Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

297 participants
124136 discussions

[PATCH] ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer

by Jaroslav Kysela

Handle the error code from snd_pcm_buffer_access_lock() in snd_pcm_runtime_buffer_set_silence() function. Found by Alexandros Panagiotou <apanagio(a)redhat.com> Fixes: 93a81ca06577 ("ALSA: pcm: Fix race of buffer access at PCM OSS layer") Cc: stable(a)vger.kernel.org # 6.15 Signed-off-by: Jaroslav Kysela <perex(a)perex.cz> --- include/sound/pcm.h | 2 +- sound/core/oss/pcm_oss.c | 4 +++- sound/core/pcm_native.c | 9 +++++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/include/sound/pcm.h b/include/sound/pcm.h index 58fd6e84f961..a7860c047503 100644 --- a/include/sound/pcm.h +++ b/include/sound/pcm.h @@ -1402,7 +1402,7 @@ int snd_pcm_lib_mmap_iomem(struct snd_pcm_substream *substream, struct vm_area_s #define snd_pcm_lib_mmap_iomem NULL #endif -void snd_pcm_runtime_buffer_set_silence(struct snd_pcm_runtime *runtime); +int snd_pcm_runtime_buffer_set_silence(struct snd_pcm_runtime *runtime); /** * snd_pcm_limit_isa_dma_size - Get the max size fitting with ISA DMA transfer diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c index a82dd155e1d3..b12df5b5ddfc 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1074,7 +1074,9 @@ static int snd_pcm_oss_change_params_locked(struct snd_pcm_substream *substream) runtime->oss.params = 0; runtime->oss.prepare = 1; runtime->oss.buffer_used = 0; - snd_pcm_runtime_buffer_set_silence(runtime); + err = snd_pcm_runtime_buffer_set_silence(runtime); + if (err < 0) + goto failure; runtime->oss.period_frames = snd_pcm_alsa_frames(substream, oss_period_size); diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c index 68bee40c9ada..932a9bf98cbc 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -730,13 +730,18 @@ static void snd_pcm_buffer_access_unlock(struct snd_pcm_runtime *runtime) } /* fill the PCM buffer with the current silence format; called from pcm_oss.c */ -void snd_pcm_runtime_buffer_set_silence(struct snd_pcm_runtime *runtime) +int snd_pcm_runtime_buffer_set_silence(struct snd_pcm_runtime *runtime) { - snd_pcm_buffer_access_lock(runtime); + int err; + + err = snd_pcm_buffer_access_lock(runtime); + if (err < 0) + return err; if (runtime->dma_area) snd_pcm_format_set_silence(runtime->format, runtime->dma_area, bytes_to_samples(runtime, runtime->dma_bytes)); snd_pcm_buffer_access_unlock(runtime); + return 0; } EXPORT_SYMBOL_GPL(snd_pcm_runtime_buffer_set_silence); -- 2.52.0

3 days, 19 hours

[PATCH v5.10-v6.6] RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem

by Shivani Agarwal

From: Zhu Yanjun <yanjun.zhu(a)linux.dev> [ Upstream commit d0706bfd3ee40923c001c6827b786a309e2a8713 ] Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 strlen+0x93/0xa0 lib/string.c:420 __fortify_strlen include/linux/fortify-string.h:268 [inline] get_kobj_path_length lib/kobject.c:118 [inline] kobject_get_path+0x3f/0x2a0 lib/kobject.c:158 kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545 ib_register_device drivers/infiniband/core/device.c:1472 [inline] ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393 rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552 rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225 nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796 rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620 __sys_sendmsg+0x16d/0x220 net/socket.c:2652 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f This problem is similar to the problem that the commit 1d6a9e7449e2 ("RDMA/core: Fix use-after-free when rename device name") fixes. The root cause is: the function ib_device_rename() renames the name with lock. But in the function kobject_uevent(), this name is accessed without lock protection at the same time. The solution is to add the lock protection when this name is accessed in the function kobject_uevent(). Fixes: 779e0bf47632 ("RDMA/core: Do not indicate device ready when device enablement fails") Link: https://patch.msgid.link/r/20250506151008.75701-1-yanjun.zhu@linux.dev Reported-by: syzbot+e2ce9e275ecc70a30b72(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=e2ce9e275ecc70a30b72 Signed-off-by: Zhu Yanjun <yanjun.zhu(a)linux.dev> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [ Ajay: Modified to apply on v5.10.y-v6.6.y ib_device_notify_register() not present in v5.10.y-v6.6.y, so directly added lock for kobject_uevent() ] Signed-off-by: Ajay Kaher <ajay.kaher(a)broadcom.com> Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/infiniband/core/device.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c index 26f1d2f29..ea9b48108 100644 --- a/drivers/infiniband/core/device.c +++ b/drivers/infiniband/core/device.c @@ -1396,8 +1396,13 @@ int ib_register_device(struct ib_device *device, const char *name, return ret; } dev_set_uevent_suppress(&device->dev, false); + + down_read(&devices_rwsem); + /* Mark for userspace that device is ready */ kobject_uevent(&device->dev.kobj, KOBJ_ADD); + + up_read(&devices_rwsem); ib_device_put(device); return 0; -- 2.40.4

3 days, 19 hours

[PATCH 0/2 v5.10] Fix CVE-2023-52975

by Shivani Agarwal

Fix CVE-2023-52975 by backporting the required upstream commit 6f1d64b13097. This commit depends on a1f3486b3b09, so both patches have been backported to the v5.10 kernel. Mike Christie (2): scsi: iscsi: Move pool freeing scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress drivers/scsi/iscsi_tcp.c | 11 +++++++++-- drivers/scsi/libiscsi.c | 39 +++++++++++++++++++++++++++++++-------- include/scsi/libiscsi.h | 2 ++ 3 files changed, 42 insertions(+), 10 deletions(-) -- 2.43.7

3 days, 20 hours

Fwd: Request to add mainline merged patch to stable kernels

by JP Dehollain

Hi Greg, thanks for looking into this.. The full commit hash is 807221d3c5ff6e3c91ff57bc82a0b7a541462e20 Note: apologies if you received this multiple times, the previous one got bounced due to html Cheers, JP ________________________________ From: Greg KH <gregkh(a)linuxfoundation.org> Sent: Tuesday, December 23, 2025 6:39:22 PM To: JP Dehollain <jpdehollain(a)gmail.com> Cc: stable(a)vger.kernel.org <stable(a)vger.kernel.org> Subject: Re: Request to add mainline merged patch to stable kernels On Tue, Dec 23, 2025 at 04:05:24PM +1100, JP Dehollain wrote: > Hello, > I recently used the patch misc: rtsx_pci: Add separate CD/WP pin > polarity reversal support with commit ID 807221d, to fix a bug causing > the cardreader driver to always load sd cards in read-only mode. > On the suggestion of the driver maintainer, I am requesting that this > patch be applied to all stable kernel versions, as it is currently > only applied to >=6.18. > Thanks, > JP > What is the git id of the commit you are looking to have backported? thanks, greg k-h

3 days, 20 hours

[PATCH net v4] net: nfc: nci: Fix parameter validation for packet data

by Michael Thalmeier

Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more. The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct). Fixes: 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") Cc: stable(a)vger.kernel.org Signed-off-by: Michael Thalmeier <michael.thalmeier(a)hale.at> --- v4: - formatting fixes v3: - perform complete checks - replace magic numbers with offsetofend and sizeof v2: - Reference correct commit hash --- net/nfc/nci/ntf.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c index 418b84e2b260..a5cafcd10cc3 100644 --- a/net/nfc/nci/ntf.c +++ b/net/nfc/nci/ntf.c @@ -58,7 +58,7 @@ static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, struct nci_conn_info *conn_info; int i; - if (skb->len < sizeof(struct nci_core_conn_credit_ntf)) + if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries)) return -EINVAL; ntf = (struct nci_core_conn_credit_ntf *)skb->data; @@ -68,6 +68,10 @@ static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, if (ntf->num_entries > NCI_MAX_NUM_CONN) ntf->num_entries = NCI_MAX_NUM_CONN; + if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries) + + ntf->num_entries * sizeof(struct conn_credit_entry)) + return -EINVAL; + /* update the credits */ for (i = 0; i < ntf->num_entries; i++) { ntf->conn_entries[i].conn_id = @@ -364,7 +368,7 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, const __u8 *data; bool add_target = true; - if (skb->len < sizeof(struct nci_rf_discover_ntf)) + if (skb->len < offsetofend(struct nci_rf_discover_ntf, rf_tech_specific_params_len)) return -EINVAL; data = skb->data; @@ -380,6 +384,10 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, pr_debug("rf_tech_specific_params_len %d\n", ntf.rf_tech_specific_params_len); + if (skb->len < (data - skb->data) + + ntf.rf_tech_specific_params_len + sizeof(ntf.ntf_type)) + return -EINVAL; + if (ntf.rf_tech_specific_params_len > 0) { switch (ntf.rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: @@ -596,7 +604,7 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, const __u8 *data; int err = NCI_STATUS_OK; - if (skb->len < sizeof(struct nci_rf_intf_activated_ntf)) + if (skb->len < offsetofend(struct nci_rf_intf_activated_ntf, rf_tech_specific_params_len)) return -EINVAL; data = skb->data; @@ -628,6 +636,9 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, if (ntf.rf_interface == NCI_RF_INTERFACE_NFCEE_DIRECT) goto listen; + if (skb->len < (data - skb->data) + ntf.rf_tech_specific_params_len) + return -EINVAL; + if (ntf.rf_tech_specific_params_len > 0) { switch (ntf.activation_rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: @@ -668,6 +679,13 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, } } + if (skb->len < (data - skb->data) + + sizeof(ntf.data_exch_rf_tech_and_mode) + + sizeof(ntf.data_exch_tx_bit_rate) + + sizeof(ntf.data_exch_rx_bit_rate) + + sizeof(ntf.activation_params_len)) + return -EINVAL; + ntf.data_exch_rf_tech_and_mode = *data++; ntf.data_exch_tx_bit_rate = *data++; ntf.data_exch_rx_bit_rate = *data++; @@ -679,6 +697,9 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, pr_debug("data_exch_rx_bit_rate 0x%x\n", ntf.data_exch_rx_bit_rate); pr_debug("activation_params_len %d\n", ntf.activation_params_len); + if (skb->len < (data - skb->data) + ntf.activation_params_len) + return -EINVAL; + if (ntf.activation_params_len > 0) { switch (ntf.rf_interface) { case NCI_RF_INTERFACE_ISO_DEP: -- 2.52.0

4 days

[PATCH 00/12] drm/bridge: convert users of of_drm_find_bridge(), part 2

by Luca Ceresoli

This series converts all DRM bridge drivers (*) from the now deprecated of_drm_find_bridge() to its replacement of_drm_find_and_get_bridge() which allows correct bridge refcounting. It also converts per-driver "next_bridge" pointers to the unified drm_bridge::next_bridge which puts the reference automatically on bridge deallocation. This is part of the work to support hotplug of DRM bridges. The grand plan was discussed in [0]. Here's the work breakdown (➜ marks the current series): 1. ➜ add refcounting to DRM bridges struct drm_bridge, based on devm_drm_bridge_alloc() A. ✔ add new alloc API and refcounting (v6.16) B. ✔ convert all bridge drivers to new API (v6.17) C. ✔ kunit tests (v6.17) D. ✔ add get/put to drm_bridge_add/remove() + attach/detach() and warn on old allocation pattern (v6.17) E. ➜ add get/put on drm_bridge accessors 1. ✔ drm_bridge_chain_get_first_bridge(), add cleanup action (v6.18) 2. ✔ drm_bridge_get_prev_bridge() (v6.18) 3. ✔ drm_bridge_get_next_bridge() (v6.19) 4. ✔ drm_for_each_bridge_in_chain() (v6.19) 5. ✔ drm_bridge_connector_init (v6.19) 6. … protect encoder bridge chain with a mutex 7. ➜ of_drm_find_bridge a. ✔… add of_drm_get_bridge(), convert basic direct users (v6.20?, one driver still pending) b. ➜ convert direct of_drm_get_bridge() users, part 2 c. convert direct of_drm_get_bridge() users, part 3 d. convert direct of_drm_get_bridge() users, part 4 e. convert bridge-only drm_of_find_panel_or_bridge() users 8. drm_of_find_panel_or_bridge, *_of_get_bridge 9. ✔ enforce drm_bridge_add before drm_bridge_attach (v6.19) F. ✔ debugfs improvements 1. ✔ add top-level 'bridges' file (v6.16) 2. ✔ show refcount and list lingering bridges (v6.19) 2. … handle gracefully atomic updates during bridge removal A. ✔ Add drm_dev_enter/exit() to protect device resources (v6.20?) B. … protect private_obj removal from list 3. … DSI host-device driver interaction 4. ✔ removing the need for the "always-disconnected" connector 5. finish the hotplug bridge work, moving code to the core and potentially removing the hotplug-bridge itself (this needs to be clarified as points 1-3 are developed) [0] https://lore.kernel.org/lkml/20250206-hotplug-drm-bridge-v6-0-9d6f2c9c3058@… This work is a continuation of the work to correctly handle bridge refcounting for existing of_drm_find_bridge(). The ground work is in: - commit 293a8fd7721a ("drm/bridge: add of_drm_find_and_get_bridge()") - commit 9da0e06abda8 ("drm/bridge: deprecate of_drm_find_bridge()") - commit 3fdeae134ba9 ("drm/bridge: add next_bridge pointer to struct drm_bridge") The whole conversion is split in multiple series to make the review process a bit smoother. Parts 3 and 4 are converting non-bridge drivers (mostly encoders). (*) One bridge driver (synopsys/dw-hdmi) is converted in another series, together with its (non-bridge) users. Additionally this series converts drm_of_panel_bridge_remove() which is a special case, and has a bugfix for it too. Signed-off-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> --- Luca Ceresoli (12): drm: of: drm_of_panel_bridge_remove(): fix device_node leak drm: of: drm_of_panel_bridge_remove(): convert to of_drm_find_and_get_bridge() drm/bridge: sii902x: convert to of_drm_find_and_get_bridge() drm/bridge: thc63lvd1024: convert to of_drm_find_and_get_bridge() drm/bridge: tfp410: convert to of_drm_find_and_get_bridge() drm/bridge: tpd12s015: convert to of_drm_find_and_get_bridge() drm/bridge: lt8912b: convert to of_drm_find_and_get_bridge() drm/bridge: imx8mp-hdmi-pvi: convert to of_drm_find_and_get_bridge() drm/bridge: imx8qxp-ldb: convert to of_drm_find_and_get_bridge() drm/bridge: samsung-dsim: samsung_dsim_host_attach: use a temporary variable for the next bridge drm/bridge: samsung-dsim: samsung_dsim_host_attach: don't use the bridge pointer as an error indicator drm/bridge: samsung-dsim: samsung_dsim_host_attach: convert to of_drm_find_and_get_bridge() drivers/gpu/drm/bridge/imx/imx8mp-hdmi-pvi.c | 15 +++++++------- drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c | 3 ++- drivers/gpu/drm/bridge/lontium-lt8912b.c | 31 ++++++++++++++-------------- drivers/gpu/drm/bridge/samsung-dsim.c | 28 ++++++++++++++++--------- drivers/gpu/drm/bridge/sii902x.c | 7 +++---- drivers/gpu/drm/bridge/thc63lvd1024.c | 7 +++---- drivers/gpu/drm/bridge/ti-tfp410.c | 27 ++++++++++++------------ drivers/gpu/drm/bridge/ti-tpd12s015.c | 8 +++---- include/drm/bridge/samsung-dsim.h | 1 - include/drm/drm_of.h | 6 +++++- 10 files changed, 69 insertions(+), 64 deletions(-) --- base-commit: 2bcba510a612cea32b8a536eedeabd7fcb413cd0 change-id: 20251223-drm-bridge-alloc-getput-drm_of_find_bridge-2-12c6bbcb6896 Best regards, -- Luca Ceresoli <luca.ceresoli(a)bootlin.com>

4 days, 2 hours

[PATCH 6.18 000/312] 6.18.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.4 release. There are 312 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 08 Jan 2026 17:04:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.4-rc1 Charles Keepax <ckeepax(a)opensource.cirrus.com> Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() Kevin Tian <kevin.tian(a)intel.com> vfio/pci: Disable qword access to the PCI ROM bar Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: BPF: Enhance the bpf_arch_text_poke() function Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> powercap: intel_rapl: Add support for Nova Lake processors Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> powercap: intel_rapl: Add support for Wildcat Lake platform Damien Le Moal <dlemoal(a)kernel.org> block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() Junbeom Yeom <junbeom.yeom(a)samsung.com> erofs: fix unexpected EIO under memory pressure Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Disallow exporting of PM/FW protected objects Lyude Paul <lyude(a)redhat.com> drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/pagemap, drm/xe: Ensure that the devmem allocation is idle before use Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/svm: Fix a debug printout Krzysztof Niemiec <krzysztof.niemiec(a)intel.com> drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer Anna Maniscalco <anna.maniscalco2000(a)gmail.com> drm/msm: add PERFCTR_CNTL to ifpc_reglist Nikolay Kuratov <kniv(a)yandex-team.ru> drm/msm/dpu: Add missing NULL pointer check for pingpong interface Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Drop preempt-fences when destroying imported dma-bufs. Matthew Brost <matthew.brost(a)intel.com> drm/xe: Use usleep_range for accurate long-running workload timeslicing Matthew Brost <matthew.brost(a)intel.com> drm/xe: Adjust long-running workload timeslices to reasonable values Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/eustall: Disallow 0 EU stall property values Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Disallow 0 OA property values Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table Karol Wachowski <karol.wachowski(a)linux.intel.com> drm: Fix object leak in DRM_IOCTL_GEM_CHANGE_HANDLE René Rebe <rene(a)exactco.de> drm/mgag200: Fix big-endian support Simon Richter <Simon.Richter(a)hogyros.de> drm/ttm: Avoid NULL pointer deref for evicted BOs Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> drm/tilcdc: Fix removal actions in case of failed probe Ard Biesheuvel <ardb(a)kernel.org> drm/i915: Fix format string truncation warning Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Trap handler support for expert scheduling mode Jonathan Kim <jonathan.kim(a)amd.com> drm/amdkfd: bump minimum vgpr size for gfx1151 Mario Limonciello <mario.limonciello(a)amd.com> drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace Lyude Paul <lyude(a)redhat.com> drm/nouveau/gsp: Allocate fwsec-sb at boot Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: ti-sn65dsi83: ignore PLL_UNLOCK errors Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Use OVL_LAYER_SEL configuration instead of use win_mask calculate used layers Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd: Fix unbind/rebind for VCN 4.0.5 Johan Hovold <johan(a)kernel.org> drm/mediatek: ovl_adaptor: Fix probe device leaks Johan Hovold <johan(a)kernel.org> drm/mediatek: mtk_hdmi: Fix probe device leaks Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix probe device leaks Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix probe memory leak Johan Hovold <johan(a)kernel.org> drm/mediatek: Fix probe resource leaks Miaoqian Lin <linmq006(a)gmail.com> drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() Dmitry Osipenko <dmitry.osipenko(a)collabora.com> drm/rockchip: Set VOP for the DRM DMA device Sanjay Yadav <sanjay.kumar.yadav(a)intel.com> drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() Thomas Zimmermann <tzimmermann(a)suse.de> drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Separate clear and dirty free block trees Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/buddy: Optimize free block management with RB tree Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/sdma6: Update SDMA 6.0.3 FW version to include UMQ protected-fence fix Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma Natalie Vock <natalie.vock(a)gmx.de> drm/amdgpu: Forward VMID reservation errors Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling Mario Limonciello (AMD) <superm1(a)kernel.org> Revert "drm/amd: Skip power ungate during suspend for VPE" Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for Alienware 16X Aurora Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add AWCC support for Alienware x16 Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for new Area-51 laptops Armin Wolf <W_Armin(a)gmx.de> platform/x86: samsung-galaxybook: Fix problematic pointer cast Xiaolei Wang <xiaolei.wang(a)windriver.com> net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() Deepanshu Kartikey <kartikey406(a)gmail.com> net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write Miaoqian Lin <linmq006(a)gmail.com> net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration Ethan Nelson-Moore <enelsonmoore(a)gmail.com> net: usb: sr9700: fix incorrect command used to write single register Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> nfsd: Drop the client reference in client_states_open() Jeff Layton <jlayton(a)kernel.org> nfsd: use ATTR_DELEG in nfsd4_finalize_deleg_timestamps() Chuck Lever <chuck.lever(a)oracle.com> nfsd: fix nfsd_file reference leak in nfsd4_add_rdaccess_to_wrdeleg() Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: BPF: Adjust the jump offset of tail calls Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: BPF: Enable trampoline-based tracing for module functions Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: BPF: Save return address register ra to t0 before trampoline Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Sign extend kfunc call arguments Hengqi Chen <hengqi.chen(a)gmail.com> LoongArch: BPF: Zero-extend bpf_tail_call() index Chenghao Duan <duanchenghao(a)kylinos.cn> LoongArch: Refactor register restoration in ftrace_common_return Ankit Garg <nktgrg(a)google.com> gve: defer interrupt enabling until NAPI registration Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> fjes: Add missing iounmap in fjes_hw_init() Frode Nordahl <fnordahl(a)ubuntu.com> erspan: Initialize options_len before referencing options. Guangshuo Li <lgs201920130244(a)gmail.com> e1000: fix OOB in e1000_tbi_should_accept() Jouni Malinen <jouni.malinen(a)oss.qualcomm.com> wifi: mac80211: Discard Beacon frames to non-broadcast address Ville Syrjälä <ville.syrjala(a)linux.intel.com> wifi: iwlwifi: Fix firmware version handling Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/cm: Fix leaking the multicast GID table reference Jason Gunthorpe <jgg(a)ziepe.ca> RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly Alice Ryhl <aliceryhl(a)google.com> rust: maple_tree: rcu_read_lock() in destructor to silence lockdep Chenghao Duan <duanchenghao(a)kylinos.cn> samples/ftrace: Adjust LoongArch register restore order in direct calls Wake Liu <wakel(a)google.com> selftests/mm: fix thread state check in uffd-unit-tests Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/mm/page_owner_sort: fix timestamp comparison for stable sorting Rong Zhang <i(a)rong.moe> x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo Bijan Tabatabai <bijan311(a)gmail.com> mm: consider non-anon swap cache folios in folio_expected_ref_count() Ran Xiaokai <ran.xiaokai(a)zte.com.cn> mm/page_owner: fix memory leak in page_owner_stack_fops->release() Alexander Gordeev <agordeev(a)linux.ibm.com> mm/page_alloc: change all pageblocks migrate type on coalescing Matthew Wilcox (Oracle) <willy(a)infradead.org> idr: fix idr_alloc() returning an ID out of range NeilBrown <neil(a)brown.name> lockd: fix vfs_test_lock() calls Pingfan Liu <piliu(a)redhat.com> kernel/kexec: fix IMA when allocation happens in CMA area Pingfan Liu <piliu(a)redhat.com> kernel/kexec: change the prototype of kimage_map_segment() Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> kasan: unpoison vms[area] addresses with a common tag Maciej Wieczor-Retman <maciej.wieczor-retman(a)intel.com> kasan: refactor pcpu kasan vmalloc unpoison Jiayuan Chen <jiayuan.chen(a)linux.dev> mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN Paolo Abeni <pabeni(a)redhat.com> mptcp: fallback earlier on simult connection H. Peter Anvin <hpa(a)zytor.com> compiler_types.h: add "auto" as a macro for "__auto_type" Jens Axboe <axboe(a)kernel.dk> af_unix: don't post cmsg for SO_INQ unless explicitly asked for Wentao Liang <vulab(a)iscas.ac.cn> pmdomain: imx: Fix reference count leak in imx_gpc_probe() Macpaul Lin <macpaul.lin(a)mediatek.com> pmdomain: mtk-pm-domains: Fix spinlock recursion fix in probe SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failure on damos_test_commit_filter() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damos_test_filter_out() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_set_filters_default_reject() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle memory failure from damon_test_target() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() SeongJae Park <sj(a)kernel.org> mm/damon/tests/core-kunit: fix memory leak in damon_test_set_filters_default_reject() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() SeongJae Park <sj(a)kernel.org> mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() SeongJae Park <sj(a)kernel.org> mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Use unsigned long for _end and _text WangYuli <wangyl5933(a)chinaunicom.cn> LoongArch: Use __pmd()/__pte() for swap entry conversions Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix build errors for CONFIG_RANDSTRUCT Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix arch_dup_task_struct() for CONFIG_RANDSTRUCT Qiang Ma <maqianga(a)uniontech.com> LoongArch: Correct the calculation logic of thread_count Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Add new PCI ID for pci_fixup_vgadev() Haoxiang Li <haoxiang_li2024(a)163.com> media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() Chen-Yu Tsai <wenst(a)chromium.org> media: mediatek: vcodec: Use spinlock for context list protection lock Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: adv7842: Remove redundant cancel_delayed_work in probe Duoming Zhou <duoming(a)zju.edu.cn> media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Cancel message work before releasing the VPU core Ming Qian <ming.qian(a)oss.nxp.com> media: amphion: Remove vpu_vb_is_codecconfig Johan Hovold <johan(a)kernel.org> media: vpif_display: fix section mismatch Johan Hovold <johan(a)kernel.org> media: vpif_capture: fix section mismatch Haotian Zhang <vulab(a)iscas.ac.cn> media: videobuf2: Fix device reference leak in vb2_dc_alloc error path Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Protect G2 HEVC decoder against invalid DPB index Duoming Zhou <duoming(a)zju.edu.cn> media: TDA1997x: Remove redundant cancel_delayed_work in probe Marek Szyprowski <m.szyprowski(a)samsung.com> media: samsung: exynos4-is: fix potential ABBA deadlock on init Miaoqian Lin <linmq006(a)gmail.com> media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled Johan Hovold <johan(a)kernel.org> media: platform: mtk-mdp3: fix device leaks at probe Ivan Abramov <i.abramov(a)mt-integration.ru> media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() Dikshita Agarwal <dikshita.agarwal(a)oss.qualcomm.com> media: iris: Refine internal buffer reconfiguration logic for resolution change Haotian Zhang <vulab(a)iscas.ac.cn> media: cec: Fix debugfs leak on bus_register() failure René Rebe <rene(a)exactco.de> fbdev: tcx.c fix mem_map to correct smem_start offset Thorsten Blum <thorsten.blum(a)linux.dev> fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing Rene Rebe <rene(a)exactco.de> fbdev: gbefb: fix to use physical address instead of dma address Li Chen <chenl311(a)chinatelecom.cn> dm pcache: fix segment info indexing Li Chen <chenl311(a)chinatelecom.cn> dm pcache: fix cache info indexing Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: align write boundary on physical block size Uladzislau Rezki (Sony) <urezki(a)gmail.com> dm-ebs: Mark full buffer dirty even on partial write Mahesh Rao <mahesh.rao(a)altera.com> firmware: stratix10-svc: Add mutex in stratix10 memory management Ivan Abramov <i.abramov(a)mt-integration.ru> media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() David Hildenbrand <david(a)kernel.org> powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION David Hildenbrand <david(a)kernel.org> powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages Krzysztof Kozlowski <krzk(a)kernel.org> power: supply: max77705: Fix potential IRQ chip conflict when probing two devices Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> PCI: meson: Fix parsing the DBI register region Jim Quinlan <james.quinlan(a)broadcom.com> PCI: brcmstb: Fix disabling L0s capability Sven Schnelle <svens(a)stackframe.org> parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() Sven Schnelle <svens(a)stackframe.org> parisc: entry.S: fix space adjustment on interruption for 64-bit userspace Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvmet: pci-epf: move DMA initialization to EPC init callback Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make FILE_SYNC WRITEs comply with spec Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips Christian Marangi <ansuelsmth(a)gmail.com> mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS Patrice Chotard <patrice.chotard(a)foss.st.com> arm64: dts: st: Add memory-region-names property for stm32mp257f-ev1 Paresh Bhagat <p-bhagat(a)ti.com> arm64: dts: ti: k3-am62d2-evm: Fix PMIC padconfig Paresh Bhagat <p-bhagat(a)ti.com> arm64: dts: ti: k3-am62d2-evm: Fix regulator properties Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix CPU stalls on G2 bus error Haotian Zhang <vulab(a)iscas.ac.cn> media: rc: st_rc: Fix reset control resource leak Krzysztof Kozlowski <krzk(a)kernel.org> mfd: max77620: Fix potential IRQ chip conflict when probing two devices Johan Hovold <johan(a)kernel.org> mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix dependencies of QCS_{DISP,GPU,VIDEO}CC_615 Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix SM_VIDEOCC_6350 dependencies Alexey Minnekhanov <alexeymin(a)postmarketos.org> clk: qcom: mmcc-sdm660: Add missing MDSS reset Nathan Chancellor <nathan(a)kernel.org> clk: samsung: exynos-clkout: Assign .num before accessing .hws Damien Le Moal <dlemoal(a)kernel.org> block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Enable chip before any communication Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs Christian Hitz <christian.hitz(a)bbv.ch> leds: leds-lp50xx: Allow LED 0 to be added to module bank Thomas Weißschuh <linux(a)weissschuh.net> leds: leds-cros_ec: Skip LEDs without color components Kairui Song <kasong(a)tencent.com> mm, swap: do not perform synchronous discard during allocation Donet Tom <donettom(a)linux.ibm.com> powerpc/64s/slb: Fix SLB multihit issue during SLB preload Dave Vasilevsky <dave(a)vasilevsky.ca> powerpc, mm: Fix mprotect on book3s 32-bit Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator Lukas Wunner <lukas(a)wunner.de> PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths Shengming Hu <hu.shengming(a)zte.com.cn> fgraph: Check ftrace_pids_enabled on registration for early filtering Shengming Hu <hu.shengming(a)zte.com.cn> fgraph: Initialize ftrace_ops->private for function graph ops Raghavendra Rao Ananta <rananta(a)google.com> hisi_acc_vfio_pci: Add .match_token_uuid callback in hisi_acc_vfio_pci_migrn_ops Hans de Goede <johannes.goede(a)oss.qualcomm.com> HID: logitech-dj: Remove duplicate error logging Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Fix off-by-one error in dell_smm_is_visible() Lu Baolu <baolu.lu(a)linux.intel.com> iommu: disable SVA when CONFIG_X86 is set Johan Hovold <johan(a)kernel.org> iommu/tegra: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/sun50i: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/qcom: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/omap: fix device leaks on probe_device() Johan Hovold <johan(a)kernel.org> iommu/mediatek: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leaks on probe() Johan Hovold <johan(a)kernel.org> iommu/mediatek-v1: fix device leak on probe_device() Johan Hovold <johan(a)kernel.org> iommu/ipmmu-vmsa: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/exynos: fix device leak on of_xlate() Johan Hovold <johan(a)kernel.org> iommu/apple-dart: fix device leak on of_xlate() Jinhui Guo <guojinhui.liam(a)bytedance.com> iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() Jinhui Guo <guojinhui.liam(a)bytedance.com> iommu/amd: Fix pci_segment memleak in alloc_pci_segment() Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6adm: the the copp device only during last instance Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6asm-dai: perform correct state check before closing Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr Ma Ke <make24(a)iscas.ac.cn> ASoC: codecs: Fix error handling in pm4125 audio codec driver Eric Naim <dnaim(a)cachyos.org> ASoC: cs35l41: Always return 0 when a subsystem ID is found Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: codecs: lpass-tx-macro: fix SM6115 support Krzysztof Kozlowski <krzk(a)kernel.org> ASoC: codecs: pm4125: Remove irq_chip on component unbind Krzysztof Kozlowski <krzk(a)kernel.org> ASoC: codecs: pm4125: Fix potential conflict when probing two devices Ma Ke <make24(a)iscas.ac.cn> ASoC: codecs: wcd937x: Fix error handling in wcd937x codec driver Biju Das <biju.das.jz(a)bp.renesas.com> ASoC: renesas: rz-ssi: Fix rz_ssi_priv::hw_params_cache::sample_width Biju Das <biju.das.jz(a)bp.renesas.com> ASoC: renesas: rz-ssi: Fix channel swap issue in full duplex mode Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix OF node leak on probe Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix clk prepare imbalance on probe failure Johan Hovold <johan(a)kernel.org> ASoC: stm32: sai: fix device leak on probe Johan Hovold <johan(a)kernel.org> ASoC: codecs: wcd939x: fix regmap leak on probe failure Matthew Wilcox (Oracle) <willy(a)infradead.org> ntfs: Do not overwrite uptodate pages Damien Le Moal <dlemoal(a)kernel.org> block: handle zone management operations completions Yipeng Zou <zouyipeng(a)huawei.com> selftests/ftrace: traceonoff_triggers: strip off names Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: skip CPU offline notify on unmapped hctx Thomas Fourier <fourier.thomas(a)gmail.com> RDMA/bnxt_re: fix dma_free_coherent() pointer Honggang LI <honggangli(a)163.com> RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation Li Zhijian <lizhijian(a)fujitsu.com> IB/rxe: Fix missing umem_odp->umem_mutex unlock on error path Zilin Guan <zilin(a)seu.edu.cn> ksmbd: Fix memory leak in get_file_all_info() Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/xe/guc: READ/WRITE_ONCE g2h_fence->done Ming Lei <ming.lei(a)redhat.com> ublk: scan partition in async way Ming Lei <ming.lei(a)redhat.com> ublk: implement NUMA-aware memory allocation Tuo Li <islituo(a)gmail.com> md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() Li Nan <linan122(a)huawei.com> md: Fix static checker warning in analyze_sbs Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix to use correct page size for PDE table David Gow <davidgow(a)google.com> kunit: Enforce task execution in {soft,hard}irq contexts Ding Hui <dinghui(a)sangfor.com.cn> RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats() Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem-shmem: Fix the MODULE_LICENSE() string Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> RDMA/core: always drop device refcount in ib_del_sub_device_and_put() Alok Tiwari <alok.a.tiwari(a)oracle.com> RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() Jang Ingyu <ingyujang25(a)korea.ac.kr> RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Remove possible negative shift Michal Schmidt <mschmidt(a)redhat.com> RDMA/irdma: avoid invalid read in irdma_net_event Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: check cqe length for kernel CQs Arnd Bergmann <arnd(a)arndb.de> RDMA/irdma: Fix irdma_alloc_ucontext_resp padding Arnd Bergmann <arnd(a)arndb.de> RDMA/ucma: Fix rdma_ucm_query_ib_service_resp struct padding Jiayuan Chen <jiayuan.chen(a)linux.dev> ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT Pwnverse <stanksal(a)purdue.edu> net: rose: fix invalid array index in rose_kill_by_device() Vadim Fedorenko <vadim.fedorenko(a)linux.dev> net: fib: restore ECMP balance from loopback Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix reference count leak when using error routes with nexthop objects Will Rosenberg <whrosenb(a)asu.edu> ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() Wei Fang <wei.fang(a)nxp.com> net: stmmac: fix the crash issue for zero copy XDP_TX action Anshumali Gaur <agaur(a)marvell.com> octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" Alok Tiwari <alok.a.tiwari(a)oracle.com> platform/x86/intel/pmt/discovery: use valid device pointer in dev_err_probe Junrui Luo <moonafterrain(a)outlook.com> platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing Zilin Guan <zilin(a)seu.edu.cn> vfio/pds: Fix memory leak in pds_vfio_dirty_enable() Kohei Enju <enjuk(a)amazon.com> tools/sched_ext: fix scx_show_state.py for scx_root change Bagas Sanjaya <bagasdotme(a)gmail.com> net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct Deepanshu Kartikey <kartikey406(a)gmail.com> net: usb: asix: validate PHY address before use Rosen Penev <rosenp(a)gmail.com> net: mdio: rtl9300: use scoped for loops Jose Javier Rodriguez Barbarin <dev-josejavier.rodriguez(a)duagon.com> mcb: Add missing modpost build support Thomas De Schampheleire <thomas.de_schampheleire(a)nokia.com> kbuild: fix compilation of dtb specified on command-line without make rule Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: skip multicast entries for fdb_dump() Rajashekar Hudumula <rajashekar.hudumula(a)broadcom.com> bng_en: update module description Thomas Fourier <fourier.thomas(a)gmail.com> firewire: nosy: Fix dma_free_coherent() size Andrew Morton <akpm(a)linux-foundation.org> genalloc.h: fix htmldocs warning Yeoreum Yun <yeoreum.yun(a)arm.com> smc91x: fix broken irq-context in PREEMPT_RT Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> platform/x86/intel/pmt: Fix kobject memory leak on init failure Arnd Bergmann <arnd(a)arndb.de> net: wangxun: move PHYLINK dependency Alice C. Munduruca <alice.munduruca(a)canonical.com> selftests: net: fix "buffer overflow detected" for tap.c Deepakkumar Karn <dkarn(a)redhat.com> net: usb: rtl8150: fix memory leak on usb_submit_urb() failure Daniel Zahka <daniel.zahka(a)gmail.com> selftests: drv-net: psp: fix test names in ipver_test_builder() Daniel Zahka <daniel.zahka(a)gmail.com> selftests: drv-net: psp: fix templated test names in psp_ip_ver_test_builder() Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: reset retries and mode on RX adapt failures Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: properly keep track of conduit reference Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Move net_devs registration in a dedicated routine Jiri Pirko <jiri(a)resnulli.us> team: fix check for port enabled in team_queue_override_port_prio_changed() Junrui Luo <moonafterrain(a)outlook.com> platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic Thomas Fourier <fourier.thomas(a)gmail.com> platform/x86: msi-laptop: add missing sysfs_remove_group() Shravan Kumar Ramani <shravankr(a)nvidia.com> platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names Jan Stancek <jstancek(a)redhat.com> powerpc/tools: drop `-o pipefail` in gcc check scripts Eric Dumazet <edumazet(a)google.com> ip6_gre: make ip6gre_header() robust Toke Høiland-Jørgensen <toke(a)redhat.com> net: openvswitch: Avoid needlessly taking the RTNL on vport destroy Jacky Chou <jacky_chou(a)aspeedtech.com> net: mdio: aspeed: add dummy read to avoid read-after-write issue Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: revert use of devm_kzalloc in btusb Pauli Virtanen <pav(a)iki.fi> Bluetooth: MGMT: report BIS capability flags in supported settings Herbert Xu <herbert(a)gondor.apana.org.au> crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Chen Ridong <chenridong(a)huawei.com> cpuset: fix warning when disabling remote partition Brian Vazquez <brianvv(a)google.com> idpf: reduce mbx_task schedule delay to 300us Larysa Zaremba <larysa.zaremba(a)intel.com> idpf: fix LAN memory regions command on some NVMs Kohei Enju <enjuk(a)amazon.com> iavf: fix off-by-one issues in iavf_config_rss_reg() Gregory Herrero <gregory.herrero(a)oracle.com> i40e: validate ring_len parameter against hardware-specific values Przemyslaw Korba <przemyslaw.korba(a)intel.com> i40e: fix scheduling in set_rx_mode Liang Jie <liangjie(a)lixiang.com> sched_ext: fix uninitialized ret on alloc_percpu() failure Aloka Dixit <aloka.dixit(a)oss.qualcomm.com> wifi: mac80211: do not use old MBSSID elements Dan Carpenter <dan.carpenter(a)linaro.org> wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() Morning Star <alexbestoso(a)gmail.com> wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: limit indirect IO under powered off for RTL8822CS Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: don't attach the tlb fence for SI Jani Nikula <jani.nikula(a)intel.com> drm/displayid: add quirk to ignore DisplayID checksum errors Jani Nikula <jani.nikula(a)intel.com> drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: Fix gmap_helper_zap_one_page() again Wei Yang <richard.weiyang(a)gmail.com> mm/huge_memory: merge uniform_split_supported() and non_uniform_split_supported() Zqiang <qiang.zhang(a)linux.dev> sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks Peter Zijlstra <peterz(a)infradead.org> sched/eevdf: Fix min_vruntime vs avg_vruntime Peter Zijlstra <peterz(a)infradead.org> sched/core: Add comment explaining force-idle vruntime snapshots Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Select which microcode patch to load Danilo Krummrich <dakr(a)kernel.org> drm: nova: depend on CONFIG_64BIT Fernand Sieber <sieberf(a)amazon.com> sched/proxy: Yield the donor task ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 +- arch/arm64/boot/dts/st/stm32mp257f-ev1.dts | 1 + arch/arm64/boot/dts/ti/k3-am62d2-evm.dts | 9 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 12 +- arch/loongarch/include/asm/pgtable.h | 4 +- arch/loongarch/kernel/mcount_dyn.S | 14 +- arch/loongarch/kernel/process.c | 5 + arch/loongarch/kernel/relocate.c | 4 +- arch/loongarch/kernel/setup.c | 8 +- arch/loongarch/kernel/switch.S | 4 +- arch/loongarch/net/bpf_jit.c | 58 ++- arch/loongarch/net/bpf_jit.h | 26 ++ arch/loongarch/pci/pci.c | 2 + arch/parisc/kernel/asm-offsets.c | 2 + arch/parisc/kernel/entry.S | 16 +- arch/powerpc/include/asm/book3s/32/tlbflush.h | 5 +- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/kernel/process.c | 5 - arch/powerpc/mm/book3s32/tlb.c | 9 + arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/slb.c | 88 ----- arch/powerpc/platforms/pseries/cmm.c | 3 +- .../tools/gcc-check-fpatchable-function-entry.sh | 1 - arch/powerpc/tools/gcc-check-mprofile-kernel.sh | 1 - arch/s390/mm/gmap_helpers.c | 9 +- arch/x86/events/amd/uncore.c | 5 +- arch/x86/kernel/cpu/microcode/amd.c | 115 +++--- block/blk-mq.c | 2 +- block/blk-zoned.c | 152 +++++--- block/blk.h | 14 + crypto/seqiv.c | 8 +- drivers/block/ublk_drv.c | 119 +++++-- drivers/bluetooth/btusb.c | 12 +- drivers/clk/qcom/Kconfig | 4 + drivers/clk/qcom/mmcc-sdm660.c | 1 + drivers/clk/samsung/clk-exynos-clkout.c | 2 +- drivers/firewire/nosy.c | 10 +- drivers/firmware/stratix10-svc.c | 11 + drivers/gpio/gpiolib-swnode.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 27 ++ drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c | 27 ++ drivers/gpu/drm/amd/amdgpu/sdma_v6_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 2 + drivers/gpu/drm/amd/amdkfd/cwsr_trap_handler.h | 62 ++-- .../gpu/drm/amd/amdkfd/cwsr_trap_handler_gfx12.asm | 37 ++ drivers/gpu/drm/amd/amdkfd/kfd_queue.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 4 + drivers/gpu/drm/bridge/ti-sn65dsi83.c | 11 +- drivers/gpu/drm/drm_buddy.c | 390 +++++++++++++-------- drivers/gpu/drm/drm_displayid.c | 41 ++- drivers/gpu/drm/drm_displayid_internal.h | 2 + drivers/gpu/drm/drm_gem.c | 8 +- drivers/gpu/drm/drm_gem_shmem_helper.c | 2 +- drivers/gpu/drm/drm_pagemap.c | 17 +- drivers/gpu/drm/gma500/fbdev.c | 43 --- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 37 +- drivers/gpu/drm/i915/intel_memory_region.h | 2 +- drivers/gpu/drm/imagination/pvr_gem.c | 11 + drivers/gpu/drm/mediatek/mtk_ddp_comp.c | 33 +- drivers/gpu/drm/mediatek/mtk_ddp_comp.h | 2 +- drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c | 12 + drivers/gpu/drm/mediatek/mtk_dp.c | 1 + drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 15 + drivers/gpu/drm/mgag200/mgag200_mode.c | 25 ++ drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 1 + drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 10 +- drivers/gpu/drm/nouveau/dispnv50/atom.h | 13 + drivers/gpu/drm/nouveau/dispnv50/wndw.c | 2 +- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 61 +++- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/priv.h | 3 + .../gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/gsp.c | 10 +- drivers/gpu/drm/nova/Kconfig | 1 + drivers/gpu/drm/rockchip/rockchip_drm_drv.c | 3 + drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 49 ++- drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 2 +- drivers/gpu/drm/tilcdc/tilcdc_drv.c | 53 ++- drivers/gpu/drm/tilcdc/tilcdc_drv.h | 2 +- drivers/gpu/drm/ttm/ttm_bo_vm.c | 6 + drivers/gpu/drm/xe/xe_bo.c | 15 +- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- drivers/gpu/drm/xe/xe_eu_stall.c | 2 +- drivers/gpu/drm/xe/xe_guc_ct.c | 14 +- drivers/gpu/drm/xe/xe_guc_submit.c | 20 +- drivers/gpu/drm/xe/xe_migrate.c | 25 +- drivers/gpu/drm/xe/xe_migrate.h | 6 +- drivers/gpu/drm/xe/xe_oa.c | 10 +- drivers/gpu/drm/xe/xe_svm.c | 51 ++- drivers/gpu/drm/xe/xe_vm.c | 5 +- drivers/gpu/drm/xe/xe_vm_types.h | 2 +- drivers/hid/hid-logitech-dj.c | 56 ++- drivers/hwmon/dell-smm-hwmon.c | 4 +- drivers/infiniband/core/addr.c | 33 +- drivers/infiniband/core/cma.c | 3 + drivers/infiniband/core/device.c | 4 +- drivers/infiniband/core/verbs.c | 2 +- drivers/infiniband/hw/bnxt_re/hw_counters.h | 6 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 8 +- drivers/infiniband/hw/efa/efa_verbs.c | 4 - drivers/infiniband/hw/irdma/utils.c | 3 +- drivers/infiniband/hw/mana/cq.c | 4 + drivers/infiniband/sw/rxe/rxe_odp.c | 4 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 1 + drivers/iommu/amd/init.c | 15 +- drivers/iommu/amd/iommu.c | 2 +- drivers/iommu/apple-dart.c | 2 + drivers/iommu/arm/arm-smmu/qcom_iommu.c | 10 +- drivers/iommu/exynos-iommu.c | 9 +- drivers/iommu/iommu-sva.c | 3 + drivers/iommu/ipmmu-vmsa.c | 2 + drivers/iommu/mtk_iommu.c | 2 + drivers/iommu/mtk_iommu_v1.c | 25 +- drivers/iommu/omap-iommu.c | 2 +- drivers/iommu/omap-iommu.h | 2 - drivers/iommu/sun50i-iommu.c | 2 + drivers/iommu/tegra-smmu.c | 5 +- drivers/leds/leds-cros_ec.c | 5 +- drivers/leds/leds-lp50xx.c | 67 ++-- drivers/md/dm-bufio.c | 10 +- drivers/md/dm-ebs-target.c | 2 +- drivers/md/dm-pcache/cache.c | 5 +- drivers/md/dm-pcache/cache_segment.c | 5 +- drivers/md/md.c | 5 +- drivers/md/raid5.c | 10 +- drivers/media/cec/core/cec-core.c | 1 + .../media/common/videobuf2/videobuf2-dma-contig.c | 1 + drivers/media/i2c/adv7604.c | 4 +- drivers/media/i2c/adv7842.c | 11 +- drivers/media/i2c/imx219.c | 9 +- drivers/media/i2c/msp3400-kthreads.c | 2 + drivers/media/i2c/tda1997x.c | 1 - drivers/media/platform/amphion/vpu_malone.c | 23 +- drivers/media/platform/amphion/vpu_v4l2.c | 16 +- drivers/media/platform/amphion/vpu_v4l2.h | 10 - .../media/platform/mediatek/mdp3/mtk-mdp3-core.c | 14 + .../mediatek/vcodec/common/mtk_vcodec_fw_vpu.c | 14 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c | 12 +- .../mediatek/vcodec/decoder/mtk_vcodec_dec_drv.h | 2 +- .../platform/mediatek/vcodec/decoder/vdec_vpu_if.c | 5 +- .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c | 12 +- .../mediatek/vcodec/encoder/mtk_vcodec_enc_drv.h | 2 +- .../platform/mediatek/vcodec/encoder/venc_vpu_if.c | 5 +- drivers/media/platform/qcom/iris/iris_common.c | 7 +- drivers/media/platform/renesas/rcar_drif.c | 1 + .../media/platform/samsung/exynos4-is/media-dev.c | 10 +- drivers/media/platform/ti/davinci/vpif_capture.c | 4 +- drivers/media/platform/ti/davinci/vpif_display.c | 4 +- drivers/media/platform/verisilicon/hantro_g2.c | 84 ++++- .../platform/verisilicon/hantro_g2_hevc_dec.c | 17 +- .../media/platform/verisilicon/hantro_g2_regs.h | 13 + .../media/platform/verisilicon/hantro_g2_vp9_dec.c | 2 - drivers/media/platform/verisilicon/hantro_hw.h | 1 + drivers/media/platform/verisilicon/imx8m_vpu_hw.c | 2 + drivers/media/rc/st_rc.c | 2 +- drivers/mfd/altera-sysmgr.c | 2 + drivers/mfd/max77620.c | 15 +- drivers/mtd/mtdpart.c | 7 +- drivers/mtd/spi-nor/winbond.c | 24 ++ drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/ethernet/airoha/airoha_eth.c | 39 ++- drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 2 + drivers/net/ethernet/broadcom/Kconfig | 8 +- drivers/net/ethernet/broadcom/bnge/bnge.h | 2 +- drivers/net/ethernet/broadcom/bnge/bnge_core.c | 2 +- drivers/net/ethernet/cadence/macb_main.c | 3 +- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_utils.c | 2 + drivers/net/ethernet/intel/e1000/e1000_main.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 11 + drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 12 - drivers/net/ethernet/intel/i40e/i40e_main.c | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 4 +- drivers/net/ethernet/intel/idpf/idpf_lib.c | 2 +- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 8 + drivers/net/ethernet/smsc/smc91x.c | 10 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 17 +- drivers/net/ethernet/wangxun/Kconfig | 4 +- drivers/net/fjes/fjes_hw.c | 12 +- drivers/net/mdio/mdio-aspeed.c | 7 + drivers/net/mdio/mdio-realtek-rtl9300.c | 6 +- drivers/net/phy/mediatek/mtk-ge-soc.c | 2 +- drivers/net/team/team_core.c | 2 +- drivers/net/usb/asix_common.c | 5 + drivers/net/usb/ax88172a.c | 6 +- drivers/net/usb/rtl8150.c | 2 + drivers/net/usb/sr9700.c | 4 +- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8192cu/trx.c | 3 +- drivers/net/wireless/realtek/rtw88/sdio.c | 4 +- drivers/nvme/target/pci-epf.c | 4 +- drivers/pci/controller/dwc/pci-meson.c | 18 +- drivers/pci/controller/dwc/pcie-designware.c | 12 +- drivers/pci/controller/pcie-brcmstb.c | 10 +- drivers/pci/pci-driver.c | 4 + drivers/platform/mellanox/mlxbf-pmc.c | 14 +- drivers/platform/x86/dell/alienware-wmi-wmax.c | 32 ++ .../platform/x86/hp/hp-bioscfg/enum-attributes.c | 4 +- .../platform/x86/hp/hp-bioscfg/int-attributes.c | 2 +- .../x86/hp/hp-bioscfg/order-list-attributes.c | 5 + .../x86/hp/hp-bioscfg/passwdobj-attributes.c | 5 + .../platform/x86/hp/hp-bioscfg/string-attributes.c | 2 +- drivers/platform/x86/ibm_rtl.c | 2 +- drivers/platform/x86/intel/pmt/discovery.c | 8 +- drivers/platform/x86/msi-laptop.c | 3 + drivers/platform/x86/samsung-galaxybook.c | 9 +- drivers/pmdomain/imx/gpc.c | 5 +- drivers/pmdomain/mediatek/mtk-pm-domains.c | 21 +- drivers/power/supply/max77705_charger.c | 14 +- drivers/powercap/intel_rapl_common.c | 3 + drivers/powercap/intel_rapl_msr.c | 3 + drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 1 + drivers/vfio/pci/nvgrace-gpu/main.c | 4 +- drivers/vfio/pci/pds/dirty.c | 7 +- drivers/vfio/pci/vfio_pci_rdwr.c | 25 +- drivers/video/fbdev/gbefb.c | 5 +- drivers/video/fbdev/pxafb.c | 12 +- drivers/video/fbdev/tcx.c | 2 +- fs/erofs/zdata.c | 10 +- fs/lockd/svc4proc.c | 4 +- fs/lockd/svclock.c | 21 +- fs/lockd/svcproc.c | 5 +- fs/locks.c | 12 +- fs/nfsd/nfs4state.c | 20 +- fs/nfsd/vfs.c | 14 +- fs/ntfs3/frecord.c | 35 +- fs/smb/server/smb2pdu.c | 4 +- include/drm/drm_buddy.h | 11 +- include/drm/drm_edid.h | 6 + include/drm/drm_pagemap.h | 17 +- include/kunit/run-in-irq-context.h | 53 +-- include/linux/compiler_types.h | 13 + include/linux/genalloc.h | 1 + include/linux/huge_mm.h | 8 +- include/linux/kasan.h | 16 + include/linux/kexec.h | 4 +- include/linux/mm.h | 8 +- include/linux/vfio_pci_core.h | 10 +- include/net/dsa.h | 1 + include/uapi/rdma/irdma-abi.h | 2 +- include/uapi/rdma/rdma_user_cm.h | 4 +- kernel/cgroup/cpuset.c | 21 +- kernel/kexec_core.c | 16 +- kernel/sched/deadline.c | 2 +- kernel/sched/debug.c | 8 +- kernel/sched/ext.c | 22 +- kernel/sched/fair.c | 249 +++++++++---- kernel/sched/rt.c | 2 +- kernel/sched/sched.h | 4 +- kernel/sched/syscalls.c | 5 +- kernel/trace/fgraph.c | 10 +- lib/idr.c | 2 + mm/damon/tests/core-kunit.h | 132 ++++++- mm/damon/tests/sysfs-kunit.h | 25 ++ mm/damon/tests/vaddr-kunit.h | 26 +- mm/huge_memory.c | 71 ++-- mm/kasan/common.c | 32 ++ mm/kasan/hw_tags.c | 2 +- mm/kasan/shadow.c | 4 +- mm/page_alloc.c | 24 +- mm/page_owner.c | 2 +- mm/swapfile.c | 40 ++- mm/vmalloc.c | 8 +- net/bluetooth/mgmt.c | 6 + net/bridge/br_private.h | 1 + net/dsa/dsa.c | 67 ++-- net/ipv4/fib_semantics.c | 26 +- net/ipv4/fib_trie.c | 7 +- net/ipv4/ip_gre.c | 6 +- net/ipv6/calipso.c | 3 +- net/ipv6/ip6_gre.c | 15 +- net/ipv6/route.c | 13 +- net/mac80211/cfg.c | 10 - net/mac80211/rx.c | 5 + net/mptcp/options.c | 10 + net/mptcp/protocol.h | 6 +- net/mptcp/subflow.c | 6 - net/nfc/core.c | 9 +- net/openvswitch/vport-netdev.c | 17 +- net/rose/af_rose.c | 2 +- net/unix/af_unix.c | 11 +- net/wireless/sme.c | 2 +- rust/kernel/maple_tree.rs | 11 +- samples/ftrace/ftrace-direct-modify.c | 8 +- samples/ftrace/ftrace-direct-multi-modify.c | 8 +- samples/ftrace/ftrace-direct-multi.c | 4 +- samples/ftrace/ftrace-direct-too.c | 4 +- samples/ftrace/ftrace-direct.c | 4 +- scripts/Makefile.build | 26 +- scripts/mod/devicetable-offsets.c | 3 + scripts/mod/file2alias.c | 9 + security/integrity/ima/ima_kexec.c | 4 +- sound/soc/codecs/cs35l41.c | 7 +- sound/soc/codecs/lpass-tx-macro.c | 3 +- sound/soc/codecs/pm4125.c | 40 ++- sound/soc/codecs/wcd937x.c | 43 ++- sound/soc/codecs/wcd939x-sdw.c | 8 +- sound/soc/qcom/qdsp6/q6adm.c | 146 ++++---- sound/soc/qcom/qdsp6/q6apm-dai.c | 2 + sound/soc/qcom/qdsp6/q6asm-dai.c | 7 +- sound/soc/qcom/sc7280.c | 2 +- sound/soc/qcom/sc8280xp.c | 2 +- sound/soc/qcom/sdw.c | 105 +++--- sound/soc/qcom/sdw.h | 1 + sound/soc/qcom/sm8250.c | 2 +- sound/soc/qcom/x1e80100.c | 2 +- sound/soc/renesas/rz-ssi.c | 64 +++- sound/soc/stm/stm32_sai.c | 14 +- sound/soc/stm/stm32_sai_sub.c | 51 ++- tools/mm/page_owner_sort.c | 6 +- tools/sched_ext/scx_show_state.py | 7 +- tools/testing/radix-tree/idr-test.c | 21 ++ tools/testing/selftests/drivers/net/psp.py | 6 +- .../test.d/ftrace/func_traceonoff_triggers.tc | 5 +- tools/testing/selftests/mm/uffd-unit-tests.c | 2 +- tools/testing/selftests/net/tap.c | 16 +- 326 files changed, 3276 insertions(+), 1649 deletions(-)

4 days, 2 hours

+ x86-kfence-avoid-writing-l1tf-vulnerable-ptes.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: x86/kfence: avoid writing L1TF-vulnerable PTEs has been added to the -mm mm-hotfixes-unstable branch. Its filename is x86-kfence-avoid-writing-l1tf-vulnerable-ptes.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via various branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there most days ------------------------------------------------------ From: Andrew Cooper <andrew.cooper3(a)citrix.com> Subject: x86/kfence: avoid writing L1TF-vulnerable PTEs Date: Tue, 6 Jan 2026 18:04:26 +0000 For native, the choice of PTE is fine. There's real memory backing the non-present PTE. However, for XenPV, Xen complains: (XEN) d1 L1TF-vulnerable L1e 8010000018200066 - Shadowing To explain, some background on XenPV pagetables: Xen PV guests are control their own pagetables; they choose the new PTE value, and use hypercalls to make changes so Xen can audit for safety. In addition to a regular reference count, Xen also maintains a type reference count. e.g. SegDesc (referenced by vGDT/vLDT), Writable (referenced with _PAGE_RW) or L{1..4} (referenced by vCR3 or a lower pagetable level). This is in order to prevent e.g. a page being inserted into the pagetables for which the guest has a writable mapping. For non-present mappings, all other bits become software accessible, and typically contain metadata rather a real frame address. There is nothing that a reference count could sensibly be tied to. As such, even if Xen could recognise the address as currently safe, nothing would prevent that frame from changing owner to another VM in the future. When Xen detects a PV guest writing a L1TF-PTE, it responds by activating shadow paging. This is normally only used for the live phase of migration, and comes with a reasonable overhead. KFENCE only cares about getting #PF to catch wild accesses; it doesn't care about the value for non-present mappings. Use a fully inverted PTE, to avoid hitting the slow path when running under Xen. While adjusting the logic, take the opportunity to skip all actions if the PTE is already in the right state, half the number PVOps callouts, and skip TLB maintenance on a !P -> P transition which benefits non-Xen cases too. Link: https://lkml.kernel.org/r/20260106180426.710013-1-andrew.cooper3@citrix.com Fixes: 1dc0da6e9ec0 ("x86, kfence: enable KFENCE for x86") Signed-off-by: Andrew Cooper <andrew.cooper3(a)citrix.com> Tested-by: Marco Elver <elver(a)google.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Jann Horn <jannh(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/include/asm/kfence.h | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) --- a/arch/x86/include/asm/kfence.h~x86-kfence-avoid-writing-l1tf-vulnerable-ptes +++ a/arch/x86/include/asm/kfence.h @@ -42,10 +42,34 @@ static inline bool kfence_protect_page(u { unsigned int level; pte_t *pte = lookup_address(addr, &level); + pteval_t val; if (WARN_ON(!pte || level != PG_LEVEL_4K)) return false; + val = pte_val(*pte); + + /* + * protect requires making the page not-present. If the PTE is + * already in the right state, there's nothing to do. + */ + if (protect != !!(val & _PAGE_PRESENT)) + return true; + + /* + * Otherwise, invert the entire PTE. This avoids writing out an + * L1TF-vulnerable PTE (not present, without the high address bits + * set). + */ + set_pte(pte, __pte(~val)); + + /* + * If the page was protected (non-present) and we're making it + * present, there is no need to flush the TLB at all. + */ + if (!protect) + return true; + /* * We need to avoid IPIs, as we may get KFENCE allocations or faults * with interrupts disabled. Therefore, the below is best-effort, and @@ -53,11 +77,6 @@ static inline bool kfence_protect_page(u * lazy fault handling takes care of faults after the page is PRESENT. */ - if (protect) - set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT)); - else - set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT)); - /* * Flush this CPU's TLB, assuming whoever did the allocation/free is * likely to continue running on this CPU. _ Patches currently in -mm which might be from andrew.cooper3(a)citrix.com are x86-kfence-avoid-writing-l1tf-vulnerable-ptes.patch

4 days, 3 hours

[PATCH] ACPI: bus: Use OF match data for PRP0001 matched devices

by Kartik Rajput

When a device is matched via PRP0001, the driver's OF (DT) match table must be used to obtain the device match data. If a driver provides both an acpi_match_table and an of_match_table, the current acpi_device_get_match_data() path consults the driver's acpi_match_table and returns NULL (no ACPI ID matches). Explicitly detect PRP0001 and fetch match data from the driver's of_match_table via acpi_of_device_get_match_data(). Fixes: 886ca88be6b3 ("ACPI / bus: Respect PRP0001 when retrieving device match data") Cc: stable(a)vger.kernel.org Signed-off-by: Kartik Rajput <kkartik(a)nvidia.com> --- drivers/acpi/bus.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c index 5e110badac7b..4cd425fffa97 100644 --- a/drivers/acpi/bus.c +++ b/drivers/acpi/bus.c @@ -1031,8 +1031,9 @@ const void *acpi_device_get_match_data(const struct device *dev) { const struct acpi_device_id *acpi_ids = dev->driver->acpi_match_table; const struct acpi_device_id *match; + struct acpi_device = ACPI_COMPANION(dev); - if (!acpi_ids) + if (!strcmp(ACPI_DT_NAMESPACE_HID, acpi_device_hid(adev)) return acpi_of_device_get_match_data(dev); match = acpi_match_device(acpi_ids, dev); -- 2.43.0

4 days, 4 hours

[PATCH] cpufreq/amd-pstate: Fix MinPerf MSR value for performance policy

by Juan Martinez

When the CPU frequency policy is set to CPUFREQ_POLICY_PERFORMANCE (which occurs when EPP hint is set to "performance"), the driver incorrectly sets the MinPerf field in CPPC request MSR to nominal_perf instead of lowest_nonlinear_perf. According to the AMD architectural programmer's manual volume 2 [1], in section "17.6.4.1 CPPC_CAPABILITY_1", lowest_nonlinear_perf represents the most energy efficient performance level (in terms of performance per watt). The MinPerf field should be set to this value even in performance mode to maintain proper power/performance characteristics. This fixes a regression introduced by commit 0c411b39e4f4c ("amd-pstate: Set min_perf to nominal_perf for active mode performance gov"), which correctly identified that highest_perf was too high but chose nominal_perf as an intermediate value instead of lowest_nonlinear_perf. The fix changes amd_pstate_update_min_max_limit() to use lowest_nonlinear_perf instead of nominal_perf when the policy is CPUFREQ_POLICY_PERFORMANCE. [1] https://docs.amd.com/v/u/en-US/24593_3.43 AMD64 Architecture Programmer's Manual Volume 2: System Programming Section 17.6.4.1 CPPC_CAPABILITY_1 (Referenced in commit 5d9a354cf839a) Fixes: 0c411b39e4f4c ("amd-pstate: Set min_perf to nominal_perf for active mode performance gov") Tested-by: Kaushik Reddy S <kaushik.reddys(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Juan Martinez <juan.martinez(a)amd.com> --- drivers/cpufreq/amd-pstate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c index e4f1933dd7d47..de0bb5b325502 100644 --- a/drivers/cpufreq/amd-pstate.c +++ b/drivers/cpufreq/amd-pstate.c @@ -634,8 +634,8 @@ static void amd_pstate_update_min_max_limit(struct cpufreq_policy *policy) WRITE_ONCE(cpudata->max_limit_freq, policy->max); if (cpudata->policy == CPUFREQ_POLICY_PERFORMANCE) { - perf.min_limit_perf = min(perf.nominal_perf, perf.max_limit_perf); - WRITE_ONCE(cpudata->min_limit_freq, min(cpudata->nominal_freq, cpudata->max_limit_freq)); + perf.min_limit_perf = min(perf.lowest_nonlinear_perf, perf.max_limit_perf); + WRITE_ONCE(cpudata->min_limit_freq, min(cpudata->lowest_nonlinear_freq, cpudata->max_limit_freq)); } else { perf.min_limit_perf = freq_to_perf(perf, cpudata->nominal_freq, policy->min); WRITE_ONCE(cpudata->min_limit_freq, policy->min); -- 2.34.1

4 days, 5 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror