- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] s390/pci: Fix stale function handles in error handling" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 45537926dd2aaa9190ac0fac5a0fbeefcadfea95 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070623-pacific-brewery-7cd2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 45537926dd2aaa9190ac0fac5a0fbeefcadfea95 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Wed, 25 Jun 2025 11:28:28 +0200 Subject: [PATCH] s390/pci: Fix stale function handles in error handling The error event information for PCI error events contains a function handle for the respective function. This handle is generally captured at the time the error event was recorded. Due to delays in processing or cascading issues, it may happen that during firmware recovery multiple events are generated. When processing these events in order Linux may already have recovered an affected function making the event information stale. Fix this by doing an unconditional CLP List PCI function retrieving the current function handle with the zdev->state_lock held and ignoring the event if its function handle is stale. Cc: stable(a)vger.kernel.org Fixes: 4cdf2f4e24ff ("s390/pci: implement minimal PCI error recovery") Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Farhan Ali <alifm(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 2fbee3887d13..82ee2578279a 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -273,6 +273,8 @@ static void __zpci_event_error(struct zpci_ccdf_err *ccdf) struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); struct pci_dev *pdev = NULL; pci_ers_result_t ers_res; + u32 fh = 0; + int rc; zpci_dbg(3, "err fid:%x, fh:%x, pec:%x\n", ccdf->fid, ccdf->fh, ccdf->pec); @@ -281,6 +283,15 @@ static void __zpci_event_error(struct zpci_ccdf_err *ccdf) if (zdev) { mutex_lock(&zdev->state_lock); + rc = clp_refresh_fh(zdev->fid, &fh); + if (rc) + goto no_pdev; + if (!fh || ccdf->fh != fh) { + /* Ignore events with stale handles */ + zpci_dbg(3, "err fid:%x, fh:%x (stale %x)\n", + ccdf->fid, fh, ccdf->fh); + goto no_pdev; + } zpci_update_fh(zdev, ccdf->fh); if (zdev->zbus->bus) pdev = pci_get_slot(zdev->zbus->bus, zdev->devfn);

1 day, 21 hours

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Fix stale function handles in error handling" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 45537926dd2aaa9190ac0fac5a0fbeefcadfea95 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070622-clay-crimp-7cf6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 45537926dd2aaa9190ac0fac5a0fbeefcadfea95 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Wed, 25 Jun 2025 11:28:28 +0200 Subject: [PATCH] s390/pci: Fix stale function handles in error handling The error event information for PCI error events contains a function handle for the respective function. This handle is generally captured at the time the error event was recorded. Due to delays in processing or cascading issues, it may happen that during firmware recovery multiple events are generated. When processing these events in order Linux may already have recovered an affected function making the event information stale. Fix this by doing an unconditional CLP List PCI function retrieving the current function handle with the zdev->state_lock held and ignoring the event if its function handle is stale. Cc: stable(a)vger.kernel.org Fixes: 4cdf2f4e24ff ("s390/pci: implement minimal PCI error recovery") Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Farhan Ali <alifm(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c index 2fbee3887d13..82ee2578279a 100644 --- a/arch/s390/pci/pci_event.c +++ b/arch/s390/pci/pci_event.c @@ -273,6 +273,8 @@ static void __zpci_event_error(struct zpci_ccdf_err *ccdf) struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid); struct pci_dev *pdev = NULL; pci_ers_result_t ers_res; + u32 fh = 0; + int rc; zpci_dbg(3, "err fid:%x, fh:%x, pec:%x\n", ccdf->fid, ccdf->fh, ccdf->pec); @@ -281,6 +283,15 @@ static void __zpci_event_error(struct zpci_ccdf_err *ccdf) if (zdev) { mutex_lock(&zdev->state_lock); + rc = clp_refresh_fh(zdev->fid, &fh); + if (rc) + goto no_pdev; + if (!fh || ccdf->fh != fh) { + /* Ignore events with stale handles */ + zpci_dbg(3, "err fid:%x, fh:%x (stale %x)\n", + ccdf->fid, fh, ccdf->fh); + goto no_pdev; + } zpci_update_fh(zdev, ccdf->fh); if (zdev->zbus->bus) pdev = pci_get_slot(zdev->zbus->bus, zdev->devfn);

1 day, 21 hours

1
0
0 0

FAILED: patch "[PATCH] virtio-net: ensure the received length does not exceed" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 315dbdd7cdf6aa533829774caaf4d25f1fd20e73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070649-freezing-truce-2745@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 315dbdd7cdf6aa533829774caaf4d25f1fd20e73 Mon Sep 17 00:00:00 2001 From: Bui Quang Minh <minhquangbui99(a)gmail.com> Date: Mon, 30 Jun 2025 21:42:10 +0700 Subject: [PATCH] virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. Cc: <stable(a)vger.kernel.org> Fixes: 4941d472bf95 ("virtio-net: do not reset during XDP set") Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Link: https://patch.msgid.link/20250630144212.48471-2-minhquangbui99@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..31661bcb3932 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -778,6 +778,26 @@ static unsigned int mergeable_ctx_to_truesize(void *mrg_ctx) return (unsigned long)mrg_ctx & ((1 << MRG_CTX_HEADER_SHIFT) - 1); } +static int check_mergeable_len(struct net_device *dev, void *mrg_ctx, + unsigned int len) +{ + unsigned int headroom, tailroom, room, truesize; + + truesize = mergeable_ctx_to_truesize(mrg_ctx); + headroom = mergeable_ctx_to_headroom(mrg_ctx); + tailroom = headroom ? sizeof(struct skb_shared_info) : 0; + room = SKB_DATA_ALIGN(headroom + tailroom); + + if (len > truesize - room) { + pr_debug("%s: rx error: len %u exceeds truesize %lu\n", + dev->name, len, (unsigned long)(truesize - room)); + DEV_STATS_INC(dev, rx_length_errors); + return -1; + } + + return 0; +} + static struct sk_buff *virtnet_build_skb(void *buf, unsigned int buflen, unsigned int headroom, unsigned int len) @@ -1797,7 +1817,8 @@ static unsigned int virtnet_get_headroom(struct virtnet_info *vi) * across multiple buffers (num_buf > 1), and we make sure buffers * have enough headroom. */ -static struct page *xdp_linearize_page(struct receive_queue *rq, +static struct page *xdp_linearize_page(struct net_device *dev, + struct receive_queue *rq, int *num_buf, struct page *p, int offset, @@ -1817,18 +1838,27 @@ static struct page *xdp_linearize_page(struct receive_queue *rq, memcpy(page_address(page) + page_off, page_address(p) + offset, *len); page_off += *len; + /* Only mergeable mode can go inside this while loop. In small mode, + * *num_buf == 1, so it cannot go inside. + */ while (--*num_buf) { unsigned int buflen; void *buf; + void *ctx; int off; - buf = virtnet_rq_get_buf(rq, &buflen, NULL); + buf = virtnet_rq_get_buf(rq, &buflen, &ctx); if (unlikely(!buf)) goto err_buf; p = virt_to_head_page(buf); off = buf - page_address(p); + if (check_mergeable_len(dev, ctx, buflen)) { + put_page(p); + goto err_buf; + } + /* guard against a misconfigured or uncooperative backend that * is sending packet larger than the MTU. */ @@ -1917,7 +1947,7 @@ static struct sk_buff *receive_small_xdp(struct net_device *dev, headroom = vi->hdr_len + header_offset; buflen = SKB_DATA_ALIGN(GOOD_PACKET_LEN + headroom) + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); - xdp_page = xdp_linearize_page(rq, &num_buf, page, + xdp_page = xdp_linearize_page(dev, rq, &num_buf, page, offset, header_offset, &tlen); if (!xdp_page) @@ -2252,7 +2282,7 @@ static void *mergeable_xdp_get_buf(struct virtnet_info *vi, */ if (!xdp_prog->aux->xdp_has_frags) { /* linearize data for XDP */ - xdp_page = xdp_linearize_page(rq, num_buf, + xdp_page = xdp_linearize_page(vi->dev, rq, num_buf, *page, offset, XDP_PACKET_HEADROOM, len);

1 day, 21 hours

1
0
0 0

FAILED: patch "[PATCH] virtio-net: ensure the received length does not exceed" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 315dbdd7cdf6aa533829774caaf4d25f1fd20e73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070649-bauble-banish-de72@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 315dbdd7cdf6aa533829774caaf4d25f1fd20e73 Mon Sep 17 00:00:00 2001 From: Bui Quang Minh <minhquangbui99(a)gmail.com> Date: Mon, 30 Jun 2025 21:42:10 +0700 Subject: [PATCH] virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. Cc: <stable(a)vger.kernel.org> Fixes: 4941d472bf95 ("virtio-net: do not reset during XDP set") Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Link: https://patch.msgid.link/20250630144212.48471-2-minhquangbui99@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..31661bcb3932 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -778,6 +778,26 @@ static unsigned int mergeable_ctx_to_truesize(void *mrg_ctx) return (unsigned long)mrg_ctx & ((1 << MRG_CTX_HEADER_SHIFT) - 1); } +static int check_mergeable_len(struct net_device *dev, void *mrg_ctx, + unsigned int len) +{ + unsigned int headroom, tailroom, room, truesize; + + truesize = mergeable_ctx_to_truesize(mrg_ctx); + headroom = mergeable_ctx_to_headroom(mrg_ctx); + tailroom = headroom ? sizeof(struct skb_shared_info) : 0; + room = SKB_DATA_ALIGN(headroom + tailroom); + + if (len > truesize - room) { + pr_debug("%s: rx error: len %u exceeds truesize %lu\n", + dev->name, len, (unsigned long)(truesize - room)); + DEV_STATS_INC(dev, rx_length_errors); + return -1; + } + + return 0; +} + static struct sk_buff *virtnet_build_skb(void *buf, unsigned int buflen, unsigned int headroom, unsigned int len) @@ -1797,7 +1817,8 @@ static unsigned int virtnet_get_headroom(struct virtnet_info *vi) * across multiple buffers (num_buf > 1), and we make sure buffers * have enough headroom. */ -static struct page *xdp_linearize_page(struct receive_queue *rq, +static struct page *xdp_linearize_page(struct net_device *dev, + struct receive_queue *rq, int *num_buf, struct page *p, int offset, @@ -1817,18 +1838,27 @@ static struct page *xdp_linearize_page(struct receive_queue *rq, memcpy(page_address(page) + page_off, page_address(p) + offset, *len); page_off += *len; + /* Only mergeable mode can go inside this while loop. In small mode, + * *num_buf == 1, so it cannot go inside. + */ while (--*num_buf) { unsigned int buflen; void *buf; + void *ctx; int off; - buf = virtnet_rq_get_buf(rq, &buflen, NULL); + buf = virtnet_rq_get_buf(rq, &buflen, &ctx); if (unlikely(!buf)) goto err_buf; p = virt_to_head_page(buf); off = buf - page_address(p); + if (check_mergeable_len(dev, ctx, buflen)) { + put_page(p); + goto err_buf; + } + /* guard against a misconfigured or uncooperative backend that * is sending packet larger than the MTU. */ @@ -1917,7 +1947,7 @@ static struct sk_buff *receive_small_xdp(struct net_device *dev, headroom = vi->hdr_len + header_offset; buflen = SKB_DATA_ALIGN(GOOD_PACKET_LEN + headroom) + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); - xdp_page = xdp_linearize_page(rq, &num_buf, page, + xdp_page = xdp_linearize_page(dev, rq, &num_buf, page, offset, header_offset, &tlen); if (!xdp_page) @@ -2252,7 +2282,7 @@ static void *mergeable_xdp_get_buf(struct virtnet_info *vi, */ if (!xdp_prog->aux->xdp_has_frags) { /* linearize data for XDP */ - xdp_page = xdp_linearize_page(rq, num_buf, + xdp_page = xdp_linearize_page(vi->dev, rq, num_buf, *page, offset, XDP_PACKET_HEADROOM, len);

1 day, 21 hours

1
0
0 0

FAILED: patch "[PATCH] virtio-net: ensure the received length does not exceed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 315dbdd7cdf6aa533829774caaf4d25f1fd20e73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070648-capitol-stained-1407@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 315dbdd7cdf6aa533829774caaf4d25f1fd20e73 Mon Sep 17 00:00:00 2001 From: Bui Quang Minh <minhquangbui99(a)gmail.com> Date: Mon, 30 Jun 2025 21:42:10 +0700 Subject: [PATCH] virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. Cc: <stable(a)vger.kernel.org> Fixes: 4941d472bf95 ("virtio-net: do not reset during XDP set") Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Link: https://patch.msgid.link/20250630144212.48471-2-minhquangbui99@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..31661bcb3932 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -778,6 +778,26 @@ static unsigned int mergeable_ctx_to_truesize(void *mrg_ctx) return (unsigned long)mrg_ctx & ((1 << MRG_CTX_HEADER_SHIFT) - 1); } +static int check_mergeable_len(struct net_device *dev, void *mrg_ctx, + unsigned int len) +{ + unsigned int headroom, tailroom, room, truesize; + + truesize = mergeable_ctx_to_truesize(mrg_ctx); + headroom = mergeable_ctx_to_headroom(mrg_ctx); + tailroom = headroom ? sizeof(struct skb_shared_info) : 0; + room = SKB_DATA_ALIGN(headroom + tailroom); + + if (len > truesize - room) { + pr_debug("%s: rx error: len %u exceeds truesize %lu\n", + dev->name, len, (unsigned long)(truesize - room)); + DEV_STATS_INC(dev, rx_length_errors); + return -1; + } + + return 0; +} + static struct sk_buff *virtnet_build_skb(void *buf, unsigned int buflen, unsigned int headroom, unsigned int len) @@ -1797,7 +1817,8 @@ static unsigned int virtnet_get_headroom(struct virtnet_info *vi) * across multiple buffers (num_buf > 1), and we make sure buffers * have enough headroom. */ -static struct page *xdp_linearize_page(struct receive_queue *rq, +static struct page *xdp_linearize_page(struct net_device *dev, + struct receive_queue *rq, int *num_buf, struct page *p, int offset, @@ -1817,18 +1838,27 @@ static struct page *xdp_linearize_page(struct receive_queue *rq, memcpy(page_address(page) + page_off, page_address(p) + offset, *len); page_off += *len; + /* Only mergeable mode can go inside this while loop. In small mode, + * *num_buf == 1, so it cannot go inside. + */ while (--*num_buf) { unsigned int buflen; void *buf; + void *ctx; int off; - buf = virtnet_rq_get_buf(rq, &buflen, NULL); + buf = virtnet_rq_get_buf(rq, &buflen, &ctx); if (unlikely(!buf)) goto err_buf; p = virt_to_head_page(buf); off = buf - page_address(p); + if (check_mergeable_len(dev, ctx, buflen)) { + put_page(p); + goto err_buf; + } + /* guard against a misconfigured or uncooperative backend that * is sending packet larger than the MTU. */ @@ -1917,7 +1947,7 @@ static struct sk_buff *receive_small_xdp(struct net_device *dev, headroom = vi->hdr_len + header_offset; buflen = SKB_DATA_ALIGN(GOOD_PACKET_LEN + headroom) + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); - xdp_page = xdp_linearize_page(rq, &num_buf, page, + xdp_page = xdp_linearize_page(dev, rq, &num_buf, page, offset, header_offset, &tlen); if (!xdp_page) @@ -2252,7 +2282,7 @@ static void *mergeable_xdp_get_buf(struct virtnet_info *vi, */ if (!xdp_prog->aux->xdp_has_frags) { /* linearize data for XDP */ - xdp_page = xdp_linearize_page(rq, num_buf, + xdp_page = xdp_linearize_page(vi->dev, rq, num_buf, *page, offset, XDP_PACKET_HEADROOM, len);

1 day, 21 hours

1
0
0 0

FAILED: patch "[PATCH] virtio-net: ensure the received length does not exceed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 315dbdd7cdf6aa533829774caaf4d25f1fd20e73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070648-purist-custody-51f7@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 315dbdd7cdf6aa533829774caaf4d25f1fd20e73 Mon Sep 17 00:00:00 2001 From: Bui Quang Minh <minhquangbui99(a)gmail.com> Date: Mon, 30 Jun 2025 21:42:10 +0700 Subject: [PATCH] virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an out-of-bound read. This commit adds that missing check. Cc: <stable(a)vger.kernel.org> Fixes: 4941d472bf95 ("virtio-net: do not reset during XDP set") Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Link: https://patch.msgid.link/20250630144212.48471-2-minhquangbui99@gmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..31661bcb3932 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -778,6 +778,26 @@ static unsigned int mergeable_ctx_to_truesize(void *mrg_ctx) return (unsigned long)mrg_ctx & ((1 << MRG_CTX_HEADER_SHIFT) - 1); } +static int check_mergeable_len(struct net_device *dev, void *mrg_ctx, + unsigned int len) +{ + unsigned int headroom, tailroom, room, truesize; + + truesize = mergeable_ctx_to_truesize(mrg_ctx); + headroom = mergeable_ctx_to_headroom(mrg_ctx); + tailroom = headroom ? sizeof(struct skb_shared_info) : 0; + room = SKB_DATA_ALIGN(headroom + tailroom); + + if (len > truesize - room) { + pr_debug("%s: rx error: len %u exceeds truesize %lu\n", + dev->name, len, (unsigned long)(truesize - room)); + DEV_STATS_INC(dev, rx_length_errors); + return -1; + } + + return 0; +} + static struct sk_buff *virtnet_build_skb(void *buf, unsigned int buflen, unsigned int headroom, unsigned int len) @@ -1797,7 +1817,8 @@ static unsigned int virtnet_get_headroom(struct virtnet_info *vi) * across multiple buffers (num_buf > 1), and we make sure buffers * have enough headroom. */ -static struct page *xdp_linearize_page(struct receive_queue *rq, +static struct page *xdp_linearize_page(struct net_device *dev, + struct receive_queue *rq, int *num_buf, struct page *p, int offset, @@ -1817,18 +1838,27 @@ static struct page *xdp_linearize_page(struct receive_queue *rq, memcpy(page_address(page) + page_off, page_address(p) + offset, *len); page_off += *len; + /* Only mergeable mode can go inside this while loop. In small mode, + * *num_buf == 1, so it cannot go inside. + */ while (--*num_buf) { unsigned int buflen; void *buf; + void *ctx; int off; - buf = virtnet_rq_get_buf(rq, &buflen, NULL); + buf = virtnet_rq_get_buf(rq, &buflen, &ctx); if (unlikely(!buf)) goto err_buf; p = virt_to_head_page(buf); off = buf - page_address(p); + if (check_mergeable_len(dev, ctx, buflen)) { + put_page(p); + goto err_buf; + } + /* guard against a misconfigured or uncooperative backend that * is sending packet larger than the MTU. */ @@ -1917,7 +1947,7 @@ static struct sk_buff *receive_small_xdp(struct net_device *dev, headroom = vi->hdr_len + header_offset; buflen = SKB_DATA_ALIGN(GOOD_PACKET_LEN + headroom) + SKB_DATA_ALIGN(sizeof(struct skb_shared_info)); - xdp_page = xdp_linearize_page(rq, &num_buf, page, + xdp_page = xdp_linearize_page(dev, rq, &num_buf, page, offset, header_offset, &tlen); if (!xdp_page) @@ -2252,7 +2282,7 @@ static void *mergeable_xdp_get_buf(struct virtnet_info *vi, */ if (!xdp_prog->aux->xdp_has_frags) { /* linearize data for XDP */ - xdp_page = xdp_linearize_page(rq, num_buf, + xdp_page = xdp_linearize_page(vi->dev, rq, num_buf, *page, offset, XDP_PACKET_HEADROOM, len);

1 day, 21 hours

1
0
0 0

FAILED: patch "[PATCH] net: wangxun: revert the adjustment of the IRQ vector" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x e37546ad1f9b2c777d3a21d7e50ce265ee3dece8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070626-come-nappy-3fec@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e37546ad1f9b2c777d3a21d7e50ce265ee3dece8 Mon Sep 17 00:00:00 2001 From: Jiawen Wu <jiawenwu(a)trustnetic.com> Date: Tue, 1 Jul 2025 14:30:29 +0800 Subject: [PATCH] net: wangxun: revert the adjustment of the IRQ vector sequence Due to hardware limitations of NGBE, queue IRQs can only be requested on vector 0 to 7. When the number of queues is set to the maximum 8, the PCI IRQ vectors are allocated from 0 to 8. The vector 0 is used by MISC interrupt, and althrough the vector 8 is used by queue interrupt, it is unable to receive packets. This will cause some packets to be dropped when RSS is enabled and they are assigned to queue 8. So revert the adjustment of the MISC IRQ location, to make it be the last one in IRQ vectors. Fixes: 937d46ecc5f9 ("net: wangxun: add ethtool_ops for channel number") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Larysa Zaremba <larysa.zaremba(a)intel.com> Link: https://patch.msgid.link/20250701063030.59340-3-jiawenwu@trustnetic.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 59840ba9c1fe..835d60bd5fbc 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -1747,7 +1747,7 @@ static void wx_set_num_queues(struct wx *wx) */ static int wx_acquire_msix_vectors(struct wx *wx) { - struct irq_affinity affd = { .pre_vectors = 1 }; + struct irq_affinity affd = { .post_vectors = 1 }; int nvecs, i; /* We start by asking for one vector per queue pair */ @@ -1784,16 +1784,17 @@ static int wx_acquire_msix_vectors(struct wx *wx) return nvecs; } - wx->msix_entry->entry = 0; - wx->msix_entry->vector = pci_irq_vector(wx->pdev, 0); nvecs -= 1; for (i = 0; i < nvecs; i++) { wx->msix_q_entries[i].entry = i; - wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i + 1); + wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i); } wx->num_q_vectors = nvecs; + wx->msix_entry->entry = nvecs; + wx->msix_entry->vector = pci_irq_vector(wx->pdev, nvecs); + return 0; } @@ -2300,8 +2301,6 @@ static void wx_set_ivar(struct wx *wx, s8 direction, wr32(wx, WX_PX_MISC_IVAR, ivar); } else { /* tx or rx causes */ - if (!(wx->mac.type == wx_mac_em && wx->num_vfs == 7)) - msix_vector += 1; /* offset for queue vectors */ msix_vector |= WX_PX_IVAR_ALLOC_VAL; index = ((16 * (queue & 1)) + (8 * direction)); ivar = rd32(wx, WX_PX_IVAR(queue >> 1)); @@ -2340,7 +2339,7 @@ void wx_write_eitr(struct wx_q_vector *q_vector) itr_reg |= WX_PX_ITR_CNT_WDIS; - wr32(wx, WX_PX_ITR(v_idx + 1), itr_reg); + wr32(wx, WX_PX_ITR(v_idx), itr_reg); } /** @@ -2393,9 +2392,9 @@ void wx_configure_vectors(struct wx *wx) wx_write_eitr(q_vector); } - wx_set_ivar(wx, -1, 0, 0); + wx_set_ivar(wx, -1, 0, v_idx); if (pdev->msix_enabled) - wr32(wx, WX_PX_ITR(0), 1950); + wr32(wx, WX_PX_ITR(v_idx), 1950); } EXPORT_SYMBOL(wx_configure_vectors); diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index 7730c9fc3e02..d392394791b3 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -1343,7 +1343,7 @@ struct wx { }; #define WX_INTR_ALL (~0ULL) -#define WX_INTR_Q(i) BIT((i) + 1) +#define WX_INTR_Q(i) BIT((i)) /* register operations */ #define wr32(a, reg, value) writel((value), ((a)->hw_addr + (reg))) diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c index b5022c49dc5e..68415a7ef12f 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c @@ -161,7 +161,7 @@ static void ngbe_irq_enable(struct wx *wx, bool queues) if (queues) wx_intr_enable(wx, NGBE_INTR_ALL); else - wx_intr_enable(wx, NGBE_INTR_MISC); + wx_intr_enable(wx, NGBE_INTR_MISC(wx)); } /** diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h index bb74263f0498..6eca6de475f7 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h @@ -87,7 +87,7 @@ #define NGBE_PX_MISC_IC_TIMESYNC BIT(11) /* time sync */ #define NGBE_INTR_ALL 0x1FF -#define NGBE_INTR_MISC BIT(0) +#define NGBE_INTR_MISC(A) BIT((A)->num_q_vectors) #define NGBE_PHY_CONFIG(reg_offset) (0x14000 + ((reg_offset) * 4)) #define NGBE_CFG_LAN_SPEED 0x14440 diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c index dc468053bdf8..3885283681ec 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c @@ -31,7 +31,7 @@ void txgbe_irq_enable(struct wx *wx, bool queues) wr32(wx, WX_PX_MISC_IEN, misc_ien); /* unmask interrupt */ - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); if (queues) wx_intr_enable(wx, TXGBE_INTR_QALL(wx)); } @@ -131,7 +131,7 @@ static irqreturn_t txgbe_misc_irq_handle(int irq, void *data) txgbe->eicr = eicr; if (eicr & TXGBE_PX_MISC_IC_VF_MBOX) { wx_msg_task(txgbe->wx); - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); } return IRQ_WAKE_THREAD; } @@ -183,7 +183,7 @@ static irqreturn_t txgbe_misc_irq_thread_fn(int irq, void *data) nhandled++; } - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); return (nhandled > 0 ? IRQ_HANDLED : IRQ_NONE); } diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h index 42ec815159e8..41915d7dd372 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h @@ -302,8 +302,8 @@ struct txgbe_fdir_filter { #define TXGBE_DEFAULT_RX_WORK 128 #endif -#define TXGBE_INTR_MISC BIT(0) -#define TXGBE_INTR_QALL(A) GENMASK((A)->num_q_vectors, 1) +#define TXGBE_INTR_MISC(A) BIT((A)->num_q_vectors) +#define TXGBE_INTR_QALL(A) (TXGBE_INTR_MISC(A) - 1) #define TXGBE_MAX_EITR GENMASK(11, 3)

1 day, 21 hours

1
0
0 0

FAILED: patch "[PATCH] net: wangxun: revert the adjustment of the IRQ vector" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x e37546ad1f9b2c777d3a21d7e50ce265ee3dece8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025070625-walnut-bargraph-970b@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e37546ad1f9b2c777d3a21d7e50ce265ee3dece8 Mon Sep 17 00:00:00 2001 From: Jiawen Wu <jiawenwu(a)trustnetic.com> Date: Tue, 1 Jul 2025 14:30:29 +0800 Subject: [PATCH] net: wangxun: revert the adjustment of the IRQ vector sequence Due to hardware limitations of NGBE, queue IRQs can only be requested on vector 0 to 7. When the number of queues is set to the maximum 8, the PCI IRQ vectors are allocated from 0 to 8. The vector 0 is used by MISC interrupt, and althrough the vector 8 is used by queue interrupt, it is unable to receive packets. This will cause some packets to be dropped when RSS is enabled and they are assigned to queue 8. So revert the adjustment of the MISC IRQ location, to make it be the last one in IRQ vectors. Fixes: 937d46ecc5f9 ("net: wangxun: add ethtool_ops for channel number") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Larysa Zaremba <larysa.zaremba(a)intel.com> Link: https://patch.msgid.link/20250701063030.59340-3-jiawenwu@trustnetic.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 59840ba9c1fe..835d60bd5fbc 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -1747,7 +1747,7 @@ static void wx_set_num_queues(struct wx *wx) */ static int wx_acquire_msix_vectors(struct wx *wx) { - struct irq_affinity affd = { .pre_vectors = 1 }; + struct irq_affinity affd = { .post_vectors = 1 }; int nvecs, i; /* We start by asking for one vector per queue pair */ @@ -1784,16 +1784,17 @@ static int wx_acquire_msix_vectors(struct wx *wx) return nvecs; } - wx->msix_entry->entry = 0; - wx->msix_entry->vector = pci_irq_vector(wx->pdev, 0); nvecs -= 1; for (i = 0; i < nvecs; i++) { wx->msix_q_entries[i].entry = i; - wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i + 1); + wx->msix_q_entries[i].vector = pci_irq_vector(wx->pdev, i); } wx->num_q_vectors = nvecs; + wx->msix_entry->entry = nvecs; + wx->msix_entry->vector = pci_irq_vector(wx->pdev, nvecs); + return 0; } @@ -2300,8 +2301,6 @@ static void wx_set_ivar(struct wx *wx, s8 direction, wr32(wx, WX_PX_MISC_IVAR, ivar); } else { /* tx or rx causes */ - if (!(wx->mac.type == wx_mac_em && wx->num_vfs == 7)) - msix_vector += 1; /* offset for queue vectors */ msix_vector |= WX_PX_IVAR_ALLOC_VAL; index = ((16 * (queue & 1)) + (8 * direction)); ivar = rd32(wx, WX_PX_IVAR(queue >> 1)); @@ -2340,7 +2339,7 @@ void wx_write_eitr(struct wx_q_vector *q_vector) itr_reg |= WX_PX_ITR_CNT_WDIS; - wr32(wx, WX_PX_ITR(v_idx + 1), itr_reg); + wr32(wx, WX_PX_ITR(v_idx), itr_reg); } /** @@ -2393,9 +2392,9 @@ void wx_configure_vectors(struct wx *wx) wx_write_eitr(q_vector); } - wx_set_ivar(wx, -1, 0, 0); + wx_set_ivar(wx, -1, 0, v_idx); if (pdev->msix_enabled) - wr32(wx, WX_PX_ITR(0), 1950); + wr32(wx, WX_PX_ITR(v_idx), 1950); } EXPORT_SYMBOL(wx_configure_vectors); diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index 7730c9fc3e02..d392394791b3 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -1343,7 +1343,7 @@ struct wx { }; #define WX_INTR_ALL (~0ULL) -#define WX_INTR_Q(i) BIT((i) + 1) +#define WX_INTR_Q(i) BIT((i)) /* register operations */ #define wr32(a, reg, value) writel((value), ((a)->hw_addr + (reg))) diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c index b5022c49dc5e..68415a7ef12f 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_main.c @@ -161,7 +161,7 @@ static void ngbe_irq_enable(struct wx *wx, bool queues) if (queues) wx_intr_enable(wx, NGBE_INTR_ALL); else - wx_intr_enable(wx, NGBE_INTR_MISC); + wx_intr_enable(wx, NGBE_INTR_MISC(wx)); } /** diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h index bb74263f0498..6eca6de475f7 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_type.h @@ -87,7 +87,7 @@ #define NGBE_PX_MISC_IC_TIMESYNC BIT(11) /* time sync */ #define NGBE_INTR_ALL 0x1FF -#define NGBE_INTR_MISC BIT(0) +#define NGBE_INTR_MISC(A) BIT((A)->num_q_vectors) #define NGBE_PHY_CONFIG(reg_offset) (0x14000 + ((reg_offset) * 4)) #define NGBE_CFG_LAN_SPEED 0x14440 diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c index dc468053bdf8..3885283681ec 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c @@ -31,7 +31,7 @@ void txgbe_irq_enable(struct wx *wx, bool queues) wr32(wx, WX_PX_MISC_IEN, misc_ien); /* unmask interrupt */ - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); if (queues) wx_intr_enable(wx, TXGBE_INTR_QALL(wx)); } @@ -131,7 +131,7 @@ static irqreturn_t txgbe_misc_irq_handle(int irq, void *data) txgbe->eicr = eicr; if (eicr & TXGBE_PX_MISC_IC_VF_MBOX) { wx_msg_task(txgbe->wx); - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); } return IRQ_WAKE_THREAD; } @@ -183,7 +183,7 @@ static irqreturn_t txgbe_misc_irq_thread_fn(int irq, void *data) nhandled++; } - wx_intr_enable(wx, TXGBE_INTR_MISC); + wx_intr_enable(wx, TXGBE_INTR_MISC(wx)); return (nhandled > 0 ? IRQ_HANDLED : IRQ_NONE); } diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h index 42ec815159e8..41915d7dd372 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_type.h @@ -302,8 +302,8 @@ struct txgbe_fdir_filter { #define TXGBE_DEFAULT_RX_WORK 128 #endif -#define TXGBE_INTR_MISC BIT(0) -#define TXGBE_INTR_QALL(A) GENMASK((A)->num_q_vectors, 1) +#define TXGBE_INTR_MISC(A) BIT((A)->num_q_vectors) +#define TXGBE_INTR_QALL(A) (TXGBE_INTR_MISC(A) - 1) #define TXGBE_MAX_EITR GENMASK(11, 3)

1 day, 21 hours

1
0
0 0

[PATCH v3 0/3] m68k: Bug fix and cleanup for framebuffer debug console

by Finn Thain

This series has a bug fix for the early bootconsole as well as some related efficiency improvements and cleanup. The relevant code is subject to CONSOLE_DEBUG, which is presently only used with CONFIG_MAC. To test this series (in qemu-system-m68k, for example) it's helpful to enable CONFIG_EARLY_PRINTK and CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER and boot with kernel parameters 'console=ttyS0 earlyprintk keep_bootcon'. --- Changed since v1: - Solved problem with line wrap while scrolling. - Added two additional patches. Changed since v2: - Adopted addq and subq as suggested by Andreas. Finn Thain (3): m68k: Fix lost column on framebuffer debug console m68k: Avoid pointless recursion in debug console rendering m68k: Remove unused "cursor home" code from debug console arch/m68k/kernel/head.S | 73 +++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 36 deletions(-) -- 2.45.3

1 day, 22 hours

3
3
0 0

Linux 6.12.36

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.36 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/serial/8250.yaml | 2 Documentation/netlink/specs/tc.yaml | 4 Makefile | 2 arch/arm64/boot/dts/rockchip/rk3399-rockpro64.dtsi | 12 arch/riscv/include/asm/cmpxchg.h | 2 arch/riscv/include/asm/pgtable.h | 1 arch/riscv/kernel/traps_misaligned.c | 4 arch/riscv/mm/cacheflush.c | 15 arch/um/drivers/ubd_user.c | 2 arch/um/include/asm/asm-prototypes.h | 5 arch/um/kernel/trap.c | 129 + arch/x86/include/uapi/asm/debugreg.h | 21 arch/x86/kernel/cpu/common.c | 24 arch/x86/kernel/fpu/signal.c | 11 arch/x86/kernel/fpu/xstate.h | 22 arch/x86/kernel/traps.c | 34 arch/x86/um/asm/checksum.h | 3 drivers/accel/ivpu/ivpu_debugfs.c | 84 + drivers/accel/ivpu/ivpu_drv.c | 6 drivers/accel/ivpu/ivpu_drv.h | 10 drivers/accel/ivpu/ivpu_hw.c | 21 drivers/accel/ivpu/ivpu_hw.h | 5 drivers/accel/ivpu/ivpu_job.c | 201 +- drivers/accel/ivpu/ivpu_job.h | 2 drivers/accel/ivpu/ivpu_jsm_msg.c | 46 drivers/ata/ahci.c | 2 drivers/cxl/core/region.c | 7 drivers/dma/idxd/cdev.c | 4 drivers/dma/xilinx/xilinx_dma.c | 2 drivers/edac/amd64_edac.c | 57 drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 64 drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 30 drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 12 drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 16 drivers/gpu/drm/amd/amdgpu/amdgpu_seq64.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 17 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 6 drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 677 +++++----- drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 82 - drivers/gpu/drm/amd/amdkfd/kfd_device.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_events.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c | 1 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c | 5 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 1 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 9 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/ast/ast_mode.c | 6 drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 32 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 109 + drivers/gpu/drm/drm_fbdev_dma.c | 219 ++- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 drivers/gpu/drm/i915/display/vlv_dsi.c | 4 drivers/gpu/drm/i915/i915_pmu.c | 2 drivers/gpu/drm/msm/dp/dp_display.c | 11 drivers/gpu/drm/msm/dp/dp_drm.c | 5 drivers/gpu/drm/msm/msm_gpu_devfreq.c | 1 drivers/gpu/drm/scheduler/sched_entity.c | 1 drivers/gpu/drm/tegra/dc.c | 17 drivers/gpu/drm/tegra/hub.c | 4 drivers/gpu/drm/tegra/hub.h | 3 drivers/gpu/drm/tiny/cirrus.c | 1 drivers/gpu/drm/udl/udl_drv.c | 2 drivers/gpu/drm/xe/display/xe_display.c | 2 drivers/gpu/drm/xe/xe_ggtt.c | 11 drivers/gpu/drm/xe/xe_gpu_scheduler.h | 10 drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 drivers/gpu/drm/xe/xe_guc_ct.c | 7 drivers/gpu/drm/xe/xe_guc_ct.h | 5 drivers/gpu/drm/xe/xe_guc_pc.c | 2 drivers/gpu/drm/xe/xe_guc_submit.c | 23 drivers/gpu/drm/xe/xe_guc_types.h | 5 drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c | 54 drivers/gpu/drm/xe/xe_vm.c | 8 drivers/hid/hid-lenovo.c | 11 drivers/hid/wacom_sys.c | 7 drivers/hwmon/pmbus/max34440.c | 48 drivers/hwtracing/coresight/coresight-core.c | 3 drivers/hwtracing/coresight/coresight-priv.h | 1 drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 drivers/i2c/busses/i2c-tiny-usb.c | 6 drivers/iio/adc/ad_sigma_delta.c | 4 drivers/iio/dac/Makefile | 2 drivers/iio/dac/ad3552r-common.c | 248 +++ drivers/iio/dac/ad3552r.c | 557 +------- drivers/iio/dac/ad3552r.h | 223 +++ drivers/iio/pressure/zpa2326.c | 2 drivers/leds/led-class-multicolor.c | 3 drivers/mailbox/mailbox.c | 2 drivers/md/bcache/super.c | 7 drivers/md/dm-raid.c | 2 drivers/md/dm-vdo/indexer/volume.c | 24 drivers/md/md-bitmap.c | 2 drivers/media/usb/uvc/uvc_ctrl.c | 34 drivers/mfd/max14577.c | 1 drivers/misc/tps6594-pfsm.c | 3 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 5 drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 drivers/net/ethernet/pensando/ionic/ionic_txrx.c | 12 drivers/net/ethernet/realtek/r8169.h | 1 drivers/net/ethernet/realtek/r8169_main.c | 23 drivers/net/ethernet/realtek/r8169_phy_config.c | 10 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 11 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 6 drivers/net/phy/realtek.c | 54 drivers/nvme/host/tcp.c | 22 drivers/pci/controller/dwc/pci-imx6.c | 15 drivers/pci/controller/dwc/pcie-designware.c | 5 drivers/pci/controller/pcie-apple.c | 7 drivers/s390/crypto/pkey_api.c | 2 drivers/scsi/megaraid/megaraid_sas_base.c | 6 drivers/spi/spi-cadence-quadspi.c | 12 drivers/spi/spi-fsl-qspi.c | 36 drivers/staging/rtl8723bs/core/rtw_security.c | 44 drivers/tty/serial/8250/8250_pci1xxxx.c | 10 drivers/tty/serial/imx.c | 17 drivers/tty/serial/serial_base_bus.c | 1 drivers/tty/serial/uartlite.c | 25 drivers/ufs/core/ufshcd.c | 6 drivers/usb/class/cdc-wdm.c | 23 drivers/usb/common/usb-conn-gpio.c | 25 drivers/usb/core/usb.c | 14 drivers/usb/dwc2/gadget.c | 6 drivers/usb/gadget/function/f_hid.c | 19 drivers/usb/gadget/function/f_tcm.c | 4 drivers/usb/typec/altmodes/displayport.c | 4 drivers/usb/typec/mux.c | 4 drivers/usb/typec/tcpm/tcpm.c | 3 fs/btrfs/backref.h | 4 fs/btrfs/direct-io.c | 4 fs/btrfs/disk-io.c | 5 fs/btrfs/extent_io.h | 2 fs/btrfs/extent_map.c | 132 + fs/btrfs/extent_map.h | 3 fs/btrfs/fs.h | 2 fs/btrfs/inode.c | 297 ++-- fs/btrfs/ordered-data.c | 14 fs/btrfs/raid56.c | 5 fs/btrfs/super.c | 13 fs/btrfs/tests/extent-io-tests.c | 6 fs/btrfs/volumes.c | 6 fs/btrfs/zstd.c | 2 fs/ceph/file.c | 2 fs/f2fs/file.c | 38 fs/f2fs/super.c | 30 fs/fuse/dir.c | 11 fs/jfs/jfs_dmap.c | 41 fs/namespace.c | 8 fs/nfs/inode.c | 51 fs/nfs/nfs4proc.c | 25 fs/overlayfs/util.c | 4 fs/proc/task_mmu.c | 2 fs/smb/client/cifs_debug.c | 23 fs/smb/client/cifsglob.h | 2 fs/smb/client/cifspdu.h | 6 fs/smb/client/cifssmb.c | 1 fs/smb/client/connect.c | 58 fs/smb/client/misc.c | 8 fs/smb/client/sess.c | 21 fs/smb/client/smb2ops.c | 14 fs/smb/client/smbdirect.c | 513 +++---- fs/smb/client/smbdirect.h | 64 fs/smb/client/trace.h | 24 fs/smb/common/smbdirect/smbdirect.h | 37 fs/smb/common/smbdirect/smbdirect_pdu.h | 55 fs/smb/common/smbdirect/smbdirect_socket.h | 43 fs/smb/server/connection.h | 1 fs/smb/server/smb2pdu.c | 72 - fs/smb/server/smb2pdu.h | 3 include/net/bluetooth/hci_core.h | 2 include/uapi/drm/ivpu_accel.h | 6 include/uapi/linux/vm_sockets.h | 4 io_uring/kbuf.c | 1 io_uring/kbuf.h | 1 io_uring/net.c | 46 io_uring/rsrc.c | 23 io_uring/rsrc.h | 1 lib/group_cpus.c | 9 lib/maple_tree.c | 4 mm/damon/sysfs-schemes.c | 1 mm/gup.c | 14 mm/vma.c | 27 net/atm/clip.c | 11 net/atm/resources.c | 3 net/bluetooth/hci_core.c | 34 net/bluetooth/l2cap_core.c | 9 net/core/selftests.c | 5 net/mac80211/chan.c | 3 net/mac80211/ieee80211_i.h | 12 net/mac80211/iface.c | 12 net/mac80211/link.c | 94 + net/mac80211/util.c | 2 net/sunrpc/clnt.c | 9 net/unix/af_unix.c | 31 rust/Makefile | 2 rust/macros/module.rs | 1 sound/pci/hda/hda_bind.c | 2 sound/pci/hda/hda_intel.c | 3 sound/pci/hda/patch_realtek.c | 2 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/rt1320-sdw.c | 17 sound/soc/codecs/wcd9335.c | 40 sound/usb/quirks.c | 2 sound/usb/stream.c | 2 tools/lib/bpf/btf_dump.c | 3 tools/lib/bpf/libbpf.c | 10 tools/testing/selftests/bpf/progs/test_global_map_resize.c | 16 212 files changed, 3777 insertions(+), 2218 deletions(-) Adin Scannell (1): libbpf: Fix possible use-after-free for externs Aidan Stewart (1): serial: core: restore of_node information in sysfs Al Viro (1): attach_recursive_mnt(): do not lock the covering tree when sliding something under it Alex Deucher (2): drm/amdgpu/discovery: optionally use fw based ip discovery drm/amdgpu: switch job hw_fence to amdgpu_fence Alex Hung (2): drm/amd/display: Check dce_hwseq before dereferencing it drm/amd/display: Fix mpv playback corruption on weston Alexis Czezar Torreno (1): hwmon: (pmbus/max34440) Fix support for max34451 Andres Traumann (1): ALSA: hda/realtek: Bass speaker fixup for ASUS UM5606KA Andrzej Kacprowski (1): accel/ivpu: Remove copy engine support Andy Chiu (1): riscv: add a data fence for CMODX in the kernel mode Andy Shevchenko (1): usb: Add checks for snprintf() calls in usb_alloc_dev() Angelo Dureghello (3): iio: dac: ad3552r: changes to use FIELD_PREP iio: dac: ad3552r: extract common code (no changes in behavior intended) iio: dac: ad3552r-common: fix ad3541/2r ranges Aradhya Bhatia (5): drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() drm/bridge: cdns-dsi: Fix phy de-init and flag it so drm/bridge: cdns-dsi: Fix connecting to next bridge drm/bridge: cdns-dsi: Check return value when getting default PHY config drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Arnd Bergmann (1): drm/i915: fix build error some more Avadhut Naik (1): EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs Benjamin Berg (1): um: use proper care when taking mmap lock during segfault Cezary Rojewski (1): ALSA: hda: Ignore unsol events for cards being shut down Chance Yang (1): usb: common: usb-conn-gpio: use a unique name for usb connector device Chang S. Bae (2): x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE x86/pkeys: Simplify PKRU update in signal frame Chao Yu (2): f2fs: don't over-report free space or inodes in statvfs f2fs: fix to zero post-eof page Chen Yu (1): scsi: megaraid_sas: Fix invalid node index Chen Yufeng (1): usb: potential integer overflow in usbg_make_tpg() Chenyuan Yang (1): misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() Daniele Ceraolo Spurio (1): drm/xe: Fix early wedge on GuC load failure Dave Kleikamp (1): fs/jfs: consolidate sanity checking in dbMount David Hildenbrand (2): fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" David Howells (2): cifs: Fix the smbd_response slab to allow usercopy cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code David Sterba (1): btrfs: use unsigned types for constants defined as bit shifts Dmitry Kandybka (1): ceph: fix possible integer overflow in ceph_zero_objects() Dragan Simic (1): arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi Eric Dumazet (1): atm: clip: prevent NULL deref in clip_push() FUJITA Tomonori (1): rust: module: place cleanup_module() in .exit.text section Fabio Estevam (1): serial: imx: Restore original RXTL for console to fix data loss Fedor Pchelkin (1): s390/pkey: Prevent overflow in size calculation for memdup_user() Filipe Manana (5): btrfs: fix qgroup reservation leak on failure to allocate ordered extent btrfs: fix a race between renames and directory logging btrfs: skip inodes without loaded extent maps when shrinking extent maps btrfs: make the extent map shrinker run asynchronously as a work queue job btrfs: do regular iput instead of delayed iput during extent map shrinking Frank Min (1): drm/amdgpu: Add kicker device detection Frédéric Danis (1): Bluetooth: L2CAP: Fix L2CAP MTU negotiation Greg Kroah-Hartman (1): Linux 6.12.36 Guang Yuan Wu (1): fuse: fix race between concurrent setattrs from multiple nodes Han Xu (1): spi: fsl-qspi: use devm function instead of driver remove Han Young (1): NFSv4: Always set NLINK even if the server doesn't support it Hannes Reinecke (2): nvme-tcp: fix I/O stalls on congested sockets nvme-tcp: sanitize request list handling Haoxiang Li (1): drm/xe/display: Add check for alloc_ordered_workqueue() Hector Martin (1): PCI: apple: Fix missing OF node reference in apple_pcie_setup_port Heiner Kallweit (3): r8169: add support for RTL8125D net: phy: realtek: merge the drivers for internal NBase-T PHY's net: phy: realtek: add RTL8125D-internal PHY Heinz Mauelshagen (1): dm-raid: fix variable in journal device check Iusico Maxim (1): HID: lenovo: Restrict F7/9/11 mode to compact keyboards only Jakub Kicinski (2): netlink: specs: tc: replace underscores with dashes in names net: selftests: fix TCP packet checksum Jakub Lewalski (1): tty: serial: uartlite: register uart driver in init James Clark (1): coresight: Only check bottom two claim bits Janne Grunau (1): PCI: apple: Set only available ports up Jay Cornwall (2): drm/amdkfd: Fix race in GWS queue scheduling drm/amdkfd: Fix instruction hazard in gfx12 trap handler Jayesh Choudhary (1): drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type Jens Axboe (6): io_uring/net: improve recv bundles io_uring/net: only retry recv bundle for a full transfer io_uring/net: only consider msg_inq if larger than 1 io_uring/net: always use current transfer count for buffer put io_uring/net: mark iov as dynamically allocated even for single segments io_uring/kbuf: flag partial buffer mappings Jesse Zhang (1): drm/amdgpu: Fix SDMA UTC_L1 handling during start/stop sequences Jiawen Wu (2): net: libwx: fix the creation of page_pool net: libwx: fix Tx L4 checksum Johannes Berg (1): wifi: mac80211: finish link init before RCU publish John Olender (1): drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram Jonathan Cameron (1): iio: pressure: zpa2326: Use aligned_s64 for the timestamp Jonathan Kim (1): drm/amdkfd: remove gfx 12 trap handler page size cap Joonas Lahtinen (1): Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" Jos Wang (1): usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Karol Wachowski (5): accel/ivpu: Do not fail on cmdq if failed to allocate preemption buffers accel/ivpu: Make command queue ID allocated on XArray accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation accel/ivpu: Add debugfs interface for setting HWS priority bands accel/ivpu: Trigger device recovery on engine reset/resume failure Kees Cook (1): ovl: Check for NULL d_inode() in ovl_dentry_upper() Kevin Hao (1): spi: fsl-qspi: Fix double cleanup in probe error path Khairul Anuar Romli (1): spi: spi-cadence-quadspi: Fix pm runtime unbalance Krzysztof Kozlowski (2): mfd: max14577: Fix wakeup source leaks on device unbind ASoC: codecs: wcd9335: Fix missing free of regulator supplies Kuniyuki Iwashima (4): af_unix: Don't leave consecutive consumed OOB skbs. Bluetooth: hci_core: Fix use-after-free in vhci_flush() af_unix: Don't set -ECONNRESET for consumed OOB skb. atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Lachlan Hodges (1): wifi: mac80211: fix beacon interval calculation overflow Liam R. Howlett (1): maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Lin.Cao (1): drm/scheduler: signal scheduled fence when kill job Linggang Zeng (1): bcache: fix NULL pointer in cache_set_flush() Lorenzo Stoakes (1): mm/vma: reset VMA iterator on commit_merge() OOM failure Lucas De Marchi (2): drm/xe: Fix memset on iomem drm/xe: Fix taking invalid lock on wedge Mario Limonciello (2): ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock drm/amd: Adjust output for discovery error handling Mark Harmstone (1): btrfs: update superblock's device bytes_used when dropping chunk Matthew Auld (3): drm/xe/vm: move rebind_work init earlier drm/xe/sched: stop re-submitting signalled jobs drm/xe/guc_submit: add back fix Matthew Sakai (1): dm vdo indexer: don't read request structure after enqueuing Maíra Canal (1): drm/etnaviv: Protect the scheduler's pending list with its lock Michael Grzeschik (2): usb: dwc2: also exit clock_gating when stopping udc while suspended usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set Michal Wajdeczko (1): drm/xe: Process deferred GGTT node removals on device unwind Muna Sinada (2): wifi: mac80211: Add link iteration macro for link data wifi: mac80211: Create separate links for VLAN interfaces Nam Cao (2): Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" Revert "riscv: misaligned: fix sleeping function called during misaligned access handling" Namjae Jeon (2): ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension ksmbd: provide zero as a unique ID to the Mac client Naohiro Aota (1): btrfs: zoned: fix extent range end unlock in cow_file_range() Nathan Chancellor (1): staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Nikhil Jha (1): sunrpc: don't immediately retransmit on seqno miss Niklas Cassel (1): ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk Olga Kornievskaia (1): NFSv4.2: fix listxattr to return selinux security label Oliver Schramm (1): ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 Pali Rohár (3): cifs: Correctly set SMB1 SessionKey field in Session Setup Request cifs: Fix cifs_query_path_info() for Windows NT servers cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE mode Paulo Alcantara (1): smb: client: fix potential deadlock when reconnecting channels Pavel Begunkov (2): io_uring/rsrc: fix folio unpinning io_uring/rsrc: don't rely on user vaddr alignment Peng Fan (2): mailbox: Not protect module_put with spin_lock_irqsave ASoC: codec: wcd9335: Convert to GPIO descriptors Penglei Jiang (1): io_uring: fix potential page leak in io_sqe_buffer_register() Peter Korsgaard (1): usb: gadget: f_hid: wake up readers on disable/unbind Philip Yang (1): drm/amdgpu: seq64 memory unmap uses uninterruptible lock Purva Yeshi (1): iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos Qasim Ijaz (3): HID: wacom: fix memory leak on kobject creation failure HID: wacom: fix memory leak on sysfs attribute creation failure HID: wacom: fix kobject reference count leak Qingfang Deng (1): net: stmmac: Fix accessing freed irq affinity_hint Qiu-ji Chen (1): drm/tegra: Fix a possible null pointer dereference Qu Wenruo (3): btrfs: handle csum tree error with rescue=ibadroots correctly btrfs: factor out nocow ordered extent and extent map generation into a helper btrfs: do proper folio cleanup when cow_file_range() failed Rengarajan S (1): 8250: microchip: pci1xxxx: Add PCIe Hot reset disable support for Rev C0 and later devices Ricardo Ribalda (1): media: uvcvideo: Rollback non processed entities on error Richard Zhu (1): PCI: imx6: Add workaround for errata ERR051624 Robert Hodaszi (1): usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Robert Richter (1): cxl/region: Add a dev_err() on missing target list entries Rudraksha Gupta (1): rust: arm: fix unknown (to Clang) argument '-mno-fdpic' Sagi Grimberg (1): NFSv4.2: fix setattr caching of TIME_[MODIFY|ACCESS]_SET when timestamps are delegated Salvatore Bonaccorso (1): ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR Sami Tolvanen (1): um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Sasha Levin (5): drm/xe: Carve out wopcm portion from the stolen memory usb: typec: tcpm: PSSourceOffTimer timeout in PR_Swap enters ERROR_RECOVERY drm/msm/dp: account for widebus and yuv420 during mode validation riscv/atomic: Do proper sign extension also for unsigned in arch_cmpxchg btrfs: fix use-after-free on inode when scanning root during em shrinking Scott Mayhew (1): NFSv4: xattr handlers should check for absent nfs filehandles SeongJae Park (1): mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Shuming Fan (1): ASoC: rt1320: fix speaker noise when volume bar is 100% Simon Horman (1): net: enetc: Correct endianness handling in _enetc_rd_reg64 Stefan Metzmacher (8): smb: client: remove \t from TP_printk statements smb: smbdirect: add smbdirect_pdu.h with protocol definitions smb: client: make use of common smbdirect_pdu.h smb: smbdirect: add smbdirect.h with public structures smb: smbdirect: add smbdirect_socket.h smb: client: make use of common smbdirect_socket smb: smbdirect: introduce smbdirect_socket_parameters smb: client: make use of common smbdirect_socket_parameters Stefano Garzarella (1): vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Stephan Gerhold (1): drm/msm/gpu: Fix crash when throttling GPU immediately during boot Sven Schwermer (1): leds: multicolor: Fix intensity setting while SW blinking Thierry Reding (1): drm/tegra: Assign plane type before registration Thomas Fourier (1): ethernet: ionic: Fix DMA mapping tests Thomas Gessler (1): dmaengine: xilinx_dma: Set dma_device directions Thomas Zeitlhofer (1): HID: wacom: fix crash in wacom_aes_battery_handler() Thomas Zimmermann (4): drm/ast: Fix comment on modeset lock drm/cirrus-qemu: Fix pitch programming drm/udl: Unregister device before cleaning up on disconnect drm/fbdev-dma: Add shadow buffering for deferred I/O Tiwei Bie (1): um: ubd: Add missing error check in start_io_thread() Vasiliy Kovalev (1): jfs: validate AG parameters in dbMount() to prevent crashes Vijendar Mukunda (1): ALSA: hda: Add new pci id for AMD GPU display HD audio controller Ville Syrjälä (2): drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 drm/i915/dsi: Fix off by one in BXT_MIPI_TRANS_VTOTAL Wenbin Yao (1): PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane Wentao Liang (1): drm/amd/display: Add null pointer check for get_first_active_display() Wolfram Sang (3): i2c: tiny-usb: disable zero-length read messages i2c: robotfuzz-osif: disable zero-length read messages drm/bridge: ti-sn65dsi86: make use of debugfs_init callback Xin Li (Intel) (1): x86/traps: Initialize DR6 by writing its architectural reset value Yan Zhai (1): bnxt: properly flush XDP redirect lists Yao Zi (1): dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Yi Sun (1): dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Yifan Zhang (1): amd/amdkfd: fix a kfd_process ref leak Yihan Zhu (1): drm/amd/display: Fix RMCM programming seq errors Youngjun Lee (1): ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Yu Kuai (2): md/md-bitmap: fix dm-raid max_write_behind setting lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() Yuan Chen (1): libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Zhang Zekun (1): PCI: apple: Use helper function for_each_child_of_node_scoped() Zhongwei Zhang (1): drm/amd/display: Correct non-OLED pre_T11_delay. Ziqi Chen (1): scsi: ufs: core: Don't perform UFS clkscaling during host async scan anvithdosapati (1): scsi: ufs: core: Fix clk scaling to be conditional in reset and restore

2 days

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror