- Linux-stable-mirror - lists.linaro.org

[PATCH] rpmsg: core: fix race in driver_override_show() and use core helper

by Gui-Dong Han

The driver_override_show function reads the driver_override string without holding the device_lock. However, the store function modifies and frees the string while holding the device_lock. This creates a race condition where the string can be freed by the store function while being read by the show function, leading to a use-after-free. To fix this, replace the rpmsg_string_attr macro with explicit show and store functions. The new driver_override_store uses the standard driver_set_override helper. Since the introduction of driver_set_override, the comments in include/linux/rpmsg.h have stated that this helper must be used to set or clear driver_override, but the implementation was not updated until now. Because driver_set_override modifies and frees the string while holding the device_lock, the new driver_override_show now correctly holds the device_lock during the read operation to prevent the race. Additionally, since rpmsg_string_attr has only ever been used for driver_override, removing the macro simplifies the code. Fixes: 39e47767ec9b ("rpmsg: Add driver_override device attribute for rpmsg_device") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)gmail.com> --- I verified this with a stress test that continuously writes/reads the attribute. It triggered KASAN and leaked bytes like a0 f4 81 9f a3 ff ff (likely kernel pointers). Since driver_override is world-readable (0644), this allows unprivileged users to leak kernel pointers and bypass KASLR. Similar races were fixed in other buses (e.g., commits 9561475db680 and 91d44c1afc61). Currently, 9 of 11 buses handle this correctly; this patch fixes one of the remaining two. --- drivers/rpmsg/rpmsg_core.c | 66 ++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 39 deletions(-) diff --git a/drivers/rpmsg/rpmsg_core.c b/drivers/rpmsg/rpmsg_core.c index 5d661681a9b6..96964745065b 100644 --- a/drivers/rpmsg/rpmsg_core.c +++ b/drivers/rpmsg/rpmsg_core.c @@ -352,50 +352,38 @@ field##_show(struct device *dev, \ } \ static DEVICE_ATTR_RO(field); -#define rpmsg_string_attr(field, member) \ -static ssize_t \ -field##_store(struct device *dev, struct device_attribute *attr, \ - const char *buf, size_t sz) \ -{ \ - struct rpmsg_device *rpdev = to_rpmsg_device(dev); \ - const char *old; \ - char *new; \ - \ - new = kstrndup(buf, sz, GFP_KERNEL); \ - if (!new) \ - return -ENOMEM; \ - new[strcspn(new, "\n")] = '\0'; \ - \ - device_lock(dev); \ - old = rpdev->member; \ - if (strlen(new)) { \ - rpdev->member = new; \ - } else { \ - kfree(new); \ - rpdev->member = NULL; \ - } \ - device_unlock(dev); \ - \ - kfree(old); \ - \ - return sz; \ -} \ -static ssize_t \ -field##_show(struct device *dev, \ - struct device_attribute *attr, char *buf) \ -{ \ - struct rpmsg_device *rpdev = to_rpmsg_device(dev); \ - \ - return sprintf(buf, "%s\n", rpdev->member); \ -} \ -static DEVICE_ATTR_RW(field) - /* for more info, see Documentation/ABI/testing/sysfs-bus-rpmsg */ rpmsg_show_attr(name, id.name, "%s\n"); rpmsg_show_attr(src, src, "0x%x\n"); rpmsg_show_attr(dst, dst, "0x%x\n"); rpmsg_show_attr(announce, announce ? "true" : "false", "%s\n"); -rpmsg_string_attr(driver_override, driver_override); + +static ssize_t driver_override_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t count) +{ + struct rpmsg_device *rpdev = to_rpmsg_device(dev); + int ret; + + ret = driver_set_override(dev, &rpdev->driver_override, buf, count); + if (ret) + return ret; + + return count; +} + +static ssize_t driver_override_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + struct rpmsg_device *rpdev = to_rpmsg_device(dev); + ssize_t len; + + device_lock(dev); + len = sysfs_emit(buf, "%s\n", rpdev->driver_override); + device_unlock(dev); + return len; +} +static DEVICE_ATTR_RW(driver_override); static ssize_t modalias_show(struct device *dev, struct device_attribute *attr, char *buf) -- 2.43.0

3 days, 3 hours

2
1
0 0

[PATCH v2] sched/fair: Clear ->h_load_next when unregistering cgroup

by Peng Wang

An invalid pointer dereference bug was reported on arm64 cpu, and has not yet been seen on x86. A partial oops looks like: Call trace: update_cfs_rq_h_load+0x80/0xb0 wake_affine+0x158/0x168 select_task_rq_fair+0x364/0x3a8 try_to_wake_up+0x154/0x648 wake_up_q+0x68/0xd0 futex_wake_op+0x280/0x4c8 do_futex+0x198/0x1c0 __arm64_sys_futex+0x11c/0x198 Link: https://lore.kernel.org/all/20251013071820.1531295-1-CruzZhao@linux.alibaba… We found that the task_group corresponding to the problematic se is not in the parent task_group’s children list, indicating that h_load_next points to an invalid address. Consider the following cgroup and task hierarchy: A / \ / \ B E / \ | / \ t2 C D | | t0 t1 Here follows a timing sequence that may be responsible for triggering the problem: CPU X CPU Y CPU Z wakeup t0 set list A->B->C traverse A->B->C t0 exits destroy C wakeup t2 set list A->E wakeup t1 set list A->B->D traverse A->B->C panic CPU Z sets ->h_load_next list to A->B->D, but due to arm64 weaker memory ordering, Y may observe A->B before it sees B->D, then in this time window, it can traverse A->B->C and reach an invalid se. We can avoid stale pointer accesses by clearing ->h_load_next when unregistering cgroup. Suggested-by: Vincent Guittot <vincent.guittot(a)linaro.org> Fixes: 685207963be9 ("sched: Move h_load calculation to task_h_load()") Cc: <stable(a)vger.kernel.org> Co-developed-by: Cruz Zhao <CruzZhao(a)linux.alibaba.com> Signed-off-by: Cruz Zhao <CruzZhao(a)linux.alibaba.com> Signed-off-by: Peng Wang <peng_wang(a)linux.alibaba.com> --- kernel/sched/fair.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index cee1793e8277..a5fce15093d3 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -13427,6 +13427,14 @@ void unregister_fair_sched_group(struct task_group *tg) list_del_leaf_cfs_rq(cfs_rq); } remove_entity_load_avg(se); + /* + * Clear parent's h_load_next if it points to the + * sched_entity being freed to avoid stale pointer. + */ + struct cfs_rq *parent_cfs_rq = cfs_rq_of(se); + + if (READ_ONCE(parent_cfs_rq->h_load_next) == se) + WRITE_ONCE(parent_cfs_rq->h_load_next, NULL); } /* -- 2.27.0

3 days, 3 hours

2
4
0 0

[PATCHv2 1/2] kernel/kexec: Change the prototype of kimage_map_segment()

by Pingfan Liu

The kexec segment index will be required to extract the corresponding information for that segment in kimage_map_segment(). Additionally, kexec_segment already holds the kexec relocation destination address and size. Therefore, the prototype of kimage_map_segment() can be changed. Fixes: 07d24902977e ("kexec: enable CMA based contiguous allocation") Signed-off-by: Pingfan Liu <piliu(a)redhat.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Mimi Zohar <zohar(a)linux.ibm.com> Cc: Roberto Sassu <roberto.sassu(a)huawei.com> Cc: Alexander Graf <graf(a)amazon.com> Cc: Steven Chen <chenste(a)linux.microsoft.com> Cc: <stable(a)vger.kernel.org> To: kexec(a)lists.infradead.org To: linux-integrity(a)vger.kernel.org --- include/linux/kexec.h | 4 ++-- kernel/kexec_core.c | 9 ++++++--- security/integrity/ima/ima_kexec.c | 4 +--- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/include/linux/kexec.h b/include/linux/kexec.h index ff7e231b0485..8a22bc9b8c6c 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -530,7 +530,7 @@ extern bool kexec_file_dbg_print; #define kexec_dprintk(fmt, arg...) \ do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0) -extern void *kimage_map_segment(struct kimage *image, unsigned long addr, unsigned long size); +extern void *kimage_map_segment(struct kimage *image, int idx); extern void kimage_unmap_segment(void *buffer); #else /* !CONFIG_KEXEC_CORE */ struct pt_regs; @@ -540,7 +540,7 @@ static inline void __crash_kexec(struct pt_regs *regs) { } static inline void crash_kexec(struct pt_regs *regs) { } static inline int kexec_should_crash(struct task_struct *p) { return 0; } static inline int kexec_crash_loaded(void) { return 0; } -static inline void *kimage_map_segment(struct kimage *image, unsigned long addr, unsigned long size) +static inline void *kimage_map_segment(struct kimage *image, int idx) { return NULL; } static inline void kimage_unmap_segment(void *buffer) { } #define kexec_in_progress false diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index fa00b239c5d9..9a1966207041 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -960,17 +960,20 @@ int kimage_load_segment(struct kimage *image, int idx) return result; } -void *kimage_map_segment(struct kimage *image, - unsigned long addr, unsigned long size) +void *kimage_map_segment(struct kimage *image, int idx) { + unsigned long addr, size, eaddr; unsigned long src_page_addr, dest_page_addr = 0; - unsigned long eaddr = addr + size; kimage_entry_t *ptr, entry; struct page **src_pages; unsigned int npages; void *vaddr = NULL; int i; + addr = image->segment[idx].mem; + size = image->segment[idx].memsz; + eaddr = addr + size; + /* * Collect the source pages and map them in a contiguous VA range. */ diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index 7362f68f2d8b..5beb69edd12f 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -250,9 +250,7 @@ void ima_kexec_post_load(struct kimage *image) if (!image->ima_buffer_addr) return; - ima_kexec_buffer = kimage_map_segment(image, - image->ima_buffer_addr, - image->ima_buffer_size); + ima_kexec_buffer = kimage_map_segment(image, image->ima_segment_index); if (!ima_kexec_buffer) { pr_err("Could not map measurements buffer.\n"); return; -- 2.49.0

3 days, 4 hours

3
19
0 0

[PATCH 5.4 000/184] 5.4.302-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.302 release. There are 184 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Dec 2025 09:54:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.302-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.302-rc2 Hugh Dickins <hughd(a)google.com> mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge() Peter Xu <peterx(a)redhat.com> mm/mprotect: use long for page accountings and retval Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Input: remove third argument of usb_maxpacket() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: deprecate the third argument of usb_maxpacket() Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/page_alloc: fix hash table order logging in alloc_large_system_hash() Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Chris Morgan <macromorgan(a)hotmail.com> regulator: fixed: use dev_err_probe for register Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Eric Dumazet <edumazet(a)google.com> net_sched: remove need_resched() from qdisc_run() Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). Xin Long <lucien.xin(a)gmail.com> tipc: simplify the finalize work queue Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Xin Long <lucien.xin(a)gmail.com> sctp: get netns from asoc and ep base Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Russell King <rmk+kernel(a)armlinux.org.uk> net: dsa/b53: change b53_force_port_config() pause argument Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: apply quirk for MOONDROP Quark2 Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Mario Limonciello (AMD) <superm1(a)kernel.org> ACPI: video: force native for Lenovo 82K8 Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_add_action_or_reset() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_clk_get_optional() to get the input clock Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: Makefile | 4 +- arch/arc/include/asm/bitops.h | 2 + arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/mti-malta/malta-init.c | 20 +-- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/kernel/module.c | 1 + arch/x86/entry/vsyscall/vsyscall_64.c | 17 ++- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/resctrl/monitor.c | 10 +- drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/property.c | 24 +++- drivers/acpi/video_detect.c | 8 ++ drivers/ata/libata-scsi.c | 8 ++ drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btusb.c | 13 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clocksource/timer-vf-pit.c | 22 ++-- drivers/cpufreq/longhaul.c | 3 + drivers/dma/dw-edma/dw-edma-core.c | 22 ++++ drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +++- drivers/dma/sh/shdmac.c | 17 ++- drivers/edac/altera_edac.c | 22 +++- drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-quirks.c | 14 ++- drivers/hwmon/dell-smm-hwmon.c | 7 ++ drivers/iio/adc/spear_adc.c | 9 +- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/misc/ati_remote2.c | 2 +- drivers/input/misc/cm109.c | 2 +- drivers/input/misc/powermate.c | 2 +- drivers/input/misc/yealink.c | 2 +- drivers/input/tablet/acecad.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 11 +- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 ++- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +-- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/rc/imon.c | 61 +++++---- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 +++ drivers/net/can/usb/gs_usb.c | 23 ++-- drivers/net/dsa/b53/b53_common.c | 57 ++++++--- drivers/net/dsa/b53/b53_regs.h | 4 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 ++- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/net/ethernet/renesas/ravb_main.c | 16 ++- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/dp83867.c | 6 + drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/wireless/ath/ath10k/wmi.c | 1 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 21 ++-- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/quirks.c | 1 + drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/regulator/fixed.c | 6 +- drivers/remoteproc/qcom_q6v5.c | 5 + drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_scsi.c | 14 ++- drivers/scsi/pm8001/pm8001_ctl.c | 2 +- drivers/scsi/sg.c | 10 +- drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi.c | 10 ++ drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 128 +++++++++---------- drivers/uio/uio_hv_generic.c | 21 +++- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 ++- drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 ++++- drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + fs/9p/v9fs.c | 9 +- fs/btrfs/transaction.c | 2 +- fs/ceph/locks.c | 5 +- fs/hpfs/namei.c | 18 ++- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 6 +- fs/nfs/nfs4state.c | 3 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- include/linux/ata.h | 1 + include/linux/compiler_types.h | 5 +- include/linux/filter.h | 2 +- include/linux/hugetlb.h | 4 +- include/linux/mm.h | 4 +- include/linux/shdma-base.h | 2 +- include/linux/usb.h | 16 +-- include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +++- kernel/events/uprobes.c | 7 ++ kernel/gcov/gcc_4_7.c | 4 +- kernel/trace/trace_events_hist.c | 6 +- mm/hugetlb.c | 4 +- mm/mempolicy.c | 2 +- mm/mprotect.c | 124 ++++++++---------- mm/page_alloc.c | 2 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 ++++++++++----- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/sco.c | 7 ++ net/bridge/br_forward.c | 3 +- net/core/netpoll.c | 7 +- net/core/page_pool.c | 6 +- net/core/sock.c | 15 ++- net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv6/ah6.c | 50 +++++--- net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/rx.c | 10 +- net/openvswitch/actions.c | 68 +--------- net/openvswitch/flow_netlink.c | 64 ++-------- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_ife.c | 12 +- net/sched/sch_api.c | 10 -- net/sched/sch_generic.c | 24 ++-- net/sched/sch_hfsc.c | 16 --- net/sched/sch_qfq.c | 2 +- net/sctp/associola.c | 10 +- net/sctp/chunk.c | 2 +- net/sctp/diag.c | 7 ++ net/sctp/endpointola.c | 6 +- net/sctp/input.c | 5 +- net/sctp/output.c | 2 +- net/sctp/outqueue.c | 6 +- net/sctp/sm_make_chunk.c | 7 +- net/sctp/sm_sideeffect.c | 16 +-- net/sctp/sm_statefuns.c | 2 +- net/sctp/socket.c | 12 +- net/sctp/stream.c | 3 +- net/sctp/stream_interleave.c | 23 ++-- net/sctp/transport.c | 15 ++- net/sctp/ulpqueue.c | 15 ++- net/strparser/strparser.c | 2 +- net/tipc/core.c | 4 +- net/tipc/core.h | 8 +- net/tipc/discover.c | 4 +- net/tipc/link.c | 5 + net/tipc/link.h | 1 + net/tipc/net.c | 17 +-- net/vmw_vsock/af_vsock.c | 40 ++++-- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/usb/mixer.c | 11 +- tools/power/cpupower/lib/cpuidle.c | 5 +- .../x86_energy_perf_policy.c | 26 ++-- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- tools/testing/selftests/net/fcnal-test.sh | 4 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- 204 files changed, 1358 insertions(+), 893 deletions(-)

3 days, 4 hours

6
6
0 0

[PATCH stable 5.10] sched/deadline: only set free_cpus for online runqueues

by Florian Fainelli

From: Doug Berger <opendmb(a)gmail.com> [ Upstream commit 382748c05e58a9f1935f5a653c352422375566ea ] Commit 16b269436b72 ("sched/deadline: Modify cpudl::free_cpus to reflect rd->online") introduced the cpudl_set/clear_freecpu functions to allow the cpu_dl::free_cpus mask to be manipulated by the deadline scheduler class rq_on/offline callbacks so the mask would also reflect this state. Commit 9659e1eeee28 ("sched/deadline: Remove cpu_active_mask from cpudl_find()") removed the check of the cpu_active_mask to save some processing on the premise that the cpudl::free_cpus mask already reflected the runqueue online state. Unfortunately, there are cases where it is possible for the cpudl_clear function to set the free_cpus bit for a CPU when the deadline runqueue is offline. When this occurs while a CPU is connected to the default root domain the flag may retain the bad state after the CPU has been unplugged. Later, a different CPU that is transitioning through the default root domain may push a deadline task to the powered down CPU when cpudl_find sees its free_cpus bit is set. If this happens the task will not have the opportunity to run. One example is outlined here: https://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com Another occurs when the last deadline task is migrated from a CPU that has an offlined runqueue. The dequeue_task member of the deadline scheduler class will eventually call cpudl_clear and set the free_cpus bit for the CPU. This commit modifies the cpudl_clear function to be aware of the online state of the deadline runqueue so that the free_cpus mask can be updated appropriately. It is no longer necessary to manage the mask outside of the cpudl_set/clear functions so the cpudl_set/clear_freecpu functions are removed. In addition, since the free_cpus mask is now only updated under the cpudl lock the code was changed to use the non-atomic __cpumask functions. Signed-off-by: Doug Berger <opendmb(a)gmail.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> --- kernel/sched/cpudeadline.c | 34 +++++++++------------------------- kernel/sched/cpudeadline.h | 4 +--- kernel/sched/deadline.c | 8 ++++---- 3 files changed, 14 insertions(+), 32 deletions(-) diff --git a/kernel/sched/cpudeadline.c b/kernel/sched/cpudeadline.c index 8cb06c8c7eb1..fd28ba4e1a28 100644 --- a/kernel/sched/cpudeadline.c +++ b/kernel/sched/cpudeadline.c @@ -166,12 +166,13 @@ int cpudl_find(struct cpudl *cp, struct task_struct *p, * cpudl_clear - remove a CPU from the cpudl max-heap * @cp: the cpudl max-heap context * @cpu: the target CPU + * @online: the online state of the deadline runqueue * * Notes: assumes cpu_rq(cpu)->lock is locked * * Returns: (void) */ -void cpudl_clear(struct cpudl *cp, int cpu) +void cpudl_clear(struct cpudl *cp, int cpu, bool online) { int old_idx, new_cpu; unsigned long flags; @@ -184,7 +185,7 @@ void cpudl_clear(struct cpudl *cp, int cpu) if (old_idx == IDX_INVALID) { /* * Nothing to remove if old_idx was invalid. - * This could happen if a rq_offline_dl is + * This could happen if rq_online_dl or rq_offline_dl is * called for a CPU without -dl tasks running. */ } else { @@ -195,9 +196,12 @@ void cpudl_clear(struct cpudl *cp, int cpu) cp->elements[new_cpu].idx = old_idx; cp->elements[cpu].idx = IDX_INVALID; cpudl_heapify(cp, old_idx); - - cpumask_set_cpu(cpu, cp->free_cpus); } + if (likely(online)) + __cpumask_set_cpu(cpu, cp->free_cpus); + else + __cpumask_clear_cpu(cpu, cp->free_cpus); + raw_spin_unlock_irqrestore(&cp->lock, flags); } @@ -228,7 +232,7 @@ void cpudl_set(struct cpudl *cp, int cpu, u64 dl) cp->elements[new_idx].cpu = cpu; cp->elements[cpu].idx = new_idx; cpudl_heapify_up(cp, new_idx); - cpumask_clear_cpu(cpu, cp->free_cpus); + __cpumask_clear_cpu(cpu, cp->free_cpus); } else { cp->elements[old_idx].dl = dl; cpudl_heapify(cp, old_idx); @@ -237,26 +241,6 @@ void cpudl_set(struct cpudl *cp, int cpu, u64 dl) raw_spin_unlock_irqrestore(&cp->lock, flags); } -/* - * cpudl_set_freecpu - Set the cpudl.free_cpus - * @cp: the cpudl max-heap context - * @cpu: rd attached CPU - */ -void cpudl_set_freecpu(struct cpudl *cp, int cpu) -{ - cpumask_set_cpu(cpu, cp->free_cpus); -} - -/* - * cpudl_clear_freecpu - Clear the cpudl.free_cpus - * @cp: the cpudl max-heap context - * @cpu: rd attached CPU - */ -void cpudl_clear_freecpu(struct cpudl *cp, int cpu) -{ - cpumask_clear_cpu(cpu, cp->free_cpus); -} - /* * cpudl_init - initialize the cpudl structure * @cp: the cpudl max-heap context diff --git a/kernel/sched/cpudeadline.h b/kernel/sched/cpudeadline.h index 0adeda93b5fb..ecff718d94ae 100644 --- a/kernel/sched/cpudeadline.h +++ b/kernel/sched/cpudeadline.h @@ -18,9 +18,7 @@ struct cpudl { #ifdef CONFIG_SMP int cpudl_find(struct cpudl *cp, struct task_struct *p, struct cpumask *later_mask); void cpudl_set(struct cpudl *cp, int cpu, u64 dl); -void cpudl_clear(struct cpudl *cp, int cpu); +void cpudl_clear(struct cpudl *cp, int cpu, bool online); int cpudl_init(struct cpudl *cp); -void cpudl_set_freecpu(struct cpudl *cp, int cpu); -void cpudl_clear_freecpu(struct cpudl *cp, int cpu); void cpudl_cleanup(struct cpudl *cp); #endif /* CONFIG_SMP */ diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 6548bd90c5c3..85e4ef476686 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -1414,7 +1414,7 @@ static void dec_dl_deadline(struct dl_rq *dl_rq, u64 deadline) if (!dl_rq->dl_nr_running) { dl_rq->earliest_dl.curr = 0; dl_rq->earliest_dl.next = 0; - cpudl_clear(&rq->rd->cpudl, rq->cpu); + cpudl_clear(&rq->rd->cpudl, rq->cpu, rq->online); } else { struct rb_node *leftmost = dl_rq->root.rb_leftmost; struct sched_dl_entity *entry; @@ -2349,9 +2349,10 @@ static void rq_online_dl(struct rq *rq) if (rq->dl.overloaded) dl_set_overload(rq); - cpudl_set_freecpu(&rq->rd->cpudl, rq->cpu); if (rq->dl.dl_nr_running > 0) cpudl_set(&rq->rd->cpudl, rq->cpu, rq->dl.earliest_dl.curr); + else + cpudl_clear(&rq->rd->cpudl, rq->cpu, true); } /* Assumes rq->lock is held */ @@ -2360,8 +2361,7 @@ static void rq_offline_dl(struct rq *rq) if (rq->dl.overloaded) dl_clear_overload(rq); - cpudl_clear(&rq->rd->cpudl, rq->cpu); - cpudl_clear_freecpu(&rq->rd->cpudl, rq->cpu); + cpudl_clear(&rq->rd->cpudl, rq->cpu, false); } void __init init_sched_dl_class(void) -- 2.34.1

3 days, 5 hours

2
10
0 0

[PATCH v12] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail when BT_EN is pulled up by hw

by Shuai Zhang

On QCS9075 and QCA8275 platforms, the BT_EN pin is always pulled up by hw and cannot be controlled by the host. As a result, in case of a firmware crash, the host cannot trigger a cold reset. Instead, the BT controller performs a warm restart on its own, without reloading the firmware. This leads to the controller remaining in IBS_WAKE state, while the host expects it to be in sleep mode. The mismatch causes HCI reset commands to time out. Additionally, the driver does not clear internal flags QCA_SSR_TRIGGERED and QCA_IBS_DISABLED, which blocks the reset sequence. If the SSR duration exceeds 2 seconds, the host may enter TX sleep mode due to tx_idle_timeout, further preventing recovery. Also, memcoredump_flag is not cleared, so only the first SSR generates a coredump. Tell driver that BT controller has undergone a proper restart sequence: - Clear QCA_SSR_TRIGGERED and QCA_IBS_DISABLED flags after SSR. - Add a 50ms delay to allow the controller to complete its warm reset. - Reset tx_idle_timer to prevent the host from entering TX sleep mode. - Clear memcoredump_flag to allow multiple coredump captures. Apply these steps only when HCI_QUIRK_NON_PERSISTENT_SETUP is not set, which indicates that BT_EN is defined in DTS and cannot be toggled. Refer to the comment in include/net/bluetooth/hci.h for details on HCI_QUIRK_NON_PERSISTENT_SETUP. Changes in v12: - Rewrote commit to clarify the actual issue and affected platforms. - Used imperative language to describe the fix. - Explained the role of HCI_QUIRK_NON_PERSISTENT_SETUP. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> --- drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 4cff4d9be..2d6560482 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1653,6 +1653,39 @@ static void qca_hw_error(struct hci_dev *hdev, u8 code) skb_queue_purge(&qca->rx_memdump_q); } + /* + * If the BT chip's bt_en pin is connected to a 3.3V power supply via + * hardware and always stays high, driver cannot control the bt_en pin. + * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and + * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset + * command timeout. + * Add an msleep delay to ensure controller completes the SSR process. + * + * Host will not download the firmware after SSR, controller to remain + * in the IBS_WAKE state, and the host needs to synchronize with it + * + * Since the bluetooth chip has been reset, clear the memdump state. + */ + if (!hci_test_quirk(hu->hdev, HCI_QUIRK_NON_PERSISTENT_SETUP)) { + /* + * When the SSR (SubSystem Restart) duration exceeds 2 seconds, + * it triggers host tx_idle_delay, which sets host TX state + * to sleep. Reset tx_idle_timer after SSR to prevent + * host enter TX IBS_Sleep mode. + */ + mod_timer(&qca->tx_idle_timer, jiffies + + msecs_to_jiffies(qca->tx_idle_delay)); + + /* Controller reset completion time is 50ms */ + msleep(50); + + clear_bit(QCA_SSR_TRIGGERED, &qca->flags); + clear_bit(QCA_IBS_DISABLED, &qca->flags); + + qca->tx_ibs_state = HCI_IBS_TX_AWAKE; + qca->memdump_state = QCA_MEMDUMP_IDLE; + } + clear_bit(QCA_HW_ERROR_EVENT, &qca->flags); } -- 2.34.1

3 days, 8 hours

4
5
0 0

[PATCH] thermal: sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata

by Thorsten Blum

The temperature was never clamped to SPRD_THM_TEMP_LOW or SPRD_THM_TEMP_HIGH because the return value of clamp() was not used. Fix this by assigning the clamped value to 'temp'. Casting SPRD_THM_TEMP_LOW and SPRD_THM_TEMP_HIGH to int is also redundant and can be removed. Cc: stable(a)vger.kernel.org Fixes: 554fdbaf19b1 ("thermal: sprd: Add Spreadtrum thermal driver support") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- drivers/thermal/sprd_thermal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/thermal/sprd_thermal.c b/drivers/thermal/sprd_thermal.c index f7fa83b2428e..44fa45f74da7 100644 --- a/drivers/thermal/sprd_thermal.c +++ b/drivers/thermal/sprd_thermal.c @@ -192,7 +192,7 @@ static int sprd_thm_temp_to_rawdata(int temp, struct sprd_thermal_sensor *sen) { u32 val; - clamp(temp, (int)SPRD_THM_TEMP_LOW, (int)SPRD_THM_TEMP_HIGH); + temp = clamp(temp, SPRD_THM_TEMP_LOW, SPRD_THM_TEMP_HIGH); /* * According to the thermal datasheet, the formula of converting -- Thorsten Blum <thorsten.blum(a)linux.dev> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4

3 days, 10 hours

2
1
0 0

[PATCH] thermal: sprd: Fix raw temperature clamping in sprd_thm_rawdata_to_temp

by Thorsten Blum

The raw temperature data was never clamped to SPRD_THM_RAW_DATA_LOW or SPRD_THM_RAW_DATA_HIGH because the return value of clamp() was not used. Fix this by assigning the clamped value to 'rawdata'. Casting SPRD_THM_RAW_DATA_LOW and SPRD_THM_RAW_DATA_HIGH to u32 is also redundant and can be removed. Cc: stable(a)vger.kernel.org Fixes: 554fdbaf19b1 ("thermal: sprd: Add Spreadtrum thermal driver support") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- drivers/thermal/sprd_thermal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/thermal/sprd_thermal.c b/drivers/thermal/sprd_thermal.c index e546067c9621..f7fa83b2428e 100644 --- a/drivers/thermal/sprd_thermal.c +++ b/drivers/thermal/sprd_thermal.c @@ -178,7 +178,7 @@ static int sprd_thm_sensor_calibration(struct device_node *np, static int sprd_thm_rawdata_to_temp(struct sprd_thermal_sensor *sen, u32 rawdata) { - clamp(rawdata, (u32)SPRD_THM_RAW_DATA_LOW, (u32)SPRD_THM_RAW_DATA_HIGH); + rawdata = clamp(rawdata, SPRD_THM_RAW_DATA_LOW, SPRD_THM_RAW_DATA_HIGH); /* * According to the thermal datasheet, the formula of converting -- Thorsten Blum <thorsten.blum(a)linux.dev> GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4

3 days, 10 hours

2
1
0 0

Optimiza tu reclutamiento con PsicoSmart

by Valeria Pérez

Mejora tus contrataciones con PsicoSmart body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Evalúa talento de forma objetiva y mejora tus contrataciones con PsicoSmart. Hola, , ¿Te ha pasado que un candidato luce perfecto en entrevista, pero en el trabajo no encaja como esperabas? En selección, confiar solo en la percepción puede llevar a decisiones costosas. Por eso quiero presentarte PsicoSmart, una herramienta creada para que los equipos de Recursos Humanos tomen decisiones más objetivas y acertadas. Con PsicoSmart puedes: Aplicar 31 pruebas psicométricas que evalúan liderazgo, honestidad, comunicación e inteligencia. Validar conocimientos técnicos con más de 2,500 exámenes especializados. Supervisar la identidad de quien responde mediante captura fotográfica automática durante la evaluación. Gestionar todo desde una sola plataforma, accesible desde cualquier dispositivo. Si estás buscando mejorar tus contrataciones, podría ser una muy buena opción. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, -------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewiswqrtseup">click aquí</a>

3 days, 11 hours

1
0
0 0

[PATCH 6.12 000/116] 6.12.21-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.21 release. There are 116 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 27 Mar 2025 12:21:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.21-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.21-rc1 Arthur Mongodin <amongodin(a)randorisec.fr> mptcp: Fix data stream corruption in the address announcement Zi Yan <ziy(a)nvidia.com> mm/huge_memory: drop beyond-EOF folios with the right number of refs Justin Klaassen <justin(a)tidylabs.net> arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S Eder Zulian <ezulian(a)redhat.com> libsubcmd: Silence compiler warning Dietmar Eggemann <dietmar.eggemann(a)arm.com> Revert "sched/core: Reduce cost of sched_move_task when config autogroup" Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Eagerly switch ZCR_EL{1,2} Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Mark some header functions as inline Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Refactor exit handlers Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Remove host FPSIMD saving for non-protected KVM Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state Fuad Tabba <tabba(a)google.com> KVM: arm64: Calculate cptr_el2 traps on activating traps Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix sendzc double notif flush Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix incorrect validation for num_aces field of smb_acl Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix user queue validation on Gfx7/8 David Rosca <david.rosca(a)amd.com> drm/amdgpu: Fix JPEG video caps max size for navi1x and raven David Rosca <david.rosca(a)amd.com> drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size David Rosca <david.rosca(a)amd.com> drm/amdgpu: Remove JPEG from vega and carrizo video caps Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/pm: wire up hwmon fan speed for smu 14.0.2 Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> drm/amdgpu/pm: Handle SCLK offset correctly in overdrive for smu 14.0.2 David Belanger <david.belanger(a)amd.com> drm/amdgpu: Restore uncached behaviour on GFX12 Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amd/pm: add unique_id for gfx12 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Use HW lock mgr for PSR1 when only one eDP Yilin Chen <Yilin.Chen(a)amd.com> drm/amd/display: Fix message for support_edp0_on_dp1 Wentao Liang <vulab(a)iscas.ac.cn> drm/amdgpu/gfx12: correct cleanup of 'me' field with gfx_v12_0_me_fini() qianyi liu <liuqianyi125(a)gmail.com> drm/sched: Fix fence reference count leak Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() Xianwei Zhao <xianwei.zhao(a)amlogic.com> pmdomain: amlogic: fix T7 ISP secpower Saranya R <quic_sarar(a)quicinc.com> soc: qcom: pdr: Fix the potential deadlock Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore own maximum aggregation size during RX Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> xsk: fix an integer overflow in xp_create_and_assign_umem() David Howells <dhowells(a)redhat.com> keys: Fix UAF in key_put() Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Avoid physical address 0x0 when doing random allocation Johan Hovold <johan+linaro(a)kernel.org> firmware: qcom: uefisecapp: fix efivars registration race Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: shmobile: smp: Enforce shmobile_smp_* alignment Stefan Eichenberger <stefan.eichenberger(a)toradex.com> ARM: dts: imx6qdl-apalis: Fix poweroff on Apalis iMX6 Shakeel Butt <shakeel.butt(a)linux.dev> memcg: drain obj stock on cpu hotplug teardown Ye Bin <yebin10(a)huawei.com> proc: fix UAF in proc_get_inode() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm/page_alloc: fix memory accept before watermarks gets initialized Zi Yan <ziy(a)nvidia.com> mm/migrate: fix shmem xarray update during migration Raphael S. Carvalho <raphaelsc(a)scylladb.com> mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT Rafael Aquini <raquini(a)redhat.com> selftests/mm: run_vmtests.sh: fix half_ufd_size_MB calculation Gu Bowen <gubowen5(a)huawei.com> mmc: atmel-mci: Add missing clk_disable_unprepare() Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board dtsi Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou Stefan Eichenberger <stefan.eichenberger(a)toradex.com> arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound card Stefan Eichenberger <stefan.eichenberger(a)toradex.com> arm64: dts: freescale: imx8mp-verdin-dahlia: add Microphone Jack to sound card Dan Carpenter <dan.carpenter(a)linaro.org> accel/qaic: Fix integer overflow in qaic_validate_req() Christian Eggers <ceggers(a)arri.de> regulator: check that dummy regulator has been probed before using it Christian Eggers <ceggers(a)arri.de> regulator: dummy: force synchronous probing Max Kellermann <max.kellermann(a)ionos.com> netfs: Call `invalidate_cache` only if implemented E Shattow <e(a)freeshell.de> riscv: dts: starfive: Fix a typo in StarFive JH7110 pin function definitions Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't clear REQ_F_NEED_CLEANUP unconditionally Maíra Canal <mcanal(a)igalia.com> drm/v3d: Don't run jobs that have errors flagged in its fence Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> drm/xe: Fix exporting xe buffers multiple times Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: disable transceiver during system PM Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: only change CAN state when link up in system PM Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> can: ucan: fix out of bound read in strscpy() source Biju Das <biju.das.jz(a)bp.renesas.com> can: rcar_canfd: Fix page entries in the AFL list Biju Das <biju.das.jz(a)bp.renesas.com> dt-bindings: can: renesas,rcar-canfd: Fix typo in pattern properties for R-Car V4M Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Support holes in device list reply msg Andreas Kemnade <andreas(a)kemnade.info> i2c: omap: fix IRQ storms Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Fix leakage of module refcount Guillaume Nault <gnault(a)redhat.com> Revert "gre: Fix IPv6 link-local address generation." Lin Ma <linma(a)zju.edu.cn> net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES Yongjian Sun <sunyongjian1(a)huawei.com> libfs: Fix duplicate directory entry in offset_dir_lookup Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: ioam6: fix lwtunnel_output() loop Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: fix recursion loops MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Add lock to stats Dan Carpenter <dan.carpenter(a)linaro.org> net: atm: fix use after free in lec_send() Jason Gunthorpe <jgg(a)ziepe.ca> gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> phy: fix xa_alloc_cyclic() error handling Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> dpll: fix xa_alloc_cyclic() error handling Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> devlink: fix xa_alloc_cyclic() error handling Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). Felix Fietkau <nbd(a)nbd.name> net: ipv6: fix TCP GSO segmentation with NAT Vignesh Raghavendra <vigneshr(a)ti.com> net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Add ATA_QUIRK_NO_LPM_ON_ATI for certain Samsung SSDs Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: tprobe-events: Fix to clean up tprobe correctly when module unload David Lechner <dlechner(a)baylibre.com> ARM: davinci: da850: fix selecting ARCH_DAVINCI_DA8XX Jeffrey Hugo <quic_jhugo(a)quicinc.com> accel/qaic: Fix possible data corruption in BOs > 2G Arkadiusz Bokowy <arkadiusz.bokowy(a)gmail.com> Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: Fix error code in chan_alloc_skb_cb() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong value of max_sge_rd Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix missing xa_destroy() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix invalid sq params not being blocked Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix soft lockup during bt pages loop Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path Baochen Qiang <quic_bqiang(a)quicinc.com> dma-mapping: fix missing clear bdr in check_ram_in_range_map() Chester A. Unal <chester.a.unal(a)arinc9.com> ARM: dts: BCM5301X: Fix switch port labels of ASUS RT-AC3200 Chester A. Unal <chester.a.unal(a)arinc9.com> ARM: dts: BCM5301X: Fix switch port labels of ASUS RT-AC5300 Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: Don't mark timer regs unconfigured Arnd Bergmann <arnd(a)arndb.de> ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP Qasim Ijaz <qasdev00(a)gmail.com> RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests Yao Zi <ziyao(a)disroot.org> arm64: dts: rockchip: Remove undocumented sdmmc property from lubancat-1 Phil Elwell <phil(a)raspberrypi.com> arm64: dts: bcm2712: PL011 UARTs are actually r1p5 Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: PL011 UARTs are actually r1p5 Stefan Wahren <wahrenst(a)gmx.net> ARM: dts: bcm2711: Fix xHCI power-domain Peng Fan <peng.fan(a)nxp.com> soc: imx8m: Unregister cpufreq and soc dev in cleanup path Marek Vasut <marex(a)denx.de> soc: imx8m: Use devm_* to simplify probe failure handling Marek Vasut <marex(a)denx.de> soc: imx8m: Remove global soc_uid Cosmin Ratiu <cratiu(a)nvidia.com> xfrm_output: Force software GSO only in tunnel mode Alexandre Cassen <acassen(a)corp.free.fr> xfrm: fix tunnel mode TX datapath in packet offload mode Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: remove supports-cqe from rk3588 tiger Heiko Stuebner <heiko.stuebner(a)cherry.de> arm64: dts: rockchip: remove supports-cqe from rk3588 jaguar Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> firmware: imx-scu: fix OF node leak in .probe() Dan Carpenter <dan.carpenter(a)linaro.org> firmware: qcom: scm: Fix error code in probe() ------------- Diffstat: .../bindings/net/can/renesas,rcar-canfd.yaml | 2 +- Makefile | 4 +- arch/arm/boot/dts/broadcom/bcm2711-rpi.dtsi | 5 - arch/arm/boot/dts/broadcom/bcm2711.dtsi | 12 +- .../boot/dts/broadcom/bcm4709-asus-rt-ac3200.dts | 12 +- .../boot/dts/broadcom/bcm47094-asus-rt-ac5300.dts | 8 +- arch/arm/boot/dts/nxp/imx/imx6qdl-apalis.dtsi | 10 +- arch/arm/mach-davinci/Kconfig | 1 + arch/arm/mach-omap1/Kconfig | 1 + arch/arm/mach-shmobile/headsmp.S | 1 + arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 2 +- .../boot/dts/freescale/imx8mm-verdin-dahlia.dtsi | 6 +- .../arm64/boot/dts/freescale/imx8mp-tqma8mpql.dtsi | 16 +-- .../boot/dts/freescale/imx8mp-verdin-dahlia.dtsi | 6 +- .../boot/dts/rockchip/px30-ringneck-haikou.dts | 12 ++ arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3399-rockpro64.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3566-lubancat-1.dts | 1 - arch/arm64/boot/dts/rockchip/rk3588-jaguar.dts | 1 - arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 1 - arch/arm64/include/asm/kvm_host.h | 23 +--- arch/arm64/kernel/fpsimd.c | 25 ---- arch/arm64/kvm/arm.c | 9 -- arch/arm64/kvm/fpsimd.c | 100 ++------------ arch/arm64/kvm/hyp/entry.S | 5 + arch/arm64/kvm/hyp/include/hyp/switch.h | 133 +++++++++++++----- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 11 +- arch/arm64/kvm/hyp/nvhe/pkvm.c | 29 ---- arch/arm64/kvm/hyp/nvhe/switch.c | 140 ++++++++++--------- arch/arm64/kvm/hyp/vhe/switch.c | 21 ++- arch/riscv/boot/dts/starfive/jh7110-pinfunc.h | 2 +- drivers/accel/qaic/qaic_data.c | 9 +- drivers/ata/libata-core.c | 14 +- drivers/dpll/dpll_core.c | 2 +- drivers/firmware/efi/libstub/randomalloc.c | 4 + drivers/firmware/imx/imx-scu.c | 1 + drivers/firmware/qcom/qcom_qseecom_uefisecapp.c | 18 +-- drivers/firmware/qcom/qcom_scm.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c | 22 +-- drivers/gpu/drm/amd/amdgpu/nv.c | 20 +-- drivers/gpu/drm/amd/amdgpu/soc15.c | 21 ++- drivers/gpu/drm/amd/amdgpu/vi.c | 43 +++--- drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 12 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 8 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 11 ++ drivers/gpu/drm/amd/pm/amdgpu_pm.c | 2 + .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 96 +++++++------ drivers/gpu/drm/radeon/radeon_vce.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 11 +- drivers/gpu/drm/v3d/v3d_sched.c | 9 +- drivers/gpu/drm/xe/xe_bo.h | 2 - drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- drivers/gpu/host1x/dev.c | 6 + drivers/i2c/busses/i2c-omap.c | 26 +--- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 - drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3 +- drivers/infiniband/hw/hns/hns_roce_alloc.c | 4 +- drivers/infiniband/hw/hns/hns_roce_cq.c | 1 + drivers/infiniband/hw/hns/hns_roce_hem.c | 16 ++- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 20 +-- drivers/infiniband/hw/mlx5/ah.c | 14 +- drivers/infiniband/sw/rxe/rxe.c | 25 +--- drivers/mmc/host/atmel-mci.c | 4 +- drivers/mmc/host/sdhci-brcmstb.c | 10 ++ drivers/net/can/flexcan/flexcan-core.c | 18 ++- drivers/net/can/rcar/rcar_canfd.c | 28 ++-- drivers/net/can/usb/ucan.c | 43 +++--- drivers/net/ethernet/microsoft/mana/gdma_main.c | 14 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 32 +++-- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 1 + drivers/net/ethernet/ti/icssg/icssg_prueth.h | 2 + drivers/net/ethernet/ti/icssg/icssg_stats.c | 4 + drivers/net/phy/phy_link_topology.c | 2 +- drivers/pmdomain/amlogic/meson-secure-pwrc.c | 2 +- drivers/regulator/core.c | 12 +- drivers/regulator/dummy.c | 2 +- drivers/soc/imx/soc-imx8m.c | 151 ++++++++++----------- drivers/soc/qcom/pdr_interface.c | 8 +- fs/libfs.c | 2 +- fs/netfs/write_collect.c | 3 +- fs/proc/generic.c | 10 +- fs/proc/inode.c | 6 +- fs/proc/internal.h | 14 ++ fs/smb/server/smbacl.c | 5 +- include/linux/key.h | 1 + include/linux/libata.h | 2 + include/linux/proc_fs.h | 7 +- include/net/bluetooth/hci.h | 2 +- include/net/mana/gdma.h | 11 +- io_uring/net.c | 5 +- kernel/dma/direct.c | 28 ++-- kernel/sched/core.c | 21 +-- kernel/trace/trace_fprobe.c | 30 ++-- mm/filemap.c | 13 +- mm/huge_memory.c | 2 +- mm/memcontrol.c | 9 ++ mm/migrate.c | 10 +- mm/page_alloc.c | 14 +- net/atm/lec.c | 3 +- net/batman-adv/bat_iv_ogm.c | 3 +- net/batman-adv/bat_v_ogm.c | 3 +- net/bluetooth/6lowpan.c | 7 +- net/core/lwtunnel.c | 65 +++++++-- net/core/neighbour.c | 1 + net/devlink/core.c | 2 +- net/ipv6/addrconf.c | 15 +- net/ipv6/ioam6_iptunnel.c | 8 +- net/ipv6/route.c | 5 +- net/ipv6/tcpv6_offload.c | 21 ++- net/mptcp/options.c | 6 +- net/xdp/xsk_buff_pool.c | 2 +- net/xfrm/xfrm_output.c | 43 +++++- security/keys/gc.c | 4 +- security/keys/key.c | 2 + tools/lib/subcmd/parse-options.c | 2 +- tools/testing/selftests/mm/run_vmtests.sh | 4 +- 119 files changed, 944 insertions(+), 819 deletions(-)

3 days, 13 hours

7
122
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror