[PATCH AUTOSEL 6.14 01/54] wifi: ath9k: use unsigned long for activity check timestamp
by Sasha Levin
From: Dmitry Antipov <dmantipov(a)yandex.ru>
[ Upstream commit 8fe64b0fedcb7348080529c46c71ae23f60c9d3e ]
Since 'rx_active_check_time' of 'struct ath_softc' is in jiffies,
prefer 'unsigned long' over 'u32' to avoid possible truncation in
'ath_hw_rx_inactive_check()'. Found with clang's -Wshorten-64-to-32,
compile tested only.
Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru>
Acked-by: Toke Høiland-Jørgensen <toke(a)toke.dk>
Link: https://patch.msgid.link/20250115171750.259917-2-dmantipov@yandex.ru
Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/net/wireless/ath/ath9k/ath9k.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath9k/ath9k.h b/drivers/net/wireless/ath/ath9k/ath9k.h
index a728cc0387df8..cbcf37008556f 100644
--- a/drivers/net/wireless/ath/ath9k/ath9k.h
+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
@@ -1018,7 +1018,7 @@ struct ath_softc {
u8 gtt_cnt;
u32 intrstatus;
- u32 rx_active_check_time;
+ unsigned long rx_active_check_time;
u32 rx_active_count;
u16 ps_flags; /* PS_* */
bool ps_enabled;
--
2.39.5
5 months, 1 week
- 4
- 59
[PATCH AUTOSEL 5.4 1/9] drm: allow encoder mode_set even when connectors change for crtc
by Sasha Levin
From: Abhinav Kumar <quic_abhinavk(a)quicinc.com>
[ Upstream commit 7e182cb4f5567f53417b762ec0d679f0b6f0039d ]
In certain use-cases, a CRTC could switch between two encoders
and because the mode being programmed on the CRTC remains
the same during this switch, the CRTC's mode_changed remains false.
In such cases, the encoder's mode_set also gets skipped.
Skipping mode_set on the encoder for such cases could cause an issue
because even though the same CRTC mode was being used, the encoder
type could have changed like the CRTC could have switched from a
real time encoder to a writeback encoder OR vice-versa.
Allow encoder's mode_set to happen even when connectors changed on a
CRTC and not just when the mode changed.
Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com>
Signed-off-by: Jessica Zhang <quic_jesszhan(a)quicinc.com>
Reviewed-by: Maxime Ripard <mripard(a)kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20241211-abhinavk-modeset-fix…
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/gpu/drm/drm_atomic_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c
index d91d6c063a1d2..70d97a7fc6864 100644
--- a/drivers/gpu/drm/drm_atomic_helper.c
+++ b/drivers/gpu/drm/drm_atomic_helper.c
@@ -1225,7 +1225,7 @@ crtc_set_mode(struct drm_device *dev, struct drm_atomic_state *old_state)
mode = &new_crtc_state->mode;
adjusted_mode = &new_crtc_state->adjusted_mode;
- if (!new_crtc_state->mode_changed)
+ if (!new_crtc_state->mode_changed && !new_crtc_state->connectors_changed)
continue;
DRM_DEBUG_ATOMIC("modeset on [ENCODER:%d:%s]\n",
--
2.39.5
5 months, 1 week
- 2
- 10
[PATCH v2] KVM: SVM: forcibly leave SMM mode on vCPU reset
by Mikhail Lobanov
Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode
on vCPU reset") addressed an issue where a triple fault occurring in
nested mode could lead to use-after-free scenarios. However, the commit
did not handle the analogous situation for System Management Mode (SMM).
This omission results in triggering a WARN when a vCPU reset occurs
while still in SMM mode, due to the check in kvm_vcpu_reset(). This
situation was reprodused using Syzkaller by:
1) Creating a KVM VM and vCPU
2) Sending a KVM_SMI ioctl to explicitly enter SMM
3) Executing invalid instructions causing consecutive exceptions and
eventually a triple fault
The issue manifests as follows:
WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112
kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112
Modules linked in:
CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted
6.1.130-syzkaller-00157-g164fe5dde9b6 #0
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112
Call Trace:
<TASK>
shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136
svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395
svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457
vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline]
vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062
kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283
kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Architecturally, hardware CPUs exit SMM upon receiving a triple
fault as part of a hardware reset. To reflect this behavior and
avoid triggering the WARN, this patch explicitly calls
kvm_smm_changed(vcpu, false) in the SVM-specific shutdown_interception()
handler prior to resetting the vCPU.
The initial version of this patch attempted to address the issue by calling
kvm_smm_changed() inside kvm_vcpu_reset(). However, this approach was not
architecturally accurate, as INIT is blocked during SMM and SMM should not
be exited implicitly during a generic vCPU reset. This version moves the
fix into shutdown_interception() for SVM, where the triple fault is
actually handled, and where exiting SMM explicitly is appropriate.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset")
Cc: stable(a)vger.kernel.org
Suggested-by: Sean Christopherson <seanjc(a)google.com>
Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru>
---
v2: Move SMM exit from kvm_vcpu_reset() to SVM's shutdown_interception(),
per suggestion from Sean Christopherson <seanjc(a)google.com>.
arch/x86/kvm/svm/svm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index d5d0c5c3300b..34a002a87c28 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2231,6 +2231,8 @@ static int shutdown_interception(struct kvm_vcpu *vcpu)
*/
if (!sev_es_guest(vcpu->kvm)) {
clear_page(svm->vmcb);
+ if (is_smm(vcpu))
+ kvm_smm_changed(vcpu, false);
kvm_vcpu_reset(vcpu, true);
}
--
2.47.2
5 months, 1 week
- 2
- 1
[PATCH 6.6.y] nvme-rdma: unquiesce admin_q before destroy it
by Feng Liu
From: "Chunguang.xu" <chunguang.xu(a)shopee.com>
[ Upstream commit 5858b687559809f05393af745cbadf06dee61295 ]
Kernel will hang on destroy admin_q while we create ctrl failed, such
as following calltrace:
PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme"
#0 [ff61d23de260fb78] __schedule at ffffffff8323bc15
#1 [ff61d23de260fc08] schedule at ffffffff8323c014
#2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1
#3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a
#4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006
#5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce
#6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced
#7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b
#8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362
#9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25
RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202
RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574
RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004
RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004
R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500
ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b
This due to we have quiesced admi_q before cancel requests, but forgot
to unquiesce before destroy it, as a result we fail to drain the
pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here
try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and
simplify the code.
Fixes: 958dc1d32c80 ("nvme-rdma: add clean action for failed reconnection")
Reported-by: Yingfu.zhou <yingfu.zhou(a)shopee.com>
Signed-off-by: Chunguang.xu <chunguang.xu(a)shopee.com>
Signed-off-by: Yue.zhao <yue.zhao(a)shopee.com>
Reviewed-by: Christoph Hellwig <hch(a)lst.de>
Reviewed-by: Hannes Reinecke <hare(a)suse.de>
Signed-off-by: Keith Busch <kbusch(a)kernel.org>
[Minor context change fixed]
Signed-off-by: Feng Liu <Feng.Liu3(a)windriver.com>
Signed-off-by: He Zhe <Zhe.He(a)windriver.com>
---
Verified the build test.
---
drivers/nvme/host/rdma.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
index c04317a966b3..055b95d2ce93 100644
--- a/drivers/nvme/host/rdma.c
+++ b/drivers/nvme/host/rdma.c
@@ -1083,13 +1083,7 @@ static int nvme_rdma_setup_ctrl(struct nvme_rdma_ctrl *ctrl, bool new)
nvme_rdma_free_io_queues(ctrl);
}
destroy_admin:
- nvme_quiesce_admin_queue(&ctrl->ctrl);
- blk_sync_queue(ctrl->ctrl.admin_q);
- nvme_rdma_stop_queue(&ctrl->queues[0]);
- nvme_cancel_admin_tagset(&ctrl->ctrl);
- if (new)
- nvme_remove_admin_tag_set(&ctrl->ctrl);
- nvme_rdma_destroy_admin_queue(ctrl);
+ nvme_rdma_teardown_admin_queue(ctrl, new);
return ret;
}
--
2.34.1
5 months, 1 week
- 2
- 1
[PATCH v6.12] nfsd: don't ignore the return code of svc_proc_register()
by cel@kernel.org
From: Jeff Layton <jlayton(a)kernel.org>
[ Upstream commit 930b64ca0c511521f0abdd1d57ce52b2a6e3476b ]
Currently, nfsd_proc_stat_init() ignores the return value of
svc_proc_register(). If the procfile creation fails, then the kernel
will WARN when it tries to remove the entry later.
Fix nfsd_proc_stat_init() to return the same type of pointer as
svc_proc_register(), and fix up nfsd_net_init() to check that and fail
the nfsd_net construction if it occurs.
svc_proc_register() can fail if the dentry can't be allocated, or if an
identical dentry already exists. The second case is pretty unlikely in
the nfsd_net construction codepath, so if this happens, return -ENOMEM.
Reported-by: syzbot+e34ad04f27991521104c(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.…
Cc: stable(a)vger.kernel.org # v6.9
Signed-off-by: Jeff Layton <jlayton(a)kernel.org>
Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com>
---
fs/nfsd/nfsctl.c | 9 ++++++++-
fs/nfsd/stats.c | 4 ++--
fs/nfsd/stats.h | 2 +-
3 files changed, 11 insertions(+), 4 deletions(-)
I did not have any problem cherry-picking 930b64 onto v6.12.23. This
built and ran some simple NFSD tests in my lab.
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index e83629f39604..2e835e7c107e 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -2244,8 +2244,14 @@ static __net_init int nfsd_net_init(struct net *net)
NFSD_STATS_COUNTERS_NUM);
if (retval)
goto out_repcache_error;
+
memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats));
nn->nfsd_svcstats.program = &nfsd_programs[0];
+ if (!nfsd_proc_stat_init(net)) {
+ retval = -ENOMEM;
+ goto out_proc_error;
+ }
+
for (i = 0; i < sizeof(nn->nfsd_versions); i++)
nn->nfsd_versions[i] = nfsd_support_version(i);
for (i = 0; i < sizeof(nn->nfsd4_minorversions); i++)
@@ -2255,12 +2261,13 @@ static __net_init int nfsd_net_init(struct net *net)
nfsd4_init_leases_net(nn);
get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key));
seqlock_init(&nn->writeverf_lock);
- nfsd_proc_stat_init(net);
#if IS_ENABLED(CONFIG_NFS_LOCALIO)
INIT_LIST_HEAD(&nn->local_clients);
#endif
return 0;
+out_proc_error:
+ percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM);
out_repcache_error:
nfsd_idmap_shutdown(net);
out_idmap_error:
diff --git a/fs/nfsd/stats.c b/fs/nfsd/stats.c
index bb22893f1157..f7eaf95e20fc 100644
--- a/fs/nfsd/stats.c
+++ b/fs/nfsd/stats.c
@@ -73,11 +73,11 @@ static int nfsd_show(struct seq_file *seq, void *v)
DEFINE_PROC_SHOW_ATTRIBUTE(nfsd);
-void nfsd_proc_stat_init(struct net *net)
+struct proc_dir_entry *nfsd_proc_stat_init(struct net *net)
{
struct nfsd_net *nn = net_generic(net, nfsd_net_id);
- svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
+ return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
}
void nfsd_proc_stat_shutdown(struct net *net)
diff --git a/fs/nfsd/stats.h b/fs/nfsd/stats.h
index 04aacb6c36e2..e4efb0e4e56d 100644
--- a/fs/nfsd/stats.h
+++ b/fs/nfsd/stats.h
@@ -10,7 +10,7 @@
#include <uapi/linux/nfsd/stats.h>
#include <linux/percpu_counter.h>
-void nfsd_proc_stat_init(struct net *net);
+struct proc_dir_entry *nfsd_proc_stat_init(struct net *net);
void nfsd_proc_stat_shutdown(struct net *net);
static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn)
--
2.47.0
5 months, 1 week
- 2
- 1
[PATCH 6.12.y] libbpf: Prevent compiler warnings/errors
by He Zhe
From: Eder Zulian <ezulian(a)redhat.com>
commit 7f4ec77f3fee41dd6a41f03a40703889e6e8f7b2 upstream.
Initialize 'new_off' and 'pad_bits' to 0 and 'pad_type' to NULL in
btf_dump_emit_bit_padding to prevent compiler warnings/errors which are
observed when compiling with 'EXTRA_CFLAGS=-g -Og' options, but do not
happen when compiling with current default options.
For example, when compiling libbpf with
$ make "EXTRA_CFLAGS=-g -Og" -C tools/lib/bpf/ clean all
Clang version 17.0.6 and GCC 13.3.1 fail to compile btf_dump.c due to
following errors:
btf_dump.c: In function ‘btf_dump_emit_bit_padding’:
btf_dump.c:903:42: error: ‘new_off’ may be used uninitialized [-Werror=maybe-uninitialized]
903 | if (new_off > cur_off && new_off <= next_off) {
| ~~~~~~~~^~~~~~~~~~~
btf_dump.c:870:13: note: ‘new_off’ was declared here
870 | int new_off, pad_bits, bits, i;
| ^~~~~~~
btf_dump.c:917:25: error: ‘pad_type’ may be used uninitialized [-Werror=maybe-uninitialized]
917 | btf_dump_printf(d, "\n%s%s: %d;", pfx(lvl), pad_type,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
918 | in_bitfield ? new_off - cur_off : 0);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
btf_dump.c:871:21: note: ‘pad_type’ was declared here
871 | const char *pad_type;
| ^~~~~~~~
btf_dump.c:930:20: error: ‘pad_bits’ may be used uninitialized [-Werror=maybe-uninitialized]
930 | if (bits == pad_bits) {
| ^
btf_dump.c:870:22: note: ‘pad_bits’ was declared here
870 | int new_off, pad_bits, bits, i;
| ^~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Eder Zulian <ezulian(a)redhat.com>
Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org>
Acked-by: Jiri Olsa <jolsa(a)kernel.org>
Link: https://lore.kernel.org/bpf/20241022172329.3871958-3-ezulian@redhat.com
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com>
---
Build test passed.
---
tools/lib/bpf/btf_dump.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
index 0a7327541c17..46cce18c8308 100644
--- a/tools/lib/bpf/btf_dump.c
+++ b/tools/lib/bpf/btf_dump.c
@@ -867,8 +867,8 @@ static void btf_dump_emit_bit_padding(const struct btf_dump *d,
} pads[] = {
{"long", d->ptr_sz * 8}, {"int", 32}, {"short", 16}, {"char", 8}
};
- int new_off, pad_bits, bits, i;
- const char *pad_type;
+ int new_off = 0, pad_bits = 0, bits, i;
+ const char *pad_type = NULL;
if (cur_off >= next_off)
return; /* no gap */
--
2.34.1
5 months, 1 week
- 2
- 1
[PATCH 5.15] ext4: fix timer use-after-free on failed mount
by Xiangyu Chen
From: Xiaxi Shen <shenxiaxi26(a)gmail.com>
commit 0ce160c5bdb67081a62293028dc85758a8efb22a upstream.
Syzbot has found an ODEBUG bug in ext4_fill_super
The del_timer_sync function cancels the s_err_report timer,
which reminds about filesystem errors daily. We should
guarantee the timer is no longer active before kfree(sbi).
When filesystem mounting fails, the flow goes to failed_mount3,
where an error occurs when ext4_stop_mmpd is called, causing
a read I/O failure. This triggers the ext4_handle_error function
that ultimately re-arms the timer,
leaving the s_err_report timer active before kfree(sbi) is called.
Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.
Signed-off-by: Xiaxi Shen <shenxiaxi26(a)gmail.com>
Reported-and-tested-by: syzbot+59e0101c430934bc9a36(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=59e0101c430934bc9a36
Link: https://patch.msgid.link/20240715043336.98097-1-shenxiaxi26@gmail.com
Signed-off-by: Theodore Ts'o <tytso(a)mit.edu>
Cc: stable(a)kernel.org
[Minor context change fixed]
Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified the build test.
---
fs/ext4/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 126b582d85fc..8f33b6db8aae 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -5085,8 +5085,8 @@ failed_mount9: __maybe_unused
failed_mount3:
/* flush s_error_work before sbi destroy */
flush_work(&sbi->s_error_work);
- del_timer_sync(&sbi->s_err_report);
ext4_stop_mmpd(sbi);
+ del_timer_sync(&sbi->s_err_report);
failed_mount2:
rcu_read_lock();
group_desc = rcu_dereference(sbi->s_group_desc);
--
2.34.1
5 months, 1 week
- 2
- 3
[PATCH 5.15.y] bpf: avoid holding freeze_mutex during mmap operation
by David Sauerwein
From: Andrii Nakryiko <andrii(a)kernel.org>
[ Upstream commit bc27c52eea189e8f7492d40739b7746d67b65beb ]
We use map->freeze_mutex to prevent races between map_freeze() and
memory mapping BPF map contents with writable permissions. The way we
naively do this means we'll hold freeze_mutex for entire duration of all
the mm and VMA manipulations, which is completely unnecessary. This can
potentially also lead to deadlocks, as reported by syzbot in [0].
So, instead, hold freeze_mutex only during writeability checks, bump
(proactively) "write active" count for the map, unlock the mutex and
proceed with mmap logic. And only if something went wrong during mmap
logic, then undo that "write active" counter increment.
[0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/
Fixes: fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY")
Reported-by: syzbot+4dc041c686b7c816a71e(a)syzkaller.appspotmail.com
Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org>
Link: https://lore.kernel.org/r/20250129012246.1515826-2-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast(a)kernel.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: David Sauerwein <dssauerw(a)amazon.de>
---
kernel/bpf/syscall.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 7fce461eae10..6f309248f13f 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -654,7 +654,7 @@ static const struct vm_operations_struct bpf_map_default_vmops = {
static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
{
struct bpf_map *map = filp->private_data;
- int err;
+ int err = 0;
if (!map->ops->map_mmap || map_value_has_spin_lock(map) ||
map_value_has_timer(map))
@@ -679,7 +679,12 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
err = -EACCES;
goto out;
}
+ bpf_map_write_active_inc(map);
}
+out:
+ mutex_unlock(&map->freeze_mutex);
+ if (err)
+ return err;
/* set default open/close callbacks */
vma->vm_ops = &bpf_map_default_vmops;
@@ -690,13 +695,11 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
vma->vm_flags &= ~VM_MAYWRITE;
err = map->ops->map_mmap(map, vma);
- if (err)
- goto out;
+ if (err) {
+ if (vma->vm_flags & VM_WRITE)
+ bpf_map_write_active_dec(map);
+ }
- if (vma->vm_flags & VM_MAYWRITE)
- bpf_map_write_active_inc(map);
-out:
- mutex_unlock(&map->freeze_mutex);
return err;
}
--
2.47.1
5 months, 1 week
- 2
- 1
[PATCH 0/2] Stable-6.6 backport x86/xen: fix memblock_reserve() usage on PVH
by Jason Andryuk
For stable-6.6.
("x86/xen: fix memblock_reserve() usage on PVH") is the fix, but it
depends on ("x86/xen: move xen_reserve_extra_memory()") as a
prerequisite. Both need fixups as they predate the removal of the Xen
hypercall_page.
Roger Pau Monne (2):
x86/xen: move xen_reserve_extra_memory()
x86/xen: fix memblock_reserve() usage on PVH
arch/x86/include/asm/xen/hypervisor.h | 5 --
arch/x86/platform/pvh/enlighten.c | 3 -
arch/x86/xen/enlighten_pvh.c | 93 +++++++++++++++------------
3 files changed, 51 insertions(+), 50 deletions(-)
--
2.49.0
5 months, 1 week
- 2
- 4
[PATCH 6.1.y] bpf: Prevent tail call between progs attached to different hooks
by jianqi.ren.cn@windriver.com
From: Xu Kuohai <xukuohai(a)huawei.com>
[ Upstream commit 28ead3eaabc16ecc907cfb71876da028080f6356 ]
bpf progs can be attached to kernel functions, and the attached functions
can take different parameters or return different return values. If
prog attached to one kernel function tail calls prog attached to another
kernel function, the ctx access or return value verification could be
bypassed.
For example, if prog1 is attached to func1 which takes only 1 parameter
and prog2 is attached to func2 which takes two parameters. Since verifier
assumes the bpf ctx passed to prog2 is constructed based on func2's
prototype, verifier allows prog2 to access the second parameter from
the bpf ctx passed to it. The problem is that verifier does not prevent
prog1 from passing its bpf ctx to prog2 via tail call. In this case,
the bpf ctx passed to prog2 is constructed from func1 instead of func2,
that is, the assumption for ctx access verification is bypassed.
Another example, if BPF LSM prog1 is attached to hook file_alloc_security,
and BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier
knows the return value rules for these two hooks, e.g. it is legal for
bpf_lsm_audit_rule_known to return positive number 1, and it is illegal
for file_alloc_security to return positive number. So verifier allows
prog2 to return positive number 1, but does not allow prog1 to return
positive number. The problem is that verifier does not prevent prog1
from calling prog2 via tail call. In this case, prog2's return value 1
will be used as the return value for prog1's hook file_alloc_security.
That is, the return value rule is bypassed.
This patch adds restriction for tail call to prevent such bypasses.
Signed-off-by: Xu Kuohai <xukuohai(a)huawei.com>
Link: https://lore.kernel.org/r/20240719110059.797546-4-xukuohai@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast(a)kernel.org>
Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org>
[Minor conflict resolved due to code context change.]
Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified the build test
---
include/linux/bpf.h | 1 +
kernel/bpf/core.c | 19 +++++++++++++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 2189c0d18fa7..e9c1338851e3 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -250,6 +250,7 @@ struct bpf_map {
* same prog type, JITed flag and xdp_has_frags flag.
*/
struct {
+ const struct btf_type *attach_func_proto;
spinlock_t lock;
enum bpf_prog_type type;
bool jited;
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 83b416af4da1..c281f5b8705e 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2121,6 +2121,7 @@ bool bpf_prog_map_compatible(struct bpf_map *map,
{
enum bpf_prog_type prog_type = resolve_prog_type(fp);
bool ret;
+ struct bpf_prog_aux *aux = fp->aux;
if (fp->kprobe_override)
return false;
@@ -2132,12 +2133,26 @@ bool bpf_prog_map_compatible(struct bpf_map *map,
*/
map->owner.type = prog_type;
map->owner.jited = fp->jited;
- map->owner.xdp_has_frags = fp->aux->xdp_has_frags;
+ map->owner.xdp_has_frags = aux->xdp_has_frags;
+ map->owner.attach_func_proto = aux->attach_func_proto;
ret = true;
} else {
ret = map->owner.type == prog_type &&
map->owner.jited == fp->jited &&
- map->owner.xdp_has_frags == fp->aux->xdp_has_frags;
+ map->owner.xdp_has_frags == aux->xdp_has_frags;
+ if (ret &&
+ map->owner.attach_func_proto != aux->attach_func_proto) {
+ switch (prog_type) {
+ case BPF_PROG_TYPE_TRACING:
+ case BPF_PROG_TYPE_LSM:
+ case BPF_PROG_TYPE_EXT:
+ case BPF_PROG_TYPE_STRUCT_OPS:
+ ret = false;
+ break;
+ default:
+ break;
+ }
+ }
}
spin_unlock(&map->owner.lock);
--
2.34.1
5 months, 1 week
- 2
- 1
[PATCH 6.1.y] bpf: avoid holding freeze_mutex during mmap operation
by David Sauerwein
From: Andrii Nakryiko <andrii(a)kernel.org>
[ Upstream commit bc27c52eea189e8f7492d40739b7746d67b65beb ]
We use map->freeze_mutex to prevent races between map_freeze() and
memory mapping BPF map contents with writable permissions. The way we
naively do this means we'll hold freeze_mutex for entire duration of all
the mm and VMA manipulations, which is completely unnecessary. This can
potentially also lead to deadlocks, as reported by syzbot in [0].
So, instead, hold freeze_mutex only during writeability checks, bump
(proactively) "write active" count for the map, unlock the mutex and
proceed with mmap logic. And only if something went wrong during mmap
logic, then undo that "write active" counter increment.
[0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/
Fixes: fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY")
Reported-by: syzbot+4dc041c686b7c816a71e(a)syzkaller.appspotmail.com
Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org>
Link: https://lore.kernel.org/r/20250129012246.1515826-2-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast(a)kernel.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: David Sauerwein <dssauerw(a)amazon.de>
---
kernel/bpf/syscall.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 7a4004f09bae..27fdf1b2fc46 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -813,7 +813,7 @@ static const struct vm_operations_struct bpf_map_default_vmops = {
static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
{
struct bpf_map *map = filp->private_data;
- int err;
+ int err = 0;
if (!map->ops->map_mmap || map_value_has_spin_lock(map) ||
map_value_has_timer(map) || map_value_has_kptrs(map))
@@ -838,7 +838,12 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
err = -EACCES;
goto out;
}
+ bpf_map_write_active_inc(map);
}
+out:
+ mutex_unlock(&map->freeze_mutex);
+ if (err)
+ return err;
/* set default open/close callbacks */
vma->vm_ops = &bpf_map_default_vmops;
@@ -849,13 +854,11 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
vma->vm_flags &= ~VM_MAYWRITE;
err = map->ops->map_mmap(map, vma);
- if (err)
- goto out;
+ if (err) {
+ if (vma->vm_flags & VM_WRITE)
+ bpf_map_write_active_dec(map);
+ }
- if (vma->vm_flags & VM_MAYWRITE)
- bpf_map_write_active_inc(map);
-out:
- mutex_unlock(&map->freeze_mutex);
return err;
}
--
2.47.1
5 months, 1 week
- 2
- 1
[PATCH v6.13] nfsd: don't ignore the return code of svc_proc_register()
by cel@kernel.org
From: Jeff Layton <jlayton(a)kernel.org>
[ Upstream commit 930b64ca0c511521f0abdd1d57ce52b2a6e3476b ]
Currently, nfsd_proc_stat_init() ignores the return value of
svc_proc_register(). If the procfile creation fails, then the kernel
will WARN when it tries to remove the entry later.
Fix nfsd_proc_stat_init() to return the same type of pointer as
svc_proc_register(), and fix up nfsd_net_init() to check that and fail
the nfsd_net construction if it occurs.
svc_proc_register() can fail if the dentry can't be allocated, or if an
identical dentry already exists. The second case is pretty unlikely in
the nfsd_net construction codepath, so if this happens, return -ENOMEM.
Reported-by: syzbot+e34ad04f27991521104c(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.…
Cc: stable(a)vger.kernel.org # v6.9
Signed-off-by: Jeff Layton <jlayton(a)kernel.org>
Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com>
---
fs/nfsd/nfsctl.c | 9 ++++++++-
fs/nfsd/stats.c | 4 ++--
fs/nfsd/stats.h | 2 +-
3 files changed, 11 insertions(+), 4 deletions(-)
I did not have any problem cherry-picking 930b64 onto v6.13.11. This
built and ran some simple NFSD tests in my lab.
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index e83629f39604..2e835e7c107e 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -2244,8 +2244,14 @@ static __net_init int nfsd_net_init(struct net *net)
NFSD_STATS_COUNTERS_NUM);
if (retval)
goto out_repcache_error;
+
memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats));
nn->nfsd_svcstats.program = &nfsd_programs[0];
+ if (!nfsd_proc_stat_init(net)) {
+ retval = -ENOMEM;
+ goto out_proc_error;
+ }
+
for (i = 0; i < sizeof(nn->nfsd_versions); i++)
nn->nfsd_versions[i] = nfsd_support_version(i);
for (i = 0; i < sizeof(nn->nfsd4_minorversions); i++)
@@ -2255,12 +2261,13 @@ static __net_init int nfsd_net_init(struct net *net)
nfsd4_init_leases_net(nn);
get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key));
seqlock_init(&nn->writeverf_lock);
- nfsd_proc_stat_init(net);
#if IS_ENABLED(CONFIG_NFS_LOCALIO)
INIT_LIST_HEAD(&nn->local_clients);
#endif
return 0;
+out_proc_error:
+ percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM);
out_repcache_error:
nfsd_idmap_shutdown(net);
out_idmap_error:
diff --git a/fs/nfsd/stats.c b/fs/nfsd/stats.c
index bb22893f1157..f7eaf95e20fc 100644
--- a/fs/nfsd/stats.c
+++ b/fs/nfsd/stats.c
@@ -73,11 +73,11 @@ static int nfsd_show(struct seq_file *seq, void *v)
DEFINE_PROC_SHOW_ATTRIBUTE(nfsd);
-void nfsd_proc_stat_init(struct net *net)
+struct proc_dir_entry *nfsd_proc_stat_init(struct net *net)
{
struct nfsd_net *nn = net_generic(net, nfsd_net_id);
- svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
+ return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
}
void nfsd_proc_stat_shutdown(struct net *net)
diff --git a/fs/nfsd/stats.h b/fs/nfsd/stats.h
index 04aacb6c36e2..e4efb0e4e56d 100644
--- a/fs/nfsd/stats.h
+++ b/fs/nfsd/stats.h
@@ -10,7 +10,7 @@
#include <uapi/linux/nfsd/stats.h>
#include <linux/percpu_counter.h>
-void nfsd_proc_stat_init(struct net *net);
+struct proc_dir_entry *nfsd_proc_stat_init(struct net *net);
void nfsd_proc_stat_shutdown(struct net *net);
static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn)
--
2.47.0
5 months, 1 week
- 2
- 1
[PATCH 5.10.y] bpf: avoid holding freeze_mutex during mmap operation
by David Sauerwein
From: Andrii Nakryiko <andrii(a)kernel.org>
[ Upstream commit bc27c52eea189e8f7492d40739b7746d67b65beb ]
We use map->freeze_mutex to prevent races between map_freeze() and
memory mapping BPF map contents with writable permissions. The way we
naively do this means we'll hold freeze_mutex for entire duration of all
the mm and VMA manipulations, which is completely unnecessary. This can
potentially also lead to deadlocks, as reported by syzbot in [0].
So, instead, hold freeze_mutex only during writeability checks, bump
(proactively) "write active" count for the map, unlock the mutex and
proceed with mmap logic. And only if something went wrong during mmap
logic, then undo that "write active" counter increment.
[0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/
Fixes: fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY")
Reported-by: syzbot+4dc041c686b7c816a71e(a)syzkaller.appspotmail.com
Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org>
Link: https://lore.kernel.org/r/20250129012246.1515826-2-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast(a)kernel.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: David Sauerwein <dssauerw(a)amazon.de>
---
kernel/bpf/syscall.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 008bb4e5c4dd..dc3d9a111cf1 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -647,7 +647,7 @@ static const struct vm_operations_struct bpf_map_default_vmops = {
static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
{
struct bpf_map *map = filp->private_data;
- int err;
+ int err = 0;
if (!map->ops->map_mmap || map_value_has_spin_lock(map))
return -ENOTSUPP;
@@ -671,7 +671,12 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
err = -EACCES;
goto out;
}
+ bpf_map_write_active_inc(map);
}
+out:
+ mutex_unlock(&map->freeze_mutex);
+ if (err)
+ return err;
/* set default open/close callbacks */
vma->vm_ops = &bpf_map_default_vmops;
@@ -682,13 +687,11 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma)
vma->vm_flags &= ~VM_MAYWRITE;
err = map->ops->map_mmap(map, vma);
- if (err)
- goto out;
+ if (err) {
+ if (vma->vm_flags & VM_WRITE)
+ bpf_map_write_active_dec(map);
+ }
- if (vma->vm_flags & VM_MAYWRITE)
- bpf_map_write_active_inc(map);
-out:
- mutex_unlock(&map->freeze_mutex);
return err;
}
--
2.47.1
5 months, 1 week
- 2
- 1
[PATCH 6.1.y] block: make bio_check_eod work for zero sized devices
by Miguel García
From: Christoph Hellwig <hch(a)lst.de>
commit 3eb96946f0be6bf447cbdf219aba22bc42672f92 upstream.
This patch is a backport.
Since the dawn of time bio_check_eod has a check for a non-zero size of
the device. This doesn't really make any sense as we never want to send
I/O to a device that's been set to zero size, or never moved out of that.
I am a bit surprised we haven't caught this for a long time, but the
removal of the extra validation inside of zram caused syzbot to trip
over this issue recently. I've added a Fixes tag for that commit, but
the issue really goes back way before git history.
Fixes: 9fe95babc742 ("zram: remove valid_io_request")
Reported-by: syzbot+2aca91e1d3ae43aef10c(a)syzkaller.appspotmail.com
Bug: https://syzkaller.appspot.com/bug?extid=2aca91e1d3ae43aef10c
Signed-off-by: Christoph Hellwig <hch(a)lst.de>
Link: https://lore.kernel.org/r/20230524060538.1593686-1-hch@lst.de
Signed-off-by: Jens Axboe <axboe(a)kernel.dk>
(cherry picked from commit 3eb96946f0be6bf447cbdf219aba22bc42672f92)
Signed-off-by: Miguel García <miguelgarciaroman8(a)gmail.com>
---
block/blk-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/blk-core.c b/block/blk-core.c
index 94941e3ce219..6a66f4f6912f 100644
--- a/block/blk-core.c
+++ b/block/blk-core.c
@@ -515,7 +515,7 @@ static inline int bio_check_eod(struct bio *bio)
sector_t maxsector = bdev_nr_sectors(bio->bi_bdev);
unsigned int nr_sectors = bio_sectors(bio);
- if (nr_sectors && maxsector &&
+ if (nr_sectors &&
(nr_sectors > maxsector ||
bio->bi_iter.bi_sector > maxsector - nr_sectors)) {
pr_info_ratelimited("%s: attempt to access beyond end of device\n"
--
2.34.1
5 months, 1 week
- 3
- 2
[PATCH 5.15.y] fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
by David Sauerwein
From: Oleg Nesterov <oleg(a)redhat.com>
[ Upstream commit 7601df8031fd67310af891897ef6cc0df4209305 ]
lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call
do_task_stat() at the same time and the process has NR_THREADS, it will
spin with irqs disabled O(NR_CPUS * NR_THREADS) time.
Change do_task_stat() to use sig->stats_lock to gather the statistics
outside of ->siglock protected section, in the likely case this code will
run lockless.
Link: https://lkml.kernel.org/r/20240123153357.GA21857@redhat.com
Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com>
Cc: Eric W. Biederman <ebiederm(a)xmission.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: David Sauerwein <dssauerw(a)amazon.de>
---
fs/proc/array.c | 53 +++++++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 24 deletions(-)
diff --git a/fs/proc/array.c b/fs/proc/array.c
index c925287a4dc4..2cb01aaa6718 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -462,12 +462,12 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
int permitted;
struct mm_struct *mm;
unsigned long long start_time;
- unsigned long cmin_flt = 0, cmaj_flt = 0;
- unsigned long min_flt = 0, maj_flt = 0;
- u64 cutime, cstime, utime, stime;
- u64 cgtime, gtime;
+ unsigned long cmin_flt, cmaj_flt, min_flt, maj_flt;
+ u64 cutime, cstime, cgtime, utime, stime, gtime;
unsigned long rsslim = 0;
unsigned long flags;
+ struct signal_struct *sig = task->signal;
+ unsigned int seq = 1;
state = *get_task_state(task);
vsize = eip = esp = 0;
@@ -495,12 +495,8 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
sigemptyset(&sigign);
sigemptyset(&sigcatch);
- cutime = cstime = 0;
- cgtime = gtime = 0;
if (lock_task_sighand(task, &flags)) {
- struct signal_struct *sig = task->signal;
-
if (sig->tty) {
struct pid *pgrp = tty_get_pgrp(sig->tty);
tty_pgrp = pid_nr_ns(pgrp, ns);
@@ -511,36 +507,45 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
num_threads = get_nr_threads(task);
collect_sigign_sigcatch(task, &sigign, &sigcatch);
+ rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur);
+
+ sid = task_session_nr_ns(task, ns);
+ ppid = task_tgid_nr_ns(task->real_parent, ns);
+ pgid = task_pgrp_nr_ns(task, ns);
+
+ unlock_task_sighand(task, &flags);
+ }
+
+ if (permitted && (!whole || num_threads < 2))
+ wchan = !task_is_running(task);
+
+ do {
+ seq++; /* 2 on the 1st/lockless path, otherwise odd */
+ flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq);
+
cmin_flt = sig->cmin_flt;
cmaj_flt = sig->cmaj_flt;
cutime = sig->cutime;
cstime = sig->cstime;
cgtime = sig->cgtime;
- rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur);
- /* add up live thread stats at the group level */
if (whole) {
struct task_struct *t = task;
+
+ min_flt = sig->min_flt;
+ maj_flt = sig->maj_flt;
+ gtime = sig->gtime;
+
+ rcu_read_lock();
do {
min_flt += t->min_flt;
maj_flt += t->maj_flt;
gtime += task_gtime(t);
} while_each_thread(task, t);
-
- min_flt += sig->min_flt;
- maj_flt += sig->maj_flt;
- gtime += sig->gtime;
+ rcu_read_unlock();
}
-
- sid = task_session_nr_ns(task, ns);
- ppid = task_tgid_nr_ns(task->real_parent, ns);
- pgid = task_pgrp_nr_ns(task, ns);
-
- unlock_task_sighand(task, &flags);
- }
-
- if (permitted && (!whole || num_threads < 2))
- wchan = !task_is_running(task);
+ } while (need_seqretry(&sig->stats_lock, seq));
+ done_seqretry_irqrestore(&sig->stats_lock, seq, flags);
if (whole) {
thread_group_cputime_adjusted(task, &utime, &stime);
--
2.47.1
5 months, 1 week
- 2
- 1
[PATCH 5.10.y] fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
by David Sauerwein
From: Oleg Nesterov <oleg(a)redhat.com>
[ Upstream commit 7601df8031fd67310af891897ef6cc0df4209305 ]
lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call
do_task_stat() at the same time and the process has NR_THREADS, it will
spin with irqs disabled O(NR_CPUS * NR_THREADS) time.
Change do_task_stat() to use sig->stats_lock to gather the statistics
outside of ->siglock protected section, in the likely case this code will
run lockless.
Link: https://lkml.kernel.org/r/20240123153357.GA21857@redhat.com
Signed-off-by: Oleg Nesterov <oleg(a)redhat.com>
Signed-off-by: Dylan Hatch <dylanbhatch(a)google.com>
Cc: Eric W. Biederman <ebiederm(a)xmission.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Signed-off-by: David Sauerwein <dssauerw(a)amazon.de>
---
fs/proc/array.c | 52 ++++++++++++++++++++++++++++---------------------
1 file changed, 30 insertions(+), 22 deletions(-)
diff --git a/fs/proc/array.c b/fs/proc/array.c
index 18a4588c35be..8fba6d39e776 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -443,12 +443,12 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
int permitted;
struct mm_struct *mm;
unsigned long long start_time;
- unsigned long cmin_flt = 0, cmaj_flt = 0;
- unsigned long min_flt = 0, maj_flt = 0;
- u64 cutime, cstime, utime, stime;
- u64 cgtime, gtime;
+ unsigned long cmin_flt, cmaj_flt, min_flt, maj_flt;
+ u64 cutime, cstime, cgtime, utime, stime, gtime;
unsigned long rsslim = 0;
unsigned long flags;
+ struct signal_struct *sig = task->signal;
+ unsigned int seq = 1;
state = *get_task_state(task);
vsize = eip = esp = 0;
@@ -476,12 +476,9 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
sigemptyset(&sigign);
sigemptyset(&sigcatch);
- cutime = cstime = utime = stime = 0;
- cgtime = gtime = 0;
+ utime = stime = 0;
if (lock_task_sighand(task, &flags)) {
- struct signal_struct *sig = task->signal;
-
if (sig->tty) {
struct pid *pgrp = tty_get_pgrp(sig->tty);
tty_pgrp = pid_nr_ns(pgrp, ns);
@@ -492,37 +489,48 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
num_threads = get_nr_threads(task);
collect_sigign_sigcatch(task, &sigign, &sigcatch);
+ rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur);
+
+ sid = task_session_nr_ns(task, ns);
+ ppid = task_tgid_nr_ns(task->real_parent, ns);
+ pgid = task_pgrp_nr_ns(task, ns);
+
+ unlock_task_sighand(task, &flags);
+ }
+
+ if (permitted && (!whole || num_threads < 2))
+ wchan = get_wchan(task);
+
+ do {
+ seq++; /* 2 on the 1st/lockless path, otherwise odd */
+ flags = read_seqbegin_or_lock_irqsave(&sig->stats_lock, &seq);
+
cmin_flt = sig->cmin_flt;
cmaj_flt = sig->cmaj_flt;
cutime = sig->cutime;
cstime = sig->cstime;
cgtime = sig->cgtime;
- rsslim = READ_ONCE(sig->rlim[RLIMIT_RSS].rlim_cur);
- /* add up live thread stats at the group level */
if (whole) {
struct task_struct *t = task;
+
+ min_flt = sig->min_flt;
+ maj_flt = sig->maj_flt;
+ gtime = sig->gtime;
+
+ rcu_read_lock();
do {
min_flt += t->min_flt;
maj_flt += t->maj_flt;
gtime += task_gtime(t);
} while_each_thread(task, t);
+ rcu_read_unlock();
- min_flt += sig->min_flt;
- maj_flt += sig->maj_flt;
thread_group_cputime_adjusted(task, &utime, &stime);
- gtime += sig->gtime;
}
+ } while (need_seqretry(&sig->stats_lock, seq));
+ done_seqretry_irqrestore(&sig->stats_lock, seq, flags);
- sid = task_session_nr_ns(task, ns);
- ppid = task_tgid_nr_ns(task->real_parent, ns);
- pgid = task_pgrp_nr_ns(task, ns);
-
- unlock_task_sighand(task, &flags);
- }
-
- if (permitted && (!whole || num_threads < 2))
- wchan = get_wchan(task);
if (!whole) {
min_flt = task->min_flt;
maj_flt = task->maj_flt;
--
2.47.1
5 months, 1 week
- 2
- 1
[PATCH 5.10.y] powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
by Cliff Liu
From: Nathan Lynch <nathanl(a)linux.ibm.com>
[ Upstream commit 0974d03eb479384466d828d65637814bee6b26d7 ]
Smatch warns:
arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential
spectre issue 'args.args' [r] (local cap)
The 'nargs' and 'nret' locals come directly from a user-supplied
buffer and are used as indexes into a small stack-based array and as
inputs to copy_to_user() after they are subject to bounds checks.
Use array_index_nospec() after the bounds checks to clamp these values
for speculative execution.
Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com>
Reported-by: Breno Leitao <leitao(a)debian.org>
Reviewed-by: Breno Leitao <leitao(a)debian.org>
Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au>
Link: https://msgid.link/20240530-sys_rtas-nargs-nret-v1-1-129acddd4d89@linux.ibm…
Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com>
Signed-off-by: He Zhe <Zhe.He(a)windriver.com>
---
Verified the powerpc build test.
---
arch/powerpc/kernel/rtas.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index 5976a25c6264..a8299981798a 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -16,6 +16,7 @@
#include <linux/capability.h>
#include <linux/delay.h>
#include <linux/cpu.h>
+#include <linux/nospec.h>
#include <linux/sched.h>
#include <linux/smp.h>
#include <linux/completion.h>
@@ -1173,6 +1174,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
|| nargs + nret > ARRAY_SIZE(args.args))
return -EINVAL;
+ nargs = array_index_nospec(nargs, ARRAY_SIZE(args.args));
+ nret = array_index_nospec(nret, ARRAY_SIZE(args.args) - nargs);
+
/* Copy in args. */
if (copy_from_user(args.args, uargs->args,
nargs * sizeof(rtas_arg_t)) != 0)
--
2.34.1
5 months, 1 week
- 2
- 1
[PATCH 6.6.y] powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
by Cliff Liu
From: Nathan Lynch <nathanl(a)linux.ibm.com>
[ Upstream commit 0974d03eb479384466d828d65637814bee6b26d7 ]
Smatch warns:
arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential
spectre issue 'args.args' [r] (local cap)
The 'nargs' and 'nret' locals come directly from a user-supplied
buffer and are used as indexes into a small stack-based array and as
inputs to copy_to_user() after they are subject to bounds checks.
Use array_index_nospec() after the bounds checks to clamp these values
for speculative execution.
Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com>
Reported-by: Breno Leitao <leitao(a)debian.org>
Reviewed-by: Breno Leitao <leitao(a)debian.org>
Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au>
Link: https://msgid.link/20240530-sys_rtas-nargs-nret-v1-1-129acddd4d89@linux.ibm…
[Minor context change fixed]
Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com>
Signed-off-by: He Zhe <Zhe.He(a)windriver.com>
---
Verified the powerpc build test.
---
arch/powerpc/kernel/rtas.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index 46b9476d7582..dc294c95da21 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -18,6 +18,7 @@
#include <linux/kernel.h>
#include <linux/lockdep.h>
#include <linux/memblock.h>
+#include <linux/nospec.h>
#include <linux/of.h>
#include <linux/of_fdt.h>
#include <linux/reboot.h>
@@ -1839,6 +1840,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
|| nargs + nret > ARRAY_SIZE(args.args))
return -EINVAL;
+ nargs = array_index_nospec(nargs, ARRAY_SIZE(args.args));
+ nret = array_index_nospec(nret, ARRAY_SIZE(args.args) - nargs);
+
/* Copy in args. */
if (copy_from_user(args.args, uargs->args,
nargs * sizeof(rtas_arg_t)) != 0)
--
2.34.1
5 months, 1 week
- 2
- 1
[PATCH 5.15.y] powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
by Cliff Liu
From: Nathan Lynch <nathanl(a)linux.ibm.com>
[ Upstream commit 0974d03eb479384466d828d65637814bee6b26d7 ]
Smatch warns:
arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential
spectre issue 'args.args' [r] (local cap)
The 'nargs' and 'nret' locals come directly from a user-supplied
buffer and are used as indexes into a small stack-based array and as
inputs to copy_to_user() after they are subject to bounds checks.
Use array_index_nospec() after the bounds checks to clamp these values
for speculative execution.
Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com>
Reported-by: Breno Leitao <leitao(a)debian.org>
Reviewed-by: Breno Leitao <leitao(a)debian.org>
Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au>
Link: https://msgid.link/20240530-sys_rtas-nargs-nret-v1-1-129acddd4d89@linux.ibm…
[Minor context change fixed]
Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com>
Signed-off-by: He Zhe <Zhe.He(a)windriver.com>
---
Verified the powerpc build test.
---
arch/powerpc/kernel/rtas.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index d01a0ad57e38..f2378f51cbed 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -16,6 +16,7 @@
#include <linux/capability.h>
#include <linux/delay.h>
#include <linux/cpu.h>
+#include <linux/nospec.h>
#include <linux/sched.h>
#include <linux/smp.h>
#include <linux/completion.h>
@@ -1076,6 +1077,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
|| nargs + nret > ARRAY_SIZE(args.args))
return -EINVAL;
+ nargs = array_index_nospec(nargs, ARRAY_SIZE(args.args));
+ nret = array_index_nospec(nret, ARRAY_SIZE(args.args) - nargs);
+
/* Copy in args. */
if (copy_from_user(args.args, uargs->args,
nargs * sizeof(rtas_arg_t)) != 0)
--
2.34.1
5 months, 1 week
- 2
- 1
[PATCH 6.1.y] powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
by Cliff Liu
From: Nathan Lynch <nathanl(a)linux.ibm.com>
[ Upstream commit 0974d03eb479384466d828d65637814bee6b26d7 ]
Smatch warns:
arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential
spectre issue 'args.args' [r] (local cap)
The 'nargs' and 'nret' locals come directly from a user-supplied
buffer and are used as indexes into a small stack-based array and as
inputs to copy_to_user() after they are subject to bounds checks.
Use array_index_nospec() after the bounds checks to clamp these values
for speculative execution.
Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com>
Reported-by: Breno Leitao <leitao(a)debian.org>
Reviewed-by: Breno Leitao <leitao(a)debian.org>
Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au>
Link: https://msgid.link/20240530-sys_rtas-nargs-nret-v1-1-129acddd4d89@linux.ibm…
[Minor context change fixed]
Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com>
Signed-off-by: He Zhe <Zhe.He(a)windriver.com>
---
Verified the powerpc build test.
---
arch/powerpc/kernel/rtas.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index f8d3caad4cf3..3c06c8389e05 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -25,6 +25,7 @@
#include <linux/reboot.h>
#include <linux/security.h>
#include <linux/syscalls.h>
+#include <linux/nospec.h>
#include <linux/of.h>
#include <linux/of_fdt.h>
@@ -1178,6 +1179,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
|| nargs + nret > ARRAY_SIZE(args.args))
return -EINVAL;
+ nargs = array_index_nospec(nargs, ARRAY_SIZE(args.args));
+ nret = array_index_nospec(nret, ARRAY_SIZE(args.args) - nargs);
+
/* Copy in args. */
if (copy_from_user(args.args, uargs->args,
nargs * sizeof(rtas_arg_t)) != 0)
--
2.34.1
5 months, 1 week
- 2
- 1
INHERITANCE FUNDS
by Hendrick John Neverett
We are writing to inform you that you have been identified as the sole
beneficiary of a substantial inheritance left by a deceased relative, who
was a client of our firm. The estate is valued at USD$6,500,000.00, and we
are handling the legal proceedings to transfer the funds to you. Please
reply for more details.
5 months, 1 week
- 1
- 0
[PATCH v1] gpio: pca953x: fix IRQ storm on system wake up
by Francesco Dolcini
From: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com>
If an input changes state during wake-up and is used as an interrupt
source, the IRQ handler reads the volatile input register to clear the
interrupt mask and deassert the IRQ line. However, the IRQ handler is
triggered before access to the register is granted, causing the read
operation to fail.
As a result, the IRQ handler enters a loop, repeatedly printing the
"failed reading register" message, until `pca953x_resume` is eventually
called, which restores the driver context and enables access to
registers.
Fix by using DEFINE_NOIRQ_DEV_PM_OPS which ensures that `pca953x_resume`
is called before the IRQ handler is called.
Fixes: b76574300504 ("gpio: pca953x: Restore registers after suspend/resume cycle")
Cc: stable(a)vger.kernel.org
Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com>
Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com>
---
drivers/gpio/gpio-pca953x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c
index d63c1030e6ac..d39bdc125cfc 100644
--- a/drivers/gpio/gpio-pca953x.c
+++ b/drivers/gpio/gpio-pca953x.c
@@ -1252,7 +1252,7 @@ static int pca953x_resume(struct device *dev)
return ret;
}
-static DEFINE_SIMPLE_DEV_PM_OPS(pca953x_pm_ops, pca953x_suspend, pca953x_resume);
+static DEFINE_NOIRQ_DEV_PM_OPS(pca953x_pm_ops, pca953x_suspend, pca953x_resume);
/* convenience to stop overlong match-table lines */
#define OF_653X(__nrgpio, __int) ((void *)(__nrgpio | PCAL653X_TYPE | __int))
--
2.39.5
5 months, 1 week
- 4
- 6
[for-linus][PATCH 7/7] rv: Fix out-of-bound memory access in rv_is_container_monitor()
by Steven Rostedt
From: Nam Cao <namcao(a)linutronix.de>
When rv_is_container_monitor() is called on the last monitor in
rv_monitors_list, KASAN yells:
BUG: KASAN: global-out-of-bounds in rv_is_container_monitor+0x101/0x110
Read of size 8 at addr ffffffff97c7c798 by task setup/221
The buggy address belongs to the variable:
rv_monitors_list+0x18/0x40
This is due to list_next_entry() is called on the last entry in the list.
It wraps around to the first list_head, and the first list_head is not
embedded in struct rv_monitor_def.
Fix it by checking if the monitor is last in the list.
Cc: stable(a)vger.kernel.org
Cc: Gabriele Monaco <gmonaco(a)redhat.com>
Fixes: cb85c660fcd4 ("rv: Add option for nested monitors and include sched")
Link: https://lore.kernel.org/e85b5eeb7228bfc23b8d7d4ab5411472c54ae91b.1744355018…
Signed-off-by: Nam Cao <namcao(a)linutronix.de>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
---
kernel/trace/rv/rv.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kernel/trace/rv/rv.c b/kernel/trace/rv/rv.c
index 968c5c3b0246..e4077500a91d 100644
--- a/kernel/trace/rv/rv.c
+++ b/kernel/trace/rv/rv.c
@@ -225,7 +225,12 @@ bool rv_is_nested_monitor(struct rv_monitor_def *mdef)
*/
bool rv_is_container_monitor(struct rv_monitor_def *mdef)
{
- struct rv_monitor_def *next = list_next_entry(mdef, list);
+ struct rv_monitor_def *next;
+
+ if (list_is_last(&mdef->list, &rv_monitors_list))
+ return false;
+
+ next = list_next_entry(mdef, list);
return next->parent == mdef->monitor || !mdef->monitor->enable;
}
--
2.47.2
5 months, 1 week
- 1
- 0
[for-linus][PATCH 3/7] ftrace: Properly merge notrace hashes
by Steven Rostedt
From: Andy Chiu <andybnac(a)gmail.com>
The global notrace hash should be jointly decided by the intersection of
each subops's notrace hash, but not the filter hash.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/20250408160258.48563-1-andybnac@gmail.com
Fixes: 5fccc7552ccb ("ftrace: Add subops logic to allow one ops to manage many")
Signed-off-by: Andy Chiu <andybnac(a)gmail.com>
[ fixed removing of freeing of filter_hash ]
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
---
kernel/trace/ftrace.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 1a48aedb5255..8939eeebb02e 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -3526,16 +3526,16 @@ int ftrace_startup_subops(struct ftrace_ops *ops, struct ftrace_ops *subops, int
ftrace_hash_empty(subops->func_hash->notrace_hash)) {
notrace_hash = EMPTY_HASH;
} else {
- size_bits = max(ops->func_hash->filter_hash->size_bits,
- subops->func_hash->filter_hash->size_bits);
+ size_bits = max(ops->func_hash->notrace_hash->size_bits,
+ subops->func_hash->notrace_hash->size_bits);
notrace_hash = alloc_ftrace_hash(size_bits);
if (!notrace_hash) {
free_ftrace_hash(filter_hash);
return -ENOMEM;
}
- ret = intersect_hash(¬race_hash, ops->func_hash->filter_hash,
- subops->func_hash->filter_hash);
+ ret = intersect_hash(¬race_hash, ops->func_hash->notrace_hash,
+ subops->func_hash->notrace_hash);
if (ret < 0) {
free_ftrace_hash(filter_hash);
free_ftrace_hash(notrace_hash);
--
2.47.2
5 months, 1 week
- 1
- 0
[for-linus][PATCH 2/7] tracing: Do not add length to print format in synthetic events
by Steven Rostedt
From: Steven Rostedt <rostedt(a)goodmis.org>
The following causes a vsnprintf fault:
# echo 's:wake_lat char[] wakee; u64 delta;' >> /sys/kernel/tracing/dynamic_events
# echo 'hist:keys=pid:ts=common_timestamp.usecs if !(common_flags & 0x18)' > /sys/kernel/tracing/events/sched/sched_waking/trigger
# echo 'hist:keys=next_pid:delta=common_timestamp.usecs-$ts:onmatch(sched.sched_waking).trace(wake_lat,next_comm,$delta)' > /sys/kernel/tracing/events/sched/sched_switch/trigger
Because the synthetic event's "wakee" field is created as a dynamic string
(even though the string copied is not). The print format to print the
dynamic string changed from "%*s" to "%s" because another location
(__set_synth_event_print_fmt()) exported this to user space, and user
space did not need that. But it is still used in print_synth_event(), and
the output looks like:
<idle>-0 [001] d..5. 193.428167: wake_lat: wakee=(efault)sshd-sessiondelta=155
sshd-session-879 [001] d..5. 193.811080: wake_lat: wakee=(efault)kworker/u34:5delta=58
<idle>-0 [002] d..5. 193.811198: wake_lat: wakee=(efault)bashdelta=91
bash-880 [002] d..5. 193.811371: wake_lat: wakee=(efault)kworker/u35:2delta=21
<idle>-0 [001] d..5. 193.811516: wake_lat: wakee=(efault)sshd-sessiondelta=129
sshd-session-879 [001] d..5. 193.967576: wake_lat: wakee=(efault)kworker/u34:5delta=50
The length isn't needed as the string is always nul terminated. Just print
the string and not add the length (which was hard coded to the max string
length anyway).
Cc: stable(a)vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Tom Zanussi <zanussi(a)kernel.org>
Cc: Douglas Raillard <douglas.raillard(a)arm.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
Link: https://lore.kernel.org/20250407154139.69955768@gandalf.local.home
Fixes: 4d38328eb442d ("tracing: Fix synth event printk format for str fields");
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
---
kernel/trace/trace_events_synth.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
index 969f48742d72..33cfbd4ed76d 100644
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -370,7 +370,6 @@ static enum print_line_t print_synth_event(struct trace_iterator *iter,
union trace_synth_field *data = &entry->fields[n_u64];
trace_seq_printf(s, print_fmt, se->fields[i]->name,
- STR_VAR_LEN_MAX,
(char *)entry + data->as_dynamic.offset,
i == se->n_fields - 1 ? "" : " ");
n_u64++;
--
2.47.2
5 months, 1 week
- 1
- 0
[PATCH 1/1] usb: ueagle-atm: wait for a firmware upload to complete
by Andrey Tsygunka
Syzkaller reported:
sysfs group 'power' not found for kobject 'ueagle-atm!adi930.fw'
WARNING: CPU: 1 PID: 6804 at fs/sysfs/group.c:278 sysfs_remove_group+0x120/0x170 fs/sysfs/group.c:278
Modules linked in:
CPU: 1 PID: 6804 Comm: kworker/1:5 Not tainted 6.1.128 #1
Hardware name: linux,dummy-virt (DT)
Workqueue: events request_firmware_work_func
Call trace:
sysfs_remove_group+0x120/0x170 fs/sysfs/group.c:278
dpm_sysfs_remove+0x9c/0xc0 drivers/base/power/sysfs.c:837
device_del+0x1e0/0xb30 drivers/base/core.c:3861
fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:120 [inline]
fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:158 [inline]
firmware_fallback_sysfs+0x880/0xa30 drivers/base/firmware_loader/fallback.c:234
_request_firmware+0xcc0/0x1030 drivers/base/firmware_loader/main.c:884
request_firmware_work_func+0xf0/0x240 drivers/base/firmware_loader/main.c:1135
process_one_work+0x878/0x1770 kernel/workqueue.c:2292
worker_thread+0x48c/0xe40 kernel/workqueue.c:2439
kthread+0x274/0x2e0 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
When calling the usb-device probe() method, request_firmware_nowait()
is called, an async task is created that creates a child device
to load the firmware and waits (fw_sysfs_wait_timeout()) for the
firmware to be ready. If an async disconnect event occurs for
usb-device while waiting, we may get a WARN() when calling
firmware_fallback_sysfs() about "no sysfs group 'power' found
for kobject" because it was removed by usb_disconnect().
To avoid this, add a routine to wait for the firmware loading process
to complete to prevent premature device disconnection.
Fixes: b72458a80c75 ("[PATCH] USB: Eagle and ADI 930 usb adsl modem driver")
Cc: stable(a)vger.kernel.org
Signed-off-by: Andrey Tsygunka <aitsygunka(a)yandex.ru>
---
drivers/usb/atm/ueagle-atm.c | 40 +++++++++++++++++++++++++++++++-----
1 file changed, 35 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/atm/ueagle-atm.c b/drivers/usb/atm/ueagle-atm.c
index cd0f7b4bd82a..eaa5ad316d89 100644
--- a/drivers/usb/atm/ueagle-atm.c
+++ b/drivers/usb/atm/ueagle-atm.c
@@ -570,6 +570,12 @@ MODULE_PARM_DESC(annex,
#define LOAD_INTERNAL 0xA0
#define F8051_USBCS 0x7f92
+struct uea_interface_data {
+ struct completion fw_upload_complete;
+ struct usb_device *usb;
+ struct usb_interface *intf;
+};
+
/*
* uea_send_modem_cmd - Send a command for pre-firmware devices.
*/
@@ -599,7 +605,8 @@ static int uea_send_modem_cmd(struct usb_device *usb,
static void uea_upload_pre_firmware(const struct firmware *fw_entry,
void *context)
{
- struct usb_device *usb = context;
+ struct uea_interface_data *uea_intf_data = context;
+ struct usb_device *usb = uea_intf_data->usb;
const u8 *pfw;
u8 value;
u32 crc = 0;
@@ -669,15 +676,17 @@ static void uea_upload_pre_firmware(const struct firmware *fw_entry,
uea_err(usb, "firmware is corrupted\n");
err:
release_firmware(fw_entry);
+ complete(&uea_intf_data->fw_upload_complete);
uea_leaves(usb);
}
/*
* uea_load_firmware - Load usb firmware for pre-firmware devices.
*/
-static int uea_load_firmware(struct usb_device *usb, unsigned int ver)
+static int uea_load_firmware(struct uea_interface_data *uea_intf_data, unsigned int ver)
{
int ret;
+ struct usb_device *usb = uea_intf_data->usb;
char *fw_name = EAGLE_FIRMWARE;
uea_enters(usb);
@@ -702,7 +711,7 @@ static int uea_load_firmware(struct usb_device *usb, unsigned int ver)
}
ret = request_firmware_nowait(THIS_MODULE, 1, fw_name, &usb->dev,
- GFP_KERNEL, usb,
+ GFP_KERNEL, uea_intf_data,
uea_upload_pre_firmware);
if (ret)
uea_err(usb, "firmware %s is not available\n", fw_name);
@@ -2586,6 +2595,7 @@ static struct usbatm_driver uea_usbatm_driver = {
static int uea_probe(struct usb_interface *intf, const struct usb_device_id *id)
{
struct usb_device *usb = interface_to_usbdev(intf);
+ struct uea_interface_data *uea_intf_data;
int ret;
uea_enters(usb);
@@ -2597,8 +2607,23 @@ static int uea_probe(struct usb_interface *intf, const struct usb_device_id *id)
usb_reset_device(usb);
- if (UEA_IS_PREFIRM(id))
- return uea_load_firmware(usb, UEA_CHIP_VERSION(id));
+ if (UEA_IS_PREFIRM(id)) {
+ uea_intf_data = devm_kzalloc(&usb->dev, sizeof(*uea_intf_data), GFP_KERNEL);
+ if (!uea_intf_data)
+ return -ENOMEM;
+
+ init_completion(&uea_intf_data->fw_upload_complete);
+ uea_intf_data->usb = usb;
+ uea_intf_data->intf = intf;
+
+ usb_set_intfdata(intf, uea_intf_data);
+
+ ret = uea_load_firmware(uea_intf_data, UEA_CHIP_VERSION(id));
+ if (ret)
+ complete(&uea_intf_data->fw_upload_complete);
+
+ return ret;
+ }
ret = usbatm_usb_probe(intf, id, &uea_usbatm_driver);
if (ret == 0) {
@@ -2618,6 +2643,7 @@ static int uea_probe(struct usb_interface *intf, const struct usb_device_id *id)
static void uea_disconnect(struct usb_interface *intf)
{
struct usb_device *usb = interface_to_usbdev(intf);
+ struct uea_interface_data *uea_intf_data;
int ifnum = intf->altsetting->desc.bInterfaceNumber;
uea_enters(usb);
@@ -2629,6 +2655,10 @@ static void uea_disconnect(struct usb_interface *intf)
usbatm_usb_disconnect(intf);
mutex_unlock(&uea_mutex);
uea_info(usb, "ADSL device removed\n");
+ } else {
+ uea_intf_data = usb_get_intfdata(intf);
+ uea_info(usb, "wait for completion uploading firmware\n");
+ wait_for_completion(&uea_intf_data->fw_upload_complete);
}
uea_leaves(usb);
--
2.25.1
5 months, 1 week
- 2
- 1
[PATCH v8] KEYS: Add a list for unreferenced keys
by Jarkko Sakkinen
From: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com>
Add an isolated list of unreferenced keys to be queued for deletion, and
try to pin the keys in the garbage collector before processing anything.
Skip unpinnable keys.
Use this list for blocking the reaping process during the teardown:
1. First off, the keys added to `keys_graveyard` are snapshotted, and the
list is flushed. This the very last step in `key_put()`.
2. `key_put()` reaches zero. This will mark key as busy for the garbage
collector.
3. `key_garbage_collector()` will try to increase refcount, which won't go
above zero. Whenever this happens, the key will be skipped.
Cc: stable(a)vger.kernel.org # v6.1+
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)opinsys.com>
---
v8:
- One more rebasing error (2x list_splice_init, reported by Marek Szyprowski)
v7:
- Fixed multiple definitions (from rebasing).
v6:
- Rebase went wrong in v5.
v5:
- Rebased on top of v6.15-rc
- Updated commit message to explain how spin lock and refcount
isolate the time window in key_put().
v4:
- Pin the key while processing key type teardown. Skip dead keys.
- Revert key_gc_graveyard back key_gc_unused_keys.
- Rewrote the commit message.
- "unsigned long flags" declaration somehow did make to the previous
patch (sorry).
v3:
- Using spin_lock() fails since key_put() is executed inside IRQs.
Using spin_lock_irqsave() would neither work given the lock is
acquired for /proc/keys. Therefore, separate the lock for
graveyard and key_graveyard before reaping key_serial_tree.
v2:
- Rename key_gc_unused_keys as key_gc_graveyard, and re-document the
function.
---
include/linux/key.h | 7 ++-----
security/keys/gc.c | 36 ++++++++++++++++++++----------------
security/keys/internal.h | 5 +++++
security/keys/key.c | 7 +++++--
4 files changed, 32 insertions(+), 23 deletions(-)
diff --git a/include/linux/key.h b/include/linux/key.h
index ba05de8579ec..c50659184bdf 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -195,10 +195,8 @@ enum key_state {
struct key {
refcount_t usage; /* number of references */
key_serial_t serial; /* key serial number */
- union {
- struct list_head graveyard_link;
- struct rb_node serial_node;
- };
+ struct list_head graveyard_link; /* key->usage == 0 */
+ struct rb_node serial_node;
#ifdef CONFIG_KEY_NOTIFICATIONS
struct watch_list *watchers; /* Entities watching this key for changes */
#endif
@@ -236,7 +234,6 @@ struct key {
#define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */
#define KEY_FLAG_KEEP 8 /* set if key should not be removed */
#define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */
-#define KEY_FLAG_FINAL_PUT 10 /* set if final put has happened on key */
/* the key type and key description string
* - the desc is used to match a key against search criteria
diff --git a/security/keys/gc.c b/security/keys/gc.c
index f27223ea4578..9ccd8ee6fcdb 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -189,6 +189,7 @@ static void key_garbage_collector(struct work_struct *work)
struct rb_node *cursor;
struct key *key;
time64_t new_timer, limit, expiry;
+ unsigned long flags;
kenter("[%lx,%x]", key_gc_flags, gc_state);
@@ -206,21 +207,35 @@ static void key_garbage_collector(struct work_struct *work)
new_timer = TIME64_MAX;
+ spin_lock_irqsave(&key_graveyard_lock, flags);
+ list_splice_init(&key_graveyard, &graveyard);
+ spin_unlock_irqrestore(&key_graveyard_lock, flags);
+
+ list_for_each_entry(key, &graveyard, graveyard_link) {
+ spin_lock(&key_serial_lock);
+ kdebug("unrefd key %d", key->serial);
+ rb_erase(&key->serial_node, &key_serial_tree);
+ spin_unlock(&key_serial_lock);
+ }
+
/* As only this function is permitted to remove things from the key
* serial tree, if cursor is non-NULL then it will always point to a
* valid node in the tree - even if lock got dropped.
*/
spin_lock(&key_serial_lock);
+ key = NULL;
cursor = rb_first(&key_serial_tree);
continue_scanning:
+ key_put(key);
while (cursor) {
key = rb_entry(cursor, struct key, serial_node);
cursor = rb_next(cursor);
-
- if (test_bit(KEY_FLAG_FINAL_PUT, &key->flags)) {
- smp_mb(); /* Clobber key->user after FINAL_PUT seen. */
- goto found_unreferenced_key;
+ /* key_get(), unless zero: */
+ if (!refcount_inc_not_zero(&key->usage)) {
+ key = NULL;
+ gc_state |= KEY_GC_REAP_AGAIN;
+ goto skip_dead_key;
}
if (unlikely(gc_state & KEY_GC_REAPING_DEAD_1)) {
@@ -274,6 +289,7 @@ static void key_garbage_collector(struct work_struct *work)
spin_lock(&key_serial_lock);
goto continue_scanning;
}
+ key_put(key);
/* We've completed the pass. Set the timer if we need to and queue a
* new cycle if necessary. We keep executing cycles until we find one
@@ -328,18 +344,6 @@ static void key_garbage_collector(struct work_struct *work)
kleave(" [end %x]", gc_state);
return;
- /* We found an unreferenced key - once we've removed it from the tree,
- * we can safely drop the lock.
- */
-found_unreferenced_key:
- kdebug("unrefd key %d", key->serial);
- rb_erase(&key->serial_node, &key_serial_tree);
- spin_unlock(&key_serial_lock);
-
- list_add_tail(&key->graveyard_link, &graveyard);
- gc_state |= KEY_GC_REAP_AGAIN;
- goto maybe_resched;
-
/* We found a restricted keyring and need to update the restriction if
* it is associated with the dead key type.
*/
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 2cffa6dc8255..4e3d9b322390 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -63,9 +63,14 @@ struct key_user {
int qnbytes; /* number of bytes allocated to this user */
};
+extern struct list_head key_graveyard;
+extern spinlock_t key_graveyard_lock;
+
extern struct rb_root key_user_tree;
extern spinlock_t key_user_lock;
extern struct key_user root_key_user;
+extern struct list_head key_graveyard;
+extern spinlock_t key_graveyard_lock;
extern struct key_user *key_user_lookup(kuid_t uid);
extern void key_user_put(struct key_user *user);
diff --git a/security/keys/key.c b/security/keys/key.c
index 7198cd2ac3a3..7511f2017b6b 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -22,6 +22,8 @@ DEFINE_SPINLOCK(key_serial_lock);
struct rb_root key_user_tree; /* tree of quota records indexed by UID */
DEFINE_SPINLOCK(key_user_lock);
+LIST_HEAD(key_graveyard);
+DEFINE_SPINLOCK(key_graveyard_lock);
unsigned int key_quota_root_maxkeys = 1000000; /* root's key count quota */
unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */
@@ -658,8 +660,9 @@ void key_put(struct key *key)
key->user->qnbytes -= key->quotalen;
spin_unlock_irqrestore(&key->user->lock, flags);
}
- smp_mb(); /* key->user before FINAL_PUT set. */
- set_bit(KEY_FLAG_FINAL_PUT, &key->flags);
+ spin_lock_irqsave(&key_graveyard_lock, flags);
+ list_add_tail(&key->graveyard_link, &key_graveyard);
+ spin_unlock_irqrestore(&key_graveyard_lock, flags);
schedule_work(&key_gc_work);
}
}
--
2.39.5
5 months, 1 week
- 2
- 7
Missing paravirt backport in 6.12.23
by Ike Devolder
Hi,
Can I report an issue with 6.12 LTS?
This backport in 6.12.23
[805e3ce5e0e32b31dcecc0774c57c17a1f13cef6][1]
also needs this upstream commit as well
[22cc5ca5de52bbfc36a7d4a55323f91fb4492264][2]
If it is missing and you don't have XEN enabled the build fails:
```
arch/x86/coco/tdx/tdx.c:1080:13: error: no member named 'safe_halt' in
'struct pv_irq_ops'
1080 | pv_ops.irq.safe_halt = tdx_safe_halt;
| ~~~~~~~~~~ ^
arch/x86/coco/tdx/tdx.c:1081:13: error: no member named 'halt' in
'struct pv_irq_ops'
1081 | pv_ops.irq.halt = tdx_halt;
| ~~~~~~~~~~ ^
2 errors generated.
make[5]: *** [scripts/Makefile.build:229: arch/x86/coco/tdx/tdx.o] Error 1
make[4]: *** [scripts/Makefile.build:478: arch/x86/coco/tdx] Error 2
make[3]: *** [scripts/Makefile.build:478: arch/x86/coco] Error 2
make[2]: *** [scripts/Makefile.build:478: arch/x86] Error 2
```
To make it work I have added the backport of
[805e3ce5e0e32b31dcecc0774c57c17a1f13cef6][1] as patch in my local build[3].
Best regards,
Ike
[1]:
https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit…
[2]:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
[3]:
https://gitlab.com/herecura/packages/linux-bede-lts/-/blob/0d7e313f13fdae9b…
5 months, 1 week
- 2
- 1
[PATCH v2 0/2] J722S: Disable WIZ0 and WIZ1 in SoC file
by Siddharth Vadapalli
Hello,
This series disables the "serdes_wiz0" and "serdes_wiz1" device-tree
nodes in the J722S SoC file and enables them in the board files where
they are required along with "serdes0" and "serdes1". There are two
reasons behind this change:
1. To follow the existing convention of disabling nodes in the SoC file
and enabling them in the board file as required.
2. To address situations where a board file hasn't explicitly disabled
"serdes_wiz0" and "serdes_wiz1" (example: am67a-beagley-ai.dts)
as a result of which booting the board displays the following errors:
wiz bus@f0000:phy@f000000: probe with driver wiz failed with error -12
...
wiz bus@f0000:phy@f010000: probe with driver wiz failed with error -12
Series is based on linux-next tagged next-20250408.
v1 of this series is at:
https://lore.kernel.org/r/20250408060636.3413856-1-s-vadapalli@ti.com/
Changes since v1:
- Added "Fixes" tag and updated commit message accordingly.
Regards,
Siddharth.
Siddharth Vadapalli (2):
arm64: dts: ti: k3-j722s-evm: Enable "serdes_wiz0" and "serdes_wiz1"
arm64: dts: ti: k3-j722s-main: Disable "serdes_wiz0" and "serdes_wiz1"
arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 8 ++++++++
arch/arm64/boot/dts/ti/k3-j722s-main.dtsi | 4 ++++
2 files changed, 12 insertions(+)
--
2.34.1
5 months, 1 week
- 2
- 7
[merged mm-hotfixes-stable] mm-fix-apply_to_existing_page_range.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: fix apply_to_existing_page_range()
has been removed from the -mm tree. Its filename was
mm-fix-apply_to_existing_page_range.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com>
Subject: mm: fix apply_to_existing_page_range()
Date: Wed, 9 Apr 2025 12:40:43 +0300
In the case of apply_to_existing_page_range(), apply_to_pte_range() is
reached with 'create' set to false. When !create, the loop over the PTE
page table is broken.
apply_to_pte_range() will only move to the next PTE entry if 'create' is
true or if the current entry is not pte_none().
This means that the user of apply_to_existing_page_range() will not have
'fn' called for any entries after the first pte_none() in the PTE page
table.
Fix the loop logic in apply_to_pte_range().
There are no known runtime issues from this, but the fix is trivial enough
for stable@ even without a known buggy user.
Link: https://lkml.kernel.org/r/20250409094043.1629234-1-kirill.shutemov@linux.in…
Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Fixes: be1db4753ee6 ("mm/memory.c: add apply_to_existing_page_range() helper")
Cc: Daniel Axtens <dja(a)axtens.net>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/memory.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/mm/memory.c~mm-fix-apply_to_existing_page_range
+++ a/mm/memory.c
@@ -2938,11 +2938,11 @@ static int apply_to_pte_range(struct mm_
if (fn) {
do {
if (create || !pte_none(ptep_get(pte))) {
- err = fn(pte++, addr, data);
+ err = fn(pte, addr, data);
if (err)
break;
}
- } while (addr += PAGE_SIZE, addr != end);
+ } while (pte++, addr += PAGE_SIZE, addr != end);
}
*mask |= PGTBL_PTE_MODIFIED;
_
Patches currently in -mm which might be from kirill.shutemov(a)linux.intel.com are
mm-page_alloc-fix-deadlock-on-cpu_hotplug_lock-in-__accept_page.patch
5 months, 2 weeks
- 1
- 0
[merged mm-hotfixes-stable] alloc_tag-handle-incomplete-bulk-allocations-in-vm_module_tags_populate.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate
has been removed from the -mm tree. Its filename was
alloc_tag-handle-incomplete-bulk-allocations-in-vm_module_tags_populate.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: "T.J. Mercier" <tjmercier(a)google.com>
Subject: alloc_tag: handle incomplete bulk allocations in vm_module_tags_populate
Date: Wed, 9 Apr 2025 22:51:11 +0000
alloc_pages_bulk_node() may partially succeed and allocate fewer than the
requested nr_pages. There are several conditions under which this can
occur, but we have encountered the case where CONFIG_PAGE_OWNER is enabled
causing all bulk allocations to always fallback to single page allocations
due to commit 187ad460b841 ("mm/page_alloc: avoid page allocator recursion
with pagesets.lock held").
Currently vm_module_tags_populate() immediately fails when
alloc_pages_bulk_node() returns fewer than the requested number of pages.
When this happens memory allocation profiling gets disabled, for example
[ 14.297583] [9: modprobe: 465] Failed to allocate memory for allocation tags in the module scsc_wlan. Memory allocation profiling is disabled!
[ 14.299339] [9: modprobe: 465] modprobe: Failed to insmod '/vendor/lib/modules/scsc_wlan.ko' with args '': Out of memory
This patch causes vm_module_tags_populate() to retry bulk allocations for
the remaining memory instead of failing immediately which will avoid the
disablement of memory allocation profiling.
Link: https://lkml.kernel.org/r/20250409225111.3770347-1-tjmercier@google.com
Fixes: 0f9b685626da ("alloc_tag: populate memory for module tags as needed")
Signed-off-by: T.J. Mercier <tjmercier(a)google.com>
Reported-by: Janghyuck Kim <janghyuck.kim(a)samsung.com>
Acked-by: Suren Baghdasaryan <surenb(a)google.com>
Cc: Kent Overstreet <kent.overstreet(a)linux.dev>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
lib/alloc_tag.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
--- a/lib/alloc_tag.c~alloc_tag-handle-incomplete-bulk-allocations-in-vm_module_tags_populate
+++ a/lib/alloc_tag.c
@@ -422,11 +422,20 @@ static int vm_module_tags_populate(void)
unsigned long old_shadow_end = ALIGN(phys_end, MODULE_ALIGN);
unsigned long new_shadow_end = ALIGN(new_end, MODULE_ALIGN);
unsigned long more_pages;
- unsigned long nr;
+ unsigned long nr = 0;
more_pages = ALIGN(new_end - phys_end, PAGE_SIZE) >> PAGE_SHIFT;
- nr = alloc_pages_bulk_node(GFP_KERNEL | __GFP_NOWARN,
- NUMA_NO_NODE, more_pages, next_page);
+ while (nr < more_pages) {
+ unsigned long allocated;
+
+ allocated = alloc_pages_bulk_node(GFP_KERNEL | __GFP_NOWARN,
+ NUMA_NO_NODE, more_pages - nr, next_page + nr);
+
+ if (!allocated)
+ break;
+ nr += allocated;
+ }
+
if (nr < more_pages ||
vmap_pages_range(phys_end, phys_end + (nr << PAGE_SHIFT), PAGE_KERNEL,
next_page, PAGE_SHIFT) < 0) {
_
Patches currently in -mm which might be from tjmercier(a)google.com are
5 months, 2 weeks
- 1
- 0
[merged mm-hotfixes-stable] mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: fix filemap_get_folios_contig returning batches of identical folios
has been removed from the -mm tree. Its filename was
mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com>
Subject: mm: fix filemap_get_folios_contig returning batches of identical folios
Date: Thu, 3 Apr 2025 16:54:17 -0700
filemap_get_folios_contig() is supposed to return distinct folios found
within [start, end]. Large folios in the Xarray become multi-index
entries. xas_next() can iterate through the sub-indexes before finding a
sibling entry and breaking out of the loop.
This can result in a returned folio_batch containing an indeterminate
number of duplicate folios, which forces the callers to skeptically handle
the returned batch. This is inefficient and incurs a large maintenance
overhead.
We can fix this by calling xas_advance() after we have successfully adding
a folio to the batch to ensure our Xarray is positioned such that it will
correctly find the next folio - similar to filemap_get_read_batch().
Link: https://lkml.kernel.org/r/Z-8s1-kiIDkzgRbc@fedora
Fixes: 35b471467f88 ("filemap: add filemap_get_folios_contig()")
Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com>
Reported-by: Qu Wenruo <quwenruo.btrfs(a)gmx.com>
Closes: https://lkml.kernel.org/r/b714e4de-2583-4035-b829-72cfb5eb6fc6@gmx.com
Tested-by: Qu Wenruo <quwenruo.btrfs(a)gmx.com>
Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org>
Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/filemap.c | 1 +
1 file changed, 1 insertion(+)
--- a/mm/filemap.c~mm-fix-filemap_get_folios_contig-returning-batches-of-identical-folios
+++ a/mm/filemap.c
@@ -2244,6 +2244,7 @@ unsigned filemap_get_folios_contig(struc
*start = folio->index + nr;
goto out;
}
+ xas_advance(&xas, folio_next_index(folio) - 1);
continue;
put_folio:
folio_put(folio);
_
Patches currently in -mm which might be from vishal.moola(a)gmail.com are
mm-compaction-use-folio-in-hugetlb-pathway.patch
5 months, 2 weeks
- 1
- 0
[merged mm-hotfixes-stable] mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: page_alloc: speed up fallbacks in rmqueue_bulk()
has been removed from the -mm tree. Its filename was
mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Johannes Weiner <hannes(a)cmpxchg.org>
Subject: mm: page_alloc: speed up fallbacks in rmqueue_bulk()
Date: Mon, 7 Apr 2025 14:01:53 -0400
The test robot identified c2f6ea38fc1b ("mm: page_alloc: don't steal
single pages from biggest buddy") as the root cause of a 56.4% regression
in vm-scalability::lru-file-mmap-read.
Carlos reports an earlier patch, c0cd6f557b90 ("mm: page_alloc: fix
freelist movement during block conversion"), as the root cause for a
regression in worst-case zone->lock+irqoff hold times.
Both of these patches modify the page allocator's fallback path to be less
greedy in an effort to stave off fragmentation. The flip side of this is
that fallbacks are also less productive each time around, which means the
fallback search can run much more frequently.
Carlos' traces point to rmqueue_bulk() specifically, which tries to refill
the percpu cache by allocating a large batch of pages in a loop. It
highlights how once the native freelists are exhausted, the fallback code
first scans orders top-down for whole blocks to claim, then falls back to
a bottom-up search for the smallest buddy to steal. For the next batch
page, it goes through the same thing again.
This can be made more efficient. Since rmqueue_bulk() holds the
zone->lock over the entire batch, the freelists are not subject to outside
changes; when the search for a block to claim has already failed, there is
no point in trying again for the next page.
Modify __rmqueue() to remember the last successful fallback mode, and
restart directly from there on the next rmqueue_bulk() iteration.
Oliver confirms that this improves beyond the regression that the test
robot reported against c2f6ea38fc1b:
commit:
f3b92176f4 ("tools/selftests: add guard region test for /proc/$pid/pagemap")
c2f6ea38fc ("mm: page_alloc: don't steal single pages from biggest buddy")
acc4d5ff0b ("Merge tag 'net-6.15-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net")
2c847f27c3 ("mm: page_alloc: speed up fallbacks in rmqueue_bulk()") <--- your patch
f3b92176f4f7100f c2f6ea38fc1b640aa7a2e155cc1 acc4d5ff0b61eb1715c498b6536 2c847f27c37da65a93d23c237c5
---------------- --------------------------- --------------------------- ---------------------------
%stddev %change %stddev %change %stddev %change %stddev
\ | \ | \ | \
25525364 �� 3% -56.4% 11135467 -57.8% 10779336 +31.6% 33581409 vm-scalability.throughput
Carlos confirms that worst-case times are almost fully recovered
compared to before the earlier culprit patch:
2dd482ba627d (before freelist hygiene): 1ms
c0cd6f557b90 (after freelist hygiene): 90ms
next-20250319 (steal smallest buddy): 280ms
this patch : 8ms
[jackmanb(a)google.com: comment updates]
Link: https://lkml.kernel.org/r/D92AC0P9594X.3BML64MUKTF8Z@google.com
[hannes(a)cmpxchg.org: reset rmqueue_mode in rmqueue_buddy() error loop, per Yunsheng Lin]
Link: https://lkml.kernel.org/r/20250409140023.GA2313@cmpxchg.org
Link: https://lkml.kernel.org/r/20250407180154.63348-1-hannes@cmpxchg.org
Fixes: c0cd6f557b90 ("mm: page_alloc: fix freelist movement during block conversion")
Fixes: c2f6ea38fc1b ("mm: page_alloc: don't steal single pages from biggest buddy")
Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org>
Signed-off-by: Brendan Jackman <jackmanb(a)google.com>
Reported-by: kernel test robot <oliver.sang(a)intel.com>
Reported-by: Carlos Song <carlos.song(a)nxp.com>
Tested-by: Carlos Song <carlos.song(a)nxp.com>
Tested-by: kernel test robot <oliver.sang(a)intel.com>
Closes: https://lore.kernel.org/oe-lkp/202503271547.fc08b188-lkp@intel.com
Reviewed-by: Brendan Jackman <jackmanb(a)google.com>
Tested-by: Shivank Garg <shivankg(a)amd.com>
Acked-by: Zi Yan <ziy(a)nvidia.com>
Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz>
Cc: <stable(a)vger.kernel.org> [6.10+]
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/page_alloc.c | 113 ++++++++++++++++++++++++++++++++--------------
1 file changed, 79 insertions(+), 34 deletions(-)
--- a/mm/page_alloc.c~mm-page_alloc-speed-up-fallbacks-in-rmqueue_bulk
+++ a/mm/page_alloc.c
@@ -2183,23 +2183,15 @@ try_to_claim_block(struct zone *zone, st
}
/*
- * Try finding a free buddy page on the fallback list.
- *
- * This will attempt to claim a whole pageblock for the requested type
- * to ensure grouping of such requests in the future.
- *
- * If a whole block cannot be claimed, steal an individual page, regressing to
- * __rmqueue_smallest() logic to at least break up as little contiguity as
- * possible.
+ * Try to allocate from some fallback migratetype by claiming the entire block,
+ * i.e. converting it to the allocation's start migratetype.
*
* The use of signed ints for order and current_order is a deliberate
* deviation from the rest of this file, to make the for loop
* condition simpler.
- *
- * Return the stolen page, or NULL if none can be found.
*/
static __always_inline struct page *
-__rmqueue_fallback(struct zone *zone, int order, int start_migratetype,
+__rmqueue_claim(struct zone *zone, int order, int start_migratetype,
unsigned int alloc_flags)
{
struct free_area *area;
@@ -2237,14 +2229,29 @@ __rmqueue_fallback(struct zone *zone, in
page = try_to_claim_block(zone, page, current_order, order,
start_migratetype, fallback_mt,
alloc_flags);
- if (page)
- goto got_one;
+ if (page) {
+ trace_mm_page_alloc_extfrag(page, order, current_order,
+ start_migratetype, fallback_mt);
+ return page;
+ }
}
- if (alloc_flags & ALLOC_NOFRAGMENT)
- return NULL;
+ return NULL;
+}
+
+/*
+ * Try to steal a single page from some fallback migratetype. Leave the rest of
+ * the block as its current migratetype, potentially causing fragmentation.
+ */
+static __always_inline struct page *
+__rmqueue_steal(struct zone *zone, int order, int start_migratetype)
+{
+ struct free_area *area;
+ int current_order;
+ struct page *page;
+ int fallback_mt;
+ bool claim_block;
- /* No luck claiming pageblock. Find the smallest fallback page */
for (current_order = order; current_order < NR_PAGE_ORDERS; current_order++) {
area = &(zone->free_area[current_order]);
fallback_mt = find_suitable_fallback(area, current_order,
@@ -2254,25 +2261,28 @@ __rmqueue_fallback(struct zone *zone, in
page = get_page_from_free_area(area, fallback_mt);
page_del_and_expand(zone, page, order, current_order, fallback_mt);
- goto got_one;
+ trace_mm_page_alloc_extfrag(page, order, current_order,
+ start_migratetype, fallback_mt);
+ return page;
}
return NULL;
-
-got_one:
- trace_mm_page_alloc_extfrag(page, order, current_order,
- start_migratetype, fallback_mt);
-
- return page;
}
+enum rmqueue_mode {
+ RMQUEUE_NORMAL,
+ RMQUEUE_CMA,
+ RMQUEUE_CLAIM,
+ RMQUEUE_STEAL,
+};
+
/*
* Do the hard work of removing an element from the buddy allocator.
* Call me with the zone->lock already held.
*/
static __always_inline struct page *
__rmqueue(struct zone *zone, unsigned int order, int migratetype,
- unsigned int alloc_flags)
+ unsigned int alloc_flags, enum rmqueue_mode *mode)
{
struct page *page;
@@ -2291,16 +2301,48 @@ __rmqueue(struct zone *zone, unsigned in
}
}
- page = __rmqueue_smallest(zone, order, migratetype);
- if (unlikely(!page)) {
- if (alloc_flags & ALLOC_CMA)
+ /*
+ * First try the freelists of the requested migratetype, then try
+ * fallbacks modes with increasing levels of fragmentation risk.
+ *
+ * The fallback logic is expensive and rmqueue_bulk() calls in
+ * a loop with the zone->lock held, meaning the freelists are
+ * not subject to any outside changes. Remember in *mode where
+ * we found pay dirt, to save us the search on the next call.
+ */
+ switch (*mode) {
+ case RMQUEUE_NORMAL:
+ page = __rmqueue_smallest(zone, order, migratetype);
+ if (page)
+ return page;
+ fallthrough;
+ case RMQUEUE_CMA:
+ if (alloc_flags & ALLOC_CMA) {
page = __rmqueue_cma_fallback(zone, order);
-
- if (!page)
- page = __rmqueue_fallback(zone, order, migratetype,
- alloc_flags);
+ if (page) {
+ *mode = RMQUEUE_CMA;
+ return page;
+ }
+ }
+ fallthrough;
+ case RMQUEUE_CLAIM:
+ page = __rmqueue_claim(zone, order, migratetype, alloc_flags);
+ if (page) {
+ /* Replenished preferred freelist, back to normal mode. */
+ *mode = RMQUEUE_NORMAL;
+ return page;
+ }
+ fallthrough;
+ case RMQUEUE_STEAL:
+ if (!(alloc_flags & ALLOC_NOFRAGMENT)) {
+ page = __rmqueue_steal(zone, order, migratetype);
+ if (page) {
+ *mode = RMQUEUE_STEAL;
+ return page;
+ }
+ }
}
- return page;
+ return NULL;
}
/*
@@ -2312,6 +2354,7 @@ static int rmqueue_bulk(struct zone *zon
unsigned long count, struct list_head *list,
int migratetype, unsigned int alloc_flags)
{
+ enum rmqueue_mode rmqm = RMQUEUE_NORMAL;
unsigned long flags;
int i;
@@ -2323,7 +2366,7 @@ static int rmqueue_bulk(struct zone *zon
}
for (i = 0; i < count; ++i) {
struct page *page = __rmqueue(zone, order, migratetype,
- alloc_flags);
+ alloc_flags, &rmqm);
if (unlikely(page == NULL))
break;
@@ -2948,7 +2991,9 @@ struct page *rmqueue_buddy(struct zone *
if (alloc_flags & ALLOC_HIGHATOMIC)
page = __rmqueue_smallest(zone, order, MIGRATE_HIGHATOMIC);
if (!page) {
- page = __rmqueue(zone, order, migratetype, alloc_flags);
+ enum rmqueue_mode rmqm = RMQUEUE_NORMAL;
+
+ page = __rmqueue(zone, order, migratetype, alloc_flags, &rmqm);
/*
* If the allocation fails, allow OOM handling and
_
Patches currently in -mm which might be from hannes(a)cmpxchg.org are
mm-page_alloc-tighten-up-find_suitable_fallback.patch
5 months, 2 weeks
- 1
- 0
[merged mm-hotfixes-stable] mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
has been removed from the -mm tree. Its filename was
mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Subject: mm/vma: add give_up_on_oom option on modify/merge, use in uffd release
Date: Fri, 21 Mar 2025 10:09:37 +0000
Currently, if a VMA merge fails due to an OOM condition arising on commit
merge or a failure to duplicate anon_vma's, we report this so the caller
can handle it.
However there are cases where the caller is only ostensibly trying a
merge, and doesn't mind if it fails due to this condition.
Since we do not want to introduce an implicit assumption that we only
actually modify VMAs after OOM conditions might arise, add a 'give up on
oom' option and make an explicit contract that, should this flag be set, we
absolutely will not modify any VMAs should OOM arise and just bail out.
Since it'd be very unusual for a user to try to vma_modify() with this flag
set but be specifying a range within a VMA which ends up being split (which
can fail due to rlimit issues, not only OOM), we add a debug warning for
this condition.
The motivating reason for this is uffd release - syzkaller (and Pedro
Falcato's VERY astute analysis) found a way in which an injected fault on
allocation, triggering an OOM condition on commit merge, would result in
uffd code becoming confused and treating an error value as if it were a VMA
pointer.
To avoid this, we make use of this new VMG flag to ensure that this never
occurs, utilising the fact that, should we be clearing entire VMAs, we do
not wish an OOM event to be reported to us.
Many thanks to Pedro Falcato for his excellent analysis and Jann Horn for
his insightful and intelligent analysis of the situation, both of whom were
instrumental in this fix.
Link: https://lkml.kernel.org/r/20250321100937.46634-1-lorenzo.stoakes@oracle.com
Reported-by: syzbot+20ed41006cf9d842c2b5(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/67dc67f0.050a0220.25ae54.001e.GAE@google.com/
Fixes: 47b16d0462a4 ("mm: abort vma_modify() on merge out of memory failure")
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Suggested-by: Pedro Falcato <pfalcato(a)suse.de>
Suggested-by: Jann Horn <jannh(a)google.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/userfaultfd.c | 13 +++++++++--
mm/vma.c | 51 +++++++++++++++++++++++++++++++++++++++++----
mm/vma.h | 9 +++++++
3 files changed, 66 insertions(+), 7 deletions(-)
--- a/mm/userfaultfd.c~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release
+++ a/mm/userfaultfd.c
@@ -1902,6 +1902,14 @@ struct vm_area_struct *userfaultfd_clear
unsigned long end)
{
struct vm_area_struct *ret;
+ bool give_up_on_oom = false;
+
+ /*
+ * If we are modifying only and not splitting, just give up on the merge
+ * if OOM prevents us from merging successfully.
+ */
+ if (start == vma->vm_start && end == vma->vm_end)
+ give_up_on_oom = true;
/* Reset ptes for the whole vma range if wr-protected */
if (userfaultfd_wp(vma))
@@ -1909,7 +1917,7 @@ struct vm_area_struct *userfaultfd_clear
ret = vma_modify_flags_uffd(vmi, prev, vma, start, end,
vma->vm_flags & ~__VM_UFFD_FLAGS,
- NULL_VM_UFFD_CTX);
+ NULL_VM_UFFD_CTX, give_up_on_oom);
/*
* In the vma_merge() successful mprotect-like case 8:
@@ -1960,7 +1968,8 @@ int userfaultfd_register_range(struct us
new_flags = (vma->vm_flags & ~__VM_UFFD_FLAGS) | vm_flags;
vma = vma_modify_flags_uffd(&vmi, prev, vma, start, vma_end,
new_flags,
- (struct vm_userfaultfd_ctx){ctx});
+ (struct vm_userfaultfd_ctx){ctx},
+ /* give_up_on_oom = */false);
if (IS_ERR(vma))
return PTR_ERR(vma);
--- a/mm/vma.c~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release
+++ a/mm/vma.c
@@ -666,6 +666,9 @@ static void vmg_adjust_set_range(struct
/*
* Actually perform the VMA merge operation.
*
+ * IMPORTANT: We guarantee that, should vmg->give_up_on_oom is set, to not
+ * modify any VMAs or cause inconsistent state should an OOM condition arise.
+ *
* Returns 0 on success, or an error value on failure.
*/
static int commit_merge(struct vma_merge_struct *vmg)
@@ -685,6 +688,12 @@ static int commit_merge(struct vma_merge
init_multi_vma_prep(&vp, vma, vmg);
+ /*
+ * If vmg->give_up_on_oom is set, we're safe, because we don't actually
+ * manipulate any VMAs until we succeed at preallocation.
+ *
+ * Past this point, we will not return an error.
+ */
if (vma_iter_prealloc(vmg->vmi, vma))
return -ENOMEM;
@@ -915,7 +924,13 @@ static __must_check struct vm_area_struc
if (anon_dup)
unlink_anon_vmas(anon_dup);
- vmg->state = VMA_MERGE_ERROR_NOMEM;
+ /*
+ * We've cleaned up any cloned anon_vma's, no VMAs have been
+ * modified, no harm no foul if the user requests that we not
+ * report this and just give up, leaving the VMAs unmerged.
+ */
+ if (!vmg->give_up_on_oom)
+ vmg->state = VMA_MERGE_ERROR_NOMEM;
return NULL;
}
@@ -926,7 +941,15 @@ static __must_check struct vm_area_struc
abort:
vma_iter_set(vmg->vmi, start);
vma_iter_load(vmg->vmi);
- vmg->state = VMA_MERGE_ERROR_NOMEM;
+
+ /*
+ * This means we have failed to clone anon_vma's correctly, but no
+ * actual changes to VMAs have occurred, so no harm no foul - if the
+ * user doesn't want this reported and instead just wants to give up on
+ * the merge, allow it.
+ */
+ if (!vmg->give_up_on_oom)
+ vmg->state = VMA_MERGE_ERROR_NOMEM;
return NULL;
}
@@ -1068,6 +1091,10 @@ int vma_expand(struct vma_merge_struct *
/* This should already have been checked by this point. */
VM_WARN_ON_VMG(!can_merge_remove_vma(next), vmg);
vma_start_write(next);
+ /*
+ * In this case we don't report OOM, so vmg->give_up_on_mm is
+ * safe.
+ */
ret = dup_anon_vma(middle, next, &anon_dup);
if (ret)
return ret;
@@ -1090,9 +1117,15 @@ int vma_expand(struct vma_merge_struct *
return 0;
nomem:
- vmg->state = VMA_MERGE_ERROR_NOMEM;
if (anon_dup)
unlink_anon_vmas(anon_dup);
+ /*
+ * If the user requests that we just give upon OOM, we are safe to do so
+ * here, as commit merge provides this contract to us. Nothing has been
+ * changed - no harm no foul, just don't report it.
+ */
+ if (!vmg->give_up_on_oom)
+ vmg->state = VMA_MERGE_ERROR_NOMEM;
return -ENOMEM;
}
@@ -1534,6 +1567,13 @@ static struct vm_area_struct *vma_modify
if (vmg_nomem(vmg))
return ERR_PTR(-ENOMEM);
+ /*
+ * Split can fail for reasons other than OOM, so if the user requests
+ * this it's probably a mistake.
+ */
+ VM_WARN_ON(vmg->give_up_on_oom &&
+ (vma->vm_start != start || vma->vm_end != end));
+
/* Split any preceding portion of the VMA. */
if (vma->vm_start < start) {
int err = split_vma(vmg->vmi, vma, start, 1);
@@ -1602,12 +1642,15 @@ struct vm_area_struct
struct vm_area_struct *vma,
unsigned long start, unsigned long end,
unsigned long new_flags,
- struct vm_userfaultfd_ctx new_ctx)
+ struct vm_userfaultfd_ctx new_ctx,
+ bool give_up_on_oom)
{
VMG_VMA_STATE(vmg, vmi, prev, vma, start, end);
vmg.flags = new_flags;
vmg.uffd_ctx = new_ctx;
+ if (give_up_on_oom)
+ vmg.give_up_on_oom = true;
return vma_modify(&vmg);
}
--- a/mm/vma.h~mm-vma-add-give_up_on_oom-option-on-modify-merge-use-in-uffd-release
+++ a/mm/vma.h
@@ -114,6 +114,12 @@ struct vma_merge_struct {
*/
bool just_expand :1;
+ /*
+ * If a merge is possible, but an OOM error occurs, give up and don't
+ * execute the merge, returning NULL.
+ */
+ bool give_up_on_oom :1;
+
/* Internal flags set during merge process: */
/*
@@ -255,7 +261,8 @@ __must_check struct vm_area_struct
struct vm_area_struct *vma,
unsigned long start, unsigned long end,
unsigned long new_flags,
- struct vm_userfaultfd_ctx new_ctx);
+ struct vm_userfaultfd_ctx new_ctx,
+ bool give_up_on_oom);
__must_check struct vm_area_struct
*vma_merge_new_range(struct vma_merge_struct *vmg);
_
Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are
maintainers-add-memory-advice-section.patch
mm-vma-fix-incorrectly-disallowed-anonymous-vma-merges.patch
tools-testing-add-procmap_query-helper-functions-in-mm-self-tests.patch
tools-testing-selftests-assert-that-anon-merge-cases-behave-as-expected.patch
5 months, 2 weeks
- 1
- 0
[merged mm-hotfixes-stable] selftests-mm-generate-a-temporary-mountpoint-for-cgroup-filesystem.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: selftests/mm: generate a temporary mountpoint for cgroup filesystem
has been removed from the -mm tree. Its filename was
selftests-mm-generate-a-temporary-mountpoint-for-cgroup-filesystem.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Mark Brown <broonie(a)kernel.org>
Subject: selftests/mm: generate a temporary mountpoint for cgroup filesystem
Date: Fri, 04 Apr 2025 17:42:32 +0100
Currently if the filesystem for the cgroups version it wants to use is not
mounted charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh tests
will attempt to mount it on the hard coded path /dev/cgroup/memory,
deleting that directory when the test finishes. This will fail if there
is not a preexisting directory at that path, and since the directory is
deleted subsequent runs of the test will fail. Instead of relying on this
hard coded directory name use mktemp to generate a temporary directory to
use as a mountpoint, fixing both the assumption and the disruption caused
by deleting a preexisting directory.
This means that if the relevant cgroup filesystem is not already mounted
then we rely on having coreutils (which provides mktemp) installed. I
suspect that many current users are relying on having things automounted
by default, and given that the script relies on bash it's probably not an
unreasonable requirement.
Link: https://lkml.kernel.org/r/20250404-kselftest-mm-cgroup2-detection-v1-1-3dba…
Fixes: 209376ed2a84 ("selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting")
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: Aishwarya TCV <aishwarya.tcv(a)arm.com>
Cc: Mark Brown <broonie(a)kernel.org>
Cc: Mina Almasry <almasrymina(a)google.com>
Cc: Shuah Khan <shuah(a)kernel.org>
Cc: Waiman Long <longman(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
tools/testing/selftests/mm/charge_reserved_hugetlb.sh | 4 ++--
tools/testing/selftests/mm/hugetlb_reparenting_test.sh | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/tools/testing/selftests/mm/charge_reserved_hugetlb.sh~selftests-mm-generate-a-temporary-mountpoint-for-cgroup-filesystem
+++ a/tools/testing/selftests/mm/charge_reserved_hugetlb.sh
@@ -29,7 +29,7 @@ fi
if [[ $cgroup2 ]]; then
cgroup_path=$(mount -t cgroup2 | head -1 | awk '{print $3}')
if [[ -z "$cgroup_path" ]]; then
- cgroup_path=/dev/cgroup/memory
+ cgroup_path=$(mktemp -d)
mount -t cgroup2 none $cgroup_path
do_umount=1
fi
@@ -37,7 +37,7 @@ if [[ $cgroup2 ]]; then
else
cgroup_path=$(mount -t cgroup | grep ",hugetlb" | awk '{print $3}')
if [[ -z "$cgroup_path" ]]; then
- cgroup_path=/dev/cgroup/memory
+ cgroup_path=$(mktemp -d)
mount -t cgroup memory,hugetlb $cgroup_path
do_umount=1
fi
--- a/tools/testing/selftests/mm/hugetlb_reparenting_test.sh~selftests-mm-generate-a-temporary-mountpoint-for-cgroup-filesystem
+++ a/tools/testing/selftests/mm/hugetlb_reparenting_test.sh
@@ -23,7 +23,7 @@ fi
if [[ $cgroup2 ]]; then
CGROUP_ROOT=$(mount -t cgroup2 | head -1 | awk '{print $3}')
if [[ -z "$CGROUP_ROOT" ]]; then
- CGROUP_ROOT=/dev/cgroup/memory
+ CGROUP_ROOT=$(mktemp -d)
mount -t cgroup2 none $CGROUP_ROOT
do_umount=1
fi
_
Patches currently in -mm which might be from broonie(a)kernel.org are
5 months, 2 weeks
- 1
- 0
[merged mm-hotfixes-stable] mm-compaction-fix-bug-in-hugetlb-handling-pathway.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm/compaction: fix bug in hugetlb handling pathway
has been removed from the -mm tree. Its filename was
mm-compaction-fix-bug-in-hugetlb-handling-pathway.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com>
Subject: mm/compaction: fix bug in hugetlb handling pathway
Date: Mon, 31 Mar 2025 19:10:24 -0700
The compaction code doesn't take references on pages until we're certain
we should attempt to handle it.
In the hugetlb case, isolate_or_dissolve_huge_page() may return -EBUSY
without taking a reference to the folio associated with our pfn. If our
folio's refcount drops to 0, compound_nr() becomes unpredictable, making
low_pfn and nr_scanned unreliable. The user-visible effect is minimal -
this should rarely happen (if ever).
Fix this by storing the folio statistics earlier on the stack (just like
the THP and Buddy cases).
Also revert commit 66fe1cf7f581 ("mm: compaction: use helper compound_nr
in isolate_migratepages_block") to make backporting easier.
Link: https://lkml.kernel.org/r/20250401021025.637333-1-vishal.moola@gmail.com
Fixes: 369fa227c219 ("mm: make alloc_contig_range handle free hugetlb pages")
Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com>
Acked-by: Oscar Salvador <osalvador(a)suse.de>
Reviewed-by: Zi Yan <ziy(a)nvidia.com>
Cc: Miaohe Lin <linmiaohe(a)huawei.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/compaction.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/mm/compaction.c~mm-compaction-fix-bug-in-hugetlb-handling-pathway
+++ a/mm/compaction.c
@@ -981,13 +981,13 @@ isolate_migratepages_block(struct compac
}
if (PageHuge(page)) {
+ const unsigned int order = compound_order(page);
/*
* skip hugetlbfs if we are not compacting for pages
* bigger than its order. THPs and other compound pages
* are handled below.
*/
if (!cc->alloc_contig) {
- const unsigned int order = compound_order(page);
if (order <= MAX_PAGE_ORDER) {
low_pfn += (1UL << order) - 1;
@@ -1011,8 +1011,8 @@ isolate_migratepages_block(struct compac
/* Do not report -EBUSY down the chain */
if (ret == -EBUSY)
ret = 0;
- low_pfn += compound_nr(page) - 1;
- nr_scanned += compound_nr(page) - 1;
+ low_pfn += (1UL << order) - 1;
+ nr_scanned += (1UL << order) - 1;
goto isolate_fail;
}
_
Patches currently in -mm which might be from vishal.moola(a)gmail.com are
mm-compaction-use-folio-in-hugetlb-pathway.patch
5 months, 2 weeks
- 1
- 0
[merged mm-hotfixes-stable] lib-iov_iter-fix-to-increase-non-slab-folio-refcount.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: lib/iov_iter: fix to increase non slab folio refcount
has been removed from the -mm tree. Its filename was
lib-iov_iter-fix-to-increase-non-slab-folio-refcount.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Sheng Yong <shengyong1(a)xiaomi.com>
Subject: lib/iov_iter: fix to increase non slab folio refcount
Date: Tue, 1 Apr 2025 22:47:12 +0800
When testing EROFS file-backed mount over v9fs on qemu, I encountered a
folio UAF issue. The page sanity check reports the following call trace.
The root cause is that pages in bvec are coalesced across a folio bounary.
The refcount of all non-slab folios should be increased to ensure
p9_releas_pages can put them correctly.
BUG: Bad page state in process md5sum pfn:18300
page: refcount:0 mapcount:0 mapping:00000000d5ad8e4e index:0x60 pfn:0x18300
head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
aops:z_erofs_aops ino:30b0f dentry name(?):"GoogleExtServicesCn.apk"
flags: 0x100000000000041(locked|head|node=0|zone=1)
raw: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0
raw: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000
head: 0100000000000041 dead000000000100 dead000000000122 ffff888014b13bd0
head: 0000000000000060 0000000000000020 00000000ffffffff 0000000000000000
head: 0100000000000000 0000000000000000 ffffffffffffffff 0000000000000000
head: 0000000000000010 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Call Trace:
dump_stack_lvl+0x53/0x70
bad_page+0xd4/0x220
__free_pages_ok+0x76d/0xf30
__folio_put+0x230/0x320
p9_release_pages+0x179/0x1f0
p9_virtio_zc_request+0xa2a/0x1230
p9_client_zc_rpc.constprop.0+0x247/0x700
p9_client_read_once+0x34d/0x810
p9_client_read+0xf3/0x150
v9fs_issue_read+0x111/0x360
netfs_unbuffered_read_iter_locked+0x927/0x1390
netfs_unbuffered_read_iter+0xa2/0xe0
vfs_iocb_iter_read+0x2c7/0x460
erofs_fileio_rq_submit+0x46b/0x5b0
z_erofs_runqueue+0x1203/0x21e0
z_erofs_readahead+0x579/0x8b0
read_pages+0x19f/0xa70
page_cache_ra_order+0x4ad/0xb80
filemap_readahead.isra.0+0xe7/0x150
filemap_get_pages+0x7aa/0x1890
filemap_read+0x320/0xc80
vfs_read+0x6c6/0xa30
ksys_read+0xf9/0x1c0
do_syscall_64+0x9e/0x1a0
entry_SYSCALL_64_after_hwframe+0x71/0x79
Link: https://lkml.kernel.org/r/20250401144712.1377719-1-shengyong1@xiaomi.com
Fixes: b9c0e49abfca ("mm: decline to manipulate the refcount on a slab page")
Signed-off-by: Sheng Yong <shengyong1(a)xiaomi.com>
Reviewed-by: Matthew Wilcox (Oracle) <willy(a)infradead.org>
Acked-by: Vlastimil Babka <vbabka(a)suse.cz>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
lib/iov_iter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/iov_iter.c~lib-iov_iter-fix-to-increase-non-slab-folio-refcount
+++ a/lib/iov_iter.c
@@ -1191,7 +1191,7 @@ static ssize_t __iov_iter_get_pages_allo
return -ENOMEM;
p = *pages;
for (int k = 0; k < n; k++) {
- struct folio *folio = page_folio(page);
+ struct folio *folio = page_folio(page + k);
p[k] = page + k;
if (!folio_test_slab(folio))
folio_get(folio);
_
Patches currently in -mm which might be from shengyong1(a)xiaomi.com are
5 months, 2 weeks
- 1
- 0
+ mm-hugetlb-fix-incorrect-fallback-for-subpool.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm: hugetlb: fix incorrect fallback for subpool
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-hugetlb-fix-incorrect-fallback-for-subpool.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Wupeng Ma <mawupeng1(a)huawei.com>
Subject: mm: hugetlb: fix incorrect fallback for subpool
Date: Thu, 10 Apr 2025 14:26:33 +0800
During our testing with hugetlb subpool enabled, we observe that
hstate->resv_huge_pages may underflow into negative values. Root cause
analysis reveals a race condition in subpool reservation fallback handling
as follow:
hugetlb_reserve_pages()
/* Attempt subpool reservation */
gbl_reserve = hugepage_subpool_get_pages(spool, chg);
/* Global reservation may fail after subpool allocation */
if (hugetlb_acct_memory(h, gbl_reserve) < 0)
goto out_put_pages;
out_put_pages:
/* This incorrectly restores reservation to subpool */
hugepage_subpool_put_pages(spool, chg);
When hugetlb_acct_memory() fails after subpool allocation, the current
implementation over-commits subpool reservations by returning the full
'chg' value instead of the actual allocated 'gbl_reserve' amount. This
discrepancy propagates to global reservations during subsequent releases,
eventually causing resv_huge_pages underflow.
This problem can be trigger easily with the following steps:
1. reverse hugepage for hugeltb allocation
2. mount hugetlbfs with min_size to enable hugetlb subpool
3. alloc hugepages with two task(make sure the second will fail due to
insufficient amount of hugepages)
4. with for a few seconds and repeat step 3 which will make
hstate->resv_huge_pages to go below zero.
To fix this problem, return corrent amount of pages to subpool during the
fallback after hugepage_subpool_get_pages is called.
Link: https://lkml.kernel.org/r/20250410062633.3102457-1-mawupeng1@huawei.com
Fixes: 1c5ecae3a93f ("hugetlbfs: add minimum size accounting to subpools")
Signed-off-by: Wupeng Ma <mawupeng1(a)huawei.com>
Tested-by: Joshua Hahn <joshua.hahnjy(a)gmail.com>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: Ma Wupeng <mawupeng1(a)huawei.com>
Cc: Muchun Song <muchun.song(a)linux.dev>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/hugetlb.c | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
--- a/mm/hugetlb.c~mm-hugetlb-fix-incorrect-fallback-for-subpool
+++ a/mm/hugetlb.c
@@ -3010,7 +3010,7 @@ struct folio *alloc_hugetlb_folio(struct
struct hugepage_subpool *spool = subpool_vma(vma);
struct hstate *h = hstate_vma(vma);
struct folio *folio;
- long retval, gbl_chg;
+ long retval, gbl_chg, gbl_reserve;
map_chg_state map_chg;
int ret, idx;
struct hugetlb_cgroup *h_cg = NULL;
@@ -3163,8 +3163,16 @@ out_uncharge_cgroup_reservation:
hugetlb_cgroup_uncharge_cgroup_rsvd(idx, pages_per_huge_page(h),
h_cg);
out_subpool_put:
- if (map_chg)
- hugepage_subpool_put_pages(spool, 1);
+ /*
+ * put page to subpool iff the quota of subpool's rsv_hpages is used
+ * during hugepage_subpool_get_pages.
+ */
+ if (map_chg && !gbl_chg) {
+ gbl_reserve = hugepage_subpool_put_pages(spool, 1);
+ hugetlb_acct_memory(h, -gbl_reserve);
+ }
+
+
out_end_reservation:
if (map_chg != MAP_CHG_ENFORCED)
vma_end_reservation(h, vma, addr);
@@ -7233,7 +7241,7 @@ bool hugetlb_reserve_pages(struct inode
struct vm_area_struct *vma,
vm_flags_t vm_flags)
{
- long chg = -1, add = -1;
+ long chg = -1, add = -1, spool_resv, gbl_resv;
struct hstate *h = hstate_inode(inode);
struct hugepage_subpool *spool = subpool_inode(inode);
struct resv_map *resv_map;
@@ -7368,8 +7376,16 @@ bool hugetlb_reserve_pages(struct inode
return true;
out_put_pages:
- /* put back original number of pages, chg */
- (void)hugepage_subpool_put_pages(spool, chg);
+ spool_resv = chg - gbl_reserve;
+ if (spool_resv) {
+ /* put sub pool's reservation back, chg - gbl_reserve */
+ gbl_resv = hugepage_subpool_put_pages(spool, spool_resv);
+ /*
+ * subpool's reserved pages can not be put back due to race,
+ * return to hstate.
+ */
+ hugetlb_acct_memory(h, -gbl_resv);
+ }
out_uncharge_cgroup:
hugetlb_cgroup_uncharge_cgroup_rsvd(hstate_index(h),
chg * pages_per_huge_page(h), h_cg);
_
Patches currently in -mm which might be from mawupeng1(a)huawei.com are
mm-hugetlb-fix-incorrect-fallback-for-subpool.patch
5 months, 2 weeks
- 1
- 0
[PATCH v2 2/7] arm64: dts: ti: am68-sk: Fix regulator hierarchy
by Yemike Abhilash Chandra
Update the vin-supply of the TLV71033 regulator from LM5141 (vsys_3v3) to
LM61460 (vsys_5v0) to match the schematics. Add a fixed regulator node for
the LM61460 5V supply to support this change.
AM68-SK schematics: https://www.ti.com/lit/zip/sprr463
Fixes: a266c180b398 ("arm64: dts: ti: k3-am68-sk: Add support for AM68 SK base board")
Cc: stable(a)vger.kernel.org
Signed-off-by: Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com>
---
arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts b/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts
index 11522b36e0ce..5fa70a874d7b 100644
--- a/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts
+++ b/arch/arm64/boot/dts/ti/k3-am68-sk-base-board.dts
@@ -44,6 +44,17 @@ vusb_main: regulator-vusb-main5v0 {
regulator-boot-on;
};
+ vsys_5v0: regulator-vsys5v0 {
+ /* Output of LM61460 */
+ compatible = "regulator-fixed";
+ regulator-name = "vsys_5v0";
+ regulator-min-microvolt = <5000000>;
+ regulator-max-microvolt = <5000000>;
+ vin-supply = <&vusb_main>;
+ regulator-always-on;
+ regulator-boot-on;
+ };
+
vsys_3v3: regulator-vsys3v3 {
/* Output of LM5141 */
compatible = "regulator-fixed";
@@ -76,7 +87,7 @@ vdd_sd_dv: regulator-tlv71033 {
regulator-min-microvolt = <1800000>;
regulator-max-microvolt = <3300000>;
regulator-boot-on;
- vin-supply = <&vsys_3v3>;
+ vin-supply = <&vsys_5v0>;
gpios = <&main_gpio0 49 GPIO_ACTIVE_HIGH>;
states = <1800000 0x0>,
<3300000 0x1>;
--
2.34.1
5 months, 2 weeks
- 3
- 3
[BACKPORT PATCH 6.6.y] Fix mmu notifiers for range-based invalidates
by Will Deacon
From: Piotr Jaroszynski <pjaroszynski(a)nvidia.com>
[ Upstream commit f7edb07ad7c66eab3dce57384f33b9799d579133 ]
Update the __flush_tlb_range_op macro not to modify its parameters as
these are unexepcted semantics. In practice, this fixes the call to
mmu_notifier_arch_invalidate_secondary_tlbs() in
__flush_tlb_range_nosync() to use the correct range instead of an empty
range with start=end. The empty range was (un)lucky as it results in
taking the invalidate-all path that doesn't cause correctness issues,
but can certainly result in suboptimal perf.
This has been broken since commit 6bbd42e2df8f ("mmu_notifiers: call
invalidate_range() when invalidating TLBs") when the call to the
notifiers was added to __flush_tlb_range(). It predates the addition of
the __flush_tlb_range_op() macro from commit 360839027a6e ("arm64: tlb:
Refactor the core flush algorithm of __flush_tlb_range") that made the
bug hard to spot.
Fixes: 6bbd42e2df8f ("mmu_notifiers: call invalidate_range() when invalidating TLBs")
Signed-off-by: Piotr Jaroszynski <pjaroszynski(a)nvidia.com>
Cc: Catalin Marinas <catalin.marinas(a)arm.com>
Cc: Will Deacon <will(a)kernel.org>
Cc: Robin Murphy <robin.murphy(a)arm.com>
Cc: Alistair Popple <apopple(a)nvidia.com>
Cc: Raghavendra Rao Ananta <rananta(a)google.com>
Cc: SeongJae Park <sj(a)kernel.org>
Cc: Jason Gunthorpe <jgg(a)nvidia.com>
Cc: John Hubbard <jhubbard(a)nvidia.com>
Cc: Nicolin Chen <nicolinc(a)nvidia.com>
Cc: linux-arm-kernel(a)lists.infradead.org
Cc: iommu(a)lists.linux.dev
Cc: linux-mm(a)kvack.org
Cc: linux-kernel(a)vger.kernel.org
Cc: stable(a)vger.kernel.org # Backport for 6.6.y only
Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com>
Reviewed-by: Alistair Popple <apopple(a)nvidia.com>
Link: https://lore.kernel.org/r/20250304085127.2238030-1-pjaroszynski@nvidia.com
[will: Resolve conflicts due to lack of LPA2 support]
Signed-off-by: Will Deacon <will(a)kernel.org>
---
arch/arm64/include/asm/tlbflush.h | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h
index b73baaf8ae47..d37db2f7a54c 100644
--- a/arch/arm64/include/asm/tlbflush.h
+++ b/arch/arm64/include/asm/tlbflush.h
@@ -369,31 +369,33 @@ static inline void arch_tlbbatch_flush(struct arch_tlbflush_unmap_batch *batch)
#define __flush_tlb_range_op(op, start, pages, stride, \
asid, tlb_level, tlbi_user) \
do { \
+ typeof(start) __flush_start = start; \
+ typeof(pages) __flush_pages = pages; \
int num = 0; \
int scale = 3; \
unsigned long addr; \
\
- while (pages > 0) { \
+ while (__flush_pages > 0) { \
if (!system_supports_tlb_range() || \
- pages == 1) { \
- addr = __TLBI_VADDR(start, asid); \
+ __flush_pages == 1) { \
+ addr = __TLBI_VADDR(__flush_start, asid); \
__tlbi_level(op, addr, tlb_level); \
if (tlbi_user) \
__tlbi_user_level(op, addr, tlb_level); \
- start += stride; \
- pages -= stride >> PAGE_SHIFT; \
+ __flush_start += stride; \
+ __flush_pages -= stride >> PAGE_SHIFT; \
continue; \
} \
\
- num = __TLBI_RANGE_NUM(pages, scale); \
+ num = __TLBI_RANGE_NUM(__flush_pages, scale); \
if (num >= 0) { \
- addr = __TLBI_VADDR_RANGE(start, asid, scale, \
- num, tlb_level); \
+ addr = __TLBI_VADDR_RANGE(__flush_start, asid, \
+ scale, num, tlb_level); \
__tlbi(r##op, addr); \
if (tlbi_user) \
__tlbi_user(r##op, addr); \
- start += __TLBI_RANGE_PAGES(num, scale) << PAGE_SHIFT; \
- pages -= __TLBI_RANGE_PAGES(num, scale); \
+ __flush_start += __TLBI_RANGE_PAGES(num, scale) << PAGE_SHIFT; \
+ __flush_pages -= __TLBI_RANGE_PAGES(num, scale);\
} \
scale--; \
} \
--
2.49.0.604.gff1f9ca942-goog
5 months, 2 weeks
- 1
- 0
[PATCH] drm/amd/display: Temporarily disable hostvm on DCN31
by Alex Deucher
From: Aurabindo Pillai <aurabindo.pillai(a)amd.com>
With HostVM enabled, DCN31 fails to pass validation for 3x4k60. Some Linux
userspace does not downgrade one of the monitors to 4k30, and the result
is that the monitor does not light up. Disable it until the bandwidth
calculation failure is resolved.
Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com>
Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com>
Signed-off-by: Zaeem Mohamed <zaeem.mohamed(a)amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
(cherry picked from commit ba93dddfc92084a1e28ea447ec4f8315f3d8d3fd)
Cc: stable(a)vger.kernel.org
---
drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c
index 911bd60d4fbc..3c42ba8566cf 100644
--- a/drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/resource/dcn31/dcn31_resource.c
@@ -890,7 +890,7 @@ static const struct dc_debug_options debug_defaults_drv = {
.disable_z10 = true,
.enable_legacy_fast_update = true,
.enable_z9_disable_interface = true, /* Allow support for the PMFW interface for disable Z9*/
- .dml_hostvm_override = DML_HOSTVM_NO_OVERRIDE,
+ .dml_hostvm_override = DML_HOSTVM_OVERRIDE_FALSE,
.using_dml2 = false,
};
--
2.49.0
5 months, 2 weeks
- 4
- 3
Re: G R A N T
by U N
Dear,
Send your Ref: FSG2025 / Name / Phone Number / Country to Mr. Andrej
Mahecic on un.grant(a)socialworker.net, +1 888 673 0430 for your £100,000.00.
Sincerely
Mr. C. Gunness
On behalf of the UN.
5 months, 2 weeks
- 1
- 0
[PATCH v3] usb: common: usb-conn-gpio: use a unique name for usb connector device
by Chance Yang
The current implementation of the usb-conn-gpio driver uses a fixed
"usb-charger" name for all USB connector devices. This causes conflicts
in the power supply subsystem when multiple USB connectors are present,
as duplicate names are not allowed.
Use IDA to manage unique IDs for naming usb connectors (e.g.,
usb-charger-0, usb-charger-1).
Fixes: 880287910b189 ("usb: common: usb-conn-gpio: fix NULL pointer dereference of charger")
Cc: stable(a)vger.kernel.org
Signed-off-by: Chance Yang <chance.yang(a)kneron.us>
---
Changes in v3:
- Added Cc stable
- Link to v2: https://lore.kernel.org/r/20250411-work-next-v2-1-40beb82df5a9@kneron.us
Changes in v2:
- Replaced atomic_t with IDA for unique ID management
- Link to v1: https://lore.kernel.org/r/20250411-work-next-v1-1-93c4b95ee6c1@kneron.us
---
drivers/usb/common/usb-conn-gpio.c | 25 ++++++++++++++++++++++---
1 file changed, 22 insertions(+), 3 deletions(-)
diff --git a/drivers/usb/common/usb-conn-gpio.c b/drivers/usb/common/usb-conn-gpio.c
index 1e36be2a28fd5ca5e1495b7923e4d3e25d7cedef..421c3af38e06975259f4a1792aa3b3708a192d59 100644
--- a/drivers/usb/common/usb-conn-gpio.c
+++ b/drivers/usb/common/usb-conn-gpio.c
@@ -21,6 +21,9 @@
#include <linux/regulator/consumer.h>
#include <linux/string_choices.h>
#include <linux/usb/role.h>
+#include <linux/idr.h>
+
+static DEFINE_IDA(usb_conn_ida);
#define USB_GPIO_DEB_MS 20 /* ms */
#define USB_GPIO_DEB_US ((USB_GPIO_DEB_MS) * 1000) /* us */
@@ -30,6 +33,7 @@
struct usb_conn_info {
struct device *dev;
+ int conn_id; /* store the IDA-allocated ID */
struct usb_role_switch *role_sw;
enum usb_role last_role;
struct regulator *vbus;
@@ -161,7 +165,17 @@ static int usb_conn_psy_register(struct usb_conn_info *info)
.fwnode = dev_fwnode(dev),
};
- desc->name = "usb-charger";
+ info->conn_id = ida_alloc(&usb_conn_ida, GFP_KERNEL);
+ if (info->conn_id < 0)
+ return info->conn_id;
+
+ desc->name = devm_kasprintf(dev, GFP_KERNEL, "usb-charger-%d",
+ info->conn_id);
+ if (!desc->name) {
+ ida_free(&usb_conn_ida, info->conn_id);
+ return -ENOMEM;
+ }
+
desc->properties = usb_charger_properties;
desc->num_properties = ARRAY_SIZE(usb_charger_properties);
desc->get_property = usb_charger_get_property;
@@ -169,8 +183,10 @@ static int usb_conn_psy_register(struct usb_conn_info *info)
cfg.drv_data = info;
info->charger = devm_power_supply_register(dev, desc, &cfg);
- if (IS_ERR(info->charger))
- dev_err(dev, "Unable to register charger\n");
+ if (IS_ERR(info->charger)) {
+ dev_err(dev, "Unable to register charger %d\n", info->conn_id);
+ ida_free(&usb_conn_ida, info->conn_id);
+ }
return PTR_ERR_OR_ZERO(info->charger);
}
@@ -278,6 +294,9 @@ static void usb_conn_remove(struct platform_device *pdev)
cancel_delayed_work_sync(&info->dw_det);
+ if (info->charger)
+ ida_free(&usb_conn_ida, info->conn_id);
+
if (info->last_role == USB_ROLE_HOST && info->vbus)
regulator_disable(info->vbus);
---
base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8
change-id: 20250411-work-next-d817787d63f2
Best regards,
--
Chance Yang <chance.yang(a)kneron.us>
5 months, 2 weeks
- 2
- 1
[PATCH] usb: renesas_usbhs: Add error handling for usbhsf_fifo_select()
by Wentao Liang
In usbhsf_dcp_data_stage_prepare_pop(), the return value of
usbhsf_fifo_select() needs to be checked. A proper implementation
can be found in usbhsf_dma_try_pop_with_rx_irq().
Add an error check and jump to PIO pop when FIFO selection fails.
Fixes: 9e74d601de8a ("usb: gadget: renesas_usbhs: add data/status stage handler")
Cc: stable(a)vger.kernel.org # v3.2+
Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn>
---
drivers/usb/renesas_usbhs/fifo.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/renesas_usbhs/fifo.c b/drivers/usb/renesas_usbhs/fifo.c
index 10607e273879..6cc07ab4782d 100644
--- a/drivers/usb/renesas_usbhs/fifo.c
+++ b/drivers/usb/renesas_usbhs/fifo.c
@@ -466,6 +466,7 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt,
struct usbhs_pipe *pipe = pkt->pipe;
struct usbhs_priv *priv = usbhs_pipe_to_priv(pipe);
struct usbhs_fifo *fifo = usbhsf_get_cfifo(priv);
+ int ret;
if (usbhs_pipe_is_busy(pipe))
return 0;
@@ -480,10 +481,14 @@ static int usbhsf_dcp_data_stage_prepare_pop(struct usbhs_pkt *pkt,
usbhs_pipe_sequence_data1(pipe); /* DATA1 */
- usbhsf_fifo_select(pipe, fifo, 0);
+ ret = usbhsf_fifo_select(pipe, fifo, 0);
+ if (ret < 0)
+ goto usbhsf_pio_prepare_pop;
+
usbhsf_fifo_clear(pipe, fifo);
usbhsf_fifo_unselect(pipe, fifo);
+usbhsf_pio_prepare_pop:
/*
* change handler to PIO pop
*/
--
2.42.0.windows.2
5 months, 2 weeks
- 2
- 1
[PATCH v1] s390/virtio_ccw: don't allocate/assign airqs for non-existing queues
by David Hildenbrand
If we finds a vq without a name in our input array in
virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer
to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq.
Consequently, we create only a queue if it actually exists (name != NULL)
and assign an incremental queue index to each such existing queue.
However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we
will not ignore these "non-existing queues", but instead assign an airq
indicator to them.
Besides never releasing them in virtio_ccw_drop_indicators() (because
there is no virtqueue), the bigger issue seems to be that there will be a
disagreement between the device and the Linux guest about the airq
indicator to be used for notifying a queue, because the indicator bit
for adapter I/O interrupt is derived from the queue index.
The virtio spec states under "Setting Up Two-Stage Queue Indicators":
... indicator contains the guest address of an area wherein the
indicators for the devices are contained, starting at bit_nr, one
bit per virtqueue of the device.
And further in "Notification via Adapter I/O Interrupts":
For notifying the driver of virtqueue buffers, the device sets the
bit in the guest-provided indicator area at the corresponding
offset.
For example, QEMU uses in virtio_ccw_notify() the queue index (passed as
"vector") to select the relevant indicator bit. If a queue does not exist,
it does not have a corresponding indicator bit assigned, because it
effectively doesn't have a queue index.
Using a virtio-balloon-ccw device under QEMU with free-page-hinting
disabled ("free-page-hint=off") but free-page-reporting enabled
("free-page-reporting=on") will result in free page reporting
not working as expected: in the virtio_balloon driver, we'll be stuck
forever in virtballoon_free_page_report()->wait_event(), because the
waitqueue will not be woken up as the notification from the device is
lost: it would use the wrong indicator bit.
Free page reporting stops working and we get splats (when configured to
detect hung wqs) like:
INFO: task kworker/1:3:463 blocked for more than 61 seconds.
Not tainted 6.14.0 #4
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:3 [...]
Workqueue: events page_reporting_process
Call Trace:
[<000002f404e6dfb2>] __schedule+0x402/0x1640
[<000002f404e6f22e>] schedule+0x3e/0xe0
[<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110 [virtio_balloon]
[<000002f40435c8a4>] page_reporting_process+0x2e4/0x740
[<000002f403fd3ee2>] process_one_work+0x1c2/0x400
[<000002f403fd4b96>] worker_thread+0x296/0x420
[<000002f403fe10b4>] kthread+0x124/0x290
[<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60
[<000002f404e77272>] ret_from_fork+0xa/0x38
There was recently a discussion [1] whether the "holes" should be
treated differently again, effectively assigning also non-existing
queues a queue index: that should also fix the issue, but requires other
workarounds to not break existing setups.
Let's fix it without affecting existing setups for now by properly ignoring
the non-existing queues, so the indicator bits will match the queue
indexes.
[1] https://lore.kernel.org/all/cover.1720611677.git.mst@redhat.com/
Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL")
Reported-by: Chandra Merla <cmerla(a)redhat.com>
Cc: <Stable(a)vger.kernel.org>
Cc: Cornelia Huck <cohuck(a)redhat.com>
Cc: Thomas Huth <thuth(a)redhat.com>
Cc: Halil Pasic <pasic(a)linux.ibm.com>
Cc: Eric Farman <farman(a)linux.ibm.com>
Cc: Heiko Carstens <hca(a)linux.ibm.com>
Cc: Vasily Gorbik <gor(a)linux.ibm.com>
Cc: Alexander Gordeev <agordeev(a)linux.ibm.com>
Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com>
Cc: Sven Schnelle <svens(a)linux.ibm.com>
Cc: "Michael S. Tsirkin" <mst(a)redhat.com>
Cc: Wei Wang <wei.w.wang(a)intel.com>
Signed-off-by: David Hildenbrand <david(a)redhat.com>
---
drivers/s390/virtio/virtio_ccw.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 21fa7ac849e5c..4904b831c0a75 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -302,11 +302,17 @@ static struct airq_info *new_airq_info(int index)
static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
u64 *first, void **airq_info)
{
- int i, j;
+ int i, j, queue_idx, highest_queue_idx = -1;
struct airq_info *info;
unsigned long *indicator_addr = NULL;
unsigned long bit, flags;
+ /* Array entries without an actual queue pointer must be ignored. */
+ for (i = 0; i < nvqs; i++) {
+ if (vqs[i])
+ highest_queue_idx++;
+ }
+
for (i = 0; i < MAX_AIRQ_AREAS && !indicator_addr; i++) {
mutex_lock(&airq_areas_lock);
if (!airq_areas[i])
@@ -316,7 +322,7 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
if (!info)
return NULL;
write_lock_irqsave(&info->lock, flags);
- bit = airq_iv_alloc(info->aiv, nvqs);
+ bit = airq_iv_alloc(info->aiv, highest_queue_idx + 1);
if (bit == -1UL) {
/* Not enough vacancies. */
write_unlock_irqrestore(&info->lock, flags);
@@ -325,8 +331,10 @@ static unsigned long *get_airq_indicator(struct virtqueue *vqs[], int nvqs,
*first = bit;
*airq_info = info;
indicator_addr = info->aiv->vector;
- for (j = 0; j < nvqs; j++) {
- airq_iv_set_ptr(info->aiv, bit + j,
+ for (j = 0, queue_idx = 0; j < nvqs; j++) {
+ if (!vqs[j])
+ continue;
+ airq_iv_set_ptr(info->aiv, bit + queue_idx++,
(unsigned long)vqs[j]);
}
write_unlock_irqrestore(&info->lock, flags);
--
2.48.1
5 months, 2 weeks
- 8
- 62
[PATCH v2] usb: gadget: f_fs: Invalidate io_data when USB request is dequeued or interrupted
by Frode Isaksen
From: Frode Isaksen <frode(a)meta.com>
Invalidate io_data by setting context to NULL when USB request is
dequeued or interrupted, and check for NULL io_data in epfile_io_complete().
The invalidation of io_data in req->context is done when exiting
epfile_io(), since then io_data will become invalid as it is allocated
on the stack.
The epfile_io_complete() may be called after ffs_epfile_io() returns
in case the wait_for_completion_interruptible() is interrupted.
This fixes a use-after-free error with the following call stack:
Unable to handle kernel paging request at virtual address ffffffc02f7bbcc0
pc : ffs_epfile_io_complete+0x30/0x48
lr : usb_gadget_giveback_request+0x30/0xf8
Call trace:
ffs_epfile_io_complete+0x30/0x48
usb_gadget_giveback_request+0x30/0xf8
dwc3_remove_requests+0x264/0x2e8
dwc3_gadget_pullup+0x1d0/0x250
kretprobe_trampoline+0x0/0xc4
usb_gadget_remove_driver+0x40/0xf4
usb_gadget_unregister_driver+0xdc/0x178
unregister_gadget_item+0x40/0x6c
ffs_closed+0xd4/0x10c
ffs_data_clear+0x2c/0xf0
ffs_data_closed+0x178/0x1ec
ffs_ep0_release+0x24/0x38
__fput+0xe8/0x27c
Signed-off-by: Frode Isaksen <frode(a)meta.com>
Cc: stable(a)vger.kernel.org
---
v1 -> v2:
Removed WARN_ON() in ffs_epfile_io_complete().
Clarified commit message.
Added stable Cc tag.
drivers/usb/gadget/function/f_fs.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 2dea9e42a0f8..e35d32e7be58 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -738,6 +738,9 @@ static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
{
struct ffs_io_data *io_data = req->context;
+ if (io_data == NULL)
+ return;
+
if (req->status)
io_data->status = req->status;
else
@@ -1126,6 +1129,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
spin_lock_irq(&epfile->ffs->eps_lock);
if (epfile->ep != ep) {
ret = -ESHUTDOWN;
+ req->context = NULL;
goto error_lock;
}
/*
@@ -1140,6 +1144,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
interrupted = io_data->status < 0;
}
+ req->context = NULL;
if (interrupted)
ret = -EINTR;
else if (io_data->read && io_data->status > 0)
--
2.49.0
5 months, 2 weeks
- 2
- 2
[PATCH v2] usb/gadget: Add NULL check in ast_vhub_init_dev()
by Henry Martin
devm_kasprintf() returns NULL when memory allocation fails. Currently,
ast_vhub_init_dev() does not check for this case, which results in a
NULL pointer dereference.
Add NULL check after devm_kasprintf() to prevent this issue.
Cc: stable(a)vger.kernel.org # v4.18
Fixes: 7ecca2a4080c ("usb/gadget: Add driver for Aspeed SoC virtual hub")
Signed-off-by: Henry Martin <bsdhenrymartin(a)gmail.com>
---
V1 -> V2: Add Cc: stable label and correct commit message.
drivers/usb/gadget/udc/aspeed-vhub/dev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/gadget/udc/aspeed-vhub/dev.c b/drivers/usb/gadget/udc/aspeed-vhub/dev.c
index 573109ca5b79..5b7d41a990d7 100644
--- a/drivers/usb/gadget/udc/aspeed-vhub/dev.c
+++ b/drivers/usb/gadget/udc/aspeed-vhub/dev.c
@@ -548,6 +548,8 @@ int ast_vhub_init_dev(struct ast_vhub *vhub, unsigned int idx)
d->vhub = vhub;
d->index = idx;
d->name = devm_kasprintf(parent, GFP_KERNEL, "port%d", idx+1);
+ if (!d->name)
+ return -ENOMEM;
d->regs = vhub->regs + 0x100 + 0x10 * idx;
ast_vhub_init_ep0(vhub, &d->ep0, d);
--
2.34.1
5 months, 2 weeks
- 3
- 3
[PATCH V3 1/1] phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
by Wayne Chang
The current implementation uses bias_pad_enable as a reference count to
manage the shared bias pad for all UTMI PHYs. However, during system
suspension with connected USB devices, multiple power-down requests for
the UTMI pad result in a mismatch in the reference count, which in turn
produces warnings such as:
[ 237.762967] WARNING: CPU: 10 PID: 1618 at tegra186_utmi_pad_power_down+0x160/0x170
[ 237.763103] Call trace:
[ 237.763104] tegra186_utmi_pad_power_down+0x160/0x170
[ 237.763107] tegra186_utmi_phy_power_off+0x10/0x30
[ 237.763110] phy_power_off+0x48/0x100
[ 237.763113] tegra_xusb_enter_elpg+0x204/0x500
[ 237.763119] tegra_xusb_suspend+0x48/0x140
[ 237.763122] platform_pm_suspend+0x2c/0xb0
[ 237.763125] dpm_run_callback.isra.0+0x20/0xa0
[ 237.763127] __device_suspend+0x118/0x330
[ 237.763129] dpm_suspend+0x10c/0x1f0
[ 237.763130] dpm_suspend_start+0x88/0xb0
[ 237.763132] suspend_devices_and_enter+0x120/0x500
[ 237.763135] pm_suspend+0x1ec/0x270
The root cause was traced back to the dynamic power-down changes
introduced in commit a30951d31b25 ("xhci: tegra: USB2 pad power controls"),
where the UTMI pad was being powered down without verifying its current
state. This unbalanced behavior led to discrepancies in the reference
count.
To rectify this issue, this patch replaces the single reference counter
with a bitmask, renamed to utmi_pad_enabled. Each bit in the mask
corresponds to one of the four USB2 PHYs, allowing us to track each pad's
enablement status individually.
With this change:
- The bias pad is powered on only when the mask is clear.
- Each UTMI pad is powered on or down based on its corresponding bit
in the mask, preventing redundant operations.
- The overall power state of the shared bias pad is maintained
correctly during suspend/resume cycles.
The mutex used to prevent race conditions during UTMI pad enable/disable
operations has been moved from the tegra186_utmi_bias_pad_power_on/off
functions to the parent functions tegra186_utmi_pad_power_on/down. This
change ensures that there are no race conditions when updating the bitmask.
Cc: stable(a)vger.kernel.org
Fixes: a30951d31b25 ("xhci: tegra: USB2 pad power controls")
Signed-off-by: Wayne Chang <waynec(a)nvidia.com>
---
V1 -> V2: holding the padctl->lock to protect shared bitmask
V2 -> V3: updating the commit message with the mutex changes
drivers/phy/tegra/xusb-tegra186.c | 44 +++++++++++++++++++------------
1 file changed, 27 insertions(+), 17 deletions(-)
diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c
index fae6242aa730..cc7b8a6a999f 100644
--- a/drivers/phy/tegra/xusb-tegra186.c
+++ b/drivers/phy/tegra/xusb-tegra186.c
@@ -237,6 +237,8 @@
#define DATA0_VAL_PD BIT(1)
#define USE_XUSB_AO BIT(4)
+#define TEGRA_UTMI_PAD_MAX 4
+
#define TEGRA186_LANE(_name, _offset, _shift, _mask, _type) \
{ \
.name = _name, \
@@ -269,7 +271,7 @@ struct tegra186_xusb_padctl {
/* UTMI bias and tracking */
struct clk *usb2_trk_clk;
- unsigned int bias_pad_enable;
+ DECLARE_BITMAP(utmi_pad_enabled, TEGRA_UTMI_PAD_MAX);
/* padctl context */
struct tegra186_xusb_padctl_context context;
@@ -603,12 +605,8 @@ static void tegra186_utmi_bias_pad_power_on(struct tegra_xusb_padctl *padctl)
u32 value;
int err;
- mutex_lock(&padctl->lock);
-
- if (priv->bias_pad_enable++ > 0) {
- mutex_unlock(&padctl->lock);
+ if (!bitmap_empty(priv->utmi_pad_enabled, TEGRA_UTMI_PAD_MAX))
return;
- }
err = clk_prepare_enable(priv->usb2_trk_clk);
if (err < 0)
@@ -667,17 +665,8 @@ static void tegra186_utmi_bias_pad_power_off(struct tegra_xusb_padctl *padctl)
struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl);
u32 value;
- mutex_lock(&padctl->lock);
-
- if (WARN_ON(priv->bias_pad_enable == 0)) {
- mutex_unlock(&padctl->lock);
- return;
- }
-
- if (--priv->bias_pad_enable > 0) {
- mutex_unlock(&padctl->lock);
+ if (!bitmap_empty(priv->utmi_pad_enabled, TEGRA_UTMI_PAD_MAX))
return;
- }
value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL1);
value |= USB2_PD_TRK;
@@ -690,13 +679,13 @@ static void tegra186_utmi_bias_pad_power_off(struct tegra_xusb_padctl *padctl)
clk_disable_unprepare(priv->usb2_trk_clk);
}
- mutex_unlock(&padctl->lock);
}
static void tegra186_utmi_pad_power_on(struct phy *phy)
{
struct tegra_xusb_lane *lane = phy_get_drvdata(phy);
struct tegra_xusb_padctl *padctl = lane->pad->padctl;
+ struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl);
struct tegra_xusb_usb2_port *port;
struct device *dev = padctl->dev;
unsigned int index = lane->index;
@@ -705,9 +694,16 @@ static void tegra186_utmi_pad_power_on(struct phy *phy)
if (!phy)
return;
+ mutex_lock(&padctl->lock);
+ if (test_bit(index, priv->utmi_pad_enabled)) {
+ mutex_unlock(&padctl->lock);
+ return;
+ }
+
port = tegra_xusb_find_usb2_port(padctl, index);
if (!port) {
dev_err(dev, "no port found for USB2 lane %u\n", index);
+ mutex_unlock(&padctl->lock);
return;
}
@@ -724,18 +720,28 @@ static void tegra186_utmi_pad_power_on(struct phy *phy)
value = padctl_readl(padctl, XUSB_PADCTL_USB2_OTG_PADX_CTL1(index));
value &= ~USB2_OTG_PD_DR;
padctl_writel(padctl, value, XUSB_PADCTL_USB2_OTG_PADX_CTL1(index));
+
+ set_bit(index, priv->utmi_pad_enabled);
+ mutex_unlock(&padctl->lock);
}
static void tegra186_utmi_pad_power_down(struct phy *phy)
{
struct tegra_xusb_lane *lane = phy_get_drvdata(phy);
struct tegra_xusb_padctl *padctl = lane->pad->padctl;
+ struct tegra186_xusb_padctl *priv = to_tegra186_xusb_padctl(padctl);
unsigned int index = lane->index;
u32 value;
if (!phy)
return;
+ mutex_lock(&padctl->lock);
+ if (!test_bit(index, priv->utmi_pad_enabled)) {
+ mutex_unlock(&padctl->lock);
+ return;
+ }
+
dev_dbg(padctl->dev, "power down UTMI pad %u\n", index);
value = padctl_readl(padctl, XUSB_PADCTL_USB2_OTG_PADX_CTL0(index));
@@ -748,7 +754,11 @@ static void tegra186_utmi_pad_power_down(struct phy *phy)
udelay(2);
+ clear_bit(index, priv->utmi_pad_enabled);
+
tegra186_utmi_bias_pad_power_off(padctl);
+
+ mutex_unlock(&padctl->lock);
}
static int tegra186_xusb_padctl_vbus_override(struct tegra_xusb_padctl *padctl,
--
2.25.1
5 months, 2 weeks
- 3
- 2
[PATCH v1 2/2] mpi3mr: resets the pending interrupt flag
by Ranjan Kumar
If an admin interrupt is missed, admin_pend_isr may stay set and
trigger admin reply processing even when no admin IOs are pending.
Clearing/Resetting it in the admin completion path prevents this.
Fixes: ca41929b2ed5 ("scsi: mpi3mr: Check admin reply queue from Watchdog")
Cc: stable(a)vger.kernel.org
Signed-off-by: Sathya Prakash <sathya.prakash(a)broadcom.com>
Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com>
---
drivers/scsi/mpi3mr/mpi3mr_fw.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c
index d6e402aacb2a..003e1f7005c4 100644
--- a/drivers/scsi/mpi3mr/mpi3mr_fw.c
+++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c
@@ -451,6 +451,7 @@ int mpi3mr_process_admin_reply_q(struct mpi3mr_ioc *mrioc)
return 0;
}
+ atomic_set(&mrioc->admin_pend_isr, 0);
reply_desc = (struct mpi3_default_reply_descriptor *)mrioc->admin_reply_base +
admin_reply_ci;
@@ -2925,6 +2926,7 @@ static int mpi3mr_setup_admin_qpair(struct mpi3mr_ioc *mrioc)
mrioc->admin_reply_ci = 0;
mrioc->admin_reply_ephase = 1;
atomic_set(&mrioc->admin_reply_q_in_use, 0);
+ atomic_set(&mrioc->admin_pend_isr, 0);
if (!mrioc->admin_req_base) {
mrioc->admin_req_base = dma_alloc_coherent(&mrioc->pdev->dev,
@@ -4653,6 +4655,7 @@ void mpi3mr_memset_buffers(struct mpi3mr_ioc *mrioc)
if (mrioc->admin_reply_base)
memset(mrioc->admin_reply_base, 0, mrioc->admin_reply_q_sz);
atomic_set(&mrioc->admin_reply_q_in_use, 0);
+ atomic_set(&mrioc->admin_pend_isr, 0);
if (mrioc->init_cmds.reply) {
memset(mrioc->init_cmds.reply, 0, sizeof(*mrioc->init_cmds.reply));
--
2.31.1
5 months, 2 weeks
- 1
- 0
[PATCH v1 1/2] Regression fix: Fix pending IOs counter per reply queue
by Ranjan Kumar
Commit 199510e33dea ("scsi: mpi3mr: Update consumer index of
reply queues after every 100 replies") introduced a regression
with Per reply queue pending IOs counter was wrongly decremented
leading to counter getting negative.
Fixed the issue by dropping the extra atomic decrement for
pending IOs counter.
Fixes: 199510e33dea ("scsi: mpi3mr: Update consumer index of reply queues after every 100 replies")
Cc: stable(a)vger.kernel.org
Signed-off-by: Sathya Prakash <sathya.prakash(a)broadcom.com>
Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com>
---
drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/scsi/mpi3mr/mpi3mr_fw.c b/drivers/scsi/mpi3mr/mpi3mr_fw.c
index 3fcb1ad3b070..d6e402aacb2a 100644
--- a/drivers/scsi/mpi3mr/mpi3mr_fw.c
+++ b/drivers/scsi/mpi3mr/mpi3mr_fw.c
@@ -565,7 +565,7 @@ int mpi3mr_process_op_reply_q(struct mpi3mr_ioc *mrioc,
WRITE_ONCE(op_req_q->ci, le16_to_cpu(reply_desc->request_queue_ci));
mpi3mr_process_op_reply_desc(mrioc, reply_desc, &reply_dma,
reply_qidx);
- atomic_dec(&op_reply_q->pend_ios);
+
if (reply_dma)
mpi3mr_repost_reply_buf(mrioc, reply_dma);
num_op_reply++;
--
2.31.1
5 months, 2 weeks
- 1
- 0
[PATCH v2] asus-laptop: Fix an uninitialized variable
by Denis Arefev
The value returned by acpi_evaluate_integer() is not checked,
but the result is not always successful, so it is necessary to
add a check of the returned value.
If the result remains negative during three iterations of the loop,
then the uninitialized variable 'val' will be used in the clamp_val()
macro, so it must be initialized with the current value of the 'curr'
variable.
In this case, the algorithm should be less noisy.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: b23910c2194e ("asus-laptop: Pegatron Lucid accelerometer")
Cc: stable(a)vger.kernel.org
Signed-off-by: Denis Arefev <arefev(a)swemel.ru>
---
V1 -> V2:
Added check of the return value it as Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> suggested.
Changed initialization of 'val' variable it as Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> suggested.
drivers/platform/x86/asus-laptop.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/platform/x86/asus-laptop.c b/drivers/platform/x86/asus-laptop.c
index d460dd194f19..ff674c6d0bbb 100644
--- a/drivers/platform/x86/asus-laptop.c
+++ b/drivers/platform/x86/asus-laptop.c
@@ -427,10 +427,12 @@ static int asus_pega_lucid_set(struct asus_laptop *asus, int unit, bool enable)
static int pega_acc_axis(struct asus_laptop *asus, int curr, char *method)
{
int i, delta;
- unsigned long long val;
+ acpi_status status;
+ unsigned long long val = (unsigned long long)curr;
for (i = 0; i < PEGA_ACC_RETRIES; i++) {
- acpi_evaluate_integer(asus->handle, method, NULL, &val);
-
+ status = acpi_evaluate_integer(asus->handle, method, NULL, &val);
+ if (ACPI_FAILURE(status))
+ continue;
/* The output is noisy. From reading the ASL
* dissassembly, timeout errors are returned with 1's
* in the high word, and the lack of locking around
--
2.43.0
5 months, 2 weeks
- 2
- 1
[PATCH v3] platform/x86: amd: pmf: Fix STT limits
by Mario Limonciello
From: Mario Limonciello <mario.limonciello(a)amd.com>
On some platforms it has been observed that STT limits are not being
applied properly causing poor performance as power limits are set too low.
STT limits that are sent to the platform are supposed to be in Q8.8
format. Convert them before sending.
Reported-by: Yijun Shen <Yijun.Shen(a)dell.com>
Fixes: 7c45534afa443 ("platform/x86/amd/pmf: Add support for PMF Policy Binary")
Cc: stable(a)vger.kernel.org
Tested-by: Yijun Shen <Yijun_Shen(a)Dell.com>
Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com>
---
v3:
* Add a helper with a generic name (so it can be easily be moved to library
code in the future)
---
drivers/platform/x86/amd/pmf/auto-mode.c | 4 ++--
drivers/platform/x86/amd/pmf/cnqf.c | 8 ++++----
drivers/platform/x86/amd/pmf/core.c | 14 ++++++++++++++
drivers/platform/x86/amd/pmf/pmf.h | 1 +
drivers/platform/x86/amd/pmf/sps.c | 12 ++++++++----
drivers/platform/x86/amd/pmf/tee-if.c | 6 ++++--
6 files changed, 33 insertions(+), 12 deletions(-)
diff --git a/drivers/platform/x86/amd/pmf/auto-mode.c b/drivers/platform/x86/amd/pmf/auto-mode.c
index 02ff68be10d01..1400ac70c52d1 100644
--- a/drivers/platform/x86/amd/pmf/auto-mode.c
+++ b/drivers/platform/x86/amd/pmf/auto-mode.c
@@ -120,9 +120,9 @@ static void amd_pmf_set_automode(struct amd_pmf_dev *dev, int idx,
amd_pmf_send_cmd(dev, SET_SPPT_APU_ONLY, false, pwr_ctrl->sppt_apu_only, NULL);
amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, pwr_ctrl->stt_min, NULL);
amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false,
- pwr_ctrl->stt_skin_temp[STT_TEMP_APU], NULL);
+ fixp_q88_from_integer(pwr_ctrl->stt_skin_temp[STT_TEMP_APU]), NULL);
amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false,
- pwr_ctrl->stt_skin_temp[STT_TEMP_HS2], NULL);
+ fixp_q88_from_integer(pwr_ctrl->stt_skin_temp[STT_TEMP_HS2]), NULL);
if (is_apmf_func_supported(dev, APMF_FUNC_SET_FAN_IDX))
apmf_update_fan_idx(dev, config_store.mode_set[idx].fan_control.manual,
diff --git a/drivers/platform/x86/amd/pmf/cnqf.c b/drivers/platform/x86/amd/pmf/cnqf.c
index bc8899e15c914..3cde8a5de64a9 100644
--- a/drivers/platform/x86/amd/pmf/cnqf.c
+++ b/drivers/platform/x86/amd/pmf/cnqf.c
@@ -81,10 +81,10 @@ static int amd_pmf_set_cnqf(struct amd_pmf_dev *dev, int src, int idx,
amd_pmf_send_cmd(dev, SET_SPPT, false, pc->sppt, NULL);
amd_pmf_send_cmd(dev, SET_SPPT_APU_ONLY, false, pc->sppt_apu_only, NULL);
amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false, pc->stt_min, NULL);
- amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, pc->stt_skin_temp[STT_TEMP_APU],
- NULL);
- amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, pc->stt_skin_temp[STT_TEMP_HS2],
- NULL);
+ amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false,
+ fixp_q88_from_integer(pc->stt_skin_temp[STT_TEMP_APU]), NULL);
+ amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false,
+ fixp_q88_from_integer(pc->stt_skin_temp[STT_TEMP_HS2]), NULL);
if (is_apmf_func_supported(dev, APMF_FUNC_SET_FAN_IDX))
apmf_update_fan_idx(dev,
diff --git a/drivers/platform/x86/amd/pmf/core.c b/drivers/platform/x86/amd/pmf/core.c
index a2cb2d5544f5b..5209996eba674 100644
--- a/drivers/platform/x86/amd/pmf/core.c
+++ b/drivers/platform/x86/amd/pmf/core.c
@@ -176,6 +176,20 @@ static void __maybe_unused amd_pmf_dump_registers(struct amd_pmf_dev *dev)
dev_dbg(dev->dev, "AMD_PMF_REGISTER_MESSAGE:%x\n", value);
}
+/**
+ * fixp_q88_from_integer: Convert integer to Q8.8
+ * @val: input value
+ *
+ * Converts an integer into binary fixed point format where 8 bits
+ * are used for integer and 8 bits are used for the decimal.
+ *
+ * Return: unsigned integer converted to Q8.8 format
+ */
+u32 fixp_q88_from_integer(u32 val)
+{
+ return val << 8;
+}
+
int amd_pmf_send_cmd(struct amd_pmf_dev *dev, u8 message, bool get, u32 arg, u32 *data)
{
int rc;
diff --git a/drivers/platform/x86/amd/pmf/pmf.h b/drivers/platform/x86/amd/pmf/pmf.h
index e6bdee68ccf34..2865e0a70b43d 100644
--- a/drivers/platform/x86/amd/pmf/pmf.h
+++ b/drivers/platform/x86/amd/pmf/pmf.h
@@ -777,6 +777,7 @@ int apmf_install_handler(struct amd_pmf_dev *pmf_dev);
int apmf_os_power_slider_update(struct amd_pmf_dev *dev, u8 flag);
int amd_pmf_set_dram_addr(struct amd_pmf_dev *dev, bool alloc_buffer);
int amd_pmf_notify_sbios_heartbeat_event_v2(struct amd_pmf_dev *dev, u8 flag);
+u32 fixp_q88_from_integer(u32 val);
/* SPS Layer */
int amd_pmf_get_pprof_modes(struct amd_pmf_dev *pmf);
diff --git a/drivers/platform/x86/amd/pmf/sps.c b/drivers/platform/x86/amd/pmf/sps.c
index d3083383f11fb..dfc5285b681f7 100644
--- a/drivers/platform/x86/amd/pmf/sps.c
+++ b/drivers/platform/x86/amd/pmf/sps.c
@@ -198,9 +198,11 @@ static void amd_pmf_update_slider_v2(struct amd_pmf_dev *dev, int idx)
amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false,
apts_config_store.val[idx].stt_min_limit, NULL);
amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false,
- apts_config_store.val[idx].stt_skin_temp_limit_apu, NULL);
+ fixp_q88_from_integer(apts_config_store.val[idx].stt_skin_temp_limit_apu),
+ NULL);
amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false,
- apts_config_store.val[idx].stt_skin_temp_limit_hs2, NULL);
+ fixp_q88_from_integer(apts_config_store.val[idx].stt_skin_temp_limit_hs2),
+ NULL);
}
void amd_pmf_update_slider(struct amd_pmf_dev *dev, bool op, int idx,
@@ -217,9 +219,11 @@ void amd_pmf_update_slider(struct amd_pmf_dev *dev, bool op, int idx,
amd_pmf_send_cmd(dev, SET_STT_MIN_LIMIT, false,
config_store.prop[src][idx].stt_min, NULL);
amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false,
- config_store.prop[src][idx].stt_skin_temp[STT_TEMP_APU], NULL);
+ fixp_q88_from_integer(config_store.prop[src][idx].stt_skin_temp[STT_TEMP_APU]),
+ NULL);
amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false,
- config_store.prop[src][idx].stt_skin_temp[STT_TEMP_HS2], NULL);
+ fixp_q88_from_integer(config_store.prop[src][idx].stt_skin_temp[STT_TEMP_HS2]),
+ NULL);
} else if (op == SLIDER_OP_GET) {
amd_pmf_send_cmd(dev, GET_SPL, true, ARG_NONE, &table->prop[src][idx].spl);
amd_pmf_send_cmd(dev, GET_FPPT, true, ARG_NONE, &table->prop[src][idx].fppt);
diff --git a/drivers/platform/x86/amd/pmf/tee-if.c b/drivers/platform/x86/amd/pmf/tee-if.c
index a1e43873a07b0..22d48048f9d01 100644
--- a/drivers/platform/x86/amd/pmf/tee-if.c
+++ b/drivers/platform/x86/amd/pmf/tee-if.c
@@ -123,7 +123,8 @@ static void amd_pmf_apply_policies(struct amd_pmf_dev *dev, struct ta_pmf_enact_
case PMF_POLICY_STT_SKINTEMP_APU:
if (dev->prev_data->stt_skintemp_apu != val) {
- amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false, val, NULL);
+ amd_pmf_send_cmd(dev, SET_STT_LIMIT_APU, false,
+ fixp_q88_from_integer(val), NULL);
dev_dbg(dev->dev, "update STT_SKINTEMP_APU: %u\n", val);
dev->prev_data->stt_skintemp_apu = val;
}
@@ -131,7 +132,8 @@ static void amd_pmf_apply_policies(struct amd_pmf_dev *dev, struct ta_pmf_enact_
case PMF_POLICY_STT_SKINTEMP_HS2:
if (dev->prev_data->stt_skintemp_hs2 != val) {
- amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false, val, NULL);
+ amd_pmf_send_cmd(dev, SET_STT_LIMIT_HS2, false,
+ fixp_q88_from_integer(val), NULL);
dev_dbg(dev->dev, "update STT_SKINTEMP_HS2: %u\n", val);
dev->prev_data->stt_skintemp_hs2 = val;
}
--
2.43.0
5 months, 2 weeks
- 3
- 3
[PATCH] usb: cdnsp: Fix issue with resuming from L1
by Pawel Laszczak
Subject: [PATCH] usb: cdnsp: Fix issue with resuming from L1
In very rare cases after resuming controller from L1 to L0 it reads
registers before the clock has been enabled and as the result driver
reads incorrect value.
To fix this issue driver increases APB timeout value.
Probably this issue occurs only on Cadence platform but fix
should have no impact for other existing platforms.
Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
cc: stable(a)vger.kernel.org
Signed-off-by: Pawel Laszczak <pawell(a)cadence.com>
---
drivers/usb/cdns3/cdnsp-gadget.c | 22 ++++++++++++++++++++++
drivers/usb/cdns3/cdnsp-gadget.h | 4 ++++
2 files changed, 26 insertions(+)
diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c
index 87f310841735..b12581b94567 100644
--- a/drivers/usb/cdns3/cdnsp-gadget.c
+++ b/drivers/usb/cdns3/cdnsp-gadget.c
@@ -139,6 +139,21 @@ static void cdnsp_clear_port_change_bit(struct cdnsp_device *pdev,
(portsc & PORT_CHANGE_BITS), port_regs);
}
+static void cdnsp_set_apb_timeout_value(struct cdnsp_device *pdev)
+{
+ __le32 __iomem *reg;
+ void __iomem *base;
+ u32 offset = 0;
+ u32 val;
+
+ base = &pdev->cap_regs->hc_capbase;
+ offset = cdnsp_find_next_ext_cap(base, offset, D_XEC_PRE_REGS_CAP);
+ reg = base + offset + REG_CHICKEN_BITS_3_OFFSET;
+
+ val = le32_to_cpu(readl(reg));
+ writel(cpu_to_le32(CHICKEN_APB_TIMEOUT_SET(val)), reg);
+}
+
static void cdnsp_set_chicken_bits_2(struct cdnsp_device *pdev, u32 bit)
{
__le32 __iomem *reg;
@@ -1798,6 +1813,13 @@ static int cdnsp_gen_setup(struct cdnsp_device *pdev)
pdev->hci_version = HC_VERSION(pdev->hcc_params);
pdev->hcc_params = readl(&pdev->cap_regs->hcc_params);
+ /* In very rare cases after resuming controller from L1 to L0 it reads
+ * registers before the clock has been enabled and as the result driver
+ * reads incorrect value.
+ * To fix this issue driver increases APB timeout value.
+ */
+ cdnsp_set_apb_timeout_value(pdev);
+
cdnsp_get_rev_cap(pdev);
/* Make sure the Device Controller is halted. */
diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h
index 84887dfea763..a4d678fba005 100644
--- a/drivers/usb/cdns3/cdnsp-gadget.h
+++ b/drivers/usb/cdns3/cdnsp-gadget.h
@@ -520,6 +520,10 @@ struct cdnsp_rev_cap {
#define REG_CHICKEN_BITS_2_OFFSET 0x48
#define CHICKEN_XDMA_2_TP_CACHE_DIS BIT(28)
+#define REG_CHICKEN_BITS_3_OFFSET 0x4C
+#define CHICKEN_APB_TIMEOUT_VALUE 0x1C20
+#define CHICKEN_APB_TIMEOUT_SET(p) (((p) & ~GENMASK(21, 0)) | CHICKEN_APB_TIMEOUT_VALUE)
+
/* XBUF Extended Capability ID. */
#define XBUF_CAP_ID 0xCB
#define XBUF_RX_TAG_MASK_0_OFFSET 0x1C
--
2.43.0
5 months, 2 weeks
- 3
- 5
[PATCH 1/3] drm/nouveau: Prevent signaled fences in pending list
by Philipp Stanner
Nouveau currently relies on the assumption that dma_fences will only
ever get signaled through nouveau_fence_signal(), which takes care of
removing a signaled fence from the list nouveau_fence_chan.pending.
This self-imposed rule is violated in nouveau_fence_done(), where
dma_fence_is_signaled() (somewhat surprisingly, considering its name)
can signal the fence without removing it from the list. This enables
accesses to already signaled fences through the list, which is a bug.
In particular, it can race with nouveau_fence_context_kill(), which
would then attempt to set an error code on an already signaled fence,
which is illegal.
In nouveau_fence_done(), the call to nouveau_fence_update() already
ensures to signal all ready fences. Thus, the signaling potentially
performed by dma_fence_is_signaled() is actually not necessary.
Replace the call to dma_fence_is_signaled() with
nouveau_fence_base_is_signaled().
Cc: <stable(a)vger.kernel.org> # 4.10+, precise commit not to be determined
Signed-off-by: Philipp Stanner <phasta(a)kernel.org>
---
drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.c b/drivers/gpu/drm/nouveau/nouveau_fence.c
index 7cc84472cece..33535987d8ed 100644
--- a/drivers/gpu/drm/nouveau/nouveau_fence.c
+++ b/drivers/gpu/drm/nouveau/nouveau_fence.c
@@ -274,7 +274,7 @@ nouveau_fence_done(struct nouveau_fence *fence)
nvif_event_block(&fctx->event);
spin_unlock_irqrestore(&fctx->lock, flags);
}
- return dma_fence_is_signaled(&fence->base);
+ return test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->base.flags);
}
static long
--
2.48.1
5 months, 2 weeks
- 4
- 8
[PATCH RESEND] tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT
by Günther Noack
This requirement was overeagerly loosened in commit 2f83e38a095f
("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN"), but as
it turns out,
(1) the logic I implemented there was inconsistent (apologies!),
(2) TIOCL_SELMOUSEREPORT might actually be a small security risk
after all, and
(3) TIOCL_SELMOUSEREPORT is only meant to be used by the mouse
daemon (GPM or Consolation), which runs as CAP_SYS_ADMIN
already.
In more detail:
1. The previous patch has inconsistent logic:
In commit 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes
without CAP_SYS_ADMIN"), we checked for sel_mode ==
TIOCL_SELMOUSEREPORT, but overlooked that the lower four bits of
this "mode" parameter were actually used as an additional way to
pass an argument. So the patch did actually still require
CAP_SYS_ADMIN, if any of the mouse button bits are set, but did not
require it if none of the mouse buttons bits are set.
This logic is inconsistent and was not intentional. We should have
the same policies for using TIOCL_SELMOUSEREPORT independent of the
value of the "hidden" mouse button argument.
I sent a separate documentation patch to the man page list with
more details on TIOCL_SELMOUSEREPORT:
https://lore.kernel.org/all/20250223091342.35523-2-gnoack3000@gmail.com/
2. TIOCL_SELMOUSEREPORT is indeed a potential security risk which can
let an attacker simulate "keyboard" input to command line
applications on the same terminal, like TIOCSTI and some other
TIOCLINUX "selection mode" IOCTLs.
By enabling mouse reporting on a terminal and then injecting mouse
reports through TIOCL_SELMOUSEREPORT, an attacker can simulate
mouse movements on the same terminal, similar to the TIOCSTI
keystroke injection attacks that were previously possible with
TIOCSTI and other TIOCL_SETSEL selection modes.
Many programs (including libreadline/bash) are then prone to
misinterpret these mouse reports as normal keyboard input because
they do not expect input in the X11 mouse protocol form. The
attacker does not have complete control over the escape sequence,
but they can at least control the values of two consecutive bytes
in the binary mouse reporting escape sequence.
I went into more detail on that in the discussion at
https://lore.kernel.org/all/20250221.0a947528d8f3@gnoack.org/
It is not equally trivial to simulate arbitrary keystrokes as it
was with TIOCSTI (commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be
disabled")), but the general mechanism is there, and together with
the small number of existing legit use cases (see below), it would
be better to revert back to requiring CAP_SYS_ADMIN for
TIOCL_SELMOUSEREPORT, as it was already the case before
commit 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes without
CAP_SYS_ADMIN").
3. TIOCL_SELMOUSEREPORT is only used by the mouse daemons (GPM or
Consolation), and they are the only legit use case:
To quote console_codes(4):
The mouse tracking facility is intended to return
xterm(1)-compatible mouse status reports. Because the console
driver has no way to know the device or type of the mouse, these
reports are returned in the console input stream only when the
virtual terminal driver receives a mouse update ioctl. These
ioctls must be generated by a mouse-aware user-mode application
such as the gpm(8) daemon.
Jared Finder has also confirmed in
https://lore.kernel.org/all/491f3df9de6593df8e70dbe77614b026@finder.org/
that Emacs does not call TIOCL_SELMOUSEREPORT directly, and it
would be difficult to find good reasons for doing that, given that
it would interfere with the reports that GPM is sending.
More information on the interaction between GPM, terminals and the
kernel with additional pointers is also available in this patch:
https://lore.kernel.org/all/a773e48920aa104a65073671effbdee665c105fc.160396…
For background on who else uses TIOCL_SELMOUSEREPORT: Debian Code
search finds one page of results, the only two known callers are
the two mouse daemons GPM and Consolation. (GPM does not show up
in the search results because it uses literal numbers to refer to
TIOCLINUX-related enums. I looked through GPM by hand instead.
TIOCL_SELMOUSEREPORT is also not used from libgpm.)
https://codesearch.debian.net/search?q=TIOCL_SELMOUSEREPORT
Cc: Jared Finder <jared(a)finder.org>
Cc: Jann Horn <jannh(a)google.com>
Cc: Hanno Böck <hanno(a)hboeck.de>
Cc: Jiri Slaby <jirislaby(a)kernel.org>
Cc: Kees Cook <kees(a)kernel.org>
Cc: stable(a)vger.kernel.org
Fixes: 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN")
Signed-off-by: Günther Noack <gnoack3000(a)gmail.com>
---
drivers/tty/vt/selection.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/tty/vt/selection.c b/drivers/tty/vt/selection.c
index 0bd6544e30a6b..791e2f1f7c0b6 100644
--- a/drivers/tty/vt/selection.c
+++ b/drivers/tty/vt/selection.c
@@ -193,13 +193,12 @@ int set_selection_user(const struct tiocl_selection __user *sel,
return -EFAULT;
/*
- * TIOCL_SELCLEAR, TIOCL_SELPOINTER and TIOCL_SELMOUSEREPORT are OK to
- * use without CAP_SYS_ADMIN as they do not modify the selection.
+ * TIOCL_SELCLEAR and TIOCL_SELPOINTER are OK to use without
+ * CAP_SYS_ADMIN as they do not modify the selection.
*/
switch (v.sel_mode) {
case TIOCL_SELCLEAR:
case TIOCL_SELPOINTER:
- case TIOCL_SELMOUSEREPORT:
break;
default:
if (!capable(CAP_SYS_ADMIN))
base-commit: 27102b38b8ca7ffb1622f27bcb41475d121fb67f
--
2.48.1
5 months, 2 weeks
- 1
- 1
[PATCH v2 01/22] rv: Fix out-of-bound memory access in rv_is_container_monitor()
by Nam Cao
When rv_is_container_monitor() is called on the last monitor in
rv_monitors_list, KASAN yells:
BUG: KASAN: global-out-of-bounds in rv_is_container_monitor+0x101/0x110
Read of size 8 at addr ffffffff97c7c798 by task setup/221
The buggy address belongs to the variable:
rv_monitors_list+0x18/0x40
This is due to list_next_entry() is called on the last entry in the list.
It wraps around to the first list_head, and the first list_head is not
embedded in struct rv_monitor_def.
Fix it by checking if the monitor is last in the list.
Fixes: cb85c660fcd4 ("rv: Add option for nested monitors and include sched")
Signed-off-by: Nam Cao <namcao(a)linutronix.de>
Cc: stable(a)vger.kernel.org
---
kernel/trace/rv/rv.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/kernel/trace/rv/rv.c b/kernel/trace/rv/rv.c
index 50344aa9f7f9..544acb1f6a33 100644
--- a/kernel/trace/rv/rv.c
+++ b/kernel/trace/rv/rv.c
@@ -225,7 +225,12 @@ bool rv_is_nested_monitor(struct rv_monitor_def *mdef)
*/
bool rv_is_container_monitor(struct rv_monitor_def *mdef)
{
- struct rv_monitor_def *next = list_next_entry(mdef, list);
+ struct rv_monitor_def *next;
+
+ if (list_is_last(&mdef->list, &rv_monitors_list))
+ return false;
+
+ next = list_next_entry(mdef, list);
return next->parent == mdef->monitor || !mdef->monitor->enable;
}
--
2.39.5
5 months, 2 weeks
- 1
- 0
[PATCH 6.14.y 0/7] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
by Anshuman Khandual
This series adds fine grained trap control in EL2 required for FEAT_PMUv3p9
registers like PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 which are already
being used in the kernel. This is required to prevent their EL1 access trap
into EL2.
The following commits that enabled access into FEAT_PMUv3p9 registers have
already been merged upstream from 6.13 onwards.
d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter")
0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control")
The sysreg patches in this series are required for the final patch which
fixes the actual problem.
Anshuman Khandual (7):
arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1
arm64/sysreg: Add register fields for HDFGRTR2_EL2
arm64/sysreg: Add register fields for HDFGWTR2_EL2
arm64/sysreg: Add register fields for HFGITR2_EL2
arm64/sysreg: Add register fields for HFGRTR2_EL2
arm64/sysreg: Add register fields for HFGWTR2_EL2
arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
Documentation/arch/arm64/booting.rst | 22 ++++++
arch/arm64/include/asm/el2_setup.h | 25 +++++++
arch/arm64/tools/sysreg | 103 +++++++++++++++++++++++++++
3 files changed, 150 insertions(+)
--
2.30.2
5 months, 2 weeks
- 2
- 15
[PATCH] ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
by Andreas Kemnade
The late init call just writes to omap4 registers as soon as
CONFIG_MFD_CPCAP is enabled without checking whether the
cpcap driver is actually there or the SoC is indeed an
OMAP4.
Rather do these things only with the right device combination.
Fixes booting the BT200 with said configuration enabled and non-factory
X-Loader and probably also some surprising behavior on other devices.
Fixes: c145649bf262 ("ARM: OMAP2+: Configure voltage controller for cpcap to low-speed")
CC: <stable(a)vger.kernel.org>
Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info>
---
arch/arm/mach-omap2/pmic-cpcap.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/arm/mach-omap2/pmic-cpcap.c b/arch/arm/mach-omap2/pmic-cpcap.c
index 4f31e61c0c90..9f9a20274db8 100644
--- a/arch/arm/mach-omap2/pmic-cpcap.c
+++ b/arch/arm/mach-omap2/pmic-cpcap.c
@@ -264,7 +264,11 @@ int __init omap4_cpcap_init(void)
static int __init cpcap_late_init(void)
{
- omap4_vc_set_pmic_signaling(PWRDM_POWER_RET);
+ if (!of_find_compatible_node(NULL, NULL, "motorola,cpcap"))
+ return 0;
+
+ if (soc_is_omap443x() || soc_is_omap446x() || soc_is_omap447x())
+ omap4_vc_set_pmic_signaling(PWRDM_POWER_RET);
return 0;
}
--
2.39.5
5 months, 2 weeks
- 3
- 2
[PATCH] KVM: x86: forcibly leave SMM mode on vCPU reset
by Mikhail Lobanov
Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode
on vCPU reset") addressed an issue where a triple fault occurring in
nested mode could lead to use-after-free scenarios. However, the commit
did not handle the analogous situation for System Management Mode (SMM).
This omission results in triggering a WARN when a vCPU reset occurs
while still in SMM mode, due to the check in kvm_vcpu_reset(). This
situation was reprodused using Syzkaller by:
1) Creating a KVM VM and vCPU
2) Sending a KVM_SMI ioctl to explicitly enter SMM
3) Executing invalid instructions causing consecutive exceptions and
eventually a triple fault
The issue manifests as follows:
WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112
kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112
Modules linked in:
CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted
6.1.130-syzkaller-00157-g164fe5dde9b6 #0
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112
Call Trace:
<TASK>
shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136
svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395
svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457
vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline]
vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062
kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283
kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Considering that hardware CPUs exit SMM mode completely upon receiving
a triple fault by triggering a hardware reset (which inherently leads
to exiting SMM), explicitly perform SMM exit prior to the WARN check.
Although subsequent code clears vCPU hflags, including the SMM flag,
calling kvm_smm_changed ensures the exit from SMM is handled correctly
and explicitly, aligning precisely with hardware behavior.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset")
Cc: stable(a)vger.kernel.org
Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru>
---
arch/x86/kvm/x86.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4b64ab350bcd..f1c95c21703a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -12409,6 +12409,9 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
if (is_guest_mode(vcpu))
kvm_leave_nested(vcpu);
+ if (is_smm(vcpu))
+ kvm_smm_changed(vcpu, false);
+
kvm_lapic_reset(vcpu, init_event);
WARN_ON_ONCE(is_guest_mode(vcpu) || is_smm(vcpu));
--
2.47.2
5 months, 2 weeks
- 2
- 1
[PATCH v2 0/3] mm: Fix apply_to_pte_range() vs lazy MMU mode
by Alexander Gordeev
Hi All,
Chages since v1:
- left fixes only, improvements will be posted separately;
- Fixes: and -stable tags added to patch descriptions;
This series is an attempt to fix the violation of lazy MMU mode context
requirement as described for arch_enter_lazy_mmu_mode():
This mode can only be entered and left under the protection of
the page table locks for all page tables which may be modified.
On s390 if I make arch_enter_lazy_mmu_mode() -> preempt_enable() and
arch_leave_lazy_mmu_mode() -> preempt_disable() I am getting this:
[ 553.332108] preempt_count: 1, expected: 0
[ 553.332117] no locks held by multipathd/2116.
[ 553.332128] CPU: 24 PID: 2116 Comm: multipathd Kdump: loaded Tainted:
[ 553.332139] Hardware name: IBM 3931 A01 701 (LPAR)
[ 553.332146] Call Trace:
[ 553.332152] [<00000000158de23a>] dump_stack_lvl+0xfa/0x150
[ 553.332167] [<0000000013e10d12>] __might_resched+0x57a/0x5e8
[ 553.332178] [<00000000144eb6c2>] __alloc_pages+0x2ba/0x7c0
[ 553.332189] [<00000000144d5cdc>] __get_free_pages+0x2c/0x88
[ 553.332198] [<00000000145663f6>] kasan_populate_vmalloc_pte+0x4e/0x110
[ 553.332207] [<000000001447625c>] apply_to_pte_range+0x164/0x3c8
[ 553.332218] [<000000001448125a>] apply_to_pmd_range+0xda/0x318
[ 553.332226] [<000000001448181c>] __apply_to_page_range+0x384/0x768
[ 553.332233] [<0000000014481c28>] apply_to_page_range+0x28/0x38
[ 553.332241] [<00000000145665da>] kasan_populate_vmalloc+0x82/0x98
[ 553.332249] [<00000000144c88d0>] alloc_vmap_area+0x590/0x1c90
[ 553.332257] [<00000000144ca108>] __get_vm_area_node.constprop.0+0x138/0x260
[ 553.332265] [<00000000144d17fc>] __vmalloc_node_range+0x134/0x360
[ 553.332274] [<0000000013d5dbf2>] alloc_thread_stack_node+0x112/0x378
[ 553.332284] [<0000000013d62726>] dup_task_struct+0x66/0x430
[ 553.332293] [<0000000013d63962>] copy_process+0x432/0x4b80
[ 553.332302] [<0000000013d68300>] kernel_clone+0xf0/0x7d0
[ 553.332311] [<0000000013d68bd6>] __do_sys_clone+0xae/0xc8
[ 553.332400] [<0000000013d68dee>] __s390x_sys_clone+0xd6/0x118
[ 553.332410] [<0000000013c9d34c>] do_syscall+0x22c/0x328
[ 553.332419] [<00000000158e7366>] __do_syscall+0xce/0xf0
[ 553.332428] [<0000000015913260>] system_call+0x70/0x98
This exposes a KASAN issue fixed with patch 1 and apply_to_pte_range()
issue fixed with patch 3, while patch 2 is a prerequisite.
Commit b9ef323ea168 ("powerpc/64s: Disable preemption in hash lazy mmu
mode") looks like powerpc-only fix, yet not entirely conforming to the
above provided requirement (page tables itself are still not protected).
If I am not mistaken, xen and sparc are alike.
Thanks!
Alexander Gordeev (3):
kasan: Avoid sleepable page allocation from atomic context
mm: Cleanup apply_to_pte_range() routine
mm: Protect kernel pgtables in apply_to_pte_range()
mm/kasan/shadow.c | 9 +++------
mm/memory.c | 33 +++++++++++++++++++++------------
2 files changed, 24 insertions(+), 18 deletions(-)
--
2.45.2
5 months, 2 weeks
- 3
- 9
[to-be-updated] mm-protect-kernel-pgtables-in-apply_to_pte_range.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: protect kernel pgtables in apply_to_pte_range()
has been removed from the -mm tree. Its filename was
mm-protect-kernel-pgtables-in-apply_to_pte_range.patch
This patch was dropped because an updated version will be issued
------------------------------------------------------
From: Alexander Gordeev <agordeev(a)linux.ibm.com>
Subject: mm: protect kernel pgtables in apply_to_pte_range()
Date: Tue, 8 Apr 2025 18:07:32 +0200
The lazy MMU mode can only be entered and left under the protection of the
page table locks for all page tables which may be modified. Yet, when it
comes to kernel mappings apply_to_pte_range() does not take any locks.
That does not conform arch_enter|leave_lazy_mmu_mode() semantics and could
potentially lead to re-schedulling a process while in lazy MMU mode or
racing on a kernel page table updates.
Link: https://lkml.kernel.org/r/ef8f6538b83b7fc3372602f90375348f9b4f3596.17441281…
Fixes: 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates")
Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Guenetr Roeck <linux(a)roeck-us.net>
Cc: Hugh Dickins <hughd(a)google.com>
Cc: Jeremy Fitzhardinge <jeremy(a)goop.org>
Cc: Juegren Gross <jgross(a)suse.com>
Cc: Nicholas Piggin <npiggin(a)gmail.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/kasan/shadow.c | 7 ++-----
mm/memory.c | 5 ++++-
2 files changed, 6 insertions(+), 6 deletions(-)
--- a/mm/kasan/shadow.c~mm-protect-kernel-pgtables-in-apply_to_pte_range
+++ a/mm/kasan/shadow.c
@@ -308,14 +308,14 @@ static int kasan_populate_vmalloc_pte(pt
__memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE);
pte = pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL);
- spin_lock(&init_mm.page_table_lock);
if (likely(pte_none(ptep_get(ptep)))) {
set_pte_at(&init_mm, addr, ptep, pte);
page = 0;
}
- spin_unlock(&init_mm.page_table_lock);
+
if (page)
free_page(page);
+
return 0;
}
@@ -401,13 +401,10 @@ static int kasan_depopulate_vmalloc_pte(
page = (unsigned long)__va(pte_pfn(ptep_get(ptep)) << PAGE_SHIFT);
- spin_lock(&init_mm.page_table_lock);
-
if (likely(!pte_none(ptep_get(ptep)))) {
pte_clear(&init_mm, addr, ptep);
free_page(page);
}
- spin_unlock(&init_mm.page_table_lock);
return 0;
}
--- a/mm/memory.c~mm-protect-kernel-pgtables-in-apply_to_pte_range
+++ a/mm/memory.c
@@ -2926,6 +2926,7 @@ static int apply_to_pte_range(struct mm_
pte = pte_offset_kernel(pmd, addr);
if (!pte)
return err;
+ spin_lock(&init_mm.page_table_lock);
} else {
if (create)
pte = pte_alloc_map_lock(mm, pmd, addr, &ptl);
@@ -2951,7 +2952,9 @@ static int apply_to_pte_range(struct mm_
arch_leave_lazy_mmu_mode();
- if (mm != &init_mm)
+ if (mm == &init_mm)
+ spin_unlock(&init_mm.page_table_lock);
+ else
pte_unmap_unlock(mapped_pte, ptl);
*mask |= PGTBL_PTE_MODIFIED;
_
Patches currently in -mm which might be from agordeev(a)linux.ibm.com are
5 months, 2 weeks
- 1
- 0
[to-be-updated] mm-cleanup-apply_to_pte_range-routine.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: clean up apply_to_pte_range()
has been removed from the -mm tree. Its filename was
mm-cleanup-apply_to_pte_range-routine.patch
This patch was dropped because an updated version will be issued
------------------------------------------------------
From: Alexander Gordeev <agordeev(a)linux.ibm.com>
Subject: mm: clean up apply_to_pte_range()
Date: Tue, 8 Apr 2025 18:07:31 +0200
Reverse 'create' vs 'mm == &init_mm' conditions and move page table mask
modification out of the atomic context. This is a prerequisite for fixing
missing kernel page tables lock.
Link: https://lkml.kernel.org/r/0c65bc334f17ff1d7d92d31c69d7065769bbce4e.17441281…
Fixes: 38e0edb15bd0 ("mm/apply_to_range: call pte function with lazy updates")
Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Guenetr Roeck <linux(a)roeck-us.net>
Cc: Hugh Dickins <hughd(a)google.com>
Cc: Jeremy Fitzhardinge <jeremy(a)goop.org>
Cc: Juegren Gross <jgross(a)suse.com>
Cc: Nicholas Piggin <npiggin(a)gmail.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/memory.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
--- a/mm/memory.c~mm-cleanup-apply_to_pte_range-routine
+++ a/mm/memory.c
@@ -2915,24 +2915,28 @@ static int apply_to_pte_range(struct mm_
pte_fn_t fn, void *data, bool create,
pgtbl_mod_mask *mask)
{
+ int err = create ? -ENOMEM : -EINVAL;
pte_t *pte, *mapped_pte;
- int err = 0;
spinlock_t *ptl;
- if (create) {
- mapped_pte = pte = (mm == &init_mm) ?
- pte_alloc_kernel_track(pmd, addr, mask) :
- pte_alloc_map_lock(mm, pmd, addr, &ptl);
+ if (mm == &init_mm) {
+ if (create)
+ pte = pte_alloc_kernel_track(pmd, addr, mask);
+ else
+ pte = pte_offset_kernel(pmd, addr);
if (!pte)
- return -ENOMEM;
+ return err;
} else {
- mapped_pte = pte = (mm == &init_mm) ?
- pte_offset_kernel(pmd, addr) :
- pte_offset_map_lock(mm, pmd, addr, &ptl);
+ if (create)
+ pte = pte_alloc_map_lock(mm, pmd, addr, &ptl);
+ else
+ pte = pte_offset_map_lock(mm, pmd, addr, &ptl);
if (!pte)
- return -EINVAL;
+ return err;
+ mapped_pte = pte;
}
+ err = 0;
arch_enter_lazy_mmu_mode();
if (fn) {
@@ -2944,12 +2948,14 @@ static int apply_to_pte_range(struct mm_
}
} while (addr += PAGE_SIZE, addr != end);
}
- *mask |= PGTBL_PTE_MODIFIED;
arch_leave_lazy_mmu_mode();
if (mm != &init_mm)
pte_unmap_unlock(mapped_pte, ptl);
+
+ *mask |= PGTBL_PTE_MODIFIED;
+
return err;
}
_
Patches currently in -mm which might be from agordeev(a)linux.ibm.com are
mm-protect-kernel-pgtables-in-apply_to_pte_range.patch
5 months, 2 weeks
- 1
- 0
[to-be-updated] kasan-avoid-sleepable-page-allocation-from-atomic-context.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: kasan: avoid sleepable page allocation from atomic context
has been removed from the -mm tree. Its filename was
kasan-avoid-sleepable-page-allocation-from-atomic-context.patch
This patch was dropped because an updated version will be issued
------------------------------------------------------
From: Alexander Gordeev <agordeev(a)linux.ibm.com>
Subject: kasan: avoid sleepable page allocation from atomic context
Date: Tue, 8 Apr 2025 18:07:30 +0200
Patch series "mm: Fix apply_to_pte_range() vs lazy MMU mode", v2.
This series is an attempt to fix the violation of lazy MMU mode context
requirement as described for arch_enter_lazy_mmu_mode():
This mode can only be entered and left under the protection of
the page table locks for all page tables which may be modified.
On s390 if I make arch_enter_lazy_mmu_mode() -> preempt_enable() and
arch_leave_lazy_mmu_mode() -> preempt_disable() I am getting this:
[ 553.332108] preempt_count: 1, expected: 0
[ 553.332117] no locks held by multipathd/2116.
[ 553.332128] CPU: 24 PID: 2116 Comm: multipathd Kdump: loaded Tainted:
[ 553.332139] Hardware name: IBM 3931 A01 701 (LPAR)
[ 553.332146] Call Trace:
[ 553.332152] [<00000000158de23a>] dump_stack_lvl+0xfa/0x150
[ 553.332167] [<0000000013e10d12>] __might_resched+0x57a/0x5e8
[ 553.332178] [<00000000144eb6c2>] __alloc_pages+0x2ba/0x7c0
[ 553.332189] [<00000000144d5cdc>] __get_free_pages+0x2c/0x88
[ 553.332198] [<00000000145663f6>] kasan_populate_vmalloc_pte+0x4e/0x110
[ 553.332207] [<000000001447625c>] apply_to_pte_range+0x164/0x3c8
[ 553.332218] [<000000001448125a>] apply_to_pmd_range+0xda/0x318
[ 553.332226] [<000000001448181c>] __apply_to_page_range+0x384/0x768
[ 553.332233] [<0000000014481c28>] apply_to_page_range+0x28/0x38
[ 553.332241] [<00000000145665da>] kasan_populate_vmalloc+0x82/0x98
[ 553.332249] [<00000000144c88d0>] alloc_vmap_area+0x590/0x1c90
[ 553.332257] [<00000000144ca108>] __get_vm_area_node.constprop.0+0x138/0x260
[ 553.332265] [<00000000144d17fc>] __vmalloc_node_range+0x134/0x360
[ 553.332274] [<0000000013d5dbf2>] alloc_thread_stack_node+0x112/0x378
[ 553.332284] [<0000000013d62726>] dup_task_struct+0x66/0x430
[ 553.332293] [<0000000013d63962>] copy_process+0x432/0x4b80
[ 553.332302] [<0000000013d68300>] kernel_clone+0xf0/0x7d0
[ 553.332311] [<0000000013d68bd6>] __do_sys_clone+0xae/0xc8
[ 553.332400] [<0000000013d68dee>] __s390x_sys_clone+0xd6/0x118
[ 553.332410] [<0000000013c9d34c>] do_syscall+0x22c/0x328
[ 553.332419] [<00000000158e7366>] __do_syscall+0xce/0xf0
[ 553.332428] [<0000000015913260>] system_call+0x70/0x98
This exposes a KASAN issue fixed with patch 1 and apply_to_pte_range()
issue fixed with patch 3, while patch 2 is a prerequisite.
Commit b9ef323ea168 ("powerpc/64s: Disable preemption in hash lazy mmu
mode") looks like powerpc-only fix, yet not entirely conforming to the
above provided requirement (page tables itself are still not protected).
If I am not mistaken, xen and sparc are alike.
This patch (of 3):
apply_to_page_range() enters lazy MMU mode and then invokes
kasan_populate_vmalloc_pte() callback on each page table walk iteration.
The lazy MMU mode may only be entered only under protection of the page
table lock. However, the callback can go into sleep when trying to
allocate a single page.
Change __get_free_page() allocation mode from GFP_KERNEL to GFP_ATOMIC to
avoid scheduling out while in atomic context.
Link: https://lkml.kernel.org/r/cover.1744128123.git.agordeev@linux.ibm.com
Link: https://lkml.kernel.org/r/2d9f4ac4528701b59d511a379a60107fa608ad30.17441281…
Fixes: 3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory")
Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Guenetr Roeck <linux(a)roeck-us.net>
Cc: Hugh Dickins <hughd(a)google.com>
Cc: Jeremy Fitzhardinge <jeremy(a)goop.org>
Cc: Juegren Gross <jgross(a)suse.com>
Cc: Nicholas Piggin <npiggin(a)gmail.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/kasan/shadow.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/kasan/shadow.c~kasan-avoid-sleepable-page-allocation-from-atomic-context
+++ a/mm/kasan/shadow.c
@@ -301,7 +301,7 @@ static int kasan_populate_vmalloc_pte(pt
if (likely(!pte_none(ptep_get(ptep))))
return 0;
- page = __get_free_page(GFP_KERNEL);
+ page = __get_free_page(GFP_ATOMIC);
if (!page)
return -ENOMEM;
_
Patches currently in -mm which might be from agordeev(a)linux.ibm.com are
mm-cleanup-apply_to_pte_range-routine.patch
mm-protect-kernel-pgtables-in-apply_to_pte_range.patch
5 months, 2 weeks
- 1
- 0
vmbus CVE-2024-36912 CVE-2024-36913
by He Zhe
Hello,
I'm investigating if v5.15 and early versions are vulnerable to the following CVEs. Could you please help confirm the following cases?
For CVE-2024-36912, the suggested fix is 211f514ebf1e ("Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl") according to https://www.cve.org/CVERecord?id=CVE-2024-36912
It seems 211f514ebf1e is based on d4dccf353db8 ("Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM") which was introduced since v5.16. For v5.15 and early versions, vmbus ring buffer hadn't been made visible to host, so there's no need to backport 211f514ebf1e to those versions, right?
For CVE-2024-36913, the suggested fix is 03f5a999adba ("Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails") according to https://www.cve.org/CVERecord?id=CVE-2024-36913
It seems 03f5a999adba is based on f2f136c05fb6 ("Drivers: hv: vmbus: Add SNP support for VMbus channel initiate message") which was introduced since v5.16. For v5.15 and early verions, monitor pages hadn't been made visible to host, so there's no need to backport 03f5a999adba to those versions, right?
Thanks,
Zhe
5 months, 2 weeks
- 2
- 1
[PATCH 5.15 v3 00/11] KVM: arm64: Backport of SVE fixes to v5.15
by Mark Brown
This series backports some recent fixes for SVE/KVM interactions from
Mark Rutland to v5.15.
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
Changes in v3:
- Explicitly include "KVM: arm64: Always start with clearing SVE flag on
load", it was included previously as part of a conflcit resolution.
- Link to v2: https://lore.kernel.org/r/20250403-stable-sve-5-15-v2-0-30a36a78a20a@kernel…
Changes in v2:
- Resend with Greg and the stable list added.
- Link to v1: https://lore.kernel.org/r/20250402-stable-sve-5-15-v1-0-84d0e5ff1102@kernel…
---
Fuad Tabba (1):
KVM: arm64: Calculate cptr_el2 traps on activating traps
Marc Zyngier (2):
KVM: arm64: Get rid of host SVE tracking/saving
KVM: arm64: Always start with clearing SVE flag on load
Mark Brown (4):
KVM: arm64: Discard any SVE state when entering KVM guests
arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
arm64/fpsimd: Have KVM explicitly say which FP registers to save
arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM
Mark Rutland (4):
KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
KVM: arm64: Remove host FPSIMD saving for non-protected KVM
KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
KVM: arm64: Eagerly switch ZCR_EL{1,2}
arch/arm64/include/asm/fpsimd.h | 4 +-
arch/arm64/include/asm/kvm_host.h | 17 +++--
arch/arm64/include/asm/kvm_hyp.h | 7 ++
arch/arm64/include/asm/processor.h | 7 ++
arch/arm64/kernel/fpsimd.c | 117 +++++++++++++++++++++++---------
arch/arm64/kernel/process.c | 3 +
arch/arm64/kernel/ptrace.c | 3 +
arch/arm64/kernel/signal.c | 3 +
arch/arm64/kvm/arm.c | 1 -
arch/arm64/kvm/fpsimd.c | 72 +++++++++-----------
arch/arm64/kvm/hyp/entry.S | 5 ++
arch/arm64/kvm/hyp/include/hyp/switch.h | 86 +++++++++++++++--------
arch/arm64/kvm/hyp/nvhe/hyp-main.c | 9 ++-
arch/arm64/kvm/hyp/nvhe/switch.c | 52 +++++++++-----
arch/arm64/kvm/hyp/vhe/switch.c | 4 ++
arch/arm64/kvm/reset.c | 3 +
16 files changed, 266 insertions(+), 127 deletions(-)
---
base-commit: 0c935c049b5c196b83b968c72d348ae6fff83ea2
change-id: 20250326-stable-sve-5-15-bfd75482dcfa
Best regards,
--
Mark Brown <broonie(a)kernel.org>
5 months, 2 weeks
- 2
- 16
[PATCH 6.12 000/426] 6.12.23-rc3 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.23 release.
There are 426 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 11 Apr 2025 11:58:05 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.23-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.23-rc3
Dan Carpenter <dan.carpenter(a)linaro.org>
platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Do not use PERF enums when perf is not defined
Nathan Chancellor <nathan(a)kernel.org>
ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
Chuck Lever <chuck.lever(a)oracle.com>
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Chuck Lever <chuck.lever(a)oracle.com>
NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
Chuck Lever <chuck.lever(a)oracle.com>
NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs()
Olga Kornievskaia <okorniev(a)redhat.com>
nfsd: fix management of listener transports
Li Lingfeng <lilingfeng3(a)huawei.com>
nfsd: put dl_stid if fail to queue dl_recall
Jeff Layton <jlayton(a)kernel.org>
nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
Murad Masimov <m.masimov(a)mt-integration.ru>
media: streamzap: fix race between device disconnection and urb callback
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
media: vimc: skip .s_stream() for stopped entities
Oleg Nesterov <oleg(a)redhat.com>
exec: fix the racy usage of fs_struct->in_exec
Yosry Ahmed <yosry.ahmed(a)linux.dev>
mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
Roman Smirnov <r.smirnov(a)omp.ru>
jfs: add index corruption check to DT_GETPAGE()
Qasim Ijaz <qasdev00(a)gmail.com>
jfs: fix slab-out-of-bounds read in ea_get()
Acs, Jakub <acsjakub(a)amazon.de>
ext4: fix OOB read when checking dotdot dir
Theodore Ts'o <tytso(a)mit.edu>
ext4: don't over-report free space or inodes in statvfs
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7921: fix kernel panic due to null pointer dereference
Angelos Oikonomopoulos <angelos(a)igalia.com>
arm64: Don't call NULL in do_compat_alignment_fixup()
David Hildenbrand <david(a)redhat.com>
mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
Ran Xiaokai <ran.xiaokai(a)zte.com.cn>
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Douglas Raillard <douglas.raillard(a)arm.com>
tracing: Fix synth event printk format for str fields
Douglas Raillard <douglas.raillard(a)arm.com>
tracing: Ensure module defining synth event cannot be unloaded while tracing
Tengda Wu <wutengda(a)huaweicloud.com>
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Sungjong Seo <sj1557.seo(a)samsung.com>
exfat: fix potential wrong error return from get_block
Sungjong Seo <sj1557.seo(a)samsung.com>
exfat: fix random stack corruption after get_block
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix null pointer dereference in alloc_preauth_hash()
Norbert Szetei <norbert(a)doyensec.com>
ksmbd: validate zero num_subauth before sub_auth is accessed
Norbert Szetei <norbert(a)doyensec.com>
ksmbd: fix overflow in dacloffset bounds check
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix session use-after-free in multichannel connection
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
Norbert Szetei <norbert(a)doyensec.com>
ksmbd: add bounds check for create lease context
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add bounds check for durable handle context
Sean Christopherson <seanjc(a)google.com>
KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
Ulf Hansson <ulf.hansson(a)linaro.org>
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
Karel Balej <balejk(a)matfyz.cz>
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Miaoqian Lin <linmq006(a)gmail.com>
mmc: omap: Fix memory leak in mmc_omap_new_slot
Candice Li <candice.li(a)amd.com>
Remove unnecessary firmware version check for gc v9_4_2
Robin Murphy <robin.murphy(a)arm.com>
media: omap3isp: Handle ARM dma_iommu_mapping
Christian Eggers <ceggers(a)arri.de>
ARM: 9444/1: add KEEP() keyword to ARM_VECTORS
Paul Menzel <pmenzel(a)molgen.mpg.de>
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Murad Masimov <m.masimov(a)mt-integration.ru>
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com>
wifi: mt76: mt7925: remove unused acpi function for clc
Jann Horn <jannh(a)google.com>
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Guilherme G. Piccoli <gpiccoli(a)igalia.com>
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Arnd Bergmann <arnd(a)arndb.de>
x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
Joe Damato <jdamato(a)fastly.com>
idpf: Don't hard code napi_struct size
Jiri Olsa <jolsa(a)kernel.org>
uprobes/x86: Harden uretprobe syscall trampoline check
Kan Liang <kan.liang(a)linux.intel.com>
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
Peter Zijlstra (Intel) <peterz(a)infradead.org>
perf/x86/intel: Apply static call for drain_pebs
Markus Elfring <elfring(a)users.sourceforge.net>
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
platform/x86: ISST: Correct command storage data length
Eduard Christian Dumitrescu <eduard.c.dumitrescu(a)gmail.com>
platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560
Hans de Goede <hdegoede(a)redhat.com>
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
Vishal Annapurve <vannapurve(a)google.com>
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
Shuai Xue <xueshuai(a)linux.alibaba.com>
x86/mce: use is_copy_from_user() to determine copy-from-user context
Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected
Tianyu Lan <tiala(a)microsoft.com>
x86/hyperv: Fix check of return value from snp_set_vmsa()
Hengqi Chen <hengqi.chen(a)gmail.com>
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
Hengqi Chen <hengqi.chen(a)gmail.com>
LoongArch: BPF: Don't override subprog's return value
Hengqi Chen <hengqi.chen(a)gmail.com>
LoongArch: BPF: Fix off-by-one error in build_prologue()
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Increase MAX_IO_PICS up to 8
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
WANG Rui <wangrui(a)loongson.cn>
rust: Fix enabling Rust and building with GCC for LoongArch
Ying Lu <luying1(a)xiaomi.com>
usbnet:fix NPE during rx_complete
Alexander Wetzel <Alexander(a)wetzel-home.de>
wifi: mac80211: Fix sparse warning for monitor_sdata
Sherry Sun <sherry.sun(a)nxp.com>
tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register
Sherry Sun <sherry.sun(a)nxp.com>
tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
Sherry Sun <sherry.sun(a)nxp.com>
tty: serial: fsl_lpuart: use port struct directly to simply code
Sherry Sun <sherry.sun(a)nxp.com>
tty: serial: fsl_lpuart: Use u32 and u8 for register variables
Abel Wu <wuyun.abel(a)bytedance.com>
cgroup/rstat: Fix forceidle time in cpu.stat
Joshua Hahn <joshua.hahn6(a)gmail.com>
cgroup/rstat: Tracking cgroup-level niced CPU time
Tengda Wu <wutengda(a)huaweicloud.com>
tracing: Correct the refcount if the hist/hist_debug file fails to open
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing/hist: Support POLLPRI event for poll on histogram
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing/hist: Add poll(POLLIN) support on hist file
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Switch trace_events_hist.c code over to use guard()
Len Brown <len.brown(a)intel.com>
tools/power turbostat: report CoreThr per measurement interval
Yeoreum Yun <yeoreum.yun(a)arm.com>
perf/core: Fix child_total_time_enabled accounting bug at task exit
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/gfx12: fix num_mec
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/gfx11: fix num_mec
Alexandru Gagniuc <alexandru.gagniuc(a)hp.com>
kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
Dave Marquardt <davemarq(a)linux.ibm.com>
net: ibmveth: make veth_pool_store stop hanging
Henry Martin <bsdhenrymartin(a)gmail.com>
arcnet: Add NULL check in com20020pci_probe()
Ido Schimmel <idosch(a)nvidia.com>
ipv6: Do not consider link down nexthops in path selection
Ido Schimmel <idosch(a)nvidia.com>
ipv6: Start path selection from the first nexthop
Lin Ma <linma(a)zju.edu.cn>
net: fix geneve_opt length integer overflow
David Oberhollenzer <david.oberhollenzer(a)sigma-star.at>
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
Fernando Fernandez Mancera <ffmancera(a)riseup.net>
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Lin Ma <linma(a)zju.edu.cn>
netfilter: nft_tunnel: fix geneve_opt type confusion addition
Antoine Tenart <atenart(a)kernel.org>
net: decrease cached dst counters in dst_release
Guillaume Nault <gnault(a)redhat.com>
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: avoid timeout during connect() if the socket is closing
Kuniyuki Iwashima <kuniyu(a)amazon.com>
udp: Fix memory accounting leak.
Kuniyuki Iwashima <kuniyu(a)amazon.com>
udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
Tobias Waldekranz <tobias(a)waldekranz.com>
net: mvpp2: Prevent parser TCAM memory corruption
Eric Dumazet <edumazet(a)google.com>
sctp: add mutual exclusion in proc_sctp_do_udp_port()
Cong Wang <xiyou.wangcong(a)gmail.com>
net_sched: skbprio: Remove overly strict queue assertions
Debin Zhu <mowenroot(a)163.com>
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Florian Westphal <fw(a)strlen.de>
netfilter: nf_tables: don't unregister hook when table is dormant
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Emil Tantilov <emil.s.tantilov(a)intel.com>
idpf: fix adapter NULL pointer dereference on reboot
Vitaly Lifshits <vitaly.lifshits(a)intel.com>
e1000e: change k1 configuration on MTP and later platforms
Florian Fainelli <florian.fainelli(a)broadcom.com>
spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
Florian Fainelli <florian.fainelli(a)broadcom.com>
spi: bcm2835: Do not call gpiod_put() on invalid descriptor
Henry Martin <bsdhenrymartin(a)gmail.com>
ASoC: imx-card: Add NULL check in imx_card_probe()
Caleb Sander Mateos <csander(a)purestorage.com>
nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
Björn Töpel <bjorn(a)rivosinc.com>
riscv/purgatory: 4B align purgatory_start
Yao Zi <ziyao(a)disroot.org>
riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
Alexandre Ghiti <alexghiti(a)rivosinc.com>
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
Josh Poimboeuf <jpoimboe(a)kernel.org>
spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
Sven Schnelle <svens(a)linux.ibm.com>
s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation
Ming Lei <ming.lei(a)redhat.com>
ublk: make sure ubq->canceling is set when queue is frozen
Herton R. Krzesinski <herton(a)redhat.com>
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: errata: Use medany for relocatable builds
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
Richard Fitzgerald <rf(a)opensource.cirrus.com>
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
Nikita Shubin <n.shubin(a)yadro.com>
ntb: intel: Fix using link status DB's
Yajun Deng <yajun.deng(a)linux.dev>
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Juhan Jin <juhan.jin(a)foxmail.com>
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Christian Schoenebeck <linux_oss(a)crudebyte.com>
fs/9p: fix NULL pointer dereference on mkdir
Al Viro <viro(a)zeniv.linux.org.uk>
spufs: fix a leak in spufs_create_context()
Al Viro <viro(a)zeniv.linux.org.uk>
spufs: fix gang directory lifetimes
Al Viro <viro(a)zeniv.linux.org.uk>
spufs: fix a leak on spufs_new_file() failure
David Howells <dhowells(a)redhat.com>
netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int
Tasos Sahanidis <tasos(a)tasossah.com>
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Roger Quadros <rogerq(a)kernel.org>
memory: omap-gpmc: drop no compatible check
Oliver Hartkopp <socketcan(a)hartkopp.net>
can: statistics: use atomic access in hot path
Navon John Lukose <navonjohnlukose(a)gmail.com>
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Florian Westphal <fw(a)strlen.de>
selftests: netfilter: skip br_netfilter queue tests if kernel is tainted
Taehee Yoo <ap420073(a)gmail.com>
net: devmem: do not WARN conditionally after netdev_rx_queue_restart()
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Keep display off while going into S4
Keith Busch <kbusch(a)kernel.org>
nvme-pci: fix stuck reset on concurrent DPC and HP
Vladis Dronov <vdronov(a)redhat.com>
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
Michael Kelley <mhklinux(a)outlook.com>
x86/hyperv: Fix output argument to hypercall that changes page visibility
Waiman Long <longman(a)redhat.com>
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: fix SA Query processing in MLO
Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
Bard Liao <yung-chuan.liao(a)linux.intel.com>
ASoC: rt1320: set wake_capable = 0 explicitly
Alexey Klimov <alexey.klimov(a)linaro.org>
ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius
Naman Jain <namjain(a)linux.microsoft.com>
x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
Shrikanth Hegde <sshegde(a)linux.ibm.com>
sched/deadline: Use online cpus for validating runtime
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA
Yuezhang Mo <Yuezhang.Mo(a)sony.com>
exfat: add a check for invalid data size
Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com>
platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA
Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com>
platform/x86/amd/pmf: Propagate PMF-TA return codes
Wentao Guan <guanwentao(a)uniontech.com>
HID: i2c-hid: improve i2c_hid_get_report error message
Jakub Kicinski <kuba(a)kernel.org>
net: dsa: rtl8366rb: don't prompt users for LED control
David E. Box <david.e.box(a)linux.intel.com>
platform/x86/intel/vsec: Add Diamond Rapids support
Dmitry Panchenko <dmitry(a)d-systems.ee>
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
Namjae Jeon <linkinjeon(a)kernel.org>
cifs: fix incorrect validation for num_aces field of smb_acl
Namjae Jeon <linkinjeon(a)kernel.org>
smb: common: change the data type of num_aces to le16
Peter Zijlstra <peterz(a)infradead.org>
perf/core: Fix perf_pmu_register() vs. perf_init_event()
Daniel Bárta <daniel.barta(a)trustlab.cz>
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
Antheas Kapenekakis <lkml(a)antheas.dev>
ALSA: hda/realtek: Fix Asus Z13 2025 audio
Simon Tatham <anakin(a)pobox.com>
affs: don't write overlarge OFS data block size fields
Simon Tatham <anakin(a)pobox.com>
affs: generate OFS sequence numbers starting at 1
Matthias Proske <email(a)matthias-proske.de>
wifi: brcmfmac: keep power during suspend if board requires it
Icenowy Zheng <uwu(a)icenowy.me>
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Icenowy Zheng <uwu(a)icenowy.me>
nvme-pci: clean up CMBMSC when registering CMB fails
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: fix possible UAF in nvme_tcp_poll
Mike Lothian <mike(a)fireburn.co.uk>
ntsync: Set the permissions to be 0666
Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
wifi: iwlwifi: mvm: use the right version of the rate API
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: allocate chained SG tables for dump
Alexander Wetzel <Alexander(a)wetzel-home.de>
wifi: mac80211: remove debugfs dir for virtual monitor
Alexander Wetzel <Alexander(a)wetzel-home.de>
wifi: mac80211: Cleanup sta TXQs on flush
Dan Carpenter <dan.carpenter(a)linaro.org>
nfs: Add missing release on error in nfs_lock_and_join_requests()
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool/loongarch: Add unwind hints in prepare_frametrace()
Josh Poimboeuf <jpoimboe(a)kernel.org>
rcu-tasks: Always inline rcu_irq_work_resched()
Josh Poimboeuf <jpoimboe(a)kernel.org>
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
Josh Poimboeuf <jpoimboe(a)kernel.org>
sched/smt: Always inline sched_smt_active()
David Laight <david.laight.linux(a)gmail.com>
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
Geetha sowjanya <gakula(a)marvell.com>
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Geetha sowjanya <gakula(a)marvell.com>
octeontx2-af: Fix mbox INTR handler when num VFs > 64
Jim Liu <jim.t90615(a)gmail.com>
net: phy: broadcom: Correct BCM5221 PHY model detection
Giovanni Gherdovich <ggherdovich(a)suse.cz>
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Yuli Wang <wangyuli(a)uniontech.com>
LoongArch: Rework the arch_kgdb_breakpoint() implementation
Miaoqian Lin <linmq006(a)gmail.com>
LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
谢致邦 (XIE Zhibang) <Yeking(a)Red54.com>
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool: Fix segfault in ignore_unreachable_insn()
Feng Yang <yangfeng(a)kylinos.cn>
ring-buffer: Fix bytes_dropped calculation issue
Lama Kayal <lkayal(a)nvidia.com>
net/mlx5e: SHAMPO, Make reserved size independent of page size
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix r_count dec/increment mismatch
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix multichannel connection failure
Miaoqian Lin <linmq006(a)gmail.com>
ksmbd: use aead_request_free to match aead_request_alloc
Lubomir Rintel <lkundrak(a)v3.sk>
rndis_host: Flag RNDIS modems as WWAN devices
Mark Zhang <markzhang(a)nvidia.com>
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Yuezhang Mo <Yuezhang.Mo(a)sony.com>
exfat: fix missing shutdown check
Yuezhang Mo <Yuezhang.Mo(a)sony.com>
exfat: fix the infinite loop in exfat_find_last_cluster()
Wang Zhaolong <wangzhaolong1(a)huawei.com>
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Shut down the nfs_client only after all the superblocks
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
xueqin Luo <luoxueqin(a)kylinos.cn>
thermal: core: Remove duplicate struct declaration
Namhyung Kim <namhyung(a)kernel.org>
perf bpf-filter: Fix a parsing error with comma
Marcus Meissner <meissner(a)suse.de>
perf tools: annotate asm_pure_loop.S
Bart Van Assche <bvanassche(a)acm.org>
fs/procfs: fix the comment above proc_pid_wchan()
Ilkka Koskinen <ilkka(a)os.amperecomputing.com>
perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: n_tty: use uint for space returned by tty_write_room()
Stefan Wahren <wahrenst(a)gmx.net>
staging: vchiq_arm: Fix possible NPR of keep-alive thread
Stefan Wahren <wahrenst(a)gmx.net>
staging: vchiq_arm: Register debugfs after cdev
谢致邦 (XIE Zhibang) <Yeking(a)Red54.com>
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
James Clark <james.clark(a)linaro.org>
perf: intel-tpebs: Fix incorrect usage of zfree()
Stephen Brennan <stephen.s.brennan(a)oracle.com>
perf dso: fix dso__is_kallsyms() check
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Check if there is space to copy all the event
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Don't keep a raw_data pointer to consumed ring buffer space
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Decrement the refcount of just created event on failure
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Fixup description of sample.id event member
Stanley Chu <yschu(a)nuvoton.com>
i3c: master: svc: Fix missing the IBI rules
Benjamin Berg <benjamin.berg(a)intel.com>
um: hostfs: avoid issues on inode number reuse by host
Benjamin Berg <benjamin.berg(a)intel.com>
um: remove copy_from_kernel_nofault_allowed
David Gow <davidgow(a)google.com>
um: Pass the correct Rust target and options with gcc
Cyan Yang <cyan.yang(a)sifive.com>
selftests/mm/cow: fix the incorrect error handling
Alistair Popple <apopple(a)nvidia.com>
fuse: fix dax truncate/punch_hole fault path
NeilBrown <neilb(a)suse.de>
NFS: fix open_owner_id_maxsz and related fields.
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4: Avoid unnecessary scans of filesystems for expired delegations
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4: Avoid unnecessary scans of filesystems for returning delegations
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
Anshuman Khandual <anshuman.khandual(a)arm.com>
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
Vasiliy Kovalev <kovalev(a)altlinux.org>
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Sourabh Jain <sourabhjain(a)linux.ibm.com>
kexec: initialize ELF lowest address to ULONG_MAX
David Hildenbrand <david(a)redhat.com>
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf units: Fix insufficient array space
Ian Rogers <irogers(a)google.com>
perf evlist: Add success path to evlist__create_syswide_maps
Ian Rogers <irogers(a)google.com>
perf debug: Avoid stack overflow in recursive error message
Karan Sanghavi <karansanghvi98(a)gmail.com>
iio: light: Add check for array bounds in veml6075_read_int_time_ms
Jonathan Santos <Jonathan.Santos(a)analog.com>
iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
iio: adc: ad7173: Fix comparison of channel configs
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
iio: adc: ad7124: Fix comparison of channel configs
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
iio: adc: ad4130: Fix comparison of channel setups
Peng Fan <peng.fan(a)nxp.com>
dmaengine: fsl-edma: free irq correctly in remove path
Peng Fan <peng.fan(a)nxp.com>
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
Dan Carpenter <dan.carpenter(a)linaro.org>
fs/ntfs3: Prevent integer overflow in hdr_first_de()
Dan Carpenter <dan.carpenter(a)linaro.org>
fs/ntfs3: Fix a couple integer overflows on 32bit systems
Niklas Neronin <niklas.neronin(a)linux.intel.com>
usb: xhci: correct debug message page size calculation
Thomas Richter <tmricht(a)linux.ibm.com>
perf bench: Fix perf bench syscall loop count
Leo Yan <leo.yan(a)arm.com>
perf arm-spe: Fix load-store operation checking
Nuno Sá <nuno.sa(a)analog.com>
iio: backend: make sure to NULL terminate stack buffer
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
Mario Limonciello <mario.limonciello(a)amd.com>
ucsi_ccg: Don't show failed to get FW build information error
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
perf build: Fix in-tree build due to symbolic link
Ian Rogers <irogers(a)google.com>
tools/x86: Fix linux/unaligned.h include path in lib/insn.c
James Clark <james.clark(a)linaro.org>
perf pmu: Don't double count common sysfs and json events
Yuanfang Zhang <quic_yuanfang(a)quicinc.com>
coresight-etm4x: add isb() before reading the TRCSTATR
Mike Christie <michael.christie(a)oracle.com>
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
Ilkka Koskinen <ilkka(a)os.amperecomputing.com>
coresight: catu: Fix number of pages while using 64k pages
Wentao Liang <vulab(a)iscas.ac.cn>
greybus: gb-beagleplay: Add error handling for gb_greybus_init
Namhyung Kim <namhyung(a)kernel.org>
perf report: Switch data file correctly in TUI
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
soundwire: slave: fix an OF node reference leak in soundwire slave device
Qasim Ijaz <qasdev00(a)gmail.com>
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
Heiko Stuebner <heiko.stuebner(a)cherry.de>
phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id
Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com>
fs/ntfs3: Update inode->i_mapping->a_ops on compression state
Chenyuan Yang <chenyuan0y(a)gmail.com>
w1: fix NULL pointer dereference in probe
James Clark <james.clark(a)linaro.org>
perf: Always feature test reallocarray
Ian Rogers <irogers(a)google.com>
perf stat: Fix find_stat for mixed legacy/non-legacy events
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead auth key length
Wang Liang <wangliang74(a)huawei.com>
RDMA/core: Fix use-after-free when rename device name
Jann Horn <jannh(a)google.com>
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
Remi Pommarel <repk(a)triplefau.lt>
leds: Fix LED_OFF brightness race
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
mfd: sm501: Switch to BIT() to mitigate integer overflows
Fabrizio Castro <fabrizio.castro.jz(a)renesas.com>
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Jiayuan Chen <mrpre(a)163.com>
bpf: Fix array bounds error with may_goto
Neil Armstrong <neil.armstrong(a)linaro.org>
clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: nx - Fix uninitialised hv_nxc on error
Artur Weber <aweber.kernel(a)gmail.com>
power: supply: max77693: Fix wrong conversion of charge input threshold value
Jann Horn <jannh(a)google.com>
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: g12a: fix mmc A peripheral clock
Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com>
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
Bairavi Alagappan <bairavix.alagappan(a)intel.com>
crypto: qat - remove access to parity register for QAT GEN4
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
Alice Ryhl <aliceryhl(a)google.com>
rust: fix signature of rust_fmt_argument
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Select NUMA_NO_NODE to create map
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: gxbb: drop non existing 32k clock parent
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: g12b: fix cluster A parent data
Prathamesh Shete <pshete(a)nvidia.com>
pinctrl: tegra: Set SFIO mode to Mux Register
Maher Sanalla <msanalla(a)nvidia.com>
IB/mad: Check available slots before posting receive WRs
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: api - Fix larval relookup type and mask
Sicelo A. Mhlongo <absicsz(a)gmail.com>
power: supply: bq27xxx_battery: do not update cached flags prematurely
Luca Weiss <luca(a)lucaweiss.eu>
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Cheng Xu <chengyou(a)linux.alibaba.com>
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
Chiara Meiohas <cmeiohas(a)nvidia.com>
RDMA/mlx5: Fix calculation of total invalidated pages
Roman Gushchin <roman.gushchin(a)linux.dev>
RDMA/core: Don't expose hw_counters outside of init net namespace
Peter Geis <pgwipeout(a)gmail.com>
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Tengda Wu <wutengda(a)huaweicloud.com>
selftests/bpf: Fix freplace_link segfault in tailcalls prog test
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix MR cache initialization error flow
Fabrizio Castro <fabrizio.castro.jz(a)renesas.com>
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
Fabrizio Castro <fabrizio.castro.jz(a)renesas.com>
pinctrl: renesas: rza2: Fix missing of_node_put() call
Tanya Agarwal <tanyaagarwal25699(a)gmail.com>
lib: 842: Improve error handling in sw842_compress()
Hou Tao <houtao1(a)huawei.com>
bpf: Use preempt_count() directly in bpf_send_signal_common()
Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com>
clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
Luca Weiss <luca(a)lucaweiss.eu>
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
Akhil R <akhilrajeev(a)nvidia.com>
crypto: tegra - Set IV to NULL explicitly for AES ECB
Kees Bakker <kees(a)ijzerbout.nl>
RDMA/mana_ib: Ensure variable err is initialized
Niklas Schnelle <schnelle(a)linux.ibm.com>
s390: Remove ioremap_wt() and pgprot_writethrough()
Vladimir Lypak <vladimir.lypak(a)gmail.com>
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Akhil R <akhilrajeev(a)nvidia.com>
crypto: tegra - Fix CMAC intermediate result handling
Yue Haibing <yuehaibing(a)huawei.com>
pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
Will McVicker <willmcvicker(a)google.com>
clk: samsung: Fix UBSAN panic in samsung_clk_init()
Luca Weiss <luca.weiss(a)fairphone.com>
remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
clk: renesas: r8a08g045: Check the source of the CPU PLL settings
David Hildenbrand <david(a)redhat.com>
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
Viktor Malik <vmalik(a)redhat.com>
selftests/bpf: Fix string read in strncmp benchmark
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
Luca Weiss <luca(a)lucaweiss.eu>
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
pinctrl: renesas: rzg2l: Suppress binding attributes
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Increase NR_FWNODE_REFERENCE_ARGS
Peng Fan <peng.fan(a)nxp.com>
remoteproc: core: Clear table_sz when rproc_shutdown
Michael Guralnik <michaelgur(a)nvidia.com>
RDMA/mlx5: Fix page_size variable overflow
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for sec spec check
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead authsize alignment
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: gxbb: drop incorrect flag on 32k clock
Akhil R <akhilrajeev(a)nvidia.com>
crypto: tegra - Use HMAC fallback when keyslots are full
Arnd Bergmann <arnd(a)arndb.de>
crypto: bpf - Add MODULE_DESCRIPTION for skcipher
Akhil R <akhilrajeev(a)nvidia.com>
crypto: tegra - check return value for hash do_one_req
Akhil R <akhilrajeev(a)nvidia.com>
crypto: tegra - Use separate buffer for setkey
Bairavi Alagappan <bairavix.alagappan(a)intel.com>
crypto: qat - set parity error mask for qat_420xx
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: iaa - Test the correct request flag
Danila Chernetsov <listdansp(a)mail.ru>
fbdev: sm501fb: Add some geometry checks.
Arnd Bergmann <arnd(a)arndb.de>
mdacon: rework dependency list
Arnd Bergmann <arnd(a)arndb.de>
dummycon: fix default rows/cols
Markus Elfring <elfring(a)users.sourceforge.net>
fbdev: au1100fb: Move a variable assignment behind a null pointer check
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
PCI: Fix BAR resizing when VF BARs are assigned
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
PCI: histb: Fix an error handling path in histb_pcie_probe()
Dan Carpenter <dan.carpenter(a)linaro.org>
PCI: dwc: ep: Return -ENOMEM for allocation failures
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
drm/amd/display: avoid NPD when ASIC does not support DMUB
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
Douglas Anderson <dianders(a)chromium.org>
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
Jason-JH Lin <jason-jh.lin(a)mediatek.com>
drm/mediatek: Fix config_updating flag never false when no mbox channel
Thippeswamy Havalige <thippeswamy.havalige(a)amd.com>
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Dan Carpenter <dan.carpenter(a)linaro.org>
PCI: Remove stray put_device() in pci_register_host_bridge()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
powerpc/kexec: fix physical address calculation in clear_utlb_entry()
Christophe Leroy <christophe.leroy(a)csgroup.eu>
crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD
Rob Clark <robdclark(a)chromium.org>
drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru>
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Ashley Smith <ashley.smith(a)collabora.com>
drm/panthor: Update CS_STATUS_ defines to correct values
Nishanth Aravamudan <naravamudan(a)nvidia.com>
PCI: Avoid reset when disabled via sysfs
Feng Tang <feng.tang(a)linux.alibaba.com>
PCI/portdrv: Only disable pciehp interrupts early when needed
Jim Quinlan <james.quinlan(a)broadcom.com>
PCI: brcmstb: Fix potential premature regulator disabling
Jim Quinlan <james.quinlan(a)broadcom.com>
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
Jim Quinlan <james.quinlan(a)broadcom.com>
PCI: brcmstb: Use internal register to change link capability
Jim Quinlan <james.quinlan(a)broadcom.com>
PCI: brcmstb: Set generation limit before PCIe link up
Hans Zhang <18255117159(a)163.com>
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
Marijn Suijten <marijn.suijten(a)somainline.org>
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
Marijn Suijten <marijn.suijten(a)somainline.org>
drm/msm/dsi: Use existing per-interface slice count in DSC timing
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
drm/msm/dsi/phy: Program clock inverters in correct register
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: don't use active in atomic_check()
Aurabindo Pillai <aurabindo.pillai(a)amd.com>
drm/amd/display: fix an indent issue in DML21
Tushar Dave <tdave(a)nvidia.com>
PCI/ACS: Fix 'pci=config_acs=' parameter
John Keeping <jkeeping(a)inmusicbrands.com>
drm/panel: ilitek-ili9882t: fix GPIO name in error message
Daniel Stodden <daniel.stodden(a)gmail.com>
PCI/ASPM: Fix link state exit during switch upstream function removal
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
PCI: Remove add_align overwrite unrelated to size0
Kai-Heng Feng <kaihengf(a)nvidia.com>
PCI: Use downstream bridges for distributing resources
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/umsch: fix ucode check
Yang Wang <kevinyang.wang(a)amd.com>
drm/amdgpu: refine smu send msg debug log format
Vitalii Mordan <mordan(a)ispras.ru>
gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
José Expósito <jose.exposito89(a)gmail.com>
drm/vkms: Fix use after free and double free on init error
Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
drm: xlnx: zynqmp: Fix max dma segment size
Hermes Wu <Hermes.wu(a)ite.com.tw>
drm/bridge: it6505: fix HDCP V match check is not performed correctly
Wayne Lin <Wayne.Lin(a)amd.com>
drm/dp_mst: Fix drm RAD print
John Keeping <jkeeping(a)inmusicbrands.com>
drm/ssd130x: ensure ssd132x pitch is correct
John Keeping <jkeeping(a)inmusicbrands.com>
drm/ssd130x: fix ssd132x encoding
Javier Martinez Canillas <javierm(a)redhat.com>
drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
Geert Uytterhoeven <geert+renesas(a)glider.be>
drm/bridge: ti-sn65dsi86: Fix multiple instances
Takashi Iwai <tiwai(a)suse.de>
ALSA: timer: Don't take register_mutex with copy_from/to_user()
Jayesh Choudhary <j-choudhary(a)ti.com>
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Always honor no_shutup_pins
Maud Spierings <maudspierings(a)gocontroll.com>
dt-bindings: vendor-prefixes: add GOcontroll
Jiri Kosina <jikos(a)kernel.org>
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com>
ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru>
ASoC: cs35l41: check the return value from spi_setup()
Armin Wolf <W_Armin(a)gmx.de>
platform/x86: dell-ddv: Fix temperature calculation
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
auxdisplay: panel: Fix an API misuse in panel.c
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
media: platform: allgro-dvt: unregister v4l2_device on the error path
Benjamin Gaignard <benjamin.gaignard(a)collabora.com>
media: verisilicon: HEVC: Initialize start_bit field
Geert Uytterhoeven <geert(a)linux-m68k.org>
auxdisplay: MAX6959 should select BITREVERSE
Frieder Schrempf <frieder.schrempf(a)kontron.de>
regulator: pca9450: Fix enable register for LDO5
Vitaly Kuznetsov <vkuznets(a)redhat.com>
x86/entry: Add __init to ia32_emulation_override_cmdline()
Chao Gao <chao.gao(a)intel.com>
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
Josh Poimboeuf <jpoimboe(a)kernel.org>
x86/traps: Make exc_double_fault() consistently noreturn
Tao Chen <chen.dylane(a)linux.dev>
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Fix handling devices with direct_complete set on errors
Chenyuan Yang <chenyuan0y(a)gmail.com>
thermal: int340x: Add NULL check for adev
James Morse <james.morse(a)arm.com>
x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the error path order of ie31200_init()
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the DIMM size mask for several SoCs
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
Tim Schumacher <tim.schumacher1(a)huawei.com>
selinux: Chain up tool resolving errors in install_policy.sh
Li Huafei <lihuafei1(a)huawei.com>
watchdog/hardlockup/perf: Fix perf_event memory leak
Kees Cook <kees(a)kernel.org>
kunit/stackinit: Use fill byte different from Clang i386 pattern
Atish Patra <atishp(a)rivosinc.com>
RISC-V: KVM: Disable the kernel perf counter during configure
Aaron Kling <webgeek1234(a)gmail.com>
cpufreq: tegra194: Allow building for Tegra234
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Adjust check before setting power.must_resume
Peter Zijlstra <peterz(a)infradead.org>
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
Kevin Loughlin <kevinloughlin(a)google.com>
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
Arnd Bergmann <arnd(a)arndb.de>
x86/platform: Only allow CONFIG_EISA for 32-bit
Benjamin Berg <benjamin.berg(a)intel.com>
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
Stanislav Spassov <stanspas(a)amazon.de>
x86/fpu: Fix guest FPU state buffer allocation size
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
Jie Zhan <zhanjie9(a)hisilicon.com>
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Tianchen Ding <dtcccc(a)linux.alibaba.com>
sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks
zihan zhou <15645113830zzh(a)gmail.com>
sched: Cancel the slice protection of the idle entity
Konstantin Andreev <andreev(a)swemel.ru>
smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
Konstantin Andreev <andreev(a)swemel.ru>
smack: dont compile ipv6 code unless ipv6 is configured
zuoqian <zuoqian113(a)gmail.com>
cpufreq: scpi: compare kHz instead of Hz
Mike Rapoport (Microsoft) <rppt(a)kernel.org>
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Eric Sandeen <sandeen(a)redhat.com>
watch_queue: fix pipe accounting mismatch
-------------
Diffstat:
.../devicetree/bindings/vendor-prefixes.yaml | 2 +
Makefile | 4 +-
arch/arm/Kconfig | 2 +-
arch/arm/include/asm/vmlinux.lds.h | 12 +-
arch/arm64/kernel/compat_alignment.c | 2 +
arch/loongarch/Kconfig | 4 +-
arch/loongarch/include/asm/cache.h | 2 +
arch/loongarch/include/asm/irq.h | 2 +-
arch/loongarch/include/asm/stacktrace.h | 3 +
arch/loongarch/include/asm/unwind_hints.h | 10 +-
arch/loongarch/kernel/env.c | 2 +
arch/loongarch/kernel/kgdb.c | 5 +-
arch/loongarch/net/bpf_jit.c | 12 +-
arch/loongarch/net/bpf_jit.h | 5 +
arch/powerpc/configs/mpc885_ads_defconfig | 2 +-
arch/powerpc/crypto/Makefile | 1 +
arch/powerpc/kexec/relocate_32.S | 7 +-
arch/powerpc/platforms/cell/spufs/gang.c | 1 +
arch/powerpc/platforms/cell/spufs/inode.c | 63 ++++-
arch/powerpc/platforms/cell/spufs/spufs.h | 2 +
arch/riscv/errata/Makefile | 6 +-
arch/riscv/include/asm/ftrace.h | 4 +-
arch/riscv/kernel/elf_kexec.c | 3 +
arch/riscv/kvm/vcpu_pmu.c | 1 +
arch/riscv/mm/hugetlbpage.c | 74 +++--
arch/riscv/purgatory/entry.S | 1 +
arch/s390/include/asm/io.h | 2 -
arch/s390/include/asm/pgtable.h | 3 -
arch/s390/kernel/entry.S | 2 +-
arch/s390/mm/pgtable.c | 10 -
arch/um/include/shared/os.h | 1 -
arch/um/kernel/Makefile | 2 +-
arch/um/kernel/maccess.c | 19 --
arch/um/os-Linux/process.c | 51 ----
arch/x86/Kconfig | 3 +-
arch/x86/Kconfig.cpu | 2 +-
arch/x86/Makefile.um | 7 +-
arch/x86/coco/tdx/tdx.c | 26 +-
arch/x86/entry/calling.h | 2 +
arch/x86/entry/common.c | 2 +-
arch/x86/events/intel/core.c | 47 ++--
arch/x86/events/intel/ds.c | 13 +-
arch/x86/events/perf_event.h | 3 +-
arch/x86/hyperv/hv_vtl.c | 1 +
arch/x86/hyperv/ivm.c | 5 +-
arch/x86/include/asm/tdx.h | 4 +-
arch/x86/include/asm/tlbflush.h | 2 +-
arch/x86/kernel/cpu/mce/severity.c | 11 +-
arch/x86/kernel/cpu/microcode/amd.c | 2 +-
arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 +-
arch/x86/kernel/cpu/sgx/driver.c | 10 +-
arch/x86/kernel/dumpstack.c | 5 +-
arch/x86/kernel/fpu/core.c | 6 +-
arch/x86/kernel/process.c | 9 +-
arch/x86/kernel/traps.c | 18 +-
arch/x86/kernel/tsc.c | 4 +-
arch/x86/kernel/uprobes.c | 14 +-
arch/x86/kvm/svm/sev.c | 13 +-
arch/x86/kvm/x86.c | 15 +-
arch/x86/lib/copy_user_64.S | 18 ++
arch/x86/mm/mem_encrypt_identity.c | 4 +-
arch/x86/mm/pat/cpa-test.c | 2 +-
arch/x86/mm/pat/memtype.c | 52 ++--
crypto/api.c | 17 +-
crypto/bpf_crypto_skcipher.c | 1 +
drivers/acpi/nfit/core.c | 2 +-
drivers/acpi/processor_idle.c | 4 +
drivers/acpi/resource.c | 7 +
drivers/acpi/x86/utils.c | 3 +-
drivers/auxdisplay/Kconfig | 1 +
drivers/auxdisplay/panel.c | 4 +-
drivers/base/power/main.c | 21 +-
drivers/base/power/runtime.c | 2 +-
drivers/block/ublk_drv.c | 41 ++-
drivers/clk/imx/clk-imx8mp-audiomix.c | 6 +-
drivers/clk/meson/g12a.c | 38 ++-
drivers/clk/meson/gxbb.c | 14 +-
drivers/clk/qcom/gcc-msm8953.c | 2 +-
drivers/clk/qcom/gcc-sm8650.c | 4 +-
drivers/clk/qcom/gcc-x1e80100.c | 30 --
drivers/clk/qcom/mmcc-sdm660.c | 2 +-
drivers/clk/renesas/r9a08g045-cpg.c | 5 +-
drivers/clk/renesas/rzg2l-cpg.c | 13 +-
drivers/clk/renesas/rzg2l-cpg.h | 10 +-
drivers/clk/rockchip/clk-rk3328.c | 2 +-
drivers/clk/samsung/clk.c | 2 +-
drivers/cpufreq/Kconfig.arm | 2 +-
drivers/cpufreq/cpufreq_governor.c | 45 +--
drivers/cpufreq/scpi-cpufreq.c | 5 +-
drivers/crypto/hisilicon/sec2/sec.h | 1 -
drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 ++++-----
drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +-
.../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1 +
drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 +---
drivers/crypto/nx/nx-common-pseries.c | 37 ++-
drivers/crypto/tegra/tegra-se-aes.c | 47 ++--
drivers/crypto/tegra/tegra-se-hash.c | 27 +-
drivers/crypto/tegra/tegra-se-key.c | 10 +-
drivers/crypto/tegra/tegra-se-main.c | 16 +-
drivers/crypto/tegra/tegra-se.h | 3 +-
drivers/dma/fsl-edma-main.c | 14 +-
drivers/edac/i10nm_base.c | 2 +
drivers/edac/ie31200_edac.c | 19 +-
drivers/edac/skx_common.c | 33 +++
drivers/edac/skx_common.h | 11 +
drivers/firmware/cirrus/cs_dsp.c | 2 +
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 2 +-
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +-
drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 +-
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1 +
.../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 -
.../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 ++
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +
.../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 +
.../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +-
.../dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3 +-
drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3 +-
.../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12 +-
drivers/gpu/drm/bridge/ite-it6505.c | 7 +-
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 +
drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +-
drivers/gpu/drm/mediatek/mtk_crtc.c | 7 +-
drivers/gpu/drm/mediatek/mtk_dp.c | 6 +-
drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +-
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 ++-
drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 -
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +-
drivers/gpu/drm/msm/dsi/dsi_host.c | 8 +-
drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 ++-
drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2 +-
drivers/gpu/drm/msm/msm_dsc_helper.h | 11 -
drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2 +-
drivers/gpu/drm/panthor/panthor_fw.h | 6 +-
drivers/gpu/drm/solomon/ssd130x-spi.c | 7 +-
drivers/gpu/drm/solomon/ssd130x.c | 6 +-
drivers/gpu/drm/vkms/vkms_drv.c | 15 +-
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 +
drivers/greybus/gb-beagleplay.c | 4 +-
drivers/hid/Makefile | 1 -
drivers/hid/i2c-hid/i2c-hid-core.c | 2 +-
drivers/hwmon/nct6775-core.c | 4 +-
drivers/hwtracing/coresight/coresight-catu.c | 2 +-
drivers/hwtracing/coresight/coresight-core.c | 20 +-
drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 +++-
drivers/i3c/master/svc-i3c-master.c | 2 +-
drivers/iio/accel/mma8452.c | 10 +-
drivers/iio/accel/msa311.c | 28 +-
drivers/iio/adc/ad4130.c | 41 ++-
drivers/iio/adc/ad7124.c | 35 ++-
drivers/iio/adc/ad7173.c | 25 +-
drivers/iio/adc/ad7768-1.c | 15 +
drivers/iio/industrialio-backend.c | 4 +-
drivers/iio/light/veml6075.c | 8 +-
drivers/infiniband/core/device.c | 18 +-
drivers/infiniband/core/mad.c | 38 +--
drivers/infiniband/core/sysfs.c | 1 +
drivers/infiniband/hw/erdma/erdma_cm.c | 1 -
drivers/infiniband/hw/mana/main.c | 2 +-
drivers/infiniband/hw/mlx5/cq.c | 2 +-
drivers/infiniband/hw/mlx5/mr.c | 41 ++-
drivers/infiniband/hw/mlx5/odp.c | 10 +-
drivers/leds/led-core.c | 22 +-
drivers/media/dvb-frontends/dib8000.c | 5 +-
drivers/media/platform/allegro-dvt/allegro-core.c | 1 +
drivers/media/platform/ti/omap3isp/isp.c | 7 +
.../platform/verisilicon/hantro_g2_hevc_dec.c | 1 +
drivers/media/rc/streamzap.c | 2 +-
drivers/media/test-drivers/vimc/vimc-streamer.c | 6 +
drivers/memory/omap-gpmc.c | 20 --
drivers/mfd/sm501.c | 6 +-
drivers/misc/ntsync.c | 1 +
drivers/mmc/host/omap.c | 19 +-
drivers/mmc/host/sdhci-omap.c | 4 +-
drivers/mmc/host/sdhci-pxav3.c | 1 +
drivers/net/arcnet/com20020-pci.c | 17 +-
drivers/net/dsa/mv88e6xxx/chip.c | 11 +-
drivers/net/dsa/mv88e6xxx/phy.c | 3 +
drivers/net/dsa/realtek/Kconfig | 2 +-
drivers/net/ethernet/ibm/ibmveth.c | 39 ++-
drivers/net/ethernet/intel/e1000e/defines.h | 3 +
drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++++-
drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 +
drivers/net/ethernet/intel/idpf/idpf_main.c | 6 +-
drivers/net/ethernet/intel/idpf/idpf_txrx.h | 3 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 +
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++-----
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +-
.../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +-
.../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +-
drivers/net/phy/broadcom.c | 6 +-
drivers/net/usb/rndis_host.c | 16 +-
drivers/net/usb/usbnet.c | 6 +-
.../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++--
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 +-
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1 +
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1 -
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 +
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +-
drivers/ntb/test/ntb_perf.c | 4 +-
drivers/nvme/host/ioctl.c | 2 +-
drivers/nvme/host/pci.c | 34 ++-
drivers/nvme/host/tcp.c | 5 +-
drivers/nvme/target/debugfs.c | 2 +-
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +-
drivers/pci/controller/cadence/pcie-cadence.h | 2 +-
drivers/pci/controller/dwc/pcie-designware-ep.c | 1 +
drivers/pci/controller/dwc/pcie-histb.c | 12 +-
drivers/pci/controller/pcie-brcmstb.c | 16 +-
drivers/pci/controller/pcie-xilinx-cpm.c | 10 +-
drivers/pci/hotplug/pciehp_hpc.c | 4 +-
drivers/pci/pci-sysfs.c | 4 +-
drivers/pci/pci.c | 22 +-
drivers/pci/pcie/aspm.c | 17 +-
drivers/pci/pcie/portdrv.c | 8 +-
drivers/pci/probe.c | 5 +-
drivers/pci/setup-bus.c | 4 +-
drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 +++-
drivers/pinctrl/intel/pinctrl-intel.c | 1 -
drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10 +-
drivers/pinctrl/renesas/pinctrl-rza2.c | 2 +
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3 +
drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 +
drivers/pinctrl/tegra/pinctrl-tegra.c | 3 +
drivers/platform/x86/amd/pmf/pmf.h | 5 +-
drivers/platform/x86/amd/pmf/tee-if.c | 82 ++++--
drivers/platform/x86/dell/dell-uart-backlight.c | 2 +-
drivers/platform/x86/dell/dell-wmi-ddv.c | 6 +-
drivers/platform/x86/intel/hid.c | 7 +
.../x86/intel/speed_select_if/isst_if_common.c | 2 +-
drivers/platform/x86/intel/vsec.c | 7 +
.../x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2 +-
drivers/platform/x86/thinkpad_acpi.c | 11 +
drivers/power/supply/bq27xxx_battery.c | 1 -
drivers/power/supply/max77693_charger.c | 2 +-
drivers/regulator/pca9450-regulator.c | 6 +-
drivers/remoteproc/qcom_q6v5_mss.c | 21 +-
drivers/remoteproc/qcom_q6v5_pas.c | 13 +-
drivers/remoteproc/remoteproc_core.c | 1 +
drivers/soundwire/slave.c | 1 +
drivers/spi/spi-bcm2835.c | 18 +-
drivers/spi/spi-cadence-xspi.c | 2 +-
drivers/staging/rtl8723bs/Kconfig | 1 +
.../vc04_services/interface/vchiq_arm/vchiq_arm.c | 7 +-
.../intel/int340x_thermal/int3402_thermal.c | 3 +
drivers/tty/n_tty.c | 13 +-
drivers/tty/serial/fsl_lpuart.c | 312 ++++++++++-----------
drivers/usb/host/xhci-mem.c | 6 +-
drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +-
drivers/vhost/scsi.c | 25 +-
drivers/video/console/Kconfig | 6 +-
drivers/video/fbdev/au1100fb.c | 4 +-
drivers/video/fbdev/sm501fb.c | 7 +
drivers/w1/masters/w1-uart.c | 4 +-
fs/9p/vfs_inode_dotl.c | 2 +-
fs/affs/file.c | 9 +-
fs/exec.c | 15 +-
fs/exfat/fatent.c | 2 +-
fs/exfat/file.c | 29 +-
fs/exfat/inode.c | 41 ++-
fs/exfat/namei.c | 5 +
fs/ext4/dir.c | 3 +
fs/ext4/super.c | 27 +-
fs/fuse/dax.c | 1 -
fs/fuse/dir.c | 2 +-
fs/fuse/file.c | 4 +-
fs/hostfs/hostfs.h | 2 +-
fs/hostfs/hostfs_kern.c | 7 +-
fs/hostfs/hostfs_user.c | 59 ++--
fs/isofs/dir.c | 3 +-
fs/jfs/jfs_dtree.c | 3 +-
fs/jfs/xattr.c | 13 +-
fs/netfs/direct_read.c | 6 +-
fs/nfs/delegation.c | 63 +++--
fs/nfs/nfs4xdr.c | 18 +-
fs/nfs/sysfs.c | 22 +-
fs/nfs/write.c | 4 +-
fs/nfsd/nfs4state.c | 37 ++-
fs/nfsd/nfsctl.c | 44 ++-
fs/nfsd/vfs.c | 28 +-
fs/ntfs3/attrib.c | 3 +-
fs/ntfs3/file.c | 22 +-
fs/ntfs3/frecord.c | 6 +-
fs/ntfs3/index.c | 4 +-
fs/ntfs3/ntfs.h | 2 +-
fs/ocfs2/alloc.c | 8 +
fs/proc/base.c | 2 +-
fs/smb/client/cifsacl.c | 34 ++-
fs/smb/client/connect.c | 16 +-
fs/smb/common/smbacl.h | 3 +-
fs/smb/server/auth.c | 6 +-
fs/smb/server/connection.h | 11 +
fs/smb/server/mgmt/user_session.c | 37 ++-
fs/smb/server/mgmt/user_session.h | 2 +
fs/smb/server/oplock.c | 12 +-
fs/smb/server/smb2pdu.c | 54 +++-
fs/smb/server/smbacl.c | 50 ++--
fs/smb/server/smbacl.h | 2 +-
include/drm/display/drm_dp_mst_helper.h | 7 +
include/linux/cgroup-defs.h | 1 +
include/linux/context_tracking_irq.h | 8 +-
include/linux/coresight.h | 4 +
include/linux/fwnode.h | 2 +-
include/linux/interrupt.h | 8 +-
include/linux/nfs_fs_sb.h | 4 +
include/linux/nmi.h | 4 -
include/linux/pgtable.h | 28 +-
include/linux/pm_runtime.h | 2 +
include/linux/rcupdate.h | 2 +-
include/linux/sched/smt.h | 2 +-
include/linux/thermal.h | 2 -
include/linux/trace_events.h | 14 +
include/linux/uprobes.h | 2 +
include/rdma/ib_verbs.h | 1 +
init/Kconfig | 5 +
kernel/bpf/core.c | 19 +-
kernel/bpf/verifier.c | 7 +
kernel/cgroup/rstat.c | 38 +--
kernel/cpu.c | 5 -
kernel/events/core.c | 46 ++-
kernel/events/ring_buffer.c | 2 +-
kernel/events/uprobes.c | 15 +-
kernel/fork.c | 4 +
kernel/kexec_elf.c | 2 +-
kernel/locking/semaphore.c | 13 +-
kernel/sched/deadline.c | 2 +-
kernel/sched/fair.c | 50 +++-
kernel/trace/bpf_trace.c | 2 +-
kernel/trace/ring_buffer.c | 4 +-
kernel/trace/trace_events.c | 14 +
kernel/trace/trace_events_hist.c | 133 +++++++--
kernel/trace/trace_events_synth.c | 36 ++-
kernel/trace/trace_functions_graph.c | 1 +
kernel/trace/trace_irqsoff.c | 2 -
kernel/trace/trace_osnoise.c | 1 -
kernel/trace/trace_sched_wakeup.c | 2 -
kernel/watch_queue.c | 9 +
kernel/watchdog.c | 25 --
kernel/watchdog_perf.c | 28 +-
lib/842/842_compress.c | 2 +
lib/stackinit_kunit.c | 30 +-
lib/vsprintf.c | 2 +-
mm/gup.c | 3 +
mm/memory.c | 13 +-
mm/zswap.c | 30 +-
net/can/af_can.c | 12 +-
net/can/af_can.h | 12 +-
net/can/proc.c | 46 +--
net/core/devmem.c | 4 +-
net/core/dst.c | 8 +
net/core/rtnetlink.c | 3 +
net/ipv4/ip_tunnel_core.c | 4 +-
net/ipv4/udp.c | 42 +--
net/ipv6/addrconf.c | 37 ++-
net/ipv6/calipso.c | 21 +-
net/ipv6/route.c | 42 ++-
net/mac80211/driver-ops.c | 10 +-
net/mac80211/iface.c | 11 +-
net/mac80211/rx.c | 10 +-
net/mac80211/sta_info.c | 20 +-
net/mac80211/util.c | 5 +-
net/netfilter/nf_tables_api.c | 4 +-
net/netfilter/nft_set_hash.c | 3 +-
net/netfilter/nft_tunnel.c | 6 +-
net/openvswitch/actions.c | 6 -
net/sched/act_tunnel_key.c | 2 +-
net/sched/cls_flower.c | 2 +-
net/sched/sch_skbprio.c | 3 -
net/sctp/sysctl.c | 4 +
net/vmw_vsock/af_vsock.c | 6 +-
rust/Makefile | 4 +-
rust/kernel/print.rs | 7 +-
scripts/package/debian/rules | 6 +-
scripts/selinux/install_policy.sh | 15 +-
security/smack/smack.h | 6 +
security/smack/smack_lsm.c | 34 +--
sound/core/timer.c | 147 +++++-----
sound/pci/hda/patch_realtek.c | 50 +++-
sound/soc/amd/acp/acp-legacy-common.c | 10 +-
sound/soc/codecs/cs35l41-spi.c | 5 +-
sound/soc/codecs/rt1320-sdw.c | 3 +
sound/soc/codecs/rt5665.c | 24 +-
sound/soc/codecs/wsa884x.c | 4 +-
sound/soc/fsl/imx-card.c | 4 +
sound/soc/ti/j721e-evm.c | 2 +
tools/arch/x86/lib/insn.c | 2 +-
tools/lib/bpf/linker.c | 2 +-
tools/objtool/check.c | 35 +--
tools/perf/Makefile.config | 10 +-
tools/perf/Makefile.perf | 2 +-
tools/perf/bench/syscall.c | 22 +-
tools/perf/builtin-report.c | 2 +-
.../arch/arm64/ampere/ampereonex/metrics.json | 10 +-
.../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 +
tools/perf/tests/shell/record_bpf_filter.sh | 4 +-
tools/perf/util/arm-spe.c | 8 +-
tools/perf/util/bpf-filter.l | 2 +-
tools/perf/util/comm.c | 2 +
tools/perf/util/debug.c | 2 +-
tools/perf/util/dso.h | 4 +-
tools/perf/util/evlist.c | 13 +-
tools/perf/util/intel-tpebs.c | 2 +-
tools/perf/util/pmu.c | 7 +-
tools/perf/util/pmu.h | 5 +
tools/perf/util/pmus.c | 20 +-
tools/perf/util/python.c | 17 +-
tools/perf/util/stat-shadow.c | 3 +-
tools/perf/util/units.c | 2 +-
tools/power/x86/turbostat/turbostat.8 | 2 +
tools/power/x86/turbostat/turbostat.c | 2 +-
.../selftests/bpf/prog_tests/bloom_filter_map.c | 5 +
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1 +
tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +-
tools/testing/selftests/mm/cow.c | 2 +-
.../selftests/net/netfilter/br_netfilter.sh | 7 +
.../selftests/net/netfilter/br_netfilter_queue.sh | 7 +
tools/testing/selftests/net/netfilter/nft_queue.sh | 1 +
420 files changed, 3561 insertions(+), 2029 deletions(-)
5 months, 2 weeks
- 8
- 7
[PATCH 6.6 000/269] 6.6.87-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.6.87 release.
There are 269 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 11 Apr 2025 11:58:04 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.87-rc2…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.6.87-rc2
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Do not use PERF enums when perf is not defined
Chuck Lever <chuck.lever(a)oracle.com>
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Li Lingfeng <lilingfeng3(a)huawei.com>
nfsd: put dl_stid if fail to queue dl_recall
Murad Masimov <m.masimov(a)mt-integration.ru>
media: streamzap: fix race between device disconnection and urb callback
Oleg Nesterov <oleg(a)redhat.com>
exec: fix the racy usage of fs_struct->in_exec
Roman Smirnov <r.smirnov(a)omp.ru>
jfs: add index corruption check to DT_GETPAGE()
Qasim Ijaz <qasdev00(a)gmail.com>
jfs: fix slab-out-of-bounds read in ea_get()
Acs, Jakub <acsjakub(a)amazon.de>
ext4: fix OOB read when checking dotdot dir
Theodore Ts'o <tytso(a)mit.edu>
ext4: don't over-report free space or inodes in statvfs
Angelos Oikonomopoulos <angelos(a)igalia.com>
arm64: Don't call NULL in do_compat_alignment_fixup()
Ran Xiaokai <ran.xiaokai(a)zte.com.cn>
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Douglas Raillard <douglas.raillard(a)arm.com>
tracing: Fix synth event printk format for str fields
Douglas Raillard <douglas.raillard(a)arm.com>
tracing: Ensure module defining synth event cannot be unloaded while tracing
Tengda Wu <wutengda(a)huaweicloud.com>
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Norbert Szetei <norbert(a)doyensec.com>
ksmbd: validate zero num_subauth before sub_auth is accessed
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix session use-after-free in multichannel connection
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
Norbert Szetei <norbert(a)doyensec.com>
ksmbd: add bounds check for create lease context
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: add bounds check for durable handle context
Ulf Hansson <ulf.hansson(a)linaro.org>
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
Karel Balej <balejk(a)matfyz.cz>
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Miaoqian Lin <linmq006(a)gmail.com>
mmc: omap: Fix memory leak in mmc_omap_new_slot
Paul Menzel <pmenzel(a)molgen.mpg.de>
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Murad Masimov <m.masimov(a)mt-integration.ru>
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
Jann Horn <jannh(a)google.com>
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Guilherme G. Piccoli <gpiccoli(a)igalia.com>
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Josef Bacik <josef(a)toxicpanda.com>
btrfs: handle errors from btrfs_dec_ref() properly
Ivan Orlov <ivan.orlov0322(a)gmail.com>
kunit/overflow: Fix UB in overflow_allocation_test
Kan Liang <kan.liang(a)linux.intel.com>
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
Peter Zijlstra (Intel) <peterz(a)infradead.org>
perf/x86/intel: Apply static call for drain_pebs
Markus Elfring <elfring(a)users.sourceforge.net>
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
platform/x86: ISST: Correct command storage data length
Hans de Goede <hdegoede(a)redhat.com>
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
Boris Ostrovsky <boris.ostrovsky(a)oracle.com>
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
Tianyu Lan <tiala(a)microsoft.com>
x86/hyperv: Fix check of return value from snp_set_vmsa()
Hengqi Chen <hengqi.chen(a)gmail.com>
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
Hengqi Chen <hengqi.chen(a)gmail.com>
LoongArch: BPF: Don't override subprog's return value
Hengqi Chen <hengqi.chen(a)gmail.com>
LoongArch: BPF: Fix off-by-one error in build_prologue()
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
Ying Lu <luying1(a)xiaomi.com>
usbnet:fix NPE during rx_complete
Alex Hung <alex.hung(a)amd.com>
drm/amd/display: Check link_index before accessing dc->links[]
Tengda Wu <wutengda(a)huaweicloud.com>
tracing: Correct the refcount if the hist/hist_debug file fails to open
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing/hist: Support POLLPRI event for poll on histogram
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing/hist: Add poll(POLLIN) support on hist file
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Switch trace_events_hist.c code over to use guard()
Steven Rostedt (Google) <rostedt(a)goodmis.org>
tracing: Allow creating instances with specified system events
Yeoreum Yun <yeoreum.yun(a)arm.com>
perf/core: Fix child_total_time_enabled accounting bug at task exit
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu/gfx11: fix num_mec
Dave Marquardt <davemarq(a)linux.ibm.com>
net: ibmveth: make veth_pool_store stop hanging
Henry Martin <bsdhenrymartin(a)gmail.com>
arcnet: Add NULL check in com20020pci_probe()
Ido Schimmel <idosch(a)nvidia.com>
ipv6: Do not consider link down nexthops in path selection
Ido Schimmel <idosch(a)nvidia.com>
ipv6: Start path selection from the first nexthop
Lin Ma <linma(a)zju.edu.cn>
net: fix geneve_opt length integer overflow
David Oberhollenzer <david.oberhollenzer(a)sigma-star.at>
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
Fernando Fernandez Mancera <ffmancera(a)riseup.net>
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Lin Ma <linma(a)zju.edu.cn>
netfilter: nft_tunnel: fix geneve_opt type confusion addition
Antoine Tenart <atenart(a)kernel.org>
net: decrease cached dst counters in dst_release
Guillaume Nault <gnault(a)redhat.com>
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: avoid timeout during connect() if the socket is closing
Kuniyuki Iwashima <kuniyu(a)amazon.com>
udp: Fix memory accounting leak.
Tobias Waldekranz <tobias(a)waldekranz.com>
net: mvpp2: Prevent parser TCAM memory corruption
Cong Wang <xiyou.wangcong(a)gmail.com>
net_sched: skbprio: Remove overly strict queue assertions
Debin Zhu <mowenroot(a)163.com>
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Florian Westphal <fw(a)strlen.de>
netfilter: nf_tables: don't unregister hook when table is dormant
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Vitaly Lifshits <vitaly.lifshits(a)intel.com>
e1000e: change k1 configuration on MTP and later platforms
Henry Martin <bsdhenrymartin(a)gmail.com>
ASoC: imx-card: Add NULL check in imx_card_probe()
Alexandre Ghiti <alexghiti(a)rivosinc.com>
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
Herton R. Krzesinski <herton(a)redhat.com>
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
Palmer Dabbelt <palmer(a)rivosinc.com>
RISC-V: errata: Use medany for relocatable builds
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
Richard Fitzgerald <rf(a)opensource.cirrus.com>
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
Nikita Shubin <n.shubin(a)yadro.com>
ntb: intel: Fix using link status DB's
Yajun Deng <yajun.deng(a)linux.dev>
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Juhan Jin <juhan.jin(a)foxmail.com>
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Al Viro <viro(a)zeniv.linux.org.uk>
spufs: fix a leak in spufs_create_context()
Al Viro <viro(a)zeniv.linux.org.uk>
spufs: fix gang directory lifetimes
Al Viro <viro(a)zeniv.linux.org.uk>
spufs: fix a leak on spufs_new_file() failure
Tasos Sahanidis <tasos(a)tasossah.com>
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Roger Quadros <rogerq(a)kernel.org>
memory: omap-gpmc: drop no compatible check
Oliver Hartkopp <socketcan(a)hartkopp.net>
can: statistics: use atomic access in hot path
Navon John Lukose <navonjohnlukose(a)gmail.com>
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Keep display off while going into S4
Keith Busch <kbusch(a)kernel.org>
nvme-pci: fix stuck reset on concurrent DPC and HP
Vladis Dronov <vdronov(a)redhat.com>
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
Michael Kelley <mhklinux(a)outlook.com>
x86/hyperv: Fix output argument to hypercall that changes page visibility
Waiman Long <longman(a)redhat.com>
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
Naman Jain <namjain(a)linux.microsoft.com>
x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
Shrikanth Hegde <sshegde(a)linux.ibm.com>
sched/deadline: Use online cpus for validating runtime
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
Wentao Guan <guanwentao(a)uniontech.com>
HID: i2c-hid: improve i2c_hid_get_report error message
David E. Box <david.e.box(a)linux.intel.com>
platform/x86/intel/vsec: Add Diamond Rapids support
Dmitry Panchenko <dmitry(a)d-systems.ee>
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
Namjae Jeon <linkinjeon(a)kernel.org>
cifs: fix incorrect validation for num_aces field of smb_acl
Peter Zijlstra <peterz(a)infradead.org>
perf/core: Fix perf_pmu_register() vs. perf_init_event()
Daniel Bárta <daniel.barta(a)trustlab.cz>
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
Antheas Kapenekakis <lkml(a)antheas.dev>
ALSA: hda/realtek: Fix Asus Z13 2025 audio
Simon Tatham <anakin(a)pobox.com>
affs: don't write overlarge OFS data block size fields
Simon Tatham <anakin(a)pobox.com>
affs: generate OFS sequence numbers starting at 1
Matthias Proske <email(a)matthias-proske.de>
wifi: brcmfmac: keep power during suspend if board requires it
Icenowy Zheng <uwu(a)icenowy.me>
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Icenowy Zheng <uwu(a)icenowy.me>
nvme-pci: clean up CMBMSC when registering CMB fails
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: fix possible UAF in nvme_tcp_poll
Emmanuel Grumbach <emmanuel.grumbach(a)intel.com>
wifi: iwlwifi: mvm: use the right version of the rate API
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: allocate chained SG tables for dump
Josh Poimboeuf <jpoimboe(a)kernel.org>
rcu-tasks: Always inline rcu_irq_work_resched()
Josh Poimboeuf <jpoimboe(a)kernel.org>
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
Josh Poimboeuf <jpoimboe(a)kernel.org>
sched/smt: Always inline sched_smt_active()
David Laight <david.laight.linux(a)gmail.com>
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
Geetha sowjanya <gakula(a)marvell.com>
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Geetha sowjanya <gakula(a)marvell.com>
octeontx2-af: Fix mbox INTR handler when num VFs > 64
Giovanni Gherdovich <ggherdovich(a)suse.cz>
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Yuli Wang <wangyuli(a)uniontech.com>
LoongArch: Rework the arch_kgdb_breakpoint() implementation
谢致邦 (XIE Zhibang) <Yeking(a)Red54.com>
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool: Fix segfault in ignore_unreachable_insn()
Feng Yang <yangfeng(a)kylinos.cn>
ring-buffer: Fix bytes_dropped calculation issue
Lama Kayal <lkayal(a)nvidia.com>
net/mlx5e: SHAMPO, Make reserved size independent of page size
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix r_count dec/increment mismatch
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix multichannel connection failure
Miaoqian Lin <linmq006(a)gmail.com>
ksmbd: use aead_request_free to match aead_request_alloc
Lubomir Rintel <lkundrak(a)v3.sk>
rndis_host: Flag RNDIS modems as WWAN devices
Mark Zhang <markzhang(a)nvidia.com>
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Yuezhang Mo <Yuezhang.Mo(a)sony.com>
exfat: fix the infinite loop in exfat_find_last_cluster()
Wang Zhaolong <wangzhaolong1(a)huawei.com>
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Shut down the nfs_client only after all the superblocks
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
Marcus Meissner <meissner(a)suse.de>
perf tools: annotate asm_pure_loop.S
Bart Van Assche <bvanassche(a)acm.org>
fs/procfs: fix the comment above proc_pid_wchan()
Jiri Slaby (SUSE) <jirislaby(a)kernel.org>
tty: n_tty: use uint for space returned by tty_write_room()
谢致邦 (XIE Zhibang) <Yeking(a)Red54.com>
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Check if there is space to copy all the event
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Don't keep a raw_data pointer to consumed ring buffer space
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Decrement the refcount of just created event on failure
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Fixup description of sample.id event member
Stanley Chu <yschu(a)nuvoton.com>
i3c: master: svc: Fix missing the IBI rules
Benjamin Berg <benjamin.berg(a)intel.com>
um: hostfs: avoid issues on inode number reuse by host
Benjamin Berg <benjamin.berg(a)intel.com>
um: remove copy_from_kernel_nofault_allowed
Cyan Yang <cyan.yang(a)sifive.com>
selftests/mm/cow: fix the incorrect error handling
Alistair Popple <apopple(a)nvidia.com>
fuse: fix dax truncate/punch_hole fault path
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
Anshuman Khandual <anshuman.khandual(a)arm.com>
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
Vasiliy Kovalev <kovalev(a)altlinux.org>
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Sourabh Jain <sourabhjain(a)linux.ibm.com>
kexec: initialize ELF lowest address to ULONG_MAX
David Hildenbrand <david(a)redhat.com>
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf units: Fix insufficient array space
Ian Rogers <irogers(a)google.com>
perf evlist: Add success path to evlist__create_syswide_maps
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
iio: adc: ad7124: Fix comparison of channel configs
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
iio: adc: ad4130: Fix comparison of channel setups
Peng Fan <peng.fan(a)nxp.com>
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
Dan Carpenter <dan.carpenter(a)linaro.org>
fs/ntfs3: Prevent integer overflow in hdr_first_de()
Dan Carpenter <dan.carpenter(a)linaro.org>
fs/ntfs3: Fix a couple integer overflows on 32bit systems
Niklas Neronin <niklas.neronin(a)linux.intel.com>
usb: xhci: correct debug message page size calculation
Thomas Richter <tmricht(a)linux.ibm.com>
perf bench: Fix perf bench syscall loop count
Leo Yan <leo.yan(a)arm.com>
perf arm-spe: Fix load-store operation checking
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
Mario Limonciello <mario.limonciello(a)amd.com>
ucsi_ccg: Don't show failed to get FW build information error
James Clark <james.clark(a)linaro.org>
perf pmu: Don't double count common sysfs and json events
Yuanfang Zhang <quic_yuanfang(a)quicinc.com>
coresight-etm4x: add isb() before reading the TRCSTATR
Mike Christie <michael.christie(a)oracle.com>
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
Ilkka Koskinen <ilkka(a)os.amperecomputing.com>
coresight: catu: Fix number of pages while using 64k pages
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
soundwire: slave: fix an OF node reference leak in soundwire slave device
Qasim Ijaz <qasdev00(a)gmail.com>
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
Ian Rogers <irogers(a)google.com>
perf stat: Fix find_stat for mixed legacy/non-legacy events
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead auth key length
Jann Horn <jannh(a)google.com>
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
Remi Pommarel <repk(a)triplefau.lt>
leds: Fix LED_OFF brightness race
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
mfd: sm501: Switch to BIT() to mitigate integer overflows
Fabrizio Castro <fabrizio.castro.jz(a)renesas.com>
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: nx - Fix uninitialised hv_nxc on error
Artur Weber <aweber.kernel(a)gmail.com>
power: supply: max77693: Fix wrong conversion of charge input threshold value
Jann Horn <jannh(a)google.com>
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: g12a: fix mmc A peripheral clock
Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com>
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
Alice Ryhl <aliceryhl(a)google.com>
rust: fix signature of rust_fmt_argument
Saket Kumar Bhaskar <skb99(a)linux.ibm.com>
selftests/bpf: Select NUMA_NO_NODE to create map
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: gxbb: drop non existing 32k clock parent
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: g12b: fix cluster A parent data
Prathamesh Shete <pshete(a)nvidia.com>
pinctrl: tegra: Set SFIO mode to Mux Register
Maher Sanalla <msanalla(a)nvidia.com>
IB/mad: Check available slots before posting receive WRs
Luca Weiss <luca(a)lucaweiss.eu>
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Cheng Xu <chengyou(a)linux.alibaba.com>
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
Chiara Meiohas <cmeiohas(a)nvidia.com>
RDMA/mlx5: Fix calculation of total invalidated pages
Roman Gushchin <roman.gushchin(a)linux.dev>
RDMA/core: Don't expose hw_counters outside of init net namespace
Peter Geis <pgwipeout(a)gmail.com>
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Fabrizio Castro <fabrizio.castro.jz(a)renesas.com>
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
Fabrizio Castro <fabrizio.castro.jz(a)renesas.com>
pinctrl: renesas: rza2: Fix missing of_node_put() call
Tanya Agarwal <tanyaagarwal25699(a)gmail.com>
lib: 842: Improve error handling in sw842_compress()
Hou Tao <houtao1(a)huawei.com>
bpf: Use preempt_count() directly in bpf_send_signal_common()
Luca Weiss <luca(a)lucaweiss.eu>
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
Kees Bakker <kees(a)ijzerbout.nl>
RDMA/mana_ib: Ensure variable err is initialized
Vladimir Lypak <vladimir.lypak(a)gmail.com>
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Will McVicker <willmcvicker(a)google.com>
clk: samsung: Fix UBSAN panic in samsung_clk_init()
David Hildenbrand <david(a)redhat.com>
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
Viktor Malik <vmalik(a)redhat.com>
selftests/bpf: Fix string read in strncmp benchmark
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
Luca Weiss <luca(a)lucaweiss.eu>
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Increase NR_FWNODE_REFERENCE_ARGS
Peng Fan <peng.fan(a)nxp.com>
remoteproc: core: Clear table_sz when rproc_shutdown
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for sec spec check
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead authsize alignment
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: gxbb: drop incorrect flag on 32k clock
Danila Chernetsov <listdansp(a)mail.ru>
fbdev: sm501fb: Add some geometry checks.
Arnd Bergmann <arnd(a)arndb.de>
mdacon: rework dependency list
Markus Elfring <elfring(a)users.sourceforge.net>
fbdev: au1100fb: Move a variable assignment behind a null pointer check
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
PCI: histb: Fix an error handling path in histb_pcie_probe()
Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>
drm/amd/display: avoid NPD when ASIC does not support DMUB
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
Douglas Anderson <dianders(a)chromium.org>
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
Thippeswamy Havalige <thippeswamy.havalige(a)amd.com>
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Dan Carpenter <dan.carpenter(a)linaro.org>
PCI: Remove stray put_device() in pci_register_host_bridge()
Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru>
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Nishanth Aravamudan <naravamudan(a)nvidia.com>
PCI: Avoid reset when disabled via sysfs
Feng Tang <feng.tang(a)linux.alibaba.com>
PCI/portdrv: Only disable pciehp interrupts early when needed
Jim Quinlan <james.quinlan(a)broadcom.com>
PCI: brcmstb: Fix potential premature regulator disabling
Jim Quinlan <james.quinlan(a)broadcom.com>
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
Jim Quinlan <james.quinlan(a)broadcom.com>
PCI: brcmstb: Use internal register to change link capability
Hans Zhang <18255117159(a)163.com>
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
Marijn Suijten <marijn.suijten(a)somainline.org>
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
Marijn Suijten <marijn.suijten(a)somainline.org>
drm/msm/dsi: Use existing per-interface slice count in DSC timing
Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>
drm/msm/dpu: don't use active in atomic_check()
Daniel Stodden <daniel.stodden(a)gmail.com>
PCI/ASPM: Fix link state exit during switch upstream function removal
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
Kai-Heng Feng <kaihengf(a)nvidia.com>
PCI: Use downstream bridges for distributing resources
José Expósito <jose.exposito89(a)gmail.com>
drm/vkms: Fix use after free and double free on init error
Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
drm: xlnx: zynqmp: Fix max dma segment size
Hermes Wu <Hermes.wu(a)ite.com.tw>
drm/bridge: it6505: fix HDCP V match check is not performed correctly
Wayne Lin <Wayne.Lin(a)amd.com>
drm/dp_mst: Fix drm RAD print
Geert Uytterhoeven <geert+renesas(a)glider.be>
drm/bridge: ti-sn65dsi86: Fix multiple instances
Jayesh Choudhary <j-choudhary(a)ti.com>
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Always honor no_shutup_pins
Maud Spierings <maudspierings(a)gocontroll.com>
dt-bindings: vendor-prefixes: add GOcontroll
Jiri Kosina <jkosina(a)suse.com>
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru>
ASoC: cs35l41: check the return value from spi_setup()
Armin Wolf <W_Armin(a)gmx.de>
platform/x86: dell-ddv: Fix temperature calculation
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
media: platform: allgro-dvt: unregister v4l2_device on the error path
Benjamin Gaignard <benjamin.gaignard(a)collabora.com>
media: verisilicon: HEVC: Initialize start_bit field
Chao Gao <chao.gao(a)intel.com>
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
Josh Poimboeuf <jpoimboe(a)kernel.org>
x86/traps: Make exc_double_fault() consistently noreturn
Tao Chen <chen.dylane(a)linux.dev>
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Fix handling devices with direct_complete set on errors
Chenyuan Yang <chenyuan0y(a)gmail.com>
thermal: int340x: Add NULL check for adev
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the error path order of ie31200_init()
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the DIMM size mask for several SoCs
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
Tim Schumacher <tim.schumacher1(a)huawei.com>
selinux: Chain up tool resolving errors in install_policy.sh
Atish Patra <atishp(a)rivosinc.com>
RISC-V: KVM: Disable the kernel perf counter during configure
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Adjust check before setting power.must_resume
Peter Zijlstra <peterz(a)infradead.org>
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
Kevin Loughlin <kevinloughlin(a)google.com>
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
Arnd Bergmann <arnd(a)arndb.de>
x86/platform: Only allow CONFIG_EISA for 32-bit
Benjamin Berg <benjamin.berg(a)intel.com>
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
Stanislav Spassov <stanspas(a)amazon.de>
x86/fpu: Fix guest FPU state buffer allocation size
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
Jie Zhan <zhanjie9(a)hisilicon.com>
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Konstantin Andreev <andreev(a)swemel.ru>
smack: dont compile ipv6 code unless ipv6 is configured
zuoqian <zuoqian113(a)gmail.com>
cpufreq: scpi: compare kHz instead of Hz
Mike Rapoport (Microsoft) <rppt(a)kernel.org>
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Eric Sandeen <sandeen(a)redhat.com>
watch_queue: fix pipe accounting mismatch
-------------
Diffstat:
.../devicetree/bindings/vendor-prefixes.yaml | 2 +
Makefile | 4 +-
arch/arm64/kernel/compat_alignment.c | 2 +
arch/loongarch/Kconfig | 4 +-
arch/loongarch/include/asm/cache.h | 2 +
arch/loongarch/kernel/kgdb.c | 5 +-
arch/loongarch/net/bpf_jit.c | 12 +-
arch/loongarch/net/bpf_jit.h | 5 +
arch/powerpc/configs/mpc885_ads_defconfig | 2 +-
arch/powerpc/platforms/cell/spufs/gang.c | 1 +
arch/powerpc/platforms/cell/spufs/inode.c | 63 ++++++-
arch/powerpc/platforms/cell/spufs/spufs.h | 2 +
arch/riscv/errata/Makefile | 6 +-
arch/riscv/include/asm/ftrace.h | 4 +-
arch/riscv/kvm/vcpu_pmu.c | 1 +
arch/riscv/mm/hugetlbpage.c | 74 +++++---
arch/um/include/shared/os.h | 1 -
arch/um/kernel/Makefile | 2 +-
arch/um/kernel/maccess.c | 19 --
arch/um/os-Linux/process.c | 51 ------
arch/x86/Kconfig | 2 +-
arch/x86/entry/calling.h | 2 +
arch/x86/events/intel/core.c | 47 ++---
arch/x86/events/intel/ds.c | 13 +-
arch/x86/events/perf_event.h | 3 +-
arch/x86/hyperv/hv_vtl.c | 1 +
arch/x86/hyperv/ivm.c | 5 +-
arch/x86/include/asm/tlbflush.h | 2 +-
arch/x86/kernel/cpu/microcode/amd.c | 2 +-
arch/x86/kernel/cpu/sgx/driver.c | 10 +-
arch/x86/kernel/dumpstack.c | 5 +-
arch/x86/kernel/fpu/core.c | 6 +-
arch/x86/kernel/process.c | 7 +-
arch/x86/kernel/traps.c | 18 +-
arch/x86/kernel/tsc.c | 4 +-
arch/x86/lib/copy_user_64.S | 18 ++
arch/x86/mm/mem_encrypt_identity.c | 4 +-
arch/x86/mm/pat/cpa-test.c | 2 +-
arch/x86/mm/pat/memtype.c | 52 +++---
drivers/acpi/nfit/core.c | 2 +-
drivers/acpi/processor_idle.c | 4 +
drivers/acpi/resource.c | 7 +
drivers/acpi/x86/utils.c | 3 +-
drivers/base/power/main.c | 21 +--
drivers/base/power/runtime.c | 2 +-
drivers/clk/imx/clk-imx8mp-audiomix.c | 6 +-
drivers/clk/meson/g12a.c | 38 ++--
drivers/clk/meson/gxbb.c | 14 +-
drivers/clk/qcom/gcc-msm8953.c | 2 +-
drivers/clk/qcom/mmcc-sdm660.c | 2 +-
drivers/clk/rockchip/clk-rk3328.c | 2 +-
drivers/clk/samsung/clk.c | 2 +-
drivers/cpufreq/cpufreq_governor.c | 45 ++---
drivers/cpufreq/scpi-cpufreq.c | 5 +-
drivers/crypto/hisilicon/sec2/sec.h | 1 -
drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 +++++--------
drivers/crypto/nx/nx-common-pseries.c | 37 ++--
drivers/dma/fsl-edma-main.c | 2 +-
drivers/edac/i10nm_base.c | 2 +
drivers/edac/ie31200_edac.c | 19 +-
drivers/edac/skx_common.c | 33 ++++
drivers/edac/skx_common.h | 11 ++
drivers/firmware/cirrus/cs_dsp.c | 2 +
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +-
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2 +-
.../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 --
.../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16 ++
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +
.../gpu/drm/amd/display/dc/core/dc_link_exports.c | 3 +
.../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4 +
.../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +-
drivers/gpu/drm/bridge/ite-it6505.c | 7 +-
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 +
drivers/gpu/drm/display/drm_dp_mst_topology.c | 8 +-
drivers/gpu/drm/mediatek/mtk_dp.c | 6 +-
drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +-
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +++-
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4 -
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +-
drivers/gpu/drm/msm/dsi/dsi_host.c | 8 +-
drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 ++--
drivers/gpu/drm/msm/msm_dsc_helper.h | 11 --
drivers/gpu/drm/vkms/vkms_drv.c | 15 +-
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 +
drivers/hid/Makefile | 1 -
drivers/hid/i2c-hid/i2c-hid-core.c | 2 +-
drivers/hwmon/nct6775-core.c | 4 +-
drivers/hwtracing/coresight/coresight-catu.c | 2 +-
drivers/hwtracing/coresight/coresight-core.c | 20 +-
drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 ++++-
drivers/i3c/master/svc-i3c-master.c | 2 +-
drivers/iio/accel/mma8452.c | 10 +-
drivers/iio/accel/msa311.c | 28 +--
drivers/iio/adc/ad4130.c | 41 ++++-
drivers/iio/adc/ad7124.c | 35 +++-
drivers/infiniband/core/device.c | 9 +
drivers/infiniband/core/mad.c | 38 ++--
drivers/infiniband/core/sysfs.c | 1 +
drivers/infiniband/hw/erdma/erdma_cm.c | 1 -
drivers/infiniband/hw/mana/main.c | 2 +-
drivers/infiniband/hw/mlx5/cq.c | 2 +-
drivers/infiniband/hw/mlx5/odp.c | 10 +-
drivers/leds/led-core.c | 22 ++-
drivers/media/dvb-frontends/dib8000.c | 5 +-
drivers/media/platform/allegro-dvt/allegro-core.c | 1 +
.../platform/verisilicon/hantro_g2_hevc_dec.c | 1 +
drivers/media/rc/streamzap.c | 2 +-
drivers/memory/omap-gpmc.c | 20 --
drivers/mfd/sm501.c | 6 +-
drivers/mmc/host/omap.c | 19 +-
drivers/mmc/host/sdhci-omap.c | 4 +-
drivers/mmc/host/sdhci-pxav3.c | 1 +
drivers/net/arcnet/com20020-pci.c | 17 +-
drivers/net/dsa/mv88e6xxx/chip.c | 11 +-
drivers/net/dsa/mv88e6xxx/phy.c | 3 +
drivers/net/ethernet/ibm/ibmveth.c | 39 ++--
drivers/net/ethernet/intel/e1000e/defines.h | 3 +
drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++++++-
drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 +
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 +
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++++++++-------
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +-
.../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +-
.../net/ethernet/mellanox/mlx5/core/en/params.c | 8 +-
drivers/net/usb/rndis_host.c | 16 +-
drivers/net/usb/usbnet.c | 6 +-
.../wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++---
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8 +-
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 +
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +-
drivers/ntb/test/ntb_perf.c | 4 +-
drivers/nvme/host/pci.c | 34 +++-
drivers/nvme/host/tcp.c | 5 +-
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +-
drivers/pci/controller/cadence/pcie-cadence.h | 2 +-
drivers/pci/controller/dwc/pcie-histb.c | 12 +-
drivers/pci/controller/pcie-brcmstb.c | 9 +-
drivers/pci/controller/pcie-xilinx-cpm.c | 10 +-
drivers/pci/hotplug/pciehp_hpc.c | 4 +-
drivers/pci/pci.c | 4 +
drivers/pci/pcie/aspm.c | 17 +-
drivers/pci/pcie/portdrv.c | 8 +-
drivers/pci/probe.c | 5 +-
drivers/pci/setup-bus.c | 3 +-
drivers/pinctrl/intel/pinctrl-intel.c | 1 -
drivers/pinctrl/renesas/pinctrl-rza2.c | 2 +
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +
drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 +
drivers/pinctrl/tegra/pinctrl-tegra.c | 3 +
drivers/platform/x86/dell/dell-wmi-ddv.c | 6 +-
drivers/platform/x86/intel/hid.c | 7 +
.../x86/intel/speed_select_if/isst_if_common.c | 2 +-
drivers/platform/x86/intel/vsec.c | 7 +
drivers/power/supply/max77693_charger.c | 2 +-
drivers/remoteproc/qcom_q6v5_mss.c | 21 ++-
drivers/remoteproc/qcom_q6v5_pas.c | 12 +-
drivers/remoteproc/remoteproc_core.c | 1 +
drivers/scsi/qla2xxx/qla_os.c | 2 +-
drivers/soundwire/slave.c | 1 +
drivers/staging/rtl8723bs/Kconfig | 1 +
.../intel/int340x_thermal/int3402_thermal.c | 3 +
drivers/tty/n_tty.c | 13 +-
drivers/usb/host/xhci-mem.c | 6 +-
drivers/usb/typec/ucsi/ucsi_ccg.c | 5 +-
drivers/vhost/scsi.c | 25 +--
drivers/video/console/Kconfig | 2 +-
drivers/video/fbdev/au1100fb.c | 4 +-
drivers/video/fbdev/sm501fb.c | 7 +
fs/affs/file.c | 9 +-
fs/btrfs/extent-tree.c | 5 +-
fs/exec.c | 15 +-
fs/exfat/fatent.c | 2 +-
fs/ext4/dir.c | 3 +
fs/ext4/super.c | 27 ++-
fs/fuse/dax.c | 1 -
fs/fuse/dir.c | 2 +-
fs/fuse/file.c | 4 +-
fs/hostfs/hostfs.h | 2 +-
fs/hostfs/hostfs_kern.c | 7 +-
fs/hostfs/hostfs_user.c | 59 +++---
fs/isofs/dir.c | 3 +-
fs/jfs/jfs_dtree.c | 3 +-
fs/jfs/xattr.c | 13 +-
fs/nfs/delegation.c | 33 ++--
fs/nfs/sysfs.c | 22 ++-
fs/nfsd/nfs4state.c | 31 +++-
fs/ntfs3/index.c | 4 +-
fs/ntfs3/ntfs.h | 2 +-
fs/ocfs2/alloc.c | 8 +
fs/proc/base.c | 2 +-
fs/smb/client/cifsacl.c | 8 +-
fs/smb/client/connect.c | 16 +-
fs/smb/server/auth.c | 6 +-
fs/smb/server/mgmt/user_session.c | 33 +++-
fs/smb/server/mgmt/user_session.h | 2 +
fs/smb/server/oplock.c | 12 +-
fs/smb/server/smb2pdu.c | 40 ++--
fs/smb/server/smbacl.c | 5 +
include/drm/display/drm_dp_mst_helper.h | 7 +
include/linux/context_tracking_irq.h | 8 +-
include/linux/coresight.h | 4 +
include/linux/fwnode.h | 2 +-
include/linux/interrupt.h | 8 +-
include/linux/pgtable.h | 28 ++-
include/linux/pm_runtime.h | 2 +
include/linux/rcupdate.h | 2 +-
include/linux/sched/smt.h | 2 +-
include/linux/trace.h | 4 +-
include/linux/trace_events.h | 14 ++
include/rdma/ib_verbs.h | 1 +
kernel/events/core.c | 46 +++--
kernel/events/ring_buffer.c | 2 +-
kernel/events/uprobes.c | 13 +-
kernel/fork.c | 4 +
kernel/kexec_elf.c | 2 +-
kernel/locking/semaphore.c | 13 +-
kernel/sched/deadline.c | 2 +-
kernel/trace/bpf_trace.c | 2 +-
kernel/trace/ring_buffer.c | 4 +-
kernel/trace/trace.c | 23 ++-
kernel/trace/trace.h | 1 +
kernel/trace/trace_boot.c | 2 +-
kernel/trace/trace_events.c | 62 ++++++-
kernel/trace/trace_events_hist.c | 133 +++++++++++---
kernel/trace/trace_events_synth.c | 36 +++-
kernel/trace/trace_functions_graph.c | 1 +
kernel/trace/trace_irqsoff.c | 2 -
kernel/trace/trace_osnoise.c | 1 -
kernel/trace/trace_sched_wakeup.c | 2 -
kernel/watch_queue.c | 9 +
lib/842/842_compress.c | 2 +
lib/overflow_kunit.c | 3 +-
lib/vsprintf.c | 2 +-
mm/memory.c | 13 +-
net/can/af_can.c | 12 +-
net/can/af_can.h | 12 +-
net/can/proc.c | 46 +++--
net/core/dst.c | 8 +
net/core/rtnetlink.c | 3 +
net/ipv4/ip_tunnel_core.c | 4 +-
net/ipv4/udp.c | 16 +-
net/ipv6/addrconf.c | 37 ++--
net/ipv6/calipso.c | 21 ++-
net/ipv6/route.c | 42 ++++-
net/mac80211/sta_info.c | 20 +-
net/netfilter/nf_tables_api.c | 4 +-
net/netfilter/nft_set_hash.c | 3 +-
net/netfilter/nft_tunnel.c | 6 +-
net/openvswitch/actions.c | 6 -
net/sched/act_tunnel_key.c | 2 +-
net/sched/cls_flower.c | 2 +-
net/sched/sch_skbprio.c | 3 -
net/vmw_vsock/af_vsock.c | 6 +-
rust/kernel/print.rs | 7 +-
samples/ftrace/sample-trace-array.c | 2 +-
scripts/selinux/install_policy.sh | 15 +-
security/smack/smack.h | 6 +
security/smack/smack_lsm.c | 10 +-
sound/pci/hda/patch_realtek.c | 33 +++-
sound/soc/codecs/cs35l41-spi.c | 4 +-
sound/soc/codecs/rt5665.c | 24 +--
sound/soc/fsl/imx-card.c | 4 +
sound/soc/ti/j721e-evm.c | 2 +
tools/lib/bpf/linker.c | 2 +-
tools/objtool/check.c | 35 +---
tools/perf/bench/syscall.c | 22 ++-
.../shell/coresight/asm_pure_loop/asm_pure_loop.S | 2 +
tools/perf/util/arm-spe.c | 8 +-
tools/perf/util/evlist.c | 13 +-
tools/perf/util/pmu.c | 7 +-
tools/perf/util/pmu.h | 5 +
tools/perf/util/pmus.c | 20 +-
tools/perf/util/python.c | 17 +-
tools/perf/util/stat-shadow.c | 3 +-
tools/perf/util/units.c | 2 +-
.../selftests/bpf/prog_tests/bloom_filter_map.c | 5 +
tools/testing/selftests/bpf/progs/strncmp_bench.c | 5 +-
tools/testing/selftests/mm/cow.c | 2 +-
280 files changed, 2335 insertions(+), 1182 deletions(-)
5 months, 2 weeks
- 9
- 8
[PATCH 5.10.y] drm/i915/gt: Cleanup partial engine discovery failures
by Zhi Yang
From: Chris Wilson <chris.p.wilson(a)intel.com>
commit 78a033433a5ae4fee85511ee075bc9a48312c79e upstream.
If we abort driver initialisation in the middle of gt/engine discovery,
some engines will be fully setup and some not. Those incompletely setup
engines only have 'engine->release == NULL' and so will leak any of the
common objects allocated.
v2:
- Drop the destroy_pinned_context() helper for now. It's not really
worth it with just a single callsite at the moment. (Janusz)
Signed-off-by: Chris Wilson <chris.p.wilson(a)intel.com>
Cc: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
Signed-off-by: Matt Roper <matthew.d.roper(a)intel.com>
Reviewed-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220915232654.3283095-2-matt…
Signed-off-by: Zhi Yang <Zhi.Yang(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Build test passed.
---
drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gt/intel_engine_cs.c b/drivers/gpu/drm/i915/gt/intel_engine_cs.c
index a19537706ed1..eb6f4d7f1e34 100644
--- a/drivers/gpu/drm/i915/gt/intel_engine_cs.c
+++ b/drivers/gpu/drm/i915/gt/intel_engine_cs.c
@@ -904,8 +904,13 @@ int intel_engines_init(struct intel_gt *gt)
return err;
err = setup(engine);
- if (err)
+ if (err) {
+ intel_engine_cleanup_common(engine);
return err;
+ }
+
+ /* The backend should now be responsible for cleanup */
+ GEM_BUG_ON(engine->release == NULL);
err = engine_init_common(engine);
if (err)
--
2.34.1
5 months, 2 weeks
- 2
- 1
[PATCH 6.13.y 0/7] arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
by Anshuman Khandual
This series adds fine grained trap control in EL2 required for FEAT_PMUv3p9
registers like PMICNTR_EL0, PMICFILTR_EL0, and PMUACR_EL1 which are already
being used in the kernel. This is required to prevent their EL1 access trap
into EL2.
The following commits that enabled access into FEAT_PMUv3p9 registers have
already been merged upstream from 6.13 onwards.
d8226d8cfbaf ("perf: arm_pmuv3: Add support for Armv9.4 PMU instruction counter")
0bbff9ed8165 ("perf/arm_pmuv3: Add PMUv3.9 per counter EL0 access control")
The sysreg patches in this series are required for the final patch which
fixes the actual problem.
Anshuman Khandual (7):
arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1
arm64/sysreg: Add register fields for HDFGRTR2_EL2
arm64/sysreg: Add register fields for HDFGWTR2_EL2
arm64/sysreg: Add register fields for HFGITR2_EL2
arm64/sysreg: Add register fields for HFGRTR2_EL2
arm64/sysreg: Add register fields for HFGWTR2_EL2
arm64/boot: Enable EL2 requirements for FEAT_PMUv3p9
Documentation/arch/arm64/booting.rst | 22 ++++++
arch/arm64/include/asm/el2_setup.h | 25 +++++++
arch/arm64/tools/sysreg | 103 +++++++++++++++++++++++++++
3 files changed, 150 insertions(+)
--
2.30.2
5 months, 2 weeks
- 5
- 20
[PATCH 5.10.y] drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
by bin.lan.cn@windriver.com
From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
[ Upstream commit 63de35a8fcfca59ae8750d469a7eb220c7557baf ]
An issue was identified in the dcn21_link_encoder_create function where
an out-of-bounds access could occur when the hpd_source index was used
to reference the link_enc_hpd_regs array. This array has a fixed size
and the index was not being checked against the array's bounds before
accessing it.
This fix adds a conditional check to ensure that the hpd_source index is
within the valid range of the link_enc_hpd_regs array. If the index is
out of bounds, the function now returns NULL to prevent undefined
behavior.
References:
[ 65.920507] ------------[ cut here ]------------
[ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29
[ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]'
[ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13
[ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020
[ 65.920527] Call Trace:
[ 65.920529] <TASK>
[ 65.920532] dump_stack_lvl+0x48/0x70
[ 65.920541] dump_stack+0x10/0x20
[ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0
[ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu]
[ 65.921009] link_create+0x6d3/0xed0 [amdgpu]
[ 65.921355] create_links+0x18a/0x4e0 [amdgpu]
[ 65.921679] dc_create+0x360/0x720 [amdgpu]
[ 65.921999] ? dmi_matches+0xa0/0x220
[ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu]
[ 65.922342] ? console_unlock+0x77/0x120
[ 65.922348] ? dev_printk_emit+0x86/0xb0
[ 65.922354] dm_hw_init+0x15/0x40 [amdgpu]
[ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu]
[ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu]
[ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu]
[ 65.923087] local_pci_probe+0x4b/0xb0
[ 65.923087] pci_device_probe+0xc8/0x280
[ 65.923087] really_probe+0x187/0x300
[ 65.923087] __driver_probe_device+0x85/0x130
[ 65.923087] driver_probe_device+0x24/0x110
[ 65.923087] __driver_attach+0xac/0x1d0
[ 65.923087] ? __pfx___driver_attach+0x10/0x10
[ 65.923087] bus_for_each_dev+0x7d/0xd0
[ 65.923087] driver_attach+0x1e/0x30
[ 65.923087] bus_add_driver+0xf2/0x200
[ 65.923087] driver_register+0x64/0x130
[ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu]
[ 65.923087] __pci_register_driver+0x61/0x70
[ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu]
[ 65.923087] do_one_initcall+0x49/0x310
[ 65.923087] ? kmalloc_trace+0x136/0x360
[ 65.923087] do_init_module+0x6a/0x270
[ 65.923087] load_module+0x1fce/0x23a0
[ 65.923087] init_module_from_file+0x9c/0xe0
[ 65.923087] ? init_module_from_file+0x9c/0xe0
[ 65.923087] idempotent_init_module+0x179/0x230
[ 65.923087] __x64_sys_finit_module+0x5d/0xa0
[ 65.923087] do_syscall_64+0x76/0x120
[ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ 65.923087] RIP: 0033:0x7f2d80f1e88d
[ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48
[ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d
[ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f
[ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002
[ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480
[ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0
[ 65.923087] </TASK>
[ 65.923927] ---[ end trace ]---
Cc: Tom Chung <chiahsuan.chung(a)amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com>
Cc: Roman Li <roman.li(a)amd.com>
Cc: Alex Hung <alex.hung(a)amd.com>
Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com>
Cc: Harry Wentland <harry.wentland(a)amd.com>
Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
Reviewed-by: Roman Li <roman.li(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Build test passed.
---
drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
index 01c4e8753294..f02305089b56 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
@@ -1698,7 +1698,7 @@ static struct link_encoder *dcn21_link_encoder_create(
kzalloc(sizeof(struct dcn21_link_encoder), GFP_KERNEL);
int link_regs_id;
- if (!enc21)
+ if (!enc21 || enc_init_data->hpd_source >= ARRAY_SIZE(link_enc_hpd_regs))
return NULL;
link_regs_id =
--
2.34.1
5 months, 2 weeks
- 2
- 1
[PATCH 5.15.y] drm/i915/gt: Cleanup partial engine discovery failures
by Zhi Yang
From: Chris Wilson <chris.p.wilson(a)intel.com>
commit 78a033433a5ae4fee85511ee075bc9a48312c79e upstream.
If we abort driver initialisation in the middle of gt/engine discovery,
some engines will be fully setup and some not. Those incompletely setup
engines only have 'engine->release == NULL' and so will leak any of the
common objects allocated.
v2:
- Drop the destroy_pinned_context() helper for now. It's not really
worth it with just a single callsite at the moment. (Janusz)
Signed-off-by: Chris Wilson <chris.p.wilson(a)intel.com>
Cc: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
Signed-off-by: Matt Roper <matthew.d.roper(a)intel.com>
Reviewed-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220915232654.3283095-2-matt…
Signed-off-by: Zhi Yang <Zhi.Yang(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Build test passed.
---
drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gt/intel_engine_cs.c b/drivers/gpu/drm/i915/gt/intel_engine_cs.c
index eb99441e0ada..42cb3ad04d89 100644
--- a/drivers/gpu/drm/i915/gt/intel_engine_cs.c
+++ b/drivers/gpu/drm/i915/gt/intel_engine_cs.c
@@ -983,8 +983,13 @@ int intel_engines_init(struct intel_gt *gt)
return err;
err = setup(engine);
- if (err)
+ if (err) {
+ intel_engine_cleanup_common(engine);
return err;
+ }
+
+ /* The backend should now be responsible for cleanup */
+ GEM_BUG_ON(engine->release == NULL);
err = engine_init_common(engine);
if (err)
--
2.34.1
5 months, 2 weeks
- 2
- 1
FAILED: patch "[PATCH] x86/tdx: Fix arch_safe_halt() execution for TDX VMs" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 9f98a4f4e7216dbe366010b4cdcab6b220f229c4
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040844-busload-dumpling-45ff@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 9f98a4f4e7216dbe366010b4cdcab6b220f229c4 Mon Sep 17 00:00:00 2001
From: Vishal Annapurve <vannapurve(a)google.com>
Date: Fri, 28 Feb 2025 01:44:15 +0000
Subject: [PATCH] x86/tdx: Fix arch_safe_halt() execution for TDX VMs
Direct HLT instruction execution causes #VEs for TDX VMs which is routed
to hypervisor via TDCALL. If HLT is executed in STI-shadow, resulting #VE
handler will enable interrupts before TDCALL is routed to hypervisor
leading to missed wakeup events, as current TDX spec doesn't expose
interruptibility state information to allow #VE handler to selectively
enable interrupts.
Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests")
prevented the idle routines from executing HLT instruction in STI-shadow.
But it missed the paravirt routine which can be reached via this path
as an example:
kvm_wait() =>
safe_halt() =>
raw_safe_halt() =>
arch_safe_halt() =>
irq.safe_halt() =>
pv_native_safe_halt()
To reliably handle arch_safe_halt() for TDX VMs, introduce explicit
dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt()
routines with TDX-safe versions that execute direct TDCALL and needed
interrupt flag updates. Executing direct TDCALL brings in additional
benefit of avoiding HLT related #VEs altogether.
As tested by Ryan Afranji:
"Tested with the specjbb2015 benchmark. It has heavy lock contention which leads
to many halt calls. TDX VMs suffered a poor score before this patchset.
Verified the major performance improvement with this patchset applied."
Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests")
Signed-off-by: Vishal Annapurve <vannapurve(a)google.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Tested-by: Ryan Afranji <afranji(a)google.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Brian Gerst <brgerst(a)gmail.com>
Cc: Juergen Gross <jgross(a)suse.com>
Cc: H. Peter Anvin <hpa(a)zytor.com>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Josh Poimboeuf <jpoimboe(a)redhat.com>
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/r/20250228014416.3925664-3-vannapurve@google.com
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 05b4eca156cf..f614c0522a0b 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -878,6 +878,7 @@ config INTEL_TDX_GUEST
depends on X86_64 && CPU_SUP_INTEL
depends on X86_X2APIC
depends on EFI_STUB
+ depends on PARAVIRT
select ARCH_HAS_CC_PLATFORM
select X86_MEM_ENCRYPT
select X86_MCE
diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 7772b01ab738..aa0eb4057226 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -14,6 +14,7 @@
#include <asm/ia32.h>
#include <asm/insn.h>
#include <asm/insn-eval.h>
+#include <asm/paravirt_types.h>
#include <asm/pgtable.h>
#include <asm/set_memory.h>
#include <asm/traps.h>
@@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve)
return ve_instr_len(ve);
}
-void __cpuidle tdx_safe_halt(void)
+void __cpuidle tdx_halt(void)
{
const bool irq_disabled = false;
@@ -409,6 +410,16 @@ void __cpuidle tdx_safe_halt(void)
WARN_ONCE(1, "HLT instruction emulation failed\n");
}
+static void __cpuidle tdx_safe_halt(void)
+{
+ tdx_halt();
+ /*
+ * "__cpuidle" section doesn't support instrumentation, so stick
+ * with raw_* variant that avoids tracing hooks.
+ */
+ raw_local_irq_enable();
+}
+
static int read_msr(struct pt_regs *regs, struct ve_info *ve)
{
struct tdx_module_args args = {
@@ -1109,6 +1120,19 @@ void __init tdx_early_init(void)
x86_platform.guest.enc_kexec_begin = tdx_kexec_begin;
x86_platform.guest.enc_kexec_finish = tdx_kexec_finish;
+ /*
+ * Avoid "sti;hlt" execution in TDX guests as HLT induces a #VE that
+ * will enable interrupts before HLT TDCALL invocation if executed
+ * in STI-shadow, possibly resulting in missed wakeup events.
+ *
+ * Modify all possible HLT execution paths to use TDX specific routines
+ * that directly execute TDCALL and toggle the interrupt state as
+ * needed after TDCALL completion. This also reduces HLT related #VEs
+ * in addition to having a reliable halt logic execution.
+ */
+ pv_ops.irq.safe_halt = tdx_safe_halt;
+ pv_ops.irq.halt = tdx_halt;
+
/*
* TDX intercepts the RDMSR to read the X2APIC ID in the parallel
* bringup low level code. That raises #VE which cannot be handled
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index 65394aa9b49f..4a1922ec80cf 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve);
bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve);
-void tdx_safe_halt(void);
+void tdx_halt(void);
bool tdx_early_handle_ve(struct pt_regs *regs);
@@ -72,7 +72,7 @@ void __init tdx_dump_td_ctls(u64 td_ctls);
#else
static inline void tdx_early_init(void) { };
-static inline void tdx_safe_halt(void) { };
+static inline void tdx_halt(void) { };
static inline bool tdx_early_handle_ve(struct pt_regs *regs) { return false; }
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 91f6ff618852..962c3ce39323 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -939,7 +939,7 @@ void __init select_idle_routine(void)
static_call_update(x86_idle, mwait_idle);
} else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
pr_info("using TDX aware idle routine\n");
- static_call_update(x86_idle, tdx_safe_halt);
+ static_call_update(x86_idle, tdx_halt);
} else {
static_call_update(x86_idle, default_idle);
}
5 months, 2 weeks
- 3
- 2
FAILED: patch "[PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 22cc5ca5de52bbfc36a7d4a55323f91fb4492264
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040827-manila-alkalize-ba6e@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 Mon Sep 17 00:00:00 2001
From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com>
Date: Fri, 28 Feb 2025 01:44:14 +0000
Subject: [PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For
other VM guest types, features supported under CONFIG_PARAVIRT
are self sufficient. CONFIG_PARAVIRT mainly provides support for
TLB flush operations and time related operations.
For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets
most of its requirement except the need of HLT and SAFE_HLT
paravirt calls, which is currently defined under
CONFIG_PARAVIRT_XXL.
Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest
like platforms, move HLT and SAFE_HLT paravirt calls under
CONFIG_PARAVIRT.
Moving HLT and SAFE_HLT paravirt calls are not fatal and should not
break any functionality for current users of CONFIG_PARAVIRT.
Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests")
Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Signed-off-by: Vishal Annapurve <vannapurve(a)google.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Reviewed-by: Andi Kleen <ak(a)linux.intel.com>
Reviewed-by: Tony Luck <tony.luck(a)intel.com>
Reviewed-by: Juergen Gross <jgross(a)suse.com>
Tested-by: Ryan Afranji <afranji(a)google.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Brian Gerst <brgerst(a)gmail.com>
Cc: H. Peter Anvin <hpa(a)zytor.com>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Josh Poimboeuf <jpoimboe(a)redhat.com>
Cc: stable(a)kernel.org
Link: https://lore.kernel.org/r/20250228014416.3925664-2-vannapurve@google.com
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
index abb8374c9ff7..9a9b21b78905 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags)
#endif
+#ifndef CONFIG_PARAVIRT
+#ifndef __ASSEMBLY__
+/*
+ * Used in the idle loop; sti takes one instruction cycle
+ * to complete:
+ */
+static __always_inline void arch_safe_halt(void)
+{
+ native_safe_halt();
+}
+
+/*
+ * Used when interrupts are already enabled or to
+ * shutdown the processor:
+ */
+static __always_inline void halt(void)
+{
+ native_halt();
+}
+#endif /* __ASSEMBLY__ */
+#endif /* CONFIG_PARAVIRT */
+
#ifdef CONFIG_PARAVIRT_XXL
#include <asm/paravirt.h>
#else
@@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void)
native_irq_enable();
}
-/*
- * Used in the idle loop; sti takes one instruction cycle
- * to complete:
- */
-static __always_inline void arch_safe_halt(void)
-{
- native_safe_halt();
-}
-
-/*
- * Used when interrupts are already enabled or to
- * shutdown the processor:
- */
-static __always_inline void halt(void)
-{
- native_halt();
-}
-
/*
* For spinlocks, etc:
*/
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index bed346bfac89..c4c23190925c 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -102,6 +102,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn,
PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc);
}
+static __always_inline void arch_safe_halt(void)
+{
+ PVOP_VCALL0(irq.safe_halt);
+}
+
+static inline void halt(void)
+{
+ PVOP_VCALL0(irq.halt);
+}
+
#ifdef CONFIG_PARAVIRT_XXL
static inline void load_sp0(unsigned long sp0)
{
@@ -165,16 +175,6 @@ static inline void __write_cr4(unsigned long x)
PVOP_VCALL1(cpu.write_cr4, x);
}
-static __always_inline void arch_safe_halt(void)
-{
- PVOP_VCALL0(irq.safe_halt);
-}
-
-static inline void halt(void)
-{
- PVOP_VCALL0(irq.halt);
-}
-
static inline u64 paravirt_read_msr(unsigned msr)
{
return PVOP_CALL1(u64, cpu.read_msr, msr);
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
index 62912023b46f..631c306ce1ff 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -120,10 +120,9 @@ struct pv_irq_ops {
struct paravirt_callee_save save_fl;
struct paravirt_callee_save irq_disable;
struct paravirt_callee_save irq_enable;
-
+#endif
void (*safe_halt)(void);
void (*halt)(void);
-#endif
} __no_randomize_layout;
struct pv_mmu_ops {
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
index 97925632c28e..1ccd05d8999f 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -75,6 +75,11 @@ void paravirt_set_sched_clock(u64 (*func)(void))
static_call_update(pv_sched_clock, func);
}
+static noinstr void pv_native_safe_halt(void)
+{
+ native_safe_halt();
+}
+
#ifdef CONFIG_PARAVIRT_XXL
static noinstr void pv_native_write_cr2(unsigned long val)
{
@@ -100,11 +105,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val)
{
native_set_debugreg(regno, val);
}
-
-static noinstr void pv_native_safe_halt(void)
-{
- native_safe_halt();
-}
#endif
struct pv_info pv_info = {
@@ -161,9 +161,11 @@ struct paravirt_patch_template pv_ops = {
.irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl),
.irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable),
.irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable),
+#endif /* CONFIG_PARAVIRT_XXL */
+
+ /* Irq HLT ops. */
.irq.safe_halt = pv_native_safe_halt,
.irq.halt = native_halt,
-#endif /* CONFIG_PARAVIRT_XXL */
/* Mmu ops. */
.mmu.flush_tlb_user = native_flush_tlb_local,
5 months, 2 weeks
- 3
- 2
[PATCH 5.15.y] drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing
by Zhi Yang
From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
commit 15c2990e0f0108b9c3752d7072a97d45d4283aea upstream.
This commit adds null checks for the 'stream' and 'plane' variables in
the dcn30_apply_idle_power_optimizations function. These variables were
previously assumed to be null at line 922, but they were used later in
the code without checking if they were null. This could potentially lead
to a null pointer dereference, which would cause a crash.
The null checks ensure that 'stream' and 'plane' are not null before
they are used, preventing potential crashes.
Fixes the below static smatch checker:
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:938 dcn30_apply_idle_power_optimizations() error: we previously assumed 'stream' could be null (see line 922)
drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:940 dcn30_apply_idle_power_optimizations() error: we previously assumed 'plane' could be null (see line 922)
Cc: Tom Chung <chiahsuan.chung(a)amd.com>
Cc: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
Cc: Bhawanpreet Lakha <Bhawanpreet.Lakha(a)amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com>
Cc: Roman Li <roman.li(a)amd.com>
Cc: Hersen Wu <hersenxs.wu(a)amd.com>
Cc: Alex Hung <alex.hung(a)amd.com>
Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com>
Cc: Harry Wentland <harry.wentland(a)amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
Signed-off-by: Zhi Yang <Zhi.Yang(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Build test passed.
---
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c
index 81547178a934..30716b88136c 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c
@@ -784,6 +784,9 @@ bool dcn30_apply_idle_power_optimizations(struct dc *dc, bool enable)
stream = dc->current_state->streams[0];
plane = (stream ? dc->current_state->stream_status[0].plane_states[0] : NULL);
+ if (!stream || !plane)
+ return false;
+
if (stream && plane) {
cursor_cache_enable = stream->cursor_position.enable &&
plane->address.grph.cursor_cache_addr.quad_part;
--
2.34.1
5 months, 2 weeks
- 2
- 1
FAILED: patch "[PATCH] ACPI: platform-profile: Fix CFI violation when accessing" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x dd4f730b557ce701a2cd4f604bf1e57667bd8b6e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040803-womb-decorated-10be@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From dd4f730b557ce701a2cd4f604bf1e57667bd8b6e Mon Sep 17 00:00:00 2001
From: Nathan Chancellor <nathan(a)kernel.org>
Date: Mon, 10 Feb 2025 21:28:25 -0500
Subject: [PATCH] ACPI: platform-profile: Fix CFI violation when accessing
sysfs files
When an attribute group is created with sysfs_create_group(), the
->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show()
and ->store() callbacks to kobj_attr_show() and kobj_attr_store()
respectively. These functions use container_of() to get the respective
callback from the passed attribute, meaning that these callbacks need to
be of the same type as the callbacks in 'struct kobj_attribute'.
However, ->show() and ->store() in the platform_profile driver are
defined for struct device_attribute with the help of DEVICE_ATTR_RO()
and DEVICE_ATTR_RW(), which results in a CFI violation when accessing
platform_profile or platform_profile_choices under /sys/firmware/acpi
because the types do not match:
CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c)
There is no functional issue from the type mismatch because the layout
of 'struct kobj_attribute' and 'struct device_attribute' are the same,
so the container_of() cast does not break anything aside from CFI.
Change the type of platform_profile_choices_show() and
platform_profile_{show,store}() to match the callbacks in
'struct kobj_attribute' and update the attribute variables to
match, which resolves the CFI violation.
Cc: All applicable <stable(a)vger.kernel.org>
Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support")
Reported-by: John Rowley <lkml(a)johnrowley.me>
Closes: https://github.com/ClangBuiltLinux/linux/issues/2047
Tested-by: John Rowley <lkml(a)johnrowley.me>
Reviewed-by: Sami Tolvanen <samitolvanen(a)google.com>
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Reviewed-by: Mark Pearson <mpearson-lenovo(a)squebb.ca>
Tested-by: Mark Pearson <mpearson-lenovo(a)squebb.ca>
Link: https://patch.msgid.link/20250210-acpi-platform_profile-fix-cfi-violation-v…
[ rjw: Changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c
index fc92e43d0fe9..1b6317f759f9 100644
--- a/drivers/acpi/platform_profile.c
+++ b/drivers/acpi/platform_profile.c
@@ -260,14 +260,14 @@ static int _aggregate_choices(struct device *dev, void *data)
/**
* platform_profile_choices_show - Show the available profile choices for legacy sysfs interface
- * @dev: The device
+ * @kobj: The kobject
* @attr: The attribute
* @buf: The buffer to write to
*
* Return: The number of bytes written
*/
-static ssize_t platform_profile_choices_show(struct device *dev,
- struct device_attribute *attr,
+static ssize_t platform_profile_choices_show(struct kobject *kobj,
+ struct kobj_attribute *attr,
char *buf)
{
unsigned long aggregate[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)];
@@ -333,14 +333,14 @@ static int _store_and_notify(struct device *dev, void *data)
/**
* platform_profile_show - Show the current profile for legacy sysfs interface
- * @dev: The device
+ * @kobj: The kobject
* @attr: The attribute
* @buf: The buffer to write to
*
* Return: The number of bytes written
*/
-static ssize_t platform_profile_show(struct device *dev,
- struct device_attribute *attr,
+static ssize_t platform_profile_show(struct kobject *kobj,
+ struct kobj_attribute *attr,
char *buf)
{
enum platform_profile_option profile = PLATFORM_PROFILE_LAST;
@@ -362,15 +362,15 @@ static ssize_t platform_profile_show(struct device *dev,
/**
* platform_profile_store - Set the profile for legacy sysfs interface
- * @dev: The device
+ * @kobj: The kobject
* @attr: The attribute
* @buf: The buffer to read from
* @count: The number of bytes to read
*
* Return: The number of bytes read
*/
-static ssize_t platform_profile_store(struct device *dev,
- struct device_attribute *attr,
+static ssize_t platform_profile_store(struct kobject *kobj,
+ struct kobj_attribute *attr,
const char *buf, size_t count)
{
unsigned long choices[BITS_TO_LONGS(PLATFORM_PROFILE_LAST)];
@@ -401,12 +401,12 @@ static ssize_t platform_profile_store(struct device *dev,
return count;
}
-static DEVICE_ATTR_RO(platform_profile_choices);
-static DEVICE_ATTR_RW(platform_profile);
+static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices);
+static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile);
static struct attribute *platform_profile_attrs[] = {
- &dev_attr_platform_profile_choices.attr,
- &dev_attr_platform_profile.attr,
+ &attr_platform_profile_choices.attr,
+ &attr_platform_profile.attr,
NULL
};
5 months, 2 weeks
- 3
- 2
[PATCH 5.10.y] drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration
by jianqi.ren.cn@windriver.com
From: Hersen Wu <hersenxs.wu(a)amd.com>
[ Upstream commit a54f7e866cc73a4cb71b8b24bb568ba35c8969df ]
[Why]
Coverity reports Memory - illegal accesses.
[How]
Skip inactive planes.
Reviewed-by: Alex Hung <alex.hung(a)amd.com>
Acked-by: Tom Chung <chiahsuan.chung(a)amd.com>
Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
[get_pipe_idx() was introduced as a helper by
dda4fb85e433 ("drm/amd/display: DML changes for DCN32/321") in v6.0.
This patch backports it to make code clearer. And minor conflict is
resolved due to code context change.]
Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified the build test
---
.../drm/amd/display/dc/dml/display_mode_vba.c | 27 ++++++++++++++++++-
1 file changed, 26 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c b/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c
index b32093136089..7dfcb1e0a6ff 100644
--- a/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c
+++ b/drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c
@@ -825,11 +825,30 @@ static unsigned int CursorBppEnumToBits(enum cursor_bpp ebpp)
}
}
+static unsigned int get_pipe_idx(struct display_mode_lib *mode_lib, unsigned int plane_idx)
+{
+ int pipe_idx = -1;
+ int i;
+
+ ASSERT(plane_idx < DC__NUM_DPP__MAX);
+
+ for (i = 0; i < DC__NUM_DPP__MAX ; i++) {
+ if (plane_idx == mode_lib->vba.pipe_plane[i]) {
+ pipe_idx = i;
+ break;
+ }
+ }
+ ASSERT(pipe_idx >= 0);
+
+ return pipe_idx;
+}
+
void ModeSupportAndSystemConfiguration(struct display_mode_lib *mode_lib)
{
soc_bounding_box_st *soc = &mode_lib->vba.soc;
unsigned int k;
unsigned int total_pipes = 0;
+ unsigned int pipe_idx = 0;
mode_lib->vba.VoltageLevel = mode_lib->vba.cache_pipes[0].clks_cfg.voltage;
mode_lib->vba.ReturnBW = mode_lib->vba.ReturnBWPerState[mode_lib->vba.VoltageLevel][mode_lib->vba.maxMpcComb];
@@ -849,8 +868,14 @@ void ModeSupportAndSystemConfiguration(struct display_mode_lib *mode_lib)
mode_lib->vba.DISPCLK = soc->clock_limits[mode_lib->vba.VoltageLevel].dispclk_mhz;
// Total Available Pipes Support Check
- for (k = 0; k < mode_lib->vba.NumberOfActivePlanes; ++k)
+ for (k = 0; k < mode_lib->vba.NumberOfActivePlanes; ++k) {
+ pipe_idx = get_pipe_idx(mode_lib, k);
+ if (pipe_idx == -1) {
+ ASSERT(0);
+ continue; // skip inactive planes
+ }
total_pipes += mode_lib->vba.DPPPerPlane[k];
+ }
ASSERT(total_pipes <= DC__NUM_DPP__MAX);
}
--
2.34.1
5 months, 2 weeks
- 2
- 1
[PATCH 5.15.y] drm/amd/pm: Fix negative array index read
by jianqi.ren.cn@windriver.com
From: Jesse Zhang <jesse.zhang(a)amd.com>
[ Upstream commit c8c19ebf7c0b202a6a2d37a52ca112432723db5f ]
Avoid using the negative values
for clk_idex as an index into an array pptable->DpmDescriptor.
V2: fix clk_index return check (Tim Huang)
Signed-off-by: Jesse Zhang <Jesse.Zhang(a)amd.com>
Reviewed-by: Tim Huang <Tim.Huang(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
[Minor conflict resolved due to code context change.]
Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified the build test
---
.../gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 ++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c
index dfba0bc73207..9f5dcfaebe63 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c
@@ -1231,19 +1231,22 @@ static int navi10_get_current_clk_freq_by_table(struct smu_context *smu,
value);
}
-static bool navi10_is_support_fine_grained_dpm(struct smu_context *smu, enum smu_clk_type clk_type)
+static int navi10_is_support_fine_grained_dpm(struct smu_context *smu, enum smu_clk_type clk_type)
{
PPTable_t *pptable = smu->smu_table.driver_pptable;
DpmDescriptor_t *dpm_desc = NULL;
- uint32_t clk_index = 0;
+ int clk_index = 0;
clk_index = smu_cmn_to_asic_specific_index(smu,
CMN2ASIC_MAPPING_CLK,
clk_type);
+ if (clk_index < 0)
+ return clk_index;
+
dpm_desc = &pptable->DpmDescriptor[clk_index];
/* 0 - Fine grained DPM, 1 - Discrete DPM */
- return dpm_desc->SnapToDiscrete == 0;
+ return dpm_desc->SnapToDiscrete == 0 ? 1 : 0;
}
static inline bool navi10_od_feature_is_supported(struct smu_11_0_overdrive_table *od_table, enum SMU_11_0_ODFEATURE_CAP cap)
@@ -1299,7 +1302,11 @@ static int navi10_print_clk_levels(struct smu_context *smu,
if (ret)
return size;
- if (!navi10_is_support_fine_grained_dpm(smu, clk_type)) {
+ ret = navi10_is_support_fine_grained_dpm(smu, clk_type);
+ if (ret < 0)
+ return ret;
+
+ if (!ret) {
for (i = 0; i < count; i++) {
ret = smu_v11_0_get_dpm_freq_by_index(smu, clk_type, i, &value);
if (ret)
@@ -1468,7 +1475,11 @@ static int navi10_force_clk_levels(struct smu_context *smu,
case SMU_UCLK:
case SMU_FCLK:
/* There is only 2 levels for fine grained DPM */
- if (navi10_is_support_fine_grained_dpm(smu, clk_type)) {
+ ret = navi10_is_support_fine_grained_dpm(smu, clk_type);
+ if (ret < 0)
+ return ret;
+
+ if (ret) {
soft_max_level = (soft_max_level >= 1 ? 1 : 0);
soft_min_level = (soft_min_level >= 1 ? 1 : 0);
}
--
2.34.1
5 months, 2 weeks
- 2
- 1
[PATCH 5.10.y] drm/amd/pm: Fix negative array index read
by jianqi.ren.cn@windriver.com
From: Jesse Zhang <jesse.zhang(a)amd.com>
[ Upstream commit c8c19ebf7c0b202a6a2d37a52ca112432723db5f ]
Avoid using the negative values
for clk_idex as an index into an array pptable->DpmDescriptor.
V2: fix clk_index return check (Tim Huang)
Signed-off-by: Jesse Zhang <Jesse.Zhang(a)amd.com>
Reviewed-by: Tim Huang <Tim.Huang(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
[Minor conflict resolved due to code context change.]
Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified the build test
---
.../gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 ++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c
index a7773b6453d5..0af9ee3a520a 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c
@@ -900,19 +900,22 @@ static int navi10_get_current_clk_freq_by_table(struct smu_context *smu,
value);
}
-static bool navi10_is_support_fine_grained_dpm(struct smu_context *smu, enum smu_clk_type clk_type)
+static int navi10_is_support_fine_grained_dpm(struct smu_context *smu, enum smu_clk_type clk_type)
{
PPTable_t *pptable = smu->smu_table.driver_pptable;
DpmDescriptor_t *dpm_desc = NULL;
- uint32_t clk_index = 0;
+ int clk_index = 0;
clk_index = smu_cmn_to_asic_specific_index(smu,
CMN2ASIC_MAPPING_CLK,
clk_type);
+ if (clk_index < 0)
+ return clk_index;
+
dpm_desc = &pptable->DpmDescriptor[clk_index];
/* 0 - Fine grained DPM, 1 - Discrete DPM */
- return dpm_desc->SnapToDiscrete == 0 ? true : false;
+ return dpm_desc->SnapToDiscrete == 0 ? 1 : 0;
}
static inline bool navi10_od_feature_is_supported(struct smu_11_0_overdrive_table *od_table, enum SMU_11_0_ODFEATURE_CAP cap)
@@ -964,7 +967,11 @@ static int navi10_print_clk_levels(struct smu_context *smu,
if (ret)
return size;
- if (!navi10_is_support_fine_grained_dpm(smu, clk_type)) {
+ ret = navi10_is_support_fine_grained_dpm(smu, clk_type);
+ if (ret < 0)
+ return ret;
+
+ if (!ret) {
for (i = 0; i < count; i++) {
ret = smu_v11_0_get_dpm_freq_by_index(smu, clk_type, i, &value);
if (ret)
@@ -1127,7 +1134,11 @@ static int navi10_force_clk_levels(struct smu_context *smu,
case SMU_UCLK:
case SMU_FCLK:
/* There is only 2 levels for fine grained DPM */
- if (navi10_is_support_fine_grained_dpm(smu, clk_type)) {
+ ret = navi10_is_support_fine_grained_dpm(smu, clk_type);
+ if (ret < 0)
+ return ret;
+
+ if (ret) {
soft_max_level = (soft_max_level >= 1 ? 1 : 0);
soft_min_level = (soft_min_level >= 1 ? 1 : 0);
}
--
2.34.1
5 months, 2 weeks
- 2
- 1
FAILED: patch "[PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 22cc5ca5de52bbfc36a7d4a55323f91fb4492264
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040827-discern-goldmine-da71@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 Mon Sep 17 00:00:00 2001
From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com>
Date: Fri, 28 Feb 2025 01:44:14 +0000
Subject: [PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For
other VM guest types, features supported under CONFIG_PARAVIRT
are self sufficient. CONFIG_PARAVIRT mainly provides support for
TLB flush operations and time related operations.
For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets
most of its requirement except the need of HLT and SAFE_HLT
paravirt calls, which is currently defined under
CONFIG_PARAVIRT_XXL.
Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest
like platforms, move HLT and SAFE_HLT paravirt calls under
CONFIG_PARAVIRT.
Moving HLT and SAFE_HLT paravirt calls are not fatal and should not
break any functionality for current users of CONFIG_PARAVIRT.
Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests")
Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Signed-off-by: Vishal Annapurve <vannapurve(a)google.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Reviewed-by: Andi Kleen <ak(a)linux.intel.com>
Reviewed-by: Tony Luck <tony.luck(a)intel.com>
Reviewed-by: Juergen Gross <jgross(a)suse.com>
Tested-by: Ryan Afranji <afranji(a)google.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Brian Gerst <brgerst(a)gmail.com>
Cc: H. Peter Anvin <hpa(a)zytor.com>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Josh Poimboeuf <jpoimboe(a)redhat.com>
Cc: stable(a)kernel.org
Link: https://lore.kernel.org/r/20250228014416.3925664-2-vannapurve@google.com
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
index abb8374c9ff7..9a9b21b78905 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags)
#endif
+#ifndef CONFIG_PARAVIRT
+#ifndef __ASSEMBLY__
+/*
+ * Used in the idle loop; sti takes one instruction cycle
+ * to complete:
+ */
+static __always_inline void arch_safe_halt(void)
+{
+ native_safe_halt();
+}
+
+/*
+ * Used when interrupts are already enabled or to
+ * shutdown the processor:
+ */
+static __always_inline void halt(void)
+{
+ native_halt();
+}
+#endif /* __ASSEMBLY__ */
+#endif /* CONFIG_PARAVIRT */
+
#ifdef CONFIG_PARAVIRT_XXL
#include <asm/paravirt.h>
#else
@@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void)
native_irq_enable();
}
-/*
- * Used in the idle loop; sti takes one instruction cycle
- * to complete:
- */
-static __always_inline void arch_safe_halt(void)
-{
- native_safe_halt();
-}
-
-/*
- * Used when interrupts are already enabled or to
- * shutdown the processor:
- */
-static __always_inline void halt(void)
-{
- native_halt();
-}
-
/*
* For spinlocks, etc:
*/
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index bed346bfac89..c4c23190925c 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -102,6 +102,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn,
PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc);
}
+static __always_inline void arch_safe_halt(void)
+{
+ PVOP_VCALL0(irq.safe_halt);
+}
+
+static inline void halt(void)
+{
+ PVOP_VCALL0(irq.halt);
+}
+
#ifdef CONFIG_PARAVIRT_XXL
static inline void load_sp0(unsigned long sp0)
{
@@ -165,16 +175,6 @@ static inline void __write_cr4(unsigned long x)
PVOP_VCALL1(cpu.write_cr4, x);
}
-static __always_inline void arch_safe_halt(void)
-{
- PVOP_VCALL0(irq.safe_halt);
-}
-
-static inline void halt(void)
-{
- PVOP_VCALL0(irq.halt);
-}
-
static inline u64 paravirt_read_msr(unsigned msr)
{
return PVOP_CALL1(u64, cpu.read_msr, msr);
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
index 62912023b46f..631c306ce1ff 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -120,10 +120,9 @@ struct pv_irq_ops {
struct paravirt_callee_save save_fl;
struct paravirt_callee_save irq_disable;
struct paravirt_callee_save irq_enable;
-
+#endif
void (*safe_halt)(void);
void (*halt)(void);
-#endif
} __no_randomize_layout;
struct pv_mmu_ops {
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
index 97925632c28e..1ccd05d8999f 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -75,6 +75,11 @@ void paravirt_set_sched_clock(u64 (*func)(void))
static_call_update(pv_sched_clock, func);
}
+static noinstr void pv_native_safe_halt(void)
+{
+ native_safe_halt();
+}
+
#ifdef CONFIG_PARAVIRT_XXL
static noinstr void pv_native_write_cr2(unsigned long val)
{
@@ -100,11 +105,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val)
{
native_set_debugreg(regno, val);
}
-
-static noinstr void pv_native_safe_halt(void)
-{
- native_safe_halt();
-}
#endif
struct pv_info pv_info = {
@@ -161,9 +161,11 @@ struct paravirt_patch_template pv_ops = {
.irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl),
.irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable),
.irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable),
+#endif /* CONFIG_PARAVIRT_XXL */
+
+ /* Irq HLT ops. */
.irq.safe_halt = pv_native_safe_halt,
.irq.halt = native_halt,
-#endif /* CONFIG_PARAVIRT_XXL */
/* Mmu ops. */
.mmu.flush_tlb_user = native_flush_tlb_local,
5 months, 2 weeks
- 3
- 2
[PATCH 5.15.y] drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
by bin.lan.cn@windriver.com
From: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
[ Upstream commit 63de35a8fcfca59ae8750d469a7eb220c7557baf ]
An issue was identified in the dcn21_link_encoder_create function where
an out-of-bounds access could occur when the hpd_source index was used
to reference the link_enc_hpd_regs array. This array has a fixed size
and the index was not being checked against the array's bounds before
accessing it.
This fix adds a conditional check to ensure that the hpd_source index is
within the valid range of the link_enc_hpd_regs array. If the index is
out of bounds, the function now returns NULL to prevent undefined
behavior.
References:
[ 65.920507] ------------[ cut here ]------------
[ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29
[ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]'
[ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13
[ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020
[ 65.920527] Call Trace:
[ 65.920529] <TASK>
[ 65.920532] dump_stack_lvl+0x48/0x70
[ 65.920541] dump_stack+0x10/0x20
[ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0
[ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu]
[ 65.921009] link_create+0x6d3/0xed0 [amdgpu]
[ 65.921355] create_links+0x18a/0x4e0 [amdgpu]
[ 65.921679] dc_create+0x360/0x720 [amdgpu]
[ 65.921999] ? dmi_matches+0xa0/0x220
[ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu]
[ 65.922342] ? console_unlock+0x77/0x120
[ 65.922348] ? dev_printk_emit+0x86/0xb0
[ 65.922354] dm_hw_init+0x15/0x40 [amdgpu]
[ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu]
[ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu]
[ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu]
[ 65.923087] local_pci_probe+0x4b/0xb0
[ 65.923087] pci_device_probe+0xc8/0x280
[ 65.923087] really_probe+0x187/0x300
[ 65.923087] __driver_probe_device+0x85/0x130
[ 65.923087] driver_probe_device+0x24/0x110
[ 65.923087] __driver_attach+0xac/0x1d0
[ 65.923087] ? __pfx___driver_attach+0x10/0x10
[ 65.923087] bus_for_each_dev+0x7d/0xd0
[ 65.923087] driver_attach+0x1e/0x30
[ 65.923087] bus_add_driver+0xf2/0x200
[ 65.923087] driver_register+0x64/0x130
[ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu]
[ 65.923087] __pci_register_driver+0x61/0x70
[ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu]
[ 65.923087] do_one_initcall+0x49/0x310
[ 65.923087] ? kmalloc_trace+0x136/0x360
[ 65.923087] do_init_module+0x6a/0x270
[ 65.923087] load_module+0x1fce/0x23a0
[ 65.923087] init_module_from_file+0x9c/0xe0
[ 65.923087] ? init_module_from_file+0x9c/0xe0
[ 65.923087] idempotent_init_module+0x179/0x230
[ 65.923087] __x64_sys_finit_module+0x5d/0xa0
[ 65.923087] do_syscall_64+0x76/0x120
[ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ 65.923087] RIP: 0033:0x7f2d80f1e88d
[ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48
[ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d
[ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f
[ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002
[ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480
[ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0
[ 65.923087] </TASK>
[ 65.923927] ---[ end trace ]---
Cc: Tom Chung <chiahsuan.chung(a)amd.com>
Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com>
Cc: Roman Li <roman.li(a)amd.com>
Cc: Alex Hung <alex.hung(a)amd.com>
Cc: Aurabindo Pillai <aurabindo.pillai(a)amd.com>
Cc: Harry Wentland <harry.wentland(a)amd.com>
Cc: Hamza Mahfooz <hamza.mahfooz(a)amd.com>
Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
Reviewed-by: Roman Li <roman.li(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Build test passed.
---
drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
index 7c5c1414b7a1..257ab8820c7a 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c
@@ -1852,7 +1852,7 @@ static struct link_encoder *dcn21_link_encoder_create(
kzalloc(sizeof(struct dcn21_link_encoder), GFP_KERNEL);
int link_regs_id;
- if (!enc21)
+ if (!enc21 || enc_init_data->hpd_source >= ARRAY_SIZE(link_enc_hpd_regs))
return NULL;
link_regs_id =
--
2.34.1
5 months, 2 weeks
- 2
- 1
FAILED: patch "[PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x 22cc5ca5de52bbfc36a7d4a55323f91fb4492264
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040826-tracing-shanty-607f@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 22cc5ca5de52bbfc36a7d4a55323f91fb4492264 Mon Sep 17 00:00:00 2001
From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com>
Date: Fri, 28 Feb 2025 01:44:14 +0000
Subject: [PATCH] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For
other VM guest types, features supported under CONFIG_PARAVIRT
are self sufficient. CONFIG_PARAVIRT mainly provides support for
TLB flush operations and time related operations.
For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets
most of its requirement except the need of HLT and SAFE_HLT
paravirt calls, which is currently defined under
CONFIG_PARAVIRT_XXL.
Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest
like platforms, move HLT and SAFE_HLT paravirt calls under
CONFIG_PARAVIRT.
Moving HLT and SAFE_HLT paravirt calls are not fatal and should not
break any functionality for current users of CONFIG_PARAVIRT.
Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests")
Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com>
Signed-off-by: Vishal Annapurve <vannapurve(a)google.com>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Reviewed-by: Andi Kleen <ak(a)linux.intel.com>
Reviewed-by: Tony Luck <tony.luck(a)intel.com>
Reviewed-by: Juergen Gross <jgross(a)suse.com>
Tested-by: Ryan Afranji <afranji(a)google.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: Brian Gerst <brgerst(a)gmail.com>
Cc: H. Peter Anvin <hpa(a)zytor.com>
Cc: Linus Torvalds <torvalds(a)linux-foundation.org>
Cc: Josh Poimboeuf <jpoimboe(a)redhat.com>
Cc: stable(a)kernel.org
Link: https://lore.kernel.org/r/20250228014416.3925664-2-vannapurve@google.com
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
index abb8374c9ff7..9a9b21b78905 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(unsigned long flags)
#endif
+#ifndef CONFIG_PARAVIRT
+#ifndef __ASSEMBLY__
+/*
+ * Used in the idle loop; sti takes one instruction cycle
+ * to complete:
+ */
+static __always_inline void arch_safe_halt(void)
+{
+ native_safe_halt();
+}
+
+/*
+ * Used when interrupts are already enabled or to
+ * shutdown the processor:
+ */
+static __always_inline void halt(void)
+{
+ native_halt();
+}
+#endif /* __ASSEMBLY__ */
+#endif /* CONFIG_PARAVIRT */
+
#ifdef CONFIG_PARAVIRT_XXL
#include <asm/paravirt.h>
#else
@@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void)
native_irq_enable();
}
-/*
- * Used in the idle loop; sti takes one instruction cycle
- * to complete:
- */
-static __always_inline void arch_safe_halt(void)
-{
- native_safe_halt();
-}
-
-/*
- * Used when interrupts are already enabled or to
- * shutdown the processor:
- */
-static __always_inline void halt(void)
-{
- native_halt();
-}
-
/*
* For spinlocks, etc:
*/
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
index bed346bfac89..c4c23190925c 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
@@ -102,6 +102,16 @@ static inline void notify_page_enc_status_changed(unsigned long pfn,
PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc);
}
+static __always_inline void arch_safe_halt(void)
+{
+ PVOP_VCALL0(irq.safe_halt);
+}
+
+static inline void halt(void)
+{
+ PVOP_VCALL0(irq.halt);
+}
+
#ifdef CONFIG_PARAVIRT_XXL
static inline void load_sp0(unsigned long sp0)
{
@@ -165,16 +175,6 @@ static inline void __write_cr4(unsigned long x)
PVOP_VCALL1(cpu.write_cr4, x);
}
-static __always_inline void arch_safe_halt(void)
-{
- PVOP_VCALL0(irq.safe_halt);
-}
-
-static inline void halt(void)
-{
- PVOP_VCALL0(irq.halt);
-}
-
static inline u64 paravirt_read_msr(unsigned msr)
{
return PVOP_CALL1(u64, cpu.read_msr, msr);
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
index 62912023b46f..631c306ce1ff 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -120,10 +120,9 @@ struct pv_irq_ops {
struct paravirt_callee_save save_fl;
struct paravirt_callee_save irq_disable;
struct paravirt_callee_save irq_enable;
-
+#endif
void (*safe_halt)(void);
void (*halt)(void);
-#endif
} __no_randomize_layout;
struct pv_mmu_ops {
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
index 97925632c28e..1ccd05d8999f 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -75,6 +75,11 @@ void paravirt_set_sched_clock(u64 (*func)(void))
static_call_update(pv_sched_clock, func);
}
+static noinstr void pv_native_safe_halt(void)
+{
+ native_safe_halt();
+}
+
#ifdef CONFIG_PARAVIRT_XXL
static noinstr void pv_native_write_cr2(unsigned long val)
{
@@ -100,11 +105,6 @@ static noinstr void pv_native_set_debugreg(int regno, unsigned long val)
{
native_set_debugreg(regno, val);
}
-
-static noinstr void pv_native_safe_halt(void)
-{
- native_safe_halt();
-}
#endif
struct pv_info pv_info = {
@@ -161,9 +161,11 @@ struct paravirt_patch_template pv_ops = {
.irq.save_fl = __PV_IS_CALLEE_SAVE(pv_native_save_fl),
.irq.irq_disable = __PV_IS_CALLEE_SAVE(pv_native_irq_disable),
.irq.irq_enable = __PV_IS_CALLEE_SAVE(pv_native_irq_enable),
+#endif /* CONFIG_PARAVIRT_XXL */
+
+ /* Irq HLT ops. */
.irq.safe_halt = pv_native_safe_halt,
.irq.halt = native_halt,
-#endif /* CONFIG_PARAVIRT_XXL */
/* Mmu ops. */
.mmu.flush_tlb_user = native_flush_tlb_local,
5 months, 2 weeks
- 3
- 2
[PATCH 5.10/5.15] Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
by Xiangyu Chen
From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
commit b25e11f978b63cb7857890edb3a698599cddb10e upstream.
This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4
("Bluetooth: Always request for user confirmation for Just Works")
always request user confirmation with confirm_hint set since the
likes of bluetoothd have dedicated policy around JUST_WORKS method
(e.g. main.conf:JustWorksRepairing).
CVE: CVE-2024-8805
Cc: stable(a)vger.kernel.org
Fixes: ba15a58b179e ("Bluetooth: Fix SSP acceptor just-works confirmation without MITM")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Tested-by: Kiran K <kiran.k(a)intel.com>
Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com>
Signed-off-by: He Zhe <zhe.he(a)windriver.com>
---
Verified the build test.
---
net/bluetooth/hci_event.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 50e21f67a73d..83af50c3838a 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -4859,19 +4859,16 @@ static void hci_user_confirm_request_evt(struct hci_dev *hdev,
goto unlock;
}
- /* If no side requires MITM protection; auto-accept */
+ /* If no side requires MITM protection; use JUST_CFM method */
if ((!loc_mitm || conn->remote_cap == HCI_IO_NO_INPUT_OUTPUT) &&
(!rem_mitm || conn->io_capability == HCI_IO_NO_INPUT_OUTPUT)) {
- /* If we're not the initiators request authorization to
- * proceed from user space (mgmt_user_confirm with
- * confirm_hint set to 1). The exception is if neither
- * side had MITM or if the local IO capability is
- * NoInputNoOutput, in which case we do auto-accept
+ /* If we're not the initiator of request authorization and the
+ * local IO capability is not NoInputNoOutput, use JUST_WORKS
+ * method (mgmt_user_confirm with confirm_hint set to 1).
*/
if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) &&
- conn->io_capability != HCI_IO_NO_INPUT_OUTPUT &&
- (loc_mitm || rem_mitm)) {
+ conn->io_capability != HCI_IO_NO_INPUT_OUTPUT) {
BT_DBG("Confirming auto-accept as acceptor");
confirm_hint = 1;
goto confirm;
--
2.34.1
5 months, 2 weeks
- 2
- 1
FAILED: patch "[PATCH] ARM: 9443/1: Require linker to support KEEP within OVERLAY" failed to apply to 6.13-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.13-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.13.y
git checkout FETCH_HEAD
git cherry-pick -x e7607f7d6d81af71dcc5171278aadccc94d277cd
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040805-boaster-hazing-36c3@gregkh' --subject-prefix 'PATCH 6.13.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From e7607f7d6d81af71dcc5171278aadccc94d277cd Mon Sep 17 00:00:00 2001
From: Nathan Chancellor <nathan(a)kernel.org>
Date: Thu, 20 Mar 2025 22:33:49 +0100
Subject: [PATCH] ARM: 9443/1: Require linker to support KEEP within OVERLAY
for DCE
ld.lld prior to 21.0.0 does not support using the KEEP keyword within an
overlay description, which may be needed to avoid discarding necessary
sections within an overlay with '--gc-sections', which can be enabled
for the kernel via CONFIG_LD_DEAD_CODE_DATA_ELIMINATION.
Disallow CONFIG_LD_DEAD_CODE_DATA_ELIMINATION without support for KEEP
within OVERLAY and introduce a macro, OVERLAY_KEEP, that can be used to
conditionally add KEEP when it is properly supported to avoid breaking
old versions of ld.lld.
Cc: stable(a)vger.kernel.org
Link: https://github.com/llvm/llvm-project/commit/381599f1fe973afad3094e55ec99b16…
Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org>
Signed-off-by: Nathan Chancellor <nathan(a)kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk>
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 202dbd17ad2f..25ed6f1a7c7a 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -121,7 +121,7 @@ config ARM
select HAVE_KERNEL_XZ
select HAVE_KPROBES if !XIP_KERNEL && !CPU_ENDIAN_BE32 && !CPU_V7M
select HAVE_KRETPROBES if HAVE_KPROBES
- select HAVE_LD_DEAD_CODE_DATA_ELIMINATION if (LD_VERSION >= 23600 || LD_IS_LLD)
+ select HAVE_LD_DEAD_CODE_DATA_ELIMINATION if (LD_VERSION >= 23600 || LD_CAN_USE_KEEP_IN_OVERLAY)
select HAVE_MOD_ARCH_SPECIFIC
select HAVE_NMI
select HAVE_OPTPROBES if !THUMB2_KERNEL
diff --git a/arch/arm/include/asm/vmlinux.lds.h b/arch/arm/include/asm/vmlinux.lds.h
index 89697f204715..a54db342653a 100644
--- a/arch/arm/include/asm/vmlinux.lds.h
+++ b/arch/arm/include/asm/vmlinux.lds.h
@@ -34,6 +34,12 @@
#define NOCROSSREFS
#endif
+#ifdef CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY
+#define OVERLAY_KEEP(x) KEEP(x)
+#else
+#define OVERLAY_KEEP(x) x
+#endif
+
/* Set start/end symbol names to the LMA for the section */
#define ARM_LMA(sym, section) \
sym##_start = LOADADDR(section); \
diff --git a/init/Kconfig b/init/Kconfig
index d0d021b3fa3b..fc994f5cd5db 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -129,6 +129,11 @@ config CC_HAS_COUNTED_BY
# https://github.com/llvm/llvm-project/pull/112636
depends on !(CC_IS_CLANG && CLANG_VERSION < 190103)
+config LD_CAN_USE_KEEP_IN_OVERLAY
+ # ld.lld prior to 21.0.0 did not support KEEP within an overlay description
+ # https://github.com/llvm/llvm-project/pull/130661
+ def_bool LD_IS_BFD || LLD_VERSION >= 210000
+
config RUSTC_HAS_COERCE_POINTEE
def_bool RUSTC_VERSION >= 108400
5 months, 2 weeks
- 4
- 3
[PATCH 5.10.y] nvme: avoid double free special payload
by Cliff Liu
From: Chunguang Xu <chunguang.xu(a)shopee.com>
[ Upstream commit e5d574ab37f5f2e7937405613d9b1a724811e5ad ]
If a discard request needs to be retried, and that retry may fail before
a new special payload is added, a double free will result. Clear the
RQF_SPECIAL_LOAD when the request is cleaned.
Signed-off-by: Chunguang Xu <chunguang.xu(a)shopee.com>
Reviewed-by: Sagi Grimberg <sagi(a)grimberg.me>
Reviewed-by: Max Gurtovoy <mgurtovoy(a)nvidia.com>
Signed-off-by: Keith Busch <kbusch(a)kernel.org>
[Minor context change fixed]
Signed-off-by: Cliff Liu <donghua.liu(a)windriver.com>
Signed-off-by: He Zhe <Zhe.He(a)windriver.com>
---
Verified the build test.
---
drivers/nvme/host/core.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 019a6dbdcbc2..7d6aab68446e 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -852,6 +852,7 @@ void nvme_cleanup_cmd(struct request *req)
clear_bit_unlock(0, &ns->ctrl->discard_page_busy);
else
kfree(page_address(page) + req->special_vec.bv_offset);
+ req->rq_flags &= ~RQF_SPECIAL_PAYLOAD;
}
}
EXPORT_SYMBOL_GPL(nvme_cleanup_cmd);
--
2.34.1
5 months, 2 weeks
- 2
- 1
[PATCH 0/3] spi: fsl-qspi: Fix double cleanup in probe error path
by Kevin Hao
This patch series fixes double cleanup issues in the fsl-qspi probe
error path and also simplifies the probe error handling using managed APIs.
Signed-off-by: Kevin Hao <haokexin(a)gmail.com>
---
Kevin Hao (3):
spi: fsl-qspi: Fix double cleanup in probe error path
spi: fsl-spi: Remove redundant probe error message
spi: fsl-qspi: Simplify probe error handling using managed API
drivers/spi/spi-fsl-qspi.c | 77 +++++++++++++++++++---------------------------
1 file changed, 31 insertions(+), 46 deletions(-)
---
base-commit: 29e7bf01ed8033c9a14ed0dc990dfe2736dbcd18
change-id: 20250410-spi-10adc098d566
Best regards,
--
Kevin Hao <haokexin(a)gmail.com>
5 months, 2 weeks
- 3
- 4
[PATCH 5.15 000/281] 5.15.180-rc2 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.15.180 release.
There are 281 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Fri, 11 Apr 2025 11:58:00 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.180-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.15.180-rc2
Nathan Chancellor <nathan(a)kernel.org>
mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe()
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Do not use PERF enums when perf is not defined
Vlastimil Babka <vbabka(a)suse.cz>
mm, slab: remove duplicate kernel-doc comment for ksize()
Kamal Dasu <kdasu.kdev(a)gmail.com>
mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume
Chuck Lever <chuck.lever(a)oracle.com>
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Li Lingfeng <lilingfeng3(a)huawei.com>
nfsd: put dl_stid if fail to queue dl_recall
Roman Smirnov <r.smirnov(a)omp.ru>
jfs: add index corruption check to DT_GETPAGE()
Qasim Ijaz <qasdev00(a)gmail.com>
jfs: fix slab-out-of-bounds read in ea_get()
Acs, Jakub <acsjakub(a)amazon.de>
ext4: fix OOB read when checking dotdot dir
Theodore Ts'o <tytso(a)mit.edu>
ext4: don't over-report free space or inodes in statvfs
Ran Xiaokai <ran.xiaokai(a)zte.com.cn>
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Douglas Raillard <douglas.raillard(a)arm.com>
tracing: Fix synth event printk format for str fields
Douglas Raillard <douglas.raillard(a)arm.com>
tracing: Ensure module defining synth event cannot be unloaded while tracing
Tengda Wu <wutengda(a)huaweicloud.com>
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Karel Balej <balejk(a)matfyz.cz>
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Paul Menzel <pmenzel(a)molgen.mpg.de>
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Murad Masimov <m.masimov(a)mt-integration.ru>
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
Jann Horn <jannh(a)google.com>
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Guilherme G. Piccoli <gpiccoli(a)igalia.com>
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Josef Bacik <josef(a)toxicpanda.com>
btrfs: handle errors from btrfs_dec_ref() properly
Markus Elfring <elfring(a)users.sourceforge.net>
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
platform/x86: ISST: Correct command storage data length
Ying Lu <luying1(a)xiaomi.com>
usbnet:fix NPE during rx_complete
Hersen Wu <hersenxs.wu(a)amd.com>
drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration
Jesse Zhang <jesse.zhang(a)amd.com>
drm/amd/pm: Fix negative array index read
Sherry Sun <sherry.sun(a)nxp.com>
tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers
Sherry Sun <sherry.sun(a)nxp.com>
tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
Kamal Dasu <kamal.dasu(a)broadcom.com>
mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
Kamal Dasu <kdasu.kdev(a)gmail.com>
mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0
Haibo Chen <haibo.chen(a)nxp.com>
can: flexcan: disable transceiver during system PM
Haibo Chen <haibo.chen(a)nxp.com>
can: flexcan: only change CAN state when link up in system PM
Henry Martin <bsdhenrymartin(a)gmail.com>
arcnet: Add NULL check in com20020pci_probe()
Lin Ma <linma(a)zju.edu.cn>
net: fix geneve_opt length integer overflow
Fernando Fernandez Mancera <ffmancera(a)riseup.net>
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Lin Ma <linma(a)zju.edu.cn>
netfilter: nft_tunnel: fix geneve_opt type confusion addition
Guillaume Nault <gnault(a)redhat.com>
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Stefano Garzarella <sgarzare(a)redhat.com>
vsock: avoid timeout during connect() if the socket is closing
Tobias Waldekranz <tobias(a)waldekranz.com>
net: mvpp2: Prevent parser TCAM memory corruption
Cong Wang <xiyou.wangcong(a)gmail.com>
net_sched: skbprio: Remove overly strict queue assertions
Debin Zhu <mowenroot(a)163.com>
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Henry Martin <bsdhenrymartin(a)gmail.com>
ASoC: imx-card: Add NULL check in imx_card_probe()
Nikita Shubin <n.shubin(a)yadro.com>
ntb: intel: Fix using link status DB's
Yajun Deng <yajun.deng(a)linux.dev>
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Juhan Jin <juhan.jin(a)foxmail.com>
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Al Viro <viro(a)zeniv.linux.org.uk>
spufs: fix a leak in spufs_create_context()
Al Viro <viro(a)zeniv.linux.org.uk>
spufs: fix a leak on spufs_new_file() failure
Tasos Sahanidis <tasos(a)tasossah.com>
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Oliver Hartkopp <socketcan(a)hartkopp.net>
can: statistics: use atomic access in hot path
Navon John Lukose <navonjohnlukose(a)gmail.com>
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Keep display off while going into S4
Vladis Dronov <vdronov(a)redhat.com>
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
Waiman Long <longman(a)redhat.com>
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Shrikanth Hegde <sshegde(a)linux.ibm.com>
sched/deadline: Use online cpus for validating runtime
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix incorrect validation for num_aces field of smb_acl
Simon Tatham <anakin(a)pobox.com>
affs: don't write overlarge OFS data block size fields
Simon Tatham <anakin(a)pobox.com>
affs: generate OFS sequence numbers starting at 1
Icenowy Zheng <uwu(a)icenowy.me>
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Icenowy Zheng <uwu(a)icenowy.me>
nvme-pci: clean up CMBMSC when registering CMB fails
Sagi Grimberg <sagi(a)grimberg.me>
nvme-tcp: fix possible UAF in nvme_tcp_poll
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: fw: allocate chained SG tables for dump
Josh Poimboeuf <jpoimboe(a)kernel.org>
sched/smt: Always inline sched_smt_active()
Geetha sowjanya <gakula(a)marvell.com>
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Geetha sowjanya <gakula(a)marvell.com>
octeontx2-af: Fix mbox INTR handler when num VFs > 64
Giovanni Gherdovich <ggherdovich(a)suse.cz>
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Feng Yang <yangfeng(a)kylinos.cn>
ring-buffer: Fix bytes_dropped calculation issue
Namjae Jeon <linkinjeon(a)kernel.org>
ksmbd: fix multichannel connection failure
Miaoqian Lin <linmq006(a)gmail.com>
ksmbd: use aead_request_free to match aead_request_alloc
Mark Zhang <markzhang(a)nvidia.com>
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Yuezhang Mo <Yuezhang.Mo(a)sony.com>
exfat: fix the infinite loop in exfat_find_last_cluster()
Josh Poimboeuf <jpoimboe(a)kernel.org>
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
Bart Van Assche <bvanassche(a)acm.org>
fs/procfs: fix the comment above proc_pid_wchan()
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Check if there is space to copy all the event
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Don't keep a raw_data pointer to consumed ring buffer space
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Decrement the refcount of just created event on failure
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf python: Fixup description of sample.id event member
Stanley Chu <yschu(a)nuvoton.com>
i3c: master: svc: Fix missing the IBI rules
Alistair Popple <apopple(a)nvidia.com>
fuse: fix dax truncate/punch_hole fault path
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
Vasiliy Kovalev <kovalev(a)altlinux.org>
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Sourabh Jain <sourabhjain(a)linux.ibm.com>
kexec: initialize ELF lowest address to ULONG_MAX
Arnaldo Carvalho de Melo <acme(a)redhat.com>
perf units: Fix insufficient array space
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
iio: adc: ad7124: Fix comparison of channel configs
Dan Carpenter <dan.carpenter(a)linaro.org>
fs/ntfs3: Fix a couple integer overflows on 32bit systems
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
Ilkka Koskinen <ilkka(a)os.amperecomputing.com>
coresight: catu: Fix number of pages while using 64k pages
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
soundwire: slave: fix an OF node reference leak in soundwire slave device
Qasim Ijaz <qasdev00(a)gmail.com>
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
Barnabás Czémán <barnabas.czeman(a)mainlining.org>
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead auth key length
Jann Horn <jannh(a)google.com>
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
mfd: sm501: Switch to BIT() to mitigate integer overflows
Patrisious Haddad <phaddad(a)nvidia.com>
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: nx - Fix uninitialised hv_nxc on error
Artur Weber <aweber.kernel(a)gmail.com>
power: supply: max77693: Fix wrong conversion of charge input threshold value
Jann Horn <jannh(a)google.com>
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: g12a: fix mmc A peripheral clock
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: gxbb: drop non existing 32k clock parent
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: g12b: fix cluster A parent data
Prathamesh Shete <pshete(a)nvidia.com>
pinctrl: tegra: Set SFIO mode to Mux Register
Maher Sanalla <msanalla(a)nvidia.com>
IB/mad: Check available slots before posting receive WRs
Luca Weiss <luca(a)lucaweiss.eu>
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Roman Gushchin <roman.gushchin(a)linux.dev>
RDMA/core: Don't expose hw_counters outside of init net namespace
Peter Geis <pgwipeout(a)gmail.com>
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Fabrizio Castro <fabrizio.castro.jz(a)renesas.com>
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
Fabrizio Castro <fabrizio.castro.jz(a)renesas.com>
pinctrl: renesas: rza2: Fix missing of_node_put() call
Tanya Agarwal <tanyaagarwal25699(a)gmail.com>
lib: 842: Improve error handling in sw842_compress()
Hou Tao <houtao1(a)huawei.com>
bpf: Use preempt_count() directly in bpf_send_signal_common()
Vladimir Lypak <vladimir.lypak(a)gmail.com>
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Will McVicker <willmcvicker(a)google.com>
clk: samsung: Fix UBSAN panic in samsung_clk_init()
Andrii Nakryiko <andrii(a)kernel.org>
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
Luca Weiss <luca(a)lucaweiss.eu>
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
Zijun Hu <quic_zijuhu(a)quicinc.com>
of: property: Increase NR_FWNODE_REFERENCE_ARGS
Peng Fan <peng.fan(a)nxp.com>
remoteproc: core: Clear table_sz when rproc_shutdown
Wenkai Lin <linwenkai6(a)hisilicon.com>
crypto: hisilicon/sec2 - fix for aead authsize alignment
Jerome Brunet <jbrunet(a)baylibre.com>
clk: amlogic: gxbb: drop incorrect flag on 32k clock
Danila Chernetsov <listdansp(a)mail.ru>
fbdev: sm501fb: Add some geometry checks.
Arnd Bergmann <arnd(a)arndb.de>
mdacon: rework dependency list
Markus Elfring <elfring(a)users.sourceforge.net>
fbdev: au1100fb: Move a variable assignment behind a null pointer check
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Dan Carpenter <dan.carpenter(a)linaro.org>
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
Thippeswamy Havalige <thippeswamy.havalige(a)amd.com>
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Dan Carpenter <dan.carpenter(a)linaro.org>
PCI: Remove stray put_device() in pci_register_host_bridge()
Vitaliy Shevtsov <v.shevtsov(a)mt-integration.ru>
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Nishanth Aravamudan <naravamudan(a)nvidia.com>
PCI: Avoid reset when disabled via sysfs
Feng Tang <feng.tang(a)linux.alibaba.com>
PCI/portdrv: Only disable pciehp interrupts early when needed
Jim Quinlan <james.quinlan(a)broadcom.com>
PCI: brcmstb: Use internal register to change link capability
Hans Zhang <18255117159(a)163.com>
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Daniel Stodden <daniel.stodden(a)gmail.com>
PCI/ASPM: Fix link state exit during switch upstream function removal
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com>
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
José Expósito <jose.exposito89(a)gmail.com>
drm/vkms: Fix use after free and double free on init error
Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
drm: xlnx: zynqmp: Fix max dma segment size
Wayne Lin <Wayne.Lin(a)amd.com>
drm/dp_mst: Fix drm RAD print
Geert Uytterhoeven <geert+renesas(a)glider.be>
drm/bridge: ti-sn65dsi86: Fix multiple instances
Jayesh Choudhary <j-choudhary(a)ti.com>
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/realtek: Always honor no_shutup_pins
Jiri Kosina <jkosina(a)suse.com>
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
media: platform: allgro-dvt: unregister v4l2_device on the error path
Tao Chen <chen.dylane(a)linux.dev>
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Fix handling devices with direct_complete set on errors
Chenyuan Yang <chenyuan0y(a)gmail.com>
thermal: int340x: Add NULL check for adev
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the error path order of ie31200_init()
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the DIMM size mask for several SoCs
Qiuxu Zhuo <qiuxu.zhuo(a)intel.com>
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
Tim Schumacher <tim.schumacher1(a)huawei.com>
selinux: Chain up tool resolving errors in install_policy.sh
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: sleep: Adjust check before setting power.must_resume
Arnd Bergmann <arnd(a)arndb.de>
x86/platform: Only allow CONFIG_EISA for 32-bit
Benjamin Berg <benjamin.berg(a)intel.com>
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
Jie Zhan <zhanjie9(a)hisilicon.com>
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
zuoqian <zuoqian113(a)gmail.com>
cpufreq: scpi: compare kHz instead of Hz
Mike Rapoport (Microsoft) <rppt(a)kernel.org>
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Eric Sandeen <sandeen(a)redhat.com>
watch_queue: fix pipe accounting mismatch
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
media: i2c: et8ek8: Don't strip remove function when driver is builtin
John Keeping <jkeeping(a)inmusicbrands.com>
serial: 8250_dma: terminate correct DMA in tx_dma_flush()
Luo Qiu <luoqiu(a)kylinsec.com.cn>
memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
Dominique Martinet <dominique.martinet(a)atmark-techno.com>
net: usb: usbnet: restore usb%d name exception for local mac addresses
Fabio Porcedda <fabio.porcedda(a)gmail.com>
net: usb: qmi_wwan: add Telit Cinterion FE990B composition
Fabio Porcedda <fabio.porcedda(a)gmail.com>
net: usb: qmi_wwan: add Telit Cinterion FN990B composition
Cameron Williams <cang1(a)live.co.uk>
tty: serial: 8250: Add Brainboxes XC devices
Cameron Williams <cang1(a)live.co.uk>
tty: serial: 8250: Add some more device IDs
William Breathitt Gray <wbg(a)kernel.org>
counter: microchip-tcb-capture: Fix undefined counter channel state on probe
Fabrice Gasnier <fabrice.gasnier(a)foss.st.com>
counter: stm32-lptimer-cnt: fix error handling when enabling
Dhruv Deshpande <dhrv.d(a)proton.me>
ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
Maxim Mikityanskiy <maxtram95(a)gmail.com>
netfilter: socket: Lookup orig tuple for IPv6 SNAT
Yanjun Yang <yangyj.ee(a)gmail.com>
ARM: Remove address checking for MMUless devices
Kees Cook <keescook(a)chromium.org>
ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
Kees Cook <keescook(a)chromium.org>
ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
Minjoong Kim <pwn9uin(a)gmail.com>
atm: Fix NULL pointer dereference
Terry Junge <linuxhid(a)cosmicgizmosystems.com>
HID: hid-plantronics: Add mic mute mapping and generalize quirks
Terry Junge <linuxhid(a)cosmicgizmosystems.com>
ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
Michal Luczaj <mhal(a)rbox.co>
bpf, sockmap: Fix race between element replace and close()
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
Justin Klaassen <justin(a)tidylabs.net>
arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S
Arthur Mongodin <amongodin(a)randorisec.fr>
mptcp: Fix data stream corruption in the address announcement
David Rosca <david.rosca(a)amd.com>
drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
Nikita Zhandarovich <n.zhandarovich(a)fintech.ru>
drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
Saranya R <quic_sarar(a)quicinc.com>
soc: qcom: pdr: Fix the potential deadlock
Sven Eckelmann <sven(a)narfation.org>
batman-adv: Ignore own maximum aggregation size during RX
Geert Uytterhoeven <geert+renesas(a)glider.be>
ARM: shmobile: smp: Enforce shmobile_smp_* alignment
Ye Bin <yebin10(a)huawei.com>
proc: fix UAF in proc_get_inode()
Gu Bowen <gubowen5(a)huawei.com>
mmc: atmel-mci: Add missing clk_disable_unprepare()
Christian Eggers <ceggers(a)arri.de>
regulator: check that dummy regulator has been probed before using it
Maíra Canal <mcanal(a)igalia.com>
drm/v3d: Don't run jobs that have errors flagged in its fence
Andreas Kemnade <andreas(a)kemnade.info>
i2c: omap: fix IRQ storms
Guillaume Nault <gnault(a)redhat.com>
Revert "gre: Fix IPv6 link-local address generation."
Lin Ma <linma(a)zju.edu.cn>
net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
Dan Carpenter <dan.carpenter(a)linaro.org>
net: atm: fix use after free in lec_send()
Kuniyuki Iwashima <kuniyu(a)amazon.com>
ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
Kuniyuki Iwashima <kuniyu(a)amazon.com>
ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
Dan Carpenter <dan.carpenter(a)linaro.org>
Bluetooth: Fix error code in chan_alloc_skb_cb()
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Fix wrong value of max_sge_rd
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common()
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Fix soft lockup during bt pages loop
Chengchang Tang <tangchengchang(a)huawei.com>
RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt()
Saravanan Vajravel <saravanan.vajravel(a)broadcom.com>
RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
Phil Elwell <phil(a)raspberrypi.com>
ARM: dts: bcm2711: Don't mark timer regs unconfigured
Kashyap Desai <kashyap.desai(a)broadcom.com>
RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
Phil Elwell <phil(a)raspberrypi.com>
ARM: dts: bcm2711: PL011 UARTs are actually r1p5
Cosmin Ratiu <cratiu(a)nvidia.com>
xfrm_output: Force software GSO only in tunnel mode
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
firmware: imx-scu: fix OF node leak in .probe()
Paulo Alcantara <pc(a)manguebit.com>
smb: client: fix potential UAF in cifs_debug_files_proc_show()
Henrique Carvalho <henrique.carvalho(a)suse.com>
smb: client: Fix match_session bug preventing session reuse
Ma Ke <make24(a)iscas.ac.cn>
drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
Michael Strauss <michael.strauss(a)amd.com>
drm/amd/display: Check for invalid input params when building scaling params
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
i2c: sis630: Fix an error handling path in sis630_probe()
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
i2c: ali15x3: Fix an error handling path in ali15x3_probe()
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
i2c: ali1535: Fix an error handling path in ali1535_probe()
Murad Masimov <m.masimov(a)mt-integration.ru>
cifs: Fix integer overflow while processing closetimeo mount option
Murad Masimov <m.masimov(a)mt-integration.ru>
cifs: Fix integer overflow while processing actimeo mount option
Murad Masimov <m.masimov(a)mt-integration.ru>
cifs: Fix integer overflow while processing acdirmax mount option
Murad Masimov <m.masimov(a)mt-integration.ru>
cifs: Fix integer overflow while processing acregmax mount option
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
Ivan Abramov <i.abramov(a)mt-integration.ru>
drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: ops: Consistently treat platform_max as control value
Eric Dumazet <edumazet(a)google.com>
tcp: fix races in tcp_abort()
Andrii Nakryiko <andrii(a)kernel.org>
lib/buildid: Handle memfd_secret() files in build_id_parse()
Haoxiang Li <haoxiang_li2024(a)163.com>
qlcnic: fix memory leak issues in qlcnic_sriov_common.c
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Fix slab-use-after-free on hdcp_work
Alex Hung <alex.hung(a)amd.com>
drm/amd/display: Assign normalized_pix_clk when color depth = 14
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Restore correct backlight brightness after a GPU reset
Ville Syrjälä <ville.syrjala(a)linux.intel.com>
drm/atomic: Filter out redundant DPMS calls
Florent Revest <revest(a)chromium.org>
x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
Johan Hovold <johan(a)kernel.org>
USB: serial: option: match on interface class for Telit FN990B
Fabio Porcedda <fabio.porcedda(a)gmail.com>
USB: serial: option: fix Telit Cinterion FE990A name
Fabio Porcedda <fabio.porcedda(a)gmail.com>
USB: serial: option: add Telit Cinterion FE990B compositions
Boon Khai Ng <boon.khai.ng(a)intel.com>
USB: serial: ftdi_sio: add support for Altera USB Blaster 3
Ming Lei <ming.lei(a)redhat.com>
block: fix 'kmem_cache of name 'bio-108' already exists'
Thomas Zimmermann <tzimmermann(a)suse.de>
drm/nouveau: Do not override forced connector status
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: safety check before fallback
Arnd Bergmann <arnd(a)arndb.de>
x86/irq: Define trace events conditionally
Miklos Szeredi <mszeredi(a)redhat.com>
fuse: don't truncate cached, mutated symlink
Hector Martin <marcan(a)marcan.st>
ASoC: tas2764: Set the SDOUT polarity correctly
Hector Martin <marcan(a)marcan.st>
ASoC: tas2764: Fix power control mask
Hector Martin <marcan(a)marcan.st>
ASoC: tas2770: Fix volume scale
Daniel Wagner <wagi(a)kernel.org>
nvme: only allow entering LIVE from CONNECTING state
Yu-Chun Lin <eleanor15x(a)gmail.com>
sctp: Fix undefined behavior in left shift operation
Ruozhu Li <david.li(a)jaguarmicro.com>
nvmet-rdma: recheck queue state is LIVE in state lock in recv done
Stephan Gerhold <stephan.gerhold(a)linaro.org>
net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
Terry Cheong <htcheong(a)chromium.org>
ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
Vitaly Rodionov <vitalyr(a)opensource.cirrus.com>
ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
Daniel Lezcano <daniel.lezcano(a)linaro.org>
thermal/cpufreq_cooling: Remove structure member documentation
Peter Oberparleiter <oberpar(a)linux.ibm.com>
s390/cio: Fix CHPID "configure" attribute caching
Jann Horn <jannh(a)google.com>
sched: Clarify wake_up_q()'s write to task->wake_q.next
Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com>
HID: ignore non-functional sensor in HP 5MP Camera
Zhang Lixu <lixu.zhang(a)intel.com>
HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
Brahmajit Das <brahmajit.xyz(a)gmail.com>
vboxsf: fix building with GCC 15
Eric W. Biederman <ebiederm(a)xmission.com>
alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
Gannon Kolding <gannon.kolding(a)gmail.com>
ACPI: resource: IRQ override for Eluktronics MECH-17
Magnus Lindholm <linmag7(a)gmail.com>
scsi: qla1280: Fix kernel oops when debug level > 2
Rik van Riel <riel(a)surriel.com>
scsi: core: Use GFP_NOIO to avoid circular locking dependency
Chengen Du <chengen.du(a)canonical.com>
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp>
powercap: call put_device() on an error path in powercap_register_control_type()
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
hrtimers: Mark is_migration_base() with __always_inline
Daniel Wagner <wagi(a)kernel.org>
nvme-fc: go straight to connecting state when initializing
Carolina Jubran <cjubran(a)nvidia.com>
net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
Jianbo Liu <jianbol(a)nvidia.com>
net/mlx5: Bridge, fix the crash caused by LAG state check
Ilya Maximets <i.maximets(a)ovn.org>
net: openvswitch: remove misbehaving actions length check
Kees Cook <keescook(a)chromium.org>
openvswitch: Use kmalloc_size_roundup() to match ksize() usage
Kees Cook <keescook(a)chromium.org>
slab: Introduce kmalloc_size_roundup()
Kees Cook <keescook(a)chromium.org>
slab: clean up function prototypes
Guillaume Nault <gnault(a)redhat.com>
gre: Fix IPv6 link-local address generation.
Alexey Kashavkin <akashavkin(a)gmail.com>
netfilter: nft_exthdr: fix offset with ipv4_find_option()
Cong Wang <xiyou.wangcong(a)gmail.com>
net_sched: Prevent creation of classes with TC_H_ROOT
Dan Carpenter <dan.carpenter(a)linaro.org>
ipvs: prevent integer overflow in do_ip_vs_get_ctl()
Kohei Enju <enjuk(a)amazon.com>
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
Wentao Liang <vulab(a)iscas.ac.cn>
net/mlx5: handle errors in mlx5_chains_create_table()
Michael Kelley <mhklinux(a)outlook.com>
Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
Breno Leitao <leitao(a)debian.org>
netpoll: hold rcu read lock in __netpoll_send_skb()
Joseph Huang <Joseph.Huang(a)garmin.com>
net: dsa: mv88e6xxx: Verify after ATU Load ops
Grzegorz Nitka <grzegorz.nitka(a)intel.com>
ice: fix memory leak in aRFS after reset
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
Artur Weber <aweber.kernel(a)gmail.com>
pinctrl: bcm281xx: Fix incorrect regmap max_registers value
Michael Kelley <mhklinux(a)outlook.com>
fbdev: hyperv_fb: iounmap() the correct memory when removing a device
Wang Yufen <wangyufen(a)huawei.com>
ipv6: Fix signed integer overflow in __ip6_append_data
Oleg Nesterov <oleg(a)redhat.com>
sched/isolation: Prevent boot crash when the boot CPU is nohz_full
David Woodhouse <dwmw(a)amazon.co.uk>
clockevents/drivers/i8253: Fix stop sequence for timer 0
Eric Dumazet <edumazet(a)google.com>
vlan: fix memory leak in vlan_newlink()
-------------
Diffstat:
Documentation/timers/no_hz.rst | 7 +-
Makefile | 4 +-
arch/alpha/include/asm/elf.h | 6 +-
arch/alpha/include/asm/pgtable.h | 2 +-
arch/alpha/include/asm/processor.h | 8 +-
arch/alpha/kernel/osf_sys.c | 11 +-
arch/arm/boot/dts/bcm2711.dtsi | 11 +-
arch/arm/mach-shmobile/headsmp.S | 1 +
arch/arm/mm/fault.c | 8 +
arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dts | 2 +-
arch/powerpc/platforms/cell/spufs/inode.c | 9 +-
arch/riscv/include/asm/ftrace.h | 4 +-
arch/x86/Kconfig | 2 +-
arch/x86/entry/calling.h | 2 +
arch/x86/include/asm/tlbflush.h | 2 +-
arch/x86/kernel/cpu/microcode/amd.c | 2 +-
arch/x86/kernel/cpu/mshyperv.c | 11 --
arch/x86/kernel/cpu/sgx/driver.c | 10 +-
arch/x86/kernel/dumpstack.c | 5 +-
arch/x86/kernel/irq.c | 2 +
arch/x86/kernel/process.c | 7 +-
arch/x86/kernel/tsc.c | 4 +-
arch/x86/mm/pat/cpa-test.c | 2 +-
block/bio.c | 2 +-
drivers/acpi/nfit/core.c | 2 +-
drivers/acpi/processor_idle.c | 4 +
drivers/acpi/resource.c | 13 ++
drivers/base/power/main.c | 21 +--
drivers/base/power/runtime.c | 2 +-
drivers/clk/meson/g12a.c | 38 ++--
drivers/clk/meson/gxbb.c | 14 +-
drivers/clk/qcom/gcc-msm8953.c | 2 +-
drivers/clk/qcom/mmcc-sdm660.c | 2 +-
drivers/clk/rockchip/clk-rk3328.c | 2 +-
drivers/clk/samsung/clk.c | 2 +-
drivers/clocksource/i8253.c | 36 ++--
drivers/counter/microchip-tcb-capture.c | 19 ++
drivers/counter/stm32-lptimer-cnt.c | 24 ++-
drivers/cpufreq/cpufreq_governor.c | 45 ++---
drivers/cpufreq/scpi-cpufreq.c | 5 +-
drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 ++-
drivers/crypto/nx/nx-common-pseries.c | 37 ++--
drivers/edac/ie31200_edac.c | 19 +-
drivers/firmware/imx/imx-scu.c | 1 +
drivers/firmware/iscsi_ibft.c | 5 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +-
drivers/gpu/drm/amd/amdgpu/nv.c | 2 +-
drivers/gpu/drm/amd/amdgpu/soc15.c | 2 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 ++
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 +
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 17 +-
.../amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12 +-
.../gpu/drm/amd/display/dc/dml/display_mode_vba.c | 24 +++
drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 ++-
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2 +
drivers/gpu/drm/drm_atomic_uapi.c | 4 +
drivers/gpu/drm/drm_connector.c | 4 +
drivers/gpu/drm/drm_dp_mst_topology.c | 8 +-
drivers/gpu/drm/gma500/mid_bios.c | 5 +
drivers/gpu/drm/mediatek/mtk_dsi.c | 6 +-
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +++-
drivers/gpu/drm/nouveau/nouveau_connector.c | 1 -
drivers/gpu/drm/radeon/radeon_vce.c | 2 +-
drivers/gpu/drm/v3d/v3d_sched.c | 9 +-
drivers/gpu/drm/vkms/vkms_drv.c | 15 +-
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2 +
drivers/hid/Makefile | 1 -
drivers/hid/hid-ids.h | 1 +
drivers/hid/hid-plantronics.c | 144 +++++++--------
drivers/hid/hid-quirks.c | 1 +
drivers/hid/intel-ish-hid/ipc/ipc.c | 6 +-
drivers/hv/vmbus_drv.c | 13 ++
drivers/hwmon/nct6775.c | 4 +-
drivers/hwtracing/coresight/coresight-catu.c | 2 +-
drivers/i2c/busses/i2c-ali1535.c | 12 +-
drivers/i2c/busses/i2c-ali15x3.c | 12 +-
drivers/i2c/busses/i2c-omap.c | 26 +--
drivers/i2c/busses/i2c-sis630.c | 12 +-
drivers/i3c/master/svc-i3c-master.c | 2 +-
drivers/iio/accel/mma8452.c | 10 +-
drivers/iio/adc/ad7124.c | 35 +++-
drivers/infiniband/core/device.c | 9 +
drivers/infiniband/core/mad.c | 38 ++--
drivers/infiniband/core/sysfs.c | 1 +
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 -
drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3 +-
drivers/infiniband/hw/hns/hns_roce_hem.c | 23 ++-
drivers/infiniband/hw/hns/hns_roce_hem.h | 2 +-
drivers/infiniband/hw/hns/hns_roce_main.c | 2 +-
drivers/infiniband/hw/hns/hns_roce_mr.c | 4 +-
drivers/infiniband/hw/hns/hns_roce_qp.c | 10 +-
drivers/infiniband/hw/mlx5/cq.c | 2 +-
drivers/media/dvb-frontends/dib8000.c | 5 +-
drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 +-
drivers/media/platform/allegro-dvt/allegro-core.c | 1 +
drivers/memstick/host/rtsx_usb_ms.c | 1 +
drivers/mfd/sm501.c | 6 +-
drivers/mmc/host/atmel-mci.c | 4 +-
drivers/mmc/host/sdhci-brcmstb.c | 86 ++++++++-
drivers/mmc/host/sdhci-pxav3.c | 1 +
drivers/net/arcnet/com20020-pci.c | 17 +-
drivers/net/can/flexcan.c | 18 +-
drivers/net/dsa/mv88e6xxx/chip.c | 59 ++++--
drivers/net/ethernet/intel/ice/ice_arfs.c | 2 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3 +
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3 +-
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++++++++++-------
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +-
.../ethernet/marvell/octeontx2/af/rvu_devlink.c | 2 +-
.../ethernet/mellanox/mlx5/core/en/rep/bridge.c | 12 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +-
.../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 +
.../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 +-
drivers/net/usb/qmi_wwan.c | 2 +
drivers/net/usb/usbnet.c | 27 ++-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++---
drivers/net/wwan/mhi_wwan_mbim.c | 2 +-
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3 +
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2 +-
drivers/ntb/test/ntb_perf.c | 4 +-
drivers/nvme/host/core.c | 2 -
drivers/nvme/host/fc.c | 3 +-
drivers/nvme/host/pci.c | 21 ++-
drivers/nvme/host/tcp.c | 5 +-
drivers/nvme/target/rdma.c | 33 +++-
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3 +-
drivers/pci/controller/cadence/pcie-cadence.h | 2 +-
drivers/pci/controller/pcie-brcmstb.c | 4 +-
drivers/pci/controller/pcie-xilinx-cpm.c | 10 +-
drivers/pci/hotplug/pciehp_hpc.c | 4 +-
drivers/pci/pci.c | 4 +
drivers/pci/pcie/aspm.c | 17 +-
drivers/pci/pcie/portdrv_core.c | 8 +-
drivers/pci/probe.c | 5 +-
drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2 +-
drivers/pinctrl/renesas/pinctrl-rza2.c | 2 +
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +
drivers/pinctrl/tegra/pinctrl-tegra.c | 3 +
.../x86/intel/speed_select_if/isst_if_common.c | 2 +-
drivers/power/supply/max77693_charger.c | 2 +-
drivers/powercap/powercap_sys.c | 3 +-
drivers/regulator/core.c | 12 +-
drivers/remoteproc/qcom_q6v5_mss.c | 21 ++-
drivers/remoteproc/qcom_q6v5_pas.c | 10 +-
drivers/remoteproc/remoteproc_core.c | 1 +
drivers/s390/cio/chp.c | 3 +-
drivers/scsi/qla1280.c | 2 +-
drivers/scsi/scsi_scan.c | 2 +-
drivers/soc/qcom/pdr_interface.c | 8 +-
drivers/soundwire/slave.c | 1 +
drivers/thermal/cpufreq_cooling.c | 2 -
.../intel/int340x_thermal/int3402_thermal.c | 3 +
drivers/tty/serial/8250/8250_dma.c | 2 +-
drivers/tty/serial/8250/8250_pci.c | 46 +++++
drivers/tty/serial/fsl_lpuart.c | 25 ++-
drivers/usb/serial/ftdi_sio.c | 14 ++
drivers/usb/serial/ftdi_sio_ids.h | 13 ++
drivers/usb/serial/option.c | 48 +++--
drivers/video/console/Kconfig | 2 +-
drivers/video/fbdev/au1100fb.c | 4 +-
drivers/video/fbdev/hyperv_fb.c | 2 +-
drivers/video/fbdev/sm501fb.c | 7 +
fs/affs/file.c | 9 +-
fs/btrfs/extent-tree.c | 5 +-
fs/cifs/cifs_debug.c | 2 +
fs/cifs/cifsglob.h | 8 +
fs/cifs/connect.c | 15 +-
fs/cifs/fs_context.c | 14 +-
fs/exfat/fatent.c | 2 +-
fs/ext4/dir.c | 3 +
fs/ext4/super.c | 27 ++-
fs/fuse/dax.c | 1 -
fs/fuse/dir.c | 4 +-
fs/fuse/file.c | 4 +-
fs/isofs/dir.c | 3 +-
fs/jfs/jfs_dtree.c | 3 +-
fs/jfs/xattr.c | 13 +-
fs/ksmbd/auth.c | 2 +-
fs/ksmbd/mgmt/user_session.c | 16 ++
fs/ksmbd/mgmt/user_session.h | 2 +
fs/ksmbd/smb2pdu.c | 12 +-
fs/ksmbd/smbacl.c | 5 +-
fs/namei.c | 24 ++-
fs/nfs/delegation.c | 33 ++--
fs/nfsd/nfs4state.c | 31 +++-
fs/ntfs3/index.c | 4 +-
fs/ocfs2/alloc.c | 8 +
fs/proc/base.c | 2 +-
fs/proc/generic.c | 10 +-
fs/proc/inode.c | 6 +-
fs/proc/internal.h | 14 ++
fs/vboxsf/super.c | 3 +-
include/drm/drm_dp_mst_helper.h | 7 +
include/linux/fs.h | 2 +
include/linux/fwnode.h | 2 +-
include/linux/i8253.h | 1 -
include/linux/interrupt.h | 8 +-
include/linux/pm_runtime.h | 2 +
include/linux/proc_fs.h | 7 +-
include/linux/sched/smt.h | 2 +-
include/linux/slab.h | 99 ++++++----
include/net/ipv6.h | 4 +-
include/rdma/ib_verbs.h | 1 +
include/sound/soc.h | 5 +-
kernel/events/ring_buffer.c | 2 +-
kernel/kexec_elf.c | 2 +-
kernel/locking/semaphore.c | 13 +-
kernel/sched/core.c | 5 +-
kernel/sched/deadline.c | 2 +-
kernel/time/hrtimer.c | 22 ++-
kernel/trace/bpf_trace.c | 2 +-
kernel/trace/ring_buffer.c | 4 +-
kernel/trace/trace_events_synth.c | 37 +++-
kernel/trace/trace_functions_graph.c | 1 +
kernel/trace/trace_irqsoff.c | 2 -
kernel/trace/trace_osnoise.c | 1 -
kernel/trace/trace_sched_wakeup.c | 2 -
kernel/watch_queue.c | 9 +
lib/842/842_compress.c | 2 +
lib/buildid.c | 5 +
mm/slab.c | 9 +-
mm/slab_common.c | 34 ++--
mm/slob.c | 14 ++
net/8021q/vlan_netlink.c | 10 +-
net/atm/lec.c | 3 +-
net/atm/mpc.c | 2 +
net/batman-adv/bat_iv_ogm.c | 3 +-
net/batman-adv/bat_v_ogm.c | 3 +-
net/bluetooth/6lowpan.c | 7 +-
net/bluetooth/hci_event.c | 13 +-
net/can/af_can.c | 12 +-
net/can/af_can.h | 12 +-
net/can/proc.c | 46 +++--
net/core/neighbour.c | 1 +
net/core/netpoll.c | 9 +-
net/core/rtnetlink.c | 3 +
net/core/sock_map.c | 5 +-
net/ipv4/ip_tunnel_core.c | 4 +-
net/ipv4/tcp.c | 6 +-
net/ipv6/addrconf.c | 37 ++--
net/ipv6/calipso.c | 21 ++-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/netfilter/nf_socket_ipv6.c | 23 +++
net/ipv6/route.c | 5 +-
net/mptcp/options.c | 6 +-
net/mptcp/protocol.h | 2 +
net/netfilter/ipvs/ip_vs_ctl.c | 8 +-
net/netfilter/nf_conncount.c | 2 +
net/netfilter/nft_ct.c | 6 +-
net/netfilter/nft_exthdr.c | 10 +-
net/netfilter/nft_set_hash.c | 3 +-
net/netfilter/nft_tunnel.c | 6 +-
net/openvswitch/actions.c | 6 -
net/openvswitch/flow_netlink.c | 17 +-
net/sched/act_tunnel_key.c | 2 +-
net/sched/cls_flower.c | 2 +-
net/sched/sch_api.c | 6 +
net/sched/sch_skbprio.c | 3 -
net/sctp/stream.c | 2 +-
net/vmw_vsock/af_vsock.c | 6 +-
net/xfrm/xfrm_output.c | 2 +-
scripts/selinux/install_policy.sh | 15 +-
sound/pci/hda/patch_realtek.c | 28 ++-
sound/soc/codecs/arizona.c | 14 +-
sound/soc/codecs/madera.c | 10 +-
sound/soc/codecs/tas2764.c | 10 +-
sound/soc/codecs/tas2764.h | 8 +-
sound/soc/codecs/tas2770.c | 2 +-
sound/soc/codecs/wm0010.c | 13 +-
sound/soc/codecs/wm5110.c | 8 +-
sound/soc/fsl/imx-card.c | 4 +
sound/soc/sh/rcar/core.c | 14 --
sound/soc/sh/rcar/rsnd.h | 1 -
sound/soc/sh/rcar/src.c | 18 +-
sound/soc/soc-ops.c | 15 +-
sound/soc/sof/intel/hda-codec.c | 1 +
sound/soc/ti/j721e-evm.c | 2 +
sound/usb/mixer_quirks.c | 51 ++++++
tools/lib/bpf/linker.c | 2 +-
tools/perf/util/python.c | 17 +-
tools/perf/util/units.c | 2 +-
281 files changed, 2105 insertions(+), 1000 deletions(-)
5 months, 2 weeks
- 8
- 7
[PATCH 5/5] xhci: Limit time spent with xHC interrupts disabled during bus resume
by Mathias Nyman
Current xhci bus resume implementation prevents xHC host from generating
interrupts during high-speed USB 2 and super-speed USB 3 bus resume.
Only reason to disable interrupts during bus resume would be to prevent
the interrupt handler from interfering with the resume process of USB 2
ports.
Host initiated resume of USB 2 ports is done in two stages.
The xhci driver first transitions the port from 'U3' to 'Resume' state,
then wait in Resume for 20ms, and finally moves port to U0 state.
xhci driver can't prevent interrupts by keeping the xhci spinlock
due to this 20ms sleep.
Limit interrupt disabling to the USB 2 port resume case only.
resuming USB 2 ports in bus resume is only done in special cases where
USB 2 ports had to be forced to suspend during bus suspend.
The current way of preventing interrupts by clearing the 'Interrupt
Enable' (INTE) bit in USBCMD register won't prevent the Interrupter
registers 'Interrupt Pending' (IP), 'Event Handler Busy' (EHB) and
USBSTS register Event Interrupt (EINT) bits from being set.
New interrupts can't be issued before those bits are properly clered.
Disable interrupts by clearing the interrupter register 'Interrupt
Enable' (IE) bit instead. This way IP, EHB and INTE won't be set
before IE is enabled again and a new interrupt is triggered.
Reported-by: Devyn Liu <liudingyuan(a)huawei.com>
Closes: https://lore.kernel.org/linux-usb/b1a9e2d51b4d4ff7a304f77c5be8164e@huawei.c…
Cc: stable(a)vger.kernel.org
Tested-by: Devyn Liu <liudingyuan(a)huawei.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
---
drivers/usb/host/xhci-hub.c | 30 ++++++++++++++++--------------
drivers/usb/host/xhci.c | 4 ++--
drivers/usb/host/xhci.h | 2 ++
3 files changed, 20 insertions(+), 16 deletions(-)
diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index c0f226584a40..486347776cb2 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -1878,9 +1878,10 @@ int xhci_bus_resume(struct usb_hcd *hcd)
int max_ports, port_index;
int sret;
u32 next_state;
- u32 temp, portsc;
+ u32 portsc;
struct xhci_hub *rhub;
struct xhci_port **ports;
+ bool disabled_irq = false;
rhub = xhci_get_rhub(hcd);
ports = rhub->ports;
@@ -1896,17 +1897,20 @@ int xhci_bus_resume(struct usb_hcd *hcd)
return -ESHUTDOWN;
}
- /* delay the irqs */
- temp = readl(&xhci->op_regs->command);
- temp &= ~CMD_EIE;
- writel(temp, &xhci->op_regs->command);
-
/* bus specific resume for ports we suspended at bus_suspend */
- if (hcd->speed >= HCD_USB3)
+ if (hcd->speed >= HCD_USB3) {
next_state = XDEV_U0;
- else
+ } else {
next_state = XDEV_RESUME;
-
+ if (bus_state->bus_suspended) {
+ /*
+ * prevent port event interrupts from interfering
+ * with usb2 port resume process
+ */
+ xhci_disable_interrupter(xhci->interrupters[0]);
+ disabled_irq = true;
+ }
+ }
port_index = max_ports;
while (port_index--) {
portsc = readl(ports[port_index]->addr);
@@ -1974,11 +1978,9 @@ int xhci_bus_resume(struct usb_hcd *hcd)
(void) readl(&xhci->op_regs->command);
bus_state->next_statechange = jiffies + msecs_to_jiffies(5);
- /* re-enable irqs */
- temp = readl(&xhci->op_regs->command);
- temp |= CMD_EIE;
- writel(temp, &xhci->op_regs->command);
- temp = readl(&xhci->op_regs->command);
+ /* re-enable interrupter */
+ if (disabled_irq)
+ xhci_enable_interrupter(xhci->interrupters[0]);
spin_unlock_irqrestore(&xhci->lock, flags);
return 0;
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index ca390beda85b..90eb491267b5 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -322,7 +322,7 @@ static void xhci_zero_64b_regs(struct xhci_hcd *xhci)
xhci_info(xhci, "Fault detected\n");
}
-static int xhci_enable_interrupter(struct xhci_interrupter *ir)
+int xhci_enable_interrupter(struct xhci_interrupter *ir)
{
u32 iman;
@@ -335,7 +335,7 @@ static int xhci_enable_interrupter(struct xhci_interrupter *ir)
return 0;
}
-static int xhci_disable_interrupter(struct xhci_interrupter *ir)
+int xhci_disable_interrupter(struct xhci_interrupter *ir)
{
u32 iman;
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index 28b6264f8b87..242ab9fbc8ae 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1890,6 +1890,8 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci,
struct usb_tt *tt, gfp_t mem_flags);
int xhci_set_interrupter_moderation(struct xhci_interrupter *ir,
u32 imod_interval);
+int xhci_enable_interrupter(struct xhci_interrupter *ir);
+int xhci_disable_interrupter(struct xhci_interrupter *ir);
/* xHCI ring, segment, TRB, and TD functions */
dma_addr_t xhci_trb_virt_to_dma(struct xhci_segment *seg, union xhci_trb *trb);
--
2.43.0
5 months, 2 weeks
- 1
- 0
[PATCH 4/5] usb: xhci: Fix invalid pointer dereference in Etron workaround
by Mathias Nyman
From: Michal Pecio <michal.pecio(a)gmail.com>
This check is performed before prepare_transfer() and prepare_ring(), so
enqueue can already point at the final link TRB of a segment. And indeed
it will, some 0.4% of times this code is called.
Then enqueue + 1 is an invalid pointer. It will crash the kernel right
away or load some junk which may look like a link TRB and cause the real
link TRB to be replaced with a NOOP. This wouldn't end well.
Use a functionally equivalent test which doesn't dereference the pointer
and always gives correct result.
Something has crashed my machine twice in recent days while playing with
an Etron HC, and a control transfer stress test ran for confirmation has
just crashed it again. The same test passes with this patch applied.
Fixes: 5e1c67abc930 ("xhci: Fix control transfer error on Etron xHCI host")
Cc: stable(a)vger.kernel.org
Signed-off-by: Michal Pecio <michal.pecio(a)gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
---
drivers/usb/host/xhci-ring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index 4e975caca235..b906bc2eea5f 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -3777,7 +3777,7 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *xhci, gfp_t mem_flags,
* enqueue a No Op TRB, this can prevent the Setup and Data Stage
* TRB to be breaked by the Link TRB.
*/
- if (trb_is_link(ep_ring->enqueue + 1)) {
+ if (last_trb_on_seg(ep_ring->enq_seg, ep_ring->enqueue + 1)) {
field = TRB_TYPE(TRB_TR_NOOP) | ep_ring->cycle_state;
queue_trb(xhci, ep_ring, false, 0, 0,
TRB_INTR_TARGET(0), field);
--
2.43.0
5 months, 2 weeks
- 1
- 0
[PATCH 6.1.y] x86/split_lock: Fix the delayed detection logic
by Maksim Davydov
commit c929d08df8bee855528b9d15b853c892c54e1eee upstream.
If the warning mode with disabled mitigation mode is used, then on each
CPU where the split lock occurred detection will be disabled in order to
make progress and delayed work will be scheduled, which then will enable
detection back.
Now it turns out that all CPUs use one global delayed work structure.
This leads to the fact that if a split lock occurs on several CPUs
at the same time (within 2 jiffies), only one CPU will schedule delayed
work, but the rest will not.
The return value of schedule_delayed_work_on() would have shown this,
but it is not checked in the code.
A diagram that can help to understand the bug reproduction:
- sld_update_msr() enables/disables SLD on both CPUs on the same core
- schedule_delayed_work_on() internally checks WORK_STRUCT_PENDING_BIT.
If a work has the 'pending' status, then schedule_delayed_work_on()
will return an error code and, most importantly, the work will not
be placed in the workqueue.
Let's say we have a multicore system on which split_lock_mitigate=0 and
a multithreaded application is running that calls splitlock in multiple
threads. Due to the fact that sld_update_msr() affects the entire core
(both CPUs), we will consider 2 CPUs from different cores. Let the 2
threads of this application schedule to CPU0 (core 0) and to CPU 2
(core 1), then:
| || |
| CPU 0 (core 0) || CPU 2 (core 1) |
|_________________________________||___________________________________|
| || |
| 1) SPLIT LOCK occured || |
| || |
| 2) split_lock_warn() || |
| || |
| 3) sysctl_sld_mitigate == 0 || |
| (work = &sl_reenable) || |
| || |
| 4) schedule_delayed_work_on() || |
| (reenable will be called || |
| after 2 jiffies on CPU 0) || |
| || |
| 5) disable SLD for core 0 || |
| || |
| ------------------------- || |
| || |
| || 6) SPLIT LOCK occured |
| || |
| || 7) split_lock_warn() |
| || |
| || 8) sysctl_sld_mitigate == 0 |
| || (work = &sl_reenable, |
| || the same address as in 3) ) |
| || |
| 2 jiffies || 9) schedule_delayed_work_on() |
| || fials because the work is in |
| || the pending state since 4). |
| || The work wasn't placed to the |
| || workqueue. reenable won't be |
| || called on CPU 2 |
| || |
| || 10) disable SLD for core 0 |
| || |
| || From now on SLD will |
| || never be reenabled on core 1 |
| || |
| ------------------------- || |
| || |
| 11) enable SLD for core 0 by || |
| __split_lock_reenable || |
| || |
If the application threads can be scheduled to all processor cores,
then over time there will be only one core left, on which SLD will be
enabled and split lock will be able to be detected; and on all other
cores SLD will be disabled all the time.
Most likely, this bug has not been noticed for so long because
sysctl_sld_mitigate default value is 1, and in this case a semaphore
is used that does not allow 2 different cores to have SLD disabled at
the same time, that is, strictly only one work is placed in the
workqueue.
In order to fix the warning mode with disabled mitigation mode,
delayed work has to be per-CPU. Implement it.
Fixes: 727209376f49 ("x86/split_lock: Add sysctl to control the misery mode")
Signed-off-by: Maksim Davydov <davydov-max(a)yandex-team.ru>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Ravi Bangoria <ravi.bangoria(a)amd.com>
Cc: Tom Lendacky <thomas.lendacky(a)amd.com>
Link: https://lore.kernel.org/r/20250115131704.132609-1-davydov-max@yandex-team.ru
---
arch/x86/kernel/cpu/intel.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index b91f3d72bcdd..2c43a1423b09 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -1204,7 +1204,13 @@ static void __split_lock_reenable(struct work_struct *work)
{
sld_update_msr(true);
}
-static DECLARE_DELAYED_WORK(sl_reenable, __split_lock_reenable);
+/*
+ * In order for each CPU to schedule its delayed work independently of the
+ * others, delayed work struct must be per-CPU. This is not required when
+ * sysctl_sld_mitigate is enabled because of the semaphore that limits
+ * the number of simultaneously scheduled delayed works to 1.
+ */
+static DEFINE_PER_CPU(struct delayed_work, sl_reenable);
/*
* If a CPU goes offline with pending delayed work to re-enable split lock
@@ -1225,7 +1231,7 @@ static int splitlock_cpu_offline(unsigned int cpu)
static void split_lock_warn(unsigned long ip)
{
- struct delayed_work *work;
+ struct delayed_work *work = NULL;
int cpu;
if (!current->reported_split_lock)
@@ -1247,11 +1253,17 @@ static void split_lock_warn(unsigned long ip)
if (down_interruptible(&buslock_sem) == -EINTR)
return;
work = &sl_reenable_unlock;
- } else {
- work = &sl_reenable;
}
cpu = get_cpu();
+
+ if (!work) {
+ work = this_cpu_ptr(&sl_reenable);
+ /* Deferred initialization of per-CPU struct */
+ if (!work->work.func)
+ INIT_DELAYED_WORK(work, __split_lock_reenable);
+ }
+
schedule_delayed_work_on(cpu, work, 2);
/* Disable split lock detection on this CPU to make progress */
--
2.34.1
5 months, 2 weeks
- 1
- 0
[PATCH 6.6.y] x86/split_lock: Fix the delayed detection logic
by Maksim Davydov
commit c929d08df8bee855528b9d15b853c892c54e1eee upstream.
If the warning mode with disabled mitigation mode is used, then on each
CPU where the split lock occurred detection will be disabled in order to
make progress and delayed work will be scheduled, which then will enable
detection back.
Now it turns out that all CPUs use one global delayed work structure.
This leads to the fact that if a split lock occurs on several CPUs
at the same time (within 2 jiffies), only one CPU will schedule delayed
work, but the rest will not.
The return value of schedule_delayed_work_on() would have shown this,
but it is not checked in the code.
A diagram that can help to understand the bug reproduction:
- sld_update_msr() enables/disables SLD on both CPUs on the same core
- schedule_delayed_work_on() internally checks WORK_STRUCT_PENDING_BIT.
If a work has the 'pending' status, then schedule_delayed_work_on()
will return an error code and, most importantly, the work will not
be placed in the workqueue.
Let's say we have a multicore system on which split_lock_mitigate=0 and
a multithreaded application is running that calls splitlock in multiple
threads. Due to the fact that sld_update_msr() affects the entire core
(both CPUs), we will consider 2 CPUs from different cores. Let the 2
threads of this application schedule to CPU0 (core 0) and to CPU 2
(core 1), then:
| || |
| CPU 0 (core 0) || CPU 2 (core 1) |
|_________________________________||___________________________________|
| || |
| 1) SPLIT LOCK occured || |
| || |
| 2) split_lock_warn() || |
| || |
| 3) sysctl_sld_mitigate == 0 || |
| (work = &sl_reenable) || |
| || |
| 4) schedule_delayed_work_on() || |
| (reenable will be called || |
| after 2 jiffies on CPU 0) || |
| || |
| 5) disable SLD for core 0 || |
| || |
| ------------------------- || |
| || |
| || 6) SPLIT LOCK occured |
| || |
| || 7) split_lock_warn() |
| || |
| || 8) sysctl_sld_mitigate == 0 |
| || (work = &sl_reenable, |
| || the same address as in 3) ) |
| || |
| 2 jiffies || 9) schedule_delayed_work_on() |
| || fials because the work is in |
| || the pending state since 4). |
| || The work wasn't placed to the |
| || workqueue. reenable won't be |
| || called on CPU 2 |
| || |
| || 10) disable SLD for core 0 |
| || |
| || From now on SLD will |
| || never be reenabled on core 1 |
| || |
| ------------------------- || |
| || |
| 11) enable SLD for core 0 by || |
| __split_lock_reenable || |
| || |
If the application threads can be scheduled to all processor cores,
then over time there will be only one core left, on which SLD will be
enabled and split lock will be able to be detected; and on all other
cores SLD will be disabled all the time.
Most likely, this bug has not been noticed for so long because
sysctl_sld_mitigate default value is 1, and in this case a semaphore
is used that does not allow 2 different cores to have SLD disabled at
the same time, that is, strictly only one work is placed in the
workqueue.
In order to fix the warning mode with disabled mitigation mode,
delayed work has to be per-CPU. Implement it.
Fixes: 727209376f49 ("x86/split_lock: Add sysctl to control the misery mode")
Signed-off-by: Maksim Davydov <davydov-max(a)yandex-team.ru>
Signed-off-by: Ingo Molnar <mingo(a)kernel.org>
Tested-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Ravi Bangoria <ravi.bangoria(a)amd.com>
Cc: Tom Lendacky <thomas.lendacky(a)amd.com>
Link: https://lore.kernel.org/r/20250115131704.132609-1-davydov-max@yandex-team.ru
---
arch/x86/kernel/cpu/intel.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 38eeff91109f..6c0e0619e6d3 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -1168,7 +1168,13 @@ static void __split_lock_reenable(struct work_struct *work)
{
sld_update_msr(true);
}
-static DECLARE_DELAYED_WORK(sl_reenable, __split_lock_reenable);
+/*
+ * In order for each CPU to schedule its delayed work independently of the
+ * others, delayed work struct must be per-CPU. This is not required when
+ * sysctl_sld_mitigate is enabled because of the semaphore that limits
+ * the number of simultaneously scheduled delayed works to 1.
+ */
+static DEFINE_PER_CPU(struct delayed_work, sl_reenable);
/*
* If a CPU goes offline with pending delayed work to re-enable split lock
@@ -1189,7 +1195,7 @@ static int splitlock_cpu_offline(unsigned int cpu)
static void split_lock_warn(unsigned long ip)
{
- struct delayed_work *work;
+ struct delayed_work *work = NULL;
int cpu;
if (!current->reported_split_lock)
@@ -1211,11 +1217,17 @@ static void split_lock_warn(unsigned long ip)
if (down_interruptible(&buslock_sem) == -EINTR)
return;
work = &sl_reenable_unlock;
- } else {
- work = &sl_reenable;
}
cpu = get_cpu();
+
+ if (!work) {
+ work = this_cpu_ptr(&sl_reenable);
+ /* Deferred initialization of per-CPU struct */
+ if (!work->work.func)
+ INIT_DELAYED_WORK(work, __split_lock_reenable);
+ }
+
schedule_delayed_work_on(cpu, work, 2);
/* Disable split lock detection on this CPU to make progress */
--
2.34.1
5 months, 2 weeks
- 1
- 0
[PATCH v2] serial: sifive: lock port in startup()/shutdown() callbacks
by Ryo Takakura
startup()/shutdown() callbacks access SIFIVE_SERIAL_IE_OFFS.
The register is also accessed from write() callback.
If console were printing and startup()/shutdown() callback
gets called, its access to the register could be overwritten.
Add port->lock to startup()/shutdown() callbacks to make sure
their access to SIFIVE_SERIAL_IE_OFFS is synchronized against
write() callback.
Fixes: 45c054d0815b ("tty: serial: add driver for the SiFive UART")
Signed-off-by: Ryo Takakura <ryotkkr98(a)gmail.com>
Cc: stable(a)vger.kernel.org
---
This patch used be part of a series for converting sifive driver to
nbcon[0]. It's now sent seperatly as the rest of the series does not
need be applied to the stable branch.
Sincerely,
Ryo Takakura
[0] https://lore.kernel.org/all/20250405043833.397020-1-ryotkkr98@gmail.com/
---
drivers/tty/serial/sifive.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/tty/serial/sifive.c b/drivers/tty/serial/sifive.c
index 5904a2d4c..054a8e630 100644
--- a/drivers/tty/serial/sifive.c
+++ b/drivers/tty/serial/sifive.c
@@ -563,8 +563,11 @@ static void sifive_serial_break_ctl(struct uart_port *port, int break_state)
static int sifive_serial_startup(struct uart_port *port)
{
struct sifive_serial_port *ssp = port_to_sifive_serial_port(port);
+ unsigned long flags;
+ uart_port_lock_irqsave(&ssp->port, &flags);
__ssp_enable_rxwm(ssp);
+ uart_port_unlock_irqrestore(&ssp->port, flags);
return 0;
}
@@ -572,9 +575,12 @@ static int sifive_serial_startup(struct uart_port *port)
static void sifive_serial_shutdown(struct uart_port *port)
{
struct sifive_serial_port *ssp = port_to_sifive_serial_port(port);
+ unsigned long flags;
+ uart_port_lock_irqsave(&ssp->port, &flags);
__ssp_disable_rxwm(ssp);
__ssp_disable_txwm(ssp);
+ uart_port_unlock_irqrestore(&ssp->port, flags);
}
/**
--
2.34.1
5 months, 2 weeks
- 2
- 2
[PATCH] ocfs2: fix panic in failed foilio allocation
by Mark Tinguely
In commit 7e119cff9d0a, "ocfs2: convert w_pages to w_folios" the
chunk page allocations became order 0 folio allocations. If an
allocation failed, the folio array entry should be NULL so the
error path can skip the entry. In the port it is -ENOMEM and
the error path panics trying to free this bad value.
Signed-off-by: Mark Tinguely <mark.tinguely(a)oracle.com>
Cc: stable(a)vger.kernel.org
Cc: Changwei Ge <gechangwei(a)live.cn>
Cc: Joel Becker <jlbec(a)evilplan.org>
Cc: Jun Piao <piaojun(a)huawei.com>
Cc: Junxiao Bi <junxiao.bi(a)oracle.com>
Cc: Mark Fasheh <mark(a)fasheh.com>
---
fs/ocfs2/aops.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
index 40b6bce12951..89aadc6cdd87 100644
--- a/fs/ocfs2/aops.c
+++ b/fs/ocfs2/aops.c
@@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(struct
address_space *mapping,
if (IS_ERR(wc->w_folios[i])) {
ret = PTR_ERR(wc->w_folios[i]);
mlog_errno(ret);
+ wc->w_folios[i] = NULL;
goto out;
}
}
--
2.39.5 (Apple Git-154)
5 months, 2 weeks
- 1
- 0
Linux 6.14.2
by Greg Kroah-Hartman
I'm announcing the release of the 6.14.2 kernel.
All users of the 6.14 kernel series must upgrade.
The updated 6.14.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/vendor-prefixes.yaml | 2
Documentation/netlink/specs/netdev.yaml | 4
Documentation/netlink/specs/rt_route.yaml | 180 -
Documentation/networking/xsk-tx-metadata.rst | 62
Makefile | 2
arch/arm/Kconfig | 2
arch/arm/boot/dts/nxp/imx/imx6ul-tqma6ul1-mba6ulx.dts | 3
arch/arm/boot/dts/nxp/imx/imx6ul-tqma6ul1.dtsi | 2
arch/arm/boot/dts/ti/omap/omap4-panda-a4.dts | 5
arch/arm/include/asm/vmlinux.lds.h | 12
arch/arm64/boot/dts/freescale/imx8mp-skov-reva.dtsi | 39
arch/arm64/boot/dts/freescale/imx8mp.dtsi | 7
arch/arm64/boot/dts/mediatek/mt6359.dtsi | 3
arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 2
arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6
arch/arm64/boot/dts/mediatek/mt8390-genio-700-evk.dts | 1033 ---------
arch/arm64/boot/dts/mediatek/mt8390-genio-common.dtsi | 1046 ++++++++++
arch/arm64/boot/dts/renesas/r8a774c0.dtsi | 4
arch/arm64/boot/dts/renesas/r8a77990.dtsi | 4
arch/arm64/boot/dts/rockchip/rk3308-roc-cc.dts | 2
arch/arm64/boot/dts/rockchip/rk3318-a95x-z2.dts | 4
arch/arm64/boot/dts/rockchip/rk3399-nanopi4.dtsi | 2
arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 14
arch/arm64/boot/dts/rockchip/rk356x-base.dtsi | 25
arch/arm64/boot/dts/rockchip/rk3576-armsom-sige5.dts | 3
arch/arm64/boot/dts/rockchip/rk3588-orangepi-5-compact.dtsi | 2
arch/arm64/boot/dts/rockchip/rk3588s-coolpi-4b.dts | 2
arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi | 6
arch/arm64/boot/dts/ti/k3-am62p-j722s-common-mcu.dtsi | 8
arch/arm64/boot/dts/ti/k3-am62p-main.dtsi | 26
arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2
arch/arm64/boot/dts/ti/k3-j722s-main.dtsi | 15
arch/arm64/include/asm/mem_encrypt.h | 11
arch/arm64/kernel/compat_alignment.c | 2
arch/loongarch/Kconfig | 4
arch/loongarch/include/asm/cache.h | 2
arch/loongarch/include/asm/irq.h | 2
arch/loongarch/include/asm/stacktrace.h | 3
arch/loongarch/include/asm/unwind_hints.h | 10
arch/loongarch/kernel/env.c | 2
arch/loongarch/kernel/kgdb.c | 5
arch/loongarch/net/bpf_jit.c | 12
arch/loongarch/net/bpf_jit.h | 5
arch/m68k/include/asm/processor.h | 14
arch/m68k/sun3/mmu_emu.c | 7
arch/parisc/include/uapi/asm/socket.h | 12
arch/powerpc/configs/mpc885_ads_defconfig | 2
arch/powerpc/crypto/Makefile | 1
arch/powerpc/kexec/relocate_32.S | 7
arch/powerpc/perf/core-book3s.c | 8
arch/powerpc/perf/vpa-pmu.c | 1
arch/powerpc/platforms/cell/spufs/gang.c | 1
arch/powerpc/platforms/cell/spufs/inode.c | 63
arch/powerpc/platforms/cell/spufs/spufs.h | 2
arch/riscv/Kconfig | 2
arch/riscv/errata/Makefile | 6
arch/riscv/include/asm/cpufeature.h | 4
arch/riscv/include/asm/ftrace.h | 4
arch/riscv/kernel/elf_kexec.c | 3
arch/riscv/kernel/mcount.S | 24
arch/riscv/kernel/traps_misaligned.c | 14
arch/riscv/kernel/unaligned_access_speed.c | 91
arch/riscv/kernel/vec-copy-unaligned.S | 2
arch/riscv/kvm/main.c | 4
arch/riscv/kvm/vcpu_pmu.c | 1
arch/riscv/mm/hugetlbpage.c | 76
arch/riscv/purgatory/entry.S | 1
arch/s390/include/asm/io.h | 2
arch/s390/include/asm/pgtable.h | 3
arch/s390/kernel/entry.S | 2
arch/s390/kernel/perf_pai_crypto.c | 3
arch/s390/kernel/perf_pai_ext.c | 3
arch/s390/mm/pgtable.c | 10
arch/um/include/shared/os.h | 1
arch/um/kernel/Makefile | 2
arch/um/kernel/maccess.c | 19
arch/um/os-Linux/process.c | 51
arch/x86/Kconfig | 3
arch/x86/Kconfig.cpu | 2
arch/x86/Makefile.um | 7
arch/x86/coco/tdx/tdx.c | 26
arch/x86/entry/calling.h | 2
arch/x86/entry/common.c | 2
arch/x86/entry/vdso/vdso-layout.lds.S | 2
arch/x86/entry/vdso/vma.c | 2
arch/x86/events/amd/brs.c | 3
arch/x86/events/amd/lbr.c | 3
arch/x86/events/core.c | 5
arch/x86/events/intel/core.c | 47
arch/x86/events/intel/ds.c | 13
arch/x86/events/intel/lbr.c | 50
arch/x86/events/perf_event.h | 18
arch/x86/hyperv/ivm.c | 2
arch/x86/include/asm/irqflags.h | 40
arch/x86/include/asm/paravirt.h | 20
arch/x86/include/asm/paravirt_types.h | 3
arch/x86/include/asm/tdx.h | 4
arch/x86/include/asm/tlbflush.h | 2
arch/x86/include/asm/vdso/vsyscall.h | 1
arch/x86/kernel/cpu/bus_lock.c | 20
arch/x86/kernel/cpu/mce/severity.c | 11
arch/x86/kernel/cpu/microcode/amd.c | 2
arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3
arch/x86/kernel/dumpstack.c | 5
arch/x86/kernel/fpu/core.c | 6
arch/x86/kernel/paravirt.c | 14
arch/x86/kernel/process.c | 9
arch/x86/kernel/traps.c | 18
arch/x86/kernel/tsc.c | 4
arch/x86/kernel/uprobes.c | 14
arch/x86/kvm/svm/sev.c | 13
arch/x86/kvm/x86.c | 15
arch/x86/lib/copy_user_64.S | 18
arch/x86/mm/mem_encrypt_identity.c | 4
arch/x86/mm/pat/cpa-test.c | 2
arch/x86/mm/pat/memtype.c | 52
block/badblocks.c | 284 --
block/bio.c | 11
block/blk-settings.c | 51
block/blk-throttle.c | 13
crypto/algapi.c | 3
crypto/api.c | 17
crypto/bpf_crypto_skcipher.c | 1
drivers/accel/amdxdna/aie2_smu.c | 2
drivers/acpi/acpi_video.c | 9
drivers/acpi/nfit/core.c | 2
drivers/acpi/platform_profile.c | 26
drivers/acpi/processor_idle.c | 4
drivers/acpi/resource.c | 7
drivers/acpi/x86/utils.c | 3
drivers/ata/libata-core.c | 2
drivers/auxdisplay/Kconfig | 1
drivers/auxdisplay/panel.c | 4
drivers/base/power/main.c | 21
drivers/base/power/runtime.c | 2
drivers/block/null_blk/main.c | 17
drivers/block/ublk_drv.c | 39
drivers/bluetooth/btnxpuart.c | 6
drivers/bluetooth/btusb.c | 2
drivers/bus/qcom-ssc-block-bus.c | 34
drivers/clk/clk-stm32f4.c | 4
drivers/clk/imx/clk-imx8mp-audiomix.c | 6
drivers/clk/meson/g12a.c | 38
drivers/clk/meson/gxbb.c | 14
drivers/clk/mmp/clk-pxa1908-apmu.c | 4
drivers/clk/qcom/gcc-ipq5424.c | 24
drivers/clk/qcom/gcc-msm8953.c | 2
drivers/clk/qcom/gcc-sm8650.c | 4
drivers/clk/qcom/gcc-x1e80100.c | 30
drivers/clk/qcom/mmcc-sdm660.c | 2
drivers/clk/renesas/r9a08g045-cpg.c | 5
drivers/clk/renesas/rzg2l-cpg.c | 13
drivers/clk/renesas/rzg2l-cpg.h | 10
drivers/clk/rockchip/clk-rk3328.c | 2
drivers/clk/samsung/clk.c | 2
drivers/cpufreq/Kconfig.arm | 2
drivers/cpufreq/amd-pstate-trace.h | 46
drivers/cpufreq/amd-pstate.c | 80
drivers/cpufreq/amd-pstate.h | 18
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpufreq/cpufreq-dt.c | 2
drivers/cpufreq/cpufreq_governor.c | 45
drivers/cpufreq/mediatek-cpufreq-hw.c | 2
drivers/cpufreq/mediatek-cpufreq.c | 2
drivers/cpufreq/mvebu-cpufreq.c | 2
drivers/cpufreq/qcom-cpufreq-hw.c | 2
drivers/cpufreq/qcom-cpufreq-nvmem.c | 8
drivers/cpufreq/scmi-cpufreq.c | 2
drivers/cpufreq/scpi-cpufreq.c | 7
drivers/cpufreq/sun50i-cpufreq-nvmem.c | 6
drivers/cpufreq/virtual-cpufreq.c | 2
drivers/cpuidle/cpuidle-arm.c | 8
drivers/cpuidle/cpuidle-big_little.c | 2
drivers/cpuidle/cpuidle-psci.c | 4
drivers/cpuidle/cpuidle-qcom-spm.c | 2
drivers/cpuidle/cpuidle-riscv-sbi.c | 4
drivers/crypto/hisilicon/sec2/sec.h | 1
drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 -
drivers/crypto/intel/iaa/iaa_crypto_main.c | 4
drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1
drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59
drivers/crypto/nx/nx-common-pseries.c | 37
drivers/crypto/tegra/tegra-se-aes.c | 401 ++-
drivers/crypto/tegra/tegra-se-hash.c | 287 +-
drivers/crypto/tegra/tegra-se-key.c | 29
drivers/crypto/tegra/tegra-se-main.c | 16
drivers/crypto/tegra/tegra-se.h | 39
drivers/dma/amd/ae4dma/ae4dma-pci.c | 4
drivers/dma/amd/ae4dma/ae4dma.h | 2
drivers/dma/amd/ptdma/ptdma-dmaengine.c | 90
drivers/dma/fsl-edma-main.c | 14
drivers/edac/i10nm_base.c | 2
drivers/edac/ie31200_edac.c | 19
drivers/edac/igen6_edac.c | 21
drivers/edac/skx_common.c | 33
drivers/edac/skx_common.h | 11
drivers/firmware/arm_ffa/bus.c | 3
drivers/firmware/arm_ffa/driver.c | 60
drivers/firmware/arm_scmi/driver.c | 10
drivers/firmware/cirrus/cs_dsp.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 461 ----
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1
drivers/gpu/drm/amd/amdgpu/vcn_v5_0_1.c | 12
drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15
drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16
drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4
drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12
drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3
drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3
drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12
drivers/gpu/drm/bridge/ite-it6505.c | 7
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2
drivers/gpu/drm/display/drm_dp_mst_topology.c | 8
drivers/gpu/drm/drm_file.c | 26
drivers/gpu/drm/mediatek/mtk_crtc.c | 7
drivers/gpu/drm/mediatek/mtk_dp.c | 6
drivers/gpu/drm/mediatek/mtk_dsi.c | 6
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33
drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 132 -
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.h | 4
drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 24
drivers/gpu/drm/msm/dsi/dsi_host.c | 8
drivers/gpu/drm/msm/dsi/dsi_manager.c | 32
drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2
drivers/gpu/drm/msm/msm_atomic.c | 13
drivers/gpu/drm/msm/msm_dsc_helper.h | 11
drivers/gpu/drm/msm/msm_gem_submit.c | 2
drivers/gpu/drm/msm/msm_kms.h | 7
drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2
drivers/gpu/drm/panthor/panthor_device.c | 22
drivers/gpu/drm/panthor/panthor_drv.c | 14
drivers/gpu/drm/panthor/panthor_fw.c | 9
drivers/gpu/drm/panthor/panthor_fw.h | 6
drivers/gpu/drm/panthor/panthor_heap.c | 54
drivers/gpu/drm/panthor/panthor_heap.h | 2
drivers/gpu/drm/panthor/panthor_mmu.c | 27
drivers/gpu/drm/panthor/panthor_mmu.h | 3
drivers/gpu/drm/panthor/panthor_sched.c | 84
drivers/gpu/drm/panthor/panthor_sched.h | 3
drivers/gpu/drm/solomon/ssd130x-spi.c | 7
drivers/gpu/drm/solomon/ssd130x.c | 6
drivers/gpu/drm/vkms/vkms_drv.c | 15
drivers/gpu/drm/xe/Kconfig | 2
drivers/gpu/drm/xlnx/zynqmp_dp.c | 2
drivers/gpu/drm/xlnx/zynqmp_dp_audio.c | 4
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2
drivers/greybus/gb-beagleplay.c | 4
drivers/hid/Makefile | 1
drivers/hwtracing/coresight/coresight-catu.c | 2
drivers/hwtracing/coresight/coresight-core.c | 20
drivers/hwtracing/coresight/coresight-etm4x-core.c | 48
drivers/i3c/master/svc-i3c-master.c | 2
drivers/iio/accel/mma8452.c | 10
drivers/iio/accel/msa311.c | 26
drivers/iio/adc/ad4130.c | 41
drivers/iio/adc/ad7124.c | 60
drivers/iio/adc/ad7173.c | 30
drivers/iio/adc/ad7192.c | 5
drivers/iio/adc/ad7768-1.c | 15
drivers/iio/adc/ad_sigma_delta.c | 1
drivers/iio/dac/adi-axi-dac.c | 8
drivers/iio/industrialio-backend.c | 4
drivers/iio/industrialio-gts-helper.c | 11
drivers/iio/light/Kconfig | 1
drivers/iio/light/veml6030.c | 577 ++---
drivers/iio/light/veml6075.c | 8
drivers/infiniband/core/device.c | 18
drivers/infiniband/core/mad.c | 38
drivers/infiniband/core/sysfs.c | 1
drivers/infiniband/hw/erdma/erdma_cm.c | 1
drivers/infiniband/hw/mana/main.c | 2
drivers/infiniband/hw/mlx5/cq.c | 2
drivers/infiniband/hw/mlx5/mr.c | 41
drivers/infiniband/hw/mlx5/odp.c | 10
drivers/iommu/amd/amd_iommu.h | 7
drivers/iommu/intel/iommu.c | 17
drivers/iommu/io-pgtable-dart.c | 2
drivers/iommu/iommu.c | 5
drivers/leds/led-core.c | 22
drivers/leds/leds-st1202.c | 4
drivers/md/md-bitmap.c | 6
drivers/md/md.c | 71
drivers/md/md.h | 6
drivers/md/raid1-10.c | 2
drivers/md/raid1.c | 17
drivers/md/raid10.c | 19
drivers/media/dvb-frontends/dib8000.c | 5
drivers/media/platform/allegro-dvt/allegro-core.c | 1
drivers/media/platform/ti/omap3isp/isp.c | 7
drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1
drivers/media/rc/streamzap.c | 2
drivers/media/test-drivers/vimc/vimc-streamer.c | 6
drivers/memory/mtk-smi.c | 33
drivers/mfd/sm501.c | 6
drivers/misc/pci_endpoint_test.c | 22
drivers/mmc/host/omap.c | 19
drivers/mmc/host/sdhci-omap.c | 4
drivers/mmc/host/sdhci-pxav3.c | 1
drivers/net/arcnet/com20020-pci.c | 17
drivers/net/bonding/bond_main.c | 8
drivers/net/bonding/bond_options.c | 3
drivers/net/can/rockchip/rockchip_canfd-core.c | 5
drivers/net/dsa/microchip/ksz8.c | 11
drivers/net/dsa/microchip/ksz_dcb.c | 231 --
drivers/net/dsa/mv88e6xxx/chip.c | 32
drivers/net/dsa/mv88e6xxx/phy.c | 3
drivers/net/dsa/sja1105/sja1105_ethtool.c | 9
drivers/net/dsa/sja1105/sja1105_ptp.c | 20
drivers/net/dsa/sja1105/sja1105_static_config.c | 6
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19
drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 3
drivers/net/ethernet/ibm/ibmveth.c | 39
drivers/net/ethernet/ibm/ibmvnic.c | 30
drivers/net/ethernet/intel/e1000e/defines.h | 3
drivers/net/ethernet/intel/e1000e/ich8lan.c | 80
drivers/net/ethernet/intel/e1000e/ich8lan.h | 4
drivers/net/ethernet/intel/ice/devlink/health.c | 6
drivers/net/ethernet/intel/ice/ice_common.c | 3
drivers/net/ethernet/intel/ice/ice_ptp.c | 6
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 39
drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 24
drivers/net/ethernet/intel/idpf/idpf_lib.c | 31
drivers/net/ethernet/intel/idpf/idpf_main.c | 6
drivers/net/ethernet/intel/igb/igb_ptp.c | 6
drivers/net/ethernet/intel/igc/igc.h | 1
drivers/net/ethernet/intel/igc/igc_main.c | 143 +
drivers/net/ethernet/intel/ixgbe/ixgbe_e610.c | 4
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 +
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2
drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2
drivers/net/ethernet/mediatek/airoha_eth.c | 20
drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8
drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2
drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 4
drivers/net/ethernet/mellanox/mlx5/core/main.c | 15
drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_bloom_filter.c | 27
drivers/net/ethernet/microchip/lan743x_ptp.c | 6
drivers/net/ethernet/renesas/ravb_ptp.c | 3
drivers/net/ethernet/sfc/ef100_netdev.c | 7
drivers/net/ethernet/sfc/ef100_nic.c | 47
drivers/net/ethernet/sfc/efx.c | 24
drivers/net/ethernet/sfc/mcdi_port.c | 59
drivers/net/ethernet/sfc/mcdi_port_common.c | 11
drivers/net/ethernet/sfc/net_driver.h | 6
drivers/net/ethernet/wangxun/libwx/wx_lib.c | 65
drivers/net/ipvlan/ipvlan_l3s.c | 1
drivers/net/phy/bcm-phy-ptp.c | 3
drivers/net/phy/broadcom.c | 6
drivers/net/usb/rndis_host.c | 16
drivers/net/usb/usbnet.c | 6
drivers/net/virtio_net.c | 30
drivers/net/vmxnet3/vmxnet3_drv.c | 10
drivers/net/wireless/ath/ath11k/dp_rx.c | 14
drivers/net/wireless/ath/ath11k/mac.c | 5
drivers/net/wireless/ath/ath11k/pci.c | 2
drivers/net/wireless/ath/ath11k/reg.c | 22
drivers/net/wireless/ath/ath12k/core.c | 4
drivers/net/wireless/ath/ath12k/dp_rx.c | 2
drivers/net/wireless/ath/ath12k/dp_tx.c | 2
drivers/net/wireless/ath/ath12k/mac.c | 9
drivers/net/wireless/ath/ath12k/pci.c | 2
drivers/net/wireless/ath/ath12k/wmi.c | 2
drivers/net/wireless/ath/ath9k/common-spectral.c | 4
drivers/net/wireless/marvell/mwifiex/fw.h | 14
drivers/net/wireless/marvell/mwifiex/main.c | 4
drivers/net/wireless/marvell/mwifiex/sta_cmd.c | 18
drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c | 45
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1
drivers/net/wireless/realtek/rtw89/core.h | 2
drivers/net/wireless/realtek/rtw89/fw.c | 12
drivers/net/wireless/realtek/rtw89/pci.h | 56
drivers/net/wireless/realtek/rtw89/pci_be.c | 2
drivers/net/wireless/realtek/rtw89/rtw8852b_rfk.c | 13
drivers/net/wireless/realtek/rtw89/rtw8852bt_rfk.c | 13
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2
drivers/ntb/test/ntb_perf.c | 4
drivers/nvdimm/badrange.c | 2
drivers/nvdimm/nd.h | 2
drivers/nvdimm/pfn_devs.c | 7
drivers/nvdimm/pmem.c | 2
drivers/nvme/host/ioctl.c | 2
drivers/nvme/host/pci.c | 3
drivers/nvme/target/debugfs.c | 2
drivers/nvme/target/pci-epf.c | 11
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3
drivers/pci/controller/cadence/pcie-cadence.h | 2
drivers/pci/controller/dwc/pcie-designware-ep.c | 1
drivers/pci/controller/dwc/pcie-histb.c | 12
drivers/pci/controller/pcie-brcmstb.c | 16
drivers/pci/controller/pcie-mediatek-gen3.c | 28
drivers/pci/controller/pcie-xilinx-cpm.c | 10
drivers/pci/endpoint/functions/pci-epf-test.c | 126 -
drivers/pci/hotplug/pciehp_hpc.c | 4
drivers/pci/iov.c | 48
drivers/pci/pci-sysfs.c | 4
drivers/pci/pci.c | 22
drivers/pci/pcie/aspm.c | 17
drivers/pci/pcie/bwctrl.c | 6
drivers/pci/pcie/portdrv.c | 8
drivers/pci/probe.c | 5
drivers/pci/setup-bus.c | 39
drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50
drivers/pinctrl/bcm/pinctrl-bcm2835.c | 14
drivers/pinctrl/intel/pinctrl-intel.c | 1
drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10
drivers/pinctrl/renesas/pinctrl-rza2.c | 2
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3
drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2
drivers/pinctrl/tegra/pinctrl-tegra.c | 3
drivers/platform/x86/dell/dell-uart-backlight.c | 2
drivers/platform/x86/dell/dell-wmi-ddv.c | 6
drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2
drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2
drivers/platform/x86/thinkpad_acpi.c | 11
drivers/power/supply/bq27xxx_battery.c | 1
drivers/power/supply/max77693_charger.c | 2
drivers/ptp/ptp_ocp.c | 4
drivers/regulator/pca9450-regulator.c | 6
drivers/remoteproc/qcom_q6v5_mss.c | 21
drivers/remoteproc/qcom_q6v5_pas.c | 13
drivers/remoteproc/remoteproc_core.c | 1
drivers/rtc/rtc-renesas-rtca3.c | 15
drivers/scsi/hisi_sas/hisi_sas.h | 3
drivers/scsi/hisi_sas/hisi_sas_main.c | 28
drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 4
drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 4
drivers/scsi/mpi3mr/mpi3mr_app.c | 1
drivers/scsi/mpt3sas/mpt3sas_base.c | 12
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2
drivers/soc/mediatek/mt8167-mmsys.h | 13
drivers/soc/mediatek/mt8188-mmsys.h | 2
drivers/soc/mediatek/mt8365-mmsys.h | 48
drivers/soundwire/generic_bandwidth_allocation.c | 5
drivers/soundwire/slave.c | 1
drivers/spi/spi-amd.c | 2
drivers/spi/spi-bcm2835.c | 18
drivers/spi/spi-cadence-xspi.c | 2
drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 2
drivers/staging/gpib/agilent_82357a/agilent_82357a.c | 424 +---
drivers/staging/gpib/cb7210/cb7210.c | 2
drivers/staging/gpib/hp_82341/hp_82341.c | 2
drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 518 ++--
drivers/staging/rtl8723bs/Kconfig | 1
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 28
drivers/target/loopback/tcm_loop.c | 5
drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3
drivers/tty/n_tty.c | 13
drivers/tty/serial/fsl_lpuart.c | 312 +-
drivers/usb/host/xhci-mem.c | 6
drivers/usb/typec/altmodes/thunderbolt.c | 10
drivers/usb/typec/ucsi/ucsi_ccg.c | 5
drivers/vhost/scsi.c | 25
drivers/video/console/Kconfig | 6
drivers/video/fbdev/au1100fb.c | 4
drivers/video/fbdev/sm501fb.c | 7
drivers/w1/masters/w1-uart.c | 4
fs/9p/vfs_inode_dotl.c | 2
fs/autofs/autofs_i.h | 2
fs/bcachefs/fs-ioctl.c | 6
fs/btrfs/block-group.c | 40
fs/btrfs/disk-io.c | 3
fs/coredump.c | 4
fs/dlm/lockspace.c | 2
fs/erofs/internal.h | 2
fs/erofs/super.c | 8
fs/exec.c | 15
fs/exfat/fatent.c | 2
fs/exfat/file.c | 29
fs/exfat/inode.c | 41
fs/ext4/dir.c | 3
fs/ext4/ext4.h | 17
fs/ext4/ext4_jbd2.h | 29
fs/ext4/inode.c | 19
fs/ext4/mballoc-test.c | 2
fs/ext4/namei.c | 16
fs/ext4/super.c | 81
fs/ext4/xattr.c | 32
fs/ext4/xattr.h | 10
fs/f2fs/checkpoint.c | 15
fs/f2fs/compress.c | 1
fs/f2fs/data.c | 10
fs/f2fs/f2fs.h | 3
fs/f2fs/file.c | 20
fs/f2fs/inode.c | 7
fs/f2fs/namei.c | 8
fs/f2fs/segment.c | 29
fs/f2fs/segment.h | 9
fs/f2fs/super.c | 67
fs/fsopen.c | 2
fs/fuse/dax.c | 1
fs/fuse/dir.c | 2
fs/fuse/file.c | 4
fs/gfs2/super.c | 21
fs/hostfs/hostfs.h | 2
fs/hostfs/hostfs_kern.c | 7
fs/hostfs/hostfs_user.c | 59
fs/isofs/dir.c | 3
fs/jbd2/journal.c | 27
fs/jfs/inode.c | 2
fs/jfs/jfs_dtree.c | 3
fs/jfs/jfs_extent.c | 10
fs/jfs/jfs_imap.c | 13
fs/jfs/xattr.c | 15
fs/nfs/delegation.c | 63
fs/nfs/nfs4xdr.c | 18
fs/nfs/sysfs.c | 22
fs/nfs/write.c | 4
fs/nfsd/Kconfig | 12
fs/nfsd/nfs4callback.c | 14
fs/nfsd/nfs4state.c | 53
fs/nfsd/nfsctl.c | 53
fs/nfsd/stats.c | 4
fs/nfsd/stats.h | 2
fs/nfsd/vfs.c | 28
fs/ntfs3/attrib.c | 3
fs/ntfs3/file.c | 22
fs/ntfs3/frecord.c | 6
fs/ntfs3/index.c | 4
fs/ntfs3/ntfs.h | 2
fs/ntfs3/super.c | 89
fs/ocfs2/alloc.c | 8
fs/proc/base.c | 2
fs/smb/client/connect.c | 16
fs/smb/server/auth.c | 6
fs/smb/server/connection.h | 11
fs/smb/server/mgmt/user_session.c | 37
fs/smb/server/mgmt/user_session.h | 2
fs/smb/server/oplock.c | 12
fs/smb/server/smb2pdu.c | 54
fs/smb/server/smbacl.c | 21
include/asm-generic/rwonce.h | 10
include/drm/display/drm_dp_mst_helper.h | 7
include/drm/drm_file.h | 5
include/linux/arm_ffa.h | 3
include/linux/avf/virtchnl.h | 4
include/linux/badblocks.h | 10
include/linux/context_tracking_irq.h | 8
include/linux/coresight.h | 4
include/linux/cpuset.h | 11
include/linux/dma-direct.h | 13
include/linux/fwnode.h | 2
include/linux/if_bridge.h | 6
include/linux/iio/iio-gts-helper.h | 1
include/linux/iio/iio.h | 26
include/linux/interrupt.h | 8
include/linux/mem_encrypt.h | 23
include/linux/nfs_fs_sb.h | 4
include/linux/nmi.h | 4
include/linux/perf_event.h | 37
include/linux/pgtable.h | 28
include/linux/pm_runtime.h | 2
include/linux/rcupdate.h | 2
include/linux/reboot.h | 18
include/linux/sched.h | 7
include/linux/sched/deadline.h | 4
include/linux/sched/smt.h | 2
include/linux/seccomp.h | 8
include/linux/thermal.h | 2
include/linux/uprobes.h | 2
include/linux/writeback.h | 24
include/net/ax25.h | 1
include/net/bluetooth/hci.h | 34
include/net/bluetooth/hci_core.h | 5
include/net/bonding.h | 1
include/net/xdp_sock.h | 10
include/net/xdp_sock_drv.h | 1
include/net/xfrm.h | 11
include/rdma/ib_verbs.h | 1
include/trace/define_trace.h | 7
include/trace/events/writeback.h | 21
include/uapi/linux/if_xdp.h | 10
include/uapi/linux/netdev.h | 3
init/Kconfig | 5
io_uring/io-wq.c | 40
io_uring/io-wq.h | 7
io_uring/io_uring.c | 3
io_uring/net.c | 23
kernel/bpf/core.c | 19
kernel/bpf/verifier.c | 7
kernel/cgroup/cpuset.c | 27
kernel/cpu.c | 5
kernel/events/core.c | 39
kernel/events/ring_buffer.c | 2
kernel/events/uprobes.c | 15
kernel/fork.c | 4
kernel/kexec_elf.c | 2
kernel/reboot.c | 84
kernel/rseq.c | 80
kernel/sched/core.c | 8
kernel/sched/deadline.c | 37
kernel/sched/debug.c | 8
kernel/sched/fair.c | 50
kernel/sched/rt.c | 2
kernel/sched/sched.h | 2
kernel/sched/topology.c | 15
kernel/seccomp.c | 14
kernel/trace/bpf_trace.c | 2
kernel/trace/ring_buffer.c | 4
kernel/trace/trace_events.c | 7
kernel/trace/trace_events_synth.c | 36
kernel/trace/trace_functions_graph.c | 1
kernel/trace/trace_irqsoff.c | 2
kernel/trace/trace_osnoise.c | 1
kernel/trace/trace_sched_wakeup.c | 2
kernel/watch_queue.c | 9
kernel/watchdog.c | 25
kernel/watchdog_perf.c | 28
lib/842/842_compress.c | 2
lib/stackinit_kunit.c | 30
lib/vsprintf.c | 2
mm/gup.c | 3
mm/memory.c | 13
mm/page-writeback.c | 37
mm/zswap.c | 30
net/ax25/af_ax25.c | 30
net/ax25/ax25_route.c | 74
net/bluetooth/hci_core.c | 62
net/bluetooth/hci_event.c | 25
net/bluetooth/hci_sync.c | 30
net/bridge/br_ioctl.c | 36
net/bridge/br_private.h | 3
net/core/dev_ioctl.c | 19
net/core/dst.c | 8
net/core/netdev-genl.c | 2
net/core/rtnetlink.c | 3
net/core/rtnl_net_debug.c | 2
net/ipv4/ip_tunnel_core.c | 4
net/ipv4/udp.c | 42
net/ipv6/addrconf.c | 37
net/ipv6/calipso.c | 21
net/ipv6/route.c | 42
net/mac80211/cfg.c | 12
net/mac80211/mlme.c | 9
net/netfilter/nf_tables_api.c | 4
net/netfilter/nf_tables_core.c | 11
net/netfilter/nfnetlink_queue.c | 2
net/netfilter/nft_set_hash.c | 3
net/netfilter/nft_tunnel.c | 6
net/openvswitch/actions.c | 6
net/sched/act_tunnel_key.c | 2
net/sched/cls_flower.c | 2
net/sched/sch_skbprio.c | 3
net/sctp/sysctl.c | 4
net/socket.c | 19
net/vmw_vsock/af_vsock.c | 6
net/wireless/core.c | 6
net/wireless/nl80211.c | 2
net/xdp/xsk.c | 8
net/xfrm/xfrm_device.c | 13
net/xfrm/xfrm_state.c | 32
net/xfrm/xfrm_user.c | 2
rust/Makefile | 4
rust/kernel/print.rs | 7
samples/bpf/Makefile | 2
samples/trace_events/trace-events-sample.h | 8
scripts/gdb/linux/symbols.py | 13
scripts/package/debian/rules | 6
scripts/selinux/install_policy.sh | 15
security/smack/smack.h | 6
security/smack/smack_lsm.c | 34
sound/core/timer.c | 147 -
sound/pci/hda/patch_realtek.c | 9
sound/soc/amd/acp/acp-legacy-common.c | 10
sound/soc/codecs/cs35l41-spi.c | 5
sound/soc/codecs/mt6359.c | 9
sound/soc/codecs/rt5665.c | 24
sound/soc/fsl/imx-card.c | 4
sound/soc/generic/simple-card-utils.c | 7
sound/soc/tegra/tegra210_adx.c | 6
sound/soc/ti/j721e-evm.c | 2
sound/usb/mixer_quirks.c | 7
tools/arch/x86/lib/insn.c | 2
tools/bpf/runqslower/Makefile | 3
tools/include/uapi/linux/if_xdp.h | 10
tools/include/uapi/linux/netdev.h | 3
tools/lib/bpf/btf.c | 4
tools/lib/bpf/linker.c | 2
tools/lib/bpf/str_error.c | 2
tools/lib/bpf/str_error.h | 7
tools/objtool/arch/loongarch/decode.c | 28
tools/objtool/arch/loongarch/include/arch/elf.h | 7
tools/objtool/arch/powerpc/decode.c | 14
tools/objtool/arch/x86/decode.c | 13
tools/objtool/check.c | 84
tools/objtool/elf.c | 6
tools/objtool/include/objtool/arch.h | 3
tools/objtool/include/objtool/elf.h | 27
tools/perf/Makefile.config | 10
tools/perf/Makefile.perf | 2
tools/perf/arch/powerpc/util/header.c | 4
tools/perf/arch/x86/util/topdown.c | 2
tools/perf/bench/syscall.c | 22
tools/perf/builtin-report.c | 32
tools/perf/pmu-events/arch/arm64/ampere/ampereonex/metrics.json | 10
tools/perf/pmu-events/empty-pmu-events.c | 8
tools/perf/pmu-events/jevents.py | 8
tools/perf/tests/hwmon_pmu.c | 16
tools/perf/tests/pmu.c | 85
tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2
tools/perf/tests/shell/record_bpf_filter.sh | 4
tools/perf/tests/shell/stat_all_pmu.sh | 48
tools/perf/tests/shell/test_data_symbol.sh | 17
tools/perf/tests/tool_pmu.c | 4
tools/perf/tests/workloads/datasym.c | 34
tools/perf/util/arm-spe.c | 8
tools/perf/util/bpf-filter.l | 2
tools/perf/util/comm.c | 2
tools/perf/util/debug.c | 2
tools/perf/util/dso.h | 4
tools/perf/util/evlist.c | 13
tools/perf/util/evsel.c | 16
tools/perf/util/expr.c | 2
tools/perf/util/hwmon_pmu.c | 14
tools/perf/util/hwmon_pmu.h | 16
tools/perf/util/intel-tpebs.c | 2
tools/perf/util/machine.c | 4
tools/perf/util/parse-events.c | 2
tools/perf/util/pmu.c | 263 +-
tools/perf/util/pmu.h | 12
tools/perf/util/pmus.c | 171 +
tools/perf/util/python.c | 17
tools/perf/util/stat-shadow.c | 3
tools/perf/util/stat.c | 13
tools/perf/util/tool_pmu.c | 34
tools/perf/util/tool_pmu.h | 2
tools/perf/util/units.c | 2
tools/power/x86/turbostat/turbostat.8 | 2
tools/power/x86/turbostat/turbostat.c | 30
tools/testing/selftests/bpf/Makefile | 1
tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1
tools/testing/selftests/bpf/progs/strncmp_bench.c | 5
tools/testing/selftests/mm/cow.c | 2
tools/testing/selftests/pcie_bwctrl/Makefile | 2
tools/verification/rv/Makefile.rv | 2
748 files changed, 9332 insertions(+), 7044 deletions(-)
Aaron Kling (1):
cpufreq: tegra194: Allow building for Tegra234
Acs, Jakub (1):
ext4: fix OOB read when checking dotdot dir
Aditya Kumar Singh (1):
wifi: nl80211: store chandef on the correct link when starting CAC
Adrián Larumbe (5):
drm/panthor: Fix race condition when gathering fdinfo group samples
drm/file: Add fdinfo helper for printing regions with prefix
drm/panthor: Expose size of driver internal BO's over fdinfo
drm/panthor: Replace sleep locks with spinlocks in fdinfo path
drm/panthor: Avoid sleep locking in the internal BO size path
Ahmad Fatoum (4):
arm64: dts: imx8mp-skov: correct PMIC board limits
arm64: dts: imx8mp-skov: operate CPU at 850 mV by default
reboot: replace __hw_protection_shutdown bool action parameter with an enum
reboot: reboot, not shutdown, on hw_protection_reboot timeout
Akhil R (10):
crypto: tegra - Use separate buffer for setkey
crypto: tegra - Do not use fixed size buffers
crypto: tegra - check return value for hash do_one_req
crypto: tegra - Transfer HASH init function to crypto engine
crypto: tegra - Fix HASH intermediate result handling
crypto: tegra - Use HMAC fallback when keyslots are full
crypto: tegra - Fix CMAC intermediate result handling
crypto: tegra - Set IV to NULL explicitly for AES ECB
crypto: tegra - finalize crypto req on error
crypto: tegra - Reserve keyslots to allocate dynamically
Akihiko Odaki (1):
virtio_net: Fix endian with virtio_net_ctrl_rss
Al Viro (3):
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
Alex Deucher (7):
drm/amdgpu/umsch: declare umsch firmware
drm/amdgpu/umsch: fix ucode check
drm/amdgpu/vcn5.0.1: use correct dpm helper
drm/amdgpu/mes: optimize compute loop handling
drm/amdgpu/mes: enable compute pipes across all MEC
drm/amdgpu/gfx11: fix num_mec
drm/amdgpu/gfx12: fix num_mec
Alexandre Ghiti (2):
riscv: Fix missing __free_pages() in check_vector_unaligned_access()
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
Alexandru Gagniuc (1):
kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
Alice Ryhl (1):
rust: fix signature of rust_fmt_argument
Alistair Popple (1):
fuse: fix dax truncate/punch_hole fault path
Andreas Gruenbacher (2):
gfs2: minor evict fix
gfs2: skip if we cannot defer delete
Andrew Jones (6):
riscv: Annotate unaligned access init functions
riscv: Fix riscv_online_cpu_vec
riscv: Fix check_unaligned_access_all_cpus
riscv: Change check_unaligned_access_speed_all_cpus to void
riscv: Fix set up of cpu hotplug callbacks
riscv: Fix set up of vector cpu hotplug callback
Andrii Nakryiko (1):
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
Andy Shevchenko (3):
auxdisplay: panel: Fix an API misuse in panel.c
pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
Angelo Dureghello (1):
iio: dac: adi-axi-dac: modify stream enable
AngeloGioacchino Del Regno (5):
soc: mediatek: mtk-mmsys: Fix MT8188 VDO1 DPI1 output selection
soc: mediatek: mt8167-mmsys: Fix missing regval in all entries
soc: mediatek: mt8365-mmsys: Fix routing table masks and values
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
Angelos Oikonomopoulos (1):
arm64: Don't call NULL in do_compat_alignment_fixup()
Anshuman Khandual (1):
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
Antoine Tenart (1):
net: decrease cached dst counters in dst_release
Antonio Quartulli (1):
scripts/gdb/linux/symbols.py: address changes to module_sect_attrs
Anuj Gupta (2):
block: ensure correct integrity capability propagation in stacked devices
block: Correctly initialize BLK_INTEGRITY_NOGENERATE and BLK_INTEGRITY_NOVERIFY
Armin Wolf (1):
platform/x86: dell-ddv: Fix temperature calculation
Arnaldo Carvalho de Melo (5):
perf units: Fix insufficient array space
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
Arnd Bergmann (6):
x86/platform: Only allow CONFIG_EISA for 32-bit
firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo()
dummycon: fix default rows/cols
mdacon: rework dependency list
crypto: bpf - Add MODULE_DESCRIPTION for skcipher
x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
Artur Weber (1):
power: supply: max77693: Fix wrong conversion of charge input threshold value
Asahi Lina (1):
iommu/io-pgtable-dart: Only set subpage protection disable for DART 1
Ashley Smith (1):
drm/panthor: Update CS_STATUS_ defines to correct values
Atish Patra (2):
RISC-V: KVM: Disable the kernel perf counter during configure
RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Aurabindo Pillai (1):
drm/amd/display: fix an indent issue in DML21
Bairavi Alagappan (2):
crypto: qat - set parity error mask for qat_420xx
crypto: qat - remove access to parity register for QAT GEN4
Baochen Qiang (1):
wifi: ath12k: use link specific bss_conf as well in ath12k_mac_vif_cache_flush()
Baokun Li (5):
ext4: convert EXT4_FLAGS_* defines to enum
ext4: add EXT4_FLAGS_EMERGENCY_RO bit
ext4: correct behavior under errors=remount-ro mode
ext4: show 'emergency_ro' when EXT4_FLAGS_EMERGENCY_RO is set
ext4: goto right label 'out_mmap_sem' in ext4_setattr()
Bard Liao (1):
soundwire: take in count the bandwidth of a prepared stream
Barnabás Czémán (1):
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Bart Van Assche (5):
wifi: ath12k: Fix locking in "QMI firmware ready" error paths
scsi: mpi3mr: Fix locking in an error path
scsi: mpt3sas: Fix a locking bug in an error path
drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()
fs/procfs: fix the comment above proc_pid_wchan()
Bartosz Golaszewski (1):
pinctrl: bcm2835: don't -EINVAL on alternate funcs from get_direction()
Basavaraj Natikar (2):
dmaengine: ae4dma: Use the MSI count and its corresponding IRQ number
dmaengine: ptdma: Utilize the AE4DMA engine's multi-queue functionality
Benjamin Berg (3):
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
um: remove copy_from_kernel_nofault_allowed
um: hostfs: avoid issues on inode number reuse by host
Benjamin Gaignard (1):
media: verisilicon: HEVC: Initialize start_bit field
Benson Leung (2):
usb: typec: thunderbolt: Fix loops that iterate TYPEC_PLUG_SOP_P and TYPEC_PLUG_SOP_PP
usb: typec: thunderbolt: Remove IS_ERR check for plug
Björn Töpel (1):
riscv/purgatory: 4B align purgatory_start
Boris Brezillon (1):
drm/panthor: Fix a race between the reset and suspend path
Boris Burkov (1):
btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
Boris Ostrovsky (1):
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
Caleb Sander Mateos (3):
io_uring/net: only import send_zc buffer once
io_uring: use lockless_cq flag in io_req_complete_post()
nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
Candice Li (1):
Remove unnecessary firmware version check for gc v9_4_2
Chao Gao (1):
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
Chao Yu (7):
f2fs: quota: fix to avoid warning in dquot_writeback_dquots()
f2fs: fix to avoid panic once fallocation fails for pinfile
f2fs: fix to set .discard_granularity correctly
f2fs: fix potential deadloop in prepare_compress_overwrite()
f2fs: fix to call f2fs_recover_quota_end() correctly
f2fs: fix to avoid accessing uninitialized curseg
f2fs: fix to avoid running out of free segments
Charles Han (3):
ext4: fix potential null dereference in ext4 kunit test
drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init
clk: mmp: Fix NULL vs IS_ERR() check
Chen-Yu Tsai (3):
arm64: dts: mediatek: mt8173-elm: Drop pmic's #address-cells and #size-cells
arm64: dts: mediatek: mt8173: Fix some node names
arm64: dts: rockchip: Remove bluetooth node from rock-3a
Cheng Xu (1):
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
Chenyuan Yang (3):
thermal: int340x: Add NULL check for adev
netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error
w1: fix NULL pointer dereference in probe
Chiara Meiohas (1):
RDMA/mlx5: Fix calculation of total invalidated pages
Christian Brauner (1):
fs: support O_PATH fds with FSCONFIG_SET_FD
Christian Eggers (1):
ARM: 9444/1: add KEEP() keyword to ARM_VECTORS
Christian Schoenebeck (1):
fs/9p: fix NULL pointer dereference on mkdir
Christophe JAILLET (4):
bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls
bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe()
PCI: histb: Fix an error handling path in histb_pcie_probe()
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
Christophe Leroy (2):
crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD
powerpc/kexec: fix physical address calculation in clear_utlb_entry()
Chuck Lever (5):
NFSD: Fix callback decoder status codes
NFSD: Add a Kconfig setting to enable delegated timestamps
NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs()
NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Chukun Pan (1):
arm64: dts: rockchip: Move rk356x scmi SHMEM to reserved memory
Chunhai Guo (1):
f2fs: fix missing discard for active segments
Claudiu Beznea (3):
pinctrl: renesas: rzg2l: Suppress binding attributes
clk: renesas: r8a08g045: Check the source of the CPU PLL settings
rtc: renesas-rtca3: Disable interrupts only if the RTC is enabled
Cong Wang (1):
net_sched: skbprio: Remove overly strict queue assertions
Cyan Yang (1):
selftests/mm/cow: fix the incorrect error handling
Dan Carpenter (7):
drm/msm/gem: Fix error code msm_parse_deps()
PCI: Remove stray put_device() in pci_register_host_bridge()
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
PCI: dwc: ep: Return -ENOMEM for allocation failures
fs/ntfs3: Fix a couple integer overflows on 32bit systems
fs/ntfs3: Prevent integer overflow in hdr_first_de()
nfs: Add missing release on error in nfs_lock_and_join_requests()
Daniel Stodden (1):
PCI/ASPM: Fix link state exit during switch upstream function removal
Danila Chernetsov (1):
fbdev: sm501fb: Add some geometry checks.
Dapeng Mi (1):
perf x86/topdown: Fix topdown leader sampling test error on hybrid
Dario Binacchi (1):
clk: stm32f4: fix an uninitialized variable
Dave Marquardt (1):
net: ibmveth: make veth_pool_store stop hanging
Dave Penkler (7):
staging: gpib: Add missing interface entry point
staging: gpib: Fix pr_err format warning
staging: gpib: Fix cb7210 pcmcia Oops
staging: gpib: ni_usb console messaging cleanup
staging: gpib: Fix Oops after disconnect in ni_usb
staging: gpib: agilent usb console messaging cleanup
staging: gpib: Fix Oops after disconnect in agilent usb
David Gow (1):
um: Pass the correct Rust target and options with gcc
David Hildenbrand (3):
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
David Laight (1):
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
David Oberhollenzer (1):
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
Debin Zhu (1):
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Dhananjay Ugwekar (4):
cpufreq/amd-pstate: Modify the min_perf calculation in adjust_perf callback
cpufreq/amd-pstate: Pass min/max_limit_perf as min/max_perf to amd_pstate_update
cpufreq/amd-pstate: Convert all perf values to u8
cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update
Dmitry Antipov (3):
wifi: ath9k: do not submit zero bytes to the entropy pool
jfs: reject on-disk inodes of an unsupported type
wifi: rtw89: rtw8852b{t}: fix TSSI debug timestamps
Dmitry Baryshkov (4):
drm/msm/dpu: don't use active in atomic_check()
drm/msm/dpu: move needs_cdm setting to dpu_encoder_get_topology()
drm/msm/dpu: simplify dpu_encoder_get_topology() interface
drm/msm/dpu: don't set crtc_state->mode_changed from atomic_check()
Dmitry Vyukov (1):
perf report: Fix input reload/switch with symbol sort key
Douglas Anderson (1):
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
Douglas Raillard (2):
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
Eduard Christian Dumitrescu (1):
platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560
Edward Adam Davis (1):
wifi: cfg80211: init wiphy_work before allocating rfkill fails
Edward Cree (2):
sfc: rip out MDIO support
sfc: fix NULL dereferences in ef100_process_design_param()
Emil Tantilov (2):
idpf: check error for register_netdev() on init
idpf: fix adapter NULL pointer dereference on reboot
Eric Dumazet (1):
sctp: add mutual exclusion in proc_sctp_do_udp_port()
Eric Sandeen (1):
watch_queue: fix pipe accounting mismatch
Fabrizio Castro (3):
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
Feng Tang (1):
PCI/portdrv: Only disable pciehp interrupts early when needed
Feng Yang (1):
ring-buffer: Fix bytes_dropped calculation issue
Fernando Fernandez Mancera (1):
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Filipe Manana (2):
btrfs: get used bytes while holding lock at btrfs_reclaim_bgs_work()
btrfs: fix reclaimed bytes accounting after automatic block group reclaim
Florian Fainelli (2):
spi: bcm2835: Do not call gpiod_put() on invalid descriptor
spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
Florian Westphal (1):
netfilter: nf_tables: don't unregister hook when table is dormant
Francesco Dolcini (1):
arm64: dts: ti: k3-am62p: Enable AUDIO_REFCLKx
Frieder Schrempf (1):
regulator: pca9450: Fix enable register for LDO5
Gabriele Monaco (1):
tracing: Fix DECLARE_TRACE_CONDITION
Gao Xiang (1):
erofs: allow 16-byte volume name again
Geert Uytterhoeven (5):
m68k: sun3: Fix DEBUG_MMU_EMU build
auxdisplay: MAX6959 should select BITREVERSE
arm64: dts: renesas: r8a774c0: Re-add voltages to OPP table
arm64: dts: renesas: r8a77990: Re-add voltages to OPP table
drm/bridge: ti-sn65dsi86: Fix multiple instances
Geetha sowjanya (2):
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Gergo Koteles (1):
ACPI: video: Handle fetching EDID as ACPI_TYPE_PACKAGE
Giovanni Gherdovich (1):
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Greg Kroah-Hartman (1):
Linux 6.14.2
Guilherme G. Piccoli (1):
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Guillaume Nault (1):
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Guixin Liu (1):
scsi: target: tcm_loop: Fix wrong abort tag
Hans Zhang (1):
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Hans de Goede (1):
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
Heiko Stuebner (1):
phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id
Hengqi Chen (3):
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Don't override subprog's return value
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
Henry Martin (2):
ASoC: imx-card: Add NULL check in imx_card_probe()
arcnet: Add NULL check in com20020pci_probe()
Herbert Xu (4):
crypto: iaa - Test the correct request flag
crypto: api - Fix larval relookup type and mask
crypto: api - Call crypto_alg_put in crypto_unregister_alg
crypto: nx - Fix uninitialised hv_nxc on error
Hermes Wu (1):
drm/bridge: it6505: fix HDCP V match check is not performed correctly
Herton R. Krzesinski (1):
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
Hou Tao (1):
bpf: Use preempt_count() directly in bpf_send_signal_common()
Hrushikesh Salunke (1):
arm64: dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C
Huacai Chen (2):
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
LoongArch: Increase MAX_IO_PICS up to 8
Ian Rogers (10):
libbpf: Add namespace for errstr making it libbpf_errstr
perf stat: Fix find_stat for mixed legacy/non-legacy events
perf stat: Don't merge counters purely on name
perf pmus: Restructure pmu_read_sysfs to scan fewer PMUs
tools/x86: Fix linux/unaligned.h include path in lib/insn.c
perf tests: Fix data symbol test with LTO builds
perf debug: Avoid stack overflow in recursive error message
perf evlist: Add success path to evlist__create_syswide_maps
perf evsel: tp_format accessing improvements
perf pmu: Rename name matching for no suffix or wildcard variants
Ido Schimmel (2):
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
Ilkka Koskinen (2):
coresight: catu: Fix number of pages while using 64k pages
perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
Ilpo Järvinen (8):
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static
platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static
PCI: Remove add_align overwrite unrelated to size0
PCI: Simplify size1 assignment logic
PCI: Allow relaxed bridge window tail sizing for optional resources
PCI: Fix BAR resizing when VF BARs are assigned
PCI: pciehp: Don't enable HPIE when resuming in poll mode
PCI/bwctrl: Fix pcie_bwctrl_select_speed() return type
Jacky Bai (2):
cpuidle: Init cpuidle only for present CPUs
cpufreq: Init cpufreq only for present CPUs
Jacob Keller (5):
igb: reject invalid external timestamp requests for 82580-based HW
renesas: reject PTP_STRICT_FLAGS as unsupported
net: lan743x: reject unsupported external timestamp requests
broadcom: fix supported flag check in periodic output function
ptp: ocp: reject unsupported periodic output flags
Jakub Kicinski (1):
netlink: specs: rt_route: pull the ifa- prefix out of the names
James Clark (5):
perf: Always feature test reallocarray
perf tests: Fix Tool PMU test segfault
perf pmu: Dynamically allocate tool PMU
perf pmu: Don't double count common sysfs and json events
perf: intel-tpebs: Fix incorrect usage of zfree()
James Morse (1):
x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
Jan Glaza (3):
virtchnl: make proto and filter action count unsigned
ice: stop truncating queue ids when checking
ice: validate queue quanta parameters to prevent OOB access
Jan Kara (1):
ext4: verify fast symlink length
Jann Horn (5):
rwonce: handle KCSAN like KASAN in read_word_at_a_time()
rwonce: fix crash by removing READ_ONCE() for unaligned read
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Jason-JH Lin (1):
drm/mediatek: Fix config_updating flag never false when no mbox channel
Javier Carrasco (3):
iio: light: veml6030: extend regmap to support regfields
iio: gts-helper: export iio_gts_get_total_gain()
iio: light: veml6030: fix scale to conform to ABI
Javier Martinez Canillas (1):
drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
Jayesh Choudhary (1):
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Jeff Chen (2):
wifi: mwifiex: Fix premature release of RF calibration data.
wifi: mwifiex: Fix RF calibration data download from file
Jeff Layton (2):
nfsd: don't ignore the return code of svc_proc_register()
nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
Jens Axboe (1):
io_uring/net: improve recv bundles
Jerome Brunet (4):
clk: amlogic: gxbb: drop incorrect flag on 32k clock
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
clk: amlogic: g12a: fix mmc A peripheral clock
Jesse Brandeburg (1):
ice: fix reservation of resources for RDMA when disabled
Jianfeng Liu (1):
arm64: dts: rockchip: Fix pcie reset gpio on Orange Pi 5 Max
Jiawen Wu (2):
net: libwx: fix Tx descriptor content for some tunnel packets
net: libwx: fix Tx L4 checksum
Jiayuan Chen (1):
bpf: Fix array bounds error with may_goto
Jie Zhan (1):
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Jim Liu (1):
net: phy: broadcom: Correct BCM5221 PHY model detection
Jim Quinlan (4):
PCI: brcmstb: Set generation limit before PCIe link up
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
Jinghao Jia (1):
samples/bpf: Fix broken vmlinux path for VMLINUX_BTF
Jiri Kosina (1):
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Jiri Olsa (1):
uprobes/x86: Harden uretprobe syscall trampoline check
Jiri Slaby (SUSE) (1):
tty: n_tty: use uint for space returned by tty_write_room()
Joe Hattori (2):
media: platform: allgro-dvt: unregister v4l2_device on the error path
soundwire: slave: fix an OF node reference leak in soundwire slave device
Johannes Berg (1):
wifi: mac80211: remove SSID from ML reconf
John Keeping (3):
drm/ssd130x: fix ssd132x encoding
drm/ssd130x: ensure ssd132x pitch is correct
drm/panel: ilitek-ili9882t: fix GPIO name in error message
Jonathan Cameron (3):
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
iio: core: Rework claim and release of direct mode to work with sparse.
Jonathan Santos (1):
iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset
Josh Poimboeuf (11):
x86/traps: Make exc_double_fault() consistently noreturn
objtool: Fix detection of consecutive jump tables on Clang 20
objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
objtool: Fix segfault in ignore_unreachable_insn()
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
objtool/loongarch: Add unwind hints in prepare_frametrace()
spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
José Expósito (1):
drm/vkms: Fix use after free and double free on init error
Juhan Jin (1):
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Juri Lelli (5):
sched/deadline: Ignore special tasks when rebuilding domains
sched/topology: Wrappers for sched_domains_mutex
sched/deadline: Generalize unique visiting of root domains
sched/deadline: Rebuild root domain accounting after every update
include/{topology,cpuset}: Move dl_rebuild_rd_accounting to cpuset.h
Kai-Heng Feng (1):
PCI: Use downstream bridges for distributing resources
Kan Liang (5):
perf: Save PMU specific data in task_struct
perf: Supply task information to sched_task()
perf/x86/lbr: Fix shorter LBRs call stacks for the system-wide mode
perf tools: Add skip check in tool_pmu__event_to_str()
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
Kang Yang (1):
wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode
Karan Sanghavi (1):
iio: light: Add check for array bounds in veml6075_read_int_time_ms
Karel Balej (1):
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Karol Kolacinski (1):
ice: ensure periodic output start time is in the future
Kees Bakker (1):
RDMA/mana_ib: Ensure variable err is initialized
Kees Cook (1):
kunit/stackinit: Use fill byte different from Clang i386 pattern
Kemeng Shi (1):
ext4: add missing brelse() for bh2 in ext4_dx_add_entry()
Kent Overstreet (1):
bcachefs: bch2_ioctl_subvolume_destroy() fixes
Kevin Loughlin (1):
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
Kirill A. Shutemov (1):
x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
Konrad Dybcio (1):
clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
Konstantin Andreev (2):
smack: dont compile ipv6 code unless ipv6 is configured
smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
Konstantin Komarov (1):
fs/ntfs3: Update inode->i_mapping->a_ops on compression state
Krzysztof Kozlowski (1):
drm/msm/dsi/phy: Program clock inverters in correct register
Kuninori Morimoto (1):
ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai()
Kuniyuki Iwashima (4):
net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
rtnetlink: Use register_pernet_subsys() in rtnl_net_debug_init().
udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
udp: Fix memory accounting leak.
Lama Kayal (1):
net/mlx5e: SHAMPO, Make reserved size independent of page size
Laurentiu Mihalcea (3):
arm64: dts: imx8mp: add AUDIO_AXI_CLK_ROOT to AUDIOMIX block
arm64: dts: imx8mp: change AUDIO_AXI_CLK_ROOT freq. to 800MHz
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
Len Brown (1):
tools/power turbostat: report CoreThr per measurement interval
Leo Stone (1):
f2fs: add check for deleted inode
Leo Yan (1):
perf arm-spe: Fix load-store operation checking
Leon Romanovsky (1):
xfrm: delay initialization of offload path till its actually requested
Li Huafei (1):
watchdog/hardlockup/perf: Fix perf_event memory leak
Li Lingfeng (1):
nfsd: put dl_stid if fail to queue dl_recall
Li Nan (8):
md: ensure resync is prioritized over recovery
badblocks: Fix error shitf ops
badblocks: factor out a helper try_adjacent_combine
badblocks: attempt to merge adjacent badblocks during ack_all_badblocks
badblocks: return error directly when setting badblocks exceeds 512
badblocks: return error if any badblock set fails
badblocks: fix the using of MAX_BADBLOCKS
badblocks: fix merge issue when new badblocks align with pre+1
Liang Jie (1):
wifi: rtw89: Correct immediate cfg_len calculation for scan_offload_be
Likhitha Korrapati (1):
perf tools: Fix is_compat_mode build break in ppc64
Lin Ma (2):
netfilter: nft_tunnel: fix geneve_opt type confusion addition
net: fix geneve_opt length integer overflow
Lizhi Hou (1):
accel/amdxdna: Return error when setting clock failed for npu1
Lorenzo Bianconi (4):
net: airoha: Fix lan4 support in airoha_qdma_get_gdm_port()
PCI: mediatek-gen3: Configure PBUS_CSR registers for EN7581 SoC
net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue()
net: airoha: Fix ETS priomap validation
Louis-Alexis Eyraud (3):
arm64: dts: mediatek: mt8390-genio-700-evk: Move common parts to dtsi
arm64: dts: mediatek: mt8390-genio-common: Fix duplicated regulator name
ASoC: mediatek: mt6359: Fix DT parse error due to wrong child node name
Lubomir Rintel (1):
rndis_host: Flag RNDIS modems as WWAN devices
Luca Ceresoli (1):
perf build: Fix in-tree build due to symbolic link
Luca Weiss (4):
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Luiz Augusto von Dentz (2):
Bluetooth: hci_core: Enable buffer flow control for SCO/eSCO
Bluetooth: hci_event: Fix handling of HCI_EV_LE_DIRECT_ADV_REPORT
Lukas Wunner (1):
PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion
Lukasz Czapnik (1):
ice: fix input validation for virtchnl BW
Macpaul Lin (1):
arm64: dts: mediatek: mt6359: fix dtbs_check error for audio-codec
Maher Sanalla (1):
IB/mad: Check available slots before posting receive WRs
Maksim Davydov (1):
x86/split_lock: Fix the delayed detection logic
Manikanta Mylavarapu (2):
drivers: clk: qcom: ipq5424: fix the freq table of sdcc1_apps clock
clk: qcom: ipq5424: fix software and hardware flow control error of UART
Manivannan Sadhasivam (2):
wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path
Marcus Meissner (1):
perf tools: annotate asm_pure_loop.S
Marek Behún (5):
net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
net: dsa: mv88e6xxx: enable PVT for 6321 switch
net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
net: dsa: mv88e6xxx: fix VTU methods for 6320 family
net: dsa: mv88e6xxx: enable STU methods for 6320 family
Marijn Suijten (4):
drm/msm/dsi: Use existing per-interface slice count in DSC timing
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
drm/msm/dpu: Fall back to a single DSC encoder (1:1:1) on small SoCs
drm/msm/dpu: Remove arbitrary limit of 1 interface in DSC topology
Mario Limonciello (1):
ucsi_ccg: Don't show failed to get FW build information error
Mark Bloch (1):
net/mlx5: LAG, reload representors on LAG creation failure
Mark Harmstone (1):
btrfs: don't clobber ret in btrfs_validate_super()
Mark Zhang (1):
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Markus Elfring (2):
fbdev: au1100fb: Move a variable assignment behind a null pointer check
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Mateusz Polchlopek (1):
ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()
Maud Spierings (1):
dt-bindings: vendor-prefixes: add GOcontroll
Maurizio Lombardi (1):
nvme-pci: skip nvme_write_sq_db on empty rqlist
Max Kellermann (3):
io_uring/io-wq: eliminate redundant io_work_get_acct() calls
io_uring/io-wq: cache work->flags in variable
io_uring/io-wq: do not use bogus hash value
Max Merchel (1):
ARM: dts: imx6ul-tqma6ul1: Change include order to disable fec2 node
Maxim Mikityanskiy (1):
net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context
Miaoqian Lin (3):
ksmbd: use aead_request_free to match aead_request_alloc
LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
mmc: omap: Fix memory leak in mmc_omap_new_slot
Michael Chan (2):
bnxt_en: Mask the bd_cnt field in the TX BD properly
bnxt_en: Linearize TX SKB if the fragments exceed the max
Michael Guralnik (2):
RDMA/mlx5: Fix page_size variable overflow
RDMA/mlx5: Fix MR cache initialization error flow
Michael Jeanson (1):
rseq: Update kernel fields in lockstep with CONFIG_DEBUG_RSEQ=y
Michael Walle (2):
arm64: dts: ti: k3-am62p: fix pinctrl settings
arm64: dts: ti: k3-j722s: fix pinctrl settings
Mike Christie (1):
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
Mike Rapoport (Microsoft) (1):
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Mikhail Lobanov (1):
wifi: mac80211: check basic rates validity in sta_link_apply_parameters
Ming Lei (2):
block: fix adding folio to bio
ublk: make sure ubq->canceling is set when queue is frozen
Ming Yen Hsieh (2):
wifi: mt76: mt7925: remove unused acpi function for clc
wifi: mt76: mt7921: fix kernel panic due to null pointer dereference
Moshe Shemesh (1):
net/mlx5: Start health poll after enable hca
Murad Masimov (3):
ax25: Remove broken autobind
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
media: streamzap: fix race between device disconnection and urb callback
Namhyung Kim (4):
perf report: Switch data file correctly in TUI
perf machine: Fixup kernel maps ends after adding extra maps
perf test: Add timeout to datasym workload
perf bpf-filter: Fix a parsing error with comma
Namjae Jeon (6):
ksmbd: fix multichannel connection failure
ksmbd: fix r_count dec/increment mismatch
ksmbd: add bounds check for durable handle context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
ksmbd: fix null pointer dereference in alloc_preauth_hash()
Nathan Chancellor (3):
crypto: tegra - Fix format specifier in tegra_sha_prep_cmd()
ACPI: platform-profile: Fix CFI violation when accessing sysfs files
ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
Neeraj Sanjay Kale (1):
Bluetooth: btnxpuart: Fix kernel panic during FW release
Neil Armstrong (1):
clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
NeilBrown (1):
NFS: fix open_owner_id_maxsz and related fields.
Nick Child (1):
ibmvnic: Use kernel helpers for hex dumps
Nicolas Bouchinet (1):
coredump: Fixes core_pipe_limit sysctl proc_handler
Nicolas Escande (2):
wifi: ath12k: fix skb_ext_desc leak in ath12k_dp_tx() error path
wifi: ath12k: Add missing htt_metadata flag in ath12k_dp_tx()
Nicolas Frattaroli (1):
arm64: dts: rockchip: remove ethm0_clk0_25m_out from Sige5 gmac0
Nikita Shubin (1):
ntb: intel: Fix using link status DB's
Nikita Zhandarovich (3):
wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show()
mfd: sm501: Switch to BIT() to mitigate integer overflows
media: vimc: skip .s_stream() for stopped entities
Niklas Cassel (5):
ata: libata: Fix NCQ Non-Data log not supported print
nvmet: pci-epf: Always configure BAR0 as 64-bit
misc: pci_endpoint_test: Fix pci_endpoint_test_bars_read_bar() error handling
misc: pci_endpoint_test: Handle BAR sizes larger than INT_MAX
PCI: endpoint: pci-epf-test: Handle endianness properly
Niklas Neronin (1):
usb: xhci: correct debug message page size calculation
Niklas Schnelle (1):
s390: Remove ioremap_wt() and pgprot_writethrough()
Nishanth Aravamudan (1):
PCI: Avoid reset when disabled via sysfs
Norbert Szetei (3):
ksmbd: add bounds check for create lease context
ksmbd: fix overflow in dacloffset bounds check
ksmbd: validate zero num_subauth before sub_auth is accessed
Nuno Sá (1):
iio: backend: make sure to NULL terminate stack buffer
Ojaswin Mujoo (2):
ext4: define ext4_journal_destroy wrapper
ext4: avoid journaling sb update on error if journal is destroying
Oleg Nesterov (2):
seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER
exec: fix the racy usage of fs_struct->in_exec
Oleksij Rempel (1):
net: dsa: microchip: fix DCB apptrust configuration on KSZ88x3
Olga Kornievskaia (1):
nfsd: fix management of listener transports
Olivia Mackintosh (1):
ALSA: usb-audio: separate DJM-A9 cap lvl options
P Praneesh (1):
wifi: ath11k: fix RCU stall while reaping monitor destination ring
Pablo Neira Ayuso (1):
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Palmer Dabbelt (1):
RISC-V: errata: Use medany for relocatable builds
Paolo Bonzini (1):
KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected
Patrisious Haddad (1):
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Paul Menzel (2):
scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Pavel Begunkov (2):
io_uring: check for iowq alloc_workqueue failure
io_uring: fix retry handling off iowq
Pedro Nishiyama (3):
Bluetooth: Add quirk for broken READ_VOICE_SETTING
Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE
Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers
Peng Fan (3):
remoteproc: core: Clear table_sz when rproc_shutdown
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
dmaengine: fsl-edma: free irq correctly in remove path
Peter Geis (1):
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Peter Zijlstra (1):
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
Peter Zijlstra (Intel) (1):
perf/x86/intel: Apply static call for drain_pebs
Ping-Ke Shih (2):
wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm()
wifi: rtw89: pci: correct ISR RDU bit for 8922AE
Piotr Kwapulinski (1):
ixgbe: fix media type detection for E610 device
Pranjal Shrivastava (1):
net: Fix the devmem sock opts and msgs for parisc
Prathamesh Shete (1):
pinctrl: tegra: Set SFIO mode to Mux Register
Przemek Kitszel (1):
ice: health.c: fix compilation on gcc 7.5
Pu Lehui (2):
riscv: fgraph: Select HAVE_FUNCTION_GRAPH_TRACER depends on HAVE_DYNAMIC_FTRACE_WITH_ARGS
riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler
Qasim Ijaz (2):
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
jfs: fix slab-out-of-bounds read in ea_get()
Qiuxu Zhuo (5):
EDAC/igen6: Fix the flood of invalid error reports
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
Rafael J. Wysocki (2):
PM: sleep: Adjust check before setting power.must_resume
PM: sleep: Fix handling devices with direct_complete set on errors
Rameshkumar Sundaram (1):
wifi: ath12k: Fix pdev lookup in WBM error processing
Ran Xiaokai (1):
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Remi Pommarel (1):
leds: Fix LED_OFF brightness race
Richard Fitzgerald (1):
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
Ritu Chaudhary (1):
ASoC: tegra: Use non-atomic timeout for ADX status register
Rob Clark (1):
drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
Robin Murphy (2):
iommu: Handle race with default domain setup
media: omap3isp: Handle ARM dma_iommu_mapping
Robin van der Gracht (1):
can: rockchip_canfd: rkcanfd_chip_fifo_setup(): remove duplicated setup of RX FIFO
Roman Gushchin (1):
RDMA/core: Don't expose hw_counters outside of init net namespace
Roman Smirnov (1):
jfs: add index corruption check to DT_GETPAGE()
Saket Kumar Bhaskar (1):
selftests/bpf: Select NUMA_NO_NODE to create map
Saleemkhan Jamadar (1):
drm/amdgpu/umsch: remove vpe test from umsch
Sankararaman Jayaraman (1):
vmxnet3: unregister xdp rxq info in the reset path
Sathishkumar Muruganandam (1):
wifi: ath12k: encode max Tx power in scan channel list command
Sean Christopherson (1):
KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
Sebastian Andrzej Siewior (1):
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Shay Drory (1):
PCI: Fix NULL dereference in SR-IOV VF creation error path
Sherry Sun (4):
tty: serial: fsl_lpuart: Use u32 and u8 for register variables
tty: serial: fsl_lpuart: use port struct directly to simply code
tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register
Shuai Xue (1):
x86/mce: use is_copy_from_user() to determine copy-from-user context
Sicelo A. Mhlongo (1):
power: supply: bq27xxx_battery: do not update cached flags prematurely
Song Yoong Siang (3):
xsk: Add launch time hardware offload support to XDP Tx metadata
igc: Refactor empty frame insertion for launch time support
igc: Add launch time support to XDP ZC
Sourabh Jain (1):
kexec: initialize ELF lowest address to ULONG_MAX
Srinivas Pandruvada (1):
platform/x86: ISST: Correct command storage data length
Srinivasan Shanmugam (2):
drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
Stanislav Spassov (1):
x86/fpu: Fix guest FPU state buffer allocation size
Stanley Chu (1):
i3c: master: svc: Fix missing the IBI rules
Stefan Eichenberger (1):
arm64: dts: ti: k3-am62-verdin-dahlia: add Microphone Jack to sound card
Stefan Wahren (3):
staging: vchiq_arm: Register debugfs after cdev
staging: vchiq_arm: Fix possible NPR of keep-alive thread
staging: vchiq_arm: Stop kthreads if vchiq cdev register fails
Stefano Garzarella (1):
vsock: avoid timeout during connect() if the socket is closing
Stephen Brennan (1):
perf dso: fix dso__is_kallsyms() check
Steven Price (1):
drm/panthor: Clean up FW version information display
Steven Rostedt (2):
tracing: Verify event formats that have "%*p.."
tracing: Do not use PERF enums when perf is not defined
Su Yue (1):
md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Sudeep Holla (4):
firmware: arm_ffa: Unregister the FF-A devices when cleaning up the partitions
firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison
firmware: arm_ffa: Explicitly cast return value from NOTIFICATION_INFO_GET
firmware: arm_ffa: Skip the first/partition ID when parsing vCPU list
Sungjong Seo (2):
exfat: fix random stack corruption after get_block
exfat: fix potential wrong error return from get_block
Suzuki K Poulose (3):
dma: Fix encryption bit clearing for dma_to_phys
dma: Introduce generic dma_addr_*crypted helpers
arm64: realm: Use aliased addresses for device DMA to shared buffers
Sven Schnelle (1):
s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation
Taehee Yoo (1):
eth: bnxt: fix out-of-range access of vnic_info array
Takashi Iwai (5):
ALSA: hda/realtek: Always honor no_shutup_pins
ALSA: timer: Don't take register_mutex with copy_from/to_user()
ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
Tang Yizhou (2):
writeback: let trace_balance_dirty_pages() take struct dtc as parameter
writeback: fix calculations in trace_balance_dirty_pages() for cgwb
Tanya Agarwal (1):
lib: 842: Improve error handling in sw842_compress()
Tao Chen (1):
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Tengda Wu (2):
selftests/bpf: Fix freplace_link segfault in tailcalls prog test
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Thadeu Lima de Souza Cascardo (2):
dlm: prevent NPD when writing a positive value to event_done
drm/amd/display: avoid NPD when ASIC does not support DMUB
Theodore Ts'o (1):
ext4: don't over-report free space or inodes in statvfs
Thippeswamy Havalige (1):
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Thomas Richter (3):
perf test: Fix Hwmon PMU test endianess issue
perf bench: Fix perf bench syscall loop count
perf pmu: Handle memory failure in tool_pmu__new()
Thomas Weißschuh (2):
x86/vdso: Fix latent bug in vclock_pages calculation
leds: st1202: Check for error code from devm_mutex_init() call
Thorsten Blum (1):
m68k: sun3: Use str_read_write() helper in mmu_emu_handle_fault()
Tianchen Ding (1):
sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks
Tianyu Lan (1):
x86/hyperv: Fix check of return value from snp_set_vmsa()
Tiezhu Yang (3):
objtool: Handle various symbol types of rodata
objtool: Handle different entry size of rodata
objtool: Handle PC relative relocation type
Tim Schumacher (1):
selinux: Chain up tool resolving errors in install_policy.sh
Tingbo Liao (1):
riscv: Fix the __riscv_copy_vec_words_unaligned implementation
Tobias Waldekranz (1):
net: mvpp2: Prevent parser TCAM memory corruption
Tom Rini (1):
ARM: dts: omap4-panda-a4: Add missing model and compatible properties
Tomas Glozar (1):
tools/rv: Keep user LDFLAGS in build
Tomi Valkeinen (1):
drm: xlnx: zynqmp: Fix max dma segment size
Tony Ambardar (2):
selftests/bpf: Fix runqslower cross-endian build
libbpf: Fix accessing BTF.ext core_relo header
Trond Myklebust (5):
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
NFSv4: Avoid unnecessary scans of filesystems for returning delegations
NFSv4: Avoid unnecessary scans of filesystems for expired delegations
NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
NFS: Shut down the nfs_client only after all the superblocks
Tushar Dave (1):
PCI/ACS: Fix 'pci=config_acs=' parameter
Ulf Hansson (1):
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
Uwe Kleine-König (8):
iio: adc: ad7124: Micro-optimize channel disabling
iio: adc: ad7124: Really disable all channels at probe time
iio: adc: ad7173: Grab direct mode for calibration
iio: adc: ad7192: Grab direct mode for calibration
iio: adc: ad_sigma_delta: Disable channel after calibration
iio: adc: ad4130: Fix comparison of channel setups
iio: adc: ad7124: Fix comparison of channel configs
iio: adc: ad7173: Fix comparison of channel configs
Vaibhav Jain (1):
powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'
Vasant Hegde (1):
iommu/amd: Fix header file
Vasiliy Kovalev (3):
jfs: add check read-only before txBeginAnon() call
jfs: add check read-only before truncation in jfs_truncate_nolock()
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Venkata Prasad Potturu (1):
ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
Veronika Molnarova (1):
perf test stat_all_pmu.sh: Correctly check 'perf stat' result
Viktor Malik (1):
selftests/bpf: Fix string read in strncmp benchmark
Viresh Kumar (1):
firmware: arm_ffa: Refactor addition of partition information into XArray
Vishal Annapurve (1):
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
Vitalii Mordan (1):
gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
Vitaliy Shevtsov (2):
ASoC: cs35l41: check the return value from spi_setup()
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Vitaly Kuznetsov (1):
x86/entry: Add __init to ia32_emulation_override_cmdline()
Vitaly Lifshits (1):
e1000e: change k1 configuration on MTP and later platforms
Vladimir Lypak (1):
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Vladimir Oltean (3):
net: dsa: sja1105: fix displaced ethtool statistics counters
net: dsa: sja1105: reject other RX filters than HWTSTAMP_FILTER_PTP_V2_L2_EVENT
net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()
WANG Rui (1):
rust: Fix enabling Rust and building with GCC for LoongArch
Wang Liang (4):
bonding: check xdp prog when set bond mode
net: fix NULL pointer dereference in l3mdev_l3_rcv
RDMA/core: Fix use-after-free when rename device name
xsk: Fix __xsk_generic_xmit() error code when cq is full
Wang Zhaolong (1):
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
WangYuli (2):
netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE
mlxsw: spectrum_acl_bloom_filter: Workaround for some LLVM versions
Wayne Lin (1):
drm/dp_mst: Fix drm RAD print
Wen Gong (1):
wifi: ath11k: update channel list in reg notifier instead reg worker
Wenkai Lin (3):
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for sec spec check
crypto: hisilicon/sec2 - fix for aead auth key length
Wentao Guan (1):
Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel
Wentao Liang (1):
greybus: gb-beagleplay: Add error handling for gb_greybus_init
Will McVicker (1):
clk: samsung: Fix UBSAN panic in samsung_clk_init()
Xiao Ni (1):
md/raid10: wait barrier before returning discard request with REQ_NOWAIT
Xingui Yang (1):
scsi: hisi_sas: Fixed failure to issue vendor specific commands
Xueqi Zhang (1):
memory: mtk-smi: Add ostd setting for mt8192
Yajun Deng (1):
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Yang Wang (1):
drm/amdgpu: refine smu send msg debug log format
Yao Zi (2):
arm64: dts: rockchip: Fix PWM pinctrl names
riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
Ye Bin (5):
ext4: introduce ITAIL helper
ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
fs/ntfs3: Factor out ntfs_{create/remove}_procdir()
fs/ntfs3: Factor out ntfs_{create/remove}_proc_root()
fs/ntfs3: Fix 'proc_info_root' leak when init ntfs failed
Yeoreum Yun (1):
perf/core: Fix child_total_time_enabled accounting bug at task exit
Yi Lai (1):
selftests/pcie_bwctrl: Add 'set_pcie_speed.sh' to TEST_PROGS
Ying Lu (1):
usbnet:fix NPE during rx_complete
Yosry Ahmed (1):
mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
Yu Kuai (3):
md: fix mddev uaf while iterating all_mddevs list
md/raid1,raid10: don't ignore IO flags
blk-throttle: fix lower bps rate by throtl_trim_slice()
Yu Zhang(Yuriy) (1):
wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability
Yuanfang Zhang (1):
coresight-etm4x: add isb() before reading the TRCSTATR
Yue Haibing (2):
pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
drm/xe: Fix unmet direct dependencies warning
Yuezhang Mo (2):
exfat: fix the infinite loop in exfat_find_last_cluster()
exfat: fix missing shutdown check
Yuli Wang (1):
LoongArch: Rework the arch_kgdb_breakpoint() implementation
Yunhui Cui (1):
iommu/vt-d: Fix system hang on reboot -f
Zdenek Bouska (1):
igc: Fix TX drops in XDP ZC
Zhang Rui (2):
tools/power turbostat: Allow Zero return value for some RAPL registers
tools/power turbostat: Restore GFX sysfs fflush() call
Zhang Yi (2):
jbd2: fix off-by-one while erasing journal
jbd2: add a missing data flush during file and fs synchronization
Zheng Qixing (4):
md/raid1: fix memory leak in raid1_run() if no active rdev
badblocks: fix missing bad blocks on retry in _badblocks_check()
badblocks: return boolean from badblocks_set() and badblocks_clear()
badblocks: use sector_t instead of int to avoid truncation of badblocks length
Zijun Hu (1):
of: property: Increase NR_FWNODE_REFERENCE_ARGS
xueqin Luo (1):
thermal: core: Remove duplicate struct declaration
zihan zhou (1):
sched: Cancel the slice protection of the idle entity
zuoqian (1):
cpufreq: scpi: compare kHz instead of Hz
谢致邦 (XIE Zhibang) (2):
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
5 months, 2 weeks
- 1
- 1
Linux 6.13.11
by Greg Kroah-Hartman
I'm announcing the release of the 6.13.11 kernel.
All users of the 6.13 kernel series must upgrade.
The updated 6.13.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.13.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/vendor-prefixes.yaml | 2
Makefile | 2
arch/arm/Kconfig | 2
arch/arm/include/asm/vmlinux.lds.h | 12
arch/arm64/include/asm/mem_encrypt.h | 11
arch/arm64/kernel/compat_alignment.c | 2
arch/loongarch/Kconfig | 4
arch/loongarch/include/asm/cache.h | 2
arch/loongarch/include/asm/irq.h | 2
arch/loongarch/include/asm/stacktrace.h | 3
arch/loongarch/include/asm/unwind_hints.h | 10
arch/loongarch/kernel/env.c | 2
arch/loongarch/kernel/kgdb.c | 5
arch/loongarch/net/bpf_jit.c | 12
arch/loongarch/net/bpf_jit.h | 5
arch/powerpc/configs/mpc885_ads_defconfig | 2
arch/powerpc/crypto/Makefile | 1
arch/powerpc/kexec/relocate_32.S | 7
arch/powerpc/perf/vpa-pmu.c | 1
arch/powerpc/platforms/cell/spufs/gang.c | 1
arch/powerpc/platforms/cell/spufs/inode.c | 63 -
arch/powerpc/platforms/cell/spufs/spufs.h | 2
arch/riscv/errata/Makefile | 6
arch/riscv/include/asm/cpufeature.h | 4
arch/riscv/include/asm/ftrace.h | 4
arch/riscv/kernel/elf_kexec.c | 3
arch/riscv/kernel/traps_misaligned.c | 14
arch/riscv/kernel/unaligned_access_speed.c | 36
arch/riscv/kernel/vec-copy-unaligned.S | 2
arch/riscv/kvm/main.c | 4
arch/riscv/kvm/vcpu_pmu.c | 1
arch/riscv/mm/hugetlbpage.c | 76 -
arch/riscv/purgatory/entry.S | 1
arch/s390/include/asm/io.h | 2
arch/s390/include/asm/pgtable.h | 3
arch/s390/kernel/entry.S | 2
arch/s390/mm/pgtable.c | 10
arch/um/include/shared/os.h | 1
arch/um/kernel/Makefile | 2
arch/um/kernel/maccess.c | 19
arch/um/os-Linux/process.c | 51
arch/x86/Kconfig | 3
arch/x86/Kconfig.cpu | 2
arch/x86/Makefile.um | 7
arch/x86/coco/tdx/tdx.c | 26
arch/x86/entry/calling.h | 2
arch/x86/entry/common.c | 2
arch/x86/entry/vdso/vdso-layout.lds.S | 2
arch/x86/entry/vdso/vma.c | 2
arch/x86/events/intel/core.c | 43
arch/x86/events/intel/ds.c | 13
arch/x86/events/perf_event.h | 3
arch/x86/hyperv/hv_vtl.c | 1
arch/x86/hyperv/ivm.c | 5
arch/x86/include/asm/tdx.h | 4
arch/x86/include/asm/tlbflush.h | 2
arch/x86/include/asm/vdso/vsyscall.h | 1
arch/x86/kernel/cpu/bus_lock.c | 20
arch/x86/kernel/cpu/mce/severity.c | 11
arch/x86/kernel/cpu/microcode/amd.c | 2
arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3
arch/x86/kernel/cpu/sgx/driver.c | 10
arch/x86/kernel/dumpstack.c | 5
arch/x86/kernel/fpu/core.c | 6
arch/x86/kernel/process.c | 9
arch/x86/kernel/traps.c | 18
arch/x86/kernel/tsc.c | 4
arch/x86/kernel/uprobes.c | 14
arch/x86/kvm/svm/sev.c | 13
arch/x86/kvm/x86.c | 15
arch/x86/lib/copy_user_64.S | 18
arch/x86/mm/mem_encrypt_identity.c | 4
arch/x86/mm/pat/cpa-test.c | 2
arch/x86/mm/pat/memtype.c | 52
crypto/api.c | 17
crypto/bpf_crypto_skcipher.c | 1
drivers/acpi/acpi_video.c | 9
drivers/acpi/nfit/core.c | 2
drivers/acpi/processor_idle.c | 4
drivers/acpi/resource.c | 7
drivers/acpi/x86/utils.c | 3
drivers/auxdisplay/Kconfig | 1
drivers/auxdisplay/panel.c | 4
drivers/base/power/main.c | 21
drivers/base/power/runtime.c | 2
drivers/block/ublk_drv.c | 39
drivers/clk/imx/clk-imx8mp-audiomix.c | 6
drivers/clk/meson/g12a.c | 38
drivers/clk/meson/gxbb.c | 14
drivers/clk/mmp/clk-pxa1908-apmu.c | 4
drivers/clk/qcom/gcc-ipq5424.c | 24
drivers/clk/qcom/gcc-msm8953.c | 2
drivers/clk/qcom/gcc-sm8650.c | 4
drivers/clk/qcom/gcc-x1e80100.c | 30
drivers/clk/qcom/mmcc-sdm660.c | 2
drivers/clk/renesas/r9a08g045-cpg.c | 5
drivers/clk/renesas/rzg2l-cpg.c | 13
drivers/clk/renesas/rzg2l-cpg.h | 10
drivers/clk/rockchip/clk-rk3328.c | 2
drivers/clk/samsung/clk.c | 2
drivers/cpufreq/Kconfig.arm | 2
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpufreq/cpufreq-dt.c | 2
drivers/cpufreq/cpufreq_governor.c | 45
drivers/cpufreq/mediatek-cpufreq-hw.c | 2
drivers/cpufreq/mediatek-cpufreq.c | 2
drivers/cpufreq/mvebu-cpufreq.c | 2
drivers/cpufreq/qcom-cpufreq-hw.c | 2
drivers/cpufreq/qcom-cpufreq-nvmem.c | 8
drivers/cpufreq/scmi-cpufreq.c | 2
drivers/cpufreq/scpi-cpufreq.c | 7
drivers/cpufreq/sun50i-cpufreq-nvmem.c | 6
drivers/cpufreq/virtual-cpufreq.c | 2
drivers/cpuidle/cpuidle-arm.c | 8
drivers/cpuidle/cpuidle-big_little.c | 2
drivers/cpuidle/cpuidle-psci.c | 4
drivers/cpuidle/cpuidle-qcom-spm.c | 2
drivers/cpuidle/cpuidle-riscv-sbi.c | 4
drivers/crypto/hisilicon/sec2/sec.h | 1
drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 --
drivers/crypto/intel/iaa/iaa_crypto_main.c | 4
drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1
drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 -
drivers/crypto/nx/nx-common-pseries.c | 37
drivers/crypto/tegra/tegra-se-aes.c | 401 ++++---
drivers/crypto/tegra/tegra-se-hash.c | 287 +++--
drivers/crypto/tegra/tegra-se-key.c | 29
drivers/crypto/tegra/tegra-se-main.c | 16
drivers/crypto/tegra/tegra-se.h | 39
drivers/dma/fsl-edma-main.c | 14
drivers/edac/i10nm_base.c | 2
drivers/edac/ie31200_edac.c | 19
drivers/edac/igen6_edac.c | 21
drivers/edac/skx_common.c | 33
drivers/edac/skx_common.h | 11
drivers/firmware/cirrus/cs_dsp.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11
drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1
drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15
drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5
drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4
drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12
drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3
drivers/gpu/drm/amd/display/dmub/src/dmub_srv.c | 2
drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3
drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12
drivers/gpu/drm/bridge/ite-it6505.c | 7
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2
drivers/gpu/drm/display/drm_dp_mst_topology.c | 8
drivers/gpu/drm/mediatek/mtk_crtc.c | 7
drivers/gpu/drm/mediatek/mtk_dp.c | 6
drivers/gpu/drm/mediatek/mtk_dsi.c | 6
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33
drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3
drivers/gpu/drm/msm/dsi/dsi_host.c | 8
drivers/gpu/drm/msm/dsi/dsi_manager.c | 32
drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2
drivers/gpu/drm/msm/msm_dsc_helper.h | 11
drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2
drivers/gpu/drm/panthor/panthor_fw.c | 9
drivers/gpu/drm/panthor/panthor_fw.h | 6
drivers/gpu/drm/panthor/panthor_sched.c | 2
drivers/gpu/drm/solomon/ssd130x-spi.c | 7
drivers/gpu/drm/solomon/ssd130x.c | 6
drivers/gpu/drm/vkms/vkms_drv.c | 15
drivers/gpu/drm/xe/Kconfig | 2
drivers/gpu/drm/xe/xe_guc_pc.c | 53
drivers/gpu/drm/xlnx/zynqmp_dp.c | 2
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2
drivers/greybus/gb-beagleplay.c | 4
drivers/hid/Makefile | 1
drivers/hid/i2c-hid/i2c-hid-core.c | 2
drivers/hwmon/nct6775-core.c | 4
drivers/hwtracing/coresight/coresight-catu.c | 2
drivers/hwtracing/coresight/coresight-core.c | 20
drivers/hwtracing/coresight/coresight-etm4x-core.c | 48
drivers/i3c/master/svc-i3c-master.c | 2
drivers/iio/accel/mma8452.c | 10
drivers/iio/accel/msa311.c | 26
drivers/iio/adc/ad4130.c | 41
drivers/iio/adc/ad7124.c | 35
drivers/iio/adc/ad7173.c | 25
drivers/iio/adc/ad7768-1.c | 15
drivers/iio/dac/adi-axi-dac.c | 8
drivers/iio/industrialio-backend.c | 4
drivers/iio/light/veml6075.c | 8
drivers/infiniband/core/device.c | 18
drivers/infiniband/core/mad.c | 38
drivers/infiniband/core/sysfs.c | 1
drivers/infiniband/hw/erdma/erdma_cm.c | 1
drivers/infiniband/hw/mana/main.c | 2
drivers/infiniband/hw/mlx5/cq.c | 2
drivers/infiniband/hw/mlx5/mr.c | 41
drivers/infiniband/hw/mlx5/odp.c | 10
drivers/leds/led-core.c | 22
drivers/media/dvb-frontends/dib8000.c | 5
drivers/media/platform/allegro-dvt/allegro-core.c | 1
drivers/media/platform/ti/omap3isp/isp.c | 7
drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1
drivers/media/rc/streamzap.c | 2
drivers/media/test-drivers/vimc/vimc-streamer.c | 6
drivers/memory/omap-gpmc.c | 20
drivers/mfd/sm501.c | 6
drivers/mmc/host/omap.c | 19
drivers/mmc/host/sdhci-omap.c | 4
drivers/mmc/host/sdhci-pxav3.c | 1
drivers/net/arcnet/com20020-pci.c | 17
drivers/net/dsa/mv88e6xxx/chip.c | 11
drivers/net/dsa/mv88e6xxx/phy.c | 3
drivers/net/dsa/realtek/Kconfig | 2
drivers/net/ethernet/ibm/ibmveth.c | 39
drivers/net/ethernet/intel/e1000e/defines.h | 3
drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +
drivers/net/ethernet/intel/e1000e/ich8lan.h | 4
drivers/net/ethernet/intel/idpf/idpf_main.c | 6
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++-
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2
drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8
drivers/net/phy/broadcom.c | 6
drivers/net/usb/rndis_host.c | 16
drivers/net/usb/usbnet.c | 6
drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 +
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2
drivers/ntb/test/ntb_perf.c | 4
drivers/nvme/host/ioctl.c | 2
drivers/nvme/host/pci.c | 37
drivers/nvme/host/tcp.c | 5
drivers/nvme/target/debugfs.c | 2
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3
drivers/pci/controller/cadence/pcie-cadence.h | 2
drivers/pci/controller/dwc/pcie-designware-ep.c | 1
drivers/pci/controller/dwc/pcie-histb.c | 12
drivers/pci/controller/pcie-brcmstb.c | 16
drivers/pci/controller/pcie-xilinx-cpm.c | 10
drivers/pci/hotplug/pciehp_hpc.c | 4
drivers/pci/iov.c | 48
drivers/pci/pci-sysfs.c | 4
drivers/pci/pci.c | 22
drivers/pci/pcie/aspm.c | 17
drivers/pci/pcie/bwctrl.c | 6
drivers/pci/pcie/portdrv.c | 8
drivers/pci/probe.c | 5
drivers/pci/setup-bus.c | 4
drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50
drivers/pinctrl/intel/pinctrl-intel.c | 1
drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10
drivers/pinctrl/renesas/pinctrl-rza2.c | 2
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3
drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2
drivers/pinctrl/tegra/pinctrl-tegra.c | 3
drivers/platform/surface/surface_aggregator_registry.c | 5
drivers/platform/x86/amd/pmf/pmf.h | 5
drivers/platform/x86/amd/pmf/tee-if.c | 82 +
drivers/platform/x86/dell/dell-uart-backlight.c | 2
drivers/platform/x86/dell/dell-wmi-ddv.c | 6
drivers/platform/x86/intel/hid.c | 7
drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2
drivers/platform/x86/intel/vsec.c | 7
drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2
drivers/platform/x86/thinkpad_acpi.c | 11
drivers/power/supply/bq27xxx_battery.c | 1
drivers/power/supply/max77693_charger.c | 2
drivers/regulator/pca9450-regulator.c | 6
drivers/remoteproc/qcom_q6v5_mss.c | 21
drivers/remoteproc/qcom_q6v5_pas.c | 13
drivers/remoteproc/remoteproc_core.c | 1
drivers/rtc/rtc-renesas-rtca3.c | 15
drivers/soundwire/slave.c | 1
drivers/spi/spi-bcm2835.c | 18
drivers/spi/spi-cadence-xspi.c | 2
drivers/staging/gpib/agilent_82357a/agilent_82357a.c | 513 ++++-----
drivers/staging/gpib/cb7210/cb7210.c | 2
drivers/staging/gpib/common/gpib_os.c | 7
drivers/staging/gpib/hp_82341/hp_82341.c | 2
drivers/staging/gpib/include/gpibP.h | 2
drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 545 +++++-----
drivers/staging/gpib/ni_usb/ni_usb_gpib.h | 2
drivers/staging/rtl8723bs/Kconfig | 1
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 28
drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3
drivers/tty/n_tty.c | 13
drivers/tty/serial/fsl_lpuart.c | 312 ++---
drivers/usb/host/xhci-mem.c | 6
drivers/usb/typec/ucsi/ucsi_ccg.c | 5
drivers/vhost/scsi.c | 25
drivers/video/console/Kconfig | 6
drivers/video/fbdev/au1100fb.c | 4
drivers/video/fbdev/sm501fb.c | 7
drivers/w1/masters/w1-uart.c | 4
fs/9p/vfs_inode_dotl.c | 2
fs/affs/file.c | 9
fs/autofs/autofs_i.h | 2
fs/exec.c | 15
fs/exfat/fatent.c | 2
fs/exfat/file.c | 29
fs/exfat/inode.c | 41
fs/exfat/namei.c | 5
fs/ext4/dir.c | 3
fs/ext4/super.c | 27
fs/fsopen.c | 2
fs/fuse/dax.c | 1
fs/fuse/dir.c | 2
fs/fuse/file.c | 4
fs/hostfs/hostfs.h | 2
fs/hostfs/hostfs_kern.c | 7
fs/hostfs/hostfs_user.c | 59 -
fs/isofs/dir.c | 3
fs/jfs/jfs_dtree.c | 3
fs/jfs/xattr.c | 15
fs/netfs/direct_read.c | 6
fs/nfs/delegation.c | 63 -
fs/nfs/nfs4xdr.c | 18
fs/nfs/sysfs.c | 22
fs/nfs/write.c | 4
fs/nfsd/nfs4state.c | 37
fs/nfsd/nfsctl.c | 44
fs/nfsd/vfs.c | 28
fs/ntfs3/attrib.c | 3
fs/ntfs3/file.c | 22
fs/ntfs3/frecord.c | 6
fs/ntfs3/index.c | 4
fs/ntfs3/ntfs.h | 2
fs/ocfs2/alloc.c | 8
fs/proc/base.c | 2
fs/smb/client/cifsacl.c | 34
fs/smb/client/cifssmb.c | 46
fs/smb/client/connect.c | 16
fs/smb/client/smb2pdu.c | 96 -
fs/smb/common/smbacl.h | 3
fs/smb/server/auth.c | 6
fs/smb/server/connection.h | 11
fs/smb/server/mgmt/user_session.c | 37
fs/smb/server/mgmt/user_session.h | 2
fs/smb/server/oplock.c | 12
fs/smb/server/smb2pdu.c | 54
fs/smb/server/smbacl.c | 50
fs/smb/server/smbacl.h | 2
include/drm/display/drm_dp_mst_helper.h | 7
include/linux/context_tracking_irq.h | 8
include/linux/coresight.h | 4
include/linux/dma-direct.h | 13
include/linux/fwnode.h | 2
include/linux/interrupt.h | 8
include/linux/mem_encrypt.h | 23
include/linux/nfs_fs_sb.h | 4
include/linux/nmi.h | 4
include/linux/pgtable.h | 28
include/linux/pm_runtime.h | 2
include/linux/rcupdate.h | 2
include/linux/sched/smt.h | 2
include/linux/seccomp.h | 8
include/linux/thermal.h | 2
include/linux/trace_events.h | 14
include/linux/uprobes.h | 2
include/rdma/ib_verbs.h | 1
init/Kconfig | 5
io_uring/net.c | 23
kernel/bpf/core.c | 19
kernel/bpf/verifier.c | 7
kernel/cpu.c | 5
kernel/events/core.c | 46
kernel/events/ring_buffer.c | 2
kernel/events/uprobes.c | 15
kernel/fork.c | 4
kernel/kexec_elf.c | 2
kernel/locking/semaphore.c | 13
kernel/sched/deadline.c | 2
kernel/sched/fair.c | 50
kernel/seccomp.c | 14
kernel/trace/bpf_trace.c | 2
kernel/trace/ring_buffer.c | 4
kernel/trace/trace_events.c | 21
kernel/trace/trace_events_hist.c | 133 ++
kernel/trace/trace_events_synth.c | 36
kernel/trace/trace_functions_graph.c | 1
kernel/trace/trace_irqsoff.c | 2
kernel/trace/trace_osnoise.c | 1
kernel/trace/trace_sched_wakeup.c | 2
kernel/watch_queue.c | 9
kernel/watchdog.c | 25
kernel/watchdog_perf.c | 28
lib/842/842_compress.c | 2
lib/stackinit_kunit.c | 30
lib/vsprintf.c | 2
mm/gup.c | 3
mm/memory.c | 13
mm/zswap.c | 30
net/can/af_can.c | 12
net/can/af_can.h | 12
net/can/proc.c | 46
net/core/devmem.c | 4
net/core/dst.c | 8
net/core/rtnetlink.c | 3
net/core/rtnl_net_debug.c | 2
net/ipv4/ip_tunnel_core.c | 4
net/ipv4/udp.c | 42
net/ipv6/addrconf.c | 37
net/ipv6/calipso.c | 21
net/ipv6/route.c | 42
net/mac80211/driver-ops.c | 10
net/mac80211/iface.c | 11
net/mac80211/rx.c | 10
net/mac80211/sta_info.c | 20
net/mac80211/util.c | 5
net/netfilter/nf_tables_api.c | 4
net/netfilter/nft_set_hash.c | 3
net/netfilter/nft_tunnel.c | 6
net/openvswitch/actions.c | 6
net/sched/act_tunnel_key.c | 2
net/sched/cls_flower.c | 2
net/sched/sch_skbprio.c | 3
net/sctp/sysctl.c | 4
net/vmw_vsock/af_vsock.c | 6
net/xdp/xsk.c | 5
rust/Makefile | 4
rust/kernel/print.rs | 7
samples/bpf/Makefile | 2
samples/trace_events/trace-events-sample.h | 8
scripts/package/debian/rules | 6
scripts/selinux/install_policy.sh | 15
security/smack/smack.h | 6
security/smack/smack_lsm.c | 34
sound/core/timer.c | 147 +-
sound/pci/hda/patch_realtek.c | 50
sound/soc/amd/acp/acp-legacy-common.c | 10
sound/soc/codecs/cs35l41-spi.c | 5
sound/soc/codecs/cs42l43-jack.c | 13
sound/soc/codecs/cs42l43.c | 15
sound/soc/codecs/cs42l43.h | 3
sound/soc/codecs/rt1320-sdw.c | 3
sound/soc/codecs/rt5665.c | 24
sound/soc/codecs/wsa884x.c | 4
sound/soc/fsl/imx-card.c | 4
sound/soc/tegra/tegra210_adx.c | 6
sound/soc/ti/j721e-evm.c | 2
sound/usb/mixer_quirks.c | 7
tools/arch/x86/lib/insn.c | 2
tools/bpf/runqslower/Makefile | 3
tools/lib/bpf/btf.c | 4
tools/lib/bpf/linker.c | 2
tools/lib/bpf/str_error.c | 2
tools/lib/bpf/str_error.h | 7
tools/objtool/check.c | 35
tools/perf/Makefile.config | 10
tools/perf/Makefile.perf | 2
tools/perf/arch/powerpc/util/header.c | 4
tools/perf/arch/x86/util/topdown.c | 2
tools/perf/bench/syscall.c | 22
tools/perf/builtin-report.c | 2
tools/perf/pmu-events/arch/arm64/ampere/ampereonex/metrics.json | 10
tools/perf/pmu-events/empty-pmu-events.c | 8
tools/perf/pmu-events/jevents.py | 8
tools/perf/tests/hwmon_pmu.c | 16
tools/perf/tests/pmu.c | 85 -
tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2
tools/perf/tests/shell/record_bpf_filter.sh | 4
tools/perf/tests/shell/stat_all_pmu.sh | 48
tools/perf/tests/tool_pmu.c | 4
tools/perf/util/arm-spe.c | 8
tools/perf/util/bpf-filter.l | 2
tools/perf/util/comm.c | 2
tools/perf/util/debug.c | 2
tools/perf/util/dso.h | 4
tools/perf/util/evlist.c | 13
tools/perf/util/expr.c | 2
tools/perf/util/hwmon_pmu.c | 14
tools/perf/util/hwmon_pmu.h | 16
tools/perf/util/intel-tpebs.c | 2
tools/perf/util/parse-events.c | 2
tools/perf/util/pmu.c | 263 +++-
tools/perf/util/pmu.h | 10
tools/perf/util/pmus.c | 20
tools/perf/util/python.c | 17
tools/perf/util/stat-shadow.c | 3
tools/perf/util/stat.c | 13
tools/perf/util/tool_pmu.c | 3
tools/perf/util/units.c | 2
tools/power/x86/turbostat/turbostat.8 | 2
tools/power/x86/turbostat/turbostat.c | 3
tools/testing/selftests/bpf/Makefile | 1
tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1
tools/testing/selftests/bpf/progs/strncmp_bench.c | 5
tools/testing/selftests/mm/cow.c | 2
tools/testing/selftests/net/netfilter/br_netfilter.sh | 7
tools/testing/selftests/net/netfilter/br_netfilter_queue.sh | 7
tools/testing/selftests/net/netfilter/nft_queue.sh | 1
tools/testing/selftests/pcie_bwctrl/Makefile | 2
505 files changed, 5294 insertions(+), 3183 deletions(-)
Aaron Kling (1):
cpufreq: tegra194: Allow building for Tegra234
Acs, Jakub (1):
ext4: fix OOB read when checking dotdot dir
Adrián Larumbe (1):
drm/panthor: Fix race condition when gathering fdinfo group samples
Akhil R (10):
crypto: tegra - Use separate buffer for setkey
crypto: tegra - Do not use fixed size buffers
crypto: tegra - check return value for hash do_one_req
crypto: tegra - Transfer HASH init function to crypto engine
crypto: tegra - Fix HASH intermediate result handling
crypto: tegra - Use HMAC fallback when keyslots are full
crypto: tegra - Fix CMAC intermediate result handling
crypto: tegra - Set IV to NULL explicitly for AES ECB
crypto: tegra - finalize crypto req on error
crypto: tegra - Reserve keyslots to allocate dynamically
Al Viro (3):
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
Alex Deucher (3):
drm/amdgpu/umsch: fix ucode check
drm/amdgpu/gfx11: fix num_mec
drm/amdgpu/gfx12: fix num_mec
Alexander Wetzel (3):
wifi: mac80211: Cleanup sta TXQs on flush
wifi: mac80211: remove debugfs dir for virtual monitor
wifi: mac80211: Fix sparse warning for monitor_sdata
Alexandre Ghiti (2):
riscv: Fix missing __free_pages() in check_vector_unaligned_access()
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
Alexandru Gagniuc (1):
kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
Alexey Klimov (1):
ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius
Alice Ryhl (1):
rust: fix signature of rust_fmt_argument
Alistair Popple (1):
fuse: fix dax truncate/punch_hole fault path
Andrew Jones (3):
riscv: Annotate unaligned access init functions
riscv: Fix riscv_online_cpu_vec
riscv: Fix check_unaligned_access_all_cpus
Andrii Nakryiko (1):
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
Andy Shevchenko (3):
auxdisplay: panel: Fix an API misuse in panel.c
pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
Angelo Dureghello (1):
iio: dac: adi-axi-dac: modify stream enable
AngeloGioacchino Del Regno (2):
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
Angelos Oikonomopoulos (1):
arm64: Don't call NULL in do_compat_alignment_fixup()
Anshuman Khandual (1):
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
Antheas Kapenekakis (1):
ALSA: hda/realtek: Fix Asus Z13 2025 audio
Antoine Tenart (1):
net: decrease cached dst counters in dst_release
Armin Wolf (1):
platform/x86: dell-ddv: Fix temperature calculation
Arnaldo Carvalho de Melo (5):
perf units: Fix insufficient array space
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
Arnd Bergmann (6):
x86/platform: Only allow CONFIG_EISA for 32-bit
dummycon: fix default rows/cols
mdacon: rework dependency list
crypto: bpf - Add MODULE_DESCRIPTION for skcipher
x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
ASoC: cs42l43: convert to SYSTEM_SLEEP_PM_OPS
Artur Weber (1):
power: supply: max77693: Fix wrong conversion of charge input threshold value
Ashley Smith (1):
drm/panthor: Update CS_STATUS_ defines to correct values
Atish Patra (2):
RISC-V: KVM: Disable the kernel perf counter during configure
RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Aurabindo Pillai (1):
drm/amd/display: fix an indent issue in DML21
Bairavi Alagappan (2):
crypto: qat - set parity error mask for qat_420xx
crypto: qat - remove access to parity register for QAT GEN4
Bard Liao (1):
ASoC: rt1320: set wake_capable = 0 explicitly
Barnabás Czémán (1):
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Bart Van Assche (2):
drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set()
fs/procfs: fix the comment above proc_pid_wchan()
Benjamin Berg (3):
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
um: remove copy_from_kernel_nofault_allowed
um: hostfs: avoid issues on inode number reuse by host
Benjamin Gaignard (1):
media: verisilicon: HEVC: Initialize start_bit field
Björn Töpel (1):
riscv/purgatory: 4B align purgatory_start
Boris Ostrovsky (1):
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
Caleb Sander Mateos (2):
io_uring/net: only import send_zc buffer once
nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
Candice Li (1):
Remove unnecessary firmware version check for gc v9_4_2
Chao Gao (1):
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
Charles Han (1):
clk: mmp: Fix NULL vs IS_ERR() check
Cheng Xu (1):
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
Chenyuan Yang (2):
thermal: int340x: Add NULL check for adev
w1: fix NULL pointer dereference in probe
Chiara Meiohas (1):
RDMA/mlx5: Fix calculation of total invalidated pages
Christian Brauner (1):
fs: support O_PATH fds with FSCONFIG_SET_FD
Christian Eggers (1):
ARM: 9444/1: add KEEP() keyword to ARM_VECTORS
Christian Schoenebeck (1):
fs/9p: fix NULL pointer dereference on mkdir
Christophe JAILLET (2):
PCI: histb: Fix an error handling path in histb_pcie_probe()
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
Christophe Leroy (2):
crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD
powerpc/kexec: fix physical address calculation in clear_utlb_entry()
Chuck Lever (3):
NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs()
NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Claudiu Beznea (3):
pinctrl: renesas: rzg2l: Suppress binding attributes
clk: renesas: r8a08g045: Check the source of the CPU PLL settings
rtc: renesas-rtca3: Disable interrupts only if the RTC is enabled
Cong Wang (1):
net_sched: skbprio: Remove overly strict queue assertions
Cyan Yang (1):
selftests/mm/cow: fix the incorrect error handling
Dan Carpenter (7):
PCI: Remove stray put_device() in pci_register_host_bridge()
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
PCI: dwc: ep: Return -ENOMEM for allocation failures
fs/ntfs3: Fix a couple integer overflows on 32bit systems
fs/ntfs3: Prevent integer overflow in hdr_first_de()
nfs: Add missing release on error in nfs_lock_and_join_requests()
platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
Daniel Bárta (1):
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
Daniel Stodden (1):
PCI/ASPM: Fix link state exit during switch upstream function removal
Danila Chernetsov (1):
fbdev: sm501fb: Add some geometry checks.
Dapeng Mi (1):
perf x86/topdown: Fix topdown leader sampling test error on hybrid
Dave Marquardt (1):
net: ibmveth: make veth_pool_store stop hanging
Dave Penkler (9):
staging: gpib: Fix pr_err format warning
staging: gpib: Fix cb7210 pcmcia Oops
staging: gpib: ni_usb console messaging cleanup
staging: gpib: Fix Oops after disconnect in ni_usb
staging: gpib: Add missing mutex unlock in agilent usb driver
staging: gpib: Fix NULL pointer dereference in detach
staging: gpib: Agilent usb code cleanup
staging: gpib: agilent usb console messaging cleanup
staging: gpib: Fix Oops after disconnect in agilent usb
David E. Box (1):
platform/x86/intel/vsec: Add Diamond Rapids support
David Gow (1):
um: Pass the correct Rust target and options with gcc
David Hildenbrand (3):
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
David Howells (1):
netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int
David Laight (1):
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
David Oberhollenzer (1):
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
Debin Zhu (1):
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Dmitry Baryshkov (1):
drm/msm/dpu: don't use active in atomic_check()
Dmitry Panchenko (1):
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
Douglas Anderson (1):
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
Douglas Raillard (2):
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
Eduard Christian Dumitrescu (1):
platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560
Emil Tantilov (1):
idpf: fix adapter NULL pointer dereference on reboot
Emmanuel Grumbach (2):
wifi: iwlwifi: mvm: use the right version of the rate API
wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
Eric Dumazet (1):
sctp: add mutual exclusion in proc_sctp_do_udp_port()
Eric Sandeen (1):
watch_queue: fix pipe accounting mismatch
Fabrizio Castro (3):
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
Feng Tang (1):
PCI/portdrv: Only disable pciehp interrupts early when needed
Feng Yang (1):
ring-buffer: Fix bytes_dropped calculation issue
Fernando Fernandez Mancera (1):
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Florian Fainelli (2):
spi: bcm2835: Do not call gpiod_put() on invalid descriptor
spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
Florian Westphal (2):
selftests: netfilter: skip br_netfilter queue tests if kernel is tainted
netfilter: nf_tables: don't unregister hook when table is dormant
Frieder Schrempf (1):
regulator: pca9450: Fix enable register for LDO5
Geert Uytterhoeven (2):
auxdisplay: MAX6959 should select BITREVERSE
drm/bridge: ti-sn65dsi86: Fix multiple instances
Geetha sowjanya (2):
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Gergo Koteles (1):
ACPI: video: Handle fetching EDID as ACPI_TYPE_PACKAGE
Giovanni Gherdovich (1):
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Greg Kroah-Hartman (1):
Linux 6.13.11
Guilherme G. Piccoli (1):
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Guillaume Nault (1):
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Hans Zhang (1):
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Hans de Goede (1):
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
Heiko Stuebner (1):
phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id
Hengqi Chen (3):
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Don't override subprog's return value
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
Henry Martin (2):
ASoC: imx-card: Add NULL check in imx_card_probe()
arcnet: Add NULL check in com20020pci_probe()
Herbert Xu (3):
crypto: iaa - Test the correct request flag
crypto: api - Fix larval relookup type and mask
crypto: nx - Fix uninitialised hv_nxc on error
Hermes Wu (1):
drm/bridge: it6505: fix HDCP V match check is not performed correctly
Herton R. Krzesinski (1):
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
Hou Tao (1):
bpf: Use preempt_count() directly in bpf_send_signal_common()
Huacai Chen (2):
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
LoongArch: Increase MAX_IO_PICS up to 8
Ian Rogers (7):
libbpf: Add namespace for errstr making it libbpf_errstr
perf stat: Fix find_stat for mixed legacy/non-legacy events
perf stat: Don't merge counters purely on name
perf pmu: Rename name matching for no suffix or wildcard variants
tools/x86: Fix linux/unaligned.h include path in lib/insn.c
perf debug: Avoid stack overflow in recursive error message
perf evlist: Add success path to evlist__create_syswide_maps
Icenowy Zheng (2):
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Ido Schimmel (2):
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
Ilkka Koskinen (2):
coresight: catu: Fix number of pages while using 64k pages
perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
Ilpo Järvinen (6):
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static
platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static
PCI: Remove add_align overwrite unrelated to size0
PCI: Fix BAR resizing when VF BARs are assigned
PCI: pciehp: Don't enable HPIE when resuming in poll mode
PCI/bwctrl: Fix pcie_bwctrl_select_speed() return type
Jacky Bai (2):
cpuidle: Init cpuidle only for present CPUs
cpufreq: Init cpufreq only for present CPUs
Jakub Kicinski (1):
net: dsa: rtl8366rb: don't prompt users for LED control
James Clark (4):
perf: Always feature test reallocarray
perf tests: Fix Tool PMU test segfault
perf pmu: Don't double count common sysfs and json events
perf: intel-tpebs: Fix incorrect usage of zfree()
James Morse (1):
x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
Jann Horn (3):
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Jason-JH Lin (1):
drm/mediatek: Fix config_updating flag never false when no mbox channel
Javier Martinez Canillas (1):
drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
Jayesh Choudhary (1):
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Jeff Layton (1):
nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
Jens Axboe (1):
io_uring/net: improve recv bundles
Jerome Brunet (4):
clk: amlogic: gxbb: drop incorrect flag on 32k clock
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
clk: amlogic: g12a: fix mmc A peripheral clock
Jiayuan Chen (1):
bpf: Fix array bounds error with may_goto
Jie Zhan (1):
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Jim Liu (1):
net: phy: broadcom: Correct BCM5221 PHY model detection
Jim Quinlan (4):
PCI: brcmstb: Set generation limit before PCIe link up
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
Jinghao Jia (1):
samples/bpf: Fix broken vmlinux path for VMLINUX_BTF
Jiri Kosina (1):
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Jiri Olsa (1):
uprobes/x86: Harden uretprobe syscall trampoline check
Jiri Slaby (SUSE) (1):
tty: n_tty: use uint for space returned by tty_write_room()
Joe Hattori (2):
media: platform: allgro-dvt: unregister v4l2_device on the error path
soundwire: slave: fix an OF node reference leak in soundwire slave device
Johannes Berg (2):
wifi: iwlwifi: fw: allocate chained SG tables for dump
wifi: mac80211: fix SA Query processing in MLO
John Keeping (3):
drm/ssd130x: fix ssd132x encoding
drm/ssd130x: ensure ssd132x pitch is correct
drm/panel: ilitek-ili9882t: fix GPIO name in error message
Jonathan Cameron (2):
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
Jonathan Santos (1):
iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset
Josh Poimboeuf (9):
x86/traps: Make exc_double_fault() consistently noreturn
objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
objtool: Fix segfault in ignore_unreachable_insn()
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
objtool/loongarch: Add unwind hints in prepare_frametrace()
spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
José Expósito (1):
drm/vkms: Fix use after free and double free on init error
Juhan Jin (1):
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Kai-Heng Feng (1):
PCI: Use downstream bridges for distributing resources
Kan Liang (2):
perf tools: Add skip check in tool_pmu__event_to_str()
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
Karan Sanghavi (1):
iio: light: Add check for array bounds in veml6075_read_int_time_ms
Karel Balej (1):
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Kees Bakker (1):
RDMA/mana_ib: Ensure variable err is initialized
Kees Cook (1):
kunit/stackinit: Use fill byte different from Clang i386 pattern
Keith Busch (1):
nvme-pci: fix stuck reset on concurrent DPC and HP
Kevin Loughlin (1):
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
Konrad Dybcio (1):
clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
Konstantin Andreev (2):
smack: dont compile ipv6 code unless ipv6 is configured
smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
Konstantin Komarov (1):
fs/ntfs3: Update inode->i_mapping->a_ops on compression state
Krzysztof Kozlowski (1):
drm/msm/dsi/phy: Program clock inverters in correct register
Kuniyuki Iwashima (3):
rtnetlink: Use register_pernet_subsys() in rtnl_net_debug_init().
udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
udp: Fix memory accounting leak.
Lama Kayal (1):
net/mlx5e: SHAMPO, Make reserved size independent of page size
Laurentiu Mihalcea (1):
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
Len Brown (1):
tools/power turbostat: report CoreThr per measurement interval
Leo Yan (1):
perf arm-spe: Fix load-store operation checking
Li Huafei (1):
watchdog/hardlockup/perf: Fix perf_event memory leak
Li Lingfeng (1):
nfsd: put dl_stid if fail to queue dl_recall
Likhitha Korrapati (1):
perf tools: Fix is_compat_mode build break in ppc64
Lin Ma (2):
netfilter: nft_tunnel: fix geneve_opt type confusion addition
net: fix geneve_opt length integer overflow
Lo-an Chen (1):
drm/amd/display: Fix incorrect fw_state address in dmub_srv
Lubomir Rintel (1):
rndis_host: Flag RNDIS modems as WWAN devices
Luca Ceresoli (1):
perf build: Fix in-tree build due to symbolic link
Luca Weiss (4):
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Lukas Hetzenecker (1):
platform/surface: aggregator_registry: Add Support for Surface Pro 11
Lukas Wunner (1):
PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion
Maciej Strozek (1):
ASoC: cs42l43: Add jack delay debounce after suspend
Maher Sanalla (1):
IB/mad: Check available slots before posting receive WRs
Maksim Davydov (1):
x86/split_lock: Fix the delayed detection logic
Manikanta Mylavarapu (2):
drivers: clk: qcom: ipq5424: fix the freq table of sdcc1_apps clock
clk: qcom: ipq5424: fix software and hardware flow control error of UART
Marcus Meissner (1):
perf tools: annotate asm_pure_loop.S
Marijn Suijten (2):
drm/msm/dsi: Use existing per-interface slice count in DSC timing
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
Mario Limonciello (2):
ucsi_ccg: Don't show failed to get FW build information error
drm/amd: Keep display off while going into S4
Mark Zhang (1):
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Markus Elfring (2):
fbdev: au1100fb: Move a variable assignment behind a null pointer check
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Masami Hiramatsu (Google) (2):
tracing/hist: Add poll(POLLIN) support on hist file
tracing/hist: Support POLLPRI event for poll on histogram
Matthias Proske (1):
wifi: brcmfmac: keep power during suspend if board requires it
Maud Spierings (1):
dt-bindings: vendor-prefixes: add GOcontroll
Maurizio Lombardi (1):
nvme-pci: skip nvme_write_sq_db on empty rqlist
Miaoqian Lin (3):
ksmbd: use aead_request_free to match aead_request_alloc
LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
mmc: omap: Fix memory leak in mmc_omap_new_slot
Michael Guralnik (2):
RDMA/mlx5: Fix page_size variable overflow
RDMA/mlx5: Fix MR cache initialization error flow
Michael Kelley (1):
x86/hyperv: Fix output argument to hypercall that changes page visibility
Mike Christie (1):
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
Mike Rapoport (Microsoft) (1):
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Ming Lei (1):
ublk: make sure ubq->canceling is set when queue is frozen
Ming Yen Hsieh (2):
wifi: mt76: mt7925: remove unused acpi function for clc
wifi: mt76: mt7921: fix kernel panic due to null pointer dereference
Murad Masimov (2):
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
media: streamzap: fix race between device disconnection and urb callback
Naman Jain (1):
x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
Namhyung Kim (2):
perf report: Switch data file correctly in TUI
perf bpf-filter: Fix a parsing error with comma
Namjae Jeon (8):
ksmbd: fix multichannel connection failure
ksmbd: fix r_count dec/increment mismatch
smb: common: change the data type of num_aces to le16
cifs: fix incorrect validation for num_aces field of smb_acl
ksmbd: add bounds check for durable handle context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
ksmbd: fix null pointer dereference in alloc_preauth_hash()
Nathan Chancellor (2):
crypto: tegra - Fix format specifier in tegra_sha_prep_cmd()
ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
Navon John Lukose (1):
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Neil Armstrong (1):
clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
NeilBrown (1):
NFS: fix open_owner_id_maxsz and related fields.
Nihar Chaithanya (3):
staging: gpib: Modify gpib_register_driver() to return error if it fails
staging: gpib: ni_usb: Handle gpib_register_driver() errors
staging: gpib: agilent_82357a: Handle gpib_register_driver() errors
Nikita Shubin (1):
ntb: intel: Fix using link status DB's
Nikita Zhandarovich (2):
mfd: sm501: Switch to BIT() to mitigate integer overflows
media: vimc: skip .s_stream() for stopped entities
Niklas Neronin (1):
usb: xhci: correct debug message page size calculation
Niklas Schnelle (1):
s390: Remove ioremap_wt() and pgprot_writethrough()
Nishanth Aravamudan (1):
PCI: Avoid reset when disabled via sysfs
Norbert Szetei (3):
ksmbd: add bounds check for create lease context
ksmbd: fix overflow in dacloffset bounds check
ksmbd: validate zero num_subauth before sub_auth is accessed
Nuno Sá (1):
iio: backend: make sure to NULL terminate stack buffer
Oleg Nesterov (2):
seccomp: fix the __secure_computing() stub for !HAVE_ARCH_SECCOMP_FILTER
exec: fix the racy usage of fs_struct->in_exec
Olga Kornievskaia (1):
nfsd: fix management of listener transports
Oliver Hartkopp (1):
can: statistics: use atomic access in hot path
Olivia Mackintosh (1):
ALSA: usb-audio: separate DJM-A9 cap lvl options
Pablo Neira Ayuso (1):
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Palmer Dabbelt (1):
RISC-V: errata: Use medany for relocatable builds
Paolo Bonzini (1):
KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected
Patrisious Haddad (1):
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Paul Menzel (1):
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Paulo Alcantara (1):
smb: client: don't retry IO on failed negprotos with soft mounts
Peng Fan (3):
remoteproc: core: Clear table_sz when rproc_shutdown
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
dmaengine: fsl-edma: free irq correctly in remove path
Peter Geis (1):
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Peter Zijlstra (2):
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
perf/core: Fix perf_pmu_register() vs. perf_init_event()
Peter Zijlstra (Intel) (1):
perf/x86/intel: Apply static call for drain_pebs
Prathamesh Shete (1):
pinctrl: tegra: Set SFIO mode to Mux Register
Qasim Ijaz (2):
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
jfs: fix slab-out-of-bounds read in ea_get()
Qiuxu Zhuo (5):
EDAC/igen6: Fix the flood of invalid error reports
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
Rafael J. Wysocki (2):
PM: sleep: Adjust check before setting power.must_resume
PM: sleep: Fix handling devices with direct_complete set on errors
Ran Xiaokai (1):
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Remi Pommarel (1):
leds: Fix LED_OFF brightness race
Richard Fitzgerald (1):
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
Ritu Chaudhary (1):
ASoC: tegra: Use non-atomic timeout for ADX status register
Rob Clark (1):
drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
Robin Murphy (1):
media: omap3isp: Handle ARM dma_iommu_mapping
Rodrigo Vivi (1):
drm/xe/guc_pc: Retry and wait longer for GuC PC start
Roger Quadros (1):
memory: omap-gpmc: drop no compatible check
Roman Gushchin (1):
RDMA/core: Don't expose hw_counters outside of init net namespace
Roman Smirnov (1):
jfs: add index corruption check to DT_GETPAGE()
Sagi Grimberg (1):
nvme-tcp: fix possible UAF in nvme_tcp_poll
Saket Kumar Bhaskar (1):
selftests/bpf: Select NUMA_NO_NODE to create map
Santosh Mahto (1):
staging: gpib: Replace semaphore with completion for one-time signaling
Sean Christopherson (1):
KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
Sebastian Andrzej Siewior (1):
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Shay Drory (1):
PCI: Fix NULL dereference in SR-IOV VF creation error path
Sherry Sun (4):
tty: serial: fsl_lpuart: Use u32 and u8 for register variables
tty: serial: fsl_lpuart: use port struct directly to simply code
tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register
Shrikanth Hegde (1):
sched/deadline: Use online cpus for validating runtime
Shuai Xue (1):
x86/mce: use is_copy_from_user() to determine copy-from-user context
Shyam Sundar S K (2):
platform/x86/amd/pmf: Propagate PMF-TA return codes
platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA
Sicelo A. Mhlongo (1):
power: supply: bq27xxx_battery: do not update cached flags prematurely
Simon Tatham (2):
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
Sourabh Jain (1):
kexec: initialize ELF lowest address to ULONG_MAX
Srinivas Pandruvada (1):
platform/x86: ISST: Correct command storage data length
Srinivasan Shanmugam (2):
drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
Stanislav Spassov (1):
x86/fpu: Fix guest FPU state buffer allocation size
Stanley Chu (1):
i3c: master: svc: Fix missing the IBI rules
Stefan Binding (7):
ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
Stefan Wahren (3):
staging: vchiq_arm: Register debugfs after cdev
staging: vchiq_arm: Fix possible NPR of keep-alive thread
staging: vchiq_arm: Stop kthreads if vchiq cdev register fails
Stefano Garzarella (1):
vsock: avoid timeout during connect() if the socket is closing
Stephen Brennan (1):
perf dso: fix dso__is_kallsyms() check
Steven Price (1):
drm/panthor: Clean up FW version information display
Steven Rostedt (3):
tracing: Switch trace_events_hist.c code over to use guard()
tracing: Verify event formats that have "%*p.."
tracing: Do not use PERF enums when perf is not defined
Sungjong Seo (2):
exfat: fix random stack corruption after get_block
exfat: fix potential wrong error return from get_block
Suzuki K Poulose (3):
dma: Fix encryption bit clearing for dma_to_phys
dma: Introduce generic dma_addr_*crypted helpers
arm64: realm: Use aliased addresses for device DMA to shared buffers
Sven Schnelle (1):
s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation
Taehee Yoo (1):
net: devmem: do not WARN conditionally after netdev_rx_queue_restart()
Takashi Iwai (4):
ALSA: hda/realtek: Always honor no_shutup_pins
ALSA: timer: Don't take register_mutex with copy_from/to_user()
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
Tanya Agarwal (1):
lib: 842: Improve error handling in sw842_compress()
Tao Chen (1):
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Tasos Sahanidis (1):
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Tengda Wu (3):
selftests/bpf: Fix freplace_link segfault in tailcalls prog test
tracing: Correct the refcount if the hist/hist_debug file fails to open
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Thadeu Lima de Souza Cascardo (1):
drm/amd/display: avoid NPD when ASIC does not support DMUB
Theodore Ts'o (1):
ext4: don't over-report free space or inodes in statvfs
Thippeswamy Havalige (1):
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Thomas Richter (2):
perf test: Fix Hwmon PMU test endianess issue
perf bench: Fix perf bench syscall loop count
Thomas Weißschuh (1):
x86/vdso: Fix latent bug in vclock_pages calculation
Tianchen Ding (1):
sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks
Tianyu Lan (1):
x86/hyperv: Fix check of return value from snp_set_vmsa()
Tim Schumacher (1):
selinux: Chain up tool resolving errors in install_policy.sh
Tingbo Liao (1):
riscv: Fix the __riscv_copy_vec_words_unaligned implementation
Tobias Waldekranz (1):
net: mvpp2: Prevent parser TCAM memory corruption
Tomi Valkeinen (1):
drm: xlnx: zynqmp: Fix max dma segment size
Tony Ambardar (2):
selftests/bpf: Fix runqslower cross-endian build
libbpf: Fix accessing BTF.ext core_relo header
Trond Myklebust (5):
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
NFSv4: Avoid unnecessary scans of filesystems for returning delegations
NFSv4: Avoid unnecessary scans of filesystems for expired delegations
NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
NFS: Shut down the nfs_client only after all the superblocks
Tushar Dave (1):
PCI/ACS: Fix 'pci=config_acs=' parameter
Ulf Hansson (1):
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
Uwe Kleine-König (3):
iio: adc: ad4130: Fix comparison of channel setups
iio: adc: ad7124: Fix comparison of channel configs
iio: adc: ad7173: Fix comparison of channel configs
Vaibhav Jain (1):
powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'
Vasiliy Kovalev (1):
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Venkata Prasad Potturu (1):
ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
Veronika Molnarova (1):
perf test stat_all_pmu.sh: Correctly check 'perf stat' result
Viktor Malik (1):
selftests/bpf: Fix string read in strncmp benchmark
Vishal Annapurve (1):
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
Vitalii Mordan (1):
gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
Vitaliy Shevtsov (2):
ASoC: cs35l41: check the return value from spi_setup()
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Vitaly Kuznetsov (1):
x86/entry: Add __init to ia32_emulation_override_cmdline()
Vitaly Lifshits (1):
e1000e: change k1 configuration on MTP and later platforms
Vladimir Lypak (1):
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Vladis Dronov (1):
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
WANG Rui (1):
rust: Fix enabling Rust and building with GCC for LoongArch
Waiman Long (1):
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Wang Liang (2):
RDMA/core: Fix use-after-free when rename device name
xsk: Fix __xsk_generic_xmit() error code when cq is full
Wang Zhaolong (1):
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
Wayne Lin (1):
drm/dp_mst: Fix drm RAD print
Wenkai Lin (3):
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for sec spec check
crypto: hisilicon/sec2 - fix for aead auth key length
Wentao Guan (1):
HID: i2c-hid: improve i2c_hid_get_report error message
Wentao Liang (1):
greybus: gb-beagleplay: Add error handling for gb_greybus_init
Will McVicker (1):
clk: samsung: Fix UBSAN panic in samsung_clk_init()
Yajun Deng (1):
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Yang Wang (1):
drm/amdgpu: refine smu send msg debug log format
Yao Zi (1):
riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
Yeoreum Yun (1):
perf/core: Fix child_total_time_enabled accounting bug at task exit
Yi Lai (1):
selftests/pcie_bwctrl: Add 'set_pcie_speed.sh' to TEST_PROGS
Ying Lu (1):
usbnet:fix NPE during rx_complete
Yosry Ahmed (1):
mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
Yuanfang Zhang (1):
coresight-etm4x: add isb() before reading the TRCSTATR
Yue Haibing (2):
pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
drm/xe: Fix unmet direct dependencies warning
Yuezhang Mo (3):
exfat: fix the infinite loop in exfat_find_last_cluster()
exfat: fix missing shutdown check
exfat: add a check for invalid data size
Yuli Wang (1):
LoongArch: Rework the arch_kgdb_breakpoint() implementation
Zhang Rui (1):
tools/power turbostat: Restore GFX sysfs fflush() call
Zijun Hu (1):
of: property: Increase NR_FWNODE_REFERENCE_ARGS
xueqin Luo (1):
thermal: core: Remove duplicate struct declaration
zihan zhou (1):
sched: Cancel the slice protection of the idle entity
zuoqian (1):
cpufreq: scpi: compare kHz instead of Hz
谢致邦 (XIE Zhibang) (2):
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
5 months, 2 weeks
- 1
- 1
Linux 6.12.23
by Greg Kroah-Hartman
I'm announcing the release of the 6.12.23 kernel.
All users of the 6.12 kernel series must upgrade.
The updated 6.12.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/vendor-prefixes.yaml | 2
Makefile | 2
arch/arm/Kconfig | 2
arch/arm/include/asm/vmlinux.lds.h | 12
arch/arm64/kernel/compat_alignment.c | 2
arch/loongarch/Kconfig | 4
arch/loongarch/include/asm/cache.h | 2
arch/loongarch/include/asm/irq.h | 2
arch/loongarch/include/asm/stacktrace.h | 3
arch/loongarch/include/asm/unwind_hints.h | 10
arch/loongarch/kernel/env.c | 2
arch/loongarch/kernel/kgdb.c | 5
arch/loongarch/net/bpf_jit.c | 12
arch/loongarch/net/bpf_jit.h | 5
arch/powerpc/configs/mpc885_ads_defconfig | 2
arch/powerpc/crypto/Makefile | 1
arch/powerpc/kexec/relocate_32.S | 7
arch/powerpc/platforms/cell/spufs/gang.c | 1
arch/powerpc/platforms/cell/spufs/inode.c | 63 +-
arch/powerpc/platforms/cell/spufs/spufs.h | 2
arch/riscv/errata/Makefile | 6
arch/riscv/include/asm/ftrace.h | 4
arch/riscv/kernel/elf_kexec.c | 3
arch/riscv/kvm/vcpu_pmu.c | 1
arch/riscv/mm/hugetlbpage.c | 76 +-
arch/riscv/purgatory/entry.S | 1
arch/s390/include/asm/io.h | 2
arch/s390/include/asm/pgtable.h | 3
arch/s390/kernel/entry.S | 2
arch/s390/mm/pgtable.c | 10
arch/um/include/shared/os.h | 1
arch/um/kernel/Makefile | 2
arch/um/kernel/maccess.c | 19
arch/um/os-Linux/process.c | 51 -
arch/x86/Kconfig | 3
arch/x86/Kconfig.cpu | 2
arch/x86/Makefile.um | 7
arch/x86/coco/tdx/tdx.c | 26
arch/x86/entry/calling.h | 2
arch/x86/entry/common.c | 2
arch/x86/events/intel/core.c | 43 -
arch/x86/events/intel/ds.c | 13
arch/x86/events/perf_event.h | 3
arch/x86/hyperv/hv_vtl.c | 1
arch/x86/hyperv/ivm.c | 5
arch/x86/include/asm/tdx.h | 4
arch/x86/include/asm/tlbflush.h | 2
arch/x86/kernel/cpu/mce/severity.c | 11
arch/x86/kernel/cpu/microcode/amd.c | 2
arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3
arch/x86/kernel/cpu/sgx/driver.c | 10
arch/x86/kernel/dumpstack.c | 5
arch/x86/kernel/fpu/core.c | 6
arch/x86/kernel/process.c | 9
arch/x86/kernel/traps.c | 18
arch/x86/kernel/tsc.c | 4
arch/x86/kernel/uprobes.c | 14
arch/x86/kvm/svm/sev.c | 13
arch/x86/kvm/x86.c | 15
arch/x86/lib/copy_user_64.S | 18
arch/x86/mm/mem_encrypt_identity.c | 4
arch/x86/mm/pat/cpa-test.c | 2
arch/x86/mm/pat/memtype.c | 52 -
crypto/api.c | 17
crypto/bpf_crypto_skcipher.c | 1
drivers/acpi/nfit/core.c | 2
drivers/acpi/processor_idle.c | 4
drivers/acpi/resource.c | 7
drivers/acpi/x86/utils.c | 3
drivers/auxdisplay/Kconfig | 1
drivers/auxdisplay/panel.c | 4
drivers/base/power/main.c | 21
drivers/base/power/runtime.c | 2
drivers/block/ublk_drv.c | 39 -
drivers/clk/imx/clk-imx8mp-audiomix.c | 6
drivers/clk/meson/g12a.c | 38 -
drivers/clk/meson/gxbb.c | 14
drivers/clk/qcom/gcc-msm8953.c | 2
drivers/clk/qcom/gcc-sm8650.c | 4
drivers/clk/qcom/gcc-x1e80100.c | 30
drivers/clk/qcom/mmcc-sdm660.c | 2
drivers/clk/renesas/r9a08g045-cpg.c | 5
drivers/clk/renesas/rzg2l-cpg.c | 13
drivers/clk/renesas/rzg2l-cpg.h | 10
drivers/clk/rockchip/clk-rk3328.c | 2
drivers/clk/samsung/clk.c | 2
drivers/cpufreq/Kconfig.arm | 2
drivers/cpufreq/cpufreq_governor.c | 45 -
drivers/cpufreq/scpi-cpufreq.c | 5
drivers/crypto/hisilicon/sec2/sec.h | 1
drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 +---
drivers/crypto/intel/iaa/iaa_crypto_main.c | 4
drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 1
drivers/crypto/intel/qat/qat_common/adf_gen4_ras.c | 59 -
drivers/crypto/nx/nx-common-pseries.c | 37 -
drivers/crypto/tegra/tegra-se-aes.c | 47 -
drivers/crypto/tegra/tegra-se-hash.c | 27
drivers/crypto/tegra/tegra-se-key.c | 10
drivers/crypto/tegra/tegra-se-main.c | 16
drivers/crypto/tegra/tegra-se.h | 3
drivers/dma/fsl-edma-main.c | 14
drivers/edac/i10nm_base.c | 2
drivers/edac/ie31200_edac.c | 19
drivers/edac/skx_common.c | 33 +
drivers/edac/skx_common.h | 11
drivers/firmware/cirrus/cs_dsp.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11
drivers/gpu/drm/amd/amdgpu/amdgpu_umsch_mm.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2
drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 1
drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15
drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5
drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4
drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12
drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4.c | 3
drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 3
drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 12
drivers/gpu/drm/bridge/ite-it6505.c | 7
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2
drivers/gpu/drm/display/drm_dp_mst_topology.c | 8
drivers/gpu/drm/mediatek/mtk_crtc.c | 7
drivers/gpu/drm/mediatek/mtk_dp.c | 6
drivers/gpu/drm/mediatek/mtk_dsi.c | 6
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 -
drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3
drivers/gpu/drm/msm/dsi/dsi_host.c | 8
drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 -
drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 2
drivers/gpu/drm/msm/msm_dsc_helper.h | 11
drivers/gpu/drm/panel/panel-ilitek-ili9882t.c | 2
drivers/gpu/drm/panthor/panthor_fw.h | 6
drivers/gpu/drm/solomon/ssd130x-spi.c | 7
drivers/gpu/drm/solomon/ssd130x.c | 6
drivers/gpu/drm/vkms/vkms_drv.c | 15
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2
drivers/greybus/gb-beagleplay.c | 4
drivers/hid/Makefile | 1
drivers/hid/i2c-hid/i2c-hid-core.c | 2
drivers/hwmon/nct6775-core.c | 4
drivers/hwtracing/coresight/coresight-catu.c | 2
drivers/hwtracing/coresight/coresight-core.c | 20
drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 +
drivers/i3c/master/svc-i3c-master.c | 2
drivers/iio/accel/mma8452.c | 10
drivers/iio/accel/msa311.c | 26
drivers/iio/adc/ad4130.c | 41 +
drivers/iio/adc/ad7124.c | 35 -
drivers/iio/adc/ad7173.c | 25
drivers/iio/adc/ad7768-1.c | 15
drivers/iio/industrialio-backend.c | 4
drivers/iio/light/veml6075.c | 8
drivers/infiniband/core/device.c | 18
drivers/infiniband/core/mad.c | 38 -
drivers/infiniband/core/sysfs.c | 1
drivers/infiniband/hw/erdma/erdma_cm.c | 1
drivers/infiniband/hw/mana/main.c | 2
drivers/infiniband/hw/mlx5/cq.c | 2
drivers/infiniband/hw/mlx5/mr.c | 41 -
drivers/infiniband/hw/mlx5/odp.c | 10
drivers/leds/led-core.c | 22
drivers/media/dvb-frontends/dib8000.c | 5
drivers/media/platform/allegro-dvt/allegro-core.c | 1
drivers/media/platform/ti/omap3isp/isp.c | 7
drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1
drivers/media/rc/streamzap.c | 2
drivers/media/test-drivers/vimc/vimc-streamer.c | 6
drivers/memory/omap-gpmc.c | 20
drivers/mfd/sm501.c | 6
drivers/mmc/host/omap.c | 19
drivers/mmc/host/sdhci-omap.c | 4
drivers/mmc/host/sdhci-pxav3.c | 1
drivers/net/arcnet/com20020-pci.c | 17
drivers/net/dsa/mv88e6xxx/chip.c | 11
drivers/net/dsa/mv88e6xxx/phy.c | 3
drivers/net/dsa/realtek/Kconfig | 2
drivers/net/ethernet/ibm/ibmveth.c | 39 -
drivers/net/ethernet/intel/e1000e/defines.h | 3
drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 ++
drivers/net/ethernet/intel/e1000e/ich8lan.h | 4
drivers/net/ethernet/intel/idpf/idpf_main.c | 6
drivers/net/ethernet/intel/idpf/idpf_txrx.h | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++--
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2
drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8
drivers/net/phy/broadcom.c | 6
drivers/net/usb/rndis_host.c | 16
drivers/net/usb/usbnet.c | 6
drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 +-
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8
drivers/net/wireless/mediatek/mt76/mt7921/main.c | 1
drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 1
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2
drivers/ntb/test/ntb_perf.c | 4
drivers/nvme/host/ioctl.c | 2
drivers/nvme/host/pci.c | 34 -
drivers/nvme/host/tcp.c | 5
drivers/nvme/target/debugfs.c | 2
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3
drivers/pci/controller/cadence/pcie-cadence.h | 2
drivers/pci/controller/dwc/pcie-designware-ep.c | 1
drivers/pci/controller/dwc/pcie-histb.c | 12
drivers/pci/controller/pcie-brcmstb.c | 16
drivers/pci/controller/pcie-xilinx-cpm.c | 10
drivers/pci/hotplug/pciehp_hpc.c | 4
drivers/pci/pci-sysfs.c | 4
drivers/pci/pci.c | 22
drivers/pci/pcie/aspm.c | 17
drivers/pci/pcie/portdrv.c | 8
drivers/pci/probe.c | 5
drivers/pci/setup-bus.c | 4
drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 50 +
drivers/pinctrl/intel/pinctrl-intel.c | 1
drivers/pinctrl/nuvoton/pinctrl-npcm8xx.c | 10
drivers/pinctrl/renesas/pinctrl-rza2.c | 2
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 3
drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2
drivers/pinctrl/tegra/pinctrl-tegra.c | 3
drivers/platform/x86/amd/pmf/pmf.h | 5
drivers/platform/x86/amd/pmf/tee-if.c | 82 +-
drivers/platform/x86/dell/dell-uart-backlight.c | 2
drivers/platform/x86/dell/dell-wmi-ddv.c | 6
drivers/platform/x86/intel/hid.c | 7
drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2
drivers/platform/x86/intel/vsec.c | 7
drivers/platform/x86/lenovo-yoga-tab2-pro-1380-fastcharger.c | 2
drivers/platform/x86/thinkpad_acpi.c | 11
drivers/power/supply/bq27xxx_battery.c | 1
drivers/power/supply/max77693_charger.c | 2
drivers/regulator/pca9450-regulator.c | 6
drivers/remoteproc/qcom_q6v5_mss.c | 21
drivers/remoteproc/qcom_q6v5_pas.c | 13
drivers/remoteproc/remoteproc_core.c | 1
drivers/soundwire/slave.c | 1
drivers/spi/spi-bcm2835.c | 18
drivers/spi/spi-cadence-xspi.c | 2
drivers/staging/rtl8723bs/Kconfig | 1
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 7
drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3
drivers/tty/n_tty.c | 13
drivers/tty/serial/fsl_lpuart.c | 312 ++++------
drivers/usb/host/xhci-mem.c | 6
drivers/usb/typec/ucsi/ucsi_ccg.c | 5
drivers/vhost/scsi.c | 25
drivers/video/console/Kconfig | 6
drivers/video/fbdev/au1100fb.c | 4
drivers/video/fbdev/sm501fb.c | 7
drivers/w1/masters/w1-uart.c | 4
fs/9p/vfs_inode_dotl.c | 2
fs/affs/file.c | 9
fs/exec.c | 15
fs/exfat/fatent.c | 2
fs/exfat/file.c | 29
fs/exfat/inode.c | 41 +
fs/exfat/namei.c | 5
fs/ext4/dir.c | 3
fs/ext4/super.c | 27
fs/fuse/dax.c | 1
fs/fuse/dir.c | 2
fs/fuse/file.c | 4
fs/hostfs/hostfs.h | 2
fs/hostfs/hostfs_kern.c | 7
fs/hostfs/hostfs_user.c | 59 +
fs/isofs/dir.c | 3
fs/jfs/jfs_dtree.c | 3
fs/jfs/xattr.c | 15
fs/netfs/direct_read.c | 6
fs/nfs/delegation.c | 63 +-
fs/nfs/nfs4xdr.c | 18
fs/nfs/sysfs.c | 22
fs/nfs/write.c | 4
fs/nfsd/nfs4state.c | 37 -
fs/nfsd/nfsctl.c | 44 -
fs/nfsd/vfs.c | 28
fs/ntfs3/attrib.c | 3
fs/ntfs3/file.c | 22
fs/ntfs3/frecord.c | 6
fs/ntfs3/index.c | 4
fs/ntfs3/ntfs.h | 2
fs/ocfs2/alloc.c | 8
fs/proc/base.c | 2
fs/smb/client/cifsacl.c | 34 -
fs/smb/client/connect.c | 16
fs/smb/common/smbacl.h | 3
fs/smb/server/auth.c | 6
fs/smb/server/connection.h | 11
fs/smb/server/mgmt/user_session.c | 37 -
fs/smb/server/mgmt/user_session.h | 2
fs/smb/server/oplock.c | 12
fs/smb/server/smb2pdu.c | 54 +
fs/smb/server/smbacl.c | 50 +
fs/smb/server/smbacl.h | 2
include/drm/display/drm_dp_mst_helper.h | 7
include/linux/cgroup-defs.h | 1
include/linux/context_tracking_irq.h | 8
include/linux/coresight.h | 4
include/linux/fwnode.h | 2
include/linux/interrupt.h | 8
include/linux/nfs_fs_sb.h | 4
include/linux/nmi.h | 4
include/linux/pgtable.h | 28
include/linux/pm_runtime.h | 2
include/linux/rcupdate.h | 2
include/linux/sched/smt.h | 2
include/linux/thermal.h | 2
include/linux/trace_events.h | 14
include/linux/uprobes.h | 2
include/rdma/ib_verbs.h | 1
init/Kconfig | 5
kernel/bpf/core.c | 19
kernel/bpf/verifier.c | 7
kernel/cgroup/rstat.c | 40 -
kernel/cpu.c | 5
kernel/events/core.c | 46 +
kernel/events/ring_buffer.c | 2
kernel/events/uprobes.c | 15
kernel/fork.c | 4
kernel/kexec_elf.c | 2
kernel/locking/semaphore.c | 13
kernel/sched/deadline.c | 2
kernel/sched/fair.c | 50 +
kernel/trace/bpf_trace.c | 2
kernel/trace/ring_buffer.c | 4
kernel/trace/trace_events.c | 14
kernel/trace/trace_events_hist.c | 133 +++-
kernel/trace/trace_events_synth.c | 36 +
kernel/trace/trace_functions_graph.c | 1
kernel/trace/trace_irqsoff.c | 2
kernel/trace/trace_osnoise.c | 1
kernel/trace/trace_sched_wakeup.c | 2
kernel/watch_queue.c | 9
kernel/watchdog.c | 25
kernel/watchdog_perf.c | 28
lib/842/842_compress.c | 2
lib/stackinit_kunit.c | 30
lib/vsprintf.c | 2
mm/gup.c | 3
mm/memory.c | 13
mm/zswap.c | 30
net/can/af_can.c | 12
net/can/af_can.h | 12
net/can/proc.c | 46 -
net/core/devmem.c | 4
net/core/dst.c | 8
net/core/rtnetlink.c | 3
net/ipv4/ip_tunnel_core.c | 4
net/ipv4/udp.c | 42 -
net/ipv6/addrconf.c | 37 -
net/ipv6/calipso.c | 21
net/ipv6/route.c | 42 +
net/mac80211/driver-ops.c | 10
net/mac80211/iface.c | 11
net/mac80211/rx.c | 10
net/mac80211/sta_info.c | 20
net/mac80211/util.c | 5
net/netfilter/nf_tables_api.c | 4
net/netfilter/nft_set_hash.c | 3
net/netfilter/nft_tunnel.c | 6
net/openvswitch/actions.c | 6
net/sched/act_tunnel_key.c | 2
net/sched/cls_flower.c | 2
net/sched/sch_skbprio.c | 3
net/sctp/sysctl.c | 4
net/vmw_vsock/af_vsock.c | 6
rust/Makefile | 4
rust/kernel/print.rs | 7
scripts/package/debian/rules | 6
scripts/selinux/install_policy.sh | 15
security/smack/smack.h | 6
security/smack/smack_lsm.c | 34 -
sound/core/timer.c | 147 ++--
sound/pci/hda/patch_realtek.c | 50 +
sound/soc/amd/acp/acp-legacy-common.c | 10
sound/soc/codecs/cs35l41-spi.c | 5
sound/soc/codecs/rt1320-sdw.c | 3
sound/soc/codecs/rt5665.c | 24
sound/soc/codecs/wsa884x.c | 4
sound/soc/fsl/imx-card.c | 4
sound/soc/ti/j721e-evm.c | 2
tools/arch/x86/lib/insn.c | 2
tools/lib/bpf/linker.c | 2
tools/objtool/check.c | 35 -
tools/perf/Makefile.config | 10
tools/perf/Makefile.perf | 2
tools/perf/bench/syscall.c | 22
tools/perf/builtin-report.c | 2
tools/perf/pmu-events/arch/arm64/ampere/ampereonex/metrics.json | 10
tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2
tools/perf/tests/shell/record_bpf_filter.sh | 4
tools/perf/util/arm-spe.c | 8
tools/perf/util/bpf-filter.l | 2
tools/perf/util/comm.c | 2
tools/perf/util/debug.c | 2
tools/perf/util/dso.h | 4
tools/perf/util/evlist.c | 13
tools/perf/util/intel-tpebs.c | 2
tools/perf/util/pmu.c | 7
tools/perf/util/pmu.h | 5
tools/perf/util/pmus.c | 20
tools/perf/util/python.c | 17
tools/perf/util/stat-shadow.c | 3
tools/perf/util/units.c | 2
tools/power/x86/turbostat/turbostat.8 | 2
tools/power/x86/turbostat/turbostat.c | 2
tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5
tools/testing/selftests/bpf/prog_tests/tailcalls.c | 1
tools/testing/selftests/bpf/progs/strncmp_bench.c | 5
tools/testing/selftests/mm/cow.c | 2
tools/testing/selftests/net/netfilter/br_netfilter.sh | 7
tools/testing/selftests/net/netfilter/br_netfilter_queue.sh | 7
tools/testing/selftests/net/netfilter/nft_queue.sh | 1
419 files changed, 3558 insertions(+), 2027 deletions(-)
Aaron Kling (1):
cpufreq: tegra194: Allow building for Tegra234
Abel Wu (1):
cgroup/rstat: Fix forceidle time in cpu.stat
Acs, Jakub (1):
ext4: fix OOB read when checking dotdot dir
Akhil R (5):
crypto: tegra - Use separate buffer for setkey
crypto: tegra - check return value for hash do_one_req
crypto: tegra - Use HMAC fallback when keyslots are full
crypto: tegra - Fix CMAC intermediate result handling
crypto: tegra - Set IV to NULL explicitly for AES ECB
Al Viro (3):
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
Alex Deucher (3):
drm/amdgpu/umsch: fix ucode check
drm/amdgpu/gfx11: fix num_mec
drm/amdgpu/gfx12: fix num_mec
Alexander Wetzel (3):
wifi: mac80211: Cleanup sta TXQs on flush
wifi: mac80211: remove debugfs dir for virtual monitor
wifi: mac80211: Fix sparse warning for monitor_sdata
Alexandre Ghiti (1):
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
Alexandru Gagniuc (1):
kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
Alexey Klimov (1):
ASoC: codecs: wsa884x: report temps to hwmon in millidegree of Celsius
Alice Ryhl (1):
rust: fix signature of rust_fmt_argument
Alistair Popple (1):
fuse: fix dax truncate/punch_hole fault path
Andrii Nakryiko (1):
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
Andy Shevchenko (3):
auxdisplay: panel: Fix an API misuse in panel.c
pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
AngeloGioacchino Del Regno (2):
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
Angelos Oikonomopoulos (1):
arm64: Don't call NULL in do_compat_alignment_fixup()
Anshuman Khandual (1):
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
Antheas Kapenekakis (1):
ALSA: hda/realtek: Fix Asus Z13 2025 audio
Antoine Tenart (1):
net: decrease cached dst counters in dst_release
Armin Wolf (1):
platform/x86: dell-ddv: Fix temperature calculation
Arnaldo Carvalho de Melo (5):
perf units: Fix insufficient array space
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
Arnd Bergmann (5):
x86/platform: Only allow CONFIG_EISA for 32-bit
dummycon: fix default rows/cols
mdacon: rework dependency list
crypto: bpf - Add MODULE_DESCRIPTION for skcipher
x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
Artur Weber (1):
power: supply: max77693: Fix wrong conversion of charge input threshold value
Ashley Smith (1):
drm/panthor: Update CS_STATUS_ defines to correct values
Atish Patra (1):
RISC-V: KVM: Disable the kernel perf counter during configure
Aurabindo Pillai (1):
drm/amd/display: fix an indent issue in DML21
Bairavi Alagappan (2):
crypto: qat - set parity error mask for qat_420xx
crypto: qat - remove access to parity register for QAT GEN4
Bard Liao (1):
ASoC: rt1320: set wake_capable = 0 explicitly
Barnabás Czémán (1):
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Bart Van Assche (1):
fs/procfs: fix the comment above proc_pid_wchan()
Benjamin Berg (3):
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
um: remove copy_from_kernel_nofault_allowed
um: hostfs: avoid issues on inode number reuse by host
Benjamin Gaignard (1):
media: verisilicon: HEVC: Initialize start_bit field
Björn Töpel (1):
riscv/purgatory: 4B align purgatory_start
Boris Ostrovsky (1):
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
Caleb Sander Mateos (1):
nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
Candice Li (1):
Remove unnecessary firmware version check for gc v9_4_2
Chao Gao (1):
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
Cheng Xu (1):
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
Chenyuan Yang (2):
thermal: int340x: Add NULL check for adev
w1: fix NULL pointer dereference in probe
Chiara Meiohas (1):
RDMA/mlx5: Fix calculation of total invalidated pages
Christian Eggers (1):
ARM: 9444/1: add KEEP() keyword to ARM_VECTORS
Christian Schoenebeck (1):
fs/9p: fix NULL pointer dereference on mkdir
Christophe JAILLET (2):
PCI: histb: Fix an error handling path in histb_pcie_probe()
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
Christophe Leroy (2):
crypto: powerpc: Mark ghashp8-ppc.o as an OBJECT_FILES_NON_STANDARD
powerpc/kexec: fix physical address calculation in clear_utlb_entry()
Chuck Lever (3):
NFSD: nfsd_unlink() clobbers non-zero status returned from fh_fill_pre_attrs()
NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Claudiu Beznea (2):
pinctrl: renesas: rzg2l: Suppress binding attributes
clk: renesas: r8a08g045: Check the source of the CPU PLL settings
Cong Wang (1):
net_sched: skbprio: Remove overly strict queue assertions
Cyan Yang (1):
selftests/mm/cow: fix the incorrect error handling
Dan Carpenter (7):
PCI: Remove stray put_device() in pci_register_host_bridge()
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
PCI: dwc: ep: Return -ENOMEM for allocation failures
fs/ntfs3: Fix a couple integer overflows on 32bit systems
fs/ntfs3: Prevent integer overflow in hdr_first_de()
nfs: Add missing release on error in nfs_lock_and_join_requests()
platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
Daniel Bárta (1):
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
Daniel Stodden (1):
PCI/ASPM: Fix link state exit during switch upstream function removal
Danila Chernetsov (1):
fbdev: sm501fb: Add some geometry checks.
Dave Marquardt (1):
net: ibmveth: make veth_pool_store stop hanging
David E. Box (1):
platform/x86/intel/vsec: Add Diamond Rapids support
David Gow (1):
um: Pass the correct Rust target and options with gcc
David Hildenbrand (3):
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs
David Howells (1):
netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int
David Laight (1):
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
David Oberhollenzer (1):
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
Debin Zhu (1):
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Dmitry Baryshkov (1):
drm/msm/dpu: don't use active in atomic_check()
Dmitry Panchenko (1):
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
Douglas Anderson (1):
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
Douglas Raillard (2):
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
Eduard Christian Dumitrescu (1):
platform/x86: thinkpad_acpi: disable ACPI fan access for T495* and E560
Emil Tantilov (1):
idpf: fix adapter NULL pointer dereference on reboot
Emmanuel Grumbach (2):
wifi: iwlwifi: mvm: use the right version of the rate API
wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
Eric Dumazet (1):
sctp: add mutual exclusion in proc_sctp_do_udp_port()
Eric Sandeen (1):
watch_queue: fix pipe accounting mismatch
Fabrizio Castro (3):
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
Feng Tang (1):
PCI/portdrv: Only disable pciehp interrupts early when needed
Feng Yang (1):
ring-buffer: Fix bytes_dropped calculation issue
Fernando Fernandez Mancera (1):
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Florian Fainelli (2):
spi: bcm2835: Do not call gpiod_put() on invalid descriptor
spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
Florian Westphal (2):
selftests: netfilter: skip br_netfilter queue tests if kernel is tainted
netfilter: nf_tables: don't unregister hook when table is dormant
Frieder Schrempf (1):
regulator: pca9450: Fix enable register for LDO5
Geert Uytterhoeven (2):
auxdisplay: MAX6959 should select BITREVERSE
drm/bridge: ti-sn65dsi86: Fix multiple instances
Geetha sowjanya (2):
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Giovanni Gherdovich (1):
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Greg Kroah-Hartman (1):
Linux 6.12.23
Guilherme G. Piccoli (1):
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Guillaume Nault (1):
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Hans Zhang (1):
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Hans de Goede (1):
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
Heiko Stuebner (1):
phy: phy-rockchip-samsung-hdptx: Don't use dt aliases to determine phy-id
Hengqi Chen (3):
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Don't override subprog's return value
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
Henry Martin (2):
ASoC: imx-card: Add NULL check in imx_card_probe()
arcnet: Add NULL check in com20020pci_probe()
Herbert Xu (3):
crypto: iaa - Test the correct request flag
crypto: api - Fix larval relookup type and mask
crypto: nx - Fix uninitialised hv_nxc on error
Hermes Wu (1):
drm/bridge: it6505: fix HDCP V match check is not performed correctly
Herton R. Krzesinski (1):
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
Hou Tao (1):
bpf: Use preempt_count() directly in bpf_send_signal_common()
Huacai Chen (2):
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
LoongArch: Increase MAX_IO_PICS up to 8
Ian Rogers (4):
perf stat: Fix find_stat for mixed legacy/non-legacy events
tools/x86: Fix linux/unaligned.h include path in lib/insn.c
perf debug: Avoid stack overflow in recursive error message
perf evlist: Add success path to evlist__create_syswide_maps
Icenowy Zheng (2):
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Ido Schimmel (2):
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
Ilkka Koskinen (2):
coresight: catu: Fix number of pages while using 64k pages
perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
Ilpo Järvinen (5):
platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Make symbol static
platform/x86: dell-uart-backlight: Make dell_uart_bl_serdev_driver static
PCI: Remove add_align overwrite unrelated to size0
PCI: Fix BAR resizing when VF BARs are assigned
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Jakub Kicinski (1):
net: dsa: rtl8366rb: don't prompt users for LED control
James Clark (3):
perf: Always feature test reallocarray
perf pmu: Don't double count common sysfs and json events
perf: intel-tpebs: Fix incorrect usage of zfree()
James Morse (1):
x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
Jann Horn (3):
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Jason-JH Lin (1):
drm/mediatek: Fix config_updating flag never false when no mbox channel
Javier Martinez Canillas (1):
drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
Jayesh Choudhary (1):
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Jeff Layton (1):
nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
Jerome Brunet (4):
clk: amlogic: gxbb: drop incorrect flag on 32k clock
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
clk: amlogic: g12a: fix mmc A peripheral clock
Jiayuan Chen (1):
bpf: Fix array bounds error with may_goto
Jie Zhan (1):
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Jim Liu (1):
net: phy: broadcom: Correct BCM5221 PHY model detection
Jim Quinlan (4):
PCI: brcmstb: Set generation limit before PCIe link up
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
Jiri Kosina (1):
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Jiri Olsa (1):
uprobes/x86: Harden uretprobe syscall trampoline check
Jiri Slaby (SUSE) (1):
tty: n_tty: use uint for space returned by tty_write_room()
Joe Damato (1):
idpf: Don't hard code napi_struct size
Joe Hattori (2):
media: platform: allgro-dvt: unregister v4l2_device on the error path
soundwire: slave: fix an OF node reference leak in soundwire slave device
Johannes Berg (2):
wifi: iwlwifi: fw: allocate chained SG tables for dump
wifi: mac80211: fix SA Query processing in MLO
John Keeping (3):
drm/ssd130x: fix ssd132x encoding
drm/ssd130x: ensure ssd132x pitch is correct
drm/panel: ilitek-ili9882t: fix GPIO name in error message
Jonathan Cameron (2):
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
Jonathan Santos (1):
iio: adc: ad7768-1: set MOSI idle state to prevent accidental reset
Josh Poimboeuf (9):
x86/traps: Make exc_double_fault() consistently noreturn
objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
objtool: Fix segfault in ignore_unreachable_insn()
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
objtool/loongarch: Add unwind hints in prepare_frametrace()
spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock()
Joshua Hahn (1):
cgroup/rstat: Tracking cgroup-level niced CPU time
José Expósito (1):
drm/vkms: Fix use after free and double free on init error
Juhan Jin (1):
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Kai-Heng Feng (1):
PCI: Use downstream bridges for distributing resources
Kan Liang (1):
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
Karan Sanghavi (1):
iio: light: Add check for array bounds in veml6075_read_int_time_ms
Karel Balej (1):
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Kees Bakker (1):
RDMA/mana_ib: Ensure variable err is initialized
Kees Cook (1):
kunit/stackinit: Use fill byte different from Clang i386 pattern
Keith Busch (1):
nvme-pci: fix stuck reset on concurrent DPC and HP
Kevin Loughlin (1):
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
Konrad Dybcio (1):
clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
Konstantin Andreev (2):
smack: dont compile ipv6 code unless ipv6 is configured
smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
Konstantin Komarov (1):
fs/ntfs3: Update inode->i_mapping->a_ops on compression state
Krzysztof Kozlowski (1):
drm/msm/dsi/phy: Program clock inverters in correct register
Kuniyuki Iwashima (2):
udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
udp: Fix memory accounting leak.
Lama Kayal (1):
net/mlx5e: SHAMPO, Make reserved size independent of page size
Laurentiu Mihalcea (1):
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
Len Brown (1):
tools/power turbostat: report CoreThr per measurement interval
Leo Yan (1):
perf arm-spe: Fix load-store operation checking
Li Huafei (1):
watchdog/hardlockup/perf: Fix perf_event memory leak
Li Lingfeng (1):
nfsd: put dl_stid if fail to queue dl_recall
Lin Ma (2):
netfilter: nft_tunnel: fix geneve_opt type confusion addition
net: fix geneve_opt length integer overflow
Lubomir Rintel (1):
rndis_host: Flag RNDIS modems as WWAN devices
Luca Ceresoli (1):
perf build: Fix in-tree build due to symbolic link
Luca Weiss (4):
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Maher Sanalla (1):
IB/mad: Check available slots before posting receive WRs
Marcus Meissner (1):
perf tools: annotate asm_pure_loop.S
Marijn Suijten (2):
drm/msm/dsi: Use existing per-interface slice count in DSC timing
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
Mario Limonciello (2):
ucsi_ccg: Don't show failed to get FW build information error
drm/amd: Keep display off while going into S4
Mark Zhang (1):
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Markus Elfring (2):
fbdev: au1100fb: Move a variable assignment behind a null pointer check
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Masami Hiramatsu (Google) (2):
tracing/hist: Add poll(POLLIN) support on hist file
tracing/hist: Support POLLPRI event for poll on histogram
Matthias Proske (1):
wifi: brcmfmac: keep power during suspend if board requires it
Maud Spierings (1):
dt-bindings: vendor-prefixes: add GOcontroll
Miaoqian Lin (3):
ksmbd: use aead_request_free to match aead_request_alloc
LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
mmc: omap: Fix memory leak in mmc_omap_new_slot
Michael Guralnik (2):
RDMA/mlx5: Fix page_size variable overflow
RDMA/mlx5: Fix MR cache initialization error flow
Michael Kelley (1):
x86/hyperv: Fix output argument to hypercall that changes page visibility
Mike Christie (1):
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
Mike Rapoport (Microsoft) (1):
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Ming Lei (1):
ublk: make sure ubq->canceling is set when queue is frozen
Ming Yen Hsieh (2):
wifi: mt76: mt7925: remove unused acpi function for clc
wifi: mt76: mt7921: fix kernel panic due to null pointer dereference
Murad Masimov (2):
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
media: streamzap: fix race between device disconnection and urb callback
Naman Jain (1):
x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
Namhyung Kim (2):
perf report: Switch data file correctly in TUI
perf bpf-filter: Fix a parsing error with comma
Namjae Jeon (8):
ksmbd: fix multichannel connection failure
ksmbd: fix r_count dec/increment mismatch
smb: common: change the data type of num_aces to le16
cifs: fix incorrect validation for num_aces field of smb_acl
ksmbd: add bounds check for durable handle context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
ksmbd: fix null pointer dereference in alloc_preauth_hash()
Nathan Chancellor (1):
ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
Navon John Lukose (1):
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Neil Armstrong (1):
clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
NeilBrown (1):
NFS: fix open_owner_id_maxsz and related fields.
Nikita Shubin (1):
ntb: intel: Fix using link status DB's
Nikita Zhandarovich (2):
mfd: sm501: Switch to BIT() to mitigate integer overflows
media: vimc: skip .s_stream() for stopped entities
Niklas Neronin (1):
usb: xhci: correct debug message page size calculation
Niklas Schnelle (1):
s390: Remove ioremap_wt() and pgprot_writethrough()
Nishanth Aravamudan (1):
PCI: Avoid reset when disabled via sysfs
Norbert Szetei (3):
ksmbd: add bounds check for create lease context
ksmbd: fix overflow in dacloffset bounds check
ksmbd: validate zero num_subauth before sub_auth is accessed
Nuno Sá (1):
iio: backend: make sure to NULL terminate stack buffer
Oleg Nesterov (1):
exec: fix the racy usage of fs_struct->in_exec
Olga Kornievskaia (1):
nfsd: fix management of listener transports
Oliver Hartkopp (1):
can: statistics: use atomic access in hot path
Pablo Neira Ayuso (1):
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Palmer Dabbelt (1):
RISC-V: errata: Use medany for relocatable builds
Paolo Bonzini (1):
KVM: x86: block KVM_CAP_SYNC_REGS if guest state is protected
Patrisious Haddad (1):
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Paul Menzel (1):
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Peng Fan (3):
remoteproc: core: Clear table_sz when rproc_shutdown
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
dmaengine: fsl-edma: free irq correctly in remove path
Peter Geis (1):
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Peter Zijlstra (2):
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
perf/core: Fix perf_pmu_register() vs. perf_init_event()
Peter Zijlstra (Intel) (1):
perf/x86/intel: Apply static call for drain_pebs
Prathamesh Shete (1):
pinctrl: tegra: Set SFIO mode to Mux Register
Qasim Ijaz (2):
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
jfs: fix slab-out-of-bounds read in ea_get()
Qiuxu Zhuo (4):
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
Rafael J. Wysocki (2):
PM: sleep: Adjust check before setting power.must_resume
PM: sleep: Fix handling devices with direct_complete set on errors
Ran Xiaokai (1):
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Remi Pommarel (1):
leds: Fix LED_OFF brightness race
Richard Fitzgerald (1):
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
Rob Clark (1):
drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
Robin Murphy (1):
media: omap3isp: Handle ARM dma_iommu_mapping
Roger Quadros (1):
memory: omap-gpmc: drop no compatible check
Roman Gushchin (1):
RDMA/core: Don't expose hw_counters outside of init net namespace
Roman Smirnov (1):
jfs: add index corruption check to DT_GETPAGE()
Sagi Grimberg (1):
nvme-tcp: fix possible UAF in nvme_tcp_poll
Saket Kumar Bhaskar (1):
selftests/bpf: Select NUMA_NO_NODE to create map
Sean Christopherson (1):
KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
Sebastian Andrzej Siewior (1):
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Sherry Sun (4):
tty: serial: fsl_lpuart: Use u32 and u8 for register variables
tty: serial: fsl_lpuart: use port struct directly to simply code
tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register
Shrikanth Hegde (1):
sched/deadline: Use online cpus for validating runtime
Shuai Xue (1):
x86/mce: use is_copy_from_user() to determine copy-from-user context
Shyam Sundar S K (2):
platform/x86/amd/pmf: Propagate PMF-TA return codes
platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-TA
Sicelo A. Mhlongo (1):
power: supply: bq27xxx_battery: do not update cached flags prematurely
Simon Tatham (2):
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
Sourabh Jain (1):
kexec: initialize ELF lowest address to ULONG_MAX
Srinivas Pandruvada (1):
platform/x86: ISST: Correct command storage data length
Srinivasan Shanmugam (1):
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
Stanislav Spassov (1):
x86/fpu: Fix guest FPU state buffer allocation size
Stanley Chu (1):
i3c: master: svc: Fix missing the IBI rules
Stefan Binding (7):
ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
Stefan Wahren (2):
staging: vchiq_arm: Register debugfs after cdev
staging: vchiq_arm: Fix possible NPR of keep-alive thread
Stefano Garzarella (1):
vsock: avoid timeout during connect() if the socket is closing
Stephen Brennan (1):
perf dso: fix dso__is_kallsyms() check
Steven Rostedt (2):
tracing: Switch trace_events_hist.c code over to use guard()
tracing: Do not use PERF enums when perf is not defined
Sungjong Seo (2):
exfat: fix random stack corruption after get_block
exfat: fix potential wrong error return from get_block
Sven Schnelle (1):
s390/entry: Fix setting _CIF_MCCK_GUEST with lowcore relocation
Taehee Yoo (1):
net: devmem: do not WARN conditionally after netdev_rx_queue_restart()
Takashi Iwai (4):
ALSA: hda/realtek: Always honor no_shutup_pins
ALSA: timer: Don't take register_mutex with copy_from/to_user()
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
Tanya Agarwal (1):
lib: 842: Improve error handling in sw842_compress()
Tao Chen (1):
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Tasos Sahanidis (1):
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Tengda Wu (3):
selftests/bpf: Fix freplace_link segfault in tailcalls prog test
tracing: Correct the refcount if the hist/hist_debug file fails to open
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Thadeu Lima de Souza Cascardo (1):
drm/amd/display: avoid NPD when ASIC does not support DMUB
Theodore Ts'o (1):
ext4: don't over-report free space or inodes in statvfs
Thippeswamy Havalige (1):
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Thomas Richter (1):
perf bench: Fix perf bench syscall loop count
Tianchen Ding (1):
sched/eevdf: Force propagating min_slice of cfs_rq when {en,de}queue tasks
Tianyu Lan (1):
x86/hyperv: Fix check of return value from snp_set_vmsa()
Tim Schumacher (1):
selinux: Chain up tool resolving errors in install_policy.sh
Tobias Waldekranz (1):
net: mvpp2: Prevent parser TCAM memory corruption
Tomi Valkeinen (1):
drm: xlnx: zynqmp: Fix max dma segment size
Trond Myklebust (5):
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
NFSv4: Avoid unnecessary scans of filesystems for returning delegations
NFSv4: Avoid unnecessary scans of filesystems for expired delegations
NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
NFS: Shut down the nfs_client only after all the superblocks
Tushar Dave (1):
PCI/ACS: Fix 'pci=config_acs=' parameter
Ulf Hansson (1):
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
Uwe Kleine-König (3):
iio: adc: ad4130: Fix comparison of channel setups
iio: adc: ad7124: Fix comparison of channel configs
iio: adc: ad7173: Fix comparison of channel configs
Vasiliy Kovalev (1):
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Venkata Prasad Potturu (1):
ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
Viktor Malik (1):
selftests/bpf: Fix string read in strncmp benchmark
Vishal Annapurve (1):
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
Vitalii Mordan (1):
gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
Vitaliy Shevtsov (2):
ASoC: cs35l41: check the return value from spi_setup()
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Vitaly Kuznetsov (1):
x86/entry: Add __init to ia32_emulation_override_cmdline()
Vitaly Lifshits (1):
e1000e: change k1 configuration on MTP and later platforms
Vladimir Lypak (1):
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Vladis Dronov (1):
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
WANG Rui (1):
rust: Fix enabling Rust and building with GCC for LoongArch
Waiman Long (1):
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Wang Liang (1):
RDMA/core: Fix use-after-free when rename device name
Wang Zhaolong (1):
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
Wayne Lin (1):
drm/dp_mst: Fix drm RAD print
Wenkai Lin (3):
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for sec spec check
crypto: hisilicon/sec2 - fix for aead auth key length
Wentao Guan (1):
HID: i2c-hid: improve i2c_hid_get_report error message
Wentao Liang (1):
greybus: gb-beagleplay: Add error handling for gb_greybus_init
Will McVicker (1):
clk: samsung: Fix UBSAN panic in samsung_clk_init()
Yajun Deng (1):
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Yang Wang (1):
drm/amdgpu: refine smu send msg debug log format
Yao Zi (1):
riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
Yeoreum Yun (1):
perf/core: Fix child_total_time_enabled accounting bug at task exit
Ying Lu (1):
usbnet:fix NPE during rx_complete
Yosry Ahmed (1):
mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead()
Yuanfang Zhang (1):
coresight-etm4x: add isb() before reading the TRCSTATR
Yue Haibing (1):
pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
Yuezhang Mo (3):
exfat: fix the infinite loop in exfat_find_last_cluster()
exfat: fix missing shutdown check
exfat: add a check for invalid data size
Yuli Wang (1):
LoongArch: Rework the arch_kgdb_breakpoint() implementation
Zijun Hu (1):
of: property: Increase NR_FWNODE_REFERENCE_ARGS
xueqin Luo (1):
thermal: core: Remove duplicate struct declaration
zihan zhou (1):
sched: Cancel the slice protection of the idle entity
zuoqian (1):
cpufreq: scpi: compare kHz instead of Hz
谢致邦 (XIE Zhibang) (2):
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
5 months, 2 weeks
- 1
- 1
Linux 6.6.87
by Greg Kroah-Hartman
I'm announcing the release of the 6.6.87 kernel.
All users of the 6.6 kernel series must upgrade.
The updated 6.6.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/vendor-prefixes.yaml | 2
Makefile | 2
arch/arm64/kernel/compat_alignment.c | 2
arch/loongarch/Kconfig | 4
arch/loongarch/include/asm/cache.h | 2
arch/loongarch/kernel/kgdb.c | 5
arch/loongarch/net/bpf_jit.c | 12
arch/loongarch/net/bpf_jit.h | 5
arch/powerpc/configs/mpc885_ads_defconfig | 2
arch/powerpc/platforms/cell/spufs/gang.c | 1
arch/powerpc/platforms/cell/spufs/inode.c | 63 ++-
arch/powerpc/platforms/cell/spufs/spufs.h | 2
arch/riscv/errata/Makefile | 6
arch/riscv/include/asm/ftrace.h | 4
arch/riscv/kvm/vcpu_pmu.c | 1
arch/riscv/mm/hugetlbpage.c | 76 ++-
arch/um/include/shared/os.h | 1
arch/um/kernel/Makefile | 2
arch/um/kernel/maccess.c | 19
arch/um/os-Linux/process.c | 51 --
arch/x86/Kconfig | 2
arch/x86/entry/calling.h | 2
arch/x86/events/intel/core.c | 43 +-
arch/x86/events/intel/ds.c | 13
arch/x86/events/perf_event.h | 3
arch/x86/hyperv/hv_vtl.c | 1
arch/x86/hyperv/ivm.c | 5
arch/x86/include/asm/tlbflush.h | 2
arch/x86/kernel/cpu/microcode/amd.c | 2
arch/x86/kernel/cpu/sgx/driver.c | 10
arch/x86/kernel/dumpstack.c | 5
arch/x86/kernel/fpu/core.c | 6
arch/x86/kernel/process.c | 7
arch/x86/kernel/traps.c | 18
arch/x86/kernel/tsc.c | 4
arch/x86/lib/copy_user_64.S | 18
arch/x86/mm/mem_encrypt_identity.c | 4
arch/x86/mm/pat/cpa-test.c | 2
arch/x86/mm/pat/memtype.c | 52 +-
drivers/acpi/nfit/core.c | 2
drivers/acpi/processor_idle.c | 4
drivers/acpi/resource.c | 7
drivers/acpi/x86/utils.c | 3
drivers/base/power/main.c | 21 -
drivers/base/power/runtime.c | 2
drivers/clk/imx/clk-imx8mp-audiomix.c | 6
drivers/clk/meson/g12a.c | 38 +
drivers/clk/meson/gxbb.c | 14
drivers/clk/qcom/gcc-msm8953.c | 2
drivers/clk/qcom/mmcc-sdm660.c | 2
drivers/clk/rockchip/clk-rk3328.c | 2
drivers/clk/samsung/clk.c | 2
drivers/cpufreq/cpufreq_governor.c | 45 +-
drivers/cpufreq/scpi-cpufreq.c | 5
drivers/crypto/hisilicon/sec2/sec.h | 1
drivers/crypto/hisilicon/sec2/sec_crypto.c | 125 ++----
drivers/crypto/nx/nx-common-pseries.c | 37 -
drivers/dma/fsl-edma-main.c | 2
drivers/edac/i10nm_base.c | 2
drivers/edac/ie31200_edac.c | 19
drivers/edac/skx_common.c | 33 +
drivers/edac/skx_common.h | 11
drivers/firmware/cirrus/cs_dsp.c | 2
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2
drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15
drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 16
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5
drivers/gpu/drm/amd/display/dc/core/dc_link_exports.c | 3
drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4
drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12
drivers/gpu/drm/bridge/ite-it6505.c | 7
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2
drivers/gpu/drm/display/drm_dp_mst_topology.c | 8
drivers/gpu/drm/mediatek/mtk_dp.c | 6
drivers/gpu/drm/mediatek/mtk_dsi.c | 6
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +
drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c | 4
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3
drivers/gpu/drm/msm/dsi/dsi_host.c | 8
drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 +
drivers/gpu/drm/msm/msm_dsc_helper.h | 11
drivers/gpu/drm/vkms/vkms_drv.c | 15
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2
drivers/hid/Makefile | 1
drivers/hid/i2c-hid/i2c-hid-core.c | 2
drivers/hwmon/nct6775-core.c | 4
drivers/hwtracing/coresight/coresight-catu.c | 2
drivers/hwtracing/coresight/coresight-core.c | 20
drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 ++
drivers/i3c/master/svc-i3c-master.c | 2
drivers/iio/accel/mma8452.c | 10
drivers/iio/accel/msa311.c | 26 -
drivers/iio/adc/ad4130.c | 41 +-
drivers/iio/adc/ad7124.c | 35 +
drivers/infiniband/core/device.c | 9
drivers/infiniband/core/mad.c | 38 -
drivers/infiniband/core/sysfs.c | 1
drivers/infiniband/hw/erdma/erdma_cm.c | 1
drivers/infiniband/hw/mana/main.c | 2
drivers/infiniband/hw/mlx5/cq.c | 2
drivers/infiniband/hw/mlx5/odp.c | 10
drivers/leds/led-core.c | 22 -
drivers/media/dvb-frontends/dib8000.c | 5
drivers/media/platform/allegro-dvt/allegro-core.c | 1
drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1
drivers/media/rc/streamzap.c | 2
drivers/memory/omap-gpmc.c | 20
drivers/mfd/sm501.c | 6
drivers/mmc/host/omap.c | 19
drivers/mmc/host/sdhci-omap.c | 4
drivers/mmc/host/sdhci-pxav3.c | 1
drivers/net/arcnet/com20020-pci.c | 17
drivers/net/dsa/mv88e6xxx/chip.c | 11
drivers/net/dsa/mv88e6xxx/phy.c | 3
drivers/net/ethernet/ibm/ibmveth.c | 39 +
drivers/net/ethernet/intel/e1000e/defines.h | 3
drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++
drivers/net/ethernet/intel/e1000e/ich8lan.h | 4
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++----
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2
drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8
drivers/net/usb/rndis_host.c | 16
drivers/net/usb/usbnet.c | 6
drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++--
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2
drivers/ntb/test/ntb_perf.c | 4
drivers/nvme/host/pci.c | 34 +
drivers/nvme/host/tcp.c | 5
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3
drivers/pci/controller/cadence/pcie-cadence.h | 2
drivers/pci/controller/dwc/pcie-histb.c | 12
drivers/pci/controller/pcie-brcmstb.c | 9
drivers/pci/controller/pcie-xilinx-cpm.c | 10
drivers/pci/hotplug/pciehp_hpc.c | 4
drivers/pci/pci.c | 4
drivers/pci/pcie/aspm.c | 17
drivers/pci/pcie/portdrv.c | 8
drivers/pci/probe.c | 5
drivers/pci/setup-bus.c | 3
drivers/pinctrl/intel/pinctrl-intel.c | 1
drivers/pinctrl/renesas/pinctrl-rza2.c | 2
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2
drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2
drivers/pinctrl/tegra/pinctrl-tegra.c | 3
drivers/platform/x86/dell/dell-wmi-ddv.c | 6
drivers/platform/x86/intel/hid.c | 7
drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2
drivers/platform/x86/intel/vsec.c | 7
drivers/power/supply/max77693_charger.c | 2
drivers/remoteproc/qcom_q6v5_mss.c | 21 -
drivers/remoteproc/qcom_q6v5_pas.c | 12
drivers/remoteproc/remoteproc_core.c | 1
drivers/scsi/qla2xxx/qla_os.c | 2
drivers/soundwire/slave.c | 1
drivers/staging/rtl8723bs/Kconfig | 1
drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3
drivers/tty/n_tty.c | 13
drivers/usb/host/xhci-mem.c | 6
drivers/usb/typec/ucsi/ucsi_ccg.c | 5
drivers/vhost/scsi.c | 25 -
drivers/video/console/Kconfig | 2
drivers/video/fbdev/au1100fb.c | 4
drivers/video/fbdev/sm501fb.c | 7
fs/affs/file.c | 9
fs/btrfs/extent-tree.c | 5
fs/exec.c | 15
fs/exfat/fatent.c | 2
fs/ext4/dir.c | 3
fs/ext4/super.c | 27 -
fs/fuse/dax.c | 1
fs/fuse/dir.c | 2
fs/fuse/file.c | 4
fs/hostfs/hostfs.h | 2
fs/hostfs/hostfs_kern.c | 7
fs/hostfs/hostfs_user.c | 59 +-
fs/isofs/dir.c | 3
fs/jfs/jfs_dtree.c | 3
fs/jfs/xattr.c | 15
fs/nfs/delegation.c | 33 -
fs/nfs/sysfs.c | 22 +
fs/nfsd/nfs4state.c | 31 +
fs/ntfs3/index.c | 4
fs/ntfs3/ntfs.h | 2
fs/ocfs2/alloc.c | 8
fs/proc/base.c | 2
fs/smb/client/cifsacl.c | 8
fs/smb/client/connect.c | 16
fs/smb/server/auth.c | 6
fs/smb/server/mgmt/user_session.c | 33 +
fs/smb/server/mgmt/user_session.h | 2
fs/smb/server/oplock.c | 12
fs/smb/server/smb2pdu.c | 40 +
fs/smb/server/smbacl.c | 5
include/drm/display/drm_dp_mst_helper.h | 7
include/linux/context_tracking_irq.h | 8
include/linux/coresight.h | 4
include/linux/fwnode.h | 2
include/linux/interrupt.h | 8
include/linux/pgtable.h | 28 +
include/linux/pm_runtime.h | 2
include/linux/rcupdate.h | 2
include/linux/sched/smt.h | 2
include/linux/trace.h | 4
include/linux/trace_events.h | 14
include/rdma/ib_verbs.h | 1
kernel/events/core.c | 46 +-
kernel/events/ring_buffer.c | 2
kernel/events/uprobes.c | 13
kernel/fork.c | 4
kernel/kexec_elf.c | 2
kernel/locking/semaphore.c | 13
kernel/sched/deadline.c | 2
kernel/trace/bpf_trace.c | 2
kernel/trace/ring_buffer.c | 4
kernel/trace/trace.c | 23 -
kernel/trace/trace.h | 1
kernel/trace/trace_boot.c | 2
kernel/trace/trace_events.c | 62 ++-
kernel/trace/trace_events_hist.c | 133 +++++-
kernel/trace/trace_events_synth.c | 36 +
kernel/trace/trace_functions_graph.c | 1
kernel/trace/trace_irqsoff.c | 2
kernel/trace/trace_osnoise.c | 1
kernel/trace/trace_sched_wakeup.c | 2
kernel/watch_queue.c | 9
lib/842/842_compress.c | 2
lib/overflow_kunit.c | 3
mm/memory.c | 13
net/can/af_can.c | 12
net/can/af_can.h | 12
net/can/proc.c | 46 +-
net/core/dst.c | 8
net/core/rtnetlink.c | 3
net/ipv4/ip_tunnel_core.c | 4
net/ipv4/udp.c | 16
net/ipv6/addrconf.c | 37 +
net/ipv6/calipso.c | 21 -
net/ipv6/route.c | 42 +-
net/mac80211/sta_info.c | 20
net/netfilter/nf_tables_api.c | 4
net/netfilter/nft_set_hash.c | 3
net/netfilter/nft_tunnel.c | 6
net/openvswitch/actions.c | 6
net/sched/act_tunnel_key.c | 2
net/sched/cls_flower.c | 2
net/sched/sch_skbprio.c | 3
net/vmw_vsock/af_vsock.c | 6
samples/ftrace/sample-trace-array.c | 2
scripts/selinux/install_policy.sh | 15
security/smack/smack.h | 6
security/smack/smack_lsm.c | 10
sound/pci/hda/patch_realtek.c | 33 +
sound/soc/codecs/cs35l41-spi.c | 4
sound/soc/codecs/rt5665.c | 24 -
sound/soc/fsl/imx-card.c | 4
sound/soc/ti/j721e-evm.c | 2
tools/lib/bpf/linker.c | 2
tools/objtool/check.c | 35 -
tools/perf/bench/syscall.c | 22 -
tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2
tools/perf/util/arm-spe.c | 8
tools/perf/util/evlist.c | 13
tools/perf/util/pmu.c | 7
tools/perf/util/pmu.h | 5
tools/perf/util/pmus.c | 20
tools/perf/util/python.c | 17
tools/perf/util/stat-shadow.c | 3
tools/perf/util/units.c | 2
tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5
tools/testing/selftests/bpf/progs/strncmp_bench.c | 5
tools/testing/selftests/mm/cow.c | 2
278 files changed, 2329 insertions(+), 1175 deletions(-)
Acs, Jakub (1):
ext4: fix OOB read when checking dotdot dir
Al Viro (3):
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
Alex Deucher (1):
drm/amdgpu/gfx11: fix num_mec
Alex Hung (1):
drm/amd/display: Check link_index before accessing dc->links[]
Alexandre Ghiti (1):
riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
Alistair Popple (1):
fuse: fix dax truncate/punch_hole fault path
Andrii Nakryiko (1):
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
Andy Shevchenko (1):
pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
AngeloGioacchino Del Regno (2):
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
Angelos Oikonomopoulos (1):
arm64: Don't call NULL in do_compat_alignment_fixup()
Anshuman Khandual (1):
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
Antheas Kapenekakis (1):
ALSA: hda/realtek: Fix Asus Z13 2025 audio
Antoine Tenart (1):
net: decrease cached dst counters in dst_release
Armin Wolf (1):
platform/x86: dell-ddv: Fix temperature calculation
Arnaldo Carvalho de Melo (5):
perf units: Fix insufficient array space
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
Arnd Bergmann (2):
x86/platform: Only allow CONFIG_EISA for 32-bit
mdacon: rework dependency list
Artur Weber (1):
power: supply: max77693: Fix wrong conversion of charge input threshold value
Atish Patra (1):
RISC-V: KVM: Disable the kernel perf counter during configure
Barnabás Czémán (1):
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Bart Van Assche (1):
fs/procfs: fix the comment above proc_pid_wchan()
Benjamin Berg (3):
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
um: remove copy_from_kernel_nofault_allowed
um: hostfs: avoid issues on inode number reuse by host
Benjamin Gaignard (1):
media: verisilicon: HEVC: Initialize start_bit field
Boris Ostrovsky (1):
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
Chao Gao (1):
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
Cheng Xu (1):
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
Chenyuan Yang (1):
thermal: int340x: Add NULL check for adev
Chiara Meiohas (1):
RDMA/mlx5: Fix calculation of total invalidated pages
Christophe JAILLET (2):
PCI: histb: Fix an error handling path in histb_pcie_probe()
ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
Chuck Lever (1):
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Cong Wang (1):
net_sched: skbprio: Remove overly strict queue assertions
Cyan Yang (1):
selftests/mm/cow: fix the incorrect error handling
Dan Carpenter (4):
PCI: Remove stray put_device() in pci_register_host_bridge()
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
fs/ntfs3: Fix a couple integer overflows on 32bit systems
fs/ntfs3: Prevent integer overflow in hdr_first_de()
Daniel Bárta (1):
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
Daniel Stodden (1):
PCI/ASPM: Fix link state exit during switch upstream function removal
Danila Chernetsov (1):
fbdev: sm501fb: Add some geometry checks.
Dave Marquardt (1):
net: ibmveth: make veth_pool_store stop hanging
David E. Box (1):
platform/x86/intel/vsec: Add Diamond Rapids support
David Hildenbrand (2):
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
kernel/events/uprobes: handle device-exclusive entries correctly in __replace_page()
David Laight (1):
objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
David Oberhollenzer (1):
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
Debin Zhu (1):
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Dmitry Baryshkov (1):
drm/msm/dpu: don't use active in atomic_check()
Dmitry Panchenko (1):
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
Douglas Anderson (1):
drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
Douglas Raillard (2):
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
Emmanuel Grumbach (2):
wifi: iwlwifi: mvm: use the right version of the rate API
wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state
Eric Sandeen (1):
watch_queue: fix pipe accounting mismatch
Fabrizio Castro (3):
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
Feng Tang (1):
PCI/portdrv: Only disable pciehp interrupts early when needed
Feng Yang (1):
ring-buffer: Fix bytes_dropped calculation issue
Fernando Fernandez Mancera (1):
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Florian Westphal (1):
netfilter: nf_tables: don't unregister hook when table is dormant
Geert Uytterhoeven (1):
drm/bridge: ti-sn65dsi86: Fix multiple instances
Geetha sowjanya (2):
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Giovanni Gherdovich (1):
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Greg Kroah-Hartman (1):
Linux 6.6.87
Guilherme G. Piccoli (1):
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Guillaume Nault (1):
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Hans Zhang (1):
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Hans de Goede (1):
ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
Hengqi Chen (3):
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Don't override subprog's return value
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
Henry Martin (2):
ASoC: imx-card: Add NULL check in imx_card_probe()
arcnet: Add NULL check in com20020pci_probe()
Herbert Xu (1):
crypto: nx - Fix uninitialised hv_nxc on error
Hermes Wu (1):
drm/bridge: it6505: fix HDCP V match check is not performed correctly
Herton R. Krzesinski (1):
x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs
Hou Tao (1):
bpf: Use preempt_count() directly in bpf_send_signal_common()
Huacai Chen (1):
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
Ian Rogers (2):
perf stat: Fix find_stat for mixed legacy/non-legacy events
perf evlist: Add success path to evlist__create_syswide_maps
Icenowy Zheng (2):
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Ido Schimmel (2):
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
Ilkka Koskinen (1):
coresight: catu: Fix number of pages while using 64k pages
Ilpo Järvinen (1):
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Ivan Orlov (1):
kunit/overflow: Fix UB in overflow_allocation_test
James Clark (1):
perf pmu: Don't double count common sysfs and json events
Jann Horn (3):
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Jayesh Choudhary (1):
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Jerome Brunet (4):
clk: amlogic: gxbb: drop incorrect flag on 32k clock
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
clk: amlogic: g12a: fix mmc A peripheral clock
Jie Zhan (1):
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Jim Quinlan (3):
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
Jiri Kosina (1):
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Jiri Slaby (SUSE) (1):
tty: n_tty: use uint for space returned by tty_write_room()
Joe Hattori (2):
media: platform: allgro-dvt: unregister v4l2_device on the error path
soundwire: slave: fix an OF node reference leak in soundwire slave device
Johannes Berg (1):
wifi: iwlwifi: fw: allocate chained SG tables for dump
Jonathan Cameron (2):
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
Josef Bacik (1):
btrfs: handle errors from btrfs_dec_ref() properly
Josh Poimboeuf (6):
x86/traps: Make exc_double_fault() consistently noreturn
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
objtool: Fix segfault in ignore_unreachable_insn()
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
José Expósito (1):
drm/vkms: Fix use after free and double free on init error
Juhan Jin (1):
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Kai-Heng Feng (1):
PCI: Use downstream bridges for distributing resources
Kan Liang (1):
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
Karel Balej (1):
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Kees Bakker (1):
RDMA/mana_ib: Ensure variable err is initialized
Keith Busch (1):
nvme-pci: fix stuck reset on concurrent DPC and HP
Kevin Loughlin (1):
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
Konstantin Andreev (1):
smack: dont compile ipv6 code unless ipv6 is configured
Kuniyuki Iwashima (1):
udp: Fix memory accounting leak.
Lama Kayal (1):
net/mlx5e: SHAMPO, Make reserved size independent of page size
Laurentiu Mihalcea (1):
clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
Leo Yan (1):
perf arm-spe: Fix load-store operation checking
Li Lingfeng (1):
nfsd: put dl_stid if fail to queue dl_recall
Lin Ma (2):
netfilter: nft_tunnel: fix geneve_opt type confusion addition
net: fix geneve_opt length integer overflow
Lubomir Rintel (1):
rndis_host: Flag RNDIS modems as WWAN devices
Luca Weiss (3):
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Maher Sanalla (1):
IB/mad: Check available slots before posting receive WRs
Marcus Meissner (1):
perf tools: annotate asm_pure_loop.S
Marijn Suijten (2):
drm/msm/dsi: Use existing per-interface slice count in DSC timing
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
Mario Limonciello (2):
ucsi_ccg: Don't show failed to get FW build information error
drm/amd: Keep display off while going into S4
Mark Zhang (1):
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Markus Elfring (2):
fbdev: au1100fb: Move a variable assignment behind a null pointer check
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Masami Hiramatsu (Google) (2):
tracing/hist: Add poll(POLLIN) support on hist file
tracing/hist: Support POLLPRI event for poll on histogram
Matthias Proske (1):
wifi: brcmfmac: keep power during suspend if board requires it
Maud Spierings (1):
dt-bindings: vendor-prefixes: add GOcontroll
Miaoqian Lin (2):
ksmbd: use aead_request_free to match aead_request_alloc
mmc: omap: Fix memory leak in mmc_omap_new_slot
Michael Kelley (1):
x86/hyperv: Fix output argument to hypercall that changes page visibility
Mike Christie (1):
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
Mike Rapoport (Microsoft) (1):
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Murad Masimov (2):
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
media: streamzap: fix race between device disconnection and urb callback
Naman Jain (1):
x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
Namjae Jeon (6):
ksmbd: fix multichannel connection failure
ksmbd: fix r_count dec/increment mismatch
cifs: fix incorrect validation for num_aces field of smb_acl
ksmbd: add bounds check for durable handle context
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
Navon John Lukose (1):
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Nikita Shubin (1):
ntb: intel: Fix using link status DB's
Nikita Zhandarovich (1):
mfd: sm501: Switch to BIT() to mitigate integer overflows
Niklas Neronin (1):
usb: xhci: correct debug message page size calculation
Nishanth Aravamudan (1):
PCI: Avoid reset when disabled via sysfs
Norbert Szetei (2):
ksmbd: add bounds check for create lease context
ksmbd: validate zero num_subauth before sub_auth is accessed
Oleg Nesterov (1):
exec: fix the racy usage of fs_struct->in_exec
Oliver Hartkopp (1):
can: statistics: use atomic access in hot path
Pablo Neira Ayuso (1):
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Palmer Dabbelt (1):
RISC-V: errata: Use medany for relocatable builds
Patrisious Haddad (1):
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Paul Menzel (1):
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Peng Fan (2):
remoteproc: core: Clear table_sz when rproc_shutdown
dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
Peter Geis (1):
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Peter Zijlstra (2):
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
perf/core: Fix perf_pmu_register() vs. perf_init_event()
Peter Zijlstra (Intel) (1):
perf/x86/intel: Apply static call for drain_pebs
Prathamesh Shete (1):
pinctrl: tegra: Set SFIO mode to Mux Register
Qasim Ijaz (2):
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
jfs: fix slab-out-of-bounds read in ea_get()
Qiuxu Zhuo (4):
EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald Rapids
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
Rafael J. Wysocki (2):
PM: sleep: Adjust check before setting power.must_resume
PM: sleep: Fix handling devices with direct_complete set on errors
Ran Xiaokai (1):
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Remi Pommarel (1):
leds: Fix LED_OFF brightness race
Richard Fitzgerald (1):
firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
Roger Quadros (1):
memory: omap-gpmc: drop no compatible check
Roman Gushchin (1):
RDMA/core: Don't expose hw_counters outside of init net namespace
Roman Smirnov (1):
jfs: add index corruption check to DT_GETPAGE()
Sagi Grimberg (1):
nvme-tcp: fix possible UAF in nvme_tcp_poll
Saket Kumar Bhaskar (1):
selftests/bpf: Select NUMA_NO_NODE to create map
Sebastian Andrzej Siewior (1):
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Shrikanth Hegde (1):
sched/deadline: Use online cpus for validating runtime
Simon Tatham (2):
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
Sourabh Jain (1):
kexec: initialize ELF lowest address to ULONG_MAX
Srinivas Pandruvada (1):
platform/x86: ISST: Correct command storage data length
Srinivasan Shanmugam (1):
drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables'
Stanislav Spassov (1):
x86/fpu: Fix guest FPU state buffer allocation size
Stanley Chu (1):
i3c: master: svc: Fix missing the IBI rules
Stefan Binding (2):
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
Stefano Garzarella (1):
vsock: avoid timeout during connect() if the socket is closing
Steven Rostedt (2):
tracing: Switch trace_events_hist.c code over to use guard()
tracing: Do not use PERF enums when perf is not defined
Steven Rostedt (Google) (1):
tracing: Allow creating instances with specified system events
Takashi Iwai (2):
ALSA: hda/realtek: Always honor no_shutup_pins
ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA
Tanya Agarwal (1):
lib: 842: Improve error handling in sw842_compress()
Tao Chen (1):
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Tasos Sahanidis (1):
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Tengda Wu (2):
tracing: Correct the refcount if the hist/hist_debug file fails to open
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Thadeu Lima de Souza Cascardo (1):
drm/amd/display: avoid NPD when ASIC does not support DMUB
Theodore Ts'o (1):
ext4: don't over-report free space or inodes in statvfs
Thippeswamy Havalige (1):
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Thomas Richter (1):
perf bench: Fix perf bench syscall loop count
Tianyu Lan (1):
x86/hyperv: Fix check of return value from snp_set_vmsa()
Tim Schumacher (1):
selinux: Chain up tool resolving errors in install_policy.sh
Tobias Waldekranz (1):
net: mvpp2: Prevent parser TCAM memory corruption
Tomi Valkeinen (1):
drm: xlnx: zynqmp: Fix max dma segment size
Trond Myklebust (2):
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
NFS: Shut down the nfs_client only after all the superblocks
Ulf Hansson (1):
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
Uwe Kleine-König (2):
iio: adc: ad4130: Fix comparison of channel setups
iio: adc: ad7124: Fix comparison of channel configs
Vasiliy Kovalev (1):
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Viktor Malik (1):
selftests/bpf: Fix string read in strncmp benchmark
Vitaliy Shevtsov (2):
ASoC: cs35l41: check the return value from spi_setup()
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Vitaly Lifshits (1):
e1000e: change k1 configuration on MTP and later platforms
Vladimir Lypak (1):
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Vladis Dronov (1):
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
Waiman Long (1):
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Wang Zhaolong (1):
smb: client: Fix netns refcount imbalance causing leaks and use-after-free
Wayne Lin (1):
drm/dp_mst: Fix drm RAD print
Wenkai Lin (3):
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for sec spec check
crypto: hisilicon/sec2 - fix for aead auth key length
Wentao Guan (1):
HID: i2c-hid: improve i2c_hid_get_report error message
Will McVicker (1):
clk: samsung: Fix UBSAN panic in samsung_clk_init()
Yajun Deng (1):
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Yeoreum Yun (1):
perf/core: Fix child_total_time_enabled accounting bug at task exit
Ying Lu (1):
usbnet:fix NPE during rx_complete
Yuanfang Zhang (1):
coresight-etm4x: add isb() before reading the TRCSTATR
Yuezhang Mo (1):
exfat: fix the infinite loop in exfat_find_last_cluster()
Yuli Wang (1):
LoongArch: Rework the arch_kgdb_breakpoint() implementation
Zijun Hu (1):
of: property: Increase NR_FWNODE_REFERENCE_ARGS
zuoqian (1):
cpufreq: scpi: compare kHz instead of Hz
谢致邦 (XIE Zhibang) (2):
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
5 months, 2 weeks
- 1
- 1
Linux 6.1.134
by Greg Kroah-Hartman
I'm announcing the release of the 6.1.134 kernel.
All users of the 6.1 kernel series must upgrade.
The updated 6.1.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
arch/arm64/kernel/compat_alignment.c | 2
arch/loongarch/Kconfig | 4
arch/loongarch/include/asm/cache.h | 2
arch/loongarch/net/bpf_jit.c | 7
arch/loongarch/net/bpf_jit.h | 5
arch/powerpc/configs/mpc885_ads_defconfig | 2
arch/powerpc/platforms/cell/spufs/gang.c | 1
arch/powerpc/platforms/cell/spufs/inode.c | 63 ++-
arch/powerpc/platforms/cell/spufs/spufs.h | 2
arch/riscv/include/asm/ftrace.h | 4
arch/um/include/shared/os.h | 1
arch/um/kernel/Makefile | 2
arch/um/kernel/maccess.c | 19
arch/um/os-Linux/process.c | 51 --
arch/x86/Kconfig | 2
arch/x86/entry/calling.h | 2
arch/x86/events/intel/core.c | 43 +-
arch/x86/events/intel/ds.c | 13
arch/x86/events/perf_event.h | 3
arch/x86/include/asm/tlbflush.h | 2
arch/x86/kernel/cpu/sgx/driver.c | 10
arch/x86/kernel/dumpstack.c | 5
arch/x86/kernel/fpu/core.c | 6
arch/x86/kernel/process.c | 7
arch/x86/kernel/tsc.c | 4
arch/x86/mm/mem_encrypt_identity.c | 4
arch/x86/mm/pat/cpa-test.c | 2
drivers/acpi/nfit/core.c | 2
drivers/acpi/processor_idle.c | 4
drivers/acpi/resource.c | 7
drivers/base/power/main.c | 21 -
drivers/base/power/runtime.c | 2
drivers/clk/meson/g12a.c | 38 +
drivers/clk/meson/gxbb.c | 14
drivers/clk/qcom/gcc-msm8953.c | 2
drivers/clk/qcom/mmcc-sdm660.c | 2
drivers/clk/rockchip/clk-rk3328.c | 2
drivers/clk/samsung/clk.c | 2
drivers/cpufreq/cpufreq_governor.c | 45 +-
drivers/cpufreq/scpi-cpufreq.c | 5
drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 -
drivers/crypto/nx/nx-common-pseries.c | 37 -
drivers/edac/ie31200_edac.c | 19
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11
drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5
drivers/gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 4
drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12
drivers/gpu/drm/bridge/ite-it6505.c | 7
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2
drivers/gpu/drm/display/drm_dp_mst_topology.c | 8
drivers/gpu/drm/mediatek/mtk_dsi.c | 6
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +
drivers/gpu/drm/msm/dsi/dsi_manager.c | 32 +
drivers/gpu/drm/vkms/vkms_drv.c | 15
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2
drivers/hid/Makefile | 1
drivers/hid/i2c-hid/i2c-hid-core.c | 2
drivers/hwmon/nct6775-core.c | 4
drivers/hwtracing/coresight/coresight-catu.c | 2
drivers/hwtracing/coresight/coresight-core.c | 20
drivers/hwtracing/coresight/coresight-etm4x-core.c | 48 ++
drivers/i3c/master/svc-i3c-master.c | 2
drivers/iio/accel/mma8452.c | 10
drivers/iio/accel/msa311.c | 26 -
drivers/iio/adc/ad7124.c | 35 +
drivers/infiniband/core/device.c | 9
drivers/infiniband/core/mad.c | 38 -
drivers/infiniband/core/sysfs.c | 1
drivers/infiniband/hw/erdma/erdma_cm.c | 1
drivers/infiniband/hw/mlx5/cq.c | 2
drivers/infiniband/hw/mlx5/odp.c | 10
drivers/media/dvb-frontends/dib8000.c | 5
drivers/media/platform/allegro-dvt/allegro-core.c | 1
drivers/media/platform/verisilicon/hantro_g2_hevc_dec.c | 1
drivers/media/rc/streamzap.c | 2
drivers/memory/omap-gpmc.c | 20
drivers/mfd/sm501.c | 6
drivers/mmc/host/sdhci-omap.c | 4
drivers/mmc/host/sdhci-pxav3.c | 1
drivers/net/arcnet/com20020-pci.c | 17
drivers/net/dsa/mv88e6xxx/chip.c | 11
drivers/net/dsa/mv88e6xxx/phy.c | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++----
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2
drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 8
drivers/net/usb/rndis_host.c | 16
drivers/net/usb/usbnet.c | 6
drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 20
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++--
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 8
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2
drivers/ntb/test/ntb_perf.c | 4
drivers/nvme/host/pci.c | 21 -
drivers/nvme/host/tcp.c | 5
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3
drivers/pci/controller/cadence/pcie-cadence.h | 2
drivers/pci/controller/pcie-brcmstb.c | 9
drivers/pci/controller/pcie-xilinx-cpm.c | 10
drivers/pci/hotplug/pciehp_hpc.c | 4
drivers/pci/pci.c | 4
drivers/pci/pcie/aspm.c | 17
drivers/pci/pcie/portdrv_core.c | 8
drivers/pci/probe.c | 5
drivers/pci/setup-bus.c | 3
drivers/pinctrl/renesas/pinctrl-rza2.c | 2
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2
drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2
drivers/pinctrl/tegra/pinctrl-tegra.c | 3
drivers/platform/x86/intel/hid.c | 7
drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2
drivers/power/supply/max77693_charger.c | 2
drivers/remoteproc/qcom_q6v5_mss.c | 21 -
drivers/remoteproc/qcom_q6v5_pas.c | 10
drivers/remoteproc/remoteproc_core.c | 1
drivers/soundwire/slave.c | 1
drivers/staging/rtl8723bs/Kconfig | 1
drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3
drivers/tty/serial/fsl_lpuart.c | 25 +
drivers/usb/host/xhci-mem.c | 6
drivers/video/console/Kconfig | 2
drivers/video/fbdev/au1100fb.c | 4
drivers/video/fbdev/sm501fb.c | 7
fs/affs/file.c | 9
fs/btrfs/extent-tree.c | 5
fs/exfat/fatent.c | 2
fs/ext4/dir.c | 3
fs/ext4/super.c | 27 -
fs/fuse/dax.c | 1
fs/fuse/dir.c | 2
fs/fuse/file.c | 4
fs/isofs/dir.c | 3
fs/jfs/jfs_dtree.c | 3
fs/jfs/xattr.c | 15
fs/nfs/delegation.c | 33 -
fs/nfsd/nfs4state.c | 31 +
fs/ntfs3/index.c | 4
fs/ocfs2/alloc.c | 8
fs/proc/base.c | 2
fs/smb/server/auth.c | 6
fs/smb/server/mgmt/user_session.c | 33 +
fs/smb/server/mgmt/user_session.h | 2
fs/smb/server/oplock.c | 8
fs/smb/server/smb2pdu.c | 19
fs/smb/server/smbacl.c | 5
include/drm/display/drm_dp_mst_helper.h | 7
include/linux/context_tracking_irq.h | 8
include/linux/coresight.h | 4
include/linux/fwnode.h | 2
include/linux/interrupt.h | 8
include/linux/pm_runtime.h | 2
include/linux/rcupdate.h | 2
include/linux/sched/smt.h | 2
include/rdma/ib_verbs.h | 1
io_uring/filetable.c | 2
kernel/events/ring_buffer.c | 2
kernel/kexec_elf.c | 2
kernel/locking/semaphore.c | 13
kernel/sched/deadline.c | 2
kernel/trace/bpf_trace.c | 2
kernel/trace/ring_buffer.c | 4
kernel/trace/trace_events_synth.c | 36 +
kernel/trace/trace_functions_graph.c | 1
kernel/trace/trace_irqsoff.c | 2
kernel/trace/trace_osnoise.c | 1
kernel/trace/trace_sched_wakeup.c | 2
kernel/watch_queue.c | 9
lib/842/842_compress.c | 2
lib/overflow_kunit.c | 3
mm/memory.c | 2
net/can/af_can.c | 12
net/can/af_can.h | 12
net/can/proc.c | 46 +-
net/core/rtnetlink.c | 3
net/ipv4/ip_tunnel_core.c | 4
net/ipv4/udp.c | 16
net/ipv6/addrconf.c | 37 +
net/ipv6/calipso.c | 21 -
net/ipv6/route.c | 42 +-
net/netfilter/nft_set_hash.c | 3
net/netfilter/nft_tunnel.c | 6
net/openvswitch/actions.c | 6
net/sched/act_tunnel_key.c | 2
net/sched/cls_flower.c | 2
net/sched/sch_skbprio.c | 3
net/vmw_vsock/af_vsock.c | 6
scripts/selinux/install_policy.sh | 15
security/smack/smack.h | 6
security/smack/smack_lsm.c | 10
sound/pci/hda/patch_realtek.c | 32 +
sound/soc/codecs/cs35l41-spi.c | 4
sound/soc/fsl/imx-card.c | 4
sound/soc/ti/j721e-evm.c | 2
tools/lib/bpf/linker.c | 2
tools/perf/tests/shell/coresight/asm_pure_loop/asm_pure_loop.S | 2
tools/perf/util/evlist.c | 13
tools/perf/util/python.c | 17
tools/perf/util/units.c | 2
tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 5
tools/testing/selftests/bpf/progs/strncmp_bench.c | 5
205 files changed, 1394 insertions(+), 771 deletions(-)
Acs, Jakub (1):
ext4: fix OOB read when checking dotdot dir
Al Viro (3):
spufs: fix a leak on spufs_new_file() failure
spufs: fix gang directory lifetimes
spufs: fix a leak in spufs_create_context()
Alex Deucher (1):
drm/amdgpu/gfx11: fix num_mec
Alistair Popple (1):
fuse: fix dax truncate/punch_hole fault path
Andrii Nakryiko (1):
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
AngeloGioacchino Del Regno (2):
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
Angelos Oikonomopoulos (1):
arm64: Don't call NULL in do_compat_alignment_fixup()
Anshuman Khandual (1):
arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
Antheas Kapenekakis (1):
ALSA: hda/realtek: Fix Asus Z13 2025 audio
Arnaldo Carvalho de Melo (5):
perf units: Fix insufficient array space
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
Arnd Bergmann (2):
x86/platform: Only allow CONFIG_EISA for 32-bit
mdacon: rework dependency list
Artur Weber (1):
power: supply: max77693: Fix wrong conversion of charge input threshold value
Barnabás Czémán (1):
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Bart Van Assche (1):
fs/procfs: fix the comment above proc_pid_wchan()
Benjamin Berg (2):
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
um: remove copy_from_kernel_nofault_allowed
Benjamin Gaignard (1):
media: verisilicon: HEVC: Initialize start_bit field
Chao Gao (1):
x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
Cheng Xu (1):
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
Chenyuan Yang (1):
thermal: int340x: Add NULL check for adev
Chiara Meiohas (1):
RDMA/mlx5: Fix calculation of total invalidated pages
Chuck Lever (1):
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Cong Wang (1):
net_sched: skbprio: Remove overly strict queue assertions
Dan Carpenter (3):
PCI: Remove stray put_device() in pci_register_host_bridge()
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
fs/ntfs3: Fix a couple integer overflows on 32bit systems
Daniel Bárta (1):
ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
Daniel Stodden (1):
PCI/ASPM: Fix link state exit during switch upstream function removal
Danila Chernetsov (1):
fbdev: sm501fb: Add some geometry checks.
David Oberhollenzer (1):
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
Debin Zhu (1):
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Dmitry Panchenko (1):
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
Douglas Raillard (2):
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
Emmanuel Grumbach (1):
wifi: iwlwifi: mvm: use the right version of the rate API
Eric Sandeen (1):
watch_queue: fix pipe accounting mismatch
Fabrizio Castro (3):
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
pinctrl: renesas: rzv2m: Fix missing of_node_put() call
Feng Tang (1):
PCI/portdrv: Only disable pciehp interrupts early when needed
Feng Yang (1):
ring-buffer: Fix bytes_dropped calculation issue
Fernando Fernandez Mancera (1):
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Geert Uytterhoeven (1):
drm/bridge: ti-sn65dsi86: Fix multiple instances
Geetha sowjanya (2):
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Giovanni Gherdovich (1):
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Greg Kroah-Hartman (1):
Linux 6.1.134
Guilherme G. Piccoli (1):
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Guillaume Nault (1):
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Hans Zhang (1):
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Hengqi Chen (2):
LoongArch: BPF: Fix off-by-one error in build_prologue()
LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
Henry Martin (2):
ASoC: imx-card: Add NULL check in imx_card_probe()
arcnet: Add NULL check in com20020pci_probe()
Herbert Xu (1):
crypto: nx - Fix uninitialised hv_nxc on error
Hermes Wu (1):
drm/bridge: it6505: fix HDCP V match check is not performed correctly
Hou Tao (1):
bpf: Use preempt_count() directly in bpf_send_signal_common()
Huacai Chen (1):
LoongArch: Increase ARCH_DMA_MINALIGN up to 16
Ian Rogers (1):
perf evlist: Add success path to evlist__create_syswide_maps
Icenowy Zheng (2):
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Ido Schimmel (2):
ipv6: Start path selection from the first nexthop
ipv6: Do not consider link down nexthops in path selection
Ilkka Koskinen (1):
coresight: catu: Fix number of pages while using 64k pages
Ilpo Järvinen (1):
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Ivan Orlov (1):
kunit/overflow: Fix UB in overflow_allocation_test
Jann Horn (3):
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Jayesh Choudhary (1):
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Jens Axboe (1):
io_uring/filetable: ensure node switch is always done, if needed
Jerome Brunet (4):
clk: amlogic: gxbb: drop incorrect flag on 32k clock
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
clk: amlogic: g12a: fix mmc A peripheral clock
Jie Zhan (1):
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Jim Quinlan (3):
PCI: brcmstb: Use internal register to change link capability
PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
PCI: brcmstb: Fix potential premature regulator disabling
Jiri Kosina (1):
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Joe Hattori (2):
media: platform: allgro-dvt: unregister v4l2_device on the error path
soundwire: slave: fix an OF node reference leak in soundwire slave device
Johannes Berg (1):
wifi: iwlwifi: fw: allocate chained SG tables for dump
Jonathan Cameron (2):
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails.
Josef Bacik (1):
btrfs: handle errors from btrfs_dec_ref() properly
Josh Poimboeuf (4):
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
sched/smt: Always inline sched_smt_active()
context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
rcu-tasks: Always inline rcu_irq_work_resched()
José Expósito (1):
drm/vkms: Fix use after free and double free on init error
Juhan Jin (1):
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Kai-Heng Feng (1):
PCI: Use downstream bridges for distributing resources
Kan Liang (1):
perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
Karel Balej (1):
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Kevin Loughlin (1):
x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
Konstantin Andreev (1):
smack: dont compile ipv6 code unless ipv6 is configured
Kuniyuki Iwashima (1):
udp: Fix memory accounting leak.
Lama Kayal (1):
net/mlx5e: SHAMPO, Make reserved size independent of page size
Li Lingfeng (1):
nfsd: put dl_stid if fail to queue dl_recall
Lin Ma (2):
netfilter: nft_tunnel: fix geneve_opt type confusion addition
net: fix geneve_opt length integer overflow
Lubomir Rintel (1):
rndis_host: Flag RNDIS modems as WWAN devices
Luca Weiss (2):
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Maher Sanalla (1):
IB/mad: Check available slots before posting receive WRs
Marcus Meissner (1):
perf tools: annotate asm_pure_loop.S
Marijn Suijten (1):
drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
Mario Limonciello (1):
drm/amd: Keep display off while going into S4
Mark Zhang (1):
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Markus Elfring (2):
fbdev: au1100fb: Move a variable assignment behind a null pointer check
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Matthias Proske (1):
wifi: brcmfmac: keep power during suspend if board requires it
Miaoqian Lin (1):
ksmbd: use aead_request_free to match aead_request_alloc
Mike Rapoport (Microsoft) (1):
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Murad Masimov (2):
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
media: streamzap: fix race between device disconnection and urb callback
Namjae Jeon (3):
ksmbd: fix multichannel connection failure
ksmbd: fix use-after-free in ksmbd_sessions_deregister()
ksmbd: fix session use-after-free in multichannel connection
Navon John Lukose (1):
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Nikita Shubin (1):
ntb: intel: Fix using link status DB's
Nikita Zhandarovich (1):
mfd: sm501: Switch to BIT() to mitigate integer overflows
Niklas Neronin (1):
usb: xhci: correct debug message page size calculation
Nishanth Aravamudan (1):
PCI: Avoid reset when disabled via sysfs
Norbert Szetei (2):
ksmbd: add bounds check for create lease context
ksmbd: validate zero num_subauth before sub_auth is accessed
Oliver Hartkopp (1):
can: statistics: use atomic access in hot path
Pablo Neira Ayuso (1):
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Patrisious Haddad (1):
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Paul Menzel (1):
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Peng Fan (1):
remoteproc: core: Clear table_sz when rproc_shutdown
Peter Geis (1):
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Peter Zijlstra (1):
lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
Peter Zijlstra (Intel) (1):
perf/x86/intel: Apply static call for drain_pebs
Prathamesh Shete (1):
pinctrl: tegra: Set SFIO mode to Mux Register
Qasim Ijaz (2):
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
jfs: fix slab-out-of-bounds read in ea_get()
Qiuxu Zhuo (3):
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
Rafael J. Wysocki (2):
PM: sleep: Adjust check before setting power.must_resume
PM: sleep: Fix handling devices with direct_complete set on errors
Ran Xiaokai (1):
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Roger Quadros (1):
memory: omap-gpmc: drop no compatible check
Roman Gushchin (1):
RDMA/core: Don't expose hw_counters outside of init net namespace
Roman Smirnov (1):
jfs: add index corruption check to DT_GETPAGE()
Sagi Grimberg (1):
nvme-tcp: fix possible UAF in nvme_tcp_poll
Saket Kumar Bhaskar (1):
selftests/bpf: Select NUMA_NO_NODE to create map
Sebastian Andrzej Siewior (1):
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Sherry Sun (2):
tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers
Shrikanth Hegde (1):
sched/deadline: Use online cpus for validating runtime
Simon Tatham (2):
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
Sourabh Jain (1):
kexec: initialize ELF lowest address to ULONG_MAX
Srinivas Pandruvada (1):
platform/x86: ISST: Correct command storage data length
Stanislav Spassov (1):
x86/fpu: Fix guest FPU state buffer allocation size
Stanley Chu (1):
i3c: master: svc: Fix missing the IBI rules
Stefan Binding (2):
ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA
ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA
Stefano Garzarella (1):
vsock: avoid timeout during connect() if the socket is closing
Steven Rostedt (1):
tracing: Do not use PERF enums when perf is not defined
Takashi Iwai (1):
ALSA: hda/realtek: Always honor no_shutup_pins
Tanya Agarwal (1):
lib: 842: Improve error handling in sw842_compress()
Tao Chen (1):
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Tasos Sahanidis (1):
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Tengda Wu (1):
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Thadeu Lima de Souza Cascardo (1):
drm/amd/display: avoid NPD when ASIC does not support DMUB
Theodore Ts'o (1):
ext4: don't over-report free space or inodes in statvfs
Thippeswamy Havalige (1):
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Tim Schumacher (1):
selinux: Chain up tool resolving errors in install_policy.sh
Tobias Waldekranz (1):
net: mvpp2: Prevent parser TCAM memory corruption
Tomi Valkeinen (1):
drm: xlnx: zynqmp: Fix max dma segment size
Trond Myklebust (1):
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
Ulf Hansson (1):
mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
Uwe Kleine-König (1):
iio: adc: ad7124: Fix comparison of channel configs
Vasiliy Kovalev (1):
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Viktor Malik (1):
selftests/bpf: Fix string read in strncmp benchmark
Vitaliy Shevtsov (2):
ASoC: cs35l41: check the return value from spi_setup()
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Vladimir Lypak (1):
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Vladis Dronov (1):
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
Waiman Long (1):
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Wayne Lin (1):
drm/dp_mst: Fix drm RAD print
Wenkai Lin (2):
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for aead auth key length
Wentao Guan (1):
HID: i2c-hid: improve i2c_hid_get_report error message
Will McVicker (1):
clk: samsung: Fix UBSAN panic in samsung_clk_init()
Yajun Deng (1):
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Ying Lu (1):
usbnet:fix NPE during rx_complete
Yuanfang Zhang (1):
coresight-etm4x: add isb() before reading the TRCSTATR
Yuezhang Mo (1):
exfat: fix the infinite loop in exfat_find_last_cluster()
Zijun Hu (1):
of: property: Increase NR_FWNODE_REFERENCE_ARGS
zuoqian (1):
cpufreq: scpi: compare kHz instead of Hz
谢致邦 (XIE Zhibang) (2):
staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
5 months, 2 weeks
- 1
- 1
Linux 5.15.180
by Greg Kroah-Hartman
I'm announcing the release of the 5.15.180 kernel.
All users of the 5.15 kernel series must upgrade.
The updated 5.15.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/timers/no_hz.rst | 7
Makefile | 2
arch/alpha/include/asm/elf.h | 6
arch/alpha/include/asm/pgtable.h | 2
arch/alpha/include/asm/processor.h | 8
arch/alpha/kernel/osf_sys.c | 11
arch/arm/boot/dts/bcm2711.dtsi | 11
arch/arm/mach-shmobile/headsmp.S | 1
arch/arm/mm/fault.c | 8
arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dts | 2
arch/powerpc/platforms/cell/spufs/inode.c | 9
arch/riscv/include/asm/ftrace.h | 4
arch/x86/Kconfig | 2
arch/x86/entry/calling.h | 2
arch/x86/include/asm/tlbflush.h | 2
arch/x86/kernel/cpu/microcode/amd.c | 2
arch/x86/kernel/cpu/mshyperv.c | 11
arch/x86/kernel/cpu/sgx/driver.c | 10
arch/x86/kernel/dumpstack.c | 5
arch/x86/kernel/irq.c | 2
arch/x86/kernel/process.c | 7
arch/x86/kernel/tsc.c | 4
arch/x86/mm/pat/cpa-test.c | 2
block/bio.c | 2
drivers/acpi/nfit/core.c | 2
drivers/acpi/processor_idle.c | 4
drivers/acpi/resource.c | 13
drivers/base/power/main.c | 21 -
drivers/base/power/runtime.c | 2
drivers/clk/meson/g12a.c | 38 +
drivers/clk/meson/gxbb.c | 14
drivers/clk/qcom/gcc-msm8953.c | 2
drivers/clk/qcom/mmcc-sdm660.c | 2
drivers/clk/rockchip/clk-rk3328.c | 2
drivers/clk/samsung/clk.c | 2
drivers/clocksource/i8253.c | 36 +
drivers/counter/microchip-tcb-capture.c | 19
drivers/counter/stm32-lptimer-cnt.c | 24 -
drivers/cpufreq/cpufreq_governor.c | 45 +-
drivers/cpufreq/scpi-cpufreq.c | 5
drivers/crypto/hisilicon/sec2/sec_crypto.c | 30 -
drivers/crypto/nx/nx-common-pseries.c | 37 -
drivers/edac/ie31200_edac.c | 19
drivers/firmware/imx/imx-scu.c | 1
drivers/firmware/iscsi_ibft.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11
drivers/gpu/drm/amd/amdgpu/nv.c | 2
drivers/gpu/drm/amd/amdgpu/soc15.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 17
drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12
drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c | 24 +
drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21 -
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 2
drivers/gpu/drm/drm_atomic_uapi.c | 4
drivers/gpu/drm/drm_connector.c | 4
drivers/gpu/drm/drm_dp_mst_topology.c | 8
drivers/gpu/drm/gma500/mid_bios.c | 5
drivers/gpu/drm/mediatek/mtk_dsi.c | 6
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33 +
drivers/gpu/drm/nouveau/nouveau_connector.c | 1
drivers/gpu/drm/radeon/radeon_vce.c | 2
drivers/gpu/drm/v3d/v3d_sched.c | 9
drivers/gpu/drm/vkms/vkms_drv.c | 15
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2
drivers/hid/Makefile | 1
drivers/hid/hid-ids.h | 1
drivers/hid/hid-plantronics.c | 144 +++----
drivers/hid/hid-quirks.c | 1
drivers/hid/intel-ish-hid/ipc/ipc.c | 6
drivers/hv/vmbus_drv.c | 13
drivers/hwmon/nct6775.c | 4
drivers/hwtracing/coresight/coresight-catu.c | 2
drivers/i2c/busses/i2c-ali1535.c | 12
drivers/i2c/busses/i2c-ali15x3.c | 12
drivers/i2c/busses/i2c-omap.c | 26 -
drivers/i2c/busses/i2c-sis630.c | 12
drivers/i3c/master/svc-i3c-master.c | 2
drivers/iio/accel/mma8452.c | 10
drivers/iio/adc/ad7124.c | 35 +
drivers/infiniband/core/device.c | 9
drivers/infiniband/core/mad.c | 38 -
drivers/infiniband/core/sysfs.c | 1
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2
drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3
drivers/infiniband/hw/hns/hns_roce_hem.c | 23 -
drivers/infiniband/hw/hns/hns_roce_hem.h | 2
drivers/infiniband/hw/hns/hns_roce_main.c | 2
drivers/infiniband/hw/hns/hns_roce_mr.c | 4
drivers/infiniband/hw/hns/hns_roce_qp.c | 10
drivers/infiniband/hw/mlx5/cq.c | 2
drivers/media/dvb-frontends/dib8000.c | 5
drivers/media/i2c/et8ek8/et8ek8_driver.c | 4
drivers/media/platform/allegro-dvt/allegro-core.c | 1
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/mfd/sm501.c | 6
drivers/mmc/host/atmel-mci.c | 4
drivers/mmc/host/sdhci-brcmstb.c | 86 ++++
drivers/mmc/host/sdhci-pxav3.c | 1
drivers/net/arcnet/com20020-pci.c | 17
drivers/net/can/flexcan.c | 18
drivers/net/dsa/mv88e6xxx/chip.c | 59 ++
drivers/net/ethernet/intel/ice/ice_arfs.c | 2
drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 3
drivers/net/ethernet/marvell/mvpp2/mvpp2_prs.c | 201 ++++++----
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2
drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/rep/bridge.c | 12
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6
drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5
drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8
drivers/net/usb/qmi_wwan.c | 2
drivers/net/usb/usbnet.c | 27 -
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++--
drivers/net/wwan/mhi_wwan_mbim.c | 2
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2
drivers/ntb/test/ntb_perf.c | 4
drivers/nvme/host/core.c | 2
drivers/nvme/host/fc.c | 3
drivers/nvme/host/pci.c | 21 -
drivers/nvme/host/tcp.c | 5
drivers/nvme/target/rdma.c | 33 +
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3
drivers/pci/controller/cadence/pcie-cadence.h | 2
drivers/pci/controller/pcie-brcmstb.c | 4
drivers/pci/controller/pcie-xilinx-cpm.c | 10
drivers/pci/hotplug/pciehp_hpc.c | 4
drivers/pci/pci.c | 4
drivers/pci/pcie/aspm.c | 17
drivers/pci/pcie/portdrv_core.c | 8
drivers/pci/probe.c | 5
drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2
drivers/pinctrl/renesas/pinctrl-rza2.c | 2
drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2
drivers/pinctrl/tegra/pinctrl-tegra.c | 3
drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 2
drivers/power/supply/max77693_charger.c | 2
drivers/powercap/powercap_sys.c | 3
drivers/regulator/core.c | 12
drivers/remoteproc/qcom_q6v5_mss.c | 21 -
drivers/remoteproc/qcom_q6v5_pas.c | 10
drivers/remoteproc/remoteproc_core.c | 1
drivers/s390/cio/chp.c | 3
drivers/scsi/qla1280.c | 2
drivers/scsi/scsi_scan.c | 2
drivers/soc/qcom/pdr_interface.c | 8
drivers/soundwire/slave.c | 1
drivers/thermal/cpufreq_cooling.c | 2
drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3
drivers/tty/serial/8250/8250_dma.c | 2
drivers/tty/serial/8250/8250_pci.c | 46 ++
drivers/tty/serial/fsl_lpuart.c | 25 +
drivers/usb/serial/ftdi_sio.c | 14
drivers/usb/serial/ftdi_sio_ids.h | 13
drivers/usb/serial/option.c | 48 +-
drivers/video/console/Kconfig | 2
drivers/video/fbdev/au1100fb.c | 4
drivers/video/fbdev/hyperv_fb.c | 2
drivers/video/fbdev/sm501fb.c | 7
fs/affs/file.c | 9
fs/btrfs/extent-tree.c | 5
fs/cifs/cifs_debug.c | 2
fs/cifs/cifsglob.h | 8
fs/cifs/connect.c | 15
fs/cifs/fs_context.c | 14
fs/exfat/fatent.c | 2
fs/ext4/dir.c | 3
fs/ext4/super.c | 27 -
fs/fuse/dax.c | 1
fs/fuse/dir.c | 4
fs/fuse/file.c | 4
fs/isofs/dir.c | 3
fs/jfs/jfs_dtree.c | 3
fs/jfs/xattr.c | 15
fs/ksmbd/auth.c | 2
fs/ksmbd/mgmt/user_session.c | 16
fs/ksmbd/mgmt/user_session.h | 2
fs/ksmbd/smb2pdu.c | 12
fs/ksmbd/smbacl.c | 5
fs/namei.c | 24 -
fs/nfs/delegation.c | 33 -
fs/nfsd/nfs4state.c | 31 +
fs/ntfs3/index.c | 4
fs/ocfs2/alloc.c | 8
fs/proc/base.c | 2
fs/proc/generic.c | 10
fs/proc/inode.c | 6
fs/proc/internal.h | 14
fs/vboxsf/super.c | 3
include/drm/drm_dp_mst_helper.h | 7
include/linux/fs.h | 2
include/linux/fwnode.h | 2
include/linux/i8253.h | 1
include/linux/interrupt.h | 8
include/linux/pm_runtime.h | 2
include/linux/proc_fs.h | 7
include/linux/sched/smt.h | 2
include/linux/slab.h | 99 +++-
include/net/ipv6.h | 4
include/rdma/ib_verbs.h | 1
include/sound/soc.h | 5
kernel/events/ring_buffer.c | 2
kernel/kexec_elf.c | 2
kernel/locking/semaphore.c | 13
kernel/sched/core.c | 5
kernel/sched/deadline.c | 2
kernel/time/hrtimer.c | 22 -
kernel/trace/bpf_trace.c | 2
kernel/trace/ring_buffer.c | 4
kernel/trace/trace_events_synth.c | 37 +
kernel/trace/trace_functions_graph.c | 1
kernel/trace/trace_irqsoff.c | 2
kernel/trace/trace_osnoise.c | 1
kernel/trace/trace_sched_wakeup.c | 2
kernel/watch_queue.c | 9
lib/842/842_compress.c | 2
lib/buildid.c | 5
mm/slab.c | 9
mm/slab_common.c | 34 -
mm/slob.c | 14
net/8021q/vlan_netlink.c | 10
net/atm/lec.c | 3
net/atm/mpc.c | 2
net/batman-adv/bat_iv_ogm.c | 3
net/batman-adv/bat_v_ogm.c | 3
net/bluetooth/6lowpan.c | 7
net/bluetooth/hci_event.c | 13
net/can/af_can.c | 12
net/can/af_can.h | 12
net/can/proc.c | 46 +-
net/core/neighbour.c | 1
net/core/netpoll.c | 9
net/core/rtnetlink.c | 3
net/core/sock_map.c | 5
net/ipv4/ip_tunnel_core.c | 4
net/ipv4/tcp.c | 6
net/ipv6/addrconf.c | 37 +
net/ipv6/calipso.c | 21 -
net/ipv6/ip6_output.c | 6
net/ipv6/netfilter/nf_socket_ipv6.c | 23 +
net/ipv6/route.c | 5
net/mptcp/options.c | 6
net/mptcp/protocol.h | 2
net/netfilter/ipvs/ip_vs_ctl.c | 8
net/netfilter/nf_conncount.c | 2
net/netfilter/nft_ct.c | 6
net/netfilter/nft_exthdr.c | 10
net/netfilter/nft_set_hash.c | 3
net/netfilter/nft_tunnel.c | 6
net/openvswitch/actions.c | 6
net/openvswitch/flow_netlink.c | 17
net/sched/act_tunnel_key.c | 2
net/sched/cls_flower.c | 2
net/sched/sch_api.c | 6
net/sched/sch_skbprio.c | 3
net/sctp/stream.c | 2
net/vmw_vsock/af_vsock.c | 6
net/xfrm/xfrm_output.c | 2
scripts/selinux/install_policy.sh | 15
sound/pci/hda/patch_realtek.c | 28 +
sound/soc/codecs/arizona.c | 14
sound/soc/codecs/madera.c | 10
sound/soc/codecs/tas2764.c | 10
sound/soc/codecs/tas2764.h | 8
sound/soc/codecs/tas2770.c | 2
sound/soc/codecs/wm0010.c | 13
sound/soc/codecs/wm5110.c | 8
sound/soc/fsl/imx-card.c | 4
sound/soc/sh/rcar/core.c | 14
sound/soc/sh/rcar/rsnd.h | 1
sound/soc/sh/rcar/src.c | 18
sound/soc/soc-ops.c | 15
sound/soc/sof/intel/hda-codec.c | 1
sound/soc/ti/j721e-evm.c | 2
sound/usb/mixer_quirks.c | 51 ++
tools/lib/bpf/linker.c | 2
tools/perf/util/python.c | 17
tools/perf/util/units.c | 2
281 files changed, 2105 insertions(+), 1000 deletions(-)
Acs, Jakub (1):
ext4: fix OOB read when checking dotdot dir
Al Viro (2):
spufs: fix a leak on spufs_new_file() failure
spufs: fix a leak in spufs_create_context()
Alex Hung (1):
drm/amd/display: Assign normalized_pix_clk when color depth = 14
Alexey Kashavkin (1):
netfilter: nft_exthdr: fix offset with ipv4_find_option()
Alistair Popple (1):
fuse: fix dax truncate/punch_hole fault path
Andreas Kemnade (1):
i2c: omap: fix IRQ storms
Andrii Nakryiko (2):
lib/buildid: Handle memfd_secret() files in build_id_parse()
libbpf: Fix hypothetical STT_SECTION extern NULL deref case
Andy Shevchenko (1):
hrtimers: Mark is_migration_base() with __always_inline
AngeloGioacchino Del Regno (2):
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
Arnaldo Carvalho de Melo (5):
perf units: Fix insufficient array space
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
Arnd Bergmann (3):
x86/irq: Define trace events conditionally
x86/platform: Only allow CONFIG_EISA for 32-bit
mdacon: rework dependency list
Arthur Mongodin (1):
mptcp: Fix data stream corruption in the address announcement
Artur Weber (2):
pinctrl: bcm281xx: Fix incorrect regmap max_registers value
power: supply: max77693: Fix wrong conversion of charge input threshold value
Barnabás Czémán (1):
clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
Bart Van Assche (1):
fs/procfs: fix the comment above proc_pid_wchan()
Benjamin Berg (1):
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
Boon Khai Ng (1):
USB: serial: ftdi_sio: add support for Altera USB Blaster 3
Brahmajit Das (1):
vboxsf: fix building with GCC 15
Breno Leitao (1):
netpoll: hold rcu read lock in __netpoll_send_skb()
Cameron Williams (2):
tty: serial: 8250: Add some more device IDs
tty: serial: 8250: Add Brainboxes XC devices
Carolina Jubran (1):
net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
Charles Keepax (1):
ASoC: ops: Consistently treat platform_max as control value
Chengchang Tang (1):
RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt()
Chengen Du (1):
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
Chenyuan Yang (1):
thermal: int340x: Add NULL check for adev
Chia-Lin Kao (AceLan) (1):
HID: ignore non-functional sensor in HP 5MP Camera
Christian Eggers (1):
regulator: check that dummy regulator has been probed before using it
Christophe JAILLET (4):
ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
i2c: ali1535: Fix an error handling path in ali1535_probe()
i2c: ali15x3: Fix an error handling path in ali15x3_probe()
i2c: sis630: Fix an error handling path in sis630_probe()
Chuck Lever (1):
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Cong Wang (2):
net_sched: Prevent creation of classes with TC_H_ROOT
net_sched: skbprio: Remove overly strict queue assertions
Cosmin Ratiu (1):
xfrm_output: Force software GSO only in tunnel mode
Dan Carpenter (6):
ipvs: prevent integer overflow in do_ip_vs_get_ctl()
Bluetooth: Fix error code in chan_alloc_skb_cb()
net: atm: fix use after free in lec_send()
PCI: Remove stray put_device() in pci_register_host_bridge()
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
fs/ntfs3: Fix a couple integer overflows on 32bit systems
Daniel Lezcano (1):
thermal/cpufreq_cooling: Remove structure member documentation
Daniel Stodden (1):
PCI/ASPM: Fix link state exit during switch upstream function removal
Daniel Wagner (2):
nvme-fc: go straight to connecting state when initializing
nvme: only allow entering LIVE from CONNECTING state
Danila Chernetsov (1):
fbdev: sm501fb: Add some geometry checks.
David Rosca (1):
drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
David Woodhouse (1):
clockevents/drivers/i8253: Fix stop sequence for timer 0
Debin Zhu (1):
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Dhruv Deshpande (1):
ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
Dominique Martinet (1):
net: usb: usbnet: restore usb%d name exception for local mac addresses
Douglas Raillard (2):
tracing: Ensure module defining synth event cannot be unloaded while tracing
tracing: Fix synth event printk format for str fields
Eric Dumazet (2):
vlan: fix memory leak in vlan_newlink()
tcp: fix races in tcp_abort()
Eric Sandeen (1):
watch_queue: fix pipe accounting mismatch
Eric W. Biederman (1):
alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
Fabio Porcedda (4):
USB: serial: option: add Telit Cinterion FE990B compositions
USB: serial: option: fix Telit Cinterion FE990A name
net: usb: qmi_wwan: add Telit Cinterion FN990B composition
net: usb: qmi_wwan: add Telit Cinterion FE990B composition
Fabrice Gasnier (1):
counter: stm32-lptimer-cnt: fix error handling when enabling
Fabrizio Castro (2):
pinctrl: renesas: rza2: Fix missing of_node_put() call
pinctrl: renesas: rzg2l: Fix missing of_node_put() call
Feng Tang (1):
PCI/portdrv: Only disable pciehp interrupts early when needed
Feng Yang (1):
ring-buffer: Fix bytes_dropped calculation issue
Fernando Fernandez Mancera (1):
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Florent Revest (1):
x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
Gannon Kolding (1):
ACPI: resource: IRQ override for Eluktronics MECH-17
Geert Uytterhoeven (2):
ARM: shmobile: smp: Enforce shmobile_smp_* alignment
drm/bridge: ti-sn65dsi86: Fix multiple instances
Geetha sowjanya (2):
octeontx2-af: Fix mbox INTR handler when num VFs > 64
octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
Giovanni Gherdovich (1):
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Greg Kroah-Hartman (1):
Linux 5.15.180
Grzegorz Nitka (1):
ice: fix memory leak in aRFS after reset
Gu Bowen (1):
mmc: atmel-mci: Add missing clk_disable_unprepare()
Guilherme G. Piccoli (1):
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Guillaume Nault (3):
gre: Fix IPv6 link-local address generation.
Revert "gre: Fix IPv6 link-local address generation."
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Haibo Chen (2):
can: flexcan: only change CAN state when link up in system PM
can: flexcan: disable transceiver during system PM
Hans Zhang (1):
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Haoxiang Li (1):
qlcnic: fix memory leak issues in qlcnic_sriov_common.c
Hector Martin (3):
ASoC: tas2770: Fix volume scale
ASoC: tas2764: Fix power control mask
ASoC: tas2764: Set the SDOUT polarity correctly
Henrique Carvalho (1):
smb: client: Fix match_session bug preventing session reuse
Henry Martin (2):
ASoC: imx-card: Add NULL check in imx_card_probe()
arcnet: Add NULL check in com20020pci_probe()
Herbert Xu (1):
crypto: nx - Fix uninitialised hv_nxc on error
Hersen Wu (1):
drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration
Hou Tao (1):
bpf: Use preempt_count() directly in bpf_send_signal_common()
Icenowy Zheng (2):
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Ilkka Koskinen (1):
coresight: catu: Fix number of pages while using 64k pages
Ilpo Järvinen (1):
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Ilya Maximets (1):
net: openvswitch: remove misbehaving actions length check
Ivan Abramov (1):
drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
Jann Horn (4):
sched: Clarify wake_up_q()'s write to task->wake_q.next
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Jayesh Choudhary (1):
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Jerome Brunet (4):
clk: amlogic: gxbb: drop incorrect flag on 32k clock
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
clk: amlogic: g12a: fix mmc A peripheral clock
Jesse Zhang (1):
drm/amd/pm: Fix negative array index read
Jianbo Liu (1):
net/mlx5: Bridge, fix the crash caused by LAG state check
Jie Zhan (1):
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Jim Quinlan (1):
PCI: brcmstb: Use internal register to change link capability
Jiri Kosina (1):
HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
Joe Hattori (4):
powercap: call put_device() on an error path in powercap_register_control_type()
firmware: imx-scu: fix OF node leak in .probe()
media: platform: allgro-dvt: unregister v4l2_device on the error path
soundwire: slave: fix an OF node reference leak in soundwire slave device
Johan Hovold (1):
USB: serial: option: match on interface class for Telit FN990B
Johannes Berg (1):
wifi: iwlwifi: fw: allocate chained SG tables for dump
John Keeping (1):
serial: 8250_dma: terminate correct DMA in tx_dma_flush()
Jonathan Cameron (1):
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
Josef Bacik (1):
btrfs: handle errors from btrfs_dec_ref() properly
Joseph Huang (1):
net: dsa: mv88e6xxx: Verify after ATU Load ops
Josh Poimboeuf (2):
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
sched/smt: Always inline sched_smt_active()
José Expósito (1):
drm/vkms: Fix use after free and double free on init error
Juhan Jin (1):
riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and make_call_ra
Junxian Huang (4):
RDMA/hns: Fix soft lockup during bt pages loop
RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common()
RDMA/hns: Fix wrong value of max_sge_rd
Justin Klaassen (1):
arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S
Kamal Dasu (3):
mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0
mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume
Karel Balej (1):
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Kashyap Desai (1):
RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
Kees Cook (5):
slab: clean up function prototypes
slab: Introduce kmalloc_size_roundup()
openvswitch: Use kmalloc_size_roundup() to match ksize() usage
ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
Kohei Enju (1):
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
Kuninori Morimoto (1):
ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
Kuniyuki Iwashima (2):
ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
Li Lingfeng (1):
nfsd: put dl_stid if fail to queue dl_recall
Lin Ma (3):
net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
netfilter: nft_tunnel: fix geneve_opt type confusion addition
net: fix geneve_opt length integer overflow
Luca Weiss (2):
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
Luiz Augusto von Dentz (1):
Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
Luo Qiu (1):
memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
Ma Ke (1):
drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
Magnus Lindholm (1):
scsi: qla1280: Fix kernel oops when debug level > 2
Maher Sanalla (1):
IB/mad: Check available slots before posting receive WRs
Mario Limonciello (3):
drm/amd/display: Restore correct backlight brightness after a GPU reset
drm/amd/display: Fix slab-use-after-free on hdcp_work
drm/amd: Keep display off while going into S4
Mark Zhang (1):
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Markus Elfring (2):
fbdev: au1100fb: Move a variable assignment behind a null pointer check
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Matthieu Baerts (NGI0) (1):
mptcp: safety check before fallback
Maxim Mikityanskiy (1):
netfilter: socket: Lookup orig tuple for IPv6 SNAT
Maíra Canal (1):
drm/v3d: Don't run jobs that have errors flagged in its fence
Miaoqian Lin (1):
ksmbd: use aead_request_free to match aead_request_alloc
Michael Kelley (2):
fbdev: hyperv_fb: iounmap() the correct memory when removing a device
Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
Michael Strauss (1):
drm/amd/display: Check for invalid input params when building scaling params
Michal Luczaj (1):
bpf, sockmap: Fix race between element replace and close()
Mike Rapoport (Microsoft) (1):
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Miklos Szeredi (1):
fuse: don't truncate cached, mutated symlink
Ming Lei (1):
block: fix 'kmem_cache of name 'bio-108' already exists'
Minjoong Kim (1):
atm: Fix NULL pointer dereference
Murad Masimov (5):
cifs: Fix integer overflow while processing acregmax mount option
cifs: Fix integer overflow while processing acdirmax mount option
cifs: Fix integer overflow while processing actimeo mount option
cifs: Fix integer overflow while processing closetimeo mount option
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
Namjae Jeon (2):
ksmbd: fix multichannel connection failure
ksmbd: fix incorrect validation for num_aces field of smb_acl
Nathan Chancellor (1):
mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe()
Navon John Lukose (1):
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Nikita Shubin (1):
ntb: intel: Fix using link status DB's
Nikita Zhandarovich (2):
drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
mfd: sm501: Switch to BIT() to mitigate integer overflows
Nishanth Aravamudan (1):
PCI: Avoid reset when disabled via sysfs
Oleg Nesterov (1):
sched/isolation: Prevent boot crash when the boot CPU is nohz_full
Oliver Hartkopp (1):
can: statistics: use atomic access in hot path
Pablo Neira Ayuso (1):
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
Patrisious Haddad (1):
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Paul Menzel (1):
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Paulo Alcantara (1):
smb: client: fix potential UAF in cifs_debug_files_proc_show()
Peng Fan (1):
remoteproc: core: Clear table_sz when rproc_shutdown
Peter Geis (1):
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Peter Oberparleiter (1):
s390/cio: Fix CHPID "configure" attribute caching
Phil Elwell (2):
ARM: dts: bcm2711: PL011 UARTs are actually r1p5
ARM: dts: bcm2711: Don't mark timer regs unconfigured
Prathamesh Shete (1):
pinctrl: tegra: Set SFIO mode to Mux Register
Qasim Ijaz (2):
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
jfs: fix slab-out-of-bounds read in ea_get()
Qiuxu Zhuo (3):
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
Rafael J. Wysocki (2):
PM: sleep: Adjust check before setting power.must_resume
PM: sleep: Fix handling devices with direct_complete set on errors
Ran Xiaokai (1):
tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
Rik van Riel (1):
scsi: core: Use GFP_NOIO to avoid circular locking dependency
Roman Gushchin (1):
RDMA/core: Don't expose hw_counters outside of init net namespace
Roman Smirnov (1):
jfs: add index corruption check to DT_GETPAGE()
Ruozhu Li (1):
nvmet-rdma: recheck queue state is LIVE in state lock in recv done
Sagi Grimberg (1):
nvme-tcp: fix possible UAF in nvme_tcp_poll
Saranya R (1):
soc: qcom: pdr: Fix the potential deadlock
Saravanan Vajravel (1):
RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
Sebastian Andrzej Siewior (2):
netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Sherry Sun (2):
tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers
Shrikanth Hegde (1):
sched/deadline: Use online cpus for validating runtime
Simon Tatham (2):
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
Sourabh Jain (1):
kexec: initialize ELF lowest address to ULONG_MAX
Srinivas Pandruvada (1):
platform/x86: ISST: Correct command storage data length
Stanley Chu (1):
i3c: master: svc: Fix missing the IBI rules
Stefano Garzarella (1):
vsock: avoid timeout during connect() if the socket is closing
Stephan Gerhold (1):
net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
Steven Rostedt (1):
tracing: Do not use PERF enums when perf is not defined
Sven Eckelmann (1):
batman-adv: Ignore own maximum aggregation size during RX
Takashi Iwai (1):
ALSA: hda/realtek: Always honor no_shutup_pins
Tanya Agarwal (1):
lib: 842: Improve error handling in sw842_compress()
Tao Chen (1):
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Tasos Sahanidis (1):
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Tengda Wu (1):
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Terry Cheong (1):
ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
Terry Junge (2):
ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
HID: hid-plantronics: Add mic mute mapping and generalize quirks
Theodore Ts'o (1):
ext4: don't over-report free space or inodes in statvfs
Thippeswamy Havalige (1):
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Thomas Zimmermann (1):
drm/nouveau: Do not override forced connector status
Tim Schumacher (1):
selinux: Chain up tool resolving errors in install_policy.sh
Tobias Waldekranz (1):
net: mvpp2: Prevent parser TCAM memory corruption
Tomi Valkeinen (1):
drm: xlnx: zynqmp: Fix max dma segment size
Trond Myklebust (1):
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
Uwe Kleine-König (2):
media: i2c: et8ek8: Don't strip remove function when driver is builtin
iio: adc: ad7124: Fix comparison of channel configs
Vasiliy Kovalev (1):
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Ville Syrjälä (1):
drm/atomic: Filter out redundant DPMS calls
Vitaliy Shevtsov (1):
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Vitaly Rodionov (1):
ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
Vladimir Lypak (1):
clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
Vladis Dronov (1):
x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
Vlastimil Babka (1):
mm, slab: remove duplicate kernel-doc comment for ksize()
Waiman Long (1):
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Wang Yufen (1):
ipv6: Fix signed integer overflow in __ip6_append_data
Wayne Lin (1):
drm/dp_mst: Fix drm RAD print
Wenkai Lin (2):
crypto: hisilicon/sec2 - fix for aead authsize alignment
crypto: hisilicon/sec2 - fix for aead auth key length
Wentao Liang (1):
net/mlx5: handle errors in mlx5_chains_create_table()
Will McVicker (1):
clk: samsung: Fix UBSAN panic in samsung_clk_init()
William Breathitt Gray (1):
counter: microchip-tcb-capture: Fix undefined counter channel state on probe
Yajun Deng (1):
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Yanjun Yang (1):
ARM: Remove address checking for MMUless devices
Ye Bin (1):
proc: fix UAF in proc_get_inode()
Ying Lu (1):
usbnet:fix NPE during rx_complete
Yu-Chun Lin (1):
sctp: Fix undefined behavior in left shift operation
Yuezhang Mo (1):
exfat: fix the infinite loop in exfat_find_last_cluster()
Zhang Lixu (1):
HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
Zijun Hu (1):
of: property: Increase NR_FWNODE_REFERENCE_ARGS
zuoqian (1):
cpufreq: scpi: compare kHz instead of Hz
5 months, 2 weeks
- 1
- 1
Linux 5.10.236
by Greg Kroah-Hartman
I'm announcing the release of the 5.10.236 kernel.
All users of the 5.10 kernel series must upgrade.
The updated 5.10.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/timers/no_hz.rst | 7
Makefile | 2
arch/alpha/include/asm/elf.h | 6
arch/alpha/include/asm/pgtable.h | 2
arch/alpha/include/asm/processor.h | 8
arch/alpha/kernel/osf_sys.c | 11
arch/arm/boot/dts/bcm2711.dtsi | 11
arch/arm/mach-shmobile/headsmp.S | 1
arch/arm/mm/fault.c | 8
arch/powerpc/platforms/cell/spufs/inode.c | 9
arch/x86/Kconfig | 2
arch/x86/entry/calling.h | 2
arch/x86/include/asm/tlbflush.h | 2
arch/x86/kernel/cpu/microcode/amd.c | 2
arch/x86/kernel/cpu/mshyperv.c | 11
arch/x86/kernel/crash.c | 4
arch/x86/kernel/dumpstack.c | 5
arch/x86/kernel/irq.c | 2
arch/x86/kernel/machine_kexec_64.c | 12
arch/x86/kernel/process.c | 7
arch/x86/kernel/tsc.c | 4
arch/x86/kvm/hyperv.c | 6
arch/x86/mm/pat/cpa-test.c | 2
block/bio.c | 2
drivers/acpi/nfit/core.c | 2
drivers/acpi/processor_idle.c | 4
drivers/acpi/resource.c | 13
drivers/base/power/main.c | 21
drivers/base/power/runtime.c | 2
drivers/clk/meson/g12a.c | 38
drivers/clk/meson/gxbb.c | 14
drivers/clk/rockchip/clk-rk3328.c | 2
drivers/clk/samsung/clk.c | 2
drivers/clocksource/i8253.c | 36
drivers/counter/microchip-tcb-capture.c | 19
drivers/counter/stm32-lptimer-cnt.c | 24
drivers/cpufreq/cpufreq_governor.c | 45
drivers/cpufreq/scpi-cpufreq.c | 5
drivers/crypto/hisilicon/sec2/sec_crypto.c | 8
drivers/edac/ie31200_edac.c | 19
drivers/firmware/imx/imx-scu.c | 1
drivers/firmware/iscsi_ibft.c | 5
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 106 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 14
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 585 +++-------
drivers/gpu/drm/amd/display/dc/dc.h | 1
drivers/gpu/drm/amd/display/dc/dc_types.h | 5
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_dpp_dscl.c | 12
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c | 14
drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c | 12
drivers/gpu/drm/amd/display/dc/dml/display_mode_structs.h | 2
drivers/gpu/drm/amd/display/dc/dml/display_mode_vba.c | 40
drivers/gpu/drm/amd/display/dc/inc/hw/transform.h | 4
drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 21
drivers/gpu/drm/drm_atomic_uapi.c | 4
drivers/gpu/drm/drm_connector.c | 4
drivers/gpu/drm/drm_dp_mst_topology.c | 8
drivers/gpu/drm/gma500/mid_bios.c | 5
drivers/gpu/drm/mediatek/mtk_dsi.c | 6
drivers/gpu/drm/mediatek/mtk_hdmi.c | 33
drivers/gpu/drm/nouveau/nouveau_connector.c | 1
drivers/gpu/drm/radeon/radeon_vce.c | 2
drivers/gpu/drm/v3d/v3d_sched.c | 9
drivers/gpu/drm/xlnx/zynqmp_dpsub.c | 2
drivers/hid/hid-ids.h | 1
drivers/hid/hid-plantronics.c | 144 +-
drivers/hid/hid-quirks.c | 1
drivers/hid/intel-ish-hid/ipc/ipc.c | 6
drivers/hv/vmbus_drv.c | 13
drivers/hwmon/nct6775.c | 4
drivers/hwtracing/coresight/coresight-catu.c | 2
drivers/i2c/busses/i2c-ali1535.c | 12
drivers/i2c/busses/i2c-ali15x3.c | 12
drivers/i2c/busses/i2c-omap.c | 26
drivers/i2c/busses/i2c-sis630.c | 12
drivers/i2c/i2c-dev.c | 15
drivers/iio/accel/mma8452.c | 10
drivers/infiniband/core/mad.c | 38
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2
drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3
drivers/infiniband/hw/hns/hns_roce_hem.c | 23
drivers/infiniband/hw/hns/hns_roce_hem.h | 2
drivers/infiniband/hw/hns/hns_roce_main.c | 2
drivers/infiniband/hw/hns/hns_roce_mr.c | 4
drivers/infiniband/hw/mlx5/cq.c | 2
drivers/media/dvb-frontends/dib8000.c | 5
drivers/media/i2c/et8ek8/et8ek8_driver.c | 4
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/mfd/sm501.c | 6
drivers/mmc/host/atmel-mci.c | 4
drivers/mmc/host/sdhci-pxav3.c | 1
drivers/net/arcnet/com20020-pci.c | 17
drivers/net/can/flexcan.c | 6
drivers/net/dsa/mv88e6xxx/chip.c | 11
drivers/net/dsa/mv88e6xxx/phy.c | 3
drivers/net/ethernet/intel/ice/ice_arfs.c | 2
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6
drivers/net/ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5
drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8
drivers/net/usb/qmi_wwan.c | 2
drivers/net/usb/usbnet.c | 21
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 -
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2
drivers/ntb/test/ntb_perf.c | 4
drivers/nvme/host/core.c | 2
drivers/nvme/host/fc.c | 3
drivers/nvme/host/pci.c | 21
drivers/nvme/host/tcp.c | 5
drivers/nvme/target/rdma.c | 33
drivers/pci/controller/cadence/pcie-cadence-ep.c | 3
drivers/pci/controller/cadence/pcie-cadence.h | 2
drivers/pci/controller/pcie-brcmstb.c | 4
drivers/pci/controller/pcie-xilinx-cpm.c | 10
drivers/pci/hotplug/pciehp_hpc.c | 4
drivers/pci/pcie/aspm.c | 17
drivers/pci/pcie/portdrv_core.c | 8
drivers/pci/probe.c | 5
drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2
drivers/pinctrl/renesas/pinctrl-rza2.c | 2
drivers/pinctrl/tegra/pinctrl-tegra.c | 3
drivers/platform/x86/intel-hid.c | 7
drivers/power/supply/max77693_charger.c | 2
drivers/powercap/powercap_sys.c | 3
drivers/regulator/core.c | 12
drivers/remoteproc/qcom_q6v5_pas.c | 10
drivers/s390/cio/chp.c | 3
drivers/scsi/qla1280.c | 2
drivers/soc/qcom/pdr_interface.c | 8
drivers/thermal/cpufreq_cooling.c | 2
drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3
drivers/tty/serial/8250/8250_dma.c | 2
drivers/tty/serial/8250/8250_pci.c | 16
drivers/tty/serial/fsl_lpuart.c | 25
drivers/usb/serial/ftdi_sio.c | 14
drivers/usb/serial/ftdi_sio_ids.h | 13
drivers/usb/serial/option.c | 48
drivers/video/console/Kconfig | 2
drivers/video/fbdev/au1100fb.c | 4
drivers/video/fbdev/hyperv_fb.c | 2
drivers/video/fbdev/sm501fb.c | 7
fs/affs/file.c | 9
fs/btrfs/extent-tree.c | 5
fs/exfat/fatent.c | 2
fs/ext4/dir.c | 3
fs/ext4/super.c | 27
fs/fuse/dir.c | 2
fs/isofs/dir.c | 3
fs/jfs/jfs_dtree.c | 3
fs/jfs/xattr.c | 15
fs/namei.c | 24
fs/nfs/delegation.c | 33
fs/nfsd/nfs4state.c | 31
fs/ocfs2/alloc.c | 8
fs/proc/base.c | 2
fs/proc/generic.c | 10
fs/proc/inode.c | 6
fs/proc/internal.h | 14
fs/vboxsf/super.c | 3
include/drm/drm_dp_mst_helper.h | 7
include/linux/fs.h | 2
include/linux/i8253.h | 1
include/linux/interrupt.h | 8
include/linux/netfilter/nf_conntrack_common.h | 8
include/linux/pm_runtime.h | 2
include/linux/proc_fs.h | 7
include/linux/sched/smt.h | 2
include/net/ipv6.h | 4
kernel/events/ring_buffer.c | 2
kernel/kexec_elf.c | 2
kernel/locking/semaphore.c | 13
kernel/sched/deadline.c | 2
kernel/time/hrtimer.c | 22
kernel/trace/bpf_trace.c | 2
kernel/trace/ring_buffer.c | 4
kernel/trace/trace_events_synth.c | 34
kernel/trace/trace_functions_graph.c | 1
kernel/trace/trace_irqsoff.c | 2
kernel/trace/trace_sched_wakeup.c | 2
kernel/watch_queue.c | 9
lib/842/842_compress.c | 2
net/8021q/vlan_netlink.c | 10
net/atm/lec.c | 3
net/atm/mpc.c | 2
net/batman-adv/bat_iv_ogm.c | 3
net/batman-adv/bat_v_ogm.c | 3
net/bluetooth/6lowpan.c | 7
net/bluetooth/hci_event.c | 13
net/can/af_can.c | 12
net/can/af_can.h | 12
net/can/proc.c | 46
net/core/neighbour.c | 1
net/core/netpoll.c | 9
net/core/rtnetlink.c | 3
net/core/sock_map.c | 5
net/ipv4/ip_tunnel_core.c | 4
net/ipv6/addrconf.c | 37
net/ipv6/calipso.c | 21
net/ipv6/ip6_output.c | 6
net/ipv6/netfilter/nf_socket_ipv6.c | 23
net/ipv6/route.c | 5
net/mptcp/protocol.h | 2
net/netfilter/ipvs/ip_vs_ctl.c | 8
net/netfilter/nf_conncount.c | 2
net/netfilter/nf_conntrack_core.c | 48
net/netfilter/nf_conntrack_expect.c | 4
net/netfilter/nf_conntrack_netlink.c | 7
net/netfilter/nf_conntrack_standalone.c | 7
net/netfilter/nf_flow_table_core.c | 2
net/netfilter/nf_synproxy_core.c | 1
net/netfilter/nft_ct.c | 11
net/netfilter/nft_exthdr.c | 10
net/netfilter/nft_tunnel.c | 6
net/netfilter/xt_CT.c | 3
net/openvswitch/actions.c | 6
net/openvswitch/conntrack.c | 1
net/sched/act_ct.c | 1
net/sched/act_tunnel_key.c | 2
net/sched/cls_flower.c | 2
net/sched/sch_api.c | 6
net/sched/sch_skbprio.c | 3
net/sctp/stream.c | 2
net/vmw_vsock/af_vsock.c | 6
net/xfrm/xfrm_output.c | 2
scripts/selinux/install_policy.sh | 15
sound/pci/hda/patch_realtek.c | 28
sound/soc/codecs/arizona.c | 14
sound/soc/codecs/madera.c | 10
sound/soc/codecs/tas2764.c | 10
sound/soc/codecs/tas2764.h | 8
sound/soc/codecs/tas2770.c | 2
sound/soc/codecs/wm0010.c | 13
sound/soc/codecs/wm5110.c | 8
sound/soc/sh/rcar/core.c | 14
sound/soc/sh/rcar/rsnd.h | 1
sound/soc/sh/rcar/src.c | 18
sound/soc/sof/intel/hda-codec.c | 1
sound/soc/ti/j721e-evm.c | 2
sound/usb/mixer_quirks.c | 51
tools/perf/util/python.c | 17
tools/perf/util/units.c | 2
243 files changed, 1865 insertions(+), 1175 deletions(-)
Acs, Jakub (1):
ext4: fix OOB read when checking dotdot dir
Al Viro (2):
spufs: fix a leak on spufs_new_file() failure
spufs: fix a leak in spufs_create_context()
Alex Hung (1):
drm/amd/display: Assign normalized_pix_clk when color depth = 14
Alexey Kashavkin (1):
netfilter: nft_exthdr: fix offset with ipv4_find_option()
Andreas Kemnade (1):
i2c: omap: fix IRQ storms
Andy Shevchenko (2):
hrtimers: Mark is_migration_base() with __always_inline
i2c: dev: check return value when calling dev_set_name()
AngeloGioacchino Del Regno (2):
drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
Arnaldo Carvalho de Melo (5):
perf units: Fix insufficient array space
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Don't keep a raw_data pointer to consumed ring buffer space
perf python: Check if there is space to copy all the event
Arnd Bergmann (3):
x86/irq: Define trace events conditionally
x86/platform: Only allow CONFIG_EISA for 32-bit
mdacon: rework dependency list
Artur Weber (2):
pinctrl: bcm281xx: Fix incorrect regmap max_registers value
power: supply: max77693: Fix wrong conversion of charge input threshold value
Baoquan He (1):
x86/kexec: fix memory leak of elf header buffer
Bart Van Assche (1):
fs/procfs: fix the comment above proc_pid_wchan()
Benjamin Berg (1):
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
Boon Khai Ng (1):
USB: serial: ftdi_sio: add support for Altera USB Blaster 3
Brahmajit Das (1):
vboxsf: fix building with GCC 15
Breno Leitao (1):
netpoll: hold rcu read lock in __netpoll_send_skb()
Cameron Williams (1):
tty: serial: 8250: Add some more device IDs
Carolina Jubran (1):
net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
Chengchang Tang (1):
RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt()
Chengen Du (1):
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
Chenyuan Yang (1):
thermal: int340x: Add NULL check for adev
Chia-Lin Kao (AceLan) (1):
HID: ignore non-functional sensor in HP 5MP Camera
Christian Eggers (1):
regulator: check that dummy regulator has been probed before using it
Christophe JAILLET (4):
ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
i2c: ali1535: Fix an error handling path in ali1535_probe()
i2c: ali15x3: Fix an error handling path in ali15x3_probe()
i2c: sis630: Fix an error handling path in sis630_probe()
Chuck Lever (1):
NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
Cong Wang (2):
net_sched: Prevent creation of classes with TC_H_ROOT
net_sched: skbprio: Remove overly strict queue assertions
Cosmin Ratiu (1):
xfrm_output: Force software GSO only in tunnel mode
Dan Carpenter (5):
ipvs: prevent integer overflow in do_ip_vs_get_ctl()
Bluetooth: Fix error code in chan_alloc_skb_cb()
net: atm: fix use after free in lec_send()
PCI: Remove stray put_device() in pci_register_host_bridge()
drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
Daniel Lezcano (1):
thermal/cpufreq_cooling: Remove structure member documentation
Daniel Stodden (1):
PCI/ASPM: Fix link state exit during switch upstream function removal
Daniel Wagner (2):
nvme-fc: go straight to connecting state when initializing
nvme: only allow entering LIVE from CONNECTING state
Danila Chernetsov (1):
fbdev: sm501fb: Add some geometry checks.
David Oberhollenzer (1):
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
David Woodhouse (1):
clockevents/drivers/i8253: Fix stop sequence for timer 0
Debin Zhu (1):
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Dhruv Deshpande (1):
ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
Dmitry Panchenko (1):
platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet
Dmytro Laktyushkin (1):
drm/amd/display: fix odm scaling
Dominique Martinet (1):
net: usb: usbnet: restore usb%d name exception for local mac addresses
Douglas Raillard (1):
tracing: Ensure module defining synth event cannot be unloaded while tracing
Eric Dumazet (1):
vlan: fix memory leak in vlan_newlink()
Eric Sandeen (1):
watch_queue: fix pipe accounting mismatch
Eric W. Biederman (1):
alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
Fabio Porcedda (4):
USB: serial: option: add Telit Cinterion FE990B compositions
USB: serial: option: fix Telit Cinterion FE990A name
net: usb: qmi_wwan: add Telit Cinterion FN990B composition
net: usb: qmi_wwan: add Telit Cinterion FE990B composition
Fabrice Gasnier (1):
counter: stm32-lptimer-cnt: fix error handling when enabling
Fabrizio Castro (1):
pinctrl: renesas: rza2: Fix missing of_node_put() call
Feng Tang (1):
PCI/portdrv: Only disable pciehp interrupts early when needed
Feng Yang (1):
ring-buffer: Fix bytes_dropped calculation issue
Fernando Fernandez Mancera (1):
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Florent Revest (1):
x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
Florian Westphal (3):
netfilter: conntrack: convert to refcount_t api
netfilter: nft_ct: fix use after free when attaching zone template
netfilter: conntrack: fix crash due to confirmed bit load reordering
Gannon Kolding (1):
ACPI: resource: IRQ override for Eluktronics MECH-17
Geert Uytterhoeven (1):
ARM: shmobile: smp: Enforce shmobile_smp_* alignment
Geetha sowjanya (1):
octeontx2-af: Fix mbox INTR handler when num VFs > 64
Giovanni Gherdovich (1):
ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid
Greg Kroah-Hartman (1):
Linux 5.10.236
Grzegorz Nitka (1):
ice: fix memory leak in aRFS after reset
Gu Bowen (1):
mmc: atmel-mci: Add missing clk_disable_unprepare()
Guilherme G. Piccoli (1):
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Guillaume Nault (1):
tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
Haibo Chen (1):
can: flexcan: only change CAN state when link up in system PM
Hans Zhang (1):
PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload
Haoxiang Li (1):
qlcnic: fix memory leak issues in qlcnic_sriov_common.c
Hector Martin (3):
ASoC: tas2770: Fix volume scale
ASoC: tas2764: Fix power control mask
ASoC: tas2764: Set the SDOUT polarity correctly
Henry Martin (1):
arcnet: Add NULL check in com20020pci_probe()
Hersen Wu (1):
drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration
Hou Tao (1):
bpf: Use preempt_count() directly in bpf_send_signal_common()
Icenowy Zheng (2):
nvme-pci: clean up CMBMSC when registering CMB fails
nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
Ilkka Koskinen (1):
coresight: catu: Fix number of pages while using 64k pages
Ilpo Järvinen (1):
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Ivan Abramov (1):
drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
Jann Horn (3):
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Jayesh Choudhary (1):
ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible
Jerome Brunet (4):
clk: amlogic: gxbb: drop incorrect flag on 32k clock
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
clk: amlogic: g12a: fix mmc A peripheral clock
Jesse Zhang (1):
drm/amd/pm: Fix negative array index read
Jie Zhan (1):
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Jim Quinlan (1):
PCI: brcmstb: Use internal register to change link capability
Joe Hattori (2):
powercap: call put_device() on an error path in powercap_register_control_type()
firmware: imx-scu: fix OF node leak in .probe()
Johan Hovold (1):
USB: serial: option: match on interface class for Telit FN990B
Johannes Berg (1):
wifi: iwlwifi: fw: allocate chained SG tables for dump
John Keeping (1):
serial: 8250_dma: terminate correct DMA in tx_dma_flush()
Jonathan Cameron (1):
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
Josef Bacik (1):
btrfs: handle errors from btrfs_dec_ref() properly
Josh Poimboeuf (2):
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
sched/smt: Always inline sched_smt_active()
Junxian Huang (2):
RDMA/hns: Fix soft lockup during bt pages loop
RDMA/hns: Fix wrong value of max_sge_rd
Karel Balej (1):
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Kashyap Desai (1):
RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
Kees Cook (2):
ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
Kohei Enju (1):
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
Kuninori Morimoto (1):
ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
Kuniyuki Iwashima (2):
ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
Lee Jones (1):
drm/amd/display/dc/core/dc_resource: Staticify local functions
Li Lingfeng (1):
nfsd: put dl_stid if fail to queue dl_recall
Lin Ma (3):
net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
netfilter: nft_tunnel: fix geneve_opt type confusion addition
net: fix geneve_opt length integer overflow
Luca Weiss (1):
remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
Luiz Augusto von Dentz (1):
Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
Luo Qiu (1):
memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
Ma Ke (1):
drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
Magnus Lindholm (1):
scsi: qla1280: Fix kernel oops when debug level > 2
Maher Sanalla (1):
IB/mad: Check available slots before posting receive WRs
Mario Kleiner (1):
drm/amd/display: Check plane scaling against format specific hw plane caps.
Mario Limonciello (1):
drm/amd/display: Fix slab-use-after-free on hdcp_work
Mark Zhang (1):
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
Markus Elfring (2):
fbdev: au1100fb: Move a variable assignment behind a null pointer check
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Matthieu Baerts (NGI0) (1):
mptcp: safety check before fallback
Maxim Mikityanskiy (1):
netfilter: socket: Lookup orig tuple for IPv6 SNAT
Maíra Canal (1):
drm/v3d: Don't run jobs that have errors flagged in its fence
Michael Kelley (2):
fbdev: hyperv_fb: iounmap() the correct memory when removing a device
Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
Michael Strauss (1):
drm/amd/display: Check for invalid input params when building scaling params
Michal Luczaj (1):
bpf, sockmap: Fix race between element replace and close()
Mike Rapoport (Microsoft) (1):
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Miklos Szeredi (1):
fuse: don't truncate cached, mutated symlink
Ming Lei (1):
block: fix 'kmem_cache of name 'bio-108' already exists'
Minjoong Kim (1):
atm: Fix NULL pointer dereference
Murad Masimov (1):
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
Navon John Lukose (1):
ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
Nikita Shubin (1):
ntb: intel: Fix using link status DB's
Nikita Zhandarovich (2):
drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
mfd: sm501: Switch to BIT() to mitigate integer overflows
Nikola Cornij (1):
drm/amd/display: Reject too small viewport size when validating plane
Oleg Nesterov (1):
sched/isolation: Prevent boot crash when the boot CPU is nohz_full
Oliver Hartkopp (1):
can: statistics: use atomic access in hot path
Patrik Jakobsson (1):
drm/amdgpu: Fix even more out of bound writes from debugfs
Patrisious Haddad (1):
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Paul Menzel (1):
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Peter Geis (1):
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Peter Oberparleiter (1):
s390/cio: Fix CHPID "configure" attribute caching
Phil Elwell (2):
ARM: dts: bcm2711: PL011 UARTs are actually r1p5
ARM: dts: bcm2711: Don't mark timer regs unconfigured
Prathamesh Shete (1):
pinctrl: tegra: Set SFIO mode to Mux Register
Qasim Ijaz (2):
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
jfs: fix slab-out-of-bounds read in ea_get()
Qiuxu Zhuo (3):
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
Rafael J. Wysocki (2):
PM: sleep: Adjust check before setting power.must_resume
PM: sleep: Fix handling devices with direct_complete set on errors
Roman Smirnov (1):
jfs: add index corruption check to DT_GETPAGE()
Ruozhu Li (1):
nvmet-rdma: recheck queue state is LIVE in state lock in recv done
Sagi Grimberg (1):
nvme-tcp: fix possible UAF in nvme_tcp_poll
Saranya R (1):
soc: qcom: pdr: Fix the potential deadlock
Saravanan Vajravel (1):
RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
Sean Christopherson (1):
KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
Sebastian Andrzej Siewior (2):
netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Sherry Sun (2):
tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers
Shrikanth Hegde (1):
sched/deadline: Use online cpus for validating runtime
Simon Tatham (2):
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
Sourabh Jain (1):
kexec: initialize ELF lowest address to ULONG_MAX
Stefano Garzarella (1):
vsock: avoid timeout during connect() if the socket is closing
Steven Rostedt (1):
tracing: Do not use PERF enums when perf is not defined
Sven Eckelmann (1):
batman-adv: Ignore own maximum aggregation size during RX
Takashi Iwai (2):
ALSA: hda/realtek: Always honor no_shutup_pins
x86/kexec: Fix double-free of elf header buffer
Tanya Agarwal (1):
lib: 842: Improve error handling in sw842_compress()
Tao Chen (1):
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Tasos Sahanidis (1):
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Tengda Wu (1):
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Terry Cheong (1):
ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
Terry Junge (2):
ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
HID: hid-plantronics: Add mic mute mapping and generalize quirks
Theodore Ts'o (1):
ext4: don't over-report free space or inodes in statvfs
Thippeswamy Havalige (1):
PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
Thomas Zimmermann (1):
drm/nouveau: Do not override forced connector status
Tim Schumacher (1):
selinux: Chain up tool resolving errors in install_policy.sh
Tomi Valkeinen (1):
drm: xlnx: zynqmp: Fix max dma segment size
Trond Myklebust (1):
NFSv4: Don't trigger uneccessary scans for return-on-close delegations
Uwe Kleine-König (1):
media: i2c: et8ek8: Don't strip remove function when driver is builtin
Vasiliy Kovalev (1):
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Ville Syrjälä (1):
drm/atomic: Filter out redundant DPMS calls
Vitaliy Shevtsov (1):
drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
Vitaly Rodionov (1):
ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
Waiman Long (1):
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Wang Yufen (1):
ipv6: Fix signed integer overflow in __ip6_append_data
Wayne Lin (1):
drm/dp_mst: Fix drm RAD print
Wenkai Lin (1):
crypto: hisilicon/sec2 - fix for aead auth key length
Wentao Liang (1):
net/mlx5: handle errors in mlx5_chains_create_table()
Will McVicker (1):
clk: samsung: Fix UBSAN panic in samsung_clk_init()
William Breathitt Gray (1):
counter: microchip-tcb-capture: Fix undefined counter channel state on probe
Yajun Deng (1):
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Yanjun Yang (1):
ARM: Remove address checking for MMUless devices
Ye Bin (1):
proc: fix UAF in proc_get_inode()
Yu-Chun Lin (1):
sctp: Fix undefined behavior in left shift operation
Yuezhang Mo (1):
exfat: fix the infinite loop in exfat_find_last_cluster()
Zhang Lixu (1):
HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
zuoqian (1):
cpufreq: scpi: compare kHz instead of Hz
5 months, 2 weeks
- 1
- 1
Linux 5.4.292
by Greg Kroah-Hartman
I'm announcing the release of the 5.4.292 kernel.
All users of the 5.4 kernel series must upgrade.
The updated 5.4.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/timers/no_hz.rst | 7
Makefile | 2
arch/arm/mach-shmobile/headsmp.S | 1
arch/arm/mm/fault.c | 8
arch/powerpc/platforms/cell/spufs/inode.c | 9
arch/x86/Kconfig | 2
arch/x86/entry/calling.h | 2
arch/x86/include/asm/tlbflush.h | 2
arch/x86/kernel/cpu/microcode/amd.c | 2
arch/x86/kernel/cpu/mshyperv.c | 11 -
arch/x86/kernel/dumpstack.c | 5
arch/x86/kernel/irq.c | 2
arch/x86/kernel/process.c | 7
arch/x86/kernel/tsc.c | 4
arch/x86/mm/pageattr-test.c | 2
block/bio.c | 2
drivers/acpi/resource.c | 13 +
drivers/base/power/main.c | 8
drivers/clk/meson/g12a.c | 38 ++-
drivers/clk/meson/gxbb.c | 14 -
drivers/clk/rockchip/clk-rk3328.c | 2
drivers/clocksource/i8253.c | 36 ++-
drivers/counter/stm32-lptimer-cnt.c | 24 +-
drivers/cpufreq/cpufreq_governor.c | 45 ++--
drivers/edac/ie31200_edac.c | 19 +
drivers/firmware/imx/imx-scu.c | 1
drivers/firmware/iscsi_ibft.c | 5
drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 7
drivers/gpu/drm/drm_atomic_uapi.c | 4
drivers/gpu/drm/drm_connector.c | 4
drivers/gpu/drm/gma500/mid_bios.c | 5
drivers/gpu/drm/mediatek/mtk_hdmi.c | 8
drivers/gpu/drm/nouveau/nouveau_connector.c | 1
drivers/gpu/drm/radeon/radeon_vce.c | 2
drivers/gpu/drm/v3d/v3d_sched.c | 9
drivers/hid/hid-ids.h | 1
drivers/hid/hid-plantronics.c | 144 ++++++---------
drivers/hid/hid-quirks.c | 1
drivers/hid/intel-ish-hid/ipc/ipc.c | 6
drivers/hv/vmbus_drv.c | 23 +-
drivers/hwmon/nct6775.c | 4
drivers/hwtracing/coresight/coresight-catu.c | 2
drivers/i2c/busses/i2c-ali1535.c | 12 +
drivers/i2c/busses/i2c-ali15x3.c | 12 +
drivers/i2c/busses/i2c-omap.c | 26 --
drivers/i2c/busses/i2c-sis630.c | 12 +
drivers/iio/accel/mma8452.c | 10 -
drivers/infiniband/core/mad.c | 38 ++-
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2
drivers/infiniband/hw/hns/hns_roce_main.c | 2
drivers/infiniband/hw/mlx5/cq.c | 2
drivers/media/dvb-frontends/dib8000.c | 5
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/mfd/sm501.c | 6
drivers/mmc/host/atmel-mci.c | 4
drivers/mmc/host/sdhci-pxav3.c | 1
drivers/net/arcnet/com20020-pci.c | 17 +
drivers/net/can/flexcan.c | 6
drivers/net/dsa/mv88e6xxx/chip.c | 11 -
drivers/net/dsa/mv88e6xxx/phy.c | 3
drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6
drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8
drivers/net/usb/qmi_wwan.c | 2
drivers/net/usb/usbnet.c | 21 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 86 ++++++--
drivers/ntb/hw/intel/ntb_hw_gen3.c | 3
drivers/ntb/hw/mscc/ntb_hw_switchtec.c | 2
drivers/ntb/test/ntb_perf.c | 4
drivers/nvme/host/core.c | 2
drivers/nvme/host/fc.c | 3
drivers/nvme/target/rdma.c | 33 ++-
drivers/pci/hotplug/pciehp_hpc.c | 4
drivers/pci/pcie/aspm.c | 17 -
drivers/pci/pcie/portdrv_core.c | 8
drivers/pci/probe.c | 5
drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2
drivers/pinctrl/pinctrl-rza2.c | 2
drivers/power/supply/max77693_charger.c | 2
drivers/powercap/powercap_sys.c | 3
drivers/s390/cio/chp.c | 3
drivers/scsi/qla1280.c | 2
drivers/thermal/intel/int340x_thermal/int3402_thermal.c | 3
drivers/tty/serial/8250/8250_dma.c | 2
drivers/tty/serial/8250/8250_pci.c | 16 +
drivers/usb/serial/ftdi_sio.c | 14 +
drivers/usb/serial/ftdi_sio_ids.h | 13 +
drivers/usb/serial/option.c | 48 +++--
drivers/video/console/Kconfig | 2
drivers/video/fbdev/au1100fb.c | 4
drivers/video/fbdev/sm501fb.c | 7
fs/affs/file.c | 9
fs/fuse/dir.c | 2
fs/isofs/dir.c | 3
fs/jfs/jfs_dtree.c | 3
fs/jfs/xattr.c | 15 +
fs/namei.c | 24 +-
fs/ocfs2/alloc.c | 8
fs/proc/base.c | 2
include/linux/fs.h | 2
include/linux/i8253.h | 1
include/linux/interrupt.h | 8
include/linux/netpoll.h | 10 -
include/linux/sched/smt.h | 2
kernel/events/ring_buffer.c | 2
kernel/kexec_elf.c | 2
kernel/locking/semaphore.c | 13 -
kernel/sched/deadline.c | 2
kernel/time/hrtimer.c | 22 +-
kernel/trace/bpf_trace.c | 2
kernel/trace/ring_buffer.c | 4
kernel/trace/trace_functions_graph.c | 1
kernel/trace/trace_irqsoff.c | 2
kernel/trace/trace_sched_wakeup.c | 2
lib/842/842_compress.c | 2
net/8021q/vlan_netlink.c | 10 -
net/atm/lec.c | 3
net/atm/mpc.c | 2
net/batman-adv/bat_iv_ogm.c | 3
net/batman-adv/bat_v_ogm.c | 3
net/bluetooth/6lowpan.c | 7
net/can/af_can.c | 12 -
net/can/af_can.h | 12 -
net/can/proc.c | 46 ++--
net/core/neighbour.c | 1
net/core/netpoll.c | 38 +++
net/ipv6/addrconf.c | 37 ++-
net/ipv6/calipso.c | 21 +-
net/ipv6/netfilter/nf_socket_ipv6.c | 23 ++
net/ipv6/route.c | 5
net/netfilter/ipvs/ip_vs_ctl.c | 8
net/netfilter/nf_conncount.c | 2
net/netfilter/nft_exthdr.c | 10 -
net/sched/sch_api.c | 6
net/sched/sch_skbprio.c | 3
net/sctp/stream.c | 2
net/sctp/sysctl.c | 6
net/vmw_vsock/af_vsock.c | 6
net/xfrm/xfrm_output.c | 2
scripts/selinux/install_policy.sh | 15 -
sound/pci/hda/patch_realtek.c | 6
sound/soc/codecs/wm0010.c | 13 +
sound/soc/sh/rcar/core.c | 14 -
sound/soc/sh/rcar/rsnd.h | 1
sound/soc/sh/rcar/src.c | 18 +
sound/usb/mixer_quirks.c | 51 +++++
tools/perf/util/python.c | 13 +
tools/perf/util/units.c | 2
148 files changed, 1002 insertions(+), 535 deletions(-)
Al Viro (2):
spufs: fix a leak on spufs_new_file() failure
spufs: fix a leak in spufs_create_context()
Alex Hung (1):
drm/amd/display: Assign normalized_pix_clk when color depth = 14
Alexey Kashavkin (1):
netfilter: nft_exthdr: fix offset with ipv4_find_option()
Andreas Kemnade (1):
i2c: omap: fix IRQ storms
Andy Shevchenko (1):
hrtimers: Mark is_migration_base() with __always_inline
AngeloGioacchino Del Regno (1):
drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
Arnaldo Carvalho de Melo (4):
perf units: Fix insufficient array space
perf python: Fixup description of sample.id event member
perf python: Decrement the refcount of just created event on failure
perf python: Check if there is space to copy all the event
Arnd Bergmann (3):
x86/irq: Define trace events conditionally
x86/platform: Only allow CONFIG_EISA for 32-bit
mdacon: rework dependency list
Artur Weber (2):
pinctrl: bcm281xx: Fix incorrect regmap max_registers value
power: supply: max77693: Fix wrong conversion of charge input threshold value
Bart Van Assche (1):
fs/procfs: fix the comment above proc_pid_wchan()
Benjamin Berg (1):
x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()
Boon Khai Ng (1):
USB: serial: ftdi_sio: add support for Altera USB Blaster 3
Breno Leitao (1):
netpoll: hold rcu read lock in __netpoll_send_skb()
Cameron Williams (1):
tty: serial: 8250: Add some more device IDs
Carolina Jubran (1):
net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
Chengen Du (1):
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
Chenyuan Yang (1):
thermal: int340x: Add NULL check for adev
Chia-Lin Kao (AceLan) (1):
HID: ignore non-functional sensor in HP 5MP Camera
Christophe JAILLET (4):
ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
i2c: ali1535: Fix an error handling path in ali1535_probe()
i2c: ali15x3: Fix an error handling path in ali15x3_probe()
i2c: sis630: Fix an error handling path in sis630_probe()
Cong Wang (2):
net_sched: Prevent creation of classes with TC_H_ROOT
net_sched: skbprio: Remove overly strict queue assertions
Cosmin Ratiu (1):
xfrm_output: Force software GSO only in tunnel mode
Dan Carpenter (4):
ipvs: prevent integer overflow in do_ip_vs_get_ctl()
Bluetooth: Fix error code in chan_alloc_skb_cb()
net: atm: fix use after free in lec_send()
PCI: Remove stray put_device() in pci_register_host_bridge()
Daniel Stodden (1):
PCI/ASPM: Fix link state exit during switch upstream function removal
Daniel Wagner (2):
nvme-fc: go straight to connecting state when initializing
nvme: only allow entering LIVE from CONNECTING state
Danila Chernetsov (1):
fbdev: sm501fb: Add some geometry checks.
David Oberhollenzer (1):
net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
David Woodhouse (1):
clockevents/drivers/i8253: Fix stop sequence for timer 0
Davidlohr Bueso (1):
drivers/hv: Replace binary semaphore with mutex
Debin Zhu (1):
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
Dominique Martinet (1):
net: usb: usbnet: restore usb%d name exception for local mac addresses
Eric Dumazet (4):
vlan: fix memory leak in vlan_newlink()
netpoll: remove dev argument from netpoll_send_skb_on_dev()
netpoll: move netpoll_send_skb() out of line
netpoll: netpoll_send_skb() returns transmit status
Fabio Porcedda (4):
USB: serial: option: add Telit Cinterion FE990B compositions
USB: serial: option: fix Telit Cinterion FE990A name
net: usb: qmi_wwan: add Telit Cinterion FN990B composition
net: usb: qmi_wwan: add Telit Cinterion FE990B composition
Fabrice Gasnier (1):
counter: stm32-lptimer-cnt: fix error handling when enabling
Fabrizio Castro (1):
pinctrl: renesas: rza2: Fix missing of_node_put() call
Feng Tang (1):
PCI/portdrv: Only disable pciehp interrupts early when needed
Feng Yang (1):
ring-buffer: Fix bytes_dropped calculation issue
Fernando Fernandez Mancera (1):
ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
Florent Revest (1):
x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
Gannon Kolding (1):
ACPI: resource: IRQ override for Eluktronics MECH-17
Geert Uytterhoeven (1):
ARM: shmobile: smp: Enforce shmobile_smp_* alignment
Geetha sowjanya (1):
octeontx2-af: Fix mbox INTR handler when num VFs > 64
Greg Kroah-Hartman (1):
Linux 5.4.292
Gu Bowen (1):
mmc: atmel-mci: Add missing clk_disable_unprepare()
Guilherme G. Piccoli (1):
x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
Haibo Chen (1):
can: flexcan: only change CAN state when link up in system PM
Haoxiang Li (1):
qlcnic: fix memory leak issues in qlcnic_sriov_common.c
Henry Martin (1):
arcnet: Add NULL check in com20020pci_probe()
Hou Tao (1):
bpf: Use preempt_count() directly in bpf_send_signal_common()
Ilkka Koskinen (1):
coresight: catu: Fix number of pages while using 64k pages
Ilpo Järvinen (1):
PCI: pciehp: Don't enable HPIE when resuming in poll mode
Ivan Abramov (1):
drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
Jann Horn (3):
x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Jerome Brunet (4):
clk: amlogic: gxbb: drop incorrect flag on 32k clock
clk: amlogic: g12b: fix cluster A parent data
clk: amlogic: gxbb: drop non existing 32k clock parent
clk: amlogic: g12a: fix mmc A peripheral clock
Jie Zhan (1):
cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
Joe Hattori (2):
powercap: call put_device() on an error path in powercap_register_control_type()
firmware: imx-scu: fix OF node leak in .probe()
Johan Hovold (1):
USB: serial: option: match on interface class for Telit FN990B
Johannes Berg (1):
wifi: iwlwifi: fw: allocate chained SG tables for dump
John Keeping (1):
serial: 8250_dma: terminate correct DMA in tx_dma_flush()
Jonathan Cameron (1):
iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
Josh Poimboeuf (2):
objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
sched/smt: Always inline sched_smt_active()
Junxian Huang (1):
RDMA/hns: Fix wrong value of max_sge_rd
Karel Balej (1):
mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
Kees Cook (2):
ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
Kohei Enju (1):
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
Kuninori Morimoto (1):
ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
Kuniyuki Iwashima (2):
ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
Lin Ma (1):
net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
Luo Qiu (1):
memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
Magali Lemes (2):
Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy"
Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy"
Magnus Lindholm (1):
scsi: qla1280: Fix kernel oops when debug level > 2
Maher Sanalla (1):
IB/mad: Check available slots before posting receive WRs
Markus Elfring (2):
fbdev: au1100fb: Move a variable assignment behind a null pointer check
ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
Matthieu Baerts (NGI0) (2):
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
sctp: sysctl: auth_enable: avoid using current->nsproxy
Maxim Mikityanskiy (1):
netfilter: socket: Lookup orig tuple for IPv6 SNAT
Maíra Canal (1):
drm/v3d: Don't run jobs that have errors flagged in its fence
Michael Kelley (1):
Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
Mike Rapoport (Microsoft) (1):
x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
Miklos Szeredi (1):
fuse: don't truncate cached, mutated symlink
Ming Lei (1):
block: fix 'kmem_cache of name 'bio-108' already exists'
Minjoong Kim (1):
atm: Fix NULL pointer dereference
Nikita Shubin (1):
ntb: intel: Fix using link status DB's
Nikita Zhandarovich (2):
drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
mfd: sm501: Switch to BIT() to mitigate integer overflows
Oleg Nesterov (1):
sched/isolation: Prevent boot crash when the boot CPU is nohz_full
Oliver Hartkopp (1):
can: statistics: use atomic access in hot path
Patrisious Haddad (1):
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
Paul Menzel (1):
ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
Peter Geis (1):
clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
Peter Oberparleiter (1):
s390/cio: Fix CHPID "configure" attribute caching
Qasim Ijaz (2):
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
jfs: fix slab-out-of-bounds read in ea_get()
Qiuxu Zhuo (3):
EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
EDAC/ie31200: Fix the DIMM size mask for several SoCs
EDAC/ie31200: Fix the error path order of ie31200_init()
Rafael J. Wysocki (1):
PM: sleep: Fix handling devices with direct_complete set on errors
Roman Smirnov (1):
jfs: add index corruption check to DT_GETPAGE()
Ruozhu Li (1):
nvmet-rdma: recheck queue state is LIVE in state lock in recv done
Saravanan Vajravel (1):
RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
Sebastian Andrzej Siewior (1):
lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
Shrikanth Hegde (1):
sched/deadline: Use online cpus for validating runtime
Simon Tatham (2):
affs: generate OFS sequence numbers starting at 1
affs: don't write overlarge OFS data block size fields
Sourabh Jain (1):
kexec: initialize ELF lowest address to ULONG_MAX
Stefano Garzarella (1):
vsock: avoid timeout during connect() if the socket is closing
Sven Eckelmann (1):
batman-adv: Ignore own maximum aggregation size during RX
Takashi Iwai (1):
ALSA: hda/realtek: Always honor no_shutup_pins
Tanya Agarwal (1):
lib: 842: Improve error handling in sw842_compress()
Tao Chen (1):
perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
Tasos Sahanidis (1):
hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
Tengda Wu (1):
tracing: Fix use-after-free in print_graph_function_flags during tracer switching
Terry Junge (2):
ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
HID: hid-plantronics: Add mic mute mapping and generalize quirks
Thomas Zimmermann (1):
drm/nouveau: Do not override forced connector status
Tim Schumacher (1):
selinux: Chain up tool resolving errors in install_policy.sh
Vasiliy Kovalev (1):
ocfs2: validate l_tree_depth to avoid out-of-bounds access
Ville Syrjälä (1):
drm/atomic: Filter out redundant DPMS calls
Waiman Long (1):
locking/semaphore: Use wake_q to wake up processes outside lock critical section
Yajun Deng (1):
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
Yanjun Yang (1):
ARM: Remove address checking for MMUless devices
Yu-Chun Lin (1):
sctp: Fix undefined behavior in left shift operation
Yunjian Wang (1):
netpoll: Fix use correct return type for ndo_start_xmit()
Zhang Lixu (1):
HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
5 months, 2 weeks
- 1
- 1