- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 17ec2f965344ee3fd6620bef7ef68792f4ac3af0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081205-resurface-filler-e78b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 17ec2f965344ee3fd6620bef7ef68792f4ac3af0 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Tue, 10 Jun 2025 16:20:06 -0700 Subject: [PATCH] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported Let the guest set DEBUGCTL.RTM_DEBUG if RTM is supported according to the guest CPUID model, as debug support is supposed to be available if RTM is supported, and there are no known downsides to letting the guest debug RTM aborts. Note, there are no known bug reports related to RTM_DEBUG, the primary motivation is to reduce the probability of breaking existing guests when a future change adds a missing consistency check on vmcs12.GUEST_DEBUGCTL (KVM currently lets L2 run with whatever hardware supports; whoops). Note #2, KVM already emulates DR6.RTM, and doesn't restrict access to DR7.RTM. Fixes: 83c529151ab0 ("KVM: x86: expose Intel cpu new features (HLE, RTM) to guest") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250610232010.162191-5-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index b7dded3c8113..fa878b136eba 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -419,6 +419,7 @@ #define DEBUGCTLMSR_FREEZE_PERFMON_ON_PMI (1UL << 12) #define DEBUGCTLMSR_FREEZE_IN_SMM_BIT 14 #define DEBUGCTLMSR_FREEZE_IN_SMM (1UL << DEBUGCTLMSR_FREEZE_IN_SMM_BIT) +#define DEBUGCTLMSR_RTM_DEBUG BIT(15) #define MSR_PEBS_FRONTEND 0x000003f7 diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 4ee6cc796855..311f6fa53b67 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -2186,6 +2186,10 @@ static u64 vmx_get_supported_debugctl(struct kvm_vcpu *vcpu, bool host_initiated (host_initiated || intel_pmu_lbr_is_enabled(vcpu))) debugctl |= DEBUGCTLMSR_LBR | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI; + if (boot_cpu_has(X86_FEATURE_RTM) && + (host_initiated || guest_cpu_cap_has(vcpu, X86_FEATURE_RTM))) + debugctl |= DEBUGCTLMSR_RTM_DEBUG; + return debugctl; }

2 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x 80c64c7afea1da6a93ebe88d3d29d8a60377ef80 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081242-polygon-exploring-2a87@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 80c64c7afea1da6a93ebe88d3d29d8a60377ef80 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Tue, 10 Jun 2025 16:20:05 -0700 Subject: [PATCH] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag Instruct vendor code to load the guest's DR6 into hardware via a new KVM_RUN flag, and remove kvm_x86_ops.set_dr6(), whose sole purpose was to load vcpu->arch.dr6 into hardware when DR6 can be read/written directly by the guest. Note, TDX already WARNs on any run_flag being set, i.e. will yell if KVM thinks DR6 needs to be reloaded. TDX vCPUs force KVM_DEBUGREG_AUTO_SWITCH and never clear the flag, i.e. should never observe KVM_RUN_LOAD_GUEST_DR6. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250610232010.162191-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 8d50e3e0a19b..9e0c37ea267e 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -49,7 +49,6 @@ KVM_X86_OP(set_idt) KVM_X86_OP(get_gdt) KVM_X86_OP(set_gdt) KVM_X86_OP(sync_dirty_debug_regs) -KVM_X86_OP(set_dr6) KVM_X86_OP(set_dr7) KVM_X86_OP(cache_reg) KVM_X86_OP(get_rflags) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 8d81684fa15d..4f7ee2dbf10e 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1676,6 +1676,7 @@ static inline u16 kvm_lapic_irq_dest_mode(bool dest_mode_logical) enum kvm_x86_run_flags { KVM_RUN_FORCE_IMMEDIATE_EXIT = BIT(0), + KVM_RUN_LOAD_GUEST_DR6 = BIT(1), }; struct kvm_x86_ops { @@ -1728,7 +1729,6 @@ struct kvm_x86_ops { void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu); - void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value); void (*set_dr7)(struct kvm_vcpu *vcpu, unsigned long value); void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg); unsigned long (*get_rflags)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 83d1b62130b1..be8c43049f4d 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4438,10 +4438,13 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, u64 run_flags) svm_hv_update_vp_id(svm->vmcb, vcpu); /* - * Run with all-zero DR6 unless needed, so that we can get the exact cause - * of a #DB. + * Run with all-zero DR6 unless the guest can write DR6 freely, so that + * KVM can get the exact cause of a #DB. Note, loading guest DR6 from + * KVM's snapshot is only necessary when DR accesses won't exit. */ - if (likely(!(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))) + if (unlikely(run_flags & KVM_RUN_LOAD_GUEST_DR6)) + svm_set_dr6(vcpu, vcpu->arch.dr6); + else if (likely(!(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))) svm_set_dr6(vcpu, DR6_ACTIVE_LOW); clgi(); @@ -5252,7 +5255,6 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .set_idt = svm_set_idt, .get_gdt = svm_get_gdt, .set_gdt = svm_set_gdt, - .set_dr6 = svm_set_dr6, .set_dr7 = svm_set_dr7, .sync_dirty_debug_regs = svm_sync_dirty_debug_regs, .cache_reg = svm_cache_reg, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index fef3e3803707..c85cbce6d2f6 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -489,14 +489,6 @@ static void vt_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt) vmx_set_gdt(vcpu, dt); } -static void vt_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) -{ - if (is_td_vcpu(vcpu)) - return; - - vmx_set_dr6(vcpu, val); -} - static void vt_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) { if (is_td_vcpu(vcpu)) @@ -943,7 +935,6 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .set_idt = vt_op(set_idt), .get_gdt = vt_op(get_gdt), .set_gdt = vt_op(set_gdt), - .set_dr6 = vt_op(set_dr6), .set_dr7 = vt_op(set_dr7), .sync_dirty_debug_regs = vt_op(sync_dirty_debug_regs), .cache_reg = vt_op(cache_reg), diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a61a28944de6..4ee6cc796855 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5606,12 +5606,6 @@ void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) set_debugreg(DR6_RESERVED, 6); } -void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) -{ - lockdep_assert_irqs_disabled(); - set_debugreg(vcpu->arch.dr6, 6); -} - void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) { vmcs_writel(GUEST_DR7, val); @@ -7370,6 +7364,9 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, u64 run_flags) vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); vcpu->arch.regs_dirty = 0; + if (run_flags & KVM_RUN_LOAD_GUEST_DR6) + set_debugreg(vcpu->arch.dr6, 6); + /* * Refresh vmcs.HOST_CR3 if necessary. This must be done immediately * prior to VM-Enter, as the kernel may load a new ASID (PCID) any time diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 07ff02eed399..7fe3549bbd93 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11046,7 +11046,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(vcpu->arch.eff_db[3], 3); /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); + run_flags |= KVM_RUN_LOAD_GUEST_DR6; } else if (unlikely(hw_breakpoint_active())) { set_debugreg(0, 7); }

2 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] net: usbnet: Fix the wrong netif_carrier_on() call" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8466d393700f9ccef68134d3349f4e0a087679b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081206-rejoicing-democrat-be9e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8466d393700f9ccef68134d3349f4e0a087679b9 Mon Sep 17 00:00:00 2001 From: Ammar Faizi <ammarfaizi2(a)gnuweeb.org> Date: Wed, 6 Aug 2025 07:31:05 +0700 Subject: [PATCH] net: usbnet: Fix the wrong netif_carrier_on() call The commit referenced in the Fixes tag causes usbnet to malfunction (identified via git bisect). Post-commit, my external RJ45 LAN cable fails to connect. Linus also reported the same issue after pulling that commit. The code has a logic error: netif_carrier_on() is only called when the link is already on. Fix this by moving the netif_carrier_on() call outside the if-statement entirely. This ensures it is always called when EVENT_LINK_CARRIER_ON is set and properly clears it regardless of the link state. Cc: stable(a)vger.kernel.org Cc: Armando Budianto <sprite(a)gnuweeb.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/all/CAHk-=wjqL4uF0MG_c8+xHX1Vv8==sPYQrtzbdA3kzi9628… Closes: https://lore.kernel.org/netdev/CAHk-=wjKh8X4PT_mU1kD4GQrbjivMfPn-_hXa6han_B… Closes: https://lore.kernel.org/netdev/0752dee6-43d6-4e1f-81d2-4248142cccd2@gnuweeb… Fixes: 0d9cfc9b8cb1 ("net: usbnet: Avoid potential RCU stall on LINK_CHANGE event") Signed-off-by: Ammar Faizi <ammarfaizi2(a)gnuweeb.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index a38ffbf4b3f0..511c4154cf74 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -1120,6 +1120,9 @@ static void __handle_link_change(struct usbnet *dev) if (!test_bit(EVENT_DEV_OPEN, &dev->flags)) return; + if (test_and_clear_bit(EVENT_LINK_CARRIER_ON, &dev->flags)) + netif_carrier_on(dev->net); + if (!netif_carrier_ok(dev->net)) { /* kill URBs for reading packets to save bus bandwidth */ unlink_urbs(dev, &dev->rxq); @@ -1129,9 +1132,6 @@ static void __handle_link_change(struct usbnet *dev) * tx queue is stopped by netcore after link becomes off */ } else { - if (test_and_clear_bit(EVENT_LINK_CARRIER_ON, &dev->flags)) - netif_carrier_on(dev->net); - /* submitting URBs for reading packets */ queue_work(system_bh_wq, &dev->bh_work); }

2 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] net: usbnet: Fix the wrong netif_carrier_on() call" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8466d393700f9ccef68134d3349f4e0a087679b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081204-broken-atlas-ad4f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8466d393700f9ccef68134d3349f4e0a087679b9 Mon Sep 17 00:00:00 2001 From: Ammar Faizi <ammarfaizi2(a)gnuweeb.org> Date: Wed, 6 Aug 2025 07:31:05 +0700 Subject: [PATCH] net: usbnet: Fix the wrong netif_carrier_on() call The commit referenced in the Fixes tag causes usbnet to malfunction (identified via git bisect). Post-commit, my external RJ45 LAN cable fails to connect. Linus also reported the same issue after pulling that commit. The code has a logic error: netif_carrier_on() is only called when the link is already on. Fix this by moving the netif_carrier_on() call outside the if-statement entirely. This ensures it is always called when EVENT_LINK_CARRIER_ON is set and properly clears it regardless of the link state. Cc: stable(a)vger.kernel.org Cc: Armando Budianto <sprite(a)gnuweeb.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/all/CAHk-=wjqL4uF0MG_c8+xHX1Vv8==sPYQrtzbdA3kzi9628… Closes: https://lore.kernel.org/netdev/CAHk-=wjKh8X4PT_mU1kD4GQrbjivMfPn-_hXa6han_B… Closes: https://lore.kernel.org/netdev/0752dee6-43d6-4e1f-81d2-4248142cccd2@gnuweeb… Fixes: 0d9cfc9b8cb1 ("net: usbnet: Avoid potential RCU stall on LINK_CHANGE event") Signed-off-by: Ammar Faizi <ammarfaizi2(a)gnuweeb.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index a38ffbf4b3f0..511c4154cf74 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -1120,6 +1120,9 @@ static void __handle_link_change(struct usbnet *dev) if (!test_bit(EVENT_DEV_OPEN, &dev->flags)) return; + if (test_and_clear_bit(EVENT_LINK_CARRIER_ON, &dev->flags)) + netif_carrier_on(dev->net); + if (!netif_carrier_ok(dev->net)) { /* kill URBs for reading packets to save bus bandwidth */ unlink_urbs(dev, &dev->rxq); @@ -1129,9 +1132,6 @@ static void __handle_link_change(struct usbnet *dev) * tx queue is stopped by netcore after link becomes off */ } else { - if (test_and_clear_bit(EVENT_LINK_CARRIER_ON, &dev->flags)) - netif_carrier_on(dev->net); - /* submitting URBs for reading packets */ queue_work(system_bh_wq, &dev->bh_work); }

2 weeks, 1 day

1
0
0 0

[PATCH rdma-next 1/1] RDMA/core: Fix socket leak in rdma_dev_init_net

by Håkon Bugge

If rdma_dev_init_net() has an early return because the supplied net is the default init_net, we need to call rdma_nl_net_exit() before returning. Fixes: 4e0f7b907072 ("RDMA/core: Implement compat device/sysfs tree in net namespace") Cc: stable(a)vger.kernel.org Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com> --- drivers/infiniband/core/device.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c index 3145cb34a1d20..ec5642e70c5db 100644 --- a/drivers/infiniband/core/device.c +++ b/drivers/infiniband/core/device.c @@ -1203,8 +1203,10 @@ static __net_init int rdma_dev_init_net(struct net *net) return ret; /* No need to create any compat devices in default init_net. */ - if (net_eq(net, &init_net)) + if (net_eq(net, &init_net)) { + rdma_nl_net_exit(rnet); return 0; + } ret = xa_alloc(&rdma_nets, &rnet->id, rnet, xa_limit_32b, GFP_KERNEL); if (ret) { -- 2.43.5

2 weeks, 1 day

3
2
0 0

[PATCH v2 RESEND] HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()

by Qasim Ijaz

A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_report_fixup() attempts to patch byte offset 607 of the descriptor with 0x25 by first checking if byte offset 607 is 0x15 however it lacks bounds checks to verify if the descriptor is big enough before conducting this check. Fix this bug by ensuring the descriptor size is at least 608 bytes before accessing it. Below is the KASAN splat after the out of bounds access happens: [ 13.671954] ================================================================== [ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110 [ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10 [ 13.673297] [ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3 [ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04 [ 13.673297] Call Trace: [ 13.673297] <TASK> [ 13.673297] dump_stack_lvl+0x5f/0x80 [ 13.673297] print_report+0xd1/0x660 [ 13.673297] kasan_report+0xe5/0x120 [ 13.673297] __asan_report_load1_noabort+0x18/0x20 [ 13.673297] mt_report_fixup+0x103/0x110 [ 13.673297] hid_open_report+0x1ef/0x810 [ 13.673297] mt_probe+0x422/0x960 [ 13.673297] hid_device_probe+0x2e2/0x6f0 [ 13.673297] really_probe+0x1c6/0x6b0 [ 13.673297] __driver_probe_device+0x24f/0x310 [ 13.673297] driver_probe_device+0x4e/0x220 [ 13.673297] __device_attach_driver+0x169/0x320 [ 13.673297] bus_for_each_drv+0x11d/0x1b0 [ 13.673297] __device_attach+0x1b8/0x3e0 [ 13.673297] device_initial_probe+0x12/0x20 [ 13.673297] bus_probe_device+0x13d/0x180 [ 13.673297] device_add+0xe3a/0x1670 [ 13.673297] hid_add_device+0x31d/0xa40 [...] Fixes: c8000deb6836 ("HID: multitouch: Add support for GT7868Q") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> Reviewed-by: Jiri Slaby <jirislaby(a)kernel.org> --- v2: - Simplify fix with a if-size check after discussion with Jiri Slaby - Change explanation of bug to reflect inclusion of a if-size check drivers/hid/hid-multitouch.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 294516a8f541..22c6314a8843 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -1503,6 +1503,14 @@ static const __u8 *mt_report_fixup(struct hid_device *hdev, __u8 *rdesc, if (hdev->vendor == I2C_VENDOR_ID_GOODIX && (hdev->product == I2C_DEVICE_ID_GOODIX_01E8 || hdev->product == I2C_DEVICE_ID_GOODIX_01E9)) { + if (*size < 608) { + dev_info( + &hdev->dev, + "GT7868Q fixup: report descriptor is only %u bytes, skipping\n", + *size); + return rdesc; + } + if (rdesc[607] == 0x15) { rdesc[607] = 0x25; dev_info( -- 2.39.5

2 weeks, 1 day

2
3
0 0

[PATCH stable-queue] scripts/quilt-mail: add my email address to the 0th mail CC list

by Achill Gilgenast

Now that I have a proper email address, add me to the CC list so I don't have to subscribe to <stable(a)vger.kernel.org> only to get this mail. Signed-off-by: Achill Gilgenast <achill(a)achill.org> --- scripts/quilt-mail | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/quilt-mail b/scripts/quilt-mail index e0df3d935f..531d9fafb9 100755 --- a/scripts/quilt-mail +++ b/scripts/quilt-mail @@ -181,7 +181,8 @@ CC_NAMES=("linux-kernel(a)vger\.kernel\.org" "rwarsow(a)gmx\.de" "conor(a)kernel\.org" "hargar(a)microsoft\.com" - "broonie(a)kernel\.org") + "broonie(a)kernel\.org" + "achill(a)achill\.org") #CC_LIST="stable(a)vger\.kernel\.org" CC_LIST="patches(a)lists.linux.dev" -- 2.50.1

2 weeks, 1 day

2
1
0 0

[PATCH v1 1/2] Revert "gpio: mlxbf3: only get IRQ for device instance 0"

by David Thompson

This reverts commit 10af0273a35ab4513ca1546644b8c853044da134. While this change was merged, it is not the preferred solution. During review of a similar change to the gpio-mlxbf2 driver, the use of "platform_get_irq_optional" was identified as the preferred solution, so let's use it for gpio-mlxbf3 driver as well. Cc: stable(a)vger.kernel.org Fixes: 10af0273a35a ("gpio: mlxbf3: only get IRQ for device instance 0") Signed-off-by: David Thompson <davthompson(a)nvidia.com> --- drivers/gpio/gpio-mlxbf3.c | 54 ++++++++++++++------------------------ 1 file changed, 19 insertions(+), 35 deletions(-) diff --git a/drivers/gpio/gpio-mlxbf3.c b/drivers/gpio/gpio-mlxbf3.c index 9875e34bde72..10ea71273c89 100644 --- a/drivers/gpio/gpio-mlxbf3.c +++ b/drivers/gpio/gpio-mlxbf3.c @@ -190,9 +190,7 @@ static int mlxbf3_gpio_probe(struct platform_device *pdev) struct mlxbf3_gpio_context *gs; struct gpio_irq_chip *girq; struct gpio_chip *gc; - char *colon_ptr; int ret, irq; - long num; gs = devm_kzalloc(dev, sizeof(*gs), GFP_KERNEL); if (!gs) @@ -229,39 +227,25 @@ static int mlxbf3_gpio_probe(struct platform_device *pdev) gc->owner = THIS_MODULE; gc->add_pin_ranges = mlxbf3_gpio_add_pin_ranges; - colon_ptr = strchr(dev_name(dev), ':'); - if (!colon_ptr) { - dev_err(dev, "invalid device name format\n"); - return -EINVAL; - } - - ret = kstrtol(++colon_ptr, 16, &num); - if (ret) { - dev_err(dev, "invalid device instance\n"); - return ret; - } - - if (!num) { - irq = platform_get_irq(pdev, 0); - if (irq >= 0) { - girq = &gs->gc.irq; - gpio_irq_chip_set_chip(girq, &gpio_mlxbf3_irqchip); - girq->default_type = IRQ_TYPE_NONE; - /* This will let us handle the parent IRQ in the driver */ - girq->num_parents = 0; - girq->parents = NULL; - girq->parent_handler = NULL; - girq->handler = handle_bad_irq; - - /* - * Directly request the irq here instead of passing - * a flow-handler because the irq is shared. - */ - ret = devm_request_irq(dev, irq, mlxbf3_gpio_irq_handler, - IRQF_SHARED, dev_name(dev), gs); - if (ret) - return dev_err_probe(dev, ret, "failed to request IRQ"); - } + irq = platform_get_irq(pdev, 0); + if (irq >= 0) { + girq = &gs->gc.irq; + gpio_irq_chip_set_chip(girq, &gpio_mlxbf3_irqchip); + girq->default_type = IRQ_TYPE_NONE; + /* This will let us handle the parent IRQ in the driver */ + girq->num_parents = 0; + girq->parents = NULL; + girq->parent_handler = NULL; + girq->handler = handle_bad_irq; + + /* + * Directly request the irq here instead of passing + * a flow-handler because the irq is shared. + */ + ret = devm_request_irq(dev, irq, mlxbf3_gpio_irq_handler, + IRQF_SHARED, dev_name(dev), gs); + if (ret) + return dev_err_probe(dev, ret, "failed to request IRQ"); } platform_set_drvdata(pdev, gs); -- 2.43.2

2 weeks, 1 day

2
1
0 0

[PATCH v2 2/2] gpio: mlxbf3: use platform_get_irq_optional()

by David Thompson

The gpio-mlxbf3 driver interfaces with two GPIO controllers, device instance 0 and 1. There is a single IRQ resource shared between the two controllers, and it is found in the ACPI table for device instance 0. The driver should not use platform_get_irq(), otherwise this error is logged when probing instance 1: mlxbf3_gpio MLNXBF33:01: error -ENXIO: IRQ index 0 not found Cc: stable(a)vger.kernel.org Fixes: cd33f216d241 ("gpio: mlxbf3: Add gpio driver support") Signed-off-by: David Thompson <davthompson(a)nvidia.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> --- drivers/gpio/gpio-mlxbf3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-mlxbf3.c b/drivers/gpio/gpio-mlxbf3.c index 10ea71273c89..ed29b07d16c1 100644 --- a/drivers/gpio/gpio-mlxbf3.c +++ b/drivers/gpio/gpio-mlxbf3.c @@ -227,7 +227,7 @@ static int mlxbf3_gpio_probe(struct platform_device *pdev) gc->owner = THIS_MODULE; gc->add_pin_ranges = mlxbf3_gpio_add_pin_ranges; - irq = platform_get_irq(pdev, 0); + irq = platform_get_irq_optional(pdev, 0); if (irq >= 0) { girq = &gs->gc.irq; gpio_irq_chip_set_chip(girq, &gpio_mlxbf3_irqchip); -- 2.43.2

2 weeks, 1 day

1
0
0 0

[PATCH v2 1/2] Revert "gpio: mlxbf3: only get IRQ for device instance 0"

by David Thompson

This reverts commit 10af0273a35ab4513ca1546644b8c853044da134. While this change was merged, it is not the preferred solution. During review of a similar change to the gpio-mlxbf2 driver, the use of "platform_get_irq_optional" was identified as the preferred solution, so let's use it for gpio-mlxbf3 driver as well. Cc: stable(a)vger.kernel.org Fixes: 10af0273a35a ("gpio: mlxbf3: only get IRQ for device instance 0") Signed-off-by: David Thompson <davthompson(a)nvidia.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> --- drivers/gpio/gpio-mlxbf3.c | 54 ++++++++++++++------------------------ 1 file changed, 19 insertions(+), 35 deletions(-) diff --git a/drivers/gpio/gpio-mlxbf3.c b/drivers/gpio/gpio-mlxbf3.c index 9875e34bde72..10ea71273c89 100644 --- a/drivers/gpio/gpio-mlxbf3.c +++ b/drivers/gpio/gpio-mlxbf3.c @@ -190,9 +190,7 @@ static int mlxbf3_gpio_probe(struct platform_device *pdev) struct mlxbf3_gpio_context *gs; struct gpio_irq_chip *girq; struct gpio_chip *gc; - char *colon_ptr; int ret, irq; - long num; gs = devm_kzalloc(dev, sizeof(*gs), GFP_KERNEL); if (!gs) @@ -229,39 +227,25 @@ static int mlxbf3_gpio_probe(struct platform_device *pdev) gc->owner = THIS_MODULE; gc->add_pin_ranges = mlxbf3_gpio_add_pin_ranges; - colon_ptr = strchr(dev_name(dev), ':'); - if (!colon_ptr) { - dev_err(dev, "invalid device name format\n"); - return -EINVAL; - } - - ret = kstrtol(++colon_ptr, 16, &num); - if (ret) { - dev_err(dev, "invalid device instance\n"); - return ret; - } - - if (!num) { - irq = platform_get_irq(pdev, 0); - if (irq >= 0) { - girq = &gs->gc.irq; - gpio_irq_chip_set_chip(girq, &gpio_mlxbf3_irqchip); - girq->default_type = IRQ_TYPE_NONE; - /* This will let us handle the parent IRQ in the driver */ - girq->num_parents = 0; - girq->parents = NULL; - girq->parent_handler = NULL; - girq->handler = handle_bad_irq; - - /* - * Directly request the irq here instead of passing - * a flow-handler because the irq is shared. - */ - ret = devm_request_irq(dev, irq, mlxbf3_gpio_irq_handler, - IRQF_SHARED, dev_name(dev), gs); - if (ret) - return dev_err_probe(dev, ret, "failed to request IRQ"); - } + irq = platform_get_irq(pdev, 0); + if (irq >= 0) { + girq = &gs->gc.irq; + gpio_irq_chip_set_chip(girq, &gpio_mlxbf3_irqchip); + girq->default_type = IRQ_TYPE_NONE; + /* This will let us handle the parent IRQ in the driver */ + girq->num_parents = 0; + girq->parents = NULL; + girq->parent_handler = NULL; + girq->handler = handle_bad_irq; + + /* + * Directly request the irq here instead of passing + * a flow-handler because the irq is shared. + */ + ret = devm_request_irq(dev, irq, mlxbf3_gpio_irq_handler, + IRQF_SHARED, dev_name(dev), gs); + if (ret) + return dev_err_probe(dev, ret, "failed to request IRQ"); } platform_set_drvdata(pdev, gs); -- 2.43.2

2 weeks, 1 day

1
0
0 0

[PATCH 6.13 000/623] 6.13.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.13.2 release. There are 623 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 07 Feb 2025 13:42:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.13.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.13.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.13.2-rc1 Qu Wenruo <wqu(a)suse.com> btrfs: do proper folio cleanup when run_delalloc_nocow() failed Qu Wenruo <wqu(a)suse.com> btrfs: do proper folio cleanup when cow_file_range() failed Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Change 8 to 14 for LOONGARCH_MAX_{BRP,WRP} Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Ensure callbacks exist before calling them Chen Ridong <chenridong(a)huawei.com> memcg: fix soft lockup in the OOM process Sean Christopherson <seanjc(a)google.com> KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() Aric Cyr <Aric.Cyr(a)amd.com> drm/amd/display: Add hubp cache reset when powergating Nathan Chancellor <nathan(a)kernel.org> s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: da7213: Initialize the mutex Kevin Brodsky <kevin.brodsky(a)arm.com> selftests/mm: build with -O2 Qu Wenruo <wqu(a)suse.com> btrfs: output the reason for open_ctree() failure Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime Shivaprasad G Bhat <sbhat(a)linux.ibm.com> powerpc/pseries/iommu: Don't unset window if it was never set Dan Carpenter <dan.carpenter(a)linaro.org> media: imx-jpeg: Fix potential error pointer dereference in detach_pm() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> staging: media: max96712: fix kernel oops when removing module Melissa Wen <mwen(a)igalia.com> drm/amd/display: restore invalid MSA timing check for freesync Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Don't free command immediately Calvin Owens <calvin(a)wbinvd.org> pps: Fix a use-after-free Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: uvcvideo: Fix double free in error path Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> remoteproc: core: Fix ida_free call while not allocated Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix implicit ODP use after free Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: blackhole only if 1st SYN retrans w/o MPC is accepted Paolo Abeni <pabeni(a)redhat.com> mptcp: handle fastopen disconnect correctly Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only set fullmesh for subflow endp Paolo Abeni <pabeni(a)redhat.com> mptcp: consolidate suboption status Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Do not turn off usb_2 controller GDSC Kyle Tso <kyletso(a)google.com> usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS Jos Wang <joswang(a)lenovo.com> usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE Ray Chi <raychi(a)google.com> usb: dwc3: Skip resume if pm_runtime_set_active() fails Kyle Tso <kyletso(a)google.com> usb: dwc3: core: Defer the probe until USB power supply ready Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: gadget: f_tcm: Fix Get/SetInterface return value Sean Rhodes <sean(a)starlabs.systems> drivers/card_reader/rtsx_usb: Restore interrupt based detection Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix NULL pointer dereference on certain command aborts Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: rtl8150: enable basic endpoint checking Lianqin Hu <hulianqin(a)vivo.com> ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro Darrick J. Wong <djwong(a)kernel.org> xfs: don't shut down the filesystem for media failures beyond end of log Darrick J. Wong <djwong(a)kernel.org> xfs: release the dquot buf outside of qli_lock Darrick J. Wong <djwong(a)kernel.org> xfs: don't over-report free space or inodes in statvfs Long Li <leo.lilong(a)huawei.com> xfs: fix mount hang during primary superblock recovery failure Christoph Hellwig <hch(a)lst.de> xfs: check for dead buffers in xfs_buf_find_insert Ricardo B. Marliere <rbm(a)suse.com> ktest.pl: Check kernelrelease return in get_version Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix to use remount when testing mount GID option Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> selftests/rseq: Fix handling of glibc without rseq support Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject mismatching sum of field_len with set key length Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Reduce thread wake-up rate when receiving large RPC messages" Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: move bitmap_{start, end}write to md upper layer Yu Kuai <yukuai3(a)huawei.com> md/raid5: implement pers->bitmap_sector() Yu Kuai <yukuai3(a)huawei.com> md: add a new callback pers->bitmap_sector() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() Daniel Lee <chullee(a)google.com> f2fs: Introduce linear search for dentries Liam R. Howlett <Liam.Howlett(a)Oracle.com> kernel: be more careful about dup_mmap() failures and uprobe registering Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix Clang LTO with CONFIG_OBJTOOL=n Lin Yujun <linyujun809(a)huawei.com> hexagon: Fix unbalanced spinlock in die() Willem de Bruijn <willemb(a)google.com> hexagon: fix using plain integer as NULL pointer warning in cmpxchg Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix memory leak in sym_warn_unmet_dep() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST Pali Rohár <pali(a)kernel.org> cifs: Fix getting and setting SACLs over SMB1 Pali Rohár <pali(a)kernel.org> cifs: Validate EAs for WSL reparse points Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix forked child affinity regression Daniel Baluta <daniel.baluta(a)nxp.com> ASoC: amd: acp: Fix possible deadlock Jens Axboe <axboe(a)kernel.dk> io_uring/register: use atomic_read/write for sq_flags migration Jens Axboe <axboe(a)kernel.dk> io_uring/uring_cmd: use cached cmd_op in io_uring_cmd_sock() Jens Axboe <axboe(a)kernel.dk> io_uring/msg_ring: don't leave potentially dangling ->tctx pointer Detlev Casanova <detlev.casanova(a)collabora.com> ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Mark riscv_v_init() as __init Torsten Hilbrich <torsten.hilbrich(a)secunet.com> kbuild: Fix signing issue for external modules Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Fix PMT mmaped file size rounding Al Viro <viro(a)zeniv.linux.org.uk> hostfs: fix string handling in __dentry_name() Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is read from *.symref file Masahiro Yamada <masahiroy(a)kernel.org> genksyms: fix memory leak when the same symbol is added from source Eric Dumazet <edumazet(a)google.com> net: hsr: fix fill_frame_info() regression vs VLAN packets Kory Maincent <kory.maincent(a)bootlin.com> net: sh_eth: Fix missing rtnl lock in suspend/resume path Kory Maincent <kory.maincent(a)bootlin.com> net: ravb: Fix missing rtnl lock in suspend/resume path Toke Høiland-Jørgensen <toke(a)redhat.com> net: xdp: Disallow attaching device-bound programs in generic mode Jon Maloy <jmaloy(a)redhat.com> tcp: correct handling of extreme memory squeeze Rafał Miłecki <rafal(a)milecki.pl> bgmac: reduce max frame size to support just MTU 1500 Michal Luczaj <mhal(a)rbox.co> vsock: Allow retrying on connect() failure Michal Luczaj <mhal(a)rbox.co> vsock: Keep the binding until socket destruction Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming Douglas Anderson <dianders(a)chromium.org> Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Synchronize runtime PM status of parents and children Namhyung Kim <namhyung(a)kernel.org> perf test: Skip syscall enum test if no landlock syscall Howard Chu <howardchu95(a)gmail.com> perf trace: Fix runtime error of index out of bounds Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Initialize sclp subsystem via arch_cpu_finalize_init() Cosmin Ratiu <cratiu(a)nvidia.com> bonding: Correctly support GSO ESP offload Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit FIFO size by hardware capability Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> net: stmmac: Limit the number of MTL queues to hardware capability Gal Pressman <gal(a)nvidia.com> ethtool: Fix set RXNFC command with symmetric RSS hash Thomas Weißschuh <linux(a)weissschuh.net> ptp: Properly handle compat ioctls Ian Rogers <irogers(a)google.com> perf annotate: Use an array for the disassembler preference Chenyuan Yang <chenyuan0y(a)gmail.com> net: davicom: fix UAF in dm9000_drv_remove Shigeru Yoshida <syoshida(a)redhat.com> vxlan: Fix uninit-value in vxlan_vnifilter_dump() David Howells <dhowells(a)redhat.com> rxrpc, afs: Fix peer hash locking vs RCU callback Jan Stancek <jstancek(a)redhat.com> selftests: net/{lib,openvswitch}: extend CFLAGS to keep options from environment Jan Stancek <jstancek(a)redhat.com> selftests: mptcp: extend CFLAGS to keep options from environment Jakub Kicinski <kuba(a)kernel.org> net: page_pool: don't try to stash the napi id Jakub Kicinski <kuba(a)kernel.org> tools: ynl: c: correct reverse decode of empty attrs Stanislav Fomichev <sdf(a)fomichev.me> net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq Jakub Kicinski <kuba(a)kernel.org> net: netdevsim: try to close UDP port harness races Eric Dumazet <edumazet(a)google.com> net: rose: fix timer races against user threads Paul Fertser <fercerpav(a)gmail.com> net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling Vasily Gorbik <gor(a)linux.ibm.com> s390/mm: Allow large pages for KASAN shadow mapping Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> iavf: allow changing VLAN state without calling PF Mateusz Polchlopek <mateusz.polchlopek(a)intel.com> ice: remove invalid parameter of equalizer Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: fix ice_parser_rt::bst_key array size Marco Leogrande <leogrande(a)google.com> idpf: convert workqueues to unbound Manoj Vishwanathan <manojvishy(a)google.com> idpf: Acquire the lock before accessing the xn->salt Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix transaction timeouts on reset Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: add read memory barrier when checking descriptor done bit Sebastian Sewior <bigeasy(a)linutronix.de> xfrm: Don't disable preemption while looking up cache state. Howard Chu <howardchu95(a)gmail.com> perf trace: Fix BPF loading failure (-E2BIG) Wentao Liang <vulab(a)iscas.ac.cn> PM: hibernate: Add error handling for syscore_suspend() Eric Dumazet <edumazet(a)google.com> ipmr: do not call mr_mfc_uses_dev() for unres entries Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev(a)gmail.com> net: fec: implement TSO descriptor cleanup Dimitri Fedrau <dima.fedrau(a)gmail.com> net: phy: marvell-88q2xxx: Fix temperature measurement with reset-gpios Ahmad Fatoum <a.fatoum(a)pengutronix.de> gpio: mxc: remove dead code after switch to DT-only Jian Shen <shenjian15(a)huawei.com> net: hns3: fix oops when unload drivers paralleling Christian Marangi <ansuelsmth(a)gmail.com> net: airoha: Fix wrong GDM4 register definition Alexander Stein <alexander.stein(a)ew.tq-group.com> regulator: core: Add missing newline character pangliyuan <pangliyuan1(a)huawei.com> ubifs: skip dumping tnc tree when zroot is null Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: Revert "ubi: wl: Close down wear-leveling before nand is suspended" Ming Wang <wangming01(a)loongson.cn> rtc: loongson: clear TOY_MATCH0_REG in loongson_rtc_isr() Oleksij Rempel <o.rempel(a)pengutronix.de> rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read Dan Carpenter <dan.carpenter(a)linaro.org> rtc: tps6594: Fix integer overflow on 32bit systems Alexandre Cassen <acassen(a)corp.free.fr> xfrm: delete intermediate secpath entry in packet offload mode Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> dmaengine: ti: edma: fix OF node reference leaks in edma_driver Adam Ford <aford173(a)gmail.com> phy: freescale: fsl-samsung-hdmi: Clean up fld_tg_code calculation Florian Westphal <fw(a)strlen.de> xfrm: state: fix out-of-bounds read during lookup Jianbo Liu <jianbol(a)nvidia.com> xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO Luo Yifan <luoyifan(a)cmss.chinamobile.com> tools/bootconfig: Fix the wrong format specifier Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix warnings during S3 suspend Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix COPY_NOTIFY xdr buf size calculation Mike Snitzer <snitzer(a)kernel.org> nfs: fix incorrect error handling in LOCALIO John Ogness <john.ogness(a)linutronix.de> serial: 8250: Adjust the timeout for FIFO mode Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: mips_ejtag_fdc: fix one more u8 warning Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() Christophe Leroy <christophe.leroy(a)csgroup.eu> module: Don't fail module loading when setting ro_after_init section RO failed Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> module: Extend the preempt disabled section in dereference_symbol_descriptor(). Suren Baghdasaryan <surenb(a)google.com> alloc_tag: avoid current->alloc_tag manipulations when profiling is disabled Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle errors that nilfs_prepare_chunk() may return Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect access to buffers with no active references Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not force clear folio if buffer is referenced Su Yue <glass.su(a)suse.com> ocfs2: mark dquot as inactive if failed to start trans while releasing dquot Gao Xiang <xiang(a)kernel.org> erofs: fix potential return value overflow of z_erofs_shrink_scan() Charles Han <hanchunchao(a)inspur.com> firewire: test: Fix potential null dereference in firewire kunit test Guixin Liu <kanie(a)linux.alibaba.com> scsi: mpi3mr: Fix possible crash when setting up bsg fails Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails Paul Menzel <pmenzel(a)molgen.mpg.de> scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 Daire McNamara <daire.mcnamara(a)microchip.com> PCI: microchip: Set inbound address translation for coherent or non-coherent mode Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test Mohamed Khalfella <khalfella(a)gmail.com> PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error Richard Zhu <hongxing.zhu(a)nxp.com> PCI: dwc: Always stop link in the dw_pcie_suspend_noirq Krishna chaitanya chundru <quic_krichai(a)quicinc.com> PCI: qcom: Update ICC and OPP values after Link Up event Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add missing reference clock disable logic Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Skip controller_id generation logic for i.MX7D Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Configure PHY based on Root Complex or Endpoint mode Dan Carpenter <dan.carpenter(a)linaro.org> PCI: rockchip-ep: Fix error code in rockchip_pcie_ep_init_ob_mem() Damien Le Moal <dlemoal(a)kernel.org> PCI: rockchip: Add missing fields descriptions for struct rockchip_pcie_ep King Dix <kingdix10(a)qq.com> PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() Desnes Nunes <desnesn(a)redhat.com> media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> watchdog: rti_wdt: Fix an OF node leak in rti_wdt_probe() Laurentiu Palcu <laurentiu.palcu(a)oss.nxp.com> media: nxp: imx8-isi: fix v4l2-compliance test errors Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> mtd: hyperbus: hbmc-am654: fix an OF node reference leak david regan <dregan(a)broadcom.com> mtd: rawnand: brcmnand: fix status read of brcmnand_waitfunc Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Propagate buf->error to userspace Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix deadlock during uvc_probe Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: camif-core: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: mipi-csis: Add check for clk_enable() Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: ov9282: Correct the exposure offset Luca Weiss <luca.weiss(a)fairphone.com> media: i2c: imx412: Add missing newline to prints Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: imx290: Register 0x3011 varies between imx327 and imx290 Jiasheng Jiang <jiashengjiangcool(a)gmail.com> media: marvell: Add check for clk_enable() Chen-Yu Tsai <wenst(a)chromium.org> remoteproc: mtk_scp: Only populate devices for SCP cores Jian-Hong Pan <jhp(a)endlessos.org> PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() Zijun Hu <quic_zijuhu(a)quicinc.com> PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() Chen Ni <nichen(a)iscas.ac.cn> media: lmedm04: Handle errors for lme2510_int_read Oliver Neukum <oneukum(a)suse.com> media: rc: iguanair: handle timeouts Dmytro Maluka <dmaluka(a)chromium.org> of/fdt: Restore possibility to use both ACPI and FDT from bootloader Mark Brown <broonie(a)kernel.org> spi: omap2-mcspi: Correctly handle devm_clk_get_optional() errors Michal Wilczynski <m.wilczynski(a)samsung.com> mailbox: th1520: Fix memory corruption due to incorrect array size Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: mpfs: fix copy and paste bug in probe Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: th1520: Fix a NULL vs IS_ERR() bug Qasim Ijaz <qasdev00(a)gmail.com> iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Suraj Sonawane <surajsonawane0215(a)gmail.com> iommu: iommufd: fix WARNING in iommufd_device_unbind Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" Anumula Murali Mohan Reddy <anumula(a)chelsio.com> RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event Randy Dunlap <rdunlap(a)infradead.org> efi: sysfb_efi: fix W=1 warnings when EFI is not set Zijun Hu <quic_zijuhu(a)quicinc.com> of: reserved-memory: Do not make kmemleak ignore freed address Zijun Hu <quic_zijuhu(a)quicinc.com> of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map() Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix indirect mkey ODP page count Pei Xiao <xiaopei01(a)kylinos.cn> i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition Joel Stanley <joel(a)jms.id.au> arm64: dts: qcom: x1e80100-romulus: Update firmware nodes Akhil R <akhilrajeev(a)nvidia.com> arm64: tegra: Fix DMA ID for SPI2 Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() Josua Mayer <josua(a)solid-run.com> arm64: dts: ti: k3-am642-hummingboard-t: Convert overlay to board dts Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: Makefile: Fix typo "k3-j7200-evm-pcie1-ep.dtbo" Michael Riesch <michael.riesch(a)wolfvision.net> arm64: dts: rockchip: fix num-channels property of wolfvision pf5 mic Jagan Teki <jagan(a)edgeble.ai> arm64: dts: rockchip: Fix PCIe3 handling for Edgeble-6TOPS Modules Rafał Miłecki <rafal(a)milecki.pl> ARM: dts: mediatek: mt7623: fix IR nodename Josua Mayer <josua(a)solid-run.com> arm64: dts: marvell: cn9131-cf-solidwan: fix cp1 comphy links Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sm8250: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> arm64: dts: qcom: sc8280xp: Fix interrupt type of camss interrupts Val Packett <val(a)packett.cool> arm64: dts: mediatek: add per-SoC compatibles for keypad nodes Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8195: Remove MT8183 compatible for OVL Jason-JH.Lin <jason-jh.lin(a)mediatek.com> dts: arm64: mediatek: mt8188: Update OVL compatible from MT8183 to MT8195 Frank Wunderlich <frank-w(a)public-files.de> arm64: dts: mediatek: mt7988: Add missing clock-div property for i2c Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: scm: Cleanup global '__scm' on probe failures Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8280xp: Fix up remoteproc register space sizes Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180: fix psci power domain node names Alan Stern <stern(a)rowland.harvard.edu> HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-pompom: rename 5v-choke thermal zone Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sc7180-trogdor-quackingstick: add missing avee-supply Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sdm845-db845c-navigation-mezzanine: remove disabled ov7251 camera Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: qcm6490-shift-otter: remove invalid orientation-switch Aaro Koskinen <aaro.koskinen(a)iki.fi> ARM: omap1: Fix up the Retu IRQ on Nokia 770 Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Clean up the legacy CONFIG_INFINIBAND_HNS Li Zhijian <lizhijian(a)fujitsu.com> RDMA/rtrs: Add missing deinit() call Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Fix sdmmc access on rk3308-rock-s0 v1.1 boards Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62a: Remove duplicate GICR reg Bryan Brattlof <bb(a)ti.com> arm64: dts: ti: k3-am62: Remove duplicate GICR reg Cristian Birsan <cristian.birsan(a)microchip.com> ARM: dts: microchip: sama5d27_wlsom1_ek: Add no-1-8-v property to sdmmc0 node Cristian Birsan <cristian.birsan(a)microchip.com> ARM: dts: microchip: sama5d29_curiosity: Add no-1-8-v property to sdmmc0 node Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sm8650: Fix CDSP context banks unit addresses Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: x1e80100: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8650: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8550: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8350: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6375: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6125: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm4450: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdx75: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sc7280: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: q[dr]u1000: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qcs404: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8994: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8939: correct sleep clock frequency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8916: correct sleep clock frequency Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm7225-fairphone-fp4: Drop extra qcom,msm-id value Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8994: Describe USB interrupts Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: Fix up USB3 interrupts Ross Burton <ross.burton(a)arm.com> arm64: defconfig: remove obsolete CONFIG_SM_DISPCC_8650 Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sa8775p: Use valid node names for GPI DMAs Maulik Shah <quic_mkshah(a)quicinc.com> arm64: dts: qcom: sa8775p: Add CPUs to psci power domain Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sa8775p: Use a SoC-specific compatible for GPI DMA Taniya Das <quic_tdas(a)quicinc.com> arm64: dts: qcom: sa8775p: Update sleep_clk frequency Marek Vasut <marex(a)denx.de> arm64: dts: qcom: msm8996-xiaomi-gemini: Fix LP5562 LED1 reg property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Swap USART3 and UART8 alias on STM32MP15xx DHCOM SoM Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Deduplicate serial aliases and chosen node for STM32MP15xx DHCOM SoM Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie1 Ma Ke <make_ruc2021(a)163.com> RDMA/srp: Fix error handling in srp_add_port Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: willow: Support second source touchscreen Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen zhenwei pi <pizhenwei(a)bytedance.com> RDMA/rxe: Fix mismatched max_msg_sz Mamta Shukla <mamta.shukla(a)leica-geosystems.com> arm: dts: socfpga: use reset-name "stmmaceth-ocp" instead of "ahb" Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string for max31790 Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: Add required properties for IOE on fan boards Ricky CX Wu <ricky.cx.wu.wiwynn(a)gmail.com> ARM: dts: aspeed: yosemite4: correct the compatible string of adm1272 Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8395-genio-1200-evk: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: medaitek: mt8395-nio-12l: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-demo: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property Dan Carpenter <dan.carpenter(a)linaro.org> rdma/cxgb4: Prevent potential integer overflow on 32bit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> arm64: dts: renesas: rzg3s-smarc: Fix the debug serial alias Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Avoid false error about access to uninitialized gids array Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> ARM: dts: stm32: Fix IPCC EXTI declaration on stm32mp151 Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Sort M24256E write-lockable page in DH STM32MP13xx DHCOR SoM DT Marek Vasut <marex(a)denx.de> ARM: dts: stm32: Increase CPU core voltage on STM32MP13xx DHCOR SoM Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: add i2c clock-div property Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix wdt irq type Val Packett <val(a)packett.cool> arm64: dts: mediatek: mt8516: fix GICv2 range Hsin-Yi Wang <hsinyi(a)chromium.org> arm64: dts: mt8183: set DMIC one-wire mode on Damu Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8186: Move wakeup to MTU3 to get working suspend Alexander Stein <alexander.stein(a)ew.tq-group.com> ARM: dts: imx7-tqma7: add missing vs-supply for LM75A (rev. 01xxx) Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: change BU Power Switch to automatic mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: atmel: fix device_node release in atmel_soc_device_init() Hou Tao <houtao1(a)huawei.com> bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT Pali Rohár <pali(a)kernel.org> cifs: Use cifs_autodisable_serverino() for disabling CIFS_MOUNT_SERVER_INUM in readdir.c Paulo Alcantara <pc(a)manguebit.com> smb: client: fix oops due to unset link speed Herbert Xu <herbert(a)gondor.apana.org.au> rhashtable: Fix rhashtable_try_insert test Chen Ridong <chenridong(a)huawei.com> padata: avoid UAF for reorder_work Chen Ridong <chenridong(a)huawei.com> padata: add pd get/put refcnt helper Chen Ridong <chenridong(a)huawei.com> padata: fix UAF in padata_reorder Chun-Tse Shao <ctshao(a)google.com> perf lock: Fix parse_lock_type which only retrieve one lock flag Vishal Chourasia <vishalc(a)linux.ibm.com> tools: Sync if_xdp.h uapi tooling header Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Fully decode all combinations of alloc_paging_flags Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Change amd_iommu_pgtable to use enum protection_domain_mode Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Remove type argument from do_iommu_domain_alloc() and related Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Remove dev == NULL checks Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Remove domain_alloc() Alejandro Jimenez <alejandro.j.jimenez(a)oracle.com> iommu/amd: Remove unused amd_iommu_domain_update() Guo Ren <guoren(a)kernel.org> iommu/riscv: Fixup compile warning Daniel Xu <dxu(a)dxuuu.xyz> bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write Pu Lehui <pulehui(a)huawei.com> libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED Pu Lehui <pulehui(a)huawei.com> libbpf: Fix return zero when elf_begin failed Pu Lehui <pulehui(a)huawei.com> selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix undefined UINT_MAX in veristat.c Puranjay Mohan <puranjay(a)kernel.org> bpf: Send signals asynchronously if !preemptible Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83JX, 83MC and 83NM Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Fix DMI match for Lenovo 83LC Ian Rogers <irogers(a)google.com> perf inject: Fix use without initialization of local variables Ian Rogers <irogers(a)google.com> perf test stat: Avoid hybrid assumption when virtualized Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> pinctrl: amd: Take suspend type into consideration which pins are non-wake Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: stm32: Add check for clk_enable() Jiachen Zhang <me(a)jcix.top> perf report: Fix misleading help message about --demangle Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Fix compilation of snd_hdac_adsp_xxx() helpers Arnaldo Carvalho de Melo <acme(a)kernel.org> perf MANIFEST: Add arch/*/include/uapi/asm/bpf_perf_event.h to the perf tarball Namhyung Kim <namhyung(a)kernel.org> perf symbol: Prefer non-label symbols with same address Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix init-config parsing Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix theoretical infinite loop Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix the minimum firmware version numbers Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Do not readq() u32 registers Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Fixup the nsinfo__in_pidns() return type, its bool Arnaldo Carvalho de Melo <acme(a)redhat.com> perf namespaces: Introduce nsinfo__set_in_pidns() Christophe Leroy <christophe.leroy(a)csgroup.eu> perf machine: Don't ignore _etext when not a text symbol Christophe Leroy <christophe.leroy(a)csgroup.eu> perf maps: Fix display of kernel symbols Arnaldo Carvalho de Melo <acme(a)redhat.com> perf top: Don't complain about lack of vmlinux when not resolving some kernel samples Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Draining PRQ in sva unbind path when FPD bit set Jiayuan Chen <mrpre(a)163.com> selftests/bpf: Avoid generating untracked files when running bpf selftests Thomas Weißschuh <linux(a)weissschuh.net> padata: fix sysfs store callback check Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Make dependency on UMP clearer Pei Xiao <xiaopei01(a)kylinos.cn> bpf: Use refcount_t instead of atomic_t for mmap_count Kanchana P Sridhar <kanchana.p.sridhar(a)intel.com> crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' James Clark <james.clark(a)linaro.org> perf stat: Fix trailing comma when there is no metric unit Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead invalid authsize Wenkai Lin <linwenkai6(a)hisilicon.com> crypto: hisilicon/sec2 - fix for aead icv error Breno Leitao <leitao(a)debian.org> rhashtable: Fix potential deadlock by moving schedule_work outside lock Martin KaFai Lau <martin.lau(a)kernel.org> bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT Ba Jing <bajing(a)cmss.chinamobile.com> ktest.pl: Remove unused declarations in run_bisect_test function Mingwei Zheng <zmw12306(a)gmail.com> pinctrl: nomadik: Add check for clk_enable() Levi Yun <yeoreum.yun(a)arm.com> perf expr: Initialize is_test value in expr__ctx_new() Arnaldo Carvalho de Melo <acme(a)redhat.com> tools build: Remove the libunwind feature tests from the ones detected when test-all.o builds Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: renesas: rz-ssi: Use only the proper amount of dividers Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_prog_info() Zhongqiu Han <quic_zhonhan(a)quicinc.com> perf header: Fix one memory leakage in process_bpf_btf() Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Make variables only used locally static Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Add missing __init to get_i2c_adap_by_*() Gaurav Jain <gaurav.jain(a)nxp.com> crypto: caam - use JobR's space to access page 0 regs Herbert Xu <herbert(a)gondor.apana.org.au> crypto: api - Fix boot-up self-test race Chen Ridong <chenridong(a)huawei.com> crypto: tegra - do not transfer req when tegra init fails Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmuv3: Update comments about ATS and bypass Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix fill_link_info selftest on powerpc Arnaldo Carvalho de Melo <acme(a)redhat.com> tools features: Don't check for libunwind devel files by default George Lander <lander(a)jagmn.com> ASoC: sun4i-spdif: Add clock multiplier settings Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: sof_sdw: correct mach_params->dmic_num Quentin Monnet <qmo(a)kernel.org> libbpf: Fix segfault due to libelf functions not setting errno Andrea Righi <arighi(a)nvidia.com> sched_ext: Use the NUMA scheduling domain for NUMA optimizations Marco Leogrande <leogrande(a)google.com> tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind Takashi Iwai <tiwai(a)suse.de> ASoC: wcd937x: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: cs42l84: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: SDCA: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: mediatek: mt8365: Use *-y for Makefile Takashi Iwai <tiwai(a)suse.de> ASoC: cs40l50: Use *-y for Makefile Andrii Nakryiko <andrii(a)kernel.org> libbpf: don't adjust USDT semaphore address if .stapsdt.base addr is missing Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pinctrl: samsung: Fix irq handling if an error occurs in exynos_irq_demux_eint16_31() Pei Xiao <xiaopei01(a)kylinos.cn> platform/x86: x86-android-tablets: make platform data be static Pei Xiao <xiaopei01(a)kylinos.cn> platform/mellanox: mlxbf-pmc: incorrect type in assignment Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/rose: prevent integer overflows in rose_setsockopt() Mahdi Arghavani <ma.arghavani(a)yahoo.com> tcp_cubic: fix incorrect HyStart round start detection Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() Xin Long <lucien.xin(a)gmail.com> net: sched: refine software bypass handling in tc_run Florian Westphal <fw(a)strlen.de> netfilter: nft_flow_offload: update tcp state flags under lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: fix set size with rbtree backend Jamal Hadi Salim <jhs(a)mojatatu.com> net: sched: Disallow replacing of child qdisc from one parent to another Antoine Tenart <atenart(a)kernel.org> net: avoid race between device unregistration and ethnl ops Shinas Rasheed <srasheed(a)marvell.com> octeon_ep_vf: remove firmware stats fetch in ndo_get_stats64 Shinas Rasheed <srasheed(a)marvell.com> octeon_ep: remove firmware stats fetch in ndo_get_stats64 Maher Sanalla <msanalla(a)nvidia.com> net/mlxfw: Drop hard coded max FW flash image size Liu Jian <liujian56(a)huawei.com> net: let net.core.dev_weight always be non-zero Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix error message Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Fix build with non-default pthread linking Daniel Golle <daniel(a)makrotopia.org> net: phy: realtek: always clear NBase-T lpa Daniel Golle <daniel(a)makrotopia.org> net: phy: realtek: clear master_slave_state if link is down Daniel Golle <daniel(a)makrotopia.org> net: phy: realtek: clear 1000Base-T lpa if link is down Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32: Add check for clk_enable() Kuniyuki Iwashima <kuniyu(a)amazon.com> dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). Bo Gan <ganboing(a)gmail.com> clk: analogbits: Fix incorrect calculation of vco rate delta Eric Dumazet <edumazet(a)google.com> inet: ipmr: fix data-races Alexis Lothoré <alexis.lothore(a)bootlin.com> wifi: wilc1000: unregister wiphy only after netdev registration Max Chou <max.chou(a)realtek.com> Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() Charles Han <hanchunchao(a)inspur.com> Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: adjust allocation of colocated AP data Dmitry V. Levin <ldv(a)strace.io> selftests: harness: fix printing of mismatch values in __EXPECT() Geert Uytterhoeven <geert+renesas(a)glider.be> selftests: timers: clocksource-switch: Adapt progress to kselftest framework Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: ath12k: fix key cache handling Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq: ACPI: Fix max-frequency computation Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> i2c: designware: Actually make use of the I2C_DW_COMMON and I2C_DW symbol namespaces Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix ldpc setting Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: fix definition of tx descriptor Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: fix incorrect indexing of MIB FW event Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix HE Phy capability Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: add max mpdu len capability Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix register mapping Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7915: fix register mapping Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: fix omac index assignment after hardware reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7915: firmware restart on devices with a second pcie link Felix Fietkau <nbd(a)nbd.name> wifi: mt76: only enable tx worker after setting the channel Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix rx filter setting for bfee functionality Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Properly handle responses for commands with events Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Cleanup MLO settings post-disconnection Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Init secondary link PM state Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update secondary link PS flow Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_unassign_vif_chanctx for per-link BSS Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt792x_rx_get_wcid for per-link STA Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Update mt7925_mcu_sta_update for BC in ASSOC state Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: Enhance mt7925_mac_link_sta_add to support MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Enhance mt7925_mac_link_bss_add to support MLO Leon Yen <leon.yen(a)mediatek.com> wifi: mt76: mt7925: Fix CNM Timeout with Single Active Link in MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix wrong parameter for related cmd of chan info allan.wang <allan.wang(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect WCID phy_idx assignment Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect WCID assignment for MLO Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: Fix incorrect MLD address in bss_mld_tlv for MLO support Sean Wang <sean.wang(a)mediatek.com> wifi: mt76: connac: Extend mt76_connac_mcu_uni_add_dev for MLO xueqin Luo <luoxueqin(a)kylinos.cn> wifi: mt76: mt7915: fix overflows seen when writing limit attributes xueqin Luo <luoxueqin(a)kylinos.cn> wifi: mt76: mt7996: fix overflows seen when writing limit attributes Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the invalid ip address for arp offload Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix get wrong chip cap from incorrect pointer Eric-SY Chang <eric-sy.chang(a)mediatek.com> wifi: mt76: mt7925: fix wrong band_idx setting when enable sniffer mode Charles Han <hanchunchao(a)inspur.com> wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> wifi: mt76: mt7915: Fix an error handling path in mt7915_add_interface() Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7921: fix using incorrect group cipher after disconnection. WangYuli <wangyuli(a)uniontech.com> wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO Mickaël Salaün <mic(a)digikod.net> landlock: Handle weird files Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: fix data error when recvmsg with MSG_PEEK flag Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Fix cpu2vp_clk for TH1520 AP_SUBSYS clocks Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Add CLK_IGNORE_UNUSED to fix TH1520 boot Drew Fustini <dfustini(a)tenstorrent.com> clk: thead: Fix clk gate registration to pass flags Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: remove duplicated 'xtal' clock for Ralink SoC RT3883 Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't flush non-uploaded STAs Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Fix common size calculation for ML element Andy Strohman <andrew(a)andrewstrohman.com> wifi: mac80211: fix tid removal during mesh forwarding Kees Cook <kees(a)kernel.org> wifi: cfg80211: Move cfg80211_scan_req_add_chan() n_channels increment earlier Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: prohibit deactivating all links Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: remove unneeded NULL pointer checks Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: don't count mgmt frames as MPDU Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: avoid NULL pointer dereference Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: read STEP table from correct UEFI var Nicolas Cavallari <nicolas.cavallari(a)green-communications.fr> wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mt76: mt7925: fix off by one in mt7925_load_clc() Joel Stanley <joel(a)jms.id.au> hwmon: Fix help text for aspeed-g6-pwm-tach Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: mcc: consider time limits not divisible by 1024 Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: correct header conversion rule for MLO only Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: fix proceeding MCC with wrong scanning state after sequence changes Andreas Kemnade <andreas(a)kemnade.info> wifi: wlcore: fix unbalanced pm_runtime calls Alexis Lothoré <alexis.lothore(a)bootlin.com> wifi: wilc1000: unregister wiphy only if it has been registered Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix invalid interface combinations Zichen Xie <zichenxie0106(a)gmail.com> samples/landlock: Fix possible NULL dereference in parse_path() Rob Herring (Arm) <robh(a)kernel.org> mfd: syscon: Fix race in device_node_get_regmap() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: cht-wcove: Use devm_led_classdev_register() to avoid memory leak Terry Tritton <terry.tritton(a)linaro.org> HID: fix generic desktop D-Pad controls Karol Przybylski <karprzy7(a)gmail.com> HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Do not use shared clk_ops for QUPs Sathishkumar Muruganandam <quic_murugana(a)quicinc.com> wifi: ath12k: fix tx power, max reg power update to firmware Quan Nguyen <quan(a)os.amperecomputing.com> ipmi: ssif_bmc: Fix new request loss when bmc ready for a response Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> OPP: OF: Fix an OF node leak in _opp_add_static_v2() Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset Eric Dumazet <edumazet(a)google.com> ax25: rcu protect dev->ax25_ptr Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> regulator: of: Implement the unwind path of of_regulator_match() Vasily Khoruzhick <anarsoul(a)gmail.com> clk: sunxi-ng: a64: stop force-selecting PLL-MIPI as TCON0 parent Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: Fix prefcore rankings Octavian Purdila <tavip(a)google.com> team: prevent adding a device which is already a team device lower Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: camcc-x1e80100: Set titan_top_gdsc as the parent GDSC of subordinate GDSCs Peng Fan <peng.fan(a)nxp.com> clk: imx: Apply some clks only for i.MX93 Shengjiu Wang <shengjiu.wang(a)nxp.com> arm64: dts: imx93: Use IMX93_CLK_SPDIF_IPG as SPDIF IPG clock Shengjiu Wang <shengjiu.wang(a)nxp.com> clk: imx93: Add IMX93_CLK_SPDIF_IPG clock Shengjiu Wang <shengjiu.wang(a)nxp.com> dt-bindings: clock: imx93: Add SPDIF IPG clk Marek Vasut <marex(a)denx.de> clk: imx8mp: Fix clkout1/2 support Stefano Brivio <sbrivio(a)redhat.com> udp: Deal with race between UDP socket address change and rehash Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available Luca Ceresoli <luca.ceresoli(a)bootlin.com> gpio: pca953x: log an error when failing to get the reset GPIO Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix error path in airoha_probe() Eric Dumazet <edumazet(a)google.com> ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() Mickaël Salaün <mic(a)digikod.net> selftests: ktap_helpers: Fix uninitialized variable Sultan Alsawaf (unemployed) <sultan(a)kerneltoast.com> cpufreq: schedutil: Fix superfluous updates caused by need_freq_update Mingwei Zheng <zmw12306(a)gmail.com> pwm: stm32-lp: Add check for clk_enable() Eric Dumazet <edumazet(a)google.com> inetpeer: do not get a refcount in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: update inetpeer timestamp in inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer() Eric Dumazet <edumazet(a)google.com> inetpeer: remove create argument of inet_getpeer_v[46]() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() Matti Vaittinen <mazziesaccount(a)gmail.com> dt-bindings: mfd: bd71815: Fix rsense and typos He Rongguang <herongguang(a)linux.alibaba.com> cpupower: fix TSC MHz calculation Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ACPI: fan: cleanup resources in the error path of .probe() Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace Marcel Hamer <marcel.hamer(a)windriver.com> wifi: brcmfmac: add missing header include for brcmf_dbg Aditya Kumar Singh <quic_adisi(a)quicinc.com> wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() Chen-Yu Tsai <wenst(a)chromium.org> regulator: dt-bindings: mt6315: Drop regulator-compatible property Jiri Kosina <jikos(a)kernel.org> HID: multitouch: fix support for Goodix PID 0x01e9 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: pci: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix memory leaks and invalid access at probe error path Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: destroy workqueue at rtl_deinit_core Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: remove unused check_buddy_priv Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: leds: class-multicolor: Fix path to color definitions Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> clk: fix an OF node reference leak in of_clk_get_parent_name() Neil Armstrong <neil.armstrong(a)linaro.org> dt-bindings: mmc: controller: clarify the address-cells description David Howells <dhowells(a)redhat.com> rxrpc: Fix handling of received connection abort Mingwei Zheng <zmw12306(a)gmail.com> spi: zynq-qspi: Add check for clk_enable() Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Song Yoong Siang <yoong.siang.song(a)intel.com> selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata Zichen Xie <zichenxie0106(a)gmail.com> wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() Dan Carpenter <dan.carpenter(a)linaro.org> clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check Dan Carpenter <dan.carpenter(a)linaro.org> clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check Dan Carpenter <dan.carpenter(a)linaro.org> clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check Javier Carrasco <javier.carrasco.cruz(a)gmail.com> clk: renesas: cpg-mssr: Fix 'soc' node handling in cpg_mssr_reserved_init() Barnabás Czémán <barnabas.czeman(a)mainlining.org> wifi: wcn36xx: fix channel survey memory allocation size Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: usb: fix workqueue leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: fix init_sw_vars leak when probe fails Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: wait for firmware loading before releasing memory Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> wifi: rtlwifi: do not complete firmware loading needlessly Colin Ian King <colin.i.king(a)gmail.com> wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 Charles Han <hanchunchao(a)inspur.com> ipmi: ipmb: Add check devm_kasprintf() returned value Thomas Gleixner <tglx(a)linutronix.de> genirq: Make handle_enforce_irqctx() unconditionally available Jonathan Kim <jonathan.kim(a)amd.com> drm/amdgpu: fix gpu recovery disable with per queue reset Jiang Liu <gerry(a)linux.alibaba.com> drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix shift type in amdgpu_debugfs_sdma_sched_mask_set() Hermes Wu <hermes.wu(a)ite.com.tw> drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/mdp4: correct LCDC regulator name Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm: don't clean up priv->kms prematurely Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/msm: Check return value of of_dma_configure() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on X1E80100 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8650 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: provide DSPP and correct LM config for SDM670 Neil Armstrong <neil.armstrong(a)linaro.org> OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized Neil Armstrong <neil.armstrong(a)linaro.org> OPP: add index check to assert to avoid buffer overflow in _read_freq() Karol Przybylski <karprzy7(a)gmail.com> drm/amdgpu: Fix potential integer overflow in scheduler mask calculations Bokun Zhang <bokun.zhang(a)amd.com> drm/amdgpu/vcn: reset fw_shared under SRIOV Min-Hua Chen <minhuadotchen(a)gmail.com> drm/rockchip: vop2: include rockchip_drm_drv.h Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Add check for 32 bpp format for rk3588 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Setup delay cycle for Esmart2/3 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Set AXI id for rk3588 Derek Foreman <derek.foreman(a)collabora.com> drm/connector: Allow clearing HDMI infoframes John Ogness <john.ogness(a)linutronix.de> printk: Defer legacy printing when holding printk_cpu_sync Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the windows switch between different layers Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: disable the opp table request even for dp_ctrl_off_link() Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: dont call dp_catalog_ctrl_mainlink_ctrl in dp_ctrl_configure_source_params() Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: do not touch the MMSS_DP_INTF_CONFIG for tpg Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Preserve the result returned by panthor_fw_resume() Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset Ivan Stepchenko <sid(a)itb.spb.ru> drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() Sui Jingfeng <sui.jingfeng(a)linux.dev> drm/etnaviv: Fix page property being used for non writecombine buffers Rex Nie <rex.nie(a)jaguarmicro.com> drm/msm/hdmi: simplify code in pll_get_integloop_gain Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> dt-bindings: display/msm: qcom,sa8775p-mdss: fix the example Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: fix msm_dp_utils_pack_sdp_header interface Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: set safe_to_exit_level before printing it Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/rockchip: vop2: fix rk3588 dp+dsi maxclk verification Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Grab intel_display from the encoder to avoid potential oopsies Maíra Canal <mcanal(a)igalia.com> drm/v3d: Fix performance counter source settings on V3D 7.x Chengming Zhou <chengming.zhou(a)linux.dev> psi: Fix race when task wakes up before psi_sched_switch() adjusts flags K Prateek Nayak <kprateek.nayak(a)amd.com> x86/topology: Use x86_sched_itmt_flags for PKG domain unconditionally Tianchen Ding <dtcccc(a)linux.alibaba.com> sched: Fix race between yield_to() and try_to_wake_up() Peter Zijlstra <peterz(a)infradead.org> sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat Peter Zijlstra <peterz(a)infradead.org> sched/fair: Untangle NEXT_BUDDY and pick_next_task() Yabin Cui <yabinc(a)google.com> perf/core: Save raw sample data conditionally based on sample type John Garry <john.g.garry(a)oracle.com> block: Ensure start sector is aligned for stacking atomic writes David Howells <dhowells(a)redhat.com> afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call Jens Axboe <axboe(a)kernel.dk> nvme: fix bogus kzalloc() return check in nvme_init_effects_log() Christophe Leroy <christophe.leroy(a)csgroup.eu> select: Fix unbalanced user_access_end() Qu Wenruo <wqu(a)suse.com> btrfs: subpage: fix the bitmap dump of the locked flags Randy Dunlap <rdunlap(a)infradead.org> partitions: ldm: remove the initial kernel-doc notation Qu Wenruo <wqu(a)suse.com> btrfs: improve the warning and error message for btrfs_remove_qgroup() Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error path for xa_store in nvme_init_effects Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix argument order to timer_sub() Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Keisuke Nishimura <keisuke.nishimura(a)inria.fr> nvme: Add error check for xa_store in nvme_get_effects_log Sagi Grimberg <sagi(a)grimberg.me> nvme-tcp: Fix I/O queue cpu spreading for multiple controllers Christoph Hellwig <hch(a)lst.de> block: fix queue freeze vs limits lock order in sysfs store methods Christoph Hellwig <hch(a)lst.de> block: add a store_limit operations for sysfs entries Christoph Hellwig <hch(a)lst.de> block: add a queue_limits_commit_update_frozen helper Christoph Hellwig <hch(a)lst.de> block: don't update BLK_FEAT_POLL in __blk_mq_update_nr_hw_queues Christoph Hellwig <hch(a)lst.de> block: check BLK_FEAT_POLL under q_usage_count Eugen Hristev <eugen.hristev(a)linaro.org> pstore/blk: trivial typo fixes Yu Kuai <yukuai3(a)huawei.com> nbd: don't allow reconnect after disconnect Geert Uytterhoeven <geert+renesas(a)glider.be> ps3disk: Do not use dev->bounce_size before it is set Yang Erkun <yangerkun(a)huawei.com> block: retry call probe after request_module in blk_request_module Pavel Begunkov <asml.silence(a)gmail.com> io_uring: prevent reg-wait speculations Christoph Hellwig <hch(a)lst.de> block: copy back bounce buffer to user-space correctly in case of split Jinliang Zheng <alexjlzheng(a)gmail.com> fs: fix proc_handler for sysctl_nr_open David Howells <dhowells(a)redhat.com> afs: Fix cleanup of immediately failed async calls David Howells <dhowells(a)redhat.com> afs: Fix directory format encoding struct David Howells <dhowells(a)redhat.com> afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY Alexander Aring <aahringo(a)redhat.com> dlm: fix srcu_read_lock() return type to int Alexander Aring <aahringo(a)redhat.com> dlm: fix removal of rsb struct that is master and dir record Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active Kees Cook <kees(a)kernel.org> coredump: Do not lock during 'comm' reporting ------------- Diffstat: .../bindings/display/msm/qcom,sa8775p-mdss.yaml | 3 +- .../bindings/leds/leds-class-multicolor.yaml | 2 +- .../devicetree/bindings/mfd/rohm,bd71815-pmic.yaml | 20 +-- .../devicetree/bindings/mmc/mmc-controller.yaml | 2 +- .../bindings/regulator/mt6315-regulator.yaml | 6 - Documentation/driver-api/crypto/iaa/iaa-crypto.rst | 9 +- Makefile | 4 +- .../dts/aspeed/aspeed-bmc-facebook-yosemite4.dts | 24 ++- .../boot/dts/intel/socfpga/socfpga_arria10.dtsi | 6 +- arch/arm/boot/dts/mediatek/mt7623.dtsi | 2 +- .../boot/dts/microchip/at91-sama5d27_wlsom1_ek.dts | 1 + .../boot/dts/microchip/at91-sama5d29_curiosity.dts | 1 + arch/arm/boot/dts/nxp/imx/imx7-tqma7.dtsi | 1 + arch/arm/boot/dts/st/stm32mp13xx-dhcor-som.dtsi | 16 +- arch/arm/boot/dts/st/stm32mp151.dtsi | 2 +- arch/arm/boot/dts/st/stm32mp15xx-dhcom-drc02.dtsi | 12 -- arch/arm/boot/dts/st/stm32mp15xx-dhcom-pdk2.dtsi | 10 -- .../arm/boot/dts/st/stm32mp15xx-dhcom-picoitx.dtsi | 10 -- arch/arm/boot/dts/st/stm32mp15xx-dhcom-som.dtsi | 7 + arch/arm/mach-at91/pm.c | 31 ++-- arch/arm/mach-omap1/board-nokia770.c | 2 +- arch/arm64/boot/dts/freescale/imx93.dtsi | 2 +- arch/arm64/boot/dts/marvell/cn9131-cf-solidwan.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7988a.dtsi | 3 + arch/arm64/boot/dts/mediatek/mt8173-elm.dtsi | 29 +--- arch/arm64/boot/dts/mediatek/mt8173-evb.dts | 25 +-- .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 4 + .../dts/mediatek/mt8183-kukui-jacuzzi-kenzo.dts | 15 ++ .../dts/mediatek/mt8183-kukui-jacuzzi-willow.dtsi | 15 ++ .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 8 +- arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 +- arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 2 - arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 9 -- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 +- arch/arm64/boot/dts/mediatek/mt8365.dtsi | 3 +- .../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 - .../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 2 - arch/arm64/boot/dts/mediatek/mt8516.dtsi | 11 +- arch/arm64/boot/dts/mediatek/pumpkin-common.dtsi | 2 - arch/arm64/boot/dts/nvidia/tegra234.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8994.dtsi | 11 +- arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 2 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 9 +- arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 2 - arch/arm64/boot/dts/qcom/qcs404.dtsi | 2 +- arch/arm64/boot/dts/qcom/qcs8550-aim300.dtsi | 2 +- arch/arm64/boot/dts/qcom/qdu1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 2 +- arch/arm64/boot/dts/qcom/qru1000-idp.dts | 2 +- arch/arm64/boot/dts/qcom/sa8775p-ride.dtsi | 2 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 32 +++- .../arm64/boot/dts/qcom/sc7180-trogdor-pompom.dtsi | 4 +- .../dts/qcom/sc7180-trogdor-quackingstick.dtsi | 1 + arch/arm64/boot/dts/qcom/sc7180.dtsi | 18 +-- arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 46 +++--- .../qcom/sdm845-db845c-navigation-mezzanine.dtso | 42 ----- arch/arm64/boot/dts/qcom/sdm845.dtsi | 20 +-- arch/arm64/boot/dts/qcom/sdx75.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm4450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6125.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm6375.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm7225-fairphone-fp4.dts | 2 +- .../boot/dts/qcom/sm8150-microsoft-surface-duo.dts | 4 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 30 ++-- arch/arm64/boot/dts/qcom/sm8350.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8550-hdk.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +- arch/arm64/boot/dts/qcom/sm8550-samsung-q5q.dts | 2 +- .../dts/qcom/sm8550-sony-xperia-yodo-pdx234.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-hdk.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-mtp.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650-qrd.dts | 2 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 6 +- .../boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- arch/arm64/boot/dts/renesas/rzg3s-smarc-som.dtsi | 5 - arch/arm64/boot/dts/renesas/rzg3s-smarc.dtsi | 7 +- arch/arm64/boot/dts/rockchip/rk3308-rock-s0.dts | 25 ++- .../boot/dts/rockchip/rk3568-wolfvision-pf5.dts | 2 +- .../boot/dts/rockchip/rk3588-edgeble-neu6a-io.dtsi | 95 +++++++---- arch/arm64/boot/dts/ti/Makefile | 6 +- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 1 - ...-pcie.dtso => k3-am642-hummingboard-t-pcie.dts} | 14 +- ...-usb3.dtso => k3-am642-hummingboard-t-usb3.dts} | 13 +- arch/arm64/configs/defconfig | 1 - arch/hexagon/include/asm/cmpxchg.h | 2 +- arch/hexagon/kernel/traps.c | 4 +- arch/loongarch/include/asm/hw_breakpoint.h | 4 +- arch/loongarch/include/asm/loongarch.h | 60 +++++++ arch/loongarch/kernel/hw_breakpoint.c | 16 +- arch/loongarch/power/platform.c | 2 +- arch/powerpc/include/asm/hugetlb.h | 9 ++ arch/powerpc/kernel/iommu.c | 2 +- arch/powerpc/platforms/pseries/iommu.c | 12 +- arch/riscv/kernel/vector.c | 2 +- arch/s390/Kconfig | 1 + arch/s390/Makefile | 2 +- arch/s390/boot/vmem.c | 74 ++++++--- arch/s390/include/asm/sclp.h | 1 + arch/s390/kernel/perf_cpum_cf.c | 2 +- arch/s390/kernel/perf_pai_crypto.c | 2 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/s390/kernel/setup.c | 5 + arch/s390/purgatory/Makefile | 2 +- arch/x86/events/amd/ibs.c | 2 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/smpboot.c | 11 +- arch/x86/kvm/lapic.c | 11 +- arch/x86/kvm/vmx/vmx.c | 2 +- arch/x86/kvm/vmx/x86_ops.h | 2 +- block/bio-integrity.c | 15 +- block/blk-core.c | 21 +-- block/blk-integrity.c | 4 +- block/blk-mq.c | 34 ++-- block/blk-mq.h | 6 + block/blk-settings.c | 31 +++- block/blk-sysfs.c | 137 ++++++++-------- block/blk-zoned.c | 7 +- block/genhd.c | 22 ++- block/partitions/ldm.h | 2 +- crypto/algapi.c | 4 +- drivers/acpi/acpica/achware.h | 2 - drivers/acpi/fan_core.c | 10 +- drivers/base/class.c | 9 +- drivers/base/power/main.c | 29 ++-- drivers/block/nbd.c | 1 + drivers/block/ps3disk.c | 4 +- drivers/block/virtio_blk.c | 4 +- drivers/bluetooth/btbcm.c | 3 + drivers/bluetooth/btnxpuart.c | 3 +- drivers/bluetooth/btrtl.c | 4 +- drivers/bluetooth/btusb.c | 7 + drivers/char/ipmi/ipmb_dev_int.c | 3 + drivers/char/ipmi/ssif_bmc.c | 5 +- drivers/clk/analogbits/wrpll-cln28hpc.c | 2 +- drivers/clk/clk.c | 4 +- drivers/clk/imx/clk-imx8mp.c | 5 +- drivers/clk/imx/clk-imx93.c | 32 ++-- drivers/clk/mmp/clk-pxa1908-apbc.c | 4 +- drivers/clk/mmp/clk-pxa1908-apbcp.c | 4 +- drivers/clk/mmp/clk-pxa1908-mpmu.c | 4 +- drivers/clk/qcom/camcc-x1e80100.c | 7 + drivers/clk/qcom/gcc-sdm845.c | 32 ++-- drivers/clk/qcom/gcc-x1e80100.c | 2 +- drivers/clk/ralink/clk-mtmips.c | 1 - drivers/clk/renesas/renesas-cpg-mssr.c | 2 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 13 +- drivers/clk/thead/clk-th1520-ap.c | 13 +- drivers/cpufreq/acpi-cpufreq.c | 36 +++-- drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/qcom-cpufreq-hw.c | 34 ++-- drivers/crypto/caam/blob_gen.c | 3 +- drivers/crypto/hisilicon/sec2/sec.h | 3 +- drivers/crypto/hisilicon/sec2/sec_crypto.c | 157 +++++++++--------- drivers/crypto/hisilicon/sec2/sec_crypto.h | 11 -- drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +- drivers/crypto/intel/ixp4xx/ixp4xx_crypto.c | 3 + drivers/crypto/tegra/tegra-se-aes.c | 7 +- drivers/crypto/tegra/tegra-se-hash.c | 7 +- drivers/dma/ti/edma.c | 3 +- drivers/firewire/device-attribute-test.c | 2 + drivers/firmware/efi/sysfb_efi.c | 2 +- drivers/firmware/qcom/qcom_scm.c | 42 +++-- drivers/gpio/gpio-mxc.c | 3 +- drivers/gpio/gpio-pca953x.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v9.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sdma.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 2 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 12 +- .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.c | 10 +- .../gpu/drm/amd/display/dc/hubp/dcn10/dcn10_hubp.h | 2 + .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 1 + .../drm/amd/display/dc/hubp/dcn201/dcn201_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn21/dcn21_hubp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn30/dcn30_hubp.c | 3 + .../gpu/drm/amd/display/dc/hubp/dcn31/dcn31_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn32/dcn32_hubp.c | 1 + .../gpu/drm/amd/display/dc/hubp/dcn35/dcn35_hubp.c | 1 + .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 3 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 2 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 2 + drivers/gpu/drm/amd/display/dc/inc/hw/hubp.h | 2 + .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 2 + .../drm/amd/pm/powerplay/hwmgr/vega10_powertune.c | 5 +- drivers/gpu/drm/bridge/ite-it6505.c | 2 +- drivers/gpu/drm/display/drm_hdmi_state_helper.c | 8 + drivers/gpu/drm/etnaviv/etnaviv_gem.c | 16 +- drivers/gpu/drm/i915/display/intel_crt.c | 10 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 8 +- .../drm/msm/disp/dpu1/catalog/dpu_10_0_sm8650.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_4_1_sdm670.h | 54 ++++++- .../gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 2 + .../drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_6_0_sm8250.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_7_0_sm8350.h | 2 + .../gpu/drm/msm/disp/dpu1/catalog/dpu_9_0_sm8550.h | 2 + .../drm/msm/disp/dpu1/catalog/dpu_9_2_x1e80100.h | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 15 +- drivers/gpu/drm/msm/disp/mdp4/mdp4_lcdc_encoder.c | 2 +- drivers/gpu/drm/msm/dp/dp_audio.c | 2 +- drivers/gpu/drm/msm/dp/dp_catalog.c | 1 - drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 +- drivers/gpu/drm/msm/dp/dp_utils.c | 10 +- drivers/gpu/drm/msm/dp/dp_utils.h | 2 +- drivers/gpu/drm/msm/hdmi/hdmi_phy_8998.c | 2 +- drivers/gpu/drm/msm/msm_kms.c | 1 - drivers/gpu/drm/panthor/panthor_device.c | 4 +- drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 115 ++++++++++--- drivers/gpu/drm/rockchip/rockchip_drm_vop2.h | 10 ++ drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 26 ++- drivers/gpu/drm/v3d/v3d_debugfs.c | 4 +- drivers/gpu/drm/v3d/v3d_perfmon.c | 15 +- drivers/gpu/drm/v3d/v3d_regs.h | 29 ++-- drivers/hid/hid-core.c | 2 + drivers/hid/hid-input.c | 37 ++--- drivers/hid/hid-multitouch.c | 2 +- drivers/hid/hid-thrustmaster.c | 8 + drivers/hwmon/Kconfig | 4 +- drivers/hwmon/nct6775-core.c | 6 +- drivers/i2c/busses/i2c-designware-common.c | 5 +- drivers/i2c/busses/i2c-designware-master.c | 5 +- drivers/i2c/busses/i2c-designware-slave.c | 5 +- drivers/i3c/master/dw-i3c-master.c | 1 + drivers/infiniband/hw/Makefile | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/cxgb4/device.c | 6 +- drivers/infiniband/hw/cxgb4/qp.c | 8 + drivers/infiniband/hw/hns/Kconfig | 20 +-- drivers/infiniband/hw/hns/Makefile | 9 +- drivers/infiniband/hw/mlx4/main.c | 8 +- drivers/infiniband/hw/mlx5/odp.c | 62 +++++--- drivers/infiniband/sw/rxe/rxe_param.h | 2 +- drivers/infiniband/sw/rxe/rxe_pool.c | 11 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs.c | 3 + drivers/infiniband/ulp/srp/ib_srp.c | 1 - drivers/iommu/amd/amd_iommu.h | 5 +- drivers/iommu/amd/init.c | 14 +- drivers/iommu/amd/iommu.c | 132 +++++---------- drivers/iommu/amd/pasid.c | 3 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 17 +- drivers/iommu/intel/pasid.c | 22 ++- drivers/iommu/intel/pasid.h | 6 + drivers/iommu/iommufd/iova_bitmap.c | 2 +- drivers/iommu/iommufd/main.c | 2 +- drivers/iommu/riscv/iommu.c | 2 +- drivers/leds/leds-cht-wcove.c | 6 +- drivers/leds/leds-netxbig.c | 1 + drivers/mailbox/mailbox-mpfs.c | 2 +- drivers/mailbox/mailbox-th1520.c | 6 +- drivers/md/md-bitmap.c | 79 +++++---- drivers/md/md-bitmap.h | 7 +- drivers/md/md.c | 34 ++++ drivers/md/md.h | 5 + drivers/md/raid1.c | 34 +--- drivers/md/raid1.h | 1 - drivers/md/raid10.c | 26 +-- drivers/md/raid10.h | 1 - drivers/md/raid5-cache.c | 4 - drivers/md/raid5.c | 111 ++++++------- drivers/md/raid5.h | 4 - drivers/media/i2c/imx290.c | 3 +- drivers/media/i2c/imx412.c | 42 ++--- drivers/media/i2c/ov9282.c | 2 +- drivers/media/platform/marvell/mcam-core.c | 7 +- drivers/media/platform/nxp/imx-jpeg/mxc-jpeg.c | 7 +- .../media/platform/nxp/imx8-isi/imx8-isi-video.c | 3 + .../media/platform/samsung/exynos4-is/mipi-csis.c | 10 +- .../media/platform/samsung/s3c-camif/camif-core.c | 13 +- drivers/media/rc/iguanair.c | 4 +- drivers/media/usb/dvb-usb-v2/af9035.c | 18 ++- drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 +- drivers/media/usb/uvc/uvc_queue.c | 3 +- drivers/media/usb/uvc/uvc_status.c | 4 + drivers/memory/tegra/tegra20-emc.c | 8 +- drivers/mfd/syscon.c | 19 +-- drivers/misc/cardreader/rtsx_usb.c | 15 ++ drivers/mtd/hyperbus/hbmc-am654.c | 19 ++- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 + drivers/mtd/ubi/ubi.h | 2 - drivers/mtd/ubi/wl.c | 21 --- drivers/net/bonding/bond_main.c | 19 +-- drivers/net/ethernet/broadcom/bgmac.h | 3 +- drivers/net/ethernet/davicom/dm9000.c | 3 +- drivers/net/ethernet/freescale/fec_main.c | 31 +++- drivers/net/ethernet/hisilicon/hns3/hnae3.c | 15 ++ drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 + drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 2 + .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 2 + drivers/net/ethernet/intel/iavf/iavf_main.c | 19 ++- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 1 - drivers/net/ethernet/intel/ice/ice_ethtool.c | 1 - drivers/net/ethernet/intel/ice/ice_ethtool.h | 1 - drivers/net/ethernet/intel/ice/ice_parser.h | 6 +- drivers/net/ethernet/intel/ice/ice_parser_rt.c | 12 +- drivers/net/ethernet/intel/idpf/idpf_controlq.c | 6 + drivers/net/ethernet/intel/idpf/idpf_main.c | 15 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 14 +- .../net/ethernet/marvell/octeon_ep/octep_main.c | 10 -- .../ethernet/marvell/octeon_ep_vf/octep_vf_main.c | 8 - drivers/net/ethernet/mediatek/airoha_eth.c | 37 +++-- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- .../mellanox/mlx5/core/steering/hws/definer.c | 2 +- drivers/net/ethernet/mellanox/mlxfw/mlxfw_fsm.c | 2 - drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c | 8 +- drivers/net/ethernet/renesas/ravb_main.c | 22 ++- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 30 ++++ drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +- drivers/net/netdevsim/netdevsim.h | 1 + drivers/net/netdevsim/udp_tunnels.c | 23 +-- drivers/net/phy/marvell-88q2xxx.c | 33 +++- drivers/net/phy/realtek.c | 29 ++-- drivers/net/tap.c | 6 +- drivers/net/team/team_core.c | 7 + drivers/net/tun.c | 6 +- drivers/net/usb/rtl8150.c | 22 +++ drivers/net/vxlan/vxlan_vnifilter.c | 5 + drivers/net/wireless/ath/ath11k/dp_rx.c | 1 + drivers/net/wireless/ath/ath11k/hal_rx.c | 3 +- drivers/net/wireless/ath/ath12k/mac.c | 42 ++--- drivers/net/wireless/ath/wcn36xx/main.c | 5 +- .../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 2 + drivers/net/wireless/intel/iwlwifi/fw/uefi.c | 44 +++-- drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 18 --- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 4 +- drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 7 + drivers/net/wireless/mediatek/mt76/mt7915/main.c | 9 +- drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 1 + drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 1 + drivers/net/wireless/mediatek/mt76/mt7921/mac.c | 1 + drivers/net/wireless/mediatek/mt76/mt7921/main.c | 9 +- drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 109 +++++++++---- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 142 +++++++++++------ drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +- drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 2 + drivers/net/wireless/mediatek/mt76/mt792x.h | 7 +- drivers/net/wireless/mediatek/mt76/mt792x_core.c | 3 +- drivers/net/wireless/mediatek/mt76/mt792x_mac.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 20 +-- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 47 ++++-- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/usb.c | 4 +- drivers/net/wireless/microchip/wilc1000/netdev.c | 2 - drivers/net/wireless/microchip/wilc1000/sdio.c | 9 +- drivers/net/wireless/microchip/wilc1000/spi.c | 9 +- drivers/net/wireless/realtek/rtlwifi/base.c | 13 +- drivers/net/wireless/realtek/rtlwifi/base.h | 1 - drivers/net/wireless/realtek/rtlwifi/pci.c | 61 ++----- .../net/wireless/realtek/rtlwifi/rtl8192se/sw.c | 7 +- .../net/wireless/realtek/rtlwifi/rtl8821ae/phy.c | 4 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 12 +- drivers/net/wireless/realtek/rtlwifi/wifi.h | 12 -- drivers/net/wireless/realtek/rtw89/chan.c | 31 +++- drivers/net/wireless/realtek/rtw89/chan.h | 9 +- drivers/net/wireless/realtek/rtw89/core.c | 11 +- drivers/net/wireless/realtek/rtw89/core.h | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 40 ++++- drivers/net/wireless/realtek/rtw89/mac80211.c | 12 +- drivers/net/wireless/ti/wlcore/main.c | 10 +- drivers/nvme/host/core.c | 34 +++- drivers/nvme/host/tcp.c | 70 ++++++-- drivers/of/fdt.c | 10 +- drivers/of/of_reserved_mem.c | 3 +- drivers/of/property.c | 2 +- drivers/opp/core.c | 57 +++++-- drivers/opp/of.c | 4 +- drivers/pci/controller/dwc/pci-imx6.c | 30 ++-- drivers/pci/controller/dwc/pcie-designware-host.c | 1 + drivers/pci/controller/dwc/pcie-qcom.c | 2 + drivers/pci/controller/pcie-rcar-ep.c | 2 +- drivers/pci/controller/pcie-rockchip-ep.c | 5 + drivers/pci/controller/plda/pcie-microchip-host.c | 96 +++++++++++ drivers/pci/controller/plda/pcie-plda-host.c | 17 +- drivers/pci/controller/plda/pcie-plda.h | 6 +- drivers/pci/endpoint/functions/pci-epf-test.c | 6 +- drivers/pci/endpoint/pci-epc-core.c | 2 +- drivers/pci/pcie/aspm.c | 35 +++- drivers/phy/freescale/phy-fsl-samsung-hdmi.c | 30 ++-- drivers/pinctrl/nomadik/pinctrl-nomadik.c | 35 +++- drivers/pinctrl/pinctrl-amd.c | 27 +++- drivers/pinctrl/pinctrl-amd.h | 7 +- drivers/pinctrl/samsung/pinctrl-exynos.c | 3 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 76 ++++----- drivers/platform/mellanox/mlxbf-pmc.c | 6 +- drivers/platform/x86/x86-android-tablets/core.c | 4 +- drivers/platform/x86/x86-android-tablets/lenovo.c | 4 +- drivers/platform/x86/x86-android-tablets/other.c | 4 +- drivers/pps/clients/pps-gpio.c | 4 +- drivers/pps/clients/pps-ktimer.c | 4 +- drivers/pps/clients/pps-ldisc.c | 6 +- drivers/pps/clients/pps_parport.c | 4 +- drivers/pps/kapi.c | 10 +- drivers/pps/kc.c | 10 +- drivers/pps/pps.c | 127 ++++++++------- drivers/ptp/ptp_chardev.c | 4 + drivers/ptp/ptp_ocp.c | 2 +- drivers/pwm/core.c | 13 +- drivers/pwm/pwm-stm32-lp.c | 8 +- drivers/pwm/pwm-stm32.c | 7 +- drivers/regulator/core.c | 2 +- drivers/regulator/of_regulator.c | 14 +- drivers/remoteproc/mtk_scp.c | 12 +- drivers/remoteproc/remoteproc_core.c | 14 +- drivers/rtc/rtc-loongson.c | 13 +- drivers/rtc/rtc-pcf85063.c | 11 +- drivers/rtc/rtc-tps6594.c | 2 +- drivers/s390/char/sclp.c | 12 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 8 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 3 +- drivers/scsi/sd.c | 17 +- drivers/scsi/sr.c | 5 +- drivers/soc/atmel/soc.c | 2 +- drivers/spi/spi-omap2-mcspi.c | 11 +- drivers/spi/spi-zynq-qspi.c | 13 +- drivers/staging/media/imx/imx-media-of.c | 8 +- drivers/staging/media/max96712/max96712.c | 4 +- drivers/tty/mips_ejtag_fdc.c | 4 +- drivers/tty/serial/8250/8250_port.c | 32 +++- drivers/ufs/core/ufs_bsg.c | 1 + drivers/usb/dwc3/core.c | 35 ++-- drivers/usb/dwc3/dwc3-am62.c | 1 + drivers/usb/gadget/function/f_tcm.c | 14 +- drivers/usb/host/xhci-ring.c | 3 +- drivers/usb/typec/tcpm/tcpci.c | 13 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- drivers/video/fbdev/omap2/omapfb/dss/dss-of.c | 1 + drivers/watchdog/rti_wdt.c | 1 + fs/afs/dir.c | 7 +- fs/afs/internal.h | 9 ++ fs/afs/rxrpc.c | 12 +- fs/afs/xdr_fs.h | 2 +- fs/afs/yfsclient.c | 5 +- fs/btrfs/inode.c | 160 ++++++++++++++----- fs/btrfs/qgroup.c | 21 ++- fs/btrfs/subpage.c | 6 +- fs/btrfs/subpage.h | 13 ++ fs/btrfs/super.c | 2 +- fs/dlm/lock.c | 46 ++++-- fs/dlm/lowcomms.c | 3 +- fs/erofs/zdata.c | 3 +- fs/f2fs/dir.c | 53 ++++-- fs/f2fs/f2fs.h | 6 +- fs/f2fs/inline.c | 5 +- fs/file_table.c | 2 +- fs/hostfs/hostfs_kern.c | 27 +--- fs/nfs/localio.c | 4 +- fs/nfs/nfs42proc.c | 2 +- fs/nfs/nfs42xdr.c | 2 + fs/nfs_common/common.c | 89 +++++++++-- fs/nilfs2/dir.c | 13 +- fs/nilfs2/namei.c | 29 ++-- fs/nilfs2/nilfs.h | 4 +- fs/nilfs2/page.c | 31 +++- fs/nilfs2/segment.c | 4 +- fs/ocfs2/quota_global.c | 5 + fs/pstore/blk.c | 4 +- fs/select.c | 4 +- fs/smb/client/cifsacl.c | 25 +-- fs/smb/client/cifsproto.h | 2 +- fs/smb/client/cifssmb.c | 4 +- fs/smb/client/readdir.c | 2 +- fs/smb/client/reparse.c | 22 ++- fs/smb/client/smb2ops.c | 3 +- fs/ubifs/debug.c | 22 +-- fs/xfs/xfs_buf.c | 3 +- fs/xfs/xfs_buf_item_recover.c | 11 +- fs/xfs/xfs_dquot.c | 12 +- fs/xfs/xfs_notify_failure.c | 121 +++++++++----- fs/xfs/xfs_qm_bhv.c | 27 ++-- include/acpi/acpixf.h | 1 + include/dt-bindings/clock/imx93-clock.h | 1 + include/linux/alloc_tag.h | 11 +- include/linux/blkdev.h | 23 +-- include/linux/btf.h | 5 + include/linux/coredump.h | 4 +- include/linux/hid.h | 1 + include/linux/ieee80211.h | 11 +- include/linux/kallsyms.h | 2 +- include/linux/mroute_base.h | 6 +- include/linux/netdevice.h | 2 +- include/linux/nfs_common.h | 3 +- include/linux/perf_event.h | 6 + include/linux/pm.h | 1 + include/linux/pps_kernel.h | 3 +- include/linux/ptr_ring.h | 21 ++- include/linux/pwm.h | 17 ++ include/linux/sched.h | 1 + include/linux/skb_array.h | 17 +- include/linux/usb/tcpm.h | 3 +- include/net/ax25.h | 10 +- include/net/inetpeer.h | 12 +- include/net/netfilter/nf_tables.h | 6 + include/net/page_pool/types.h | 1 - include/net/pkt_cls.h | 13 +- include/net/sch_generic.h | 5 +- include/net/xfrm.h | 16 +- include/sound/hdaudio_ext.h | 45 ------ include/trace/events/afs.h | 2 + include/trace/events/rxrpc.h | 25 +++ io_uring/io_uring.c | 1 + io_uring/msg_ring.c | 4 +- io_uring/register.c | 2 +- io_uring/uring_cmd.c | 2 +- kernel/bpf/arena.c | 8 +- kernel/bpf/bpf_local_storage.c | 8 +- kernel/bpf/bpf_struct_ops.c | 21 +++ kernel/bpf/btf.c | 5 - kernel/bpf/helpers.c | 18 ++- kernel/events/core.c | 35 ++-- kernel/events/uprobes.c | 4 + kernel/fork.c | 17 +- kernel/irq/internals.h | 9 +- kernel/module/main.c | 7 +- kernel/padata.c | 45 ++++-- kernel/power/hibernate.c | 7 +- kernel/printk/internal.h | 6 + kernel/printk/printk.c | 5 + kernel/printk/printk_safe.c | 7 +- kernel/sched/core.c | 6 +- kernel/sched/cpufreq_schedutil.c | 4 +- kernel/sched/ext.c | 114 +++++++++---- kernel/sched/fair.c | 21 ++- kernel/sched/features.h | 9 ++ kernel/sched/stats.h | 4 + kernel/sched/syscalls.c | 2 +- kernel/trace/bpf_trace.c | 13 +- lib/alloc_tag.c | 2 + lib/rhashtable.c | 12 +- mm/memcontrol.c | 7 +- mm/oom_kill.c | 8 +- net/ax25/af_ax25.c | 12 +- net/ax25/ax25_dev.c | 4 +- net/ax25/ax25_ip.c | 3 +- net/ax25/ax25_out.c | 22 ++- net/ax25/ax25_route.c | 2 + net/core/dev.c | 23 ++- net/core/filter.c | 2 +- net/core/page_pool.c | 2 + net/core/page_pool_priv.h | 2 + net/core/page_pool_user.c | 15 +- net/core/sysctl_net_core.c | 5 +- net/ethtool/ioctl.c | 2 +- net/ethtool/netlink.c | 2 +- net/hsr/hsr_forward.c | 7 +- net/ipv4/icmp.c | 9 +- net/ipv4/inetpeer.c | 31 +--- net/ipv4/ip_fragment.c | 15 +- net/ipv4/ipmr.c | 28 ++-- net/ipv4/ipmr_base.c | 9 +- net/ipv4/route.c | 17 +- net/ipv4/tcp_cubic.c | 8 +- net/ipv4/tcp_output.c | 9 +- net/ipv4/udp.c | 56 +++++++ net/ipv6/icmp.c | 6 +- net/ipv6/ip6_output.c | 6 +- net/ipv6/ip6mr.c | 28 ++-- net/ipv6/ndisc.c | 8 +- net/ipv6/udp.c | 50 ++++++ net/mac80211/debugfs_netdev.c | 2 +- net/mac80211/driver-ops.h | 3 + net/mac80211/rx.c | 1 + net/mptcp/ctrl.c | 4 +- net/mptcp/options.c | 13 +- net/mptcp/pm_netlink.c | 3 +- net/mptcp/protocol.c | 4 +- net/mptcp/protocol.h | 30 ++-- net/ncsi/ncsi-rsp.c | 18 +-- net/netfilter/nf_tables_api.c | 57 ++++++- net/netfilter/nft_flow_offload.c | 16 +- net/netfilter/nft_set_rbtree.c | 43 +++++ net/rose/af_rose.c | 16 +- net/rose/rose_timer.c | 15 ++ net/rxrpc/conn_event.c | 12 +- net/rxrpc/peer_event.c | 16 +- net/rxrpc/peer_object.c | 12 +- net/sched/cls_api.c | 57 +++---- net/sched/cls_bpf.c | 2 + net/sched/cls_flower.c | 2 + net/sched/cls_matchall.c | 2 + net/sched/cls_u32.c | 4 + net/sched/sch_api.c | 4 + net/sched/sch_generic.c | 4 +- net/sched/sch_sfq.c | 4 + net/smc/af_smc.c | 2 +- net/smc/smc_rx.c | 37 +++-- net/smc/smc_rx.h | 8 +- net/sunrpc/svcsock.c | 12 +- net/vmw_vsock/af_vsock.c | 13 +- net/wireless/scan.c | 7 +- net/wireless/tests/scan.c | 2 + net/xfrm/xfrm_replay.c | 10 +- net/xfrm/xfrm_state.c | 93 ++++++++--- samples/landlock/sandboxer.c | 7 + scripts/Makefile.build | 2 + scripts/Makefile.lib | 10 +- scripts/Makefile.modinst | 2 +- scripts/genksyms/genksyms.c | 11 +- scripts/genksyms/genksyms.h | 2 +- scripts/genksyms/parse.y | 18 ++- scripts/kconfig/confdata.c | 6 +- scripts/kconfig/symbol.c | 1 + security/landlock/fs.c | 11 +- sound/core/seq/Kconfig | 4 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/acp/acp-i2s.c | 1 + sound/soc/codecs/Makefile | 8 +- sound/soc/codecs/da7213.c | 2 + sound/soc/intel/avs/apl.c | 3 +- sound/soc/intel/avs/cnl.c | 1 + sound/soc/intel/avs/core.c | 14 +- sound/soc/intel/avs/loader.c | 2 +- sound/soc/intel/avs/registers.h | 45 ++++++ sound/soc/intel/avs/skl.c | 1 + sound/soc/intel/avs/topology.c | 4 +- sound/soc/intel/boards/sof_sdw.c | 47 ++++-- sound/soc/mediatek/mt8365/Makefile | 2 +- sound/soc/renesas/rz-ssi.c | 3 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 31 +++- sound/soc/sdca/Makefile | 2 +- sound/soc/sunxi/sun4i-spdif.c | 7 + sound/usb/quirks.c | 2 + tools/bootconfig/main.c | 4 +- tools/build/Makefile.feature | 7 - tools/build/feature/test-all.c | 5 - tools/include/uapi/linux/if_xdp.h | 4 +- tools/lib/bpf/btf.c | 1 + tools/lib/bpf/btf_relocate.c | 2 +- tools/lib/bpf/linker.c | 22 +-- tools/lib/bpf/usdt.c | 2 +- tools/net/ynl/lib/ynl.c | 2 +- tools/perf/MANIFEST | 1 + tools/perf/Makefile.config | 83 ++++++---- tools/perf/builtin-inject.c | 8 +- tools/perf/builtin-lock.c | 66 +++++--- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-top.c | 2 +- tools/perf/builtin-trace.c | 6 +- .../perf/tests/shell/lib/perf_json_output_lint.py | 14 +- tools/perf/tests/shell/stat.sh | 6 +- tools/perf/tests/shell/trace_btf_enum.sh | 8 +- tools/perf/util/annotate.c | 76 ++++++++- tools/perf/util/annotate.h | 15 +- tools/perf/util/bpf-event.c | 10 +- .../util/bpf_skel/augmented_raw_syscalls.bpf.c | 11 +- tools/perf/util/disasm.c | 83 ++-------- tools/perf/util/env.c | 13 +- tools/perf/util/env.h | 4 +- tools/perf/util/expr.c | 5 +- tools/perf/util/header.c | 8 +- tools/perf/util/machine.c | 2 +- tools/perf/util/maps.c | 7 +- tools/perf/util/namespaces.c | 7 +- tools/perf/util/namespaces.h | 3 +- tools/perf/util/stat-display.c | 177 +++++++++++---------- tools/perf/util/symbol.c | 9 +- .../cpupower/utils/idle_monitor/mperf_monitor.c | 15 +- tools/power/x86/turbostat/turbostat.c | 58 ++++++- tools/testing/ktest/ktest.pl | 7 +- tools/testing/selftests/bpf/Makefile | 4 +- .../testing/selftests/bpf/prog_tests/btf_distill.c | 4 +- .../selftests/bpf/prog_tests/fill_link_info.c | 4 + .../selftests/bpf/progs/test_fill_link_info.c | 13 +- tools/testing/selftests/bpf/test_tc_tunnel.sh | 1 + tools/testing/selftests/bpf/veristat.c | 1 + tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +- .../drivers/net/netdevsim/udp_tunnel_nic.sh | 16 +- .../ftrace/test.d/00basic/mount_options.tc | 8 +- tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +- tools/testing/selftests/kselftest_harness.h | 24 +-- tools/testing/selftests/landlock/Makefile | 4 +- tools/testing/selftests/landlock/fs_test.c | 3 +- tools/testing/selftests/mm/Makefile | 9 +- tools/testing/selftests/net/lib/Makefile | 2 +- tools/testing/selftests/net/mptcp/Makefile | 2 +- tools/testing/selftests/net/openvswitch/Makefile | 2 +- .../selftests/powerpc/benchmarks/gettimeofday.c | 2 +- tools/testing/selftests/rseq/rseq.c | 32 +++- tools/testing/selftests/rseq/rseq.h | 9 +- .../testing/selftests/timers/clocksource-switch.c | 6 +- 703 files changed, 5738 insertions(+), 3278 deletions(-)

2 weeks, 1 day

17
644
0 0

[PATCH 6.6 v2 0/7] x86: fix user address masking non-canonical

by Jimmy Tran

Hi everyone, This is v2 of my series to backport the critical security fix, identified as CVE-2020-12965 ("Transient Execution of Non-Canonical Accesses"), to the 6.6.y stable kernel tree. Linus Torvalds's second proposed solution offers a more targeted and smaller backport for CVE-2020-12965 compared to backporting the entire patch series. This alternative would focus solely on the user address masking logic that addresses the AMD speculation issue with non-canonical addresses. Instead of introducing the extensive "runtime-constant" infrastructure seen in the larger patch series, this solution would: - Introduce a single new variable for the USER_PTR_MAX value. - Use an actual memory load to access this USER_PTR_MAX value, rather than leveraging the runtime_const mechanism. While this approach would result in a noticeably smaller and more localized patch, it would differ from what's currently in the mainline kernel. This divergence would necessitate significant additional testing to ensure its stability. I am ready to implement the second proposed solution if the maintainers wish to move forward in that direction, understanding the testing implications. Please let me know your preference. Changes in v2: ============== - Incorporated the commit 91309a708: x86: use cmov for user address as suggested by David Laight. This commit is now included as the first patch in the series. This series addresses the CVE-2020-12965 vulnerability by introducing the necessary x86 infrastructure and the specific fix for user address masking non-canonical speculation issues. v1: ============== This patch series backports a critical security fix, identified as CVE-2020-12965 ("Transient Execution of Non-Canonical Accesses"), to the 6.6.y stable kernel tree. David Laight (1): x86: fix off-by-one in access_ok() Linus Torvalds (6): vfs: dcache: move hashlen_hash() from callers into d_hash() runtime constants: add default dummy infrastructure runtime constants: add x86 architecture support arm64: add 'runtime constant' support x86: fix user address masking non-canonical speculation issue x86: use cmov for user address masking arch/arm64/include/asm/runtime-const.h | 92 ++++++++++++++++++++++++++ arch/arm64/kernel/vmlinux.lds.S | 3 + arch/x86/include/asm/runtime-const.h | 61 +++++++++++++++++ arch/x86/include/asm/uaccess_64.h | 44 +++++++----- arch/x86/kernel/cpu/common.c | 10 +++ arch/x86/kernel/vmlinux.lds.S | 4 ++ arch/x86/lib/getuser.S | 10 ++- fs/dcache.c | 17 +++-- include/asm-generic/Kbuild | 1 + include/asm-generic/runtime-const.h | 15 +++++ include/asm-generic/vmlinux.lds.h | 8 +++ 11 files changed, 242 insertions(+), 23 deletions(-) create mode 100644 arch/arm64/include/asm/runtime-const.h create mode 100644 arch/x86/include/asm/runtime-const.h create mode 100644 include/asm-generic/runtime-const.h -- 2.50.1.470.g6ba607880d-goog

2 weeks, 1 day

4
10
0 0

[PATCH] platform/x86/intel-uncore-freq: Check write blocked for ELC

by Srinivas Pandruvada

Add the missing write_blocked check for updating sysfs related to uncore efficiency latency control (ELC). If write operation is blocked return error. Fixes: bb516dc79c4a ("platform/x86/intel-uncore-freq: Add support for efficiency latency control") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- Non urgent patch. It can go through regular merge window even if it has fix tag. This is not a current production use case. Rebased on https://kernel.googlesource.com/pub/scm/linux/kernel/git/pdx86/platform-dri… for-next .../x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c b/drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c index 6df55c8e16b7..bfcf92aa4d69 100644 --- a/drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c +++ b/drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c @@ -192,9 +192,14 @@ static int uncore_read_control_freq(struct uncore_data *data, unsigned int *valu static int write_eff_lat_ctrl(struct uncore_data *data, unsigned int val, enum uncore_index index) { struct tpmi_uncore_cluster_info *cluster_info; + struct tpmi_uncore_struct *uncore_root; u64 control; cluster_info = container_of(data, struct tpmi_uncore_cluster_info, uncore_data); + uncore_root = cluster_info->uncore_root; + + if (uncore_root->write_blocked) + return -EPERM; if (cluster_info->root_domain) return -ENODATA; -- 2.49.0

2 weeks, 1 day

2
1
0 0

Regarding linux kernel commit 805e3ce5e0e32b31dcecc0774c57c17a1f13cef6

by Srinivasa Srikanth Podila

Hello, I have come across the linux kernel commit 805e3ce5e0e32b31dcecc0774c57c17a1f13cef6 merged into the 6.15 kernel. Kernel Commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Currently, we need this fix into the latest 6.8 based kernel as our servers are all based on Ubuntu 24.04 with 6.8 based kernels. Please let us know the process for the same. Could you please help in this regard. Any help on this would be greatly appreciated. Thanks, Srikanth

2 weeks, 2 days

2
1
0 0

FAILED: patch "[PATCH] smb: client: default to nonativesocket under POSIX mounts" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6b445309eec2bc0594f3e24c7777aeef891d386e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081220-superbowl-aerospace-880f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b445309eec2bc0594f3e24c7777aeef891d386e Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.org> Date: Thu, 31 Jul 2025 20:46:42 -0300 Subject: [PATCH] smb: client: default to nonativesocket under POSIX mounts SMB3.1.1 POSIX mounts require sockets to be created with NFS reparse points. Cc: linux-cifs(a)vger.kernel.org Cc: Ralph Boehme <slow(a)samba.org> Cc: David Howells <dhowells(a)redhat.com> Cc: <stable(a)vger.kernel.org> Reported-by: Matthew Richardson <m.richardson(a)ed.ac.uk> Closes: https://marc.info/?i=1124e7cd-6a46-40a6-9f44-b7664a66654b@ed.ac.uk Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c index cc8bd79ebca9..072383899e81 100644 --- a/fs/smb/client/fs_context.c +++ b/fs/smb/client/fs_context.c @@ -1652,6 +1652,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, pr_warn_once("conflicting posix mount options specified\n"); ctx->linux_ext = 1; ctx->no_linux_ext = 0; + ctx->nonativesocket = 1; /* POSIX mounts use NFS style reparse points */ } break; case Opt_nocase:

2 weeks, 2 days

1
0
0 0

FAILED: patch "[PATCH] smb: client: default to nonativesocket under POSIX mounts" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6b445309eec2bc0594f3e24c7777aeef891d386e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081229-unbraided-drinking-9839@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b445309eec2bc0594f3e24c7777aeef891d386e Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.org> Date: Thu, 31 Jul 2025 20:46:42 -0300 Subject: [PATCH] smb: client: default to nonativesocket under POSIX mounts SMB3.1.1 POSIX mounts require sockets to be created with NFS reparse points. Cc: linux-cifs(a)vger.kernel.org Cc: Ralph Boehme <slow(a)samba.org> Cc: David Howells <dhowells(a)redhat.com> Cc: <stable(a)vger.kernel.org> Reported-by: Matthew Richardson <m.richardson(a)ed.ac.uk> Closes: https://marc.info/?i=1124e7cd-6a46-40a6-9f44-b7664a66654b@ed.ac.uk Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c index cc8bd79ebca9..072383899e81 100644 --- a/fs/smb/client/fs_context.c +++ b/fs/smb/client/fs_context.c @@ -1652,6 +1652,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, pr_warn_once("conflicting posix mount options specified\n"); ctx->linux_ext = 1; ctx->no_linux_ext = 0; + ctx->nonativesocket = 1; /* POSIX mounts use NFS style reparse points */ } break; case Opt_nocase:

2 weeks, 2 days

1
0
0 0

FAILED: patch "[PATCH] smb: client: default to nonativesocket under POSIX mounts" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 6b445309eec2bc0594f3e24c7777aeef891d386e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081229-blizzard-gout-ee04@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b445309eec2bc0594f3e24c7777aeef891d386e Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.org> Date: Thu, 31 Jul 2025 20:46:42 -0300 Subject: [PATCH] smb: client: default to nonativesocket under POSIX mounts SMB3.1.1 POSIX mounts require sockets to be created with NFS reparse points. Cc: linux-cifs(a)vger.kernel.org Cc: Ralph Boehme <slow(a)samba.org> Cc: David Howells <dhowells(a)redhat.com> Cc: <stable(a)vger.kernel.org> Reported-by: Matthew Richardson <m.richardson(a)ed.ac.uk> Closes: https://marc.info/?i=1124e7cd-6a46-40a6-9f44-b7664a66654b@ed.ac.uk Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c index cc8bd79ebca9..072383899e81 100644 --- a/fs/smb/client/fs_context.c +++ b/fs/smb/client/fs_context.c @@ -1652,6 +1652,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, pr_warn_once("conflicting posix mount options specified\n"); ctx->linux_ext = 1; ctx->no_linux_ext = 0; + ctx->nonativesocket = 1; /* POSIX mounts use NFS style reparse points */ } break; case Opt_nocase:

2 weeks, 2 days

1
0
0 0

FAILED: patch "[PATCH] smb: server: Fix extension string in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8e7d178d06e8937454b6d2f2811fa6a15656a214 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081256-unhitched-broadcast-2eef@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e7d178d06e8937454b6d2f2811fa6a15656a214 Mon Sep 17 00:00:00 2001 From: Thorsten Blum <thorsten.blum(a)linux.dev> Date: Wed, 6 Aug 2025 03:03:49 +0200 Subject: [PATCH] smb: server: Fix extension string in ksmbd_extract_shortname() In ksmbd_extract_shortname(), strscpy() is incorrectly called with the length of the source string (excluding the NUL terminator) rather than the size of the destination buffer. This results in "__" being copied to 'extension' rather than "___" (two underscores instead of three). Use the destination buffer size instead to ensure that the string "___" (three underscores) is copied correctly. Cc: stable(a)vger.kernel.org Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 425c756bcfb8..b23203a1c286 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -515,7 +515,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, p = strrchr(longname, '.'); if (p == longname) { /*name starts with a dot*/ - strscpy(extension, "___", strlen("___")); + strscpy(extension, "___", sizeof(extension)); } else { if (p) { p++;

2 weeks, 2 days

1
0
0 0

FAILED: patch "[PATCH] smb: server: Fix extension string in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8e7d178d06e8937454b6d2f2811fa6a15656a214 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081253-lapping-empathic-d0ae@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e7d178d06e8937454b6d2f2811fa6a15656a214 Mon Sep 17 00:00:00 2001 From: Thorsten Blum <thorsten.blum(a)linux.dev> Date: Wed, 6 Aug 2025 03:03:49 +0200 Subject: [PATCH] smb: server: Fix extension string in ksmbd_extract_shortname() In ksmbd_extract_shortname(), strscpy() is incorrectly called with the length of the source string (excluding the NUL terminator) rather than the size of the destination buffer. This results in "__" being copied to 'extension' rather than "___" (two underscores instead of three). Use the destination buffer size instead to ensure that the string "___" (three underscores) is copied correctly. Cc: stable(a)vger.kernel.org Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> Acked-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 425c756bcfb8..b23203a1c286 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -515,7 +515,7 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, const char *longname, p = strrchr(longname, '.'); if (p == longname) { /*name starts with a dot*/ - strscpy(extension, "___", strlen("___")); + strscpy(extension, "___", sizeof(extension)); } else { if (p) { p++;

2 weeks, 2 days

1
0
0 0

[PATCH 6.6] gfs2: replace sd_aspace with sd_inode

by Sumanth Gavini

commit ae9f3bd8259a0a8f67be2420e66bb05fbb95af48 upstream. Currently, sdp->sd_aspace and the per-inode metadata address spaces use sb->s_bdev->bd_mapping->host as their ->host; folios in those address spaces will thus appear to be on bdev rather than on gfs2 filesystems. This is a problem because gfs2 doesn't support cgroup writeback (SB_I_CGROUPWB), but bdev does. Fix that by using a "dummy" gfs2 inode as ->host in those address spaces. When coming from a folio, folio->mapping->host->i_sb will then be a gfs2 super block and the SB_I_CGROUPWB flag will not be set in sb->s_iflags. Based on a previous version from Bob Peterson from several years ago. Thanks to Tetsuo Handa, Jan Kara, and Rafael Aquini for helping figure this out. Fixes: aaa2cacf8184 ("writeback: add lockdep annotation to inode_to_wb()") Signed-off-by: Andreas Gruenbacher <agruenba(a)redhat.com> Signed-off-by: Sumanth Gavini <sumanth.gavini(a)yahoo.com> --- fs/gfs2/glock.c | 3 +-- fs/gfs2/glops.c | 4 ++-- fs/gfs2/incore.h | 9 ++++++++- fs/gfs2/meta_io.c | 2 +- fs/gfs2/meta_io.h | 4 +--- fs/gfs2/ops_fstype.c | 28 ++++++++++++++++------------ fs/gfs2/super.c | 2 +- 7 files changed, 30 insertions(+), 22 deletions(-) diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c index 4a280be229a6..7ab1b4dac0bb 100644 --- a/fs/gfs2/glock.c +++ b/fs/gfs2/glock.c @@ -1146,7 +1146,6 @@ int gfs2_glock_get(struct gfs2_sbd *sdp, u64 number, const struct gfs2_glock_operations *glops, int create, struct gfs2_glock **glp) { - struct super_block *s = sdp->sd_vfs; struct lm_lockname name = { .ln_number = number, .ln_type = glops->go_type, .ln_sbd = sdp }; @@ -1210,7 +1209,7 @@ int gfs2_glock_get(struct gfs2_sbd *sdp, u64 number, mapping = gfs2_glock2aspace(gl); if (mapping) { mapping->a_ops = &gfs2_meta_aops; - mapping->host = s->s_bdev->bd_inode; + mapping->host = sdp->sd_inode; mapping->flags = 0; mapping_set_gfp_mask(mapping, GFP_NOFS); mapping->private_data = NULL; diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c index f41ca89d216b..5877afdb11c5 100644 --- a/fs/gfs2/glops.c +++ b/fs/gfs2/glops.c @@ -165,7 +165,7 @@ void gfs2_ail_flush(struct gfs2_glock *gl, bool fsync) static int gfs2_rgrp_metasync(struct gfs2_glock *gl) { struct gfs2_sbd *sdp = gl->gl_name.ln_sbd; - struct address_space *metamapping = &sdp->sd_aspace; + struct address_space *metamapping = gfs2_aspace(sdp); struct gfs2_rgrpd *rgd = gfs2_glock2rgrp(gl); const unsigned bsize = sdp->sd_sb.sb_bsize; loff_t start = (rgd->rd_addr * bsize) & PAGE_MASK; @@ -222,7 +222,7 @@ static int rgrp_go_sync(struct gfs2_glock *gl) static void rgrp_go_inval(struct gfs2_glock *gl, int flags) { struct gfs2_sbd *sdp = gl->gl_name.ln_sbd; - struct address_space *mapping = &sdp->sd_aspace; + struct address_space *mapping = gfs2_aspace(sdp); struct gfs2_rgrpd *rgd = gfs2_glock2rgrp(gl); const unsigned bsize = sdp->sd_sb.sb_bsize; loff_t start, end; diff --git a/fs/gfs2/incore.h b/fs/gfs2/incore.h index a8c95c5293c6..52712ec33d91 100644 --- a/fs/gfs2/incore.h +++ b/fs/gfs2/incore.h @@ -795,7 +795,7 @@ struct gfs2_sbd { /* Log stuff */ - struct address_space sd_aspace; + struct inode *sd_inode; spinlock_t sd_log_lock; @@ -850,6 +850,13 @@ struct gfs2_sbd { unsigned long sd_glock_dqs_held; }; +#define GFS2_BAD_INO 1 + +static inline struct address_space *gfs2_aspace(struct gfs2_sbd *sdp) +{ + return sdp->sd_inode->i_mapping; +} + static inline void gfs2_glstats_inc(struct gfs2_glock *gl, int which) { gl->gl_stats.stats[which]++; diff --git a/fs/gfs2/meta_io.c b/fs/gfs2/meta_io.c index 924361fa510b..fca8ea2f4504 100644 --- a/fs/gfs2/meta_io.c +++ b/fs/gfs2/meta_io.c @@ -122,7 +122,7 @@ struct buffer_head *gfs2_getbuf(struct gfs2_glock *gl, u64 blkno, int create) unsigned int bufnum; if (mapping == NULL) - mapping = &sdp->sd_aspace; + mapping = gfs2_aspace(sdp); shift = PAGE_SHIFT - sdp->sd_sb.sb_bsize_shift; index = blkno >> shift; /* convert block to page */ diff --git a/fs/gfs2/meta_io.h b/fs/gfs2/meta_io.h index d0a58cdd433a..a4c3865137d4 100644 --- a/fs/gfs2/meta_io.h +++ b/fs/gfs2/meta_io.h @@ -44,9 +44,7 @@ static inline struct gfs2_sbd *gfs2_mapping2sbd(struct address_space *mapping) struct gfs2_glock_aspace *gla = container_of(mapping, struct gfs2_glock_aspace, mapping); return gla->glock.gl_name.ln_sbd; - } else if (mapping->a_ops == &gfs2_rgrp_aops) - return container_of(mapping, struct gfs2_sbd, sd_aspace); - else + } else return inode->i_sb->s_fs_info; } diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index 33ca04733e93..9933c7328dcb 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -72,7 +72,6 @@ void free_sbd(struct gfs2_sbd *sdp) static struct gfs2_sbd *init_sbd(struct super_block *sb) { struct gfs2_sbd *sdp; - struct address_space *mapping; sdp = kzalloc(sizeof(struct gfs2_sbd), GFP_KERNEL); if (!sdp) @@ -110,16 +109,6 @@ static struct gfs2_sbd *init_sbd(struct super_block *sb) INIT_LIST_HEAD(&sdp->sd_sc_inodes_list); - mapping = &sdp->sd_aspace; - - address_space_init_once(mapping); - mapping->a_ops = &gfs2_rgrp_aops; - mapping->host = sb->s_bdev->bd_inode; - mapping->flags = 0; - mapping_set_gfp_mask(mapping, GFP_NOFS); - mapping->private_data = NULL; - mapping->writeback_index = 0; - spin_lock_init(&sdp->sd_log_lock); atomic_set(&sdp->sd_log_pinned, 0); INIT_LIST_HEAD(&sdp->sd_log_revokes); @@ -1159,6 +1148,7 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc) int silent = fc->sb_flags & SB_SILENT; struct gfs2_sbd *sdp; struct gfs2_holder mount_gh; + struct address_space *mapping; int error; sdp = init_sbd(sb); @@ -1206,9 +1196,21 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc) sdp->sd_tune.gt_statfs_quantum = 30; } + /* Set up an address space for metadata writes */ + sdp->sd_inode = new_inode(sb); + error = -ENOMEM; + if (!sdp->sd_inode) + goto fail_free; + sdp->sd_inode->i_ino = GFS2_BAD_INO; + sdp->sd_inode->i_size = OFFSET_MAX; + + mapping = gfs2_aspace(sdp); + mapping->a_ops = &gfs2_rgrp_aops; + mapping_set_gfp_mask(mapping, GFP_NOFS); + error = init_names(sdp, silent); if (error) - goto fail_free; + goto fail_iput; snprintf(sdp->sd_fsname, sizeof(sdp->sd_fsname), "%s", sdp->sd_table_name); @@ -1327,6 +1329,8 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc) gfs2_sys_fs_del(sdp); fail_delete_wq: destroy_workqueue(sdp->sd_delete_wq); +fail_iput: + iput(sdp->sd_inode); fail_free: free_sbd(sdp); sb->s_fs_info = NULL; diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c index 02d93da21b2b..47e0b5c96d1c 100644 --- a/fs/gfs2/super.c +++ b/fs/gfs2/super.c @@ -642,7 +642,7 @@ static void gfs2_put_super(struct super_block *sb) gfs2_jindex_free(sdp); /* Take apart glock structures and buffer lists */ gfs2_gl_hash_clear(sdp); - truncate_inode_pages_final(&sdp->sd_aspace); + iput(sdp->sd_inode); gfs2_delete_debugfs_file(sdp); /* Unmount the locking protocol */ gfs2_lm_unmount(sdp); -- 2.43.0

2 weeks, 2 days

3
2
0 0

[PATCH 6.6] io_uring/rw: ensure reissue path is correctly handled for IOPOLL

by Sumanth Gavini

commit bcb0fda3c2da9fe4721d3e73d80e778c038e7d27 upstream. The IOPOLL path posts CQEs when the io_kiocb is marked as completed, so it cannot rely on the usual retry that non-IOPOLL requests do for read/write requests. If -EAGAIN is received and the request should be retried, go through the normal completion path and let the normal flush logic catch it and reissue it, like what is done for !IOPOLL reads or writes. Fixes: d803d123948f ("io_uring/rw: handle -EAGAIN retry at IO completion time") Reported-by: John Garry <john.g.garry(a)oracle.com> Link: https://lore.kernel.org/io-uring/2b43ccfa-644d-4a09-8f8f-39ad71810f41@oracl… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> Signed-off-by: Sumanth Gavini <sumanth.gavini(a)yahoo.com> --- io_uring/rw.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/io_uring/rw.c b/io_uring/rw.c index 4ff3442ac2ee..6a84c4a39ce9 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -326,11 +326,10 @@ static void io_complete_rw_iopoll(struct kiocb *kiocb, long res) if (kiocb->ki_flags & IOCB_WRITE) io_req_end_write(req); if (unlikely(res != req->cqe.res)) { - if (res == -EAGAIN && io_rw_should_reissue(req)) { + if (res == -EAGAIN && io_rw_should_reissue(req)) req->flags |= REQ_F_REISSUE | REQ_F_PARTIAL_IO; - return; - } - req->cqe.res = res; + else + req->cqe.res = res; } /* order with io_iopoll_complete() checking ->iopoll_completed */ -- 2.43.0

2 weeks, 2 days

4
5
0 0

[PATCH 6.12 1/6] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type

by Sergey Senozhatsky

From: Jani Nikula <jani.nikula(a)intel.com> [ Upstream commit e1980a977686d46dbf45687f7750f1c50d1d6cf8 ] The caller doesn't actually need the returned struct intel_connector; it's stored in the ->attached_connector of intel_dp and intel_hdmi. Switch to returning an int with 0 for success and negative errors codes to be able to indicate success even when we don't have a connector. Reviewed-by: Suraj Kandpal <suraj.kandpal(a)intel.com> Tested-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/8ef7fe838231919e85eaead640c51… Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/display/intel_ddi.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index 34dee523f0b6..b567efc5b93c 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -4413,8 +4413,7 @@ static const struct drm_encoder_funcs intel_ddi_funcs = { .late_register = intel_ddi_encoder_late_register, }; -static struct intel_connector * -intel_ddi_init_dp_connector(struct intel_digital_port *dig_port) +static int intel_ddi_init_dp_connector(struct intel_digital_port *dig_port) { struct drm_i915_private *i915 = to_i915(dig_port->base.base.dev); struct intel_connector *connector; @@ -4422,7 +4421,7 @@ intel_ddi_init_dp_connector(struct intel_digital_port *dig_port) connector = intel_connector_alloc(); if (!connector) - return NULL; + return -ENOMEM; dig_port->dp.output_reg = DDI_BUF_CTL(port); if (DISPLAY_VER(i915) >= 14) @@ -4437,7 +4436,7 @@ intel_ddi_init_dp_connector(struct intel_digital_port *dig_port) if (!intel_dp_init_connector(dig_port, connector)) { kfree(connector); - return NULL; + return -EINVAL; } if (dig_port->base.type == INTEL_OUTPUT_EDP) { @@ -4453,7 +4452,7 @@ intel_ddi_init_dp_connector(struct intel_digital_port *dig_port) } } - return connector; + return 0; } static int intel_hdmi_reset_link(struct intel_encoder *encoder, @@ -4623,20 +4622,19 @@ static bool bdw_digital_port_connected(struct intel_encoder *encoder) return intel_de_read(dev_priv, GEN8_DE_PORT_ISR) & bit; } -static struct intel_connector * -intel_ddi_init_hdmi_connector(struct intel_digital_port *dig_port) +static int intel_ddi_init_hdmi_connector(struct intel_digital_port *dig_port) { struct intel_connector *connector; enum port port = dig_port->base.port; connector = intel_connector_alloc(); if (!connector) - return NULL; + return -ENOMEM; dig_port->hdmi.hdmi_reg = DDI_BUF_CTL(port); intel_hdmi_init_connector(dig_port, connector); - return connector; + return 0; } static bool intel_ddi_a_force_4_lanes(struct intel_digital_port *dig_port) @@ -5185,7 +5183,7 @@ void intel_ddi_init(struct intel_display *display, intel_infoframe_init(dig_port); if (init_dp) { - if (!intel_ddi_init_dp_connector(dig_port)) + if (intel_ddi_init_dp_connector(dig_port)) goto err; dig_port->hpd_pulse = intel_dp_hpd_pulse; @@ -5199,7 +5197,7 @@ void intel_ddi_init(struct intel_display *display, * but leave it just in case we have some really bad VBTs... */ if (encoder->type != INTEL_OUTPUT_EDP && init_hdmi) { - if (!intel_ddi_init_hdmi_connector(dig_port)) + if (intel_ddi_init_hdmi_connector(dig_port)) goto err; } -- 2.50.1.565.gc32cd1483b-goog

2 weeks, 2 days

3
16
0 0

[PATCH v4 19/24] mtd: spinand: propagate spinand_wait() errors from spinand_write_page()

by Mikhail Kshevetskiy

From: Gabor Juhos <j4g8y7(a)gmail.com> Since commit 3d1f08b032dc ("mtd: spinand: Use the external ECC engine logic") the spinand_write_page() function ignores the errors returned by spinand_wait(). Change the code to propagate those up to the stack as it was done before the offending change. Cc: stable(a)vger.kernel.org Fixes: 3d1f08b032dc ("mtd: spinand: Use the external ECC engine logic") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/spi/core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/spi/core.c b/drivers/mtd/nand/spi/core.c index daf6efb87d8..3e21a06dd0f 100644 --- a/drivers/mtd/nand/spi/core.c +++ b/drivers/mtd/nand/spi/core.c @@ -691,7 +691,10 @@ int spinand_write_page(struct spinand_device *spinand, SPINAND_WRITE_INITIAL_DELAY_US, SPINAND_WRITE_POLL_DELAY_US, &status); - if (!ret && (status & STATUS_PROG_FAILED)) + if (ret) + return ret; + + if (status & STATUS_PROG_FAILED) return -EIO; return spinand_ondie_ecc_finish_io_req(nand, (struct nand_page_io_req *)req); -- 2.47.2

2 weeks, 2 days

2
1
0 0

Re: Patch "sched: Do not call __put_task_struct() on rt if pi_blocked_on is set" has been added to the 6.16-stable tree

by Luis Claudio R. Goncalves

On Fri, Aug 08, 2025 at 07:27:26PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > sched: Do not call __put_task_struct() on rt if pi_blocked_on is set > > to the 6.16-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > sched-do-not-call-__put_task_struct-on-rt-if-pi_bloc.patch > and it can be found in the queue-6.16 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Hi Sasha! I am the author of that patch and I sent a follow-up patch that fixes a mistake I made on the original patch: [RESEND PATCH] sched: restore the behavior of put_task_struct() for non-rt https://lore.kernel.org/all/aJOwe_ZS5rHXMrsO@uudg.org/ The patch you have does not match what is in the description. I unfortunately sent the wrong version of the patch on the verge of leaving for a long vacation and only noticed that when I returned. The code is correct, but does not match the commit description and is a change that I would like to propose later as an RFC, not the simpler bugfix originally intended. I suggest waiting for the follow-up patch mentioned above to include both on stable kernels. Sorry for the inconvenience, Luis > > > commit 7bed29f5ad955444283dca82476dd92c59923f73 > Author: Luis Claudio R. Goncalves <lgoncalv(a)redhat.com> > Date: Mon Jul 7 11:03:59 2025 -0300 > > sched: Do not call __put_task_struct() on rt if pi_blocked_on is set > > [ Upstream commit 8671bad873ebeb082afcf7b4501395c374da6023 ] > > With PREEMPT_RT enabled, some of the calls to put_task_struct() coming > from rt_mutex_adjust_prio_chain() could happen in preemptible context and > with a mutex enqueued. That could lead to this sequence: > > rt_mutex_adjust_prio_chain() > put_task_struct() > __put_task_struct() > sched_ext_free() > spin_lock_irqsave() > rtlock_lock() ---> TRIGGERS > lockdep_assert(!current->pi_blocked_on); > > This is not a SCHED_EXT bug. The first cleanup function called by > __put_task_struct() is sched_ext_free() and it happens to take a > (RT) spin_lock, which in the scenario described above, would trigger > the lockdep assertion of "!current->pi_blocked_on". > > Crystal Wood was able to identify the problem as __put_task_struct() > being called during rt_mutex_adjust_prio_chain(), in the context of > a process with a mutex enqueued. > > Instead of adding more complex conditions to decide when to directly > call __put_task_struct() and when to defer the call, unconditionally > resort to the deferred call on PREEMPT_RT to simplify the code. > > Fixes: 893cdaaa3977 ("sched: avoid false lockdep splat in put_task_struct()") > Suggested-by: Crystal Wood <crwood(a)redhat.com> > Signed-off-by: Luis Claudio R. Goncalves <lgoncalv(a)redhat.com> > Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> > Reviewed-by: Wander Lairson Costa <wander(a)redhat.com> > Reviewed-by: Valentin Schneider <vschneid(a)redhat.com> > Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> > Link: https://lore.kernel.org/r/aGvTz5VaPFyj0pBV@uudg.org > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h > index ca1db4b92c32..58ce71715268 100644 > --- a/include/linux/sched/task.h > +++ b/include/linux/sched/task.h > @@ -135,24 +135,17 @@ static inline void put_task_struct(struct task_struct *t) > return; > > /* > - * In !RT, it is always safe to call __put_task_struct(). > - * Under RT, we can only call it in preemptible context. > - */ > - if (!IS_ENABLED(CONFIG_PREEMPT_RT) || preemptible()) { > - static DEFINE_WAIT_OVERRIDE_MAP(put_task_map, LD_WAIT_SLEEP); > - > - lock_map_acquire_try(&put_task_map); > - __put_task_struct(t); > - lock_map_release(&put_task_map); > - return; > - } > - > - /* > - * under PREEMPT_RT, we can't call put_task_struct > + * Under PREEMPT_RT, we can't call __put_task_struct > * in atomic context because it will indirectly > - * acquire sleeping locks. > + * acquire sleeping locks. The same is true if the > + * current process has a mutex enqueued (blocked on > + * a PI chain). > + * > + * In !RT, it is always safe to call __put_task_struct(). > + * Though, in order to simplify the code, resort to the > + * deferred call too. > * > - * call_rcu() will schedule delayed_put_task_struct_rcu() > + * call_rcu() will schedule __put_task_struct_rcu_cb() > * to be called in process context. > * > * __put_task_struct() is called when > @@ -165,7 +158,7 @@ static inline void put_task_struct(struct task_struct *t) > * > * delayed_free_task() also uses ->rcu, but it is only called > * when it fails to fork a process. Therefore, there is no > - * way it can conflict with put_task_struct(). > + * way it can conflict with __put_task_struct(). > */ > call_rcu(&t->rcu, __put_task_struct_rcu_cb); > } > ---end quoted text---

2 weeks, 2 days

2
1
0 0

[BUG] Missing backport for UAF fix in interaction between tls_decrypt_sg and cryptd_queue_worker

by William Liu

Hi all, Commit 41532b785e (tls: separate no-async decryption request handling from async) [1] actually covers a UAF read and write bug in the kernel, and should be backported to 6.1. As of now, it has only been backported to 6.6, back from the time when the patch was committed. The commit mentions a non-reproducible UAF that was previously observed, but we managed to hit the vulnerable case. The vulnerable case is when a user wraps an existing crypto algorithm (such as gcm or ghash) in cryptd. By default, cryptd-wrapped algorithms have a higher priority than the base variant. tls_decrypt_sg allocates the aead request, and triggers the crypto handling with tls_do_decryption. When the crypto is handled by cryptd, it gets dispatched to a worker that handles it and initially returns EINPROGRESS. While older LTS versions (5.4, 5.10, and 5.15) seem to have an additional crypto_wait_req call in those cases, 6.1 just returns success and frees the aead request. The cryptd worker could still be operating in this case, which causes a UAF. However, this vulnerability only occurs when the CPU is without AVX support (perhaps this is why there were reproducibility difficulties). With AVX, aesni_init calls simd_register_aeads_compat to force the crypto subsystem to use the SIMD version and avoids the async issues raised by cryptd. While I doubt many people are using host systems without AVX these days, this environment is pretty common in VMs when QEMU uses KVM without using the "-cpu host" flag. The following is a repro, and can be triggered from unprivileged users. Multishot KASAN shows multiple UAF reads and writes, and ends up panicking the system with a null dereference. #define _GNU_SOURCE #include <stdio.h> #include <stdlib.h> #include <stdbool.h> #include <string.h> #include <unistd.h> #include <sched.h> #include <arpa/inet.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <linux/tcp.h> #include <linux/tls.h> #include <sys/resource.h> #include <fcntl.h> #include <sys/mman.h> #include <linux/if_alg.h> #include <signal.h> #include <sys/wait.h> #include <time.h> struct tls_conn { int tx; int rx; }; void tls_enable(int sk, int type) { struct tls12_crypto_info_aes_gcm_256 tls_ci = { .info.version = TLS_1_3_VERSION, .info.cipher_type = TLS_CIPHER_AES_GCM_256, }; setsockopt(sk, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); setsockopt(sk, SOL_TLS, type, &tls_ci, sizeof(tls_ci)); } struct tls_conn *tls_create_conn(int port) { int s0 = socket(AF_INET, SOCK_STREAM, 0); int s1 = socket(AF_INET, SOCK_STREAM, 0); struct sockaddr_in a = { .sin_family = AF_INET, .sin_port = htons(port), .sin_addr = htobe32(0), }; bind(s0, (struct sockaddr*)&a, sizeof(a)); listen(s0, 1); connect(s1, (struct sockaddr *)&a, sizeof(a)); int s2 = accept(s0, 0, 0); close(s0); tls_enable(s1, TLS_TX); tls_enable(s2, TLS_RX); struct tls_conn *t = calloc(1, sizeof(struct tls_conn)); t->tx = s1; t->rx = s2; return t; } void tls_destroy_conn(struct tls_conn *t) { close(t->tx); close(t->rx); free(t); } int tls_send(struct tls_conn *t, char *data, size_t size) { return sendto(t->tx, data, size, 0, NULL, 0); } int tls_recv(struct tls_conn *t, char *data, size_t size) { return recvfrom(t->rx, data, size, 0, NULL, NULL); } int crypto_register_algo(char *type, char *name) { int s = socket(AF_ALG, SOCK_SEQPACKET, 0); struct sockaddr_alg sa = {}; sa.salg_family = AF_ALG; strcpy(sa.salg_type, type); strcpy(sa.salg_name, name); bind(s, (struct sockaddr *)&sa, sizeof(sa)); close(s); return 0; } int main(void) { char buff[0x2000]; crypto_register_algo("aead", "cryptd(gcm(aes))"); struct tls_conn *t = tls_create_conn(20000); tls_send(t, buff, 0x10); tls_recv(t, buff, 0x100); } Feel free to let us know if you have any questions and if there is anything else we can do to help. Best, Will Savy [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…

2 weeks, 2 days

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror