Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

34 participants
123742 discussions

FAILED: patch "[PATCH] mptcp: Fix proto fallback detection with BPF" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c77b3b79a92e3345aa1ee296180d1af4e7031f8f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025112444-entangled-winking-ac86@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c77b3b79a92e3345aa1ee296180d1af4e7031f8f Mon Sep 17 00:00:00 2001 From: Jiayuan Chen <jiayuan.chen(a)linux.dev> Date: Tue, 11 Nov 2025 14:02:51 +0800 Subject: [PATCH] mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the sk_prot of sockets during protocol stack processing with sockmap's custom read/write interfaces. ''' tcp_rcv_state_process() syn_recv_sock()/subflow_syn_recv_sock() tcp_init_transfer(BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB) bpf_skops_established <== sockops bpf_sock_map_update(sk) <== call bpf helper tcp_bpf_update_proto() <== update sk_prot ''' When the server has MPTCP enabled but the client sends a TCP SYN without MPTCP, subflow_syn_recv_sock() performs a fallback on the subflow, replacing the subflow sk's sk_prot with the native sk_prot. ''' subflow_syn_recv_sock() subflow_ulp_fallback() subflow_drop_ctx() mptcp_subflow_ops_undo_override() ''' Then, this subflow can be normally used by sockmap, which replaces the native sk_prot with sockmap's custom sk_prot. The issue occurs when the user executes accept::mptcp_stream_accept::mptcp_fallback_tcp_ops(). Here, it uses sk->sk_prot to compare with the native sk_prot, but this is incorrect when sockmap is used, as we may incorrectly set sk->sk_socket->ops. This fix uses the more generic sk_family for the comparison instead. Additionally, this also prevents a WARNING from occurring: result from ./scripts/decode_stacktrace.sh: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 337 at net/mptcp/protocol.c:68 mptcp_stream_accept \ (net/mptcp/protocol.c:4005) Modules linked in: ... PKRU: 55555554 Call Trace: <TASK> do_accept (net/socket.c:1989) __sys_accept4 (net/socket.c:2028 net/socket.c:2057) __x64_sys_accept (net/socket.c:2067) x64_sys_call (arch/x86/entry/syscall_64.c:41) do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0033:0x7f87ac92b83d ---[ end trace 0000000000000000 ]--- Fixes: 0b4f33def7bb ("mptcp: fix tcp fallback crash") Signed-off-by: Jiayuan Chen <jiayuan.chen(a)linux.dev> Signed-off-by: Martin KaFai Lau <martin.lau(a)kernel.org> Reviewed-by: Jakub Sitnicki <jakub(a)cloudflare.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Cc: <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20251111060307.194196-3-jiayuan.chen@linux.dev diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 2d6b8de35c44..90b4aeca2596 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -61,11 +61,13 @@ static u64 mptcp_wnd_end(const struct mptcp_sock *msk) static const struct proto_ops *mptcp_fallback_tcp_ops(const struct sock *sk) { + unsigned short family = READ_ONCE(sk->sk_family); + #if IS_ENABLED(CONFIG_MPTCP_IPV6) - if (sk->sk_prot == &tcpv6_prot) + if (family == AF_INET6) return &inet6_stream_ops; #endif - WARN_ON_ONCE(sk->sk_prot != &tcp_prot); + WARN_ON_ONCE(family != AF_INET); return &inet_stream_ops; }

1 month

Linux 6.17.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.10 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +- Documentation/wmi/driver-development-guide.rst | 1 Makefile | 2 arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3576.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 arch/arm64/kvm/hyp/nvhe/ffa.c | 9 arch/loongarch/include/uapi/asm/ptrace.h | 40 +-- arch/loongarch/kernel/numa.c | 60 +--- arch/loongarch/net/bpf_jit.c | 3 arch/loongarch/pci/pci.c | 8 arch/mips/boot/dts/econet/en751221.dtsi | 2 arch/mips/kernel/process.c | 2 arch/mips/mti-malta/malta-init.c | 20 + arch/s390/include/asm/pgtable.h | 12 arch/s390/mm/pgtable.c | 4 arch/x86/events/intel/uncore.c | 1 arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/microcode/amd.c | 20 + arch/x86/kvm/svm/svm.c | 9 arch/x86/kvm/svm/svm.h | 1 block/blk-crypto.c | 2 drivers/acpi/apei/einj-core.c | 64 +++-- drivers/ata/libata-scsi.c | 11 drivers/base/power/main.c | 25 +- drivers/bcma/main.c | 6 drivers/clk/sunxi-ng/ccu-sun55i-a523-r.c | 4 drivers/clk/sunxi-ng/ccu-sun55i-a523.c | 2 drivers/gpio/gpiolib-cdev.c | 9 drivers/gpio/gpiolib-swnode.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 65 +++++ drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.h | 10 drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 58 ---- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 6 drivers/gpu/drm/amd/amdgpu/jpeg_v2_5.c | 4 drivers/gpu/drm/amd/amdgpu/jpeg_v3_0.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_5.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_1.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 +--- drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 4 drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 26 +- drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 11 drivers/gpu/drm/drm_plane.c | 4 drivers/gpu/drm/i915/display/intel_cx0_phy.c | 14 - drivers/gpu/drm/i915/display/intel_display_device.c | 13 + drivers/gpu/drm/i915/display/intel_display_device.h | 4 drivers/gpu/drm/i915/display/intel_dmc.c | 10 drivers/gpu/drm/i915/display/intel_dp.c | 30 -- drivers/gpu/drm/i915/display/intel_psr.c | 36 ++ drivers/gpu/drm/i915/display/intel_quirks.c | 9 drivers/gpu/drm/i915/display/intel_quirks.h | 1 drivers/gpu/drm/msm/msm_iommu.c | 5 drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 drivers/gpu/drm/radeon/radeon_fence.c | 7 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tegra/dsi.c | 9 drivers/gpu/drm/tegra/uapi.c | 7 drivers/gpu/drm/xe/tests/xe_mocs.c | 2 drivers/gpu/drm/xe/xe_irq.c | 18 - drivers/gpu/drm/xe/xe_pci.c | 1 drivers/gpu/drm/xe/xe_vm.c | 4 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 drivers/hid/hid-ids.h | 4 drivers/hid/hid-quirks.c | 13 - drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/tablet/pegasus_notetaker.c | 9 drivers/input/touchscreen/goodix.c | 1 drivers/mtd/mtdchar.c | 6 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 - drivers/net/dsa/microchip/lan937x_main.c | 1 drivers/net/ethernet/airoha/airoha_eth.h | 11 drivers/net/ethernet/airoha/airoha_ppe.c | 103 ++++++-- drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/intel/ice/ice_ptp.c | 22 + drivers/net/ethernet/intel/idpf/idpf_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 drivers/net/ethernet/ti/netcp_core.c | 10 drivers/net/phy/phylink.c | 3 drivers/net/veth.c | 38 +-- drivers/net/wireless/realtek/rtw89/fw.c | 7 drivers/nvme/host/fc.c | 15 - drivers/nvme/host/multipath.c | 2 drivers/nvme/target/auth.c | 4 drivers/nvme/target/fabrics-cmd-auth.c | 1 drivers/nvme/target/nvmet.h | 1 drivers/perf/riscv_pmu_sbi.c | 2 drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 23 + drivers/pinctrl/mediatek/pinctrl-mt8189.c | 4 drivers/pinctrl/mediatek/pinctrl-mt8196.c | 6 drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 drivers/pinctrl/realtek/Kconfig | 1 drivers/platform/x86/Kconfig | 1 drivers/platform/x86/dell/alienware-wmi-wmax.c | 104 ++------ drivers/platform/x86/intel/speed_select_if/isst_if_mmio.c | 4 drivers/platform/x86/intel/uncore-frequency/uncore-frequency-common.h | 9 drivers/platform/x86/msi-wmi-platform.c | 43 +++ drivers/reset/reset-imx8mp-audiomix.c | 4 drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/sg.c | 10 drivers/soc/ti/knav_dma.c | 14 - drivers/target/loopback/tcm_loop.c | 3 drivers/tty/vt/vt_ioctl.c | 4 drivers/ufs/host/ufs-qcom.c | 15 + fs/btrfs/inode.c | 1 fs/btrfs/tree-log.c | 3 fs/exfat/super.c | 5 fs/fat/inode.c | 6 fs/isofs/inode.c | 5 fs/namespace.c | 4 fs/smb/client/cached_dir.c | 43 +++ fs/smb/client/cifsfs.c | 2 fs/smb/client/cifsproto.h | 2 fs/smb/client/connect.c | 38 +-- fs/smb/client/dfs_cache.c | 55 +++- fs/smb/client/fs_context.c | 4 fs/xfs/scrub/symlink_repair.c | 4 fs/xfs/xfs_super.c | 5 include/drm/intel/pciids.h | 5 include/linux/ata.h | 1 include/net/tls.h | 25 +- include/net/xfrm.h | 3 io_uring/cmd_net.c | 2 kernel/events/core.c | 2 kernel/sched/ext.c | 121 +++++++++- kernel/sched/sched.h | 1 kernel/time/tick-sched.c | 11 kernel/time/timekeeping.c | 21 - kernel/time/timer.c | 7 lib/test_kho.c | 3 mm/mempool.c | 32 ++ mm/shmem.c | 15 - mm/truncate.c | 35 ++ net/core/dev_ioctl.c | 3 net/devlink/rate.c | 4 net/ipv4/esp4_offload.c | 6 net/ipv6/esp6_offload.c | 6 net/mptcp/options.c | 54 ++++ net/mptcp/pm.c | 20 + net/mptcp/pm_kernel.c | 2 net/mptcp/protocol.c | 84 ++++-- net/mptcp/protocol.h | 3 net/mptcp/subflow.c | 8 net/openvswitch/actions.c | 68 ----- net/openvswitch/flow_netlink.c | 64 ----- net/openvswitch/flow_netlink.h | 2 net/tls/tls_device.c | 4 net/unix/af_unix.c | 3 net/vmw_vsock/af_vsock.c | 40 ++- net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_output.c | 8 net/xfrm/xfrm_state.c | 16 - net/xfrm/xfrm_user.c | 5 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 security/selinux/hooks.c | 79 +++--- security/selinux/include/objsec.h | 20 + sound/hda/codecs/realtek/alc269.c | 2 sound/soc/codecs/rt721-sdca.c | 4 sound/soc/codecs/rt721-sdca.h | 1 sound/usb/mixer.c | 2 tools/arch/riscv/include/asm/csr.h | 5 tools/testing/selftests/cachestat/test_cachestat.c | 4 tools/testing/selftests/net/bareudp.sh | 2 tools/testing/selftests/net/forwarding/lib_sh_test.sh | 7 tools/testing/selftests/net/lib.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 - tools/tracing/latency/latency-collector.c | 2 184 files changed, 1493 insertions(+), 919 deletions(-) Aleksander Jan Bajkowski (1): mips: dts: econet: fix EN751221 core type Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alexey Charkov (1): arm64: dts: rockchip: Remove non-functioning CPU OPPs from RK3576 Alistair Francis (1): nvmet-auth: update sc_c in target host hash calculation Andrea Righi (1): sched_ext: Fix scx_kick_pseqs corruption on concurrent scheduler loads Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Ankit Nautiyal (2): Revert "drm/i915/dp: Reject HBR3 when sink doesn't support TPS4" drm/i915/dp: Add device specific quirk to limit eDP rate to HBR2 Anthony Wong (1): platform/x86: alienware-wmi-wmax: Add AWCC support to Alienware 16 Aurora Armin Wolf (2): platform/x86: msi-wmi-platform: Only load on MSI devices platform/x86: msi-wmi-platform: Fix typo in WMI GUID Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Bartosz Golaszewski (1): gpio: cdev: make sure the cdev fd is still active before emitting events Bibo Mao (1): LoongArch: Fix NUMA node parsing with numa_memblks Bitterblue Smith (1): wifi: rtw89: hw_scan: Don't let the operating channel be last Borislav Petkov (AMD) (2): x86/microcode/AMD: Limit Entrysign signature checking to known generations x86/CPU/AMD: Extend Zen6 model range Carlos Llamas (1): blk-crypto: use BLK_STS_INVAL for alignment errors Charlene Liu (1): drm/amd/display: Insert dccg log for easy debug Charles Keepax (1): Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" Chen Pei (1): tools: riscv: Fixed misalignment of CSR related definitions Chen-Yu Tsai (2): clk: sunxi-ng: sun55i-a523-r-ccu: Mark bus-r-dma as critical clk: sunxi-ng: sun55i-a523-ccu: Lower audio0 pll minimum rate Dan Carpenter (2): mtdchar: fix integer overflow in read/write ioctls Input: imx_sc_key - fix memory corruption on unload Dapeng Mi (1): perf: Fix 0 count issue of cpu-clock Darrick J. Wong (1): xfs: fix out of bounds memory read error in symlink repair Diederik de Haas (1): arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Diogo Ivo (1): Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Dnyaneshwar Bhadane (4): drm/i915/xe3lpd: Load DMC for Xe3_LPD version 30.02 drm/pcids: Split PTL pciids group to make wcl subplatform drm/i915/display: Add definition for wcl as subplatform drm/i915/xe3: Restrict PTL intel_encoder_is_c10phy() to only PHY A Emil Tantilov (1): idpf: fix possible vport_config NULL pointer deref in remove Emil Tsalapatis (2): sched_ext: defer queue_balance_callback() until after ops.dispatch sched_ext: fix flag check for deferred callbacks Eren Demir (1): ALSA: hda/realtek: Fix mute led for HP Victus 15-fa1xxx (MB 8C2D) Eric Dumazet (2): mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Ewan D. Milne (2): nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Fangzhi Zuo (2): drm/amd/display: Fix pbn to kbps Conversion drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Filipe Manana (1): btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name Gang Yan (1): mptcp: fix address removal logic in mptcp_pm_nl_rm_addr Greg Kroah-Hartman (1): Linux 6.17.10 Grzegorz Nitka (1): ice: fix PTP cleanup on driver removal in error path Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hans de Goede (1): Input: goodix - add support for ACPI ID GDIX1003 Haotian Zhang (2): pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Heiko Carstens (1): s390/mm: Fix __ptep_rdp() inline assembly Henrique Carvalho (2): smb: client: introduce close_cached_dir_locked() smb: client: fix incomplete backport in cfids_invalidation_worker() Huacai Chen (1): LoongArch: Don't panic if no valid cache info for PCI Ido Schimmel (1): selftests: net: lib: Do not overwrite error messages Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Imre Deak (1): drm/i915/dp_mst: Disable Panel Replay Ivan Lipski (1): drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 J-Donald Tournier (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga 7 2-in-1 14AKP10 Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jared Kangas (2): pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jari Ruusu (1): tty/vt: fix up incorrect backport to stable releases Jens Axboe (1): io_uring/cmd_net: fix wrong argument types for skb_queue_splice() Jernej Skrabec (1): clk: sunxi-ng: Mark A523 bus-r-cpucfg clock as critical Jesper Dangaard Brouer (1): veth: more robust handing of race to avoid txq getting stuck Jiaming Zhang (1): net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() Jianbo Liu (3): xfrm: Check inner packet family directly from skb_dst xfrm: Determine inner GSO type from packet inner protocol xfrm: Prevent locally generated packets from direct output in tunnel mode Jiayuan Chen (2): mptcp: Disallow MPTCP subflows from sockmap mptcp: Fix proto fallback detection with BPF Jouni Högander (1): drm/i915/psr: Check drm_dp_dpcd_read return value on PSR dpcd init Kiryl Shutsemau (1): mm/truncate: unmap large folio on split failure Krzysztof Kozlowski (1): dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Kuniyuki Iwashima (1): af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Kurt Borja (4): platform/x86: alienware-wmi-wmax: Fix "Alienware m16 R1 AMD" quirk order platform/x86: alienware-wmi-wmax: Add support for the whole "M" family platform/x86: alienware-wmi-wmax: Add support for the whole "X" family platform/x86: alienware-wmi-wmax: Add support for the whole "G" family Laurentiu Mihalcea (1): reset: imx8mp-audiomix: Fix bad mask values Lorenzo Bianconi (2): net: airoha: Add wlan flowtable TX offload net: airoha: Do not loopback traffic to GDM2 if it is available on the device Louis-Alexis Eyraud (2): pinctrl: mediatek: mt8196: align register base names to dt-bindings ones pinctrl: mediatek: mt8189: align register base names to dt-bindings ones Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki (1): MIPS: Malta: Fix !EVA SOC-it PCI MMIO Malaya Kumar Rout (1): timekeeping: Fix resource leak in tk_aux_sysfs_init() error paths Marcelo Moreira (1): xfs: Replace strncpy with memcpy Mario Limonciello (1): drm/amd: Skip power ungate during suspend for VPE Mario Limonciello (AMD) (3): HID: amd_sfh: Stop sensor before starting drm/amd/display: Increase DPCD read retries drm/amd/display: Move sleep into each retry for retrieve_link_cap() Matt Roper (1): drm/xe/kunit: Fix forcewake assertion in mocs test Matthieu Baerts (NGI0) (2): selftests: mptcp: join: endpoints: longer timeout selftests: mptcp: join: userspace: longer timeout Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Yuan (1): shmem: fix tmpfs reconfiguration (remount) when noswap is set Mykola Kvach (1): arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Nam Cao (1): nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niravkumar L Rabara (1): mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Nitin Rawat (1): scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) Oleksij Rempel (1): net: dsa: microchip: lan937x: Fix RGMII delay tuning Paolo Abeni (6): mptcp: fix ack generation for fallback msk mptcp: fix duplicate reset on fastclose mptcp: fix premature close in case of fallback mptcp: avoid unneeded subflow-level drops mptcp: decouple mptcp fastclose from tcp close mptcp: do not fallback when OoO is present Pasha Tatashin (1): lib/test_kho: check if KHO is enabled Paulo Alcantara (1): smb: client: handle lack of IPC in dfs_cache_refresh() Pavel Zhigulin (3): net: dsa: hellcreek: fix missing error handling in LED registration net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Po-Hsu Lin (1): selftests: net: use BASH for bareudp testing Pradyumn Rahar (1): net/mlx5: Clean up only new IRQ glue on request_irq() failure Prateek Agarwal (1): drm/tegra: Add call to put_pid() Quentin Schulz (2): arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 arm64: dts: rockchip: disable HS400 on RK3588 Tiger Rafael J. Wysocki (1): PM: sleep: core: Fix runtime PM enabling in device_resume_early() Rafał Miłecki (1): bcma: don't register devices disabled in OF Randy Dunlap (1): platform/x86: intel-uncore-freq: fix all header kernel-doc warnings René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Rob Clark (1): drm/msm: Fix pgtable prealloc error path Robert McClinton (1): drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Sabrina Dubroca (4): xfrm: drop SA reference in xfrm_state_update if dir doesn't match xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added xfrm: call xfrm_dev_state_delete when xfrm_state_migrate fails to add the state xfrm: set err and extack on failure to create pcpu SA Saket Kumar Bhaskar (1): sched_ext: Fix scx_enable() crash on helper kthread creation failure Samuel Zhang (1): drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Sathishkumar S (2): drm/amdgpu/jpeg: Move parse_cs to amdgpu_jpeg.c drm/amdgpu/jpeg: Add parse_cs for JPEG5_0_1 Sebastian Ene (1): KVM: arm64: Check the untrusted offset in FF-A memory share Seungjin Bae (1): Input: pegasus-notetaker - fix potential out-of-bounds access Shahar Shitrit (2): net: tls: Change async resync helpers argument net: tls: Cancel RX async resync request on rcd_delta overflow Shaurya Rane (1): cifs: fix memory leak in smb3_fs_context_parse_param error path Shay Drory (1): devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Shin'ichiro Kawasaki (1): nvme-multipath: fix lockdep WARN due to partition scan work Shuicheng Lin (1): drm/xe: Prevent BIT() overflow when handling invalid prefetch region Shuming Fan (1): ASoC: rt721: fix prepare clock stop failed Sidharth Seela (1): selftests: cachestat: Fix warning on declaration under label Stephen Smalley (2): selinux: rename task_security_struct to cred_security_struct selinux: move avdcache to per-task security struct Steve French (1): cifs: fix typo in enable_gcm_256 module parameter Tejun Heo (1): sched_ext: Allocate scx_kick_cpus_pnt_seqs lazily using kvzalloc() Thomas Bogendoerfer (1): MIPS: kernel: Fix random segmentation faults Thomas Weißschuh (1): LoongArch: Use UAPI types in ptrace UAPI header Tony Luck (1): ACPI: APEI: EINJ: Fix EINJV2 initialization and injection Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Venkata Ramana Nayana (1): drm/xe/irq: Handle msix vector0 interrupt Ville Syrjälä (1): drm/plane: Fix create_in_format_blob() return value Vincent Li (1): LoongArch: BPF: Disable trampoline for kernel module function trace Vlastimil Babka (1): mm/mempool: fix poisoning order>0 pages with HIGHMEM Wei Fang (1): net: phylink: add missing supported link modes for the fixed-link Wen Yang (1): tick/sched: Fix bogus condition in report_idle_softirq() Yifan Zha (1): drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Yihang Li (1): ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Yipeng Zou (1): timers: Fix NULL function pointer race in timer_shutdown_sync() Yongpeng Yang (4): vfat: fix missing sb_min_blocksize() return value checks xfs: check the return value of sb_min_blocksize() in xfs_fs_fill_super isofs: check the return value of sb_min_blocksize() in isofs_fill_super exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Yosry Ahmed (1): KVM: SVM: Fix redundant updates of LBR MSR intercepts Yu-Chun Lin (1): pinctrl: realtek: Select REGMAP_MMIO for RTD driver Zhang Chujun (1): tracing/tools: Fix incorrcet short option in usage text for --threads Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zhen Ni (1): fs: Fix uninitialized 'offp' in statmount_string() Zilin Guan (1): mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() dongsheng (1): perf/x86/intel/uncore: Add uncore PMU support for Wildcat Lake

1 month

Linux 6.12.60

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.60 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +-- Documentation/wmi/driver-development-guide.rst | 1 Makefile | 2 arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 arch/arm64/kvm/hyp/nvhe/ffa.c | 9 - arch/arm64/kvm/sys_regs.c | 61 +++---- arch/loongarch/include/uapi/asm/ptrace.h | 40 ++-- arch/loongarch/pci/pci.c | 8 arch/mips/mti-malta/malta-init.c | 20 +- arch/s390/include/asm/pgtable.h | 12 - arch/s390/mm/pgtable.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 20 ++ block/blk-crypto.c | 2 drivers/ata/libata-scsi.c | 11 + drivers/bcma/main.c | 6 drivers/gpio/gpiolib-swnode.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 ++----- drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 20 +- drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 60 +++++-- drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 +- drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 11 - drivers/gpu/drm/i915/display/intel_psr.c | 4 drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 drivers/gpu/drm/radeon/radeon_fence.c | 7 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tegra/dsi.c | 9 - drivers/gpu/drm/tegra/uapi.c | 7 drivers/gpu/drm/xe/xe_vm.c | 4 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 drivers/hid/hid-ids.h | 4 drivers/hid/hid-quirks.c | 13 + drivers/infiniband/hw/irdma/Kconfig | 7 drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/tablet/pegasus_notetaker.c | 9 + drivers/input/touchscreen/goodix.c | 1 drivers/mtd/mtdchar.c | 6 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 + drivers/net/dsa/microchip/lan937x_main.c | 1 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/intel/ice/ice_ptp.c | 22 ++ drivers/net/ethernet/intel/idpf/idpf_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 - drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 drivers/net/ethernet/ti/netcp_core.c | 10 - drivers/nvme/host/fc.c | 15 - drivers/nvme/host/multipath.c | 2 drivers/perf/riscv_pmu_sbi.c | 2 drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 23 ++ drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 drivers/pinctrl/realtek/Kconfig | 1 drivers/platform/x86/Kconfig | 1 drivers/platform/x86/intel/speed_select_if/isst_if_mmio.c | 4 drivers/platform/x86/msi-wmi-platform.c | 43 ++++- drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/sg.c | 10 + drivers/soc/ti/knav_dma.c | 14 - drivers/target/loopback/tcm_loop.c | 3 drivers/tty/vt/vt_ioctl.c | 4 fs/exfat/super.c | 5 fs/isofs/inode.c | 5 fs/smb/client/cached_dir.c | 43 ++++- fs/smb/client/cifsfs.c | 2 fs/smb/client/fs_context.c | 4 fs/xfs/scrub/symlink_repair.c | 4 include/linux/ata.h | 1 include/net/tls.h | 25 +- include/net/xfrm.h | 3 kernel/time/timer.c | 7 lib/maple_tree.c | 30 +-- mm/mempool.c | 32 +++ mm/shmem.c | 15 - net/devlink/rate.c | 4 net/ipv4/esp4_offload.c | 6 net/ipv6/esp6_offload.c | 6 net/mptcp/options.c | 54 ++++++ net/mptcp/pm_netlink.c | 20 +- net/mptcp/protocol.c | 84 ++++++---- net/mptcp/protocol.h | 3 net/mptcp/subflow.c | 8 net/openvswitch/actions.c | 68 -------- net/openvswitch/flow_netlink.c | 64 ------- net/openvswitch/flow_netlink.h | 2 net/tls/tls_device.c | 4 net/unix/af_unix.c | 36 ++-- net/vmw_vsock/af_vsock.c | 40 +++- net/xfrm/xfrm_output.c | 6 net/xfrm/xfrm_state.c | 8 net/xfrm/xfrm_user.c | 5 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/usb/endpoint.c | 3 sound/usb/mixer.c | 2 tools/arch/riscv/include/asm/csr.h | 5 tools/testing/selftests/net/bareudp.sh | 2 tools/testing/selftests/net/forwarding/lib_sh_test.sh | 7 tools/testing/selftests/net/lib.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 +- tools/tracing/latency/latency-collector.c | 2 112 files changed, 850 insertions(+), 522 deletions(-) Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Armin Wolf (2): platform/x86: msi-wmi-platform: Only load on MSI devices platform/x86: msi-wmi-platform: Fix typo in WMI GUID Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Borislav Petkov (AMD) (1): x86/microcode/AMD: Limit Entrysign signature checking to known generations Carlos Llamas (1): blk-crypto: use BLK_STS_INVAL for alignment errors Charlene Liu (3): drm/amd/display: avoid reset DTBCLK at clock init drm/amd/display: disable DPP RCG before DPP CLK enable drm/amd/display: Insert dccg log for easy debug Charles Keepax (1): Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" Chen Pei (1): tools: riscv: Fixed misalignment of CSR related definitions Dan Carpenter (2): mtdchar: fix integer overflow in read/write ioctls Input: imx_sc_key - fix memory corruption on unload Darrick J. Wong (1): xfs: fix out of bounds memory read error in symlink repair Diederik de Haas (1): arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Diogo Ivo (1): Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Emil Tantilov (1): idpf: fix possible vport_config NULL pointer deref in remove Eric Dumazet (2): mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Ewan D. Milne (2): nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Fangzhi Zuo (2): drm/amd/display: Fix pbn to kbps Conversion drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Greg Kroah-Hartman (1): Linux 6.12.60 Grzegorz Nitka (1): ice: fix PTP cleanup on driver removal in error path Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hans de Goede (1): Input: goodix - add support for ACPI ID GDIX1003 Haotian Zhang (2): pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Heiko Carstens (1): s390/mm: Fix __ptep_rdp() inline assembly Henrique Carvalho (2): smb: client: introduce close_cached_dir_locked() smb: client: fix incomplete backport in cfids_invalidation_worker() Huacai Chen (1): LoongArch: Don't panic if no valid cache info for PCI Ido Schimmel (1): selftests: net: lib: Do not overwrite error messages Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Imre Deak (1): drm/i915/dp_mst: Disable Panel Replay Ivan Lipski (1): drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jared Kangas (2): pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jari Ruusu (1): tty/vt: fix up incorrect backport to stable releases Jianbo Liu (2): xfrm: Determine inner GSO type from packet inner protocol xfrm: Prevent locally generated packets from direct output in tunnel mode Jiayuan Chen (2): mptcp: Disallow MPTCP subflows from sockmap mptcp: Fix proto fallback detection with BPF Krzysztof Kozlowski (1): dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Kuniyuki Iwashima (2): af_unix: Cache state->msg in unix_stream_read_generic(). af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki (1): MIPS: Malta: Fix !EVA SOC-it PCI MMIO Marc Zyngier (1): KVM: arm64: Make all 32bit ID registers fully writable Marcelo Moreira (1): xfs: Replace strncpy with memcpy Mario Limonciello (1): drm/amd: Skip power ungate during suspend for VPE Mario Limonciello (AMD) (3): HID: amd_sfh: Stop sensor before starting drm/amd/display: Increase DPCD read retries drm/amd/display: Move sleep into each retry for retrieve_link_cap() Martin Kaiser (1): maple_tree: fix tracepoint string pointers Matthieu Baerts (NGI0) (2): selftests: mptcp: join: endpoints: longer timeout selftests: mptcp: join: userspace: longer timeout Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Yuan (1): shmem: fix tmpfs reconfiguration (remount) when noswap is set Mykola Kvach (1): arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Nam Cao (1): nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niravkumar L Rabara (1): mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Oleksij Rempel (1): net: dsa: microchip: lan937x: Fix RGMII delay tuning Paolo Abeni (6): mptcp: fix ack generation for fallback msk mptcp: fix duplicate reset on fastclose mptcp: fix premature close in case of fallback mptcp: avoid unneeded subflow-level drops mptcp: decouple mptcp fastclose from tcp close mptcp: do not fallback when OoO is present Pavel Zhigulin (3): net: dsa: hellcreek: fix missing error handling in LED registration net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Po-Hsu Lin (1): selftests: net: use BASH for bareudp testing Pradyumn Rahar (1): net/mlx5: Clean up only new IRQ glue on request_irq() failure Prateek Agarwal (1): drm/tegra: Add call to put_pid() Quentin Schulz (2): arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 arm64: dts: rockchip: disable HS400 on RK3588 Tiger Rafał Miłecki (1): bcma: don't register devices disabled in OF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Robert McClinton (1): drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Sabrina Dubroca (2): xfrm: drop SA reference in xfrm_state_update if dir doesn't match xfrm: set err and extack on failure to create pcpu SA Samuel Zhang (1): drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Sebastian Ene (1): KVM: arm64: Check the untrusted offset in FF-A memory share Seungjin Bae (1): Input: pegasus-notetaker - fix potential out-of-bounds access Shahar Shitrit (2): net: tls: Change async resync helpers argument net: tls: Cancel RX async resync request on rcd_delta overflow Shaurya Rane (1): cifs: fix memory leak in smb3_fs_context_parse_param error path Shay Drory (1): devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Shin'ichiro Kawasaki (1): nvme-multipath: fix lockdep WARN due to partition scan work Shuicheng Lin (1): drm/xe: Prevent BIT() overflow when handling invalid prefetch region Steve French (1): cifs: fix typo in enable_gcm_256 module parameter Takashi Iwai (1): ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Thomas Weißschuh (1): LoongArch: Use UAPI types in ptrace UAPI header Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Vlastimil Babka (1): mm/mempool: fix poisoning order>0 pages with HIGHMEM Wentao Guan (1): Revert "RDMA/irdma: Update Kconfig" Yifan Zha (1): drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Yihang Li (1): ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Yipeng Zou (1): timers: Fix NULL function pointer race in timer_shutdown_sync() Yongpeng Yang (2): isofs: check the return value of sb_min_blocksize() in isofs_fill_super exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Yu-Chun Lin (1): pinctrl: realtek: Select REGMAP_MMIO for RTD driver Zhang Chujun (1): tracing/tools: Fix incorrcet short option in usage text for --threads Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zilin Guan (1): mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()

1 month

Linux 6.6.118

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.118 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +-- Makefile | 2 arch/arm64/kvm/hyp/nvhe/ffa.c | 9 - arch/loongarch/include/uapi/asm/ptrace.h | 40 ++--- arch/loongarch/pci/pci.c | 8 - arch/mips/mti-malta/malta-init.c | 20 +- arch/s390/include/asm/pgtable.h | 12 - arch/s390/mm/pgtable.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 20 ++ drivers/ata/libata-scsi.c | 11 + drivers/bcma/main.c | 6 drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 11 - drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tegra/dsi.c | 9 - drivers/gpu/drm/tegra/uapi.c | 7 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 drivers/hid/hid-ids.h | 4 drivers/hid/hid-quirks.c | 13 + drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/tablet/pegasus_notetaker.c | 9 + drivers/input/touchscreen/goodix.c | 1 drivers/mtd/mtdchar.c | 6 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 + drivers/net/dsa/microchip/lan937x_main.c | 1 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 drivers/net/ethernet/ti/netcp_core.c | 10 - drivers/nvme/host/fc.c | 15 +- drivers/nvme/host/multipath.c | 2 drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 23 ++- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 drivers/platform/x86/intel/speed_select_if/isst_if_mmio.c | 4 drivers/pmdomain/imx/gpc.c | 22 +- drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/sg.c | 10 + drivers/soc/ti/knav_dma.c | 14 - drivers/target/loopback/tcm_loop.c | 3 drivers/uio/uio_hv_generic.c | 21 ++ fs/exfat/super.c | 5 fs/f2fs/compress.c | 74 +++++----- fs/f2fs/f2fs.h | 2 fs/smb/client/cached_dir.c | 43 +++++ fs/smb/client/cifsfs.c | 2 fs/smb/client/fs_context.c | 4 include/linux/array_size.h | 13 + include/linux/ata.h | 1 include/linux/kernel.h | 7 include/linux/string.h | 1 include/net/tls.h | 6 include/net/xfrm.h | 3 kernel/bpf/trampoline.c | 4 kernel/kexec_core.c | 2 kernel/time/timer.c | 7 kernel/trace/ftrace.c | 20 +- lib/maple_tree.c | 32 ++-- mm/mempool.c | 32 +++- mm/shmem.c | 15 -- net/devlink/rate.c | 4 net/ipv4/esp4_offload.c | 6 net/ipv6/esp6_offload.c | 6 net/mptcp/options.c | 54 +++++++ net/mptcp/pm_netlink.c | 20 +- net/mptcp/protocol.c | 48 ++++-- net/mptcp/protocol.h | 3 net/mptcp/subflow.c | 8 + net/openvswitch/actions.c | 68 --------- net/openvswitch/flow_netlink.c | 64 +------- net/openvswitch/flow_netlink.h | 2 net/tls/tls_device.c | 4 net/vmw_vsock/af_vsock.c | 40 ++++- net/wireless/reg.c | 5 net/xfrm/xfrm_output.c | 6 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/usb/mixer.c | 2 tools/testing/selftests/net/bareudp.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 8 - tools/tracing/latency/latency-collector.c | 2 87 files changed, 650 insertions(+), 406 deletions(-) Alejandro Colomar (1): kernel.h: Move ARRAY_SIZE() to a separate header Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alexander Wetzel (1): wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Borislav Petkov (AMD) (1): x86/microcode/AMD: Limit Entrysign signature checking to known generations Dan Carpenter (2): mtdchar: fix integer overflow in read/write ioctls Input: imx_sc_key - fix memory corruption on unload Diogo Ivo (1): Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Eric Dumazet (2): mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Ewan D. Milne (2): nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Fabio M. De Francesco (1): mm/mempool: replace kmap_atomic() with kmap_local_page() Greg Kroah-Hartman (1): Linux 6.6.118 Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hans de Goede (1): Input: goodix - add support for ACPI ID GDIX1003 Haotian Zhang (2): pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Heiko Carstens (1): s390/mm: Fix __ptep_rdp() inline assembly Henrique Carvalho (2): smb: client: introduce close_cached_dir_locked() smb: client: fix incomplete backport in cfids_invalidation_worker() Huacai Chen (1): LoongArch: Don't panic if no valid cache info for PCI Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jared Kangas (2): pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jianbo Liu (2): xfrm: Determine inner GSO type from packet inner protocol xfrm: Prevent locally generated packets from direct output in tunnel mode Jiayuan Chen (2): mptcp: Disallow MPTCP subflows from sockmap mptcp: Fix proto fallback detection with BPF Krzysztof Kozlowski (1): dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Long Li (1): uio_hv_generic: Set event for all channels on the device Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki (1): MIPS: Malta: Fix !EVA SOC-it PCI MMIO Mario Limonciello (AMD) (3): drm/amd/display: Increase DPCD read retries drm/amd/display: Move sleep into each retry for retrieve_link_cap() HID: amd_sfh: Stop sensor before starting Martin Kaiser (1): maple_tree: fix tracepoint string pointers Matthieu Baerts (NGI0) (1): selftests: mptcp: join: endpoints: longer transfer Miaoqian Lin (1): pmdomain: imx: Fix reference count leak in imx_gpc_remove Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Yuan (1): shmem: fix tmpfs reconfiguration (remount) when noswap is set Nam Cao (1): nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niravkumar L Rabara (1): mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Oleksij Rempel (1): net: dsa: microchip: lan937x: Fix RGMII delay tuning Paolo Abeni (5): mptcp: fix ack generation for fallback msk mptcp: fix premature close in case of fallback mptcp: avoid unneeded subflow-level drops mptcp: decouple mptcp fastclose from tcp close mptcp: do not fallback when OoO is present Pavel Zhigulin (3): net: dsa: hellcreek: fix missing error handling in LED registration net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Po-Hsu Lin (1): selftests: net: use BASH for bareudp testing Pradyumn Rahar (1): net/mlx5: Clean up only new IRQ glue on request_irq() failure Prateek Agarwal (1): drm/tegra: Add call to put_pid() Rafał Miłecki (1): bcma: don't register devices disabled in OF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Sebastian Ene (1): KVM: arm64: Check the untrusted offset in FF-A memory share Seungjin Bae (1): Input: pegasus-notetaker - fix potential out-of-bounds access Shahar Shitrit (1): net: tls: Cancel RX async resync request on rcd_delta overflow Shaurya Rane (1): cifs: fix memory leak in smb3_fs_context_parse_param error path Shay Drory (1): devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Shin'ichiro Kawasaki (1): nvme-multipath: fix lockdep WARN due to partition scan work Song Liu (1): ftrace: Fix BPF fexit with livepatch Sourabh Jain (1): crash: fix crashkernel resource shrink Steve French (1): cifs: fix typo in enable_gcm_256 module parameter Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Thomas Weißschuh (1): LoongArch: Use UAPI types in ptrace UAPI header Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Uwe Kleine-König (1): pmdomain: imx-gpc: Convert to platform remove callback returning void Vlastimil Babka (1): mm/mempool: fix poisoning order>0 pages with HIGHMEM Yifan Zha (1): drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Yihang Li (1): ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Yipeng Zou (1): timers: Fix NULL function pointer race in timer_shutdown_sync() Yongpeng Yang (1): exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Zhang Chujun (1): tracing/tools: Fix incorrcet short option in usage text for --threads Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zhiguo Niu (2): f2fs: compress: change the first parameter of page_array_{alloc,free} to sbi f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic Zilin Guan (1): mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()

1 month

[PATCH 6.12 000/112] 6.12.60-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.60 release. There are 112 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 29 Nov 2025 14:40:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.60-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.60-rc1 Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: Insert dccg log for easy debug Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: disable DPP RCG before DPP CLK enable Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: avoid reset DTBCLK at clock init Darrick J. Wong <djwong(a)kernel.org> xfs: fix out of bounds memory read error in symlink repair Marcelo Moreira <marcelomoreira1905(a)gmail.com> xfs: Replace strncpy with memcpy Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Disable Panel Replay Martin Kaiser <martin(a)kaiser.cx> maple_tree: fix tracepoint string pointers Jari Ruusu <jariruusu(a)protonmail.com> tty/vt: fix up incorrect backport to stable releases Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix incomplete backport in cfids_invalidation_worker() Samuel Zhang <guoqing.zhang(a)amd.com> drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix __ptep_rdp() inline assembly Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Prevent BIT() overflow when handling invalid prefetch region Wentao Guan <guanwentao(a)uniontech.com> Revert "RDMA/irdma: Update Kconfig" Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make all 32bit ID registers fully writable Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Carlos Llamas <cmllamas(a)google.com> blk-crypto: use BLK_STS_INVAL for alignment errors Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Change async resync helpers argument Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Limit Entrysign signature checking to known generations Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> cifs: fix memory leak in smb3_fs_context_parse_param error path Thomas Weißschuh <linux(a)weissschuh.net> LoongArch: Use UAPI types in ptrace UAPI header Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Cache state->msg in unix_stream_read_generic(). Pradyumn Rahar <pradyumn.rahar(a)oracle.com> net/mlx5: Clean up only new IRQ glue on request_irq() failure Shay Drory <shayd(a)nvidia.com> devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix PTP cleanup on driver removal in error path Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix possible vport_config NULL pointer deref in remove Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Ido Schimmel <idosch(a)nvidia.com> selftests: net: lib: Do not overwrite error messages Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Chen Pei <cp0613(a)linux.alibaba.com> tools: riscv: Fixed misalignment of CSR related definitions Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Fix typo in WMI GUID Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Only load on MSI devices Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Prevent locally generated packets from direct output in tunnel mode Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Yu-Chun Lin <eleanor.lin(a)realtek.com> pinctrl: realtek: Select REGMAP_MMIO for RTD driver Sabrina Dubroca <sd(a)queasysnail.net> xfrm: set err and extack on failure to create pcpu SA Sabrina Dubroca <sd(a)queasysnail.net> xfrm: drop SA reference in xfrm_state_update if dir doesn't match Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix pbn to kbps Conversion Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Move sleep into each retry for retrieve_link_cap() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase DPCD read retries Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Skip power ungate during suspend for VPE Robert McClinton <rbmccav(a)gmail.com> drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: userspace: longer timeout Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer timeout Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() Nam Cao <namcao(a)linutronix.de> nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Hans de Goede <hdegoede(a)redhat.com> Input: goodix - add support for ACPI ID GDIX1003 Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: introduce close_cached_dir_locked() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Mike Yuan <me(a)yhndnzj.com> shmem: fix tmpfs reconfiguration (remount) when noswap is set Yongpeng Yang <yangyongpeng(a)xiaomi.com> isofs: check the return value of sb_min_blocksize() in isofs_fill_super Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable HS400 on RK3588 Tiger Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 Mykola Kvach <xakep.amatop(a)gmail.com> arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Diederik de Haas <diederik(a)cknow-tech.com> arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Check the untrusted offset in FF-A memory share ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +++--- Documentation/wmi/driver-development-guide.rst | 1 + Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 +- .../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 9 +- arch/arm64/kvm/sys_regs.c | 63 +++++++------ arch/loongarch/include/uapi/asm/ptrace.h | 40 ++++---- arch/loongarch/pci/pci.c | 8 +- arch/mips/mm/tlb-r4k.c | 102 +++++++++++++-------- arch/mips/mti-malta/malta-init.c | 20 ++-- arch/s390/include/asm/pgtable.h | 12 +-- arch/s390/mm/pgtable.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 20 +++- block/blk-crypto.c | 2 +- drivers/ata/libata-scsi.c | 11 ++- drivers/bcma/main.c | 6 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 +++++------- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 20 ++-- .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 60 ++++++++---- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 ++ .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 +++-- .../display/dc/link/protocols/link_dp_capability.c | 11 ++- drivers/gpu/drm/i915/display/intel_psr.c | 4 + drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 + drivers/gpu/drm/radeon/radeon_fence.c | 7 -- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/dsi.c | 9 -- drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/gpu/drm/xe/xe_vm.c | 4 +- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-quirks.c | 13 ++- drivers/infiniband/hw/irdma/Kconfig | 7 +- drivers/input/keyboard/cros_ec_keyb.c | 6 ++ drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 ++ drivers/input/touchscreen/goodix.c | 1 + drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 ++- drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 22 ++++- drivers/net/ethernet/intel/idpf/idpf_main.c | 2 + .../ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/nvme/host/fc.c | 15 +-- drivers/nvme/host/multipath.c | 2 +- drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 21 ++++- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 +- drivers/pinctrl/realtek/Kconfig | 1 + drivers/platform/x86/Kconfig | 1 + .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/platform/x86/msi-wmi-platform.c | 43 ++++++++- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/sg.c | 10 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/target/loopback/tcm_loop.c | 3 + drivers/tty/vt/vt_ioctl.c | 4 +- fs/exfat/super.c | 5 +- fs/isofs/inode.c | 5 + fs/smb/client/cached_dir.c | 43 ++++++++- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/fs_context.c | 4 + fs/xfs/scrub/symlink_repair.c | 4 +- include/linux/ata.h | 1 + include/net/tls.h | 25 ++--- include/net/xfrm.h | 3 +- kernel/time/timer.c | 7 +- lib/maple_tree.c | 30 +++--- mm/mempool.c | 32 +++++-- mm/shmem.c | 15 ++- net/devlink/rate.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv6/esp6_offload.c | 6 +- net/mptcp/options.c | 54 ++++++++++- net/mptcp/pm_netlink.c | 20 ++-- net/mptcp/protocol.c | 84 +++++++++++------ net/mptcp/protocol.h | 3 +- net/mptcp/subflow.c | 8 ++ net/openvswitch/actions.c | 68 +------------- net/openvswitch/flow_netlink.c | 64 ++----------- net/openvswitch/flow_netlink.h | 2 - net/tls/tls_device.c | 4 +- net/unix/af_unix.c | 36 ++++---- net/vmw_vsock/af_vsock.c | 40 ++++++-- net/xfrm/xfrm_output.c | 6 +- net/xfrm/xfrm_state.c | 8 +- net/xfrm/xfrm_user.c | 5 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/usb/endpoint.c | 3 +- sound/usb/mixer.c | 2 +- tools/arch/riscv/include/asm/csr.h | 5 +- tools/testing/selftests/net/bareudp.sh | 2 +- .../selftests/net/forwarding/lib_sh_test.sh | 7 ++ tools/testing/selftests/net/lib.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 ++-- tools/tracing/latency/latency-collector.c | 2 +- 112 files changed, 914 insertions(+), 560 deletions(-)

1 month

[PATCH 6.17 000/175] 6.17.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.10 release. There are 175 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 29 Nov 2025 14:40:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.10-rc1 Emil Tsalapatis <etsal(a)meta.com> sched_ext: fix flag check for deferred callbacks Andrea Righi <arighi(a)nvidia.com> sched_ext: Fix scx_kick_pseqs corruption on concurrent scheduler loads Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Add device specific quirk to limit eDP rate to HBR2 Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> Revert "drm/i915/dp: Reject HBR3 when sink doesn't support TPS4" Jari Ruusu <jariruusu(a)protonmail.com> tty/vt: fix up incorrect backport to stable releases Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: Insert dccg log for easy debug Gang Yan <yangang(a)kylinos.cn> mptcp: fix address removal logic in mptcp_pm_nl_rm_addr Darrick J. Wong <djwong(a)kernel.org> xfs: fix out of bounds memory read error in symlink repair Marcelo Moreira <marcelomoreira1905(a)gmail.com> xfs: Replace strncpy with memcpy Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Add parse_cs for JPEG5_0_1 Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Move parse_cs to amdgpu_jpeg.c Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Disable Panel Replay Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Check drm_dp_dpcd_read return value on PSR dpcd init Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix incomplete backport in cfids_invalidation_worker() Samuel Zhang <guoqing.zhang(a)amd.com> drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Filipe Manana <fdmanana(a)suse.com> btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Nitin Rawat <nitin.rawat(a)oss.qualcomm.com> scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Prevent BIT() overflow when handling invalid prefetch region Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Extend Zen6 model range Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Carlos Llamas <cmllamas(a)google.com> blk-crypto: use BLK_STS_INVAL for alignment errors Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Change async resync helpers argument Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Paulo Alcantara <pc(a)manguebit.org> smb: client: handle lack of IPC in dfs_cache_refresh() Sidharth Seela <sidharthseela(a)gmail.com> selftests: cachestat: Fix warning on declaration under label Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Limit Entrysign signature checking to known generations dongsheng <dongsheng.x.zhang(a)intel.com> perf/x86/intel/uncore: Add uncore PMU support for Wildcat Lake Eren Demir <eren.demir2479090(a)gmail.com> ALSA: hda/realtek: Fix mute led for HP Victus 15-fa1xxx (MB 8C2D) Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Shuming Fan <shumingf(a)realtek.com> ASoC: rt721: fix prepare clock stop failed Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Fix pgtable prealloc error path Emil Tsalapatis <etsal(a)meta.com> sched_ext: defer queue_balance_callback() until after ops.dispatch Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Tejun Heo <tj(a)kernel.org> sched_ext: Allocate scx_kick_cpus_pnt_seqs lazily using kvzalloc() J-Donald Tournier <jdtournier(a)gmail.com> ALSA: hda/realtek: Add quirk for Lenovo Yoga 7 2-in-1 14AKP10 Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: kernel: Fix random segmentation faults Malaya Kumar Rout <mrout(a)redhat.com> timekeeping: Fix resource leak in tk_aux_sysfs_init() error paths Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf: Fix 0 count issue of cpu-clock Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> cifs: fix memory leak in smb3_fs_context_parse_param error path Thomas Weißschuh <linux(a)weissschuh.net> LoongArch: Use UAPI types in ptrace UAPI header Wen Yang <wen.yang(a)linux.dev> tick/sched: Fix bogus condition in report_idle_softirq() Wei Fang <wei.fang(a)nxp.com> net: phylink: add missing supported link modes for the fixed-link Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: make sure the cdev fd is still active before emitting events Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Pradyumn Rahar <pradyumn.rahar(a)oracle.com> net/mlx5: Clean up only new IRQ glue on request_irq() failure Shay Drory <shayd(a)nvidia.com> devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix PTP cleanup on driver removal in error path Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix possible vport_config NULL pointer deref in remove Venkata Ramana Nayana <venkata.ramana.nayana(a)intel.com> drm/xe/irq: Handle msix vector0 interrupt Matt Roper <matthew.d.roper(a)intel.com> drm/xe/kunit: Fix forcewake assertion in mocs test Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/xe3: Restrict PTL intel_encoder_is_c10phy() to only PHY A Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/display: Add definition for wcl as subplatform Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/pcids: Split PTL pciids group to make wcl subplatform Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Randy Dunlap <rdunlap(a)infradead.org> platform/x86: intel-uncore-freq: fix all header kernel-doc warnings Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Do not loopback traffic to GDM2 if it is available on the device Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Add wlan flowtable TX offload Ido Schimmel <idosch(a)nvidia.com> selftests: net: lib: Do not overwrite error messages Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/xe3lpd: Load DMC for Xe3_LPD version 30.02 Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Alistair Francis <alistair.francis(a)wdc.com> nvmet-auth: update sc_c in target host hash calculation Chen Pei <cp0613(a)linux.alibaba.com> tools: riscv: Fixed misalignment of CSR related definitions Jesper Dangaard Brouer <hawk(a)kernel.org> veth: more robust handing of race to avoid txq getting stuck Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Jiaming Zhang <r772577952(a)gmail.com> net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: dts: econet: fix EN751221 core type Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Fix typo in WMI GUID Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Only load on MSI devices Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Prevent locally generated packets from direct output in tunnel mode Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Jianbo Liu <jianbol(a)nvidia.com> xfrm: Check inner packet family directly from skb_dst Yu-Chun Lin <eleanor.lin(a)realtek.com> pinctrl: realtek: Select REGMAP_MMIO for RTD driver Chen-Yu Tsai <wens(a)kernel.org> clk: sunxi-ng: sun55i-a523-ccu: Lower audio0 pll minimum rate Chen-Yu Tsai <wens(a)kernel.org> clk: sunxi-ng: sun55i-a523-r-ccu: Mark bus-r-dma as critical Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: Mark A523 bus-r-cpucfg clock as critical Sabrina Dubroca <sd(a)queasysnail.net> xfrm: set err and extack on failure to create pcpu SA Sabrina Dubroca <sd(a)queasysnail.net> xfrm: call xfrm_dev_state_delete when xfrm_state_migrate fails to add the state Sabrina Dubroca <sd(a)queasysnail.net> xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Sabrina Dubroca <sd(a)queasysnail.net> xfrm: drop SA reference in xfrm_state_update if dir doesn't match Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> pinctrl: mediatek: mt8189: align register base names to dt-bindings ones Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> pinctrl: mediatek: mt8196: align register base names to dt-bindings ones Kiryl Shutsemau <kas(a)kernel.org> mm/truncate: unmap large folio on split failure Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix pbn to kbps Conversion Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Move sleep into each retry for retrieve_link_cap() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase DPCD read retries Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Skip power ungate during suspend for VPE Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/plane: Fix create_in_format_blob() return value Robert McClinton <rbmccav(a)gmail.com> drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: userspace: longer timeout Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer timeout Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Anthony Wong <anthony.wong(a)ubuntu.com> platform/x86: alienware-wmi-wmax: Add AWCC support to Alienware 16 Aurora Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "G" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "X" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "M" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Fix "Alienware m16 R1 AMD" quirk order Bibo Mao <maobibo(a)loongson.cn> LoongArch: Fix NUMA node parsing with numa_memblks Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Vincent Li <vincent.mc.li(a)gmail.com> LoongArch: BPF: Disable trampoline for kernel module function trace Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Saket Kumar Bhaskar <skb99(a)linux.ibm.com> sched_ext: Fix scx_enable() crash on helper kthread creation failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Fix runtime PM enabling in device_resume_early() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() Nam Cao <namcao(a)linutronix.de> nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Hans de Goede <hansg(a)kernel.org> Input: goodix - add support for ACPI ID GDIX1003 Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Jens Axboe <axboe(a)kernel.dk> io_uring/cmd_net: fix wrong argument types for skb_queue_splice() Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: hw_scan: Don't let the operating channel be last Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: introduce close_cached_dir_locked() Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: move avdcache to per-task security struct Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: rename task_security_struct to cred_security_struct Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Tony Luck <tony.luck(a)intel.com> ACPI: APEI: EINJ: Fix EINJV2 initialization and injection Pasha Tatashin <pasha.tatashin(a)soleen.com> lib/test_kho: check if KHO is enabled Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix __ptep_rdp() inline assembly Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Mike Yuan <me(a)yhndnzj.com> shmem: fix tmpfs reconfiguration (remount) when noswap is set Yongpeng Yang <yangyongpeng(a)xiaomi.com> isofs: check the return value of sb_min_blocksize() in isofs_fill_super Yongpeng Yang <yangyongpeng(a)xiaomi.com> xfs: check the return value of sb_min_blocksize() in xfs_fs_fill_super Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Zhen Ni <zhen.ni(a)easystack.cn> fs: Fix uninitialized 'offp' in statmount_string() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Yongpeng Yang <yangyongpeng(a)xiaomi.com> vfat: fix missing sb_min_blocksize() return value checks Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Fix redundant updates of LBR MSR intercepts Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable HS400 on RK3588 Tiger Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> reset: imx8mp-audiomix: Fix bad mask values Mykola Kvach <xakep.amatop(a)gmail.com> arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Diederik de Haas <diederik(a)cknow-tech.com> arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Alexey Charkov <alchark(a)gmail.com> arm64: dts: rockchip: Remove non-functioning CPU OPPs from RK3576 Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Check the untrusted offset in FF-A memory share ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +++-- Documentation/wmi/driver-development-guide.rst | 1 + Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3576.dtsi | 12 -- arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 +- .../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 9 +- arch/loongarch/include/uapi/asm/ptrace.h | 40 +++---- arch/loongarch/kernel/numa.c | 60 +++------- arch/loongarch/net/bpf_jit.c | 3 + arch/loongarch/pci/pci.c | 8 +- arch/mips/boot/dts/econet/en751221.dtsi | 2 +- arch/mips/kernel/process.c | 2 +- arch/mips/mm/tlb-r4k.c | 102 ++++++++++------- arch/mips/mti-malta/malta-init.c | 20 ++-- arch/s390/include/asm/pgtable.h | 12 +- arch/s390/mm/pgtable.c | 4 +- arch/x86/events/intel/uncore.c | 1 + arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 20 +++- arch/x86/kvm/svm/svm.c | 9 +- arch/x86/kvm/svm/svm.h | 1 + block/blk-crypto.c | 2 +- drivers/acpi/apei/einj-core.c | 64 +++++++---- drivers/ata/libata-scsi.c | 11 +- drivers/base/power/main.c | 25 +++-- drivers/bcma/main.c | 6 + drivers/clk/sunxi-ng/ccu-sun55i-a523-r.c | 4 +- drivers/clk/sunxi-ng/ccu-sun55i-a523.c | 2 +- drivers/gpio/gpiolib-cdev.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 65 +++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.h | 10 ++ drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 58 +--------- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 6 - drivers/gpu/drm/amd/amdgpu/jpeg_v2_5.c | 4 +- drivers/gpu/drm/amd/amdgpu/jpeg_v3_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_5.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_1.c | 1 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 ++++------ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 4 +- .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 26 ++++- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 ++ .../display/dc/link/protocols/link_dp_capability.c | 11 +- drivers/gpu/drm/drm_plane.c | 4 +- drivers/gpu/drm/i915/display/intel_cx0_phy.c | 14 +-- .../gpu/drm/i915/display/intel_display_device.c | 13 +++ .../gpu/drm/i915/display/intel_display_device.h | 4 +- drivers/gpu/drm/i915/display/intel_dmc.c | 10 +- drivers/gpu/drm/i915/display/intel_dp.c | 30 ++--- drivers/gpu/drm/i915/display/intel_psr.c | 36 ++++-- drivers/gpu/drm/i915/display/intel_quirks.c | 9 ++ drivers/gpu/drm/i915/display/intel_quirks.h | 1 + drivers/gpu/drm/msm/msm_iommu.c | 5 + drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 + drivers/gpu/drm/radeon/radeon_fence.c | 7 -- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/dsi.c | 9 -- drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/gpu/drm/xe/tests/xe_mocs.c | 2 +- drivers/gpu/drm/xe/xe_irq.c | 18 +-- drivers/gpu/drm/xe/xe_pci.c | 1 + drivers/gpu/drm/xe/xe_vm.c | 4 +- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-quirks.c | 13 ++- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 ++ drivers/input/touchscreen/goodix.c | 1 + drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 ++- drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/ethernet/airoha/airoha_eth.h | 11 ++ drivers/net/ethernet/airoha/airoha_ppe.c | 95 +++++++++++----- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 22 +++- drivers/net/ethernet/intel/idpf/idpf_main.c | 2 + .../ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/phylink.c | 3 + drivers/net/veth.c | 38 ++++--- drivers/net/wireless/realtek/rtw89/fw.c | 7 ++ drivers/nvme/host/fc.c | 15 +-- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/auth.c | 4 +- drivers/nvme/target/fabrics-cmd-auth.c | 1 + drivers/nvme/target/nvmet.h | 1 + drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 21 +++- drivers/pinctrl/mediatek/pinctrl-mt8189.c | 4 +- drivers/pinctrl/mediatek/pinctrl-mt8196.c | 6 +- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 +- drivers/pinctrl/realtek/Kconfig | 1 + drivers/platform/x86/Kconfig | 1 + drivers/platform/x86/dell/alienware-wmi-wmax.c | 104 +++++------------- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- .../uncore-frequency/uncore-frequency-common.h | 9 +- drivers/platform/x86/msi-wmi-platform.c | 43 +++++++- drivers/reset/reset-imx8mp-audiomix.c | 4 +- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/sg.c | 10 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/target/loopback/tcm_loop.c | 3 + drivers/tty/vt/vt_ioctl.c | 4 +- drivers/ufs/host/ufs-qcom.c | 15 ++- fs/btrfs/inode.c | 1 - fs/btrfs/tree-log.c | 3 + fs/exfat/super.c | 5 +- fs/fat/inode.c | 6 +- fs/isofs/inode.c | 5 + fs/namespace.c | 4 +- fs/smb/client/cached_dir.c | 43 +++++++- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/cifsproto.h | 2 + fs/smb/client/connect.c | 38 +++---- fs/smb/client/dfs_cache.c | 55 ++++++++-- fs/smb/client/fs_context.c | 4 + fs/xfs/scrub/symlink_repair.c | 4 +- fs/xfs/xfs_super.c | 5 +- include/drm/intel/pciids.h | 5 +- include/linux/ata.h | 1 + include/net/tls.h | 25 +++-- include/net/xfrm.h | 3 +- io_uring/cmd_net.c | 2 +- kernel/events/core.c | 2 +- kernel/sched/ext.c | 121 +++++++++++++++++++-- kernel/sched/sched.h | 1 + kernel/time/tick-sched.c | 11 +- kernel/time/timekeeping.c | 21 ++-- kernel/time/timer.c | 7 +- lib/test_kho.c | 3 + mm/mempool.c | 32 +++++- mm/shmem.c | 15 ++- mm/truncate.c | 35 +++++- net/core/dev_ioctl.c | 3 + net/devlink/rate.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv6/esp6_offload.c | 6 +- net/mptcp/options.c | 54 ++++++++- net/mptcp/pm.c | 20 ++-- net/mptcp/pm_kernel.c | 2 +- net/mptcp/protocol.c | 84 +++++++++----- net/mptcp/protocol.h | 3 +- net/mptcp/subflow.c | 8 ++ net/openvswitch/actions.c | 68 +----------- net/openvswitch/flow_netlink.c | 64 ++--------- net/openvswitch/flow_netlink.h | 2 - net/tls/tls_device.c | 4 +- net/unix/af_unix.c | 3 +- net/vmw_vsock/af_vsock.c | 40 +++++-- net/xfrm/xfrm_device.c | 2 +- net/xfrm/xfrm_output.c | 8 +- net/xfrm/xfrm_state.c | 16 ++- net/xfrm/xfrm_user.c | 5 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + security/selinux/hooks.c | 79 +++++++------- security/selinux/include/objsec.h | 20 +++- sound/hda/codecs/realtek/alc269.c | 2 + sound/soc/codecs/rt721-sdca.c | 4 + sound/soc/codecs/rt721-sdca.h | 1 + sound/usb/mixer.c | 2 +- tools/arch/riscv/include/asm/csr.h | 5 +- tools/testing/selftests/cachestat/test_cachestat.c | 4 +- tools/testing/selftests/net/bareudp.sh | 2 +- .../selftests/net/forwarding/lib_sh_test.sh | 7 ++ tools/testing/selftests/net/lib.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 +-- tools/tracing/latency/latency-collector.c | 2 +- 184 files changed, 1552 insertions(+), 952 deletions(-)

1 month

[PATCH v4] platform/x86: intel_pmc_ipc: fix ACPI buffer memory leak

by yongxin.liu＠windriver.com

From: Yongxin Liu <yongxin.liu(a)windriver.com> The intel_pmc_ipc() function uses ACPI_ALLOCATE_BUFFER to allocate memory for the ACPI evaluation result but never frees it, causing a 192-byte memory leak on each call. This leak is triggered during network interface initialization when the stmmac driver calls intel_mac_finish() -> intel_pmc_ipc(). unreferenced object 0xffff96a848d6ea80 (size 192): comm "dhcpcd", pid 541, jiffies 4294684345 hex dump (first 32 bytes): 04 00 00 00 05 00 00 00 98 ea d6 48 a8 96 ff ff ...........H.... 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ backtrace (crc b1564374): kmemleak_alloc+0x2d/0x40 __kmalloc_noprof+0x2fa/0x730 acpi_ut_initialize_buffer+0x83/0xc0 acpi_evaluate_object+0x29a/0x2f0 intel_pmc_ipc+0xfd/0x170 intel_mac_finish+0x168/0x230 stmmac_mac_finish+0x3d/0x50 phylink_major_config+0x22b/0x5b0 phylink_mac_initial_config.constprop.0+0xf1/0x1b0 phylink_start+0x8e/0x210 __stmmac_open+0x12c/0x2b0 stmmac_open+0x23c/0x380 __dev_open+0x11d/0x2c0 __dev_change_flags+0x1d2/0x250 netif_change_flags+0x2b/0x70 dev_change_flags+0x40/0xb0 Add __free(kfree) for ACPI object to properly release the allocated buffer. Cc: stable(a)vger.kernel.org Fixes: 7e2f7e25f6ff ("arch: x86: add IPC mailbox accessor function and add SoC register access") Signed-off-by: Yongxin Liu <yongxin.liu(a)windriver.com> --- V3->V4: Move declaration of *obj to where it gets assigned. V2->V3: Use __free(kfree) instead of goto and kfree(); V1->V2: Cover all potential paths for kfree(); --- include/linux/platform_data/x86/intel_pmc_ipc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/platform_data/x86/intel_pmc_ipc.h b/include/linux/platform_data/x86/intel_pmc_ipc.h index 1d34435b7001..85ea381e4a27 100644 --- a/include/linux/platform_data/x86/intel_pmc_ipc.h +++ b/include/linux/platform_data/x86/intel_pmc_ipc.h @@ -9,6 +9,7 @@ #ifndef INTEL_PMC_IPC_H #define INTEL_PMC_IPC_H #include <linux/acpi.h> +#include <linux/cleanup.h> #define IPC_SOC_REGISTER_ACCESS 0xAA #define IPC_SOC_SUB_CMD_READ 0x00 @@ -48,7 +49,6 @@ static inline int intel_pmc_ipc(struct pmc_ipc_cmd *ipc_cmd, struct pmc_ipc_rbuf {.type = ACPI_TYPE_INTEGER,}, }; struct acpi_object_list arg_list = { PMC_IPCS_PARAM_COUNT, params }; - union acpi_object *obj; int status; if (!ipc_cmd || !rbuf) @@ -72,7 +72,7 @@ static inline int intel_pmc_ipc(struct pmc_ipc_cmd *ipc_cmd, struct pmc_ipc_rbuf if (ACPI_FAILURE(status)) return -ENODEV; - obj = buffer.pointer; + union acpi_object *obj __free(kfree) = buffer.pointer; if (obj && obj->type == ACPI_TYPE_PACKAGE && obj->package.count == VALID_IPC_RESPONSE) { -- 2.46.2

1 month

[PATCH v2] ocfs2: fix kernel BUG in ocfs2_find_victim_chain

by Prithvi Tambewagh

syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list is 0, triggring the BUG_ON(!cl->cl_next_free_rec) condition and panicking the kernel. To fix this, `cl_next_free_rec` is checked inside the caller of ocfs2_find_victim_chain() i.e. ocfs2_claim_suballoc_bits() and if it is equal to 0, ocfs2_error() is called, to log the corruption and force the filesystem into read-only mode, to prevent further damage. Reported-by: syzbot+96d38c6e1655c1420a72(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=96d38c6e1655c1420a72 Tested-by: syzbot+96d38c6e1655c1420a72(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Prithvi Tambewagh <activprithvi(a)gmail.com> --- v1->v2: - Remove extra line before the if statement in patch - Add upper limit check for cl->cl_next_free_rec in the if condition fs/ocfs2/suballoc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c index 6ac4dcd54588..1257c39c2c11 100644 --- a/fs/ocfs2/suballoc.c +++ b/fs/ocfs2/suballoc.c @@ -1992,6 +1992,13 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac, } cl = (struct ocfs2_chain_list *) &fe->id2.i_chain; + if (!le16_to_cpu(cl->cl_next_free_rec) || + le16_to_cpu(cl->cl_next_free_rec) > le16_to_cpu(cl->cl_count)) { + status = ocfs2_error(ac->ac_inode->i_sb, + "Chain allocator dinode %llu has 0 chains\n", + (unsigned long long)le64_to_cpu(fe->i_blkno)); + goto bail; + } victim = ocfs2_find_victim_chain(cl); ac->ac_chain = victim; base-commit: 939f15e640f193616691d3bcde0089760e75b0d3 -- 2.34.1

1 month

Re: [PATCH] bcache: call bio_endio() to replace directly calling bio->bi_end_io()

by Stephen Zhang

Hi Coly, For this issue, I've previously sent a fix here: https://lore.kernel.org/all/20251129090122.2457896-2-zhangshida@kylinos.cn/ Would you be able to take a look and see if that one is suitable to pick up? Thanks, Shida

1 month

[PATCH] Bluetooth: HCI: Fix hci0 not release in usb disconnect process

by zhangchen200426＠163.com

From: zhangchen <zhangchen01(a)kylinos.cn> If hci_resume_dev before hci_unregister_dev, the hci command will timeout and the reference count of hdev will not reset to zero. Then the node "hci0" will not release. The output in question is as follows: [ 3391.553518][ 7] [T247244] Bluetooth: hci0: command 0x0c01 tx timeout [ 3391.553588][ 7] [T264732] Bluetooth: hci0: Opcode 0x0c01 failed: -110 [ 3393.569514][ 3] [T247244] Bluetooth: hci0: command 0x0c01 tx timeout [ 3393.569515][ 3] [T264732] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 3393.709645][ 6] [T104579] usb 10-1: new full-speed USB device number 95 using xhci-hcd [ 3393.862194][ 6] [T104579] usb 10-1: New USB device found, idVendor=13d3, idProduct=3570, bcdDevice= 0.00 [ 3393.862205][ 6] [T104579] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3393.862208][ 6] [T104579] usb 10-1: Product: Bluetooth Radio [ 3393.862210][ 6] [T104579] usb 10-1: Manufacturer: Realtek [ 3393.862212][ 6] [T104579] usb 10-1: SerialNumber: 00e04c000001 [ 3393.867589][ 6] [T247244] Bluetooth: hci1: RTL: examining hci_ver=0b hci_rev=000b lmp_ver=0b lmp_subver=8852 [ 3393.868573][ 6] [T247244] Bluetooth: hci1: RTL: rom_version status=0 version=1 [ 3393.868583][ 6] [T247244] Bluetooth: hci1: RTL: loading rtl_bt/rtl8852bu_fw.bin [ 3393.868672][ 6] [T247244] Bluetooth: hci1: RTL: loading rtl_bt/rtl8852bu_config.bin [ 3393.869699][ 6] [T247244] Bluetooth: hci1: RTL: cfg_sz 6, total sz 65603 The call sequence in question is as follows: usb disconnect: btusb_disconnect hci_unregister_dev hci_dev_set_flag hci_cmd_sync_clear hci_unregister_suspend_notifier hci_dev_do_close device_del device resume: hci_suspend_notifier hci_resume_dev hci_resume_sync hci_set_event_mask_sync __hci_cmd_sync_status __hci_cmd_sync_status_sk __hci_cmd_sync_sk wait_event_interruptible_timeout The output after adding debug information in question is as follows: [ 6378.366215][ 6] [T434033] hci_resume_dev hci name hci0 [ 6378.366218][ 6] [T434033] hci_resume_sync set event mask sync [ 6378.366219][ 6] [T434033] hci_set_event_mask_sync [ 6378.366220][ 6] [T434033] __hci_cmd_sync_sk hci name hci0 Opcode 0x0c01 [ 6378.366227][ 6] [T434033] __hci_cmd_sync_sk wait event interruptible timeout [ 6378.367632][ 6] [T420012] btusb_disconnect intf 0000000024117fc1 [ 6378.367637][ 6] [T420012] btusb_disconnect hci_unregister_dev [ 6378.367638][ 6] [T420012] hci_unregister_dev 0000000064bfd783 name hci0 bus 1 [ 6378.367641][ 6] [T420012] hci_unregister_dev set flag [ 6378.367804][ 6] [T420012] hci_unregister_dev cmd sync clear [ 6378.367807][ 6] [T420012] hci_unregister_dev unregister suspend notifier [ 6380.367544][ 6] [T434033] __hci_cmd_sync_sk cmd timeout [ 6380.367542][ 6] [T197498] Bluetooth: hci0: command 0x0c01 tx timeout [ 6380.367550][ 6] [T434033] __hci_cmd_sync_sk hci0 end: err -110 [ 6380.367552][ 6] [T434033] Bluetooth: hci0: Opcode 0x0c01 failed: -110 [ 6380.367555][ 6] [T434033] hci_resume_sync clear event filter [ 6380.367556][ 6] [T434033] hci_resume_sync resume scan sync [ 6380.367558][ 6] [T434033] __hci_cmd_sync_sk hci name hci0 Opcode 0x0c1a [ 6380.367561][ 6] [T434033] __hci_cmd_sync_sk wait event interruptible timeout [ 6382.383538][ 6] [T197498] Bluetooth: hci0: command 0x0c01 tx timeout [ 6382.383593][ 6] [T434033] __hci_cmd_sync_sk hci0 end: err -110 [ 6382.383597][ 6] [T434033] Bluetooth: hci0: Opcode 0x0c1a failed: -110 The output after adding debug information in normal is as follows: [50.039156][ 6] [ T8360] btusb_disconnect intf 00000000fca35842 [50.039160][ 6] [ T8360] btusb_disconnect hci_unregister_dev [50.039162][ 6] [ T8360] hci_unregister_dev 000000002422b946 name hci0 bus 1 [50.039164][ 6] [ T8360] hci_unregister_dev set flag [50.039224][ 6] [ T8360] hci_unregister_dev cmd sync clear [50.039227][ 5] [ T8360] hci_unregister_dev unregister suspend notifier [50.043542][ 5] [ T8284] hci_resume_dev hci name hci0 This patch add hci_cancel_cmd_sync in hci_unregister_dev to wake up hdev->req_wait_q, and stop __hci_cmd_sync_sk by judging the HCI_UNREGISTER flag. Then stopping hci_resume_dev process based on the returned error code. Fixes: 182ee45da083 ("Bluetooth: hci_sync: Rework hci_suspend_notifier") Cc: stable(a)vger.kernel.org Signed-off-by: zhangchen <zhangchen01(a)kylinos.cn> --- net/bluetooth/hci_core.c | 6 ++++++ net/bluetooth/hci_sync.c | 22 ++++++++++++++++------ 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 3418d7b964a1..c977bcba3e76 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -50,6 +50,7 @@ static void hci_rx_work(struct work_struct *work); static void hci_cmd_work(struct work_struct *work); static void hci_tx_work(struct work_struct *work); +static void hci_cancel_cmd_sync(struct hci_dev *hdev, int err); /* HCI device list */ LIST_HEAD(hci_dev_list); @@ -2695,6 +2696,8 @@ void hci_unregister_dev(struct hci_dev *hdev) hci_dev_set_flag(hdev, HCI_UNREGISTER); mutex_unlock(&hdev->unregister_lock); + hci_cancel_cmd_sync(hdev, EINTR); + write_lock(&hci_dev_list_lock); list_del(&hdev->list); write_unlock(&hci_dev_list_lock); @@ -2877,6 +2880,9 @@ int hci_resume_dev(struct hci_dev *hdev) ret = hci_resume_sync(hdev); hci_req_sync_unlock(hdev); + if (ret && hci_dev_test_flag(hdev, HCI_UNREGISTER)) + return 0; + mgmt_resuming(hdev, hdev->wake_reason, &hdev->wake_addr, hdev->wake_addr_type); diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index 6e76798ec786..f48d34fbfff2 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -174,10 +174,11 @@ struct sk_buff *__hci_cmd_sync_sk(struct hci_dev *hdev, u16 opcode, u32 plen, return ERR_PTR(err); err = wait_event_interruptible_timeout(hdev->req_wait_q, - hdev->req_status != HCI_REQ_PEND, + hdev->req_status != HCI_REQ_PEND || + hci_dev_test_flag(hdev, HCI_UNREGISTER), timeout); - if (err == -ERESTARTSYS) + if (err == -ERESTARTSYS || hci_dev_test_flag(hdev, HCI_UNREGISTER)) return ERR_PTR(-EINTR); switch (hdev->req_status) { @@ -6296,6 +6297,7 @@ static int hci_resume_scan_sync(struct hci_dev *hdev) */ int hci_resume_sync(struct hci_dev *hdev) { + int err; /* If not marked as suspended there nothing to do */ if (!hdev->suspended) return 0; @@ -6303,10 +6305,14 @@ int hci_resume_sync(struct hci_dev *hdev) hdev->suspended = false; /* Restore event mask */ - hci_set_event_mask_sync(hdev); + err = hci_set_event_mask_sync(hdev); + if (err && hci_dev_test_flag(hdev, HCI_UNREGISTER)) + return err; /* Clear any event filters and restore scan state */ - hci_clear_event_filter_sync(hdev); + err = hci_clear_event_filter_sync(hdev); + if (err && hci_dev_test_flag(hdev, HCI_UNREGISTER)) + return err; /* Resume scanning */ hci_resume_scan_sync(hdev); @@ -6315,10 +6321,14 @@ int hci_resume_sync(struct hci_dev *hdev) hci_resume_monitor_sync(hdev); /* Resume other advertisements */ - hci_resume_advertising_sync(hdev); + err = hci_resume_advertising_sync(hdev); + if (err && hci_dev_test_flag(hdev, HCI_UNREGISTER)) + return err; /* Resume discovery */ - hci_resume_discovery_sync(hdev); + err = hci_resume_discovery_sync(hdev); + if (err && hci_dev_test_flag(hdev, HCI_UNREGISTER)) + return err; return 0; } -- 2.25.1

1 month

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror