: Add DMI quirk for ACP6X mic support
Ricard Wanderlof <ricard2013(a)butoba.net>
ALSA: usb-audio: Fix CME quirk for UF series keyboards
Kaustabh Chakraborty <kauschluss(a)disroot.org>
mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves
Aakarsh Jain <aakarsh.jain(a)samsung.com>
media: s5p-mfc: Corrected NV12M/NV21M plane-sizes
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Add quirk for Actions UVC05
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_audmix: register card device depends on 'dais' property
Maxim Mikityanskiy <maxtram95(a)gmail.com>
ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
Maxim Mikityanskiy <maxtram95(a)gmail.com>
ALSA: hda: intel: Fix Optimus when GPU has no sound
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
ASoC: amd: amd_sdw: Add quirks for Dell SKU's
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
ASoC: amd: ps: use macro for ACP6.3 pci revision id
Tomasz Pakuła <forest10pl(a)gmail.com>
HID: pidff: Fix null pointer dereference in pidff_find_fields
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add PERIODIC_SINE_ONLY quirk
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: Add hid-universal-pidff driver and supported device ids
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add FIX_WHEEL_DIRECTION quirk
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add PERMISSIVE_CONTROL quirk
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add MISSING_PBO quirk and its detection
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Add MISSING_DELAY quirk and its detection
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Do not send effect envelope if it's empty
Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com>
HID: pidff: Convert infinite length from Linux API to PID standard
Zhang Heng <zhangheng(a)kylinos.cn>
ASoC: SOF: topology: Use krealloc_array() to replace krealloc()
Daniel Schaefer <dhs(a)frame.work>
platform/chrome: cros_ec_lpc: Match on Framework ACPI device
Josh Poimboeuf <jpoimboe(a)kernel.org>
tracing: Disable branch profiling in noinstr code
Ingo Molnar <mingo(a)kernel.org>
zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work around compiler segfault
Kees Cook <kees(a)kernel.org>
xen/mcelog: Add __nonstring annotations for unterminated strings
Douglas Anderson <dianders(a)chromium.org>
arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
Paul E. McKenney <paulmck(a)kernel.org>
Flush console log from kernel_power_off()
Lizhi Xu <lizhi.xu(a)windriver.com>
PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Yunhui Cui <cuiyunhui(a)bytedance.com>
perf/dwc_pcie: fix some unreleased resources
Mark Rutland <mark.rutland(a)arm.com>
perf: arm_pmu: Don't disable counter in armpmu_add()
Max Grobecker <max(a)grobecker.info>
x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine
Xin Li (Intel) <xin(a)zytor.com>
x86/ia32: Leave NULL selector values 0~3 unchanged
Uros Bizjak <ubizjak(a)gmail.com>
x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2
Matthew Wilcox (Oracle) <willy(a)infradead.org>
x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW
Dmitry Osipenko <dmitry.osipenko(a)collabora.com>
irqchip/gic-v3: Add Rockchip 3568002 erratum workaround
Zhongqiu Han <quic_zhonhan(a)quicinc.com>
pm: cpupower: bench: Prevent NULL dereference on malloc failure
Paul E. McKenney <paulmck(a)kernel.org>
srcu: Force synchronization for srcu_get_delay()
Trond Myklebust <trond.myklebust(a)hammerspace.com>
umount: Allow superblock owners to force umount
Mateusz Guzik <mjguzik(a)gmail.com>
fs: consistently deref the files table with rcu_dereference_raw()
Frederic Weisbecker <frederic(a)kernel.org>
perf: Fix hang while freeing sigtrap event
Peter Zijlstra <peterz(a)infradead.org>
perf/core: Simplify the perf_event_alloc() error path
Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com>
iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
Marek Szyprowski <m.szyprowski(a)samsung.com>
iommu/exynos: Fix suspend/resume with IDENTITY domain
Ido Schimmel <idosch(a)nvidia.com>
ethtool: cmis_cdb: Fix incorrect read / write length extension
Florian Westphal <fw(a)strlen.de>
nft_set_pipapo: fix incorrect avx2 match of 5th field octet
Arnaud Lecomte <contact(a)arnaud-lcm.com>
net: ppp: Add bound checking for skb data on ppp_sync_txmung
Ido Schimmel <idosch(a)nvidia.com>
ipv6: Align behavior across nexthops during path selection
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
Vladimir Oltean <vladimir.oltean(a)nxp.com>
net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend()
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix UAF in decryption with multichannel
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: move the limit validation
Octavian Purdila <tavip(a)google.com>
net_sched: sch_sfq: use a temporary work area for validating configuration
Daniel Wagner <wagi(a)kernel.org>
nvmet-fcloop: swap list_add_tail arguments
Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
drm/i915/huc: Fix fence not released on early probe errors
Wentao Liang <vulab(a)iscas.ac.cn>
ata: sata_sx4: Add error handling in pdc20621_i2c_read()
Chenyuan Yang <chenyuan0y(a)gmail.com>
net: libwx: handle page_pool_dev_alloc_pages error
Maxime Ripard <mripard(a)kernel.org>
drm/tests: probe-helper: Fix drm_display_mode memory leak
Maxime Ripard <mripard(a)kernel.org>
drm/tests: modes: Fix drm_display_mode memory leak
Maxime Ripard <mripard(a)kernel.org>
drm/tests: cmdline: Fix drm_display_mode memory leak
Maxime Ripard <mripard(a)kernel.org>
drm/tests: helpers: Create kunit helper to destroy a drm_display_mode
Maxime Ripard <mripard(a)kernel.org>
drm/tests: modeset: Fix drm_display_mode memory leak
Maxime Chevallier <maxime.chevallier(a)bootlin.com>
net: ethtool: Don't call .cleanup_data when prepare_data fails
Toke Høiland-Jørgensen <toke(a)redhat.com>
tc: Ensure we have enough buffer space when sending filter netlink notifications
Hariprasad Kelam <hkelam(a)marvell.com>
octeontx2-pf: qos: fix VF root node parent queue index
Jakub Kicinski <kuba(a)kernel.org>
net: tls: explicitly disallow disconnect
Cong Wang <xiyou.wangcong(a)gmail.com>
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Tung Nguyen <tung.quang.nguyen(a)est.tech>
tipc: fix memory leak in tipc_link_xmit
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret()
Henry Martin <bsdhenrymartin(a)gmail.com>
ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
Rodrigo Vivi <rodrigo.vivi(a)intel.com>
drm/xe: Restore EIO errno return when GuC PC start fails
Tejas Upadhyay <tejas.upadhyay(a)intel.com>
drm/xe/hw_engine: define sysfs_ops on all directories
Petr Vaněk <arkamar(a)atlas.cz>
x86/acpi: Don't limit CPUs to 1 for Xen PV guests due to disabled ACPI
Badal Nilawar <badal.nilawar(a)intel.com>
drm/i915: Disable RPG during live selftest
Ming Lei <ming.lei(a)redhat.com>
ublk: fix handling recovery & reissue in ublk_abort_queue()
Edward Liaw <edliaw(a)google.com>
selftests/futex: futex_waitv wouldblock test should fail
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
gpiolib: of: Fix the choice for Ingenic NAND quirk
Waiman Long <longman(a)redhat.com>
cgroup/cpuset: Fix race between newly created partition and dying one
Waiman Long <longman(a)redhat.com>
cgroup/cpuset: Fix error handling in remote_partition_disable()
Waiman Long <longman(a)redhat.com>
cgroup/cpuset: Fix incorrect isolated_cpus update in update_parent_effective_cpumask()
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: Intel: adl: add 2xrt1316 audio configuration
-------------
Diffstat:
Documentation/admin-guide/kernel-parameters.txt | 2 +
Documentation/arch/arm64/silicon-errata.rst | 2 +
.../bindings/arm/qcom,coresight-tpda.yaml | 3 +-
.../bindings/arm/qcom,coresight-tpdm.yaml | 3 +-
.../bindings/media/i2c/st,st-mipid02.yaml | 2 +-
Makefile | 7 +-
arch/arm64/Kconfig | 9 +
arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 +
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +-
arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +-
.../boot/dts/nvidia/tegra234-p3768-0000+p3767.dtsi | 7 -
.../boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 6 +-
arch/arm64/include/asm/cputype.h | 4 +
arch/arm64/include/asm/kvm_arm.h | 4 +-
arch/arm64/include/asm/spectre.h | 1 -
arch/arm64/include/asm/traps.h | 4 +-
arch/arm64/kernel/proton-pack.c | 208 ++++----
arch/arm64/kvm/arm.c | 6 +-
arch/arm64/kvm/sys_regs.c | 204 ++++----
arch/arm64/mm/mmu.c | 3 +-
arch/powerpc/kvm/powerpc.c | 5 +-
arch/s390/Makefile | 2 +-
arch/s390/kernel/perf_cpum_cf.c | 9 +-
arch/s390/kernel/perf_cpum_sf.c | 3 -
arch/s390/pci/pci_bus.c | 3 +
arch/s390/pci/pci_mmio.c | 18 +-
arch/sparc/include/asm/pgtable_64.h | 2 -
arch/sparc/mm/tlb.c | 5 +-
arch/x86/Kbuild | 4 +
arch/x86/Kconfig | 20 +-
arch/x86/include/asm/irqflags.h | 40 +-
arch/x86/include/asm/paravirt.h | 20 +-
arch/x86/include/asm/paravirt_types.h | 3 +-
arch/x86/kernel/acpi/boot.c | 11 +
arch/x86/kernel/cpu/amd.c | 2 +-
arch/x86/kernel/e820.c | 17 +-
arch/x86/kernel/head64.c | 2 -
arch/x86/kernel/paravirt.c | 14 +-
arch/x86/kernel/signal_32.c | 62 ++-
arch/x86/kvm/cpuid.c | 8 +-
arch/x86/kvm/x86.c | 4 +
arch/x86/mm/kasan_init_64.c | 1 -
arch/x86/mm/mem_encrypt_amd.c | 2 -
arch/x86/mm/mem_encrypt_identity.c | 2 -
arch/x86/mm/pat/set_memory.c | 6 +-
arch/x86/xen/enlighten.c | 10 +
arch/x86/xen/setup.c | 3 -
block/blk-mq.c | 1 +
drivers/accel/ivpu/ivpu_debugfs.c | 4 +-
drivers/accel/ivpu/ivpu_ipc.c | 3 +-
drivers/accel/ivpu/ivpu_ms.c | 24 +
drivers/acpi/Makefile | 4 +
drivers/acpi/platform_profile.c | 20 +-
drivers/ata/ahci.c | 11 +
drivers/ata/ahci.h | 1 +
drivers/ata/libahci.c | 4 +
drivers/ata/libata-core.c | 38 ++
drivers/ata/libata-eh.c | 11 +-
drivers/ata/pata_pxa.c | 6 +
drivers/ata/sata_sx4.c | 13 +-
drivers/auxdisplay/hd44780.c | 4 +-
drivers/base/devres.c | 7 +
drivers/block/ublk_drv.c | 30 +-
drivers/bluetooth/btintel_pcie.c | 1 +
drivers/bluetooth/btqca.c | 13 +-
drivers/bluetooth/btusb.c | 32 ++
drivers/bluetooth/hci_ldisc.c | 19 +-
drivers/bluetooth/hci_qca.c | 2 +-
drivers/bluetooth/hci_uart.h | 1 +
drivers/bus/mhi/host/main.c | 16 +-
drivers/char/tpm/tpm-chip.c | 6 +
drivers/char/tpm/tpm-interface.c | 7 -
drivers/char/tpm/tpm_tis_core.c | 20 +-
drivers/char/tpm/tpm_tis_core.h | 1 +
drivers/clk/qcom/clk-branch.c | 4 +-
drivers/clk/qcom/gdsc.c | 61 ++-
drivers/clk/renesas/r9a07g043-cpg.c | 7 +
drivers/clocksource/timer-stm32-lp.c | 4 +-
drivers/cpuidle/Makefile | 3 +
drivers/crypto/ccp/sp-pci.c | 15 +-
drivers/gpio/gpio-tegra186.c | 25 +-
drivers/gpio/gpio-zynq.c | 1 +
drivers/gpio/gpiolib-of.c | 2 +
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 10 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 4 -
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 4 -
drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 43 +-
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 +
drivers/gpu/drm/amd/amdkfd/kfd_device.c | 5 +
drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 +
.../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +-
drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 31 +-
drivers/gpu/drm/amd/display/dc/dc.h | 2 +
drivers/gpu/drm/amd/display/dc/dc_dp_types.h | 8 +
.../dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 2 +
.../amd/display/dc/dml2/dml2_dc_resource_mgmt.c | 26 -
.../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 2 +-
.../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 22 +-
.../display/dc/link/protocols/link_dp_capability.c | 12 +-
.../display/dc/link/protocols/link_dp_training.c | 2 +
.../link_dp_training_fixed_vs_pe_retimer.c | 3 +-
drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 5 +
drivers/gpu/drm/drm_atomic_helper.c | 2 +-
drivers/gpu/drm/drm_debugfs.c | 2 +-
drivers/gpu/drm/drm_panel.c | 5 +-
drivers/gpu/drm/drm_panel_orientation_quirks.c | 46 +-
drivers/gpu/drm/i915/gt/intel_rc6.c | 19 +-
drivers/gpu/drm/i915/gt/uc/intel_huc.c | 11 +-
drivers/gpu/drm/i915/gt/uc/intel_huc.h | 1 +
drivers/gpu/drm/i915/gt/uc/intel_uc.c | 1 +
drivers/gpu/drm/i915/selftests/i915_selftest.c | 18 +
drivers/gpu/drm/mediatek/mtk_dpi.c | 23 +-
drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 +
drivers/gpu/drm/tests/drm_cmdline_parser_test.c | 10 +-
drivers/gpu/drm/tests/drm_kunit_helpers.c | 22 +
drivers/gpu/drm/tests/drm_modes_test.c | 22 +
drivers/gpu/drm/tests/drm_probe_helper_test.c | 8 +-
drivers/gpu/drm/xe/xe_gt.c | 4 +
drivers/gpu/drm/xe/xe_gt_sriov_pf_config.c | 4 +-
drivers/gpu/drm/xe/xe_gt_sriov_vf.c | 16 +
drivers/gpu/drm/xe/xe_gt_sriov_vf.h | 1 +
drivers/gpu/drm/xe/xe_guc_pc.c | 1 +
drivers/gpu/drm/xe/xe_hw_engine_class_sysfs.c | 108 ++--
drivers/gpu/drm/xe/xe_tuning.c | 8 -
drivers/gpu/drm/xe/xe_wa.c | 7 +
drivers/hid/Kconfig | 14 +
drivers/hid/Makefile | 1 +
drivers/hid/hid-ids.h | 37 ++
drivers/hid/hid-universal-pidff.c | 202 ++++++++
drivers/hid/usbhid/hid-core.c | 1 +
drivers/hid/usbhid/hid-pidff.c | 571 ++++++++++++++-------
drivers/hid/usbhid/hid-pidff.h | 33 ++
drivers/i3c/master.c | 3 +
drivers/i3c/master/svc-i3c-master.c | 2 +-
drivers/idle/Makefile | 5 +-
drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 32 +-
drivers/iommu/exynos-iommu.c | 4 +-
drivers/iommu/intel/iommu.c | 2 +
drivers/iommu/intel/irq_remapping.c | 71 +--
drivers/iommu/iommufd/device.c | 123 ++++-
drivers/iommu/iommufd/fault.c | 8 +-
drivers/iommu/iommufd/iommufd_private.h | 33 +-
drivers/iommu/mtk_iommu.c | 26 +-
drivers/irqchip/irq-gic-v3-its.c | 23 +-
drivers/irqchip/irq-renesas-rzv2h.c | 2 +-
drivers/leds/rgb/leds-qcom-lpg.c | 8 +-
drivers/mailbox/tegra-hsp.c | 72 ++-
drivers/md/dm-ebs-target.c | 7 +
drivers/md/dm-integrity.c | 48 +-
drivers/md/dm-verity-target.c | 8 +
drivers/media/common/siano/smsdvb-main.c | 2 +
drivers/media/i2c/adv748x/adv748x.h | 2 +-
drivers/media/i2c/ccs/ccs-core.c | 6 +-
drivers/media/i2c/hi556.c | 5 +-
drivers/media/i2c/imx214.c | 25 +-
drivers/media/i2c/imx219.c | 106 ++--
drivers/media/i2c/imx319.c | 9 +-
drivers/media/i2c/ov08x40.c | 8 +-
drivers/media/i2c/ov7251.c | 4 +-
drivers/media/pci/intel/ipu6/ipu6-isys-video.c | 1 +
drivers/media/pci/mgb4/mgb4_cmt.c | 8 +-
.../media/platform/chips-media/wave5/wave5-hw.c | 2 +-
.../platform/chips-media/wave5/wave5-vpu-dec.c | 31 +-
.../media/platform/chips-media/wave5/wave5-vpu.c | 4 +-
.../platform/chips-media/wave5/wave5-vpuapi.c | 10 +
.../mediatek/vcodec/common/mtk_vcodec_fw_scp.c | 5 +-
.../mediatek/vcodec/encoder/venc/venc_h264_if.c | 6 +-
drivers/media/platform/nuvoton/npcm-video.c | 6 +-
drivers/media/platform/qcom/venus/hfi_parser.c | 100 +++-
drivers/media/platform/qcom/venus/hfi_venus.c | 18 +-
drivers/media/platform/rockchip/rga/rga-hw.c | 2 +-
.../platform/samsung/s5p-mfc/s5p_mfc_opr_v6.c | 5 +-
drivers/media/platform/st/stm32/dma2d/dma2d.c | 3 +-
drivers/media/platform/xilinx/xilinx-tpg.c | 2 -
drivers/media/rc/streamzap.c | 68 +--
drivers/media/test-drivers/vim2m.c | 6 +-
drivers/media/test-drivers/visl/visl-core.c | 12 +
drivers/media/usb/uvc/uvc_driver.c | 9 +
drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +-
drivers/mfd/ene-kb3930.c | 2 +-
drivers/misc/pci_endpoint_test.c | 3 +-
drivers/mmc/host/dw_mmc.c | 94 +++-
drivers/mmc/host/dw_mmc.h | 27 +
drivers/mtd/inftlcore.c | 9 +-
drivers/mtd/mtdpstore.c | 12 +-
drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +-
drivers/mtd/nand/raw/r852.c | 3 +
drivers/net/can/flexcan/flexcan-core.c | 35 +-
drivers/net/can/flexcan/flexcan.h | 5 +
drivers/net/dsa/mv88e6xxx/chip.c | 23 +-
drivers/net/ethernet/google/gve/gve_ethtool.c | 4 +-
drivers/net/ethernet/google/gve/gve_rx_dqo.c | 3 +-
drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 5 +
drivers/net/ethernet/microsoft/mana/mana_en.c | 46 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 11 +-
drivers/net/ethernet/wangxun/libwx/wx_lib.c | 3 +-
drivers/net/phy/phy_device.c | 57 +-
drivers/net/phy/sfp.c | 13 +-
drivers/net/ppp/ppp_synctty.c | 5 +
drivers/net/usb/asix_devices.c | 17 +
drivers/net/usb/cdc_ether.c | 7 +
drivers/net/usb/r8152.c | 6 +
drivers/net/usb/r8153_ecm.c | 6 +
drivers/net/wireless/ath/ath11k/ahb.c | 4 +-
drivers/net/wireless/ath/ath11k/core.c | 3 +-
drivers/net/wireless/ath/ath11k/dp.c | 35 +-
drivers/net/wireless/ath/ath11k/fw.c | 3 +-
drivers/net/wireless/ath/ath11k/pci.c | 3 +-
drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +-
drivers/net/wireless/ath/ath12k/dp_rx.c | 42 +-
drivers/net/wireless/ath/ath12k/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/eeprom.c | 4 +
drivers/net/wireless/mediatek/mt76/mt76.h | 1 +
.../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7925/main.c | 16 +-
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 5 +-
drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 4 +-
drivers/ntb/ntb_transport.c | 2 +-
drivers/nvme/target/fcloop.c | 2 +-
drivers/of/irq.c | 78 +--
drivers/pci/controller/cadence/pci-j721e.c | 5 +-
drivers/pci/controller/pcie-brcmstb.c | 13 +-
drivers/pci/controller/pcie-rockchip-host.c | 2 +-
drivers/pci/controller/pcie-rockchip.h | 1 -
drivers/pci/controller/vmd.c | 12 +-
drivers/pci/devres.c | 18 +-
drivers/pci/hotplug/pciehp_core.c | 5 +-
drivers/pci/iomap.c | 29 +-
drivers/pci/pci.c | 6 +
drivers/pci/pci.h | 16 +
drivers/pci/probe.c | 22 +-
drivers/perf/arm_pmu.c | 8 +-
drivers/perf/dwc_pcie_pmu.c | 33 +-
drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 11 +
drivers/pinctrl/qcom/pinctrl-msm.c | 12 +-
drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 98 ++--
drivers/pinctrl/samsung/pinctrl-exynos.h | 22 +
drivers/pinctrl/samsung/pinctrl-samsung.c | 1 +
drivers/pinctrl/samsung/pinctrl-samsung.h | 4 +
drivers/platform/chrome/cros_ec_lpc.c | 22 +-
drivers/platform/x86/x86-android-tablets/Kconfig | 1 +
drivers/pwm/pwm-fsl-ftm.c | 6 +
drivers/pwm/pwm-mediatek.c | 8 +-
drivers/pwm/pwm-rcar.c | 24 +-
drivers/pwm/pwm-stm32.c | 12 +-
drivers/s390/virtio/virtio_ccw.c | 16 +-
drivers/scsi/lpfc/lpfc_sli.c | 2 +
drivers/scsi/mpi3mr/mpi3mr.h | 14 +-
drivers/scsi/mpi3mr/mpi3mr_app.c | 24 +
drivers/scsi/mpi3mr/mpi3mr_fw.c | 99 +++-
drivers/scsi/st.c | 2 +-
drivers/soc/samsung/exynos-chipid.c | 2 +
drivers/spi/spi-cadence-quadspi.c | 6 +
drivers/spi/spi-fsl-qspi.c | 36 +-
drivers/target/target_core_spc.c | 2 +-
drivers/thermal/mediatek/lvts_thermal.c | 52 +-
drivers/thermal/rockchip_thermal.c | 1 +
drivers/ufs/host/ufs-qcom.c | 2 +-
drivers/vdpa/mlx5/core/mr.c | 7 +-
drivers/video/backlight/led_bl.c | 5 +-
drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +-
drivers/xen/balloon.c | 34 +-
drivers/xen/xenfs/xensyms.c | 4 +-
fs/btrfs/disk-io.c | 12 +
fs/btrfs/extent-tree.c | 8 +
fs/btrfs/tests/extent-map-tests.c | 1 +
fs/btrfs/transaction.c | 12 +
fs/btrfs/zoned.c | 6 +
fs/dlm/lock.c | 2 +
fs/erofs/fileio.c | 2 +
fs/ext4/inode.c | 68 ++-
fs/ext4/namei.c | 2 +-
fs/ext4/super.c | 17 +
fs/ext4/xattr.c | 11 +-
fs/f2fs/checkpoint.c | 21 +-
fs/f2fs/f2fs.h | 32 +-
fs/f2fs/inode.c | 8 +-
fs/f2fs/node.c | 110 ++--
fs/f2fs/super.c | 8 +-
fs/file.c | 26 +-
fs/jbd2/journal.c | 1 -
fs/jfs/jfs_dmap.c | 10 +-
fs/jfs/jfs_imap.c | 4 +-
fs/namespace.c | 3 +-
fs/nfsd/nfs4callback.c | 2 +-
fs/nfsd/nfsctl.c | 9 +-
fs/nfsd/stats.c | 4 +-
fs/nfsd/stats.h | 2 +-
fs/smb/client/cifsencrypt.c | 16 +-
fs/smb/client/connect.c | 3 +
fs/smb/client/fs_context.c | 5 +
fs/smb/client/inode.c | 10 +
fs/smb/client/reparse.c | 4 -
fs/smb/client/sess.c | 7 +
fs/smb/client/smb2misc.c | 9 +-
fs/smb/client/smb2ops.c | 6 +-
fs/smb/client/smb2pdu.c | 11 +-
fs/udf/inode.c | 1 +
fs/userfaultfd.c | 51 +-
include/drm/drm_kunit_helpers.h | 3 +
include/drm/intel/pciids.h | 5 +-
include/linux/cgroup-defs.h | 1 +
include/linux/cgroup.h | 2 +-
include/linux/hid.h | 6 -
include/linux/io_uring_types.h | 3 +
include/linux/kvm_host.h | 2 +-
include/linux/page-flags.h | 6 +
include/linux/pci_ids.h | 2 +
include/linux/perf_event.h | 17 +-
include/linux/pgtable.h | 14 +-
include/linux/printk.h | 6 +
include/linux/tpm.h | 1 +
include/net/bluetooth/hci.h | 16 +
include/net/bluetooth/hci_core.h | 4 +
include/net/mac80211.h | 6 +
include/net/sctp/structs.h | 3 +-
include/net/sock.h | 40 +-
include/uapi/linux/kfd_ioctl.h | 2 +
include/uapi/linux/landlock.h | 2 +
include/uapi/linux/psp-sev.h | 21 +-
include/uapi/linux/rkisp1-config.h | 2 +-
include/xen/interface/xen-mca.h | 2 +-
io_uring/io_uring.c | 4 +-
io_uring/kbuf.c | 2 +
io_uring/net.c | 3 +
kernel/Makefile | 5 +
kernel/cgroup/cgroup.c | 6 +
kernel/cgroup/cpuset.c | 55 +-
kernel/entry/Makefile | 3 +
kernel/events/core.c | 184 +++----
kernel/locking/lockdep.c | 3 +
kernel/power/hibernate.c | 6 +-
kernel/printk/printk.c | 4 +-
kernel/rcu/srcutree.c | 11 +-
kernel/reboot.c | 1 +
kernel/sched/Makefile | 5 +
kernel/sched/ext.c | 4 +-
kernel/time/Makefile | 6 +
kernel/trace/ftrace.c | 9 +-
kernel/trace/ring_buffer.c | 5 +-
kernel/trace/trace_events.c | 4 +-
kernel/trace/trace_events_synth.c | 1 -
kernel/trace/trace_fprobe.c | 26 +-
kernel/trace/trace_probe.c | 28 +
lib/Makefile | 5 +
lib/sg_split.c | 2 -
lib/zstd/common/portability_macros.h | 2 +-
mm/damon/ops-common.c | 2 +-
mm/damon/paddr.c | 24 +-
mm/hugetlb.c | 2 +-
mm/memory-failure.c | 11 +-
mm/memory_hotplug.c | 3 +-
mm/mremap.c | 10 +-
mm/page_vma_mapped.c | 13 +-
mm/rmap.c | 2 +-
mm/shmem.c | 3 +-
mm/vmscan.c | 2 +-
net/8021q/vlan_dev.c | 31 +-
net/bluetooth/hci_sync.c | 6 +-
net/core/filter.c | 80 +--
net/core/page_pool.c | 8 +-
net/core/page_pool_user.c | 2 +-
net/core/sock.c | 5 +
net/ethtool/cmis.h | 1 -
net/ethtool/cmis_cdb.c | 18 +-
net/ethtool/netlink.c | 8 +-
net/ipv6/route.c | 8 +-
net/mac80211/debugfs.c | 44 +-
net/mac80211/iface.c | 5 +-
net/mac80211/mesh_hwmp.c | 14 +-
net/mac80211/mlme.c | 45 +-
net/mptcp/sockopt.c | 28 +
net/mptcp/subflow.c | 19 +-
net/netfilter/nft_set_pipapo_avx2.c | 3 +-
net/sched/cls_api.c | 66 ++-
net/sched/sch_codel.c | 5 +-
net/sched/sch_fq_codel.c | 6 +-
net/sched/sch_sfq.c | 66 ++-
net/sctp/socket.c | 22 +-
net/sctp/transport.c | 2 +
net/sunrpc/xprtrdma/svc_rdma_transport.c | 3 +-
net/tipc/link.c | 1 +
net/tls/tls_main.c | 6 +
scripts/generate_builtin_ranges.awk | 5 +
security/integrity/ima/ima.h | 3 +-
security/integrity/ima/ima_main.c | 18 +-
security/landlock/errata.h | 99 ++++
security/landlock/errata/abi-4.h | 15 +
security/landlock/errata/abi-6.h | 19 +
security/landlock/fs.c | 39 +-
security/landlock/setup.c | 38 +-
security/landlock/setup.h | 3 +
security/landlock/syscalls.c | 22 +-
security/landlock/task.c | 12 +
sound/pci/hda/hda_intel.c | 44 +-
sound/pci/hda/patch_realtek.c | 22 +
sound/soc/amd/acp/acp-sdw-legacy-mach.c | 34 ++
sound/soc/amd/acp/soc_amd_sdw_common.h | 1 +
sound/soc/amd/ps/acp63.h | 1 +
sound/soc/amd/ps/pci-ps.c | 2 +-
sound/soc/amd/yc/acp6x-mach.c | 14 +
sound/soc/codecs/wcd937x.c | 2 +
sound/soc/fsl/fsl_audmix.c | 16 +-
sound/soc/intel/common/soc-acpi-intel-adl-match.c | 29 ++
sound/soc/qcom/qdsp6/q6apm-dai.c | 60 ++-
sound/soc/qcom/qdsp6/q6apm.c | 18 +-
sound/soc/qcom/qdsp6/q6apm.h | 3 +
sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +-
sound/soc/sof/topology.c | 4 +-
sound/usb/midi.c | 80 ++-
tools/objtool/check.c | 5 +
tools/power/cpupower/bench/parse.c | 4 +
tools/testing/ktest/ktest.pl | 8 +
.../futex/functional/futex_wait_wouldblock.c | 2 +-
tools/testing/selftests/landlock/base_test.c | 46 +-
tools/testing/selftests/landlock/common.h | 1 +
.../selftests/landlock/scoped_signal_test.c | 108 +++-
tools/testing/selftests/net/mptcp/mptcp_connect.c | 11 +-
virt/kvm/Kconfig | 2 +-
virt/kvm/eventfd.c | 10 +-
421 files changed, 5137 insertions(+), 2163 deletions(-)
5 months
- 5
- 419
[PATCH] HID: amd_sfh: Fix SRA sensor when it's the only sensor
by Mario Limonciello
From: Mario Limonciello <mario.limonciello(a)amd.com>
On systems that only have an SRA sensor connected to SFH the sensor
doesn't get enabled due to a bad optimization condition of breaking
the sensor walk loop.
This optimization is unnecessary in the first place because if there
is only one device then the loop only runs once. Drop the condition
and explicitly mark sensor as enabled.
Reported-by: Yijun Shen <Yijun.Shen(a)dell.com>
Fixes: d1c444b47100d ("HID: amd_sfh: Add support to export device operating states")
Cc: stable(a)vger.kernel.org
Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com>
---
drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c
index 25f0ebfcbd5f5..c1bdf1e0d44af 100644
--- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c
+++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c
@@ -134,9 +134,6 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata)
for (i = 0; i < cl_data->num_hid_devices; i++) {
cl_data->sensor_sts[i] = SENSOR_DISABLED;
- if (cl_data->num_hid_devices == 1 && cl_data->sensor_idx[0] == SRA_IDX)
- break;
-
if (cl_data->sensor_idx[i] == SRA_IDX) {
info.sensor_idx = cl_data->sensor_idx[i];
writel(0, privdata->mmio + amd_get_p2c_val(privdata, 0));
@@ -145,8 +142,10 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata)
(privdata, cl_data->sensor_idx[i], ENABLE_SENSOR);
cl_data->sensor_sts[i] = (status == 0) ? SENSOR_ENABLED : SENSOR_DISABLED;
- if (cl_data->sensor_sts[i] == SENSOR_ENABLED)
+ if (cl_data->sensor_sts[i] == SENSOR_ENABLED) {
+ cl_data->is_any_sensor_enabled = true;
privdata->dev_en.is_sra_present = true;
+ }
continue;
}
--
2.43.0
5 months
- 4
- 3
[PATCH v2 RESEND] HID: wacom: fix shift OOB in kfifo allocation for zero pktlen
by Qasim Ijaz
During wacom_parse_and_register() the code calls wacom_devm_kfifo_alloc
to allocate a fifo. During this operation it passes kfifo_alloc a
fifo_size of 0. Kfifo attempts to round the size passed to it to the
next power of 2 via roundup_pow_of_two (queue-type data structures
do this to maintain efficiency of operations).
However during this phase a problem arises when the roundup_pow_of_two()
function utilises a shift exponent of fls_long(n-1), where n is the
fifo_size. Since n is 0 in this case and n is also an unsigned long,
doing n-1 causes unsigned integer wrap-around to occur making the
fifo_size 4294967295. So the code effectively does fls_long(4294967295)
which results in 64. Returning back to roundup_pow_of_two(), the code
utilises a shift exponent of 64. When a shift exponent of 64 is used
on a 64-bit type such as 1UL it results in a shift-out-of-bounds.
The root cause of the issue seems to stem from insufficient validation
of wacom_compute_pktlen(), since in this case the fifo_size comes
from wacom_wac->features.pktlen. During wacom_parse_and_register()
the wacom_compute_pktlen() function sets the pktlen as 0.
To fix this, we should handle cases where wacom_compute_pktlen()
results in 0.
Reported-by: syzbot <syzbot+d5204cbbdd921f1f7cad(a)syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=d5204cbbdd921f1f7cad
Fixes: 5e013ad20689 ("HID: wacom: Remove static WACOM_PKGLEN_MAX limit")
Tested-by: Qasim Ijaz <qasdev00(a)gmail.com>
Reviewed-by: Jason Gerecke <jason.gerecke(a)wacom.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com>
---
v2:
- Added Fixes tag as suggested by Jason Gerecke
drivers/hid/wacom_sys.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
index 97393a3083ca..9b2f3dbca467 100644
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -2361,6 +2361,8 @@ static int wacom_parse_and_register(struct wacom *wacom, bool wireless)
unsigned int connect_mask = HID_CONNECT_HIDRAW;
features->pktlen = wacom_compute_pktlen(hdev);
+ if (!features->pktlen)
+ return -ENODEV;
if (!devres_open_group(&hdev->dev, wacom, GFP_KERNEL))
return -ENOMEM;
--
2.39.5
5 months
- 2
- 1
Potential Linux Crash: WARNING in release_bp_slot in linux6.12.24(longterm maintenance)
by ffhgfv
Hello, I found a potential bug titled " WARNING in release_bp_slot " with modified syzkaller in the Linux6.12.24(longterm maintenance, last updated on April 20, 2025).
If you fix this issue, please add the following tag to the commit: Reported-by: Jianzhou Zhao <xnxc22xnxc22(a)qq.com>, xingwei lee <xrivendell7(a)gmail.com>,Penglei Jiang <superman.xpt(a)gmail.com>
The commit of the kernel is : b6efa8ce222e58cfe2bbaa4e3329818c2b4bd74e
kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=55f8591b98dd132
compiler: gcc version 11.4.0
The reproduction program written in C language is at the end.
------------[ cut here ]-----------------------------------------
TITLE: WARNING in release_bp_slot
------------[ cut here ]------------
loop2: detected capacity change from 0 to 64
------------[ cut here ]------------
WARNING: CPU: 1 PID: 38650 at kernel/events/hw_breakpoint.c:614 __release_bp_slot kernel/events/hw_breakpoint.c:614 [inline]
WARNING: CPU: 1 PID: 38650 at kernel/events/hw_breakpoint.c:614 __release_bp_slot kernel/events/hw_breakpoint.c:607 [inline]
WARNING: CPU: 1 PID: 38650 at kernel/events/hw_breakpoint.c:614 release_bp_slot+0x6b/0x90 kernel/events/hw_breakpoint.c:621
Modules linked in:
CPU: 1 UID: 0 PID: 38650 Comm: syz.2.3497 Not tainted 6.12.24 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:__release_bp_slot kernel/events/hw_breakpoint.c:614 [inline]
RIP: 0010:__release_bp_slot kernel/events/hw_breakpoint.c:607 [inline]
RIP: 0010:release_bp_slot+0x6b/0x90 kernel/events/hw_breakpoint.c:621
Code: e8 8a c1 ff ff 31 ff 89 c5 89 c6 e8 7f 95 ce ff 85 ed 75 10 e8 86 9a ce ff 4c 89 e7 5d 41 5c e9 7b b7 ff ff e8 76 9a ce ff 90 <0f> 0b 90 e8 6d 9a ce ff 4c 89 e7 5d 41 5c e9 62 b7 ff ff e8 3d c3
RSP: 0018:ffffc90006effc58 EFLAGS: 00010206
RAX: 0000000000000300 RBX: ffff888027788620 RCX: ffffc90010ce2000
RDX: 0000000000080000 RSI: ffffffff81bd948a RDI: 0000000000000005
RBP: 00000000fffffffe R08: 0000000000000001 R09: ffff88804cc82fd8
R10: 00000000fffffffe R11: 0000000000000000 R12: ffff88804cc83928
R13: ffff8880277886b8 R14: ffff888027788b98 R15: 00000000ffffffa1
FS: 00007ff310df6640(0000) GS:ffff88807ee00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2000b85150 CR3: 000000007ce38000 CR4: 0000000000752ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 80000000
Call Trace:
<task>
__free_event+0x1d9/0x870 kernel/events/core.c:5330
perf_event_alloc.part.0+0x1225/0x3620 kernel/events/core.c:12437
perf_event_alloc kernel/events/core.c:12749 [inline]
__do_sys_perf_event_open+0x4c9/0x2c40 kernel/events/core.c:12847
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff312fad5ad
Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff310df5f98 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007ff3131e5fa0 RCX: 00007ff312fad5ad
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000004c0
RBP: 00007ff313046d56 R08: 000000000000000a R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff3131e5fa0 R15: 00007ff310dd6000
</task>
==================================================================
The following is the poc:
--------------------------------------------------------------------------------------
#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys syscall.h="">
#include <sys types.h="">
#include <unistd.h>
#define BITMASK(bf_off, bf_len) (((1ull << (bf_len)) - 1) << (bf_off))
#define STORE_BY_BITMASK(type, htobe, addr, val, bf_off, bf_len) \
*(type*)(addr) = \
htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | \
(((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len))))
int main(void)
{
syscall(__NR_mmap, /*addr=*/0x1ffffffff000ul, /*len=*/0x1000ul, /*prot=*/0ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
/*fd=*/(intptr_t)-1, /*offset=*/0ul);
syscall(__NR_mmap, /*addr=*/0x200000000000ul, /*len=*/0x1000000ul,
/*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/ 7ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
/*fd=*/(intptr_t)-1, /*offset=*/0ul);
syscall(__NR_mmap, /*addr=*/0x200001000000ul, /*len=*/0x1000ul, /*prot=*/0ul,
/*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/ 0x32ul,
/*fd=*/(intptr_t)-1, /*offset=*/0ul);
const char* reason;
(void)reason;
if (write(1, "executing program\n", sizeof("executing program\n") - 1)) {
}
*(uint32_t*)0x2000000004c0 = 5;
*(uint32_t*)0x2000000004c4 = 0x80;
*(uint8_t*)0x2000000004c8 = 8;
*(uint8_t*)0x2000000004c9 = 0xaf;
*(uint8_t*)0x2000000004ca = 0;
*(uint8_t*)0x2000000004cb = 8;
*(uint32_t*)0x2000000004cc = 0;
*(uint64_t*)0x2000000004d0 = 4;
*(uint64_t*)0x2000000004d8 = 0x402;
*(uint64_t*)0x2000000004e0 = 0xc;
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 0, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 1, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 2, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 3, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 4, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 5, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 6, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 7, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 8, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 9, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 10, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 11, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 12, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 13, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 14, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 15, 2);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 17, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 18, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 19, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 20, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 21, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 22, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 23, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 24, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 25, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 26, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 27, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 28, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 29, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 30, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 31, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 32, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 33, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 34, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 35, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 1, 36, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 37, 1);
STORE_BY_BITMASK(uint64_t, , 0x2000000004e8, 0, 38, 26);
*(uint32_t*)0x2000000004f0 = 2;
*(uint32_t*)0x2000000004f4 = 2;
*(uint64_t*)0x2000000004f8 = 0x8000;
*(uint64_t*)0x200000000500 = 2;
*(uint64_t*)0x200000000508 = 0x100001;
*(uint64_t*)0x200000000510 = 0x839;
*(uint32_t*)0x200000000518 = 8;
*(uint32_t*)0x20000000051c = 7;
*(uint64_t*)0x200000000520 = 0x8000000000000000;
*(uint32_t*)0x200000000528 = 0x5e4;
*(uint16_t*)0x20000000052c = 0xfefd;
*(uint16_t*)0x20000000052e = 0;
*(uint32_t*)0x200000000530 = 0x10000004;
*(uint32_t*)0x200000000534 = 0;
*(uint64_t*)0x200000000538 = 0x40000000000002;
syscall(__NR_perf_event_open, /*attr=*/0x2000000004c0ul, /*pid=*/0,
/*cpu=*/0ul, /*group=*/(intptr_t)-1,
/*flags=PERF_FLAG_FD_CLOEXEC|PERF_FLAG_FD_OUTPUT*/ 0xaul);
return 0;
}
I hope it helps.
Best regards
Jianzhou Zhao</unistd.h></sys></sys></string.h></stdlib.h></stdio.h></stdint.h></endian.h></superman.xpt(a)gmail.com></xrivendell7(a)gmail.com></xnxc22xnxc22(a)qq.com>
5 months
- 2
- 1
[PATCH v1] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
by Terry Junge
Update struct hid_descriptor to better reflect the mandatory and
optional parts of the HID Descriptor as per USB HID 1.11 specification.
Note: the kernel currently does not parse any optional HID class
descriptors, only the mandatory report descriptor.
Update all references to member element desc[0] to rpt_desc.
Add test to verify bLength and bNumDescriptors values are valid.
Replace the for loop with direct access to the mandatory HID class
descriptor member for the report descriptor. This eliminates the
possibility of getting an out-of-bounds fault.
Add a warning message if the HID descriptor contains any unsupported
optional HID class descriptors.
Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495
Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug")
Cc: stable(a)vger.kernel.org
Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com>
---
v1: Remove unnecessary for loop searching for the report descriptor size.
base-commit: 58c9bf3363e596d744f56616d407278ef5f97f5a
P.S. This is an alternative to the solution proposed by Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
Link: https://lore.kernel.org/all/20250131151600.410242-1-n.zhandarovich@fintech.…
include/linux/hid.h | 3 ++-
drivers/usb/gadget/function/f_hid.c | 12 ++++++------
drivers/hid/hid-hyperv.c | 4 ++--
drivers/hid/usbhid/hid-core.c | 25 ++++++++++++++-----------
4 files changed, 24 insertions(+), 20 deletions(-)
diff --git a/include/linux/hid.h b/include/linux/hid.h
index cdc0dc13c87f..7abc8c74bdd5 100644
--- a/include/linux/hid.h
+++ b/include/linux/hid.h
@@ -738,8 +738,9 @@ struct hid_descriptor {
__le16 bcdHID;
__u8 bCountryCode;
__u8 bNumDescriptors;
+ struct hid_class_descriptor rpt_desc;
- struct hid_class_descriptor desc[1];
+ struct hid_class_descriptor opt_descs[];
} __attribute__ ((packed));
#define HID_DEVICE(b, g, ven, prod) \
diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c
index 740311c4fa24..c7a05f842745 100644
--- a/drivers/usb/gadget/function/f_hid.c
+++ b/drivers/usb/gadget/function/f_hid.c
@@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = {
.bcdHID = cpu_to_le16(0x0101),
.bCountryCode = 0x00,
.bNumDescriptors = 0x1,
- /*.desc[0].bDescriptorType = DYNAMIC */
- /*.desc[0].wDescriptorLenght = DYNAMIC */
+ /*.rpt_desc.bDescriptorType = DYNAMIC */
+ /*.rpt_desc.wDescriptorLength = DYNAMIC */
};
/* Super-Speed Support */
@@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f,
struct hid_descriptor hidg_desc_copy = hidg_desc;
VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
- hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT;
- hidg_desc_copy.desc[0].wDescriptorLength =
+ hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT;
+ hidg_desc_copy.rpt_desc.wDescriptorLength =
cpu_to_le16(hidg->report_desc_length);
length = min_t(unsigned short, length,
@@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
* We can use hidg_desc struct here but we should not relay
* that its content won't change after returning from this function.
*/
- hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT;
- hidg_desc.desc[0].wDescriptorLength =
+ hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT;
+ hidg_desc.rpt_desc.wDescriptorLength =
cpu_to_le16(hidg->report_desc_length);
hidg_hs_in_ep_desc.bEndpointAddress =
diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c
index 0fb210e40a41..9eafff0b6ea4 100644
--- a/drivers/hid/hid-hyperv.c
+++ b/drivers/hid/hid-hyperv.c
@@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device,
goto cleanup;
input_device->report_desc_size = le16_to_cpu(
- desc->desc[0].wDescriptorLength);
+ desc->rpt_desc.wDescriptorLength);
if (input_device->report_desc_size == 0) {
input_device->dev_info_status = -EINVAL;
goto cleanup;
@@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device,
memcpy(input_device->report_desc,
((unsigned char *)desc) + desc->bLength,
- le16_to_cpu(desc->desc[0].wDescriptorLength));
+ le16_to_cpu(desc->rpt_desc.wDescriptorLength));
/* Send the ack */
memset(&ack, 0, sizeof(struct mousevsc_prt_msg));
diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
index a6eb6fe6130d..e668143b559d 100644
--- a/drivers/hid/usbhid/hid-core.c
+++ b/drivers/hid/usbhid/hid-core.c
@@ -983,12 +983,11 @@ static int usbhid_parse(struct hid_device *hid)
struct usb_host_interface *interface = intf->cur_altsetting;
struct usb_device *dev = interface_to_usbdev (intf);
struct hid_descriptor *hdesc;
+ struct hid_class_descriptor *hcdesc;
u32 quirks = 0;
unsigned int rsize = 0;
char *rdesc;
- int ret, n;
- int num_descriptors;
- size_t offset = offsetof(struct hid_descriptor, desc);
+ int ret;
quirks = hid_lookup_quirk(hid);
@@ -1010,20 +1009,19 @@ static int usbhid_parse(struct hid_device *hid)
return -ENODEV;
}
- if (hdesc->bLength < sizeof(struct hid_descriptor)) {
- dbg_hid("hid descriptor is too short\n");
+ if (!hdesc->bNumDescriptors ||
+ hdesc->bLength != sizeof(*hdesc) +
+ (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) {
+ dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n",
+ hdesc->bLength, hdesc->bNumDescriptors);
return -EINVAL;
}
hid->version = le16_to_cpu(hdesc->bcdHID);
hid->country = hdesc->bCountryCode;
- num_descriptors = min_t(int, hdesc->bNumDescriptors,
- (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor));
-
- for (n = 0; n < num_descriptors; n++)
- if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT)
- rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength);
+ if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT)
+ rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength);
if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) {
dbg_hid("weird size of report descriptor (%u)\n", rsize);
@@ -1051,6 +1049,11 @@ static int usbhid_parse(struct hid_device *hid)
goto err;
}
+ if (hdesc->bNumDescriptors > 1)
+ hid_warn(intf,
+ "%hhu unsupported optional hid class descriptors\n",
+ hdesc->bNumDescriptors - 1);
+
hid->quirks |= quirks;
return 0;
--
2.43.0
5 months
- 4
- 4
[PATCH v3] arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
by Wojciech Dubowik
Define vqmmc regulator-gpio for usdhc2 with vin-supply
coming from LDO5.
Without this definition LDO5 will be powered down, disabling
SD card after bootup. This has been introduced in commit
f5aab0438ef1 ("regulator: pca9450: Fix enable register for LDO5").
Fixes: f5aab0438ef1 ("regulator: pca9450: Fix enable register for LDO5")
Cc: stable(a)vger.kernel.org
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik(a)mt.com>
---
v1 -> v2: https://lore.kernel.org/all/20250417112012.785420-1-Wojciech.Dubowik@mt.com/
- define gpio regulator for LDO5 vin controlled by vselect signal
v2 -> v3: https://lore.kernel.org/all/20250422130127.GA238494@francesco-nb/
- specify vselect as gpio
---
.../boot/dts/freescale/imx8mm-verdin.dtsi | 25 +++++++++++++++----
1 file changed, 20 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi b/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi
index 7251ad3a0017..b46566f3ce20 100644
--- a/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi
+++ b/arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi
@@ -144,6 +144,19 @@ reg_usdhc2_vmmc: regulator-usdhc2 {
startup-delay-us = <20000>;
};
+ reg_usdhc2_vqmmc: regulator-usdhc2-vqmmc {
+ compatible = "regulator-gpio";
+ pinctrl-names = "default";
+ pinctrl-0 = <&pinctrl_usdhc2_vsel>;
+ gpios = <&gpio1 4 GPIO_ACTIVE_HIGH>;
+ regulator-max-microvolt = <3300000>;
+ regulator-min-microvolt = <1800000>;
+ states = <1800000 0x1>,
+ <3300000 0x0>;
+ regulator-name = "PMIC_USDHC_VSELECT";
+ vin-supply = <®_nvcc_sd>;
+ };
+
reserved-memory {
#address-cells = <2>;
#size-cells = <2>;
@@ -269,7 +282,7 @@ &gpio1 {
"SODIMM_19",
"",
"",
- "",
+ "PMIC_USDHC_VSELECT",
"",
"",
"",
@@ -785,6 +798,7 @@ &usdhc2 {
pinctrl-2 = <&pinctrl_usdhc2_200mhz>, <&pinctrl_usdhc2_cd>;
pinctrl-3 = <&pinctrl_usdhc2_sleep>, <&pinctrl_usdhc2_cd_sleep>;
vmmc-supply = <®_usdhc2_vmmc>;
+ vqmmc-supply = <®_usdhc2_vqmmc>;
};
&wdog1 {
@@ -1206,13 +1220,17 @@ pinctrl_usdhc2_pwr_en: usdhc2pwrengrp {
<MX8MM_IOMUXC_NAND_CLE_GPIO3_IO5 0x6>; /* SODIMM 76 */
};
+ pinctrl_usdhc2_vsel: usdhc2vselgrp {
+ fsl,pins =
+ <MX8MM_IOMUXC_GPIO1_IO04_GPIO1_IO4 0x10>; /* PMIC_USDHC_VSELECT */
+ };
+
/*
* Note: Due to ERR050080 we use discrete external on-module resistors pulling-up to the
* on-module +V3.3_1.8_SD (LDO5) rail and explicitly disable the internal pull-ups here.
*/
pinctrl_usdhc2: usdhc2grp {
fsl,pins =
- <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>,
<MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x90>, /* SODIMM 78 */
<MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x90>, /* SODIMM 74 */
<MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x90>, /* SODIMM 80 */
@@ -1223,7 +1241,6 @@ pinctrl_usdhc2: usdhc2grp {
pinctrl_usdhc2_100mhz: usdhc2-100mhzgrp {
fsl,pins =
- <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>,
<MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x94>,
<MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x94>,
<MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x94>,
@@ -1234,7 +1251,6 @@ pinctrl_usdhc2_100mhz: usdhc2-100mhzgrp {
pinctrl_usdhc2_200mhz: usdhc2-200mhzgrp {
fsl,pins =
- <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x10>,
<MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x96>,
<MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x96>,
<MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x96>,
@@ -1246,7 +1262,6 @@ pinctrl_usdhc2_200mhz: usdhc2-200mhzgrp {
/* Avoid backfeeding with removed card power */
pinctrl_usdhc2_sleep: usdhc2slpgrp {
fsl,pins =
- <MX8MM_IOMUXC_GPIO1_IO04_USDHC2_VSELECT 0x0>,
<MX8MM_IOMUXC_SD2_CLK_USDHC2_CLK 0x0>,
<MX8MM_IOMUXC_SD2_CMD_USDHC2_CMD 0x0>,
<MX8MM_IOMUXC_SD2_DATA0_USDHC2_DATA0 0x0>,
--
2.47.2
5 months
- 4
- 12
[PATCH 5.10.y] perf: Fix perf_pending_task() UaF
by Xiangyu Chen
From: Peter Zijlstra <peterz(a)infradead.org>
[ Upstream commit 517e6a301f34613bff24a8e35b5455884f2d83d8 ]
Per syzbot it is possible for perf_pending_task() to run after the
event is free()'d. There are two related but distinct cases:
- the task_work was already queued before destroying the event;
- destroying the event itself queues the task_work.
The first cannot be solved using task_work_cancel() since
perf_release() itself might be called from a task_work (____fput),
which means the current->task_works list is already empty and
task_work_cancel() won't be able to find the perf_pending_task()
entry.
The simplest alternative is extending the perf_event lifetime to cover
the task_work.
The second is just silly, queueing a task_work while you know the
event is going away makes no sense and is easily avoided by
re-arranging how the event is marked STATE_DEAD and ensuring it goes
through STATE_OFF on the way down.
Reported-by: syzbot+9228d6098455bb209ec8(a)syzkaller.appspotmail.com
Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org>
Tested-by: Marco Elver <elver(a)google.com>
[ Discard the changes in event_sched_out() due to 5.10 don't have the
commit: 97ba62b27867 ("perf: Add support for SIGTRAP on perf events")
and commit: ca6c21327c6a ("perf: Fix missing SIGTRAPs") ]
Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified the build test.
---
kernel/events/core.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 8f19d6ab039e..798c839a00b3 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -2419,6 +2419,7 @@ group_sched_out(struct perf_event *group_event,
}
#define DETACH_GROUP 0x01UL
+#define DETACH_DEAD 0x04UL
/*
* Cross CPU call to remove a performance event
@@ -2439,10 +2440,18 @@ __perf_remove_from_context(struct perf_event *event,
update_cgrp_time_from_cpuctx(cpuctx, false);
}
+ /*
+ * Ensure event_sched_out() switches to OFF, at the very least
+ * this avoids raising perf_pending_task() at this time.
+ */
+ if (flags & DETACH_DEAD)
+ event->pending_disable = 1;
event_sched_out(event, cpuctx, ctx);
if (flags & DETACH_GROUP)
perf_group_detach(event);
list_del_event(event, ctx);
+ if (flags & DETACH_DEAD)
+ event->state = PERF_EVENT_STATE_DEAD;
if (!ctx->nr_events && ctx->is_active) {
if (ctx == &cpuctx->ctx)
@@ -5111,9 +5120,7 @@ int perf_event_release_kernel(struct perf_event *event)
ctx = perf_event_ctx_lock(event);
WARN_ON_ONCE(ctx->parent_ctx);
- perf_remove_from_context(event, DETACH_GROUP);
- raw_spin_lock_irq(&ctx->lock);
/*
* Mark this event as STATE_DEAD, there is no external reference to it
* anymore.
@@ -5125,8 +5132,7 @@ int perf_event_release_kernel(struct perf_event *event)
* Thus this guarantees that we will in fact observe and kill _ALL_
* child events.
*/
- event->state = PERF_EVENT_STATE_DEAD;
- raw_spin_unlock_irq(&ctx->lock);
+ perf_remove_from_context(event, DETACH_GROUP|DETACH_DEAD);
perf_event_ctx_unlock(event, ctx);
@@ -6533,6 +6539,8 @@ static void perf_pending_event(struct irq_work *entry)
if (rctx >= 0)
perf_swevent_put_recursion_context(rctx);
+
+ put_event(event);
}
/*
--
2.34.1
5 months
- 3
- 5
[PATCH v2 RESEND] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
by Haoxiang Li
Add video_device_release() in label 'err_m2m' to release the memory
allocated by video_device_alloc() and prevent potential memory leaks.
Remove the reduntant code in label 'err_m2m'.
Fixes: a8ef0488cc59 ("media: imx: add csc/scaler mem2mem device")
Cc: stable(a)vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com>
Reviewed-by: Dan Carpenter <dan.carpenter(a)linaro.org>
---
Changes in v2:
- Remove the reduntant code. Thanks, Dan!
---
drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/media/imx/imx-media-csc-scaler.c b/drivers/staging/media/imx/imx-media-csc-scaler.c
index e5e08c6f79f2..19fd31cb9bb0 100644
--- a/drivers/staging/media/imx/imx-media-csc-scaler.c
+++ b/drivers/staging/media/imx/imx-media-csc-scaler.c
@@ -912,7 +912,7 @@ imx_media_csc_scaler_device_init(struct imx_media_dev *md)
return &priv->vdev;
err_m2m:
- video_set_drvdata(vfd, NULL);
+ video_device_release(vfd);
err_vfd:
kfree(priv);
return ERR_PTR(ret);
--
2.25.1
5 months
- 1
- 0
[PATCH 2/2] drm/dp: Add handling for partially read under I2-readC-over-AUX
by Wayne Lin
[Why]
There is no handling for I2C-read-over-AUX when receive reply of
I2C_ACK|AUX_ACK followed by the total number of data bytes Fewer
than LEN + 1
[How]
Refer to DP v2.1: 2.11.7.1.6.3 & 2.11.7.1.6.4, repeat the identical
I2C-read-over-AUX transaction with the updated LEN value equal to
the original LEN value minus the total number of data bytes received
so far.
Fixes: 68ec2a2a2481 ("drm/dp: Use I2C_WRITE_STATUS_UPDATE to drain partial I2C_WRITE requests")
Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Cc: Jani Nikula <jani.nikula(a)intel.com>
Cc: Mario Limonciello <mario.limonciello(a)amd.com>
Cc: Harry Wentland <harry.wentland(a)amd.com>
Cc: stable(a)vger.kernel.org
Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com>
---
drivers/gpu/drm/display/drm_dp_helper.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index 28f0708c3b27..938214a980a9 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -1812,10 +1812,11 @@ static int drm_dp_i2c_do_msg(struct drm_dp_aux *aux, struct drm_dp_aux_msg *msg)
drm_dbg_kms(aux->drm_dev,
"%s: I2C partially ack (result=%d, size=%zu)\n",
aux->name, ret, msg->size);
- if (!(msg->request & DP_AUX_I2C_READ)) {
- usleep_range(AUX_RETRY_INTERVAL, AUX_RETRY_INTERVAL + 100);
+ usleep_range(AUX_RETRY_INTERVAL, AUX_RETRY_INTERVAL + 100);
+ if (msg->request & DP_AUX_I2C_READ)
+ msg->size -= ret;
+ else
drm_dp_i2c_msg_write_status_update(msg);
- }
continue;
}
--
2.43.0
5 months
- 1
- 0
[PATCH RESEND] scsi: esas2r: Add check for alloc_ordered_workqueue()
by Haoxiang Li
Add check for the return value of alloc_ordered_workqueue()
in esas2r_init_adapter() to catch potential exception.
Fixes: 4cb1b41a5ee4 ("scsi: esas2r: Simplify an alloc_ordered_workqueue() invocation")
Cc: stable(a)vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com>
---
drivers/scsi/esas2r/esas2r_init.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/scsi/esas2r/esas2r_init.c b/drivers/scsi/esas2r/esas2r_init.c
index 04a07fe57be2..9c0225a1f208 100644
--- a/drivers/scsi/esas2r/esas2r_init.c
+++ b/drivers/scsi/esas2r/esas2r_init.c
@@ -313,6 +313,11 @@ int esas2r_init_adapter(struct Scsi_Host *host, struct pci_dev *pcid,
esas2r_fw_event_off(a);
a->fw_event_q =
alloc_ordered_workqueue("esas2r/%d", WQ_MEM_RECLAIM, a->index);
+ if (!a->fw_event_q) {
+ esas2r_log(ESAS2R_LOG_CRIT, "failed to create work queue\n");
+ esas2r_kill_adapter(index);
+ return 0;
+ }
init_waitqueue_head(&a->buffered_ioctl_waiter);
init_waitqueue_head(&a->nvram_waiter);
--
2.25.1
5 months
- 1
- 0
[PATCH RESEND] drm/xe: Add check for alloc_ordered_workqueue()
by Haoxiang Li
Add check for the return value of alloc_ordered_workqueue()
in xe_gt_alloc() to catch potential exception.
Fixes: e2d84e5b2205 ("drm/xe: Mark GT work queue with WQ_MEM_RECLAIM")
Cc: stable(a)vger.kernel.org
Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com>
Reviewed-by: Lucas De Marchi <lucas.demarchi(a)intel.com>
---
drivers/gpu/drm/xe/xe_gt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/xe/xe_gt.c b/drivers/gpu/drm/xe/xe_gt.c
index 10a9e3c72b36..1f50f26fb657 100644
--- a/drivers/gpu/drm/xe/xe_gt.c
+++ b/drivers/gpu/drm/xe/xe_gt.c
@@ -81,6 +81,8 @@ struct xe_gt *xe_gt_alloc(struct xe_tile *tile)
gt->tile = tile;
gt->ordered_wq = alloc_ordered_workqueue("gt-ordered-wq",
WQ_MEM_RECLAIM);
+ if (!gt->ordered_wq)
+ return ERR_PTR(-ENOMEM);
err = drmm_add_action_or_reset(>_to_xe(gt)->drm, gt_fini, gt);
if (err)
--
2.25.1
5 months
- 1
- 0
[PATCH v2 1/1] iommu: Allow attaching static domains in iommu_attach_device_pasid()
by Lu Baolu
The idxd driver attaches the default domain to a PASID of the device to
perform kernel DMA using that PASID. The domain is attached to the
device's PASID through iommu_attach_device_pasid(), which checks if the
domain->owner matches the iommu_ops retrieved from the device. If they
do not match, it returns a failure.
if (ops != domain->owner || pasid == IOMMU_NO_PASID)
return -EINVAL;
The static identity domain implemented by the intel iommu driver doesn't
specify the domain owner. Therefore, kernel DMA with PASID doesn't work
for the idxd driver if the device translation mode is set to passthrough.
Generally the owner field of static domains are not set because they are
already part of iommu ops. Add a helper domain_iommu_ops_compatible()
that checks if a domain is compatible with the device's iommu ops. This
helper explicitly allows the static blocked and identity domains associated
with the device's iommu_ops to be considered compatible.
Fixes: 2031c469f816 ("iommu/vt-d: Add support for static identity domain")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220031
Cc: stable(a)vger.kernel.org
Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com>
Link: https://lore.kernel.org/linux-iommu/20250422191554.GC1213339@ziepe.ca/
Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com>
---
drivers/iommu/iommu.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
Change log:
-v2:
- Make the solution generic for all static domains as suggested by
Jason.
-v1: https://lore.kernel.org/linux-iommu/20250422075422.2084548-1-baolu.lu@linux…
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 4f91a740c15f..abda40ec377a 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -3402,6 +3402,19 @@ static void __iommu_remove_group_pasid(struct iommu_group *group,
iommu_remove_dev_pasid(device->dev, pasid, domain);
}
+static bool domain_iommu_ops_compatible(const struct iommu_ops *ops,
+ struct iommu_domain *domain)
+{
+ if (domain->owner == ops)
+ return true;
+
+ /* For static domains, owner isn't set. */
+ if (domain == ops->blocked_domain || domain == ops->identity_domain)
+ return true;
+
+ return false;
+}
+
/*
* iommu_attach_device_pasid() - Attach a domain to pasid of device
* @domain: the iommu domain.
@@ -3435,7 +3448,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
!ops->blocked_domain->ops->set_dev_pasid)
return -EOPNOTSUPP;
- if (ops != domain->owner || pasid == IOMMU_NO_PASID)
+ if (!domain_iommu_ops_compatible(ops, domain) ||
+ pasid == IOMMU_NO_PASID)
return -EINVAL;
mutex_lock(&group->mutex);
--
2.43.0
5 months
- 5
- 4
[PATCH net 0/2] mptcp: pm: Defer freeing userspace pm entries
by Matthieu Baerts (NGI0)
Here are two unrelated fixes for MPTCP:
- Patch 1: free userspace PM entry with RCU helpers. A fix for v6.14.
- Patch 2: avoid a warning when running diag.sh selftest. A fix for
v6.15-rc1.
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
---
Geliang Tang (1):
selftests: mptcp: diag: use mptcp_lib_get_info_value
Mat Martineau (1):
mptcp: pm: Defer freeing of MPTCP userspace path manager entries
net/mptcp/pm_userspace.c | 6 +++++-
tools/testing/selftests/net/mptcp/diag.sh | 5 ++---
2 files changed, 7 insertions(+), 4 deletions(-)
---
base-commit: 750d0ac001e85b754404178ee8ce01cbc76a03be
change-id: 20250421-net-mptcp-pm-defer-freeing-f9cd01b70043
Best regards,
--
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
5 months
- 2
- 2
+ selftests-mm-compaction_test-support-platform-with-huge-mount-of-memory.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: selftests/mm: compaction_test: support platform with huge mount of memory
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
selftests-mm-compaction_test-support-platform-with-huge-mount-of-memory.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Feng Tang <feng.tang(a)linux.alibaba.com>
Subject: selftests/mm: compaction_test: support platform with huge mount of memory
Date: Wed, 23 Apr 2025 18:36:45 +0800
When running mm selftest to verify mm patches, 'compaction_test' case
failed on an x86 server with 1TB memory. And the root cause is that it
has too much free memory than what the test supports.
The test case tries to allocate 100000 huge pages, which is about 200 GB
for that x86 server, and when it succeeds, it expects it's large than 1/3
of 80% of the free memory in system. This logic only works for platform
with 750 GB ( 200 / (1/3) / 80% ) or less free memory, and may raise false
alarm for others.
Fix it by changing the fixed page number to self-adjustable number
according to the real number of free memory.
Link: https://lkml.kernel.org/r/20250423103645.2758-1-feng.tang@linux.alibaba.com
Fixes: bd67d5c15cc19 ("Test compaction of mlocked memory")
Signed-off-by: Feng Tang <feng.tang(a)linux.alibaba.com>
Acked-by: Dev Jain <dev.jain(a)arm.com>
Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com>
Cc: Shuah Khan <shuah(a)kernel.org>
Cc: Sri Jayaramappa <sjayaram(a)akamai.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
tools/testing/selftests/mm/compaction_test.c | 19 ++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
--- a/tools/testing/selftests/mm/compaction_test.c~selftests-mm-compaction_test-support-platform-with-huge-mount-of-memory
+++ a/tools/testing/selftests/mm/compaction_test.c
@@ -90,6 +90,8 @@ int check_compaction(unsigned long mem_f
int compaction_index = 0;
char nr_hugepages[20] = {0};
char init_nr_hugepages[24] = {0};
+ char target_nr_hugepages[24] = {0};
+ int slen;
snprintf(init_nr_hugepages, sizeof(init_nr_hugepages),
"%lu", initial_nr_hugepages);
@@ -106,11 +108,18 @@ int check_compaction(unsigned long mem_f
goto out;
}
- /* Request a large number of huge pages. The Kernel will allocate
- as much as it can */
- if (write(fd, "100000", (6*sizeof(char))) != (6*sizeof(char))) {
- ksft_print_msg("Failed to write 100000 to /proc/sys/vm/nr_hugepages: %s\n",
- strerror(errno));
+ /*
+ * Request huge pages for about half of the free memory. The Kernel
+ * will allocate as much as it can, and we expect it will get at least 1/3
+ */
+ nr_hugepages_ul = mem_free / hugepage_size / 2;
+ snprintf(target_nr_hugepages, sizeof(target_nr_hugepages),
+ "%lu", nr_hugepages_ul);
+
+ slen = strlen(target_nr_hugepages);
+ if (write(fd, target_nr_hugepages, slen) != slen) {
+ ksft_print_msg("Failed to write %lu to /proc/sys/vm/nr_hugepages: %s\n",
+ nr_hugepages_ul, strerror(errno));
goto close_fd;
}
_
Patches currently in -mm which might be from feng.tang(a)linux.alibaba.com are
selftests-mm-compaction_test-support-platform-with-huge-mount-of-memory.patch
5 months
- 1
- 0
[PATCH 1/2] Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary
by longli@linuxonhyperv.com
From: Long Li <longli(a)microsoft.com>
There are use cases that interrupt and monitor pages are mapped to
user-mode through UIO, they need to be system page aligned. Some Hyper-V
allocation APIs introduced earlier broke those requirements.
Fix those APIs by always allocating Hyper-V page at system page boundaries.
Cc: stable(a)vger.kernel.org
Fixes: ca48739e59df ("Drivers: hv: vmbus: Move Hyper-V page allocator to arch neutral code")
Signed-off-by: Long Li <longli(a)microsoft.com>
---
drivers/hv/hv_common.c | 29 +++++++----------------------
1 file changed, 7 insertions(+), 22 deletions(-)
diff --git a/drivers/hv/hv_common.c b/drivers/hv/hv_common.c
index a7d7494feaca..f426aaa9b8f9 100644
--- a/drivers/hv/hv_common.c
+++ b/drivers/hv/hv_common.c
@@ -106,41 +106,26 @@ void __init hv_common_free(void)
}
/*
- * Functions for allocating and freeing memory with size and
- * alignment HV_HYP_PAGE_SIZE. These functions are needed because
- * the guest page size may not be the same as the Hyper-V page
- * size. We depend upon kmalloc() aligning power-of-two size
- * allocations to the allocation size boundary, so that the
- * allocated memory appears to Hyper-V as a page of the size
- * it expects.
+ * A Hyper-V page can be used by UIO for mapping to user-space, it should
+ * always be allocated on system page boundaries.
*/
-
void *hv_alloc_hyperv_page(void)
{
- BUILD_BUG_ON(PAGE_SIZE < HV_HYP_PAGE_SIZE);
-
- if (PAGE_SIZE == HV_HYP_PAGE_SIZE)
- return (void *)__get_free_page(GFP_KERNEL);
- else
- return kmalloc(HV_HYP_PAGE_SIZE, GFP_KERNEL);
+ BUILD_BUG_ON(PAGE_SIZE < HV_HYP_PAGE_SIZE);
+ return (void *)__get_free_page(GFP_KERNEL);
}
EXPORT_SYMBOL_GPL(hv_alloc_hyperv_page);
void *hv_alloc_hyperv_zeroed_page(void)
{
- if (PAGE_SIZE == HV_HYP_PAGE_SIZE)
- return (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO);
- else
- return kzalloc(HV_HYP_PAGE_SIZE, GFP_KERNEL);
+ BUILD_BUG_ON(PAGE_SIZE < HV_HYP_PAGE_SIZE);
+ return (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO);
}
EXPORT_SYMBOL_GPL(hv_alloc_hyperv_zeroed_page);
void hv_free_hyperv_page(void *addr)
{
- if (PAGE_SIZE == HV_HYP_PAGE_SIZE)
- free_page((unsigned long)addr);
- else
- kfree(addr);
+ free_page((unsigned long)addr);
}
EXPORT_SYMBOL_GPL(hv_free_hyperv_page);
--
2.34.1
5 months
- 3
- 3
[PATCH 2/2] uio_hv_generic: Use correct size for interrupt and monitor pages
by longli@linuxonhyperv.com
From: Long Li <longli(a)microsoft.com>
Interrupt and monitor pages should be in Hyper-V page size (4k bytes).
This can be different to the system page size.
Cc: stable(a)vger.kernel.org
Fixes: 95096f2fbd10 ("uio-hv-generic: new userspace i/o driver for VMBus")
Signed-off-by: Long Li <longli(a)microsoft.com>
---
drivers/uio/uio_hv_generic.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c
index 1b19b5647495..08385b04c4ab 100644
--- a/drivers/uio/uio_hv_generic.c
+++ b/drivers/uio/uio_hv_generic.c
@@ -287,13 +287,13 @@ hv_uio_probe(struct hv_device *dev,
pdata->info.mem[INT_PAGE_MAP].name = "int_page";
pdata->info.mem[INT_PAGE_MAP].addr
= (uintptr_t)vmbus_connection.int_page;
- pdata->info.mem[INT_PAGE_MAP].size = PAGE_SIZE;
+ pdata->info.mem[INT_PAGE_MAP].size = HV_HYP_PAGE_SIZE;
pdata->info.mem[INT_PAGE_MAP].memtype = UIO_MEM_LOGICAL;
pdata->info.mem[MON_PAGE_MAP].name = "monitor_page";
pdata->info.mem[MON_PAGE_MAP].addr
= (uintptr_t)vmbus_connection.monitor_pages[1];
- pdata->info.mem[MON_PAGE_MAP].size = PAGE_SIZE;
+ pdata->info.mem[MON_PAGE_MAP].size = HV_HYP_PAGE_SIZE;
pdata->info.mem[MON_PAGE_MAP].memtype = UIO_MEM_LOGICAL;
if (channel->device_id == HV_NIC) {
--
2.34.1
5 months
- 3
- 3
[PATCH] ext4: fix off-by-one error in do_split
by Artem Sadovnikov
Syzkaller detected a use-after-free issue in ext4_insert_dentry that was
caused by out-of-bounds access due to incorrect splitting in do_split.
BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109
Write of size 251 at addr ffff888074572f14 by task syz-executor335/5847
CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
__asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106
ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109
add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154
make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351
ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455
ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796
ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431
vfs_symlink+0x137/0x2e0 fs/namei.c:4615
do_symlinkat+0x222/0x3a0 fs/namei.c:4641
__do_sys_symlink fs/namei.c:4662 [inline]
__se_sys_symlink fs/namei.c:4660 [inline]
__x64_sys_symlink+0x7a/0x90 fs/namei.c:4660
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
</TASK>
The following loop is located right above 'if' statement.
for (i = count-1; i >= 0; i--) {
/* is more than half of this entry in 2nd half of the block? */
if (size + map[i].size/2 > blocksize/2)
break;
size += map[i].size;
move++;
}
'i' in this case could go down to -1, in which case sum of active entries
wouldn't exceed half the block size, but previous behaviour would also do
split in half if sum would exceed at the very last block, which in case of
having too many long name files in a single block could lead to
out-of-bounds access and following use-after-free.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Cc: stable(a)vger.kernel.org
Fixes: 5872331b3d91 ("ext4: fix potential negative array index in do_split()")
Signed-off-by: Artem Sadovnikov <a.sadovnikov(a)ispras.ru>
---
fs/ext4/namei.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index cb5cb33b1d91..e9712e64ec8f 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1971,7 +1971,7 @@ static struct ext4_dir_entry_2 *do_split(handle_t *handle, struct inode *dir,
* split it in half by count; each resulting block will have at least
* half the space free.
*/
- if (i > 0)
+ if (i >= 0)
split = count - move;
else
split = count/2;
--
2.43.0
5 months
- 3
- 4
[PATCH v4 5/6] media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval
by Mathis Foerst
Getting / Setting the frame interval using the V4L2 subdev pad ops
get_frame_interval/set_frame_interval causes a deadlock, as the
subdev state is locked in the [1] but also in the driver itself.
In [2] it's described that the caller is responsible to acquire and
release the lock in this case. Therefore, acquiring the lock in the
driver is wrong.
Remove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval()
and mt9m114_ifp_set_frame_interval().
[1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129
[2] Documentation/driver-api/media/v4l2-subdev.rst
Fixes: 24d756e914fc ("media: i2c: Add driver for onsemi MT9M114 camera sensor")
Cc: stable(a)vger.kernel.org
Signed-off-by: Mathis Foerst <mathis.foerst(a)mt.com>
---
drivers/media/i2c/mt9m114.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/drivers/media/i2c/mt9m114.c b/drivers/media/i2c/mt9m114.c
index 65b9124e464f..79c97ab19be9 100644
--- a/drivers/media/i2c/mt9m114.c
+++ b/drivers/media/i2c/mt9m114.c
@@ -1644,13 +1644,9 @@ static int mt9m114_ifp_get_frame_interval(struct v4l2_subdev *sd,
if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE)
return -EINVAL;
- mutex_lock(sensor->ifp.hdl.lock);
-
ival->numerator = 1;
ival->denominator = sensor->ifp.frame_rate;
- mutex_unlock(sensor->ifp.hdl.lock);
-
return 0;
}
@@ -1669,8 +1665,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd,
if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE)
return -EINVAL;
- mutex_lock(sensor->ifp.hdl.lock);
-
if (ival->numerator != 0 && ival->denominator != 0)
sensor->ifp.frame_rate = min_t(unsigned int,
ival->denominator / ival->numerator,
@@ -1684,8 +1678,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd,
if (sensor->streaming)
ret = mt9m114_set_frame_rate(sensor);
- mutex_unlock(sensor->ifp.hdl.lock);
-
return ret;
}
--
2.34.1
5 months
- 2
- 1
[PATCH 5.15.y] scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
by bin.lan.cn@windriver.com
From: James Smart <jsmart2021(a)gmail.com>
[ Upstream commit 577a942df3de2666f6947bdd3a5c9e8d30073424 ]
If lpfc_issue_els_flogi() fails and returns non-zero status, the node
reference count is decremented to trigger the release of the nodelist
structure. However, if there is a prior registration or dev-loss-evt work
pending, the node may be released prematurely. When dev-loss-evt
completes, the released node is referenced causing a use-after-free null
pointer dereference.
Similarly, when processing non-zero ELS PLOGI completion status in
lpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport
registration before triggering node removal. If dev-loss-evt work is
pending, the node may be released prematurely and a subsequent call to
lpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.
Add test for pending dev-loss before decrementing the node reference count
for FLOGI, PLOGI, PRLI, and ADISC handling.
Link: https://lore.kernel.org/r/20220412222008.126521-9-jsmart2021@gmail.com
Co-developed-by: Justin Tee <justin.tee(a)broadcom.com>
Signed-off-by: Justin Tee <justin.tee(a)broadcom.com>
Signed-off-by: James Smart <jsmart2021(a)gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com>
[Minor context change fixed.]
Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Build test passed.
---
drivers/scsi/lpfc/lpfc_els.c | 51 +++++++++++++++++++++++++-----------
1 file changed, 35 insertions(+), 16 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 5f44a0763f37..134d56bd00da 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -1517,10 +1517,13 @@ lpfc_initial_flogi(struct lpfc_vport *vport)
}
if (lpfc_issue_els_flogi(vport, ndlp, 0)) {
- /* This decrement of reference count to node shall kick off
- * the release of the node.
+ /* A node reference should be retained while registered with a
+ * transport or dev-loss-evt work is pending.
+ * Otherwise, decrement node reference to trigger release.
*/
- lpfc_nlp_put(ndlp);
+ if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD)) &&
+ !(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ lpfc_nlp_put(ndlp);
return 0;
}
return 1;
@@ -1563,10 +1566,13 @@ lpfc_initial_fdisc(struct lpfc_vport *vport)
}
if (lpfc_issue_els_fdisc(vport, ndlp, 0)) {
- /* decrement node reference count to trigger the release of
- * the node.
+ /* A node reference should be retained while registered with a
+ * transport or dev-loss-evt work is pending.
+ * Otherwise, decrement node reference to trigger release.
*/
- lpfc_nlp_put(ndlp);
+ if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD)) &&
+ !(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ lpfc_nlp_put(ndlp);
return 0;
}
return 1;
@@ -1967,6 +1973,7 @@ lpfc_cmpl_els_plogi(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
struct lpfc_dmabuf *prsp;
int disc;
struct serv_parm *sp = NULL;
+ bool release_node = false;
/* we pass cmdiocb to state machine which needs rspiocb as well */
cmdiocb->context_un.rsp_iocb = rspiocb;
@@ -2047,19 +2054,21 @@ lpfc_cmpl_els_plogi(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
spin_unlock_irq(&ndlp->lock);
goto out;
}
- spin_unlock_irq(&ndlp->lock);
/* No PLOGI collision and the node is not registered with the
* scsi or nvme transport. It is no longer an active node. Just
* start the device remove process.
*/
if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD))) {
- spin_lock_irq(&ndlp->lock);
ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
- spin_unlock_irq(&ndlp->lock);
+ if (!(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ release_node = true;
+ }
+ spin_unlock_irq(&ndlp->lock);
+
+ if (release_node)
lpfc_disc_state_machine(vport, ndlp, cmdiocb,
NLP_EVT_DEVICE_RM);
- }
} else {
/* Good status, call state machine */
prsp = list_entry(((struct lpfc_dmabuf *)
@@ -2269,6 +2278,7 @@ lpfc_cmpl_els_prli(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
struct lpfc_nodelist *ndlp;
char *mode;
u32 loglevel;
+ bool release_node = false;
/* we pass cmdiocb to state machine which needs rspiocb as well */
cmdiocb->context_un.rsp_iocb = rspiocb;
@@ -2335,14 +2345,18 @@ lpfc_cmpl_els_prli(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
* it is no longer an active node. Otherwise devloss
* handles the final cleanup.
*/
+ spin_lock_irq(&ndlp->lock);
if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD)) &&
!ndlp->fc4_prli_sent) {
- spin_lock_irq(&ndlp->lock);
ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
- spin_unlock_irq(&ndlp->lock);
+ if (!(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ release_node = true;
+ }
+ spin_unlock_irq(&ndlp->lock);
+
+ if (release_node)
lpfc_disc_state_machine(vport, ndlp, cmdiocb,
NLP_EVT_DEVICE_RM);
- }
} else {
/* Good status, call state machine. However, if another
* PRLI is outstanding, don't call the state machine
@@ -2713,6 +2727,7 @@ lpfc_cmpl_els_adisc(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
IOCB_t *irsp;
struct lpfc_nodelist *ndlp;
int disc;
+ bool release_node = false;
/* we pass cmdiocb to state machine which needs rspiocb as well */
cmdiocb->context_un.rsp_iocb = rspiocb;
@@ -2771,13 +2786,17 @@ lpfc_cmpl_els_adisc(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
* transport, it is no longer an active node. Otherwise
* devloss handles the final cleanup.
*/
+ spin_lock_irq(&ndlp->lock);
if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD))) {
- spin_lock_irq(&ndlp->lock);
ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
- spin_unlock_irq(&ndlp->lock);
+ if (!(ndlp->nlp_flag & NLP_IN_DEV_LOSS))
+ release_node = true;
+ }
+ spin_unlock_irq(&ndlp->lock);
+
+ if (release_node)
lpfc_disc_state_machine(vport, ndlp, cmdiocb,
NLP_EVT_DEVICE_RM);
- }
} else
/* Good status, call state machine */
lpfc_disc_state_machine(vport, ndlp, cmdiocb,
--
2.34.1
5 months
- 2
- 1
[REGRESSION] stable-rc/linux-5.15.y: (build) variable 'is_redirect' is used uninitialized whenever 'if' conditi...
by KernelCI bot
Hello,
New build issue found on stable-rc/linux-5.15.y:
---
variable 'is_redirect' is used uninitialized whenever 'if' condition
is true [-Werror,-Wsometimes-uninitialized] in net/sched/act_mirred.o
(net/sched/act_mirred.c) [logspec:kbuild,kbuild.compiler.error]
---
- dashboard: https://d.kernelci.org/i/maestro:72f9cc14e764580fd20bda28956c2ddf82023571
- giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
- commit HEAD: dd688b41d9038dbc86718bae12ed995d596c1de5
Log excerpt:
=====================================================
net/sched/act_mirred.c:264:6: error: variable 'is_redirect' is used
uninitialized whenever 'if' condition is true
[-Werror,-Wsometimes-uninitialized]
264 | if (unlikely(!(dev->flags & IFF_UP)) ||
!netif_carrier_ok(dev)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/compiler.h:78:22: note: expanded from macro 'unlikely'
78 | # define unlikely(x) __builtin_expect(!!(x), 0)
| ^
net/sched/act_mirred.c:331:6: note: uninitialized use occurs here
331 | if (is_redirect)
| ^~~~~~~~~~~
net/sched/act_mirred.c:264:2: note: remove the 'if' if its condition
is always false
264 | if (unlikely(!(dev->flags & IFF_UP)) ||
!netif_carrier_ok(dev)) {
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
265 | net_notice_ratelimited("tc mirred to Houston:
device %s is down\n",
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
266 | dev->name);
| ~~~~~~~~~~~
267 | goto err_cant_do;
| ~~~~~~~~~~~~~~~~~
268 | }
| ~
net/sched/act_mirred.c:264:6: error: variable 'is_redirect' is used
uninitialized whenever '||' condition is true
[-Werror,-Wsometimes-uninitialized]
264 | if (unlikely(!(dev->flags & IFF_UP)) ||
!netif_carrier_ok(dev)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/compiler.h:78:22: note: expanded from macro 'unlikely'
78 | # define unlikely(x) __builtin_expect(!!(x), 0)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
net/sched/act_mirred.c:331:6: note: uninitialized use occurs here
331 | if (is_redirect)
| ^~~~~~~~~~~
net/sched/act_mirred.c:264:6: note: remove the '||' if its condition
is always false
264 | if (unlikely(!(dev->flags & IFF_UP)) ||
!netif_carrier_ok(dev)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/compiler.h:78:22: note: expanded from macro 'unlikely'
78 | # define unlikely(x) __builtin_expect(!!(x), 0)
| ^
net/sched/act_mirred.c:259:6: error: variable 'is_redirect' is used
uninitialized whenever 'if' condition is true
[-Werror,-Wsometimes-uninitialized]
259 | if (unlikely(!dev)) {
| ^~~~~~~~~~~~~~
./include/linux/compiler.h:78:22: note: expanded from macro 'unlikely'
78 | # define unlikely(x) __builtin_expect(!!(x), 0)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
net/sched/act_mirred.c:331:6: note: uninitialized use occurs here
331 | if (is_redirect)
| ^~~~~~~~~~~
net/sched/act_mirred.c:259:2: note: remove the 'if' if its condition
is always false
259 | if (unlikely(!dev)) {
| ^~~~~~~~~~~~~~~~~~~~~
260 | pr_notice_once("tc mirred: target device is gone\n");
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
261 | goto err_cant_do;
| ~~~~~~~~~~~~~~~~~
262 | }
| ~
net/sched/act_mirred.c:237:18: note: initialize the variable
'is_redirect' to silence this warning
237 | bool is_redirect;
| ^
| = 0
3 errors generated.
=====================================================
# Builds where the incident occurred:
## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm):
- compiler: clang-17
- dashboard: https://d.kernelci.org/build/maestro:6808fe8b43948caad9509059
#kernelci issue maestro:72f9cc14e764580fd20bda28956c2ddf82023571
Reported-by: kernelci.org bot <bot(a)kernelci.org>
--
This is an experimental report format. Please send feedback in!
Talk to us at kernelci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
5 months
- 1
- 0