- Linux-stable-mirror - lists.linaro.org

[PATCH v6 03/24] drm/pagemap, drm/xe: Ensure that the devmem allocation is idle before use

by Thomas Hellström

In situations where no system memory is migrated to devmem, and in upcoming patches where another GPU is performing the migration to the newly allocated devmem buffer, there is nothing to ensure any ongoing clear to the devmem allocation or async eviction from the devmem allocation is complete. Address that by passing a struct dma_fence down to the copy functions, and ensure it is waited for before migration is marked complete. v3: - New patch. v4: - Update the logic used for determining when to wait for the pre_migrate_fence. - Update the logic used for determining when to warn for the pre_migrate_fence since the scheduler fences apparently can signal out-of-order. v5: - Fix a UAF (CI) - Remove references to source P2P migration (Himal) - Put the pre_migrate_fence after migration. v6: - Pipeline the pre_migrate_fence dependency (Matt Brost) Fixes: c5b3eb5a906c ("drm/xe: Add GPUSVM device memory copy vfunc functions") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/drm_pagemap.c | 17 +++++++++--- drivers/gpu/drm/xe/xe_migrate.c | 25 +++++++++++++---- drivers/gpu/drm/xe/xe_migrate.h | 6 ++-- drivers/gpu/drm/xe/xe_svm.c | 49 +++++++++++++++++++++++++-------- include/drm/drm_pagemap.h | 17 ++++++++++-- 5 files changed, 88 insertions(+), 26 deletions(-) diff --git a/drivers/gpu/drm/drm_pagemap.c b/drivers/gpu/drm/drm_pagemap.c index 4cf8f54e5a27..ac3832f85190 100644 --- a/drivers/gpu/drm/drm_pagemap.c +++ b/drivers/gpu/drm/drm_pagemap.c @@ -3,6 +3,7 @@ * Copyright © 2024-2025 Intel Corporation */ +#include <linux/dma-fence.h> #include <linux/dma-mapping.h> #include <linux/migrate.h> #include <linux/pagemap.h> @@ -408,10 +409,14 @@ int drm_pagemap_migrate_to_devmem(struct drm_pagemap_devmem *devmem_allocation, drm_pagemap_get_devmem_page(page, zdd); } - err = ops->copy_to_devmem(pages, pagemap_addr, npages); + err = ops->copy_to_devmem(pages, pagemap_addr, npages, + devmem_allocation->pre_migrate_fence); if (err) goto err_finalize; + dma_fence_put(devmem_allocation->pre_migrate_fence); + devmem_allocation->pre_migrate_fence = NULL; + /* Upon success bind devmem allocation to range and zdd */ devmem_allocation->timeslice_expiration = get_jiffies_64() + msecs_to_jiffies(timeslice_ms); @@ -596,7 +601,7 @@ int drm_pagemap_evict_to_ram(struct drm_pagemap_devmem *devmem_allocation) for (i = 0; i < npages; ++i) pages[i] = migrate_pfn_to_page(src[i]); - err = ops->copy_to_ram(pages, pagemap_addr, npages); + err = ops->copy_to_ram(pages, pagemap_addr, npages, NULL); if (err) goto err_finalize; @@ -719,7 +724,7 @@ static int __drm_pagemap_migrate_to_ram(struct vm_area_struct *vas, for (i = 0; i < npages; ++i) pages[i] = migrate_pfn_to_page(migrate.src[i]); - err = ops->copy_to_ram(pages, pagemap_addr, npages); + err = ops->copy_to_ram(pages, pagemap_addr, npages, NULL); if (err) goto err_finalize; @@ -800,11 +805,14 @@ EXPORT_SYMBOL_GPL(drm_pagemap_pagemap_ops_get); * @ops: Pointer to the operations structure for GPU SVM device memory * @dpagemap: The struct drm_pagemap we're allocating from. * @size: Size of device memory allocation + * @pre_migrate_fence: Fence to wait for or pipeline behind before migration starts. + * (May be NULL). */ void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, struct device *dev, struct mm_struct *mm, const struct drm_pagemap_devmem_ops *ops, - struct drm_pagemap *dpagemap, size_t size) + struct drm_pagemap *dpagemap, size_t size, + struct dma_fence *pre_migrate_fence) { init_completion(&devmem_allocation->detached); devmem_allocation->dev = dev; @@ -812,6 +820,7 @@ void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, devmem_allocation->ops = ops; devmem_allocation->dpagemap = dpagemap; devmem_allocation->size = size; + devmem_allocation->pre_migrate_fence = pre_migrate_fence; } EXPORT_SYMBOL_GPL(drm_pagemap_devmem_init); diff --git a/drivers/gpu/drm/xe/xe_migrate.c b/drivers/gpu/drm/xe/xe_migrate.c index f3b66b55acfb..284b575346ee 100644 --- a/drivers/gpu/drm/xe/xe_migrate.c +++ b/drivers/gpu/drm/xe/xe_migrate.c @@ -2113,6 +2113,7 @@ static struct dma_fence *xe_migrate_vram(struct xe_migrate *m, unsigned long sram_offset, struct drm_pagemap_addr *sram_addr, u64 vram_addr, + struct dma_fence *deps, const enum xe_migrate_copy_dir dir) { struct xe_gt *gt = m->tile->primary_gt; @@ -2201,6 +2202,14 @@ static struct dma_fence *xe_migrate_vram(struct xe_migrate *m, xe_sched_job_add_migrate_flush(job, MI_INVALIDATE_TLB); + if (deps && !dma_fence_is_signaled(deps)) { + dma_fence_get(deps); + err = drm_sched_job_add_dependency(&job->drm, deps); + if (err) + dma_fence_wait(deps, false); + err = 0; + } + mutex_lock(&m->job_mutex); xe_sched_job_arm(job); fence = dma_fence_get(&job->drm.s_fence->finished); @@ -2226,6 +2235,8 @@ static struct dma_fence *xe_migrate_vram(struct xe_migrate *m, * @npages: Number of pages to migrate. * @src_addr: Array of DMA information (source of migrate) * @dst_addr: Device physical address of VRAM (destination of migrate) + * @deps: struct dma_fence representing the dependencies that need + * to be signaled before migration. * * Copy from an array dma addresses to a VRAM device physical address * @@ -2235,10 +2246,11 @@ static struct dma_fence *xe_migrate_vram(struct xe_migrate *m, struct dma_fence *xe_migrate_to_vram(struct xe_migrate *m, unsigned long npages, struct drm_pagemap_addr *src_addr, - u64 dst_addr) + u64 dst_addr, + struct dma_fence *deps) { return xe_migrate_vram(m, npages * PAGE_SIZE, 0, src_addr, dst_addr, - XE_MIGRATE_COPY_TO_VRAM); + deps, XE_MIGRATE_COPY_TO_VRAM); } /** @@ -2247,6 +2259,8 @@ struct dma_fence *xe_migrate_to_vram(struct xe_migrate *m, * @npages: Number of pages to migrate. * @src_addr: Device physical address of VRAM (source of migrate) * @dst_addr: Array of DMA information (destination of migrate) + * @deps: struct dma_fence representing the dependencies that need + * to be signaled before migration. * * Copy from a VRAM device physical address to an array dma addresses * @@ -2256,10 +2270,11 @@ struct dma_fence *xe_migrate_to_vram(struct xe_migrate *m, struct dma_fence *xe_migrate_from_vram(struct xe_migrate *m, unsigned long npages, u64 src_addr, - struct drm_pagemap_addr *dst_addr) + struct drm_pagemap_addr *dst_addr, + struct dma_fence *deps) { return xe_migrate_vram(m, npages * PAGE_SIZE, 0, dst_addr, src_addr, - XE_MIGRATE_COPY_TO_SRAM); + deps, XE_MIGRATE_COPY_TO_SRAM); } static void xe_migrate_dma_unmap(struct xe_device *xe, @@ -2435,7 +2450,7 @@ int xe_migrate_access_memory(struct xe_migrate *m, struct xe_bo *bo, __fence = xe_migrate_vram(m, current_bytes, (unsigned long)buf & ~PAGE_MASK, &pagemap_addr[current_page], - vram_addr, write ? + vram_addr, NULL, write ? XE_MIGRATE_COPY_TO_VRAM : XE_MIGRATE_COPY_TO_SRAM); if (IS_ERR(__fence)) { diff --git a/drivers/gpu/drm/xe/xe_migrate.h b/drivers/gpu/drm/xe/xe_migrate.h index 464c05dde1ba..1522afb37dcf 100644 --- a/drivers/gpu/drm/xe/xe_migrate.h +++ b/drivers/gpu/drm/xe/xe_migrate.h @@ -116,12 +116,14 @@ int xe_migrate_init(struct xe_migrate *m); struct dma_fence *xe_migrate_to_vram(struct xe_migrate *m, unsigned long npages, struct drm_pagemap_addr *src_addr, - u64 dst_addr); + u64 dst_addr, + struct dma_fence *deps); struct dma_fence *xe_migrate_from_vram(struct xe_migrate *m, unsigned long npages, u64 src_addr, - struct drm_pagemap_addr *dst_addr); + struct drm_pagemap_addr *dst_addr, + struct dma_fence *deps); struct dma_fence *xe_migrate_copy(struct xe_migrate *m, struct xe_bo *src_bo, diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index bab8e6cbe53d..14a027b3ee6b 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -472,7 +472,8 @@ static void xe_svm_copy_us_stats_incr(struct xe_gt *gt, static int xe_svm_copy(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages, const enum xe_svm_copy_dir dir) + unsigned long npages, const enum xe_svm_copy_dir dir, + struct dma_fence *pre_migrate_fence) { struct xe_vram_region *vr = NULL; struct xe_gt *gt = NULL; @@ -561,7 +562,8 @@ static int xe_svm_copy(struct page **pages, __fence = xe_migrate_from_vram(vr->migrate, i - pos + incr, vram_addr, - &pagemap_addr[pos]); + &pagemap_addr[pos], + pre_migrate_fence); } else { vm_dbg(&xe->drm, "COPY TO VRAM - 0x%016llx -> 0x%016llx, NPAGES=%ld", @@ -570,13 +572,14 @@ static int xe_svm_copy(struct page **pages, __fence = xe_migrate_to_vram(vr->migrate, i - pos + incr, &pagemap_addr[pos], - vram_addr); + vram_addr, + pre_migrate_fence); } if (IS_ERR(__fence)) { err = PTR_ERR(__fence); goto err_out; } - + pre_migrate_fence = NULL; dma_fence_put(fence); fence = __fence; } @@ -599,20 +602,22 @@ static int xe_svm_copy(struct page **pages, vram_addr, (u64)pagemap_addr[pos].addr, 1); __fence = xe_migrate_from_vram(vr->migrate, 1, vram_addr, - &pagemap_addr[pos]); + &pagemap_addr[pos], + pre_migrate_fence); } else { vm_dbg(&xe->drm, "COPY TO VRAM - 0x%016llx -> 0x%016llx, NPAGES=%d", (u64)pagemap_addr[pos].addr, vram_addr, 1); __fence = xe_migrate_to_vram(vr->migrate, 1, &pagemap_addr[pos], - vram_addr); + vram_addr, + pre_migrate_fence); } if (IS_ERR(__fence)) { err = PTR_ERR(__fence); goto err_out; } - + pre_migrate_fence = NULL; dma_fence_put(fence); fence = __fence; } @@ -625,6 +630,8 @@ static int xe_svm_copy(struct page **pages, dma_fence_wait(fence, false); dma_fence_put(fence); } + if (pre_migrate_fence) + dma_fence_wait(pre_migrate_fence, false); /* * XXX: We can't derive the GT here (or anywhere in this functions, but @@ -641,16 +648,20 @@ static int xe_svm_copy(struct page **pages, static int xe_svm_copy_to_devmem(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages) + unsigned long npages, + struct dma_fence *pre_migrate_fence) { - return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_VRAM); + return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_VRAM, + pre_migrate_fence); } static int xe_svm_copy_to_ram(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages) + unsigned long npages, + struct dma_fence *pre_migrate_fence) { - return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_SRAM); + return xe_svm_copy(pages, pagemap_addr, npages, XE_SVM_COPY_TO_SRAM, + pre_migrate_fence); } static struct xe_bo *to_xe_bo(struct drm_pagemap_devmem *devmem_allocation) @@ -663,6 +674,7 @@ static void xe_svm_devmem_release(struct drm_pagemap_devmem *devmem_allocation) struct xe_bo *bo = to_xe_bo(devmem_allocation); struct xe_device *xe = xe_bo_device(bo); + dma_fence_put(devmem_allocation->pre_migrate_fence); xe_bo_put_async(bo); xe_pm_runtime_put(xe); } @@ -857,6 +869,7 @@ static int xe_drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, unsigned long timeslice_ms) { struct xe_vram_region *vr = container_of(dpagemap, typeof(*vr), dpagemap); + struct dma_fence *pre_migrate_fence = NULL; struct xe_device *xe = vr->xe; struct device *dev = xe->drm.dev; struct drm_buddy_block *block; @@ -883,8 +896,20 @@ static int xe_drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, break; } + /* Ensure that any clearing or async eviction will complete before migration. */ + if (!dma_resv_test_signaled(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL)) { + err = dma_resv_get_singleton(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL, + &pre_migrate_fence); + if (err) + dma_resv_wait_timeout(bo->ttm.base.resv, DMA_RESV_USAGE_KERNEL, + false, MAX_SCHEDULE_TIMEOUT); + else if (pre_migrate_fence) + dma_fence_enable_sw_signaling(pre_migrate_fence); + } + drm_pagemap_devmem_init(&bo->devmem_allocation, dev, mm, - &dpagemap_devmem_ops, dpagemap, end - start); + &dpagemap_devmem_ops, dpagemap, end - start, + pre_migrate_fence); blocks = &to_xe_ttm_vram_mgr_resource(bo->ttm.resource)->blocks; list_for_each_entry(block, blocks, link) diff --git a/include/drm/drm_pagemap.h b/include/drm/drm_pagemap.h index f6e7e234c089..70a7991f784f 100644 --- a/include/drm/drm_pagemap.h +++ b/include/drm/drm_pagemap.h @@ -8,6 +8,7 @@ #define NR_PAGES(order) (1U << (order)) +struct dma_fence; struct drm_pagemap; struct drm_pagemap_zdd; struct device; @@ -174,6 +175,8 @@ struct drm_pagemap_devmem_ops { * @pages: Pointer to array of device memory pages (destination) * @pagemap_addr: Pointer to array of DMA information (source) * @npages: Number of pages to copy + * @pre_migrate_fence: dma-fence to wait for before migration start. + * May be NULL. * * Copy pages to device memory. If the order of a @pagemap_addr entry * is greater than 0, the entry is populated but subsequent entries @@ -183,13 +186,16 @@ struct drm_pagemap_devmem_ops { */ int (*copy_to_devmem)(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages); + unsigned long npages, + struct dma_fence *pre_migrate_fence); /** * @copy_to_ram: Copy to system RAM (required for migration) * @pages: Pointer to array of device memory pages (source) * @pagemap_addr: Pointer to array of DMA information (destination) * @npages: Number of pages to copy + * @pre_migrate_fence: dma-fence to wait for before migration start. + * May be NULL. * * Copy pages to system RAM. If the order of a @pagemap_addr entry * is greater than 0, the entry is populated but subsequent entries @@ -199,7 +205,8 @@ struct drm_pagemap_devmem_ops { */ int (*copy_to_ram)(struct page **pages, struct drm_pagemap_addr *pagemap_addr, - unsigned long npages); + unsigned long npages, + struct dma_fence *pre_migrate_fence); }; /** @@ -212,6 +219,8 @@ struct drm_pagemap_devmem_ops { * @dpagemap: The struct drm_pagemap of the pages this allocation belongs to. * @size: Size of device memory allocation * @timeslice_expiration: Timeslice expiration in jiffies + * @pre_migrate_fence: Fence to wait for or pipeline behind before migration starts. + * (May be NULL). */ struct drm_pagemap_devmem { struct device *dev; @@ -221,6 +230,7 @@ struct drm_pagemap_devmem { struct drm_pagemap *dpagemap; size_t size; u64 timeslice_expiration; + struct dma_fence *pre_migrate_fence; }; int drm_pagemap_migrate_to_devmem(struct drm_pagemap_devmem *devmem_allocation, @@ -238,7 +248,8 @@ struct drm_pagemap *drm_pagemap_page_to_dpagemap(struct page *page); void drm_pagemap_devmem_init(struct drm_pagemap_devmem *devmem_allocation, struct device *dev, struct mm_struct *mm, const struct drm_pagemap_devmem_ops *ops, - struct drm_pagemap *dpagemap, size_t size); + struct drm_pagemap *dpagemap, size_t size, + struct dma_fence *pre_migrate_fence); int drm_pagemap_populate_mm(struct drm_pagemap *dpagemap, unsigned long start, unsigned long end, -- 2.51.1

6 days, 12 hours

1
0
0 0

[PATCH v6 01/24] drm/xe/svm: Fix a debug printout

by Thomas Hellström

Avoid spamming the log with drm_info(). Use drm_dbg() instead. Fixes: cc795e041034 ("drm/xe/svm: Make xe_svm_range_needs_migrate_to_vram() public") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.17+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> --- drivers/gpu/drm/xe/xe_svm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index 93550c7c84ac..bab8e6cbe53d 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -937,7 +937,7 @@ bool xe_svm_range_needs_migrate_to_vram(struct xe_svm_range *range, struct xe_vm xe_assert(vm->xe, IS_DGFX(vm->xe)); if (xe_svm_range_in_vram(range)) { - drm_info(&vm->xe->drm, "Range is already in VRAM\n"); + drm_dbg(&vm->xe->drm, "Range is already in VRAM\n"); return false; } -- 2.51.1

6 days, 12 hours

1
0
0 0

[PATCH 6.12 1/1] sched/rt: Fix race in push_rt_task

by Rajani Kantha

From: Harshit Agarwal <harshit(a)nutanix.com> [ Upstream commit 690e47d1403e90b7f2366f03b52ed3304194c793 ] Overview ======== When a CPU chooses to call push_rt_task and picks a task to push to another CPU's runqueue then it will call find_lock_lowest_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migrated and is running on some other CPU. These cases are already handled. However, if the task is migrated and has already been executed and another CPU is now trying to wake it up (ttwu) such that it is queued again on the runqeue (on_rq is 1) and also if the task was run by the same CPU, then the current checks will pass even though the task was migrated out and is no longer in the pushable tasks list. Crashes ======= This bug resulted in quite a few flavors of crashes triggering kernel panics with various crash signatures such as assert failures, page faults, null pointer dereferences, and queue corruption errors all coming from scheduler itself. Some of the crashes: -> kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx >= MAX_RT_PRIO) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? pick_next_task_rt+0x6e/0x1d0 ? do_error_trap+0x64/0xa0 ? pick_next_task_rt+0x6e/0x1d0 ? exc_invalid_op+0x4c/0x60 ? pick_next_task_rt+0x6e/0x1d0 ? asm_exc_invalid_op+0x12/0x20 ? pick_next_task_rt+0x6e/0x1d0 __schedule+0x5cb/0x790 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb -> BUG: kernel NULL pointer dereference, address: 00000000000000c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? __warn+0x8a/0xe0 ? exc_page_fault+0x3d6/0x520 ? asm_exc_page_fault+0x1e/0x30 ? pick_next_task_rt+0xb5/0x1d0 ? pick_next_task_rt+0x8c/0x1d0 __schedule+0x583/0x7e0 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb -> BUG: unable to handle page fault for address: ffff9464daea5900 kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq->cpu != task_cpu(p)) -> kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq->nr_running) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? dequeue_top_rt_rq+0xa2/0xb0 ? do_error_trap+0x64/0xa0 ? dequeue_top_rt_rq+0xa2/0xb0 ? exc_invalid_op+0x4c/0x60 ? dequeue_top_rt_rq+0xa2/0xb0 ? asm_exc_invalid_op+0x12/0x20 ? dequeue_top_rt_rq+0xa2/0xb0 dequeue_rt_entity+0x1f/0x70 dequeue_task_rt+0x2d/0x70 __schedule+0x1a8/0x7e0 ? blk_finish_plug+0x25/0x40 schedule+0x3c/0xb0 futex_wait_queue_me+0xb6/0x120 futex_wait+0xd9/0x240 do_futex+0x344/0xa90 ? get_mm_exe_file+0x30/0x60 ? audit_exe_compare+0x58/0x70 ? audit_filter_rules.constprop.26+0x65e/0x1220 __x64_sys_futex+0x148/0x1f0 do_syscall_64+0x30/0x80 entry_SYSCALL_64_after_hwframe+0x62/0xc7 -> BUG: unable to handle page fault for address: ffff8cf3608bc2c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? spurious_kernel_fault+0x171/0x1c0 ? exc_page_fault+0x3b6/0x520 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? asm_exc_page_fault+0x1e/0x30 ? _cond_resched+0x15/0x30 ? futex_wait_queue_me+0xc8/0x120 ? futex_wait+0xd9/0x240 ? try_to_wake_up+0x1b8/0x490 ? futex_wake+0x78/0x160 ? do_futex+0xcd/0xa90 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? plist_del+0x6a/0xd0 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? dequeue_pushable_task+0x20/0x70 ? __schedule+0x382/0x7e0 ? asm_sysvec_reschedule_ipi+0xa/0x20 ? schedule+0x3c/0xb0 ? exit_to_user_mode_prepare+0x9e/0x150 ? irqentry_exit_to_user_mode+0x5/0x30 ? asm_sysvec_reschedule_ipi+0x12/0x20 Above are some of the common examples of the crashes that were observed due to this issue. Details ======= Let's look at the following scenario to understand this race. 1) CPU A enters push_rt_task a) CPU A has chosen next_task = task p. b) CPU A calls find_lock_lowest_rq(Task p, CPU Z’s rq). c) CPU A identifies CPU X as a destination CPU (X < Z). d) CPU A enters double_lock_balance(CPU Z’s rq, CPU X’s rq). e) Since X is lower than Z, CPU A unlocks CPU Z’s rq. Someone else has locked CPU X’s rq, and thus, CPU A must wait. 2) At CPU Z a) Previous task has completed execution and thus, CPU Z enters schedule, locks its own rq after CPU A releases it. b) CPU Z dequeues previous task and begins executing task p. c) CPU Z unlocks its rq. d) Task p yields the CPU (ex. by doing IO or waiting to acquire a lock) which triggers the schedule function on CPU Z. e) CPU Z enters schedule again, locks its own rq, and dequeues task p. f) As part of dequeue, it sets p.on_rq = 0 and unlocks its rq. 3) At CPU B a) CPU B enters try_to_wake_up with input task p. b) Since CPU Z dequeued task p, p.on_rq = 0, and CPU B updates B.state = WAKING. c) CPU B via select_task_rq determines CPU Y as the target CPU. 4) The race a) CPU A acquires CPU X’s lock and relocks CPU Z. b) CPU A reads task p.cpu = Z and incorrectly concludes task p is still on CPU Z. c) CPU A failed to notice task p had been dequeued from CPU Z while CPU A was waiting for locks in double_lock_balance. If CPU A knew that task p had been dequeued, it would return NULL forcing push_rt_task to give up the task p's migration. d) CPU B updates task p.cpu = Y and calls ttwu_queue. e) CPU B locks Ys rq. CPU B enqueues task p onto Y and sets task p.on_rq = 1. f) CPU B unlocks CPU Y, triggering memory synchronization. g) CPU A reads task p.on_rq = 1, cementing its assumption that task p has not migrated. h) CPU A decides to migrate p to CPU X. This leads to A dequeuing p from Y's queue and various crashes down the line. Solution ======== The solution here is fairly simple. After obtaining the lock (at 4a), the check is enhanced to make sure that the task is still at the head of the pushable tasks list. If not, then it is anyway not suitable for being pushed out. Testing ======= The fix is tested on a cluster of 3 nodes, where the panics due to this are hit every couple of days. A fix similar to this was deployed on such cluster and was stable for more than 30 days. Co-developed-by: Jon Kohler <jon(a)nutanix.com> Signed-off-by: Jon Kohler <jon(a)nutanix.com> Co-developed-by: Gauri Patwardhan <gauri.patwardhan(a)nutanix.com> Signed-off-by: Gauri Patwardhan <gauri.patwardhan(a)nutanix.com> Co-developed-by: Rahul Chunduru <rahul.chunduru(a)nutanix.com> Signed-off-by: Rahul Chunduru <rahul.chunduru(a)nutanix.com> Signed-off-by: Harshit Agarwal <harshit(a)nutanix.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Reviewed-by: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Reviewed-by: Phil Auld <pauld(a)redhat.com> Tested-by: Will Ton <william.ton(a)nutanix.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20250225180553.167995-1-harshit@nutanix.com Signed-off-by: Rajani Kantha <681739313(a)139.com> --- kernel/sched/rt.c | 52 +++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 27 deletions(-) diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c index 6ad6717084ed..c437a1502623 100644 --- a/kernel/sched/rt.c +++ b/kernel/sched/rt.c @@ -1895,6 +1895,26 @@ static int find_lowest_rq(struct task_struct *task) return -1; } +static struct task_struct *pick_next_pushable_task(struct rq *rq) +{ + struct task_struct *p; + + if (!has_pushable_tasks(rq)) + return NULL; + + p = plist_first_entry(&rq->rt.pushable_tasks, + struct task_struct, pushable_tasks); + + BUG_ON(rq->cpu != task_cpu(p)); + BUG_ON(task_current(rq, p)); + BUG_ON(p->nr_cpus_allowed <= 1); + + BUG_ON(!task_on_rq_queued(p)); + BUG_ON(!rt_task(p)); + + return p; +} + /* Will lock the rq it finds */ static struct rq *find_lock_lowest_rq(struct task_struct *task, struct rq *rq) { @@ -1925,18 +1945,16 @@ static struct rq *find_lock_lowest_rq(struct task_struct *task, struct rq *rq) /* * We had to unlock the run queue. In * the mean time, task could have - * migrated already or had its affinity changed. - * Also make sure that it wasn't scheduled on its rq. + * migrated already or had its affinity changed, + * therefore check if the task is still at the + * head of the pushable tasks list. * It is possible the task was scheduled, set * "migrate_disabled" and then got preempted, so we must * check the task migration disable flag here too. */ - if (unlikely(task_rq(task) != rq || + if (unlikely(is_migration_disabled(task) || !cpumask_test_cpu(lowest_rq->cpu, &task->cpus_mask) || - task_on_cpu(rq, task) || - !rt_task(task) || - is_migration_disabled(task) || - !task_on_rq_queued(task))) { + task != pick_next_pushable_task(rq))) { double_unlock_balance(rq, lowest_rq); lowest_rq = NULL; @@ -1956,26 +1974,6 @@ static struct rq *find_lock_lowest_rq(struct task_struct *task, struct rq *rq) return lowest_rq; } -static struct task_struct *pick_next_pushable_task(struct rq *rq) -{ - struct task_struct *p; - - if (!has_pushable_tasks(rq)) - return NULL; - - p = plist_first_entry(&rq->rt.pushable_tasks, - struct task_struct, pushable_tasks); - - BUG_ON(rq->cpu != task_cpu(p)); - BUG_ON(task_current(rq, p)); - BUG_ON(p->nr_cpus_allowed <= 1); - - BUG_ON(!task_on_rq_queued(p)); - BUG_ON(!rt_task(p)); - - return p; -} - /* * If the current CPU has more than one RT task, see if the non * running task can migrate over to a CPU that is running a task -- 2.17.1

6 days, 13 hours

1
1
0 0

[PATCH] mfd: omap-usb-host: fix OF populate on driver rebind

by Johan Hovold

Since commit c6e126de43e7 ("of: Keep track of populated platform devices") child devices will not be created by of_platform_populate() if the devices had previously been deregistered individually so that the OF_POPULATED flag is still set in the corresponding OF nodes. Switch to using of_platform_depopulate() instead of open coding so that the child devices are created if the driver is rebound. Fixes: c6e126de43e7 ("of: Keep track of populated platform devices") Cc: stable(a)vger.kernel.org # 3.16 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/mfd/omap-usb-host.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/mfd/omap-usb-host.c b/drivers/mfd/omap-usb-host.c index a77b6fc790f2..4d29a6e2ed87 100644 --- a/drivers/mfd/omap-usb-host.c +++ b/drivers/mfd/omap-usb-host.c @@ -819,8 +819,10 @@ static void usbhs_omap_remove(struct platform_device *pdev) { pm_runtime_disable(&pdev->dev); - /* remove children */ - device_for_each_child(&pdev->dev, NULL, usbhs_omap_remove_child); + if (pdev->dev.of_node) + of_platform_depopulate(&pdev->dev); + else + device_for_each_child(&pdev->dev, NULL, usbhs_omap_remove_child); } static const struct dev_pm_ops usbhsomap_dev_pm_ops = { -- 2.51.2

6 days, 13 hours

1
0
0 0

[PATCH] bus: omap-ocp2scp: fix OF populate on driver rebind

by Johan Hovold

Since commit c6e126de43e7 ("of: Keep track of populated platform devices") child devices will not be created by of_platform_populate() if the devices had previously been deregistered individually so that the OF_POPULATED flag is still set in the corresponding OF nodes. Switch to using of_platform_depopulate() instead of open coding so that the child devices are created if the driver is rebound. Fixes: c6e126de43e7 ("of: Keep track of populated platform devices") Cc: stable(a)vger.kernel.org # 3.16 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/bus/omap-ocp2scp.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/drivers/bus/omap-ocp2scp.c b/drivers/bus/omap-ocp2scp.c index e4dfda7b3b10..eee5ad191ea9 100644 --- a/drivers/bus/omap-ocp2scp.c +++ b/drivers/bus/omap-ocp2scp.c @@ -17,15 +17,6 @@ #define OCP2SCP_TIMING 0x18 #define SYNC2_MASK 0xf -static int ocp2scp_remove_devices(struct device *dev, void *c) -{ - struct platform_device *pdev = to_platform_device(dev); - - platform_device_unregister(pdev); - - return 0; -} - static int omap_ocp2scp_probe(struct platform_device *pdev) { int ret; @@ -79,7 +70,7 @@ static int omap_ocp2scp_probe(struct platform_device *pdev) pm_runtime_disable(&pdev->dev); err0: - device_for_each_child(&pdev->dev, NULL, ocp2scp_remove_devices); + of_platform_depopulate(&pdev->dev); return ret; } @@ -87,7 +78,7 @@ static int omap_ocp2scp_probe(struct platform_device *pdev) static void omap_ocp2scp_remove(struct platform_device *pdev) { pm_runtime_disable(&pdev->dev); - device_for_each_child(&pdev->dev, NULL, ocp2scp_remove_devices); + of_platform_depopulate(&pdev->dev); } #ifdef CONFIG_OF -- 2.51.2

6 days, 13 hours

1
0
0 0

[PATCH v2 0/2] net: qrtr: Drop the MHI 'auto_queue' feature

by Manivannan Sadhasivam via B4 Relay

Hi, This series intends to fix the race between the MHI stack and the MHI client drivers due to the MHI 'auto_queue' feature. As it turns out often, the best way to fix an issue in a feature is to drop the feature itself and this series does exactly that. There is no real benefit in having the 'auto_queue' feature in the MHI stack, other than saving a few lines of code in the client drivers. Since the QRTR is the only client driver which makes use of this feature, this series reworks the QRTR driver to manage the buffer on its own. Testing ======= Tested on Qcom X1E based Lenovo Thinkpad T14s laptop with WLAN device. Merge Strategy ============== Since this series modifies many subsystem drivers, I'd like to get acks from relevant subsystem maintainers and take the series through MHI tree. Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> --- Changes in v2: - Used mhi_get_free_desc_count() to queue the buffers - Collected tags - Link to v1: https://lore.kernel.org/r/20251217-qrtr-fix-v1-0-f6142a3ec9d8@oss.qualcomm.… --- Manivannan Sadhasivam (2): net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels bus: mhi: host: Drop the auto_queue support drivers/accel/qaic/mhi_controller.c | 44 ------------------- drivers/bus/mhi/host/init.c | 10 ----- drivers/bus/mhi/host/internal.h | 3 -- drivers/bus/mhi/host/main.c | 81 +---------------------------------- drivers/bus/mhi/host/pci_generic.c | 20 +-------- drivers/net/wireless/ath/ath11k/mhi.c | 4 -- drivers/net/wireless/ath/ath12k/mhi.c | 4 -- include/linux/mhi.h | 14 ------ net/qrtr/mhi.c | 69 ++++++++++++++++++++++++----- 9 files changed, 62 insertions(+), 187 deletions(-) --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20251217-qrtr-fix-c058251d8d1a Best regards, -- Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com>

6 days, 13 hours

3
3
0 0

[PATCH net] gve: defer interrupt enabling until NAPI registration

by Harshitha Ramamurthy

From: Ankit Garg <nktgrg(a)google.com> Currently, interrupts are automatically enabled immediately upon request. This allows interrupt to fire before the associated NAPI context is fully initialized and cause failures like below: [ 0.946369] Call Trace: [ 0.946369] <IRQ> [ 0.946369] __napi_poll+0x2a/0x1e0 [ 0.946369] net_rx_action+0x2f9/0x3f0 [ 0.946369] handle_softirqs+0xd6/0x2c0 [ 0.946369] ? handle_edge_irq+0xc1/0x1b0 [ 0.946369] __irq_exit_rcu+0xc3/0xe0 [ 0.946369] common_interrupt+0x81/0xa0 [ 0.946369] </IRQ> [ 0.946369] <TASK> [ 0.946369] asm_common_interrupt+0x22/0x40 [ 0.946369] RIP: 0010:pv_native_safe_halt+0xb/0x10 Use the `IRQF_NO_AUTOEN` flag when requesting interrupts to prevent auto enablement and explicitly enable the interrupt in NAPI initialization path (and disable it during NAPI teardown). This ensures that interrupt lifecycle is strictly coupled with readiness of NAPI context. Cc: stable(a)vger.kernel.org Fixes: 1dfc2e46117e ("gve: Refactor napi add and remove functions") Signed-off-by: Ankit Garg <nktgrg(a)google.com> Reviewed-by: Jordan Rhee <jordanrhee(a)google.com> Reviewed-by: Joshua Washington <joshwash(a)google.com> Signed-off-by: Harshitha Ramamurthy <hramamurthy(a)google.com> --- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_utils.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c index 5a74760..96adbbe 100644 --- a/drivers/net/ethernet/google/gve/gve_main.c +++ b/drivers/net/ethernet/google/gve/gve_main.c @@ -558,7 +558,7 @@ static int gve_alloc_notify_blocks(struct gve_priv *priv) block->priv = priv; err = request_irq(priv->msix_vectors[msix_idx].vector, gve_is_gqi(priv) ? gve_intr : gve_intr_dqo, - 0, block->name, block); + IRQF_NO_AUTOEN, block->name, block); if (err) { dev_err(&priv->pdev->dev, "Failed to receive msix vector %d\n", i); diff --git a/drivers/net/ethernet/google/gve/gve_utils.c b/drivers/net/ethernet/google/gve/gve_utils.c index ace9b86..b53b7fc 100644 --- a/drivers/net/ethernet/google/gve/gve_utils.c +++ b/drivers/net/ethernet/google/gve/gve_utils.c @@ -112,11 +112,13 @@ void gve_add_napi(struct gve_priv *priv, int ntfy_idx, netif_napi_add_locked(priv->dev, &block->napi, gve_poll); netif_napi_set_irq_locked(&block->napi, block->irq); + enable_irq(block->irq); } void gve_remove_napi(struct gve_priv *priv, int ntfy_idx) { struct gve_notify_block *block = &priv->ntfy_blocks[ntfy_idx]; + disable_irq(block->irq); netif_napi_del_locked(&block->napi); } -- 2.52.0.322.g1dd061c0dc-goog

6 days, 14 hours

1
0
0 0

[PATCH 6.12.y 0/3] arm64: Early system register initialization fixes

by Wei-Lin Chang

Hi, This series is a v6.12-only backport (based on v6.12.62) of fixes for system register initialization issues affecting protected KVM on arm64. This affects some contemporary and upcoming hardware which will run the v6.12.y stable kernel, or something derived from it, such as the Android common kernel. The FEAT_E2H0 patches fix code introduced after v6.6, and so only need to be backported to v6.12. The SCTLR_EL1 patch fixes code introduced in v5.11, but practically speaking only affects recent hardware which is unlikely to run something older than v6.12. Note: Marc Zyngier performed the initial backport, which I have rebased and tested, hence both of our sign-offs being added to the tags from the upstream commits. I have tested the backport and observed they solve the problems as expected. Ahmed Genidi (1): KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu() Marc Zyngier (1): arm64: Revamp HCR_EL2.E2H RES1 detection Mark Rutland (1): KVM: arm64: Initialize HCR_EL2.E2H early arch/arm64/include/asm/el2_setup.h | 57 +++++++++++++++++++++++++--- arch/arm64/kernel/head.S | 22 ++--------- arch/arm64/kvm/hyp/nvhe/hyp-init.S | 10 +++-- arch/arm64/kvm/hyp/nvhe/psci-relay.c | 3 ++ 4 files changed, 65 insertions(+), 27 deletions(-) -- 2.43.0

6 days, 14 hours

2
4
0 0

[PATCH 6.18 000/614] 6.18.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.18.2 release. There are 614 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 18 Dec 2025 11:12:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.18.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.18.2-rc1 Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Fix integer overflow in sample size validation Junrui Luo <moonafterrain(a)outlook.com> ALSA: wavefront: Clear substream pointers on close Denis Arefev <arefev(a)swemel.ru> ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/tas2781: fix speaker id retrieval for multiple probes Antheas Kapenekakis <lkml(a)antheas.dev> ALSA: hda/realtek: Add match for ASUS Xbox Ally projects Junrui Luo <moonafterrain(a)outlook.com> ALSA: dice: fix buffer overflow in detect_stream_formats() Sven Peter <sven(a)kernel.org> usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required Duoming Zhou <duoming(a)zju.edu.cn> usb: typec: ucsi: fix use-after-free caused by uec->work Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> usb: phy: Initialize struct usb_phy list_head Duoming Zhou <duoming(a)zju.edu.cn> usb: typec: ucsi: fix probe failure in gaokun_ucsi_probe() Haotien Hsu <haotienh(a)nvidia.com> usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Adjust infopfx size to accept an extra space Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> efi/cper: Add a new helper function to print bitmasks Evan Li <evan.li(a)linux.alibaba.com> perf/x86/intel: Fix NULL event dereference crash in handle_pmi_common() Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix memory leak in ocfs2_merge_rec_left() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cpu: Make atomic hotplug callbacks run with interrupts disabled on UP Dan Carpenter <dan.carpenter(a)linaro.org> irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() Thaumy Cheng <thaumy.love(a)gmail.com> perf/core: Fix missing read event generation on task exit Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix an error handler crash Duoming Zhou <duoming(a)zju.edu.cn> scsi: imm: Fix use-after-free bug caused by unfinished delayed work Haotian Zhang <vulab(a)iscas.ac.cn> dm log-writes: Add missing set_freezable() for freezable kthread Alexey Simakov <bigalex934(a)gmail.com> dm-raid: fix possible NULL dereference with undefined raid type Hemalatha Pinnamreddy <hemalatha.pinnamreddy2(a)amd.com> ASoC: amd: acp: update tdm channels for specific DAI Mohamed Khalfella <mkhalfella(a)purestorage.com> block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock Dibin Moolakadan Subrahmanian <dibin.moolakadan.subrahmanian(a)intel.com> drm/i915/fbdev: Hold runtime PM ref during fbdev BO creation Jani Nikula <jani.nikula(a)intel.com> drm/{i915, xe}/fbdev: deduplicate struct drm_mode_fb_cmd2 init Jani Nikula <jani.nikula(a)intel.com> drm/{i915, xe}/fbdev: pass struct drm_device to intel_fbdev_fb_alloc() Jani Nikula <jani.nikula(a)intel.com> drm/i915/fbdev: make intel_framebuffer_create() error return handling explicit Jani Nikula <jani.nikula(a)intel.com> drm/xe/fbdev: use the same 64-byte stride alignment as i915 Liyuan Pang <pangliyuan1(a)huawei.com> ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: add bounds check in put_user loop for DSP events Javier Martinez Canillas <javierm(a)redhat.com> regulator: spacemit: Align input supply name with the DT binding Nuno Sá <nuno.sa(a)analog.com> rtc: max31335: Fix ignored return value in set_alarm Haotian Zhang <vulab(a)iscas.ac.cn> rtc: gamecube: Check the return value of ioremap() Xiaogang Chen <xiaogang.chen(a)amd.com> drm/amdkfd: Use huge page size to check split svm range alignment Andres J Rosa <andyrosa(a)gmail.com> ALSA: uapi: Fix typo in asound.h comment Dave Kleikamp <dave.kleikamp(a)oracle.com> dma/pool: eliminate alloc_pages warning in atomic_pool_expand Troy Mitchell <troy.mitchell(a)linux.spacemit.com> i2c: spacemit: fix detect issue Kathara Sasikumar <katharasasikumar007(a)gmail.com> docs: hwmon: fix link to g762 devicetree binding Arnd Bergmann <arnd(a)arndb.de> gpio: tb10x: fix OF_GPIO dependency Mike Snitzer <snitzer(a)kernel.org> nfs/localio: remove 61 byte hole from needless ____cacheline_aligned Mike Snitzer <snitzer(a)hammerspace.com> nfs/localio: remove alignment size checking in nfs_is_local_dio_possible David Howells <dhowells(a)redhat.com> cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 David Howells <dhowells(a)redhat.com> cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB1 René Rebe <rene(a)exactco.de> drm/nouveau: fix circular dep oops from vendored i2c encoder Madhur Kumar <madhurkumar004(a)gmail.com> drm/nouveau: refactor deprecated strcpy Junrui Luo <moonafterrain(a)outlook.com> ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events Mark Brown <broonie(a)kernel.org> regulator: fixed: Rely on the core freeing the enable GPIO Dan Carpenter <dan.carpenter(a)linaro.org> drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() Caleb Sander Mateos <csander(a)purestorage.com> io_uring/kbuf: use READ_ONCE() for userspace-mapped memory Israel Rukshin <israelr(a)nvidia.com> nvme-auth: use kvfree() for memory allocated with kvcalloc() Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> block: fix memory leak in __blkdev_issue_zero_pages shechenglong <shechenglong(a)xfusion.com> block: fix comment for op_is_zone_mgmt() to include RESET_ALL Arnd Bergmann <arnd(a)arndb.de> drm/panel: novatek-nt35560: avoid on-stack device structure Cong Zhang <cong.zhang(a)oss.qualcomm.com> blk-mq: Abort suspend when wakeup events are pending Daeho Jeong <daehojeong(a)google.com> f2fs: revert summary entry count from 2048 to 512 in 16kb block support Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak5558: Disable regulator when error happens Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: ak4458: Disable regulator when error happens Hemalatha Pinnamreddy <hemalatha.pinnamreddy2(a)amd.com> ASoC: amd: acp: Audio is not resuming after s0ix Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() Anton Khirnov <anton(a)khirnov.net> platform/x86: asus-wmi: use brightness_set_blocking() for kbd led Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix inheritance of the block sizes when automounting Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when mounting nfs" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: clear SB_RDONLY before getting superblock" Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: ignore SB_RDONLY when remounting nfs" Akash Goel <akash.goel(a)arm.com> drm/panthor: Prevent potential UAF in group creation Jonathan Curley <jcurley(a)purestorage.com> NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in nfs_atomic_open() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Initialise verifiers for visible dentries in readdir and lookup Armin Wolf <W_Armin(a)gmx.de> fs/nls: Fix utf16 to utf8 conversion Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Avoid changing nlink when file removes and attribute updates race Abel Vesa <abel.vesa(a)linaro.org> kbuild: install-extmod-build: Properly fix CC expansion when ccache is used Haotian Zhang <vulab(a)iscas.ac.cn> rtc: amlogic-a4: fix double free caused by devm Daeho Jeong <daehojeong(a)google.com> f2fs: maintain one time GC mode is enabled during whole zoned GC cycle Xi Pardee <xi.pardee(a)linux.intel.com> platform/x86:intel/pmc: Update Arrow Lake telemetry GUID John Stultz <jstultz(a)google.com> sched/core: Fix psi_dequeue() for Proxy Execution xupengbo <xupengbo(a)oppo.com> sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out Eric Sandeen <sandeen(a)redhat.com> 9p: fix cache/debug options printing in v9fs_show_options Abdun Nihaal <nihaal(a)cse.iitm.ac.in> fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() Ian Rogers <irogers(a)google.com> perf stat: Allow no events to open if this is a "--null" run Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: single: Fix incorrect type for error return variable Ian Rogers <irogers(a)google.com> perf hist: In init, ensure mem_info is put on error paths Ian Rogers <irogers(a)google.com> perf kvm: Fix debug assertion Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix split kallsyms DSO counting Namhyung Kim <namhyung(a)kernel.org> perf tools: Mark split kallsyms DSOs as loaded Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix divide-by-zero in exfat_allocate_bitmap Shuhao Fu <sfual(a)cse.ust.hk> exfat: fix refcount leak in exfat_find Namhyung Kim <namhyung(a)kernel.org> perf jitdump: Add sym/str-tables to build-ID generation Xiang Mei <xmei5(a)asu.edu> net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: xrs700x: reject unsupported HSR configurations Xiaoliang Yang <xiaoliang.yang_1(a)nxp.com> net: hsr: create an API to get hsr port type Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix BCM5325/65 ARL entry VIDs Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix BCM5325/65 ARL entry multicast port masks Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: add support for bcm63xx ARL entry format Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix CPU port unicast ARL entries for BCM5325/65 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: use same ARL search result offset for BCM5325/65 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: add support for 5389/5397/5398 ARL entry format Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: move ARL entry functions into ops struct Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: split reading search entry into their own functions Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: provide accessors for accessing ARL_SRCH_CTL Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: move writing ARL entries into their own functions Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: move reading ARL entries into their own function Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: b53_arl_read{,25}(): use the entry for comparision Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix extracting VID from entry for BCM5325/65 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix VLAN_ID_IDX write size for BCM5325/65 Christophe Leroy (CS GROUP) <chleroy(a)kernel.org> um: Disable KASAN_INLINE when STATIC_LINK is selected Stefan Metzmacher <metze(a)samba.org> smb: client: relax WARN_ON_ONCE(SMBDIRECT_SOCKET_*) checks in recv_done() and smbd_conn_upcall() Stefan Metzmacher <metze(a)samba.org> smb: server: relax WARN_ON_ONCE(SMBDIRECT_SOCKET_*) checks in recv_done() and smb_direct_cm_handler() Stefan Metzmacher <metze(a)samba.org> smb: smbdirect: introduce SMBDIRECT_CHECK_STATUS_{WARN,DISCONNECT}() Stefan Metzmacher <metze(a)samba.org> smb: smbdirect: introduce SMBDIRECT_DEBUG_ERR_PTR() helper Johan Hovold <johan(a)kernel.org> clk: keystone: fix compile testing Yu Kuai <yukuai(a)fnnas.com> md/raid5: fix IO hang when array is broken with IO inflight Alexandru Gagniuc <mr.nuke.me(a)gmail.com> remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs Kumar Kartikeya Dwivedi <memxor(a)gmail.com> rqspinlock: Use trylock fallback when per-CPU rqnode is busy Kumar Kartikeya Dwivedi <memxor(a)gmail.com> rqspinlock: Enclose lock/unlock within lock entry acquisitions Ivan Stepchenko <sid(a)itb.spb.ru> mtd: lpddr_cmds: fix signed shifts in lpddr_cmds Breno Leitao <leitao(a)debian.org> net: netpoll: initialize work queue before error checks Hangbin Liu <liuhangbin(a)gmail.com> selftests: bonding: add delay before each xvlan_over_bond connectivity check Robert Marko <robimarko(a)gmail.com> net: phy: aquantia: check for NVMEM deferral Mickaël Salaün <mic(a)digikod.net> landlock: Fix handling of disconnected directories Alex Williamson <alex.williamson(a)nvidia.com> vfio/pci: Use RCU for error/request triggers to avoid circular locking Dev Jain <dev.jain(a)arm.com> arm64/pageattr: Propagate return value from __change_memory_common Tianchu Chen <flynnnchen(a)tencent.com> spi: ch341: fix out-of-bounds memory access in ch341_transfer_one Haotian Zhang <vulab(a)iscas.ac.cn> mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: stmmac: fix rx limit check in stmmac_rx_zc() Antoine Tenart <atenart(a)kernel.org> net: vxlan: prevent NULL deref in vxlan_xmit_one Michal Schmidt <mschmidt(a)redhat.com> iavf: Implement settime64 with -EOPNOTSUPP Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_connlimit: update the count if add was skipped Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nf_conncount: rework API to use sk_buff directly Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: check for maximum number of encapsulations in bridge vlan Ilias Stamatis <ilstam(a)amazon.com> Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195: Fix address range for JPEG decoder core 1 sparkhuang <huangshaobo3(a)xiaomi.com> regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend Marek Szyprowski <m.szyprowski(a)samsung.com> ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend Marek Szyprowski <m.szyprowski(a)samsung.com> soc: samsung: exynos-pmu: Fix structure initialization Mikhail Kshevetskiy <mikhail.kshevetskiy(a)iopsys.eu> spi: airoha-snfi: en7523: workaround flash damaging if UART_TXD was short to GND Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: catpt: Fix error path in hw_params() Michael S. Tsirkin <mst(a)redhat.com> virtio: clean up features qword/dword terms Alok Tiwari <alok.a.tiwari(a)oracle.com> vdpa/pds: use %pe for ERR_PTR() in event handler registration Mike Christie <michael.christie(a)oracle.com> vhost: Fix kthread worker cgroup failure handling Alok Tiwari <alok.a.tiwari(a)oracle.com> vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues Michael S. Tsirkin <mst(a)redhat.com> virtio: fix map ops comment Michael S. Tsirkin <mst(a)redhat.com> virtio: fix virtqueue_set_affinity() docs Michael S. Tsirkin <mst(a)redhat.com> virtio: standardize Returns documentation style Michael S. Tsirkin <mst(a)redhat.com> virtio: fix grammar in virtio_map_ops docs Michael S. Tsirkin <mst(a)redhat.com> virtio: fix grammar in virtio_queue_info docs Michael S. Tsirkin <mst(a)redhat.com> virtio: fix whitespace in virtio_config_ops Michael S. Tsirkin <mst(a)redhat.com> virtio: fix typo in virtio_device_ready() comment Kriish Sharma <kriish.sharma2006(a)gmail.com> virtio: fix kernel-doc for mapping/free_coherent functions Alok Tiwari <alok.a.tiwari(a)oracle.com> virtio_vdpa: fix misleading return in void function Guenter Roeck <linux(a)roeck-us.net> of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node Willem de Bruijn <willemb(a)google.com> selftests/net: packetdrill: pass send_omit_free to MSG_ZEROCOPY tests Yongjian Sun <sunyongjian1(a)huawei.com> ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation Edward Adam Davis <eadavis(a)qq.com> bpf: Fix exclusive map memory leak Matthieu Buffet <matthieu(a)buffet.re> selftests/landlock: Fix makefile header list Kevin Brodsky <kevin.brodsky(a)arm.com> ublk: prevent invalid access with DEBUG René Rebe <rene(a)exactco.de> ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 Haotian Zhang <vulab(a)iscas.ac.cn> hwmon: sy7636a: Fix regulator_enable resource leak on error path Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: assign AID to uuid in topology for SPX mode Dan Carpenter <dan.carpenter(a)linaro.org> drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() Will Rosenberg <whrosenb(a)asu.edu> kernfs: fix memory leak of kernfs_iattrs in __kernfs_new_node Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> misc: rp1: Fix an error handling path in rp1_probe() Christoph Hellwig <hch(a)lst.de> fs: lift the FMODE_NOCMTIME check into file_update_time_flags Christoph Hellwig <hch(a)lst.de> fs: refactor file timestamp update logic Haotian Zhang <vulab(a)iscas.ac.cn> greybus: gb-beagleplay: Fix timeout handling in bootloader functions Alexandre Courbot <acourbot(a)nvidia.com> firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: clear the channel status control memory Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Prevent recursive memory reclaim Jaroslav Kysela <perex(a)perex.cz> ASoC: nau8325: add missing build config Jaroslav Kysela <perex(a)perex.cz> ASoC: nau8325: use simple i2c probe function Johan Hovold <johan(a)kernel.org> clocksource/drivers/nxp-stm: Prevent driver unbind Johan Hovold <johan(a)kernel.org> clocksource/drivers/nxp-stm: Fix section mismatches Johan Hovold <johan(a)kernel.org> clocksource/drivers/nxp-pit: Prevent driver unbind Johan Hovold <johan(a)kernel.org> clocksource/drivers/arm_arch_timer_mmio: Prevent driver unbind Johan Hovold <johan(a)kernel.org> clocksource/drivers/stm: Fix double deregistration on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> clocksource/drivers/ralink: Fix resource leaks in init error path Akash Goel <akash.goel(a)arm.com> drm/panthor: Avoid adding of kernel BOs to extobj list Guillaume La Roque <glaroque(a)baylibre.com> arm64: dts: amlogic: meson-g12b: Fix L2 cache reference for S922X CPUs Jijun Wang <jijun.wang(a)intel.com> RDMA/irdma: Fix SRQ shadow area address initialization Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Remove doorbell elision logic Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Do not set IBK_LOCAL_DMA_LKEY for GEN3+ Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY Anil Samal <anil.samal(a)intel.com> RDMA/irdma: Add missing mutex destroy Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix SIGBUS in AEQ destroy Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> RDMA/irdma: Add a missing kfree of struct irdma_pci_f for GEN2 Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_free_pble Krzysztof Czurylo <krzysztof.czurylo(a)intel.com> RDMA/irdma: Fix data race in irdma_sc_ccq_arm Stephan Gerhold <stephan.gerhold(a)linaro.org> iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal Randy Dunlap <rdunlap(a)infradead.org> backlight: lp855x: Fix lp855x.h kernel-doc warnings Luca Ceresoli <luca.ceresoli(a)bootlin.com> backlight: led-bl: Add devlink to supplier LEDs Ria Thomas <ria.thomas(a)morsemicro.com> wifi: ieee80211: correct FILS status codes Christoph Hellwig <hch(a)lst.de> iomap: allocate s_dio_done_wq for async reads as well Christoph Hellwig <hch(a)lst.de> iomap: always run error completions in user context David Gow <davidgow(a)google.com> um: Don't rename vmap to kernel_vmap Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: restrict the flush page to a 32-bit address Shawn Lin <shawn.lin(a)rock-chips.com> PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition Filipe Manana <fdmanana(a)suse.com> btrfs: fix leaf leak in an error path in btrfs_del_items() Qu Wenruo <wqu(a)suse.com> btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() Boris Burkov <boris(a)bur.io> btrfs: fix racy bitfield write in btrfs_clear_space_info_full() Miquel Sabaté Solà <mssola(a)mssola.com> btrfs: fix double free of qgroup record after failure to add delayed ref head Alan Maguire <alan.maguire(a)oracle.com> selftests/bpf: Allow selftests to build with older xxd Alan Maguire <alan.maguire(a)oracle.com> bpftool: Allow bpftool to build with openssl < 3 Ryan Huang <tzukui(a)google.com> iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables Jianglei Nie <niejianglei2021(a)163.com> staging: fbtft: core: fix potential memory leak in fbtft_probe_common() Dinh Nguyen <dinguyen(a)kernel.org> firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc Zilin Guan <zilin(a)seu.edu.cn> mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Add missing locking in mt7996_mac_sta_rc_work() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: skip ieee80211_iter_keys() on scanning link remove Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: skip deflink accounting for offchannel links Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Move mt76_abort_scan out of mt76_reset_device() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: grab mt76 mutex in mt7996_mac_sta_event() Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix EMI rings for RRO Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix using wrong phy to start in mt7996_mac_restart() Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix MLO set key and group key issues Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix MLD group index assignment Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: set link_valid field when initializing wcid Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix teardown command for an MLD peer Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix several fields in mt7996_mcu_bss_basic_tlv() Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix implicit beamforming support for mt7992 StanleyYP Wang <StanleyYP.Wang(a)mediatek.com> wifi: mt76: mt7996: fix max nss value when getting rx chainmask Fedor Pchelkin <pchelkin(a)ispras.ru> Revert "wifi: mt76: mt792x: improve monitor interface handling" Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Remove useless check in mt7996_msdu_page_get_from_cache() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: Remove unnecessary link_id checks in mt7996_tx Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx() Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2781: correct the wrong period Baojun Xu <baojun.xu(a)ti.com> ASoC: tas2781: Correct the wrong chip ID for reset variable check Herbert Xu <herbert(a)gondor.apana.org.au> crypto: ahash - Zero positive err value in ahash_update_finish Herbert Xu <herbert(a)gondor.apana.org.au> crypto: ahash - Fix crypto_ahash_import with partial block data Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Pass correct flag for dma mr creation Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the inline size for GenP7 devices Gao Xiang <xiang(a)kernel.org> erofs: limit the level of fs stacking for file-backed mounts Gao Xiang <xiang(a)kernel.org> erofs: correct FSDAX detection Fangyu Yu <fangyu.yu(a)linux.alibaba.com> RISC-V: KVM: Fix guest page fault within HLV* instructions Pengjie Zhang <zhangpengjie2(a)huawei.com> PM / devfreq: hisi: Fix potential UAF in OPP handling Haotian Zhang <vulab(a)iscas.ac.cn> crypto: ccree - Correctly handle return of sg_nents_for_len Haotian Zhang <vulab(a)iscas.ac.cn> crypto: starfive - Correctly handle return of sg_nents_for_len Martin Teichmann <martin.teichmann(a)xfel.eu> bpf: properly verify tail call behavior Xing Guo <higuoxing(a)gmail.com> selftests/bpf: Update test_tag to use sha256 Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: Improve reliability of test_perf_branches_no_hw() Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: skip test_perf_branches_hw() on unsupported platforms Dan Carpenter <dan.carpenter(a)linaro.org> regulator: pca9450: Fix error code in probe() Gopi Krishna Menon <krishnagopi487(a)gmail.com> usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during suspend if set as peripheral Jisheng Zhang <jszhang(a)kernel.org> usb: dwc2: fix hang during shutdown if set as peripheral Oliver Neukum <oneukum(a)suse.com> usb: chaoskey: fix locking for O_NONBLOCK Zhao Yipeng <zhaoyipeng5(a)huawei.com> ima: Handle error code returned by ima_filter_rule_match() Ivan Pravdin <ipravdin.official(a)gmail.com> rtla: Fix -a overriding -t argument Tomas Glozar <tglozar(a)redhat.com> rtla/tests: Fix osnoise test calling timerlat Tomas Glozar <tglozar(a)redhat.com> rtla/tests: Extend action tests to 5s Jason Tian <jason(a)os.amperecomputing.com> RAS: Report all ARM processor CPER information to userspace Seungjin Bae <eeodqql09(a)gmail.com> wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() Charles Mirabile <cmirabil(a)redhat.com> clk: spacemit: Set clk_hw_onecell_data::num before using flex array Chen Ridong <chenridong(a)huawei.com> cpuset: Treat cpusets in attaching as populated Alexander Dahl <ada(a)thorsis.com> net: phy: adin1100: Fix software power-down ready condition Matt Bobrowski <mattbobrowski(a)google.com> selftests/bpf: Use ASSERT_STRNEQ to factor in long slab cache names Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: SDCA: Fix missing dash in HIDE DisCo property Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: rockchip: samsung-hdptx: Fix reported clock rate in high bpc mode Xiaolei Wang <xiaolei.wang(a)windriver.com> phy: freescale: Initialize priv->lock Shawn Lin <shawn.lin(a)rock-chips.com> phy: rockchip: naneng-combphy: Fix PCIe L1ss support RK3562 Shawn Lin <shawn.lin(a)rock-chips.com> phy: rockchip: naneng-combphy: Fix PCIe L1ss support RK3528 Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() Fenglin Wu <fenglin.wu(a)oss.qualcomm.com> leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM Yuntao Wang <yuntao.wang(a)linux.dev> of/fdt: Fix incorrect use of dt_root_addr_cells in early_init_dt_check_kho() Yuntao Wang <yuntao.wang(a)linux.dev> of/fdt: Fix the len check in early_init_dt_check_for_usable_mem_range() Yuntao Wang <yuntao.wang(a)linux.dev> of/fdt: Fix the len check in early_init_dt_check_for_elfcorehdr() Yuntao Wang <yuntao.wang(a)linux.dev> of/fdt: Consolidate duplicate code into helper functions Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6358-irq: Fix missing irq_domain_remove() in error path Haotian Zhang <vulab(a)iscas.ac.cn> mfd: mt6397-irq: Fix missing irq_domain_remove() in error path Tomas Glozar <tglozar(a)redhat.com> tools/rtla: Fix --on-threshold always triggering Costa Shulyupin <costa.shul(a)redhat.com> tools/rtla: Fix unassigned nr_cpus Chien Wong <m(a)xv97.com> wifi: mac80211: fix CMAC functions not handling errors Aashish Sharma <aashish(a)aashishsharma.net> iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb Vineeth Pillai (Google) <vineeth(a)bitbyteword.org> iommu/vt-d: Set INTEL_IOMMU_FLOPPY_WA depend on BLK_DEV_FD Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: realtek: create rtl8211f_config_rgmii_delay() Zilin Guan <zilin(a)seu.edu.cn> scsi: qla2xxx: Fix improper freeing of purex item Shawn Lin <shawn.lin(a)rock-chips.com> scsi: ufs: rockchip: Reset controller on PRE_CHANGE of hce enable notify Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: bcm2835: Make sure the channel is enabled after pwm_request() Leo Yan <leo.yan(a)arm.com> perf arm_spe: Fix memset subclass in operation Fernando Fernandez Mancera <fmancera(a)suse.de> ipv6: clear RA flags when adding a static route Longbin Li <looong.bin(a)gmail.com> spi: sophgo: Fix incorrect use of bus width value macros Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Improve MX rail fallback in RPMH vote init Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix the gemnoc workaround Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Flush LRZ cache before PT switch Jay Liu <jay.liu(a)mediatek.com> drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Prevent memory leaks in add sub record Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: out1 also needs to put mi Ovidiu Panait <ovidiu.panait.rb(a)renesas.com> net: stmmac: Fix VLAN 0 deletion in vlan_del_hw_rx_fltr() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit Pu Lehui <pulehui(a)huawei.com> bpf: Fix invalid prog->stats access when update_effective_progs fails Inochi Amaoto <inochiama(a)gmail.com> net: stmmac: dwmac-sophgo: Add phy interface filter Inochi Amaoto <inochiama(a)gmail.com> net: phy: Add helper for fixing RGMII PHY mode based on internal mac delay Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() Christian Bruel <christian.bruel(a)foss.st.com> PCI: stm32: Fix EP page_size alignment Christian Bruel <christian.bruel(a)foss.st.com> PCI: stm32: Fix LTSSM EP race with start link Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/a2xx: stop over-complaining about the legacy firmware Huiwen He <hehuiwen(a)kylinos.cn> drm/msm: fix missing NULL check after kcalloc in crashstate_get_bos() Huiwen He <hehuiwen(a)kylinos.cn> drm/msm: Fix NULL pointer dereference in crashstate_get_vm_logs() Guenter Roeck <linux(a)roeck-us.net> block/blk-throttle: Fix throttle slice time for SSDs Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: imx95-tqma9596sa: reduce maximum FlexSPI frequency to 66MHz Markus Niebel <Markus.Niebel(a)ew.tq-group.com> arm64: dts: imx95-tqma9596sa: fix TPM5 pinctrl node name Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD/blocklayout: Fix minlength check in proc_layoutget Al Viro <viro(a)zeniv.linux.org.uk> tracefs: fix a leak in eventfs_create_events_dir() Al Viro <viro(a)zeniv.linux.org.uk> fuse_ctl_add_conn(): fix nlink breakage in case of early failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: core: Clean up device correctly on iio_device_alloc() failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: core: add missing mutex_destroy in iio_dev_release() Haotian Zhang <vulab(a)iscas.ac.cn> watchdog: starfive: Fix resource leak in probe error path Haotian Zhang <vulab(a)iscas.ac.cn> watchdog: wdat_wdt: Fix ACPI table leak in probe function Nuno Das Neves <nunodasneves(a)linux.microsoft.com> mshv: Fix create memory region overlap check Nuno Das Neves <nunodasneves(a)linux.microsoft.com> mshv: Fix deposit memory in MSHV_ROOT_HVCALL Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Check skb->transport_header is set in bpf_skb_check_mtu Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Fix failure paths in send_signal test Menglong Dong <menglong8.dong(a)gmail.com> bpf: Handle return value of ftrace_set_filter_ip in register_fentry Sahil Chandna <chandna.sahil(a)gmail.com> bpf: Prevent nesting overflow in bpf_try_get_buffers Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: don't enable CC_CAN_LINK if the dummy program generates warnings Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Prevent resource tree corruption when BAR resize fails Aaron Kling <webgeek1234(a)gmail.com> soc/tegra: fuse: speedo-tegra210: Update speedo IDs Rene Rebe <rene(a)exactco.de> ps3disk: use memcpy_{from,to}_bvec index Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype Praveen Talari <praveen.talari(a)oss.qualcomm.com> arm64: dts: qcom: qrb2210-rb1: Fix UART3 wakeup IRQ storm Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Use %u to printf unsigned int pwm_chip::npwm and pwm_chip::id Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Simplify printf to emit chip->npwm in $debugfs/pwm Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/fpu: Fix false-positive kmsan report in fpu_vstl() Zilin Guan <zilin(a)seu.edu.cn> crypto: iaa - Fix incorrect return value in save_iaa_wq() Ian Rogers <irogers(a)google.com> perf vendor metrics s390: Avoid has_event(INSTRUCTIONS) FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> soc: renesas: rz-sysc: Populate readable_reg/writeable_reg in regmap config Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> soc: renesas: r9a09g056-sys: Populate max_register Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Exit ks_pcie_probe() for invalid mode Leon Hwang <leon.hwang(a)linux.dev> bpf: Free special fields when update [lru_,]percpu_hash maps Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Fix deadlock between context destroy and job timeout Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Clear mailbox interrupt register during channel creation Chaitanya S Prakash <chaitanyas.prakash(a)arm.com> arm64/mm: Allow __create_pgd_mapping() to propagate pgtable_alloc() errors Haotian Zhang <vulab(a)iscas.ac.cn> leds: netxbig: Fix GPIO descriptor leak in error paths Haotian Zhang <vulab(a)iscas.ac.cn> scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls Tony Battersby <tonyb(a)cybernetics.com> scsi: qla2xxx: Clear cmds after chip reset Haotian Zhang <vulab(a)iscas.ac.cn> ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() Joseph Qi <joseph.qi(a)linux.alibaba.com> ocfs2: use correct endian in ocfs2_dinode_has_extents Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> lib/vsprintf: Check pointer before dereferencing in time_and_date() Haotian Zhang <vulab(a)iscas.ac.cn> clk: renesas: r9a06g032: Fix memory leak in error path Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a09g077: Propagate rate changes to parent clocks Jayesh Choudhary <j-choudhary(a)ti.com> drm/tidss: Move OLDI mode validation to OLDI bridge mode_valid hook Jayesh Choudhary <j-choudhary(a)ti.com> drm/tidss: Remove max_pclk_khz and min_pclk_khz from tidss display features Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix missing feature check for inherit + SAMPLE_READ Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Properly control filter in CPU idle with FEAT_TRF Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Add context synchronization before enabling trace Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Correct polling IDLE bit Leo Yan <leo.yan(a)arm.com> coresight: etm3x: Always set tracer's device mode on target CPU Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Always set tracer's device mode on target CPU Leo Yan <leo.yan(a)arm.com> coresight: Change device mode to atomic type Bartlomiej Kubik <kubik.bartlomiej(a)gmail.com> fs/ntfs3: Initialize allocated memory before use David Wei <dw(a)davidwei.uk> io_uring/zcrx: call netdev_queue_get_dma_dev() under instance lock David Wei <dw(a)davidwei.uk> net: export netdev_get_by_index_lock() Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config unlock in nbd_genl_connect Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() Long Li <leo.lilong(a)huawei.com> macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/32: Fix unpaired stwcx. on interrupt exit Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kdump: Fix size calculation for hot-removed memory ranges Gautham R. Shenoy <gautham.shenoy(a)amd.com> cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs Li Nan <linan122(a)huawei.com> md: init bioset in mddev_init Li Nan <linan122(a)huawei.com> md: delete md_redundancy_group when array is becoming inactive Bean Huo <beanhuo(a)micron.com> scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() Akash Goel <akash.goel(a)arm.com> drm/panthor: Fix potential memleak of vma structure Edward Adam Davis <eadavis(a)qq.com> ntfs3: init run lock for extend inode Carl Worth <carl(a)os.amperecomputing.com> coresight: tmc: add the handle of the event to the path Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties Ma Ke <make24(a)iscas.ac.cn> RDMA/rtrs: server: Fix error handling in get_or_create_srv Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> dt-bindings: PCI: amlogic: Fix the register name of the DBI region Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: imu: bmi270: fix dev_err_probe error msg Johan Hovold <johan(a)kernel.org> staging: most: remove broken i2c driver Mike McGowen <mike.mcgowen(a)microchip.com> scsi: smartpqi: Fix device resources accessed after device removal Haotian Zhang <vulab(a)iscas.ac.cn> scsi: stex: Fix reboot_notifier leak in probe error path Zheng Qixing <zhengqixing(a)huawei.com> nbd: defer config put in recv_work Xiao Ni <xni(a)redhat.com> md: avoid repeated calls to del_gendisk Yun Zhou <yun.zhou(a)windriver.com> md: fix rcu protection in md_wakeup_thread Xiao Ni <xni(a)redhat.com> md: delete mddev kobj before deleting gendisk kobj Gabor Juhos <j4g8y7(a)gmail.com> regulator: core: disable supply if enabling main regulator fails Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Correct large PEBS flag check Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86: Fix NULL event access and potential PEBS record loss Pavel Begunkov <asml.silence(a)gmail.com> io_uring: use WRITE_ONCE for user shared memory FUKAUMI Naoki <naoki(a)radxa.com> arm64: dts: rockchip: Fix USB Type-C host mode for Radxa ROCK 5B+/5T Dan Carpenter <dan.carpenter(a)linaro.org> hfs: fix potential use after free in hfs_correct_next_unused_CNID() Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Fix dma_fence leak when job is canceled Zhang Yi <yi.zhang(a)huawei.com> ext4: correct the checking of quota files before moving extents Manish Dharanenthiran <manish.dharanenthiran(a)oss.qualcomm.com> wifi: ath12k: Fix timeout error during beacon stats retrieval Haotian Zhang <vulab(a)iscas.ac.cn> mfd: da9055: Fix missing regmap_del_irq_chip() in error path Namhyung Kim <namhyung(a)kernel.org> perf annotate: Fix build with NO_SLANG=1 Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: usb: fix leak in rtw89_usb_write_port() Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: usb: use common error path for skbs in rtw89_usb_rx_handler() Wang Liang <wangliang74(a)huawei.com> locktorture: Fix memory leak in param_set_cpumask() Usama Arif <usamaarif642(a)gmail.com> efi/libstub: Fix page table access in 5-level to 4-level paging transition Usama Arif <usamaarif642(a)gmail.com> x86/boot: Fix page table access in 5-level to 4-level paging transition Xiaoqi Zhuang <xiaoqi.zhuang(a)oss.qualcomm.com> coresight: ETR: Fix ETR buffer use-after-free issue Niklas Cassel <cassel(a)kernel.org> arm64: tegra: Add pinctrl definitions for pcie-ep nodes Peter Zijlstra <peterz(a)infradead.org> entry,unwind/deferred: Fix unwind_reset_info() placement Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible Yegor Yefremov <yegorslists(a)googlemail.com> ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: am33xx: Add missing serial console speed Alan Maguire <alan.maguire(a)oracle.com> libbpf: Fix parsing of multi-split BTF Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix timeout handling Matthew Brost <matthew.brost(a)intel.com> drm/xe: Enforce correct user fence signaling order using Christian Brauner <brauner(a)kernel.org> cleanup: fix scoped_class() Songtang Liu <liusongtang(a)bytedance.com> iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show Christian Brauner <brauner(a)kernel.org> ns: initialize ns_list_node for initial namespaces Christian Brauner <brauner(a)kernel.org> ns: add NS_COMMON_INIT() Thomas Richard (TI.com) <thomas.richard(a)bootlin.com> firmware: ti_sci: Set IO Isolation only if the firmware is capable Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix UAF on kernel BO VA nodes Ketil Johnsen <ketil.johnsen(a)arm.com> drm/panthor: Fix race with suspend during unplug Ketil Johnsen <ketil.johnsen(a)arm.com> drm/panthor: Fix UAF race between device unplug and FW event processing Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix group_free_queue() for partially initialized queues Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Handle errors returned by drm_sched_entity_init() Tingmao Wang <m(a)maowtm.org> fs/9p: Don't open remote file with APPEND mode when writeback cache is used Mike Christie <michael.christie(a)oracle.com> scsi: target: Fix LUN/device R/W and total command stats Bart Van Assche <bvanassche(a)acm.org> scsi: target: Do not write NUL characters into ASCII configfs output Ahelenia Ziemiańska <nabijaczleweli(a)nabijaczleweli.xyz> power: supply: apm_power: only unset own apm_get_power_status Val Packett <val(a)packett.cool> power: supply: qcom_battmgr: support disabling charge control Val Packett <val(a)packett.cool> power: supply: qcom_battmgr: clamp charge control thresholds Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: wm831x: Check wm831x_set_bits() return value Murad Masimov <m.masimov(a)mt-integration.ru> power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: max17040: Check iio_read_channel_processed() return code Ivan Abramov <i.abramov(a)mt-integration.ru> power: supply: cw2015: Check devm_delayed_work_autocancel() return code Haotian Zhang <vulab(a)iscas.ac.cn> power: supply: rt5033_charger: Fix device node reference leaks Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Fix imbalanced NUMA trees Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Remove locking on group connection Frederic Weisbecker <frederic(a)kernel.org> timers/migration: Convert "while" loops to use "for" Taniya Das <taniya.das(a)oss.qualcomm.com> clk: qcom: tcsrcc-glymur: Update register offsets for clock refs Shuai Xue <xueshuai(a)linux.alibaba.com> perf record: skip synthesize event when open evsel failed Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Load kernel map before lookup Geert Uytterhoeven <geert+renesas(a)glider.be> drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() Christian Brauner <brauner(a)kernel.org> cgroup: add cgroup namespace to tree after owner is set Marek Vasut <marek.vasut+renesas(a)mailbox.org> arm64: dts: renesas: sparrow-hawk: Fix full-size DP connector node name and labels Kuan-Wei Chiu <visitorckw(a)gmail.com> interconnect: debugfs: Fix incorrect error handling for NULL path Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Fix incorrect command state for timed out job Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com> wifi: ath12k: unassign arvif on scan vdev create failure Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com> wifi: ath12k: enforce vdev limit in ath12k_mac_vdev_create() Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath12k: fix error handling in creating hardware group Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath12k: fix reusing m3 memory Abdun Nihaal <nihaal(a)cse.iitm.ac.in> wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() Jacob Keller <jacob.e.keller(a)intel.com> docs: kdoc: fix duplicate section warning message Arnd Bergmann <arnd(a)arndb.de> random: use offstack cpumask when necessary Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Prevent incomplete IBI transaction Frank Li <Frank.Li(a)nxp.com> i3c: fix refcount inconsistency in i3c_master_register Aniket Limaye <a-limaye(a)ti.com> arm64: dts: ti: k3-j784s4: Fix I2C pinmux pull configuration Christian Brauner <brauner(a)kernel.org> pidfs: add missing BUILD_BUG_ON() assert on struct pidfd_info Christian Brauner <brauner(a)kernel.org> pidfs: add missing PIDFD_INFO_SIZE_VER1 Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> accel/ivpu: Fix race condition when unbinding BOs Danilo Krummrich <dakr(a)kernel.org> drm: nova: select NOVA_CORE Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: stm32: fix hwspinlock resource leak in probe function Haotian Zhang <vulab(a)iscas.ac.cn> soc: qcom: smem: fix hwspinlock resource leak in probe error paths Taniya Das <taniya.das(a)oss.qualcomm.com> clk: qcom: gcc-qcs615: Update the SDCC clock to use shared_floor_ops Benjamin Berg <benjamin.berg(a)intel.com> tools/nolibc/dirent: avoid errno in readdir_r Benjamin Berg <benjamin.berg(a)intel.com> tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set Maciej Falkowski <maciej.falkowski(a)linux.intel.com> accel/ivpu: Remove skip of dma unmap for imported buffers Tengda Wu <wutengda(a)huaweicloud.com> x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() Marek Vasut <marek.vasut+renesas(a)mailbox.org> drm/rcar-du: dsi: Fix missing parameter in RXSETR_...EN macros Peter Zijlstra <peterz(a)infradead.org> task_work: Fix NMI race condition Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Remove PC3 support from LunarLake Arnaud Lecomte <contact(a)arnaud-lcm.com> bpf: Fix stackmap overflow check in __bpf_get_stackid() Arnaud Lecomte <contact(a)arnaud-lcm.com> bpf: Refactor stack map trace depth calculation into helper function Haotian Zhang <vulab(a)iscas.ac.cn> mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove Aryan Srivastava <aryan.srivastava(a)alliedtelesis.co.nz> mtd: nand: relax ECC parameter validation check Aryan Srivastava <aryan.srivastava(a)alliedtelesis.co.nz> Revert "mtd: rawnand: marvell: fix layouts" Li Qiang <liqiang01(a)kylinos.cn> wifi: iwlwifi: mld: add null check for kzalloc() in iwl_mld_send_proto_offload() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/userq: fix SDMA and compute validation Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: add userq object va track helpers Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: renesas: gose: Remove superfluous port property Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix null deref on srq->rq.queue after resize failure Loic Poulain <loic.poulain(a)oss.qualcomm.com> arm64: dts: qcom: qcm2290: Fix camss register prop ordering Kuniyuki Iwashima <kuniyu(a)google.com> sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix PTP for VSC8574 and VSC8572 Michal Suchanek <msuchanek(a)suse.de> perf hwmon_pmu: Fix uninitialized variable warning Eric Gonçalves <ghatto404(a)gmail.com> arm64: dts: qcom: sm8250-samsung-common: correct reserved pins Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sdm845-starqltechn: Fix i2c-gpio node name Pengyu Luo <mitltlatltl(a)gmail.com> arm64: dts: qcom: sc8280xp: Fix shifted GPI DMA channels Val Packett <val(a)packett.cool> arm64: dts: qcom: x1-dell-thena: remove dp data-lanes Val Packett <val(a)packett.cool> arm64: dts: qcom: x1-dell-thena: Add missing pinctrl for eDP HPD Alexander Martinz <amartinz(a)shiftphones.com> arm64: dts: qcom: qcm6490-shift-otter: Add missing reserved-memory Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> arm64: dts: qcom: sm8750-mtp: move PCIe GPIOs to pcieport0 node Neil Armstrong <neil.armstrong(a)linaro.org> arm64: dts: qcom: sm8650: set ufs as dma coherent Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: qcm6490-fairphone-fp5: Add supplies to simple-fb node Gergo Koteles <soyer(a)irl.hu> arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: fix max77705 interrupts Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove (address|size)-cells Willy Tarreau <w(a)1wt.eu> tools/nolibc: x86: fix section mismatch caused by asm "mem*" functions Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> arm64: dts: qcom: lemans: Add missing quirk for HS only USB controller Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> arm64: dts: qcom: x1e80100: Add missing quirk for HS only USB controller Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> arm64: dts: qcom: x1e80100: Fix compile warnings for USB HS controller Peng Fan <peng.fan(a)nxp.com> firmware: imx: scu-irq: fix OF node leak in Randolph Sapp <rs(a)ti.com> arm64: dts: ti: k3-am62p: Fix memory ranges for GPU Bhanu Seshu Kumar Valluri <bhanuseshukumar(a)gmail.com> PCI: endpoint: pci-epf-test: Fix sleeping function being called from atomic context Thomas Richard <thomas.richard(a)bootlin.com> leds: upboard: Fix module alias Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: remove duplicate call to ice_deinit_hw() on error paths Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: move ice_deinit_dev() to the end of deinit paths Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: extract ice_init_dev() from ice_init() Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: move ice_init_pf() out of ice_init_dev() Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: move udp_tunnel_nic and misc IRQ setup into ice_init_pf() Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: ice_init_pf: destroy mutexes and xarrays on memory alloc failure Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: move ice_init_interrupt_scheme() prior ice_init_pf() Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: move service task start out of ice_init_pf() Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Fix uninitialized return value Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath12k: restore register window after global reset Len Brown <len.brown(a)intel.com> tools/power turbostat: Regression fix Uncore MHz printed in hex Heiko Carstens <hca(a)linux.ibm.com> s390/ap: Don't leak debug feature files if AP instructions are not available Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Move the ufshcd_enable_intr() declaration Heiko Carstens <hca(a)linux.ibm.com> s390/smp: Fix fallback CPU detection Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath11k: fix peer HE MCS assignment Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath11k: fix VHT MCS assignment nieweiqiang <nieweiqiang(a)huawei.com> crypto: hisilicon/qm - restore original qos values Thorsten Blum <thorsten.blum(a)linux.dev> crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Haotian Zhang <vulab(a)iscas.ac.cn> soc: qcom: gsbi: fix double disable caused by devm Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm7150: Fix PLL config of PLL2 Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm6350: Fix PLL config of PLL2 Luo Jie <quic_luoj(a)quicinc.com> clk: qcom: gcc-ipq5424: Correct the icc_first_node_id Taniya Das <taniya.das(a)oss.qualcomm.com> clk: qcom: gcc-glymur: Update the halt check flags for pipe clocks Taniya Das <taniya.das(a)oss.qualcomm.com> clk: qcom: gcc-sm8750: Add a new frequency for sdcc2 clock Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> clk: qcom: rpmh: Define RPMH_IPA_CLK on QCS615 Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> clk: qcom: camcc-sm8550: Specify Titan GDSC power domain as a parent to other Sherry Sun <sherry.sun(a)nxp.com> tty: serial: imx: Only configure the wake register when device is set as wakeup source Li Qiang <liqiang01(a)kylinos.cn> uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe Geert Uytterhoeven <geert+renesas(a)glider.be> PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: fix sysreg_apm reg property Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: fix clock module unit reg sizes Tianyou Li <tianyou.li(a)intel.com> perf annotate: Check return value of evsel__get_arch() properly Joy Zou <joy.zou(a)nxp.com> arm64: dts: imx95-15x15-evk: add fan-supply property for pwm-fan Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1 Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mp-venice-gw702x: remove off-board uart Tim Harvey <tharvey(a)gateworks.com> arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl Tim Harvey <tharvey(a)gateworks.com> arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props Daniel Borkmann <daniel(a)iogearbox.net> bpf: Do not let BPF test infra emit invalid GSO types to stack Bart Van Assche <bvanassche(a)acm.org> block/mq-deadline: Switch back to a single dispatch list Bart Van Assche <bvanassche(a)acm.org> block/mq-deadline: Introduce dd_start_request() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> PCI: sg2042: Fix a reference count issue in sg2042_pcie_remove() T Pratham <t-pratham(a)ti.com> crypto: aead - Fix reqsize handling Ian Rogers <irogers(a)google.com> perf parse-events: Make X modifier more respectful of groups Randy Dunlap <rdunlap(a)infradead.org> firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> arm64: dts: qcom: ipq5424: correct the TF-A reserved memory to 512K Sidharth Seela <sidharthseela(a)gmail.com> ntfs3: Fix uninit buffer allocated by __getname() Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> ntfs3: fix uninit memory after failed mi_read in mi_format_new Herbert Xu <herbert(a)gondor.apana.org.au> crypto: authenc - Correctly pass EINPROGRESS back up to the caller Johan Hovold <johan(a)kernel.org> irqchip: Pass platform device to platform drivers Johan Hovold <johan(a)kernel.org> irqchip: Drop leftover brackets Johan Hovold <johan(a)kernel.org> irqchip/qcom-irq-combiner: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/starfive-jh8100: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/renesas-rzg2l: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/imx-mu-msi: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-brcmstb-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7120-l2: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/irq-bcm7038-l1: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/bcm2712-mip: Fix section mismatch Johan Hovold <johan(a)kernel.org> irqchip/bcm2712-mip: Fix OF node reference imbalance Fernand Sieber <sieberf(a)amazon.com> sched/fair: Forfeit vruntime on yield Pradeep Kumar Chitrapu <quic_pradeepc(a)quicinc.com> wifi: ath12k: fix TX and RX MCS rate configurations in HE mode Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath12k: fix VHT MCS assignment Sarika Sharma <sarika.sharma(a)oss.qualcomm.com> wifi: ath12k: Fix MSDU buffer types handling in RX error path Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath11k: restore register window after global reset Kang Yang <kang.yang(a)oss.qualcomm.com> wifi: ath10k: move recovery check logic into a new work Danilo Krummrich <dakr(a)kernel.org> gpu: nova-core: gsp: do not unwrap() SGEntry Danilo Krummrich <dakr(a)kernel.org> gpu: nova-core: gsp: remove useless conversion Ian Rogers <irogers(a)google.com> perf parse-events: Fix legacy cache events if event is duplicated in a PMU Wludzik, Jozef <jozef.wludzik(a)intel.com> accel/ivpu: Fix race condition when mapping dmabuf Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Fix weak symbol detection Dylan Hatch <dylanbhatch(a)google.com> objtool: Fix standalone --hacks=jump_label Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Fix runtime PM cleanup and improve remove path Mavroudis Chatzilazaridis <mavchatz(a)protonmail.com> HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() Cyrille Pitchen <cyrille.pitchen(a)microchip.com> drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler() Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: renesas: cpg-mssr: Read back reset registers to assure values latched Marek Vasut <marek.vasut+renesas(a)mailbox.org> clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback Biju Das <biju.das.jz(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix PMC restore Roberto Sassu <roberto.sassu(a)huawei.com> ima: Attach CREDS_CHECK IMA hook to bprm_creds_from_file LSM hook Abel Vesa <abel.vesa(a)linaro.org> pinctrl: qcom: glymur: Fix the gpio and egpio pin functions Abel Vesa <abel.vesa(a)linaro.org> pinctrl: qcom: glymur: Drop unnecessary platform data from match table Ian Rogers <irogers(a)google.com> perf bpf_counter: Fix opening of "any"(-1) CPU events Seungjin Bae <eeodqql09(a)gmail.com> USB: Fix descriptor count when handling invalid MBIM extended descriptor Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/nolibc: handle NULL wstatus argument to waitpid() Mykyta Yatsenko <yatsenko(a)meta.com> bpf: Fix handling maps with no BTF and non-constant offsets for the bpf_wq Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Fix sleepable context for async callbacks Siddharth Chintamaneni <sidchintamaneni(a)gmail.com> bpf: Cleanup unused func args in rqspinlock implementation Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/vgem-fence: Fix potential deadlock on release Karol Wachowski <karol.wachowski(a)linux.intel.com> accel/ivpu: Fix DCT active percent format Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context() Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Rework bind/unbind of imported buffers Guido Günther <agx(a)sigxcpu.org> drm/panel: visionox-rm69299: Don't clear all mode flags Guido Günther <agx(a)sigxcpu.org> drm/panel: visionox-rm69299: Fix clock frequency for SHIFT6mq Karol Wachowski <karol.wachowski(a)linux.intel.com> accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Call dma_buf_vmap_unlocked() for imported object Lizhi Hou <lizhi.hou(a)amd.com> accel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array() Mainak Sen <msen(a)nvidia.com> gpu: host1x: Fix race in syncpt alloc/free Konstantin Andreev <andreev(a)swemel.ru> smack: fix bug: setting task label silently ignores input garbage Konstantin Andreev <andreev(a)swemel.ru> smack: fix bug: unprivileged task can create labels Konstantin Andreev <andreev(a)swemel.ru> smack: fix bug: invalid label of unix socket file Konstantin Andreev <andreev(a)swemel.ru> smack: always "instantiate" inode in smack_inode_init_security() Konstantin Andreev <andreev(a)swemel.ru> smack: deduplicate xattr setting in smack_inode_init_security() Konstantin Andreev <andreev(a)swemel.ru> smack: deduplicate "does access rule request transmutation" Konstantin Andreev <andreev(a)swemel.ru> smack: fix bug: SMACK64TRANSMUTE set on non-directory ------------- Diffstat: Documentation/admin-guide/LSM/Smack.rst | 16 +- .../devicetree/bindings/pci/amlogic,axg-pcie.yaml | 6 +- Documentation/hwmon/g762.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/renesas/r8a7793-gose.dts | 1 - .../arm/boot/dts/renesas/r9a06g032-rzn1d400-db.dts | 2 - arch/arm/boot/dts/samsung/exynos4210-i9100.dts | 1 + arch/arm/boot/dts/samsung/exynos4210-trats.dts | 1 + .../boot/dts/samsung/exynos4210-universal_c210.dts | 1 + arch/arm/boot/dts/samsung/exynos4412-midas.dtsi | 1 + .../dts/st/stm32mp157c-phycore-stm32mp15-som.dtsi | 8 +- arch/arm/boot/dts/ti/omap/am335x-bone-common.dtsi | 2 +- arch/arm/boot/dts/ti/omap/am335x-boneblue.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-chiliboard.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-evm.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-evmsk.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-guardian.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-icev2.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-myirtech-myd.dts | 2 +- .../boot/dts/ti/omap/am335x-netcom-plus-2xx.dts | 8 +- .../arm/boot/dts/ti/omap/am335x-osd3358-sm-red.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-pdu001.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-pocketbeagle.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-sl50.dts | 2 +- arch/arm/boot/dts/ti/omap/omap3-beagle-xm.dts | 2 +- arch/arm/boot/dts/ti/omap/omap3-n900.dts | 2 +- arch/arm/include/asm/word-at-a-time.h | 10 +- arch/arm64/boot/dts/amlogic/meson-g12b.dtsi | 4 +- arch/arm64/boot/dts/exynos/google/gs101.dtsi | 18 +- .../boot/dts/freescale/imx8mm-venice-gw72xx.dtsi | 11 - .../boot/dts/freescale/imx8mp-venice-gw702x.dtsi | 51 --- .../boot/dts/freescale/imx8mp-venice-gw72xx.dtsi | 11 - arch/arm64/boot/dts/freescale/imx95-15x15-evk.dts | 1 + .../arm64/boot/dts/freescale/imx95-tqma9596sa.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 2 +- arch/arm64/boot/dts/nvidia/tegra234.dtsi | 61 ++++ arch/arm64/boot/dts/qcom/ipq5424.dtsi | 2 +- arch/arm64/boot/dts/qcom/lemans.dtsi | 1 + arch/arm64/boot/dts/qcom/msm8996.dtsi | 3 + arch/arm64/boot/dts/qcom/qcm2290.dtsi | 10 +- arch/arm64/boot/dts/qcom/qcm6490-fairphone-fp5.dts | 2 + arch/arm64/boot/dts/qcom/qcm6490-shift-otter.dts | 5 + arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 170 +++++----- .../arm64/boot/dts/qcom/sdm845-oneplus-common.dtsi | 4 +- .../boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 +- .../arm64/boot/dts/qcom/sm8250-samsung-common.dtsi | 3 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 2 + arch/arm64/boot/dts/qcom/sm8750-mtp.dts | 6 +- arch/arm64/boot/dts/qcom/x1-dell-thena.dtsi | 5 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 12 +- .../boot/dts/renesas/r8a779g3-sparrow-hawk.dts | 6 +- arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 + .../boot/dts/rockchip/rk3588-rock-5b-5bp-5t.dtsi | 4 +- .../boot/dts/rockchip/rk3588-rock-5b-plus.dts | 5 + arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 4 + arch/arm64/boot/dts/rockchip/rk3588-rock-5t.dts | 4 + arch/arm64/boot/dts/rockchip/rk3588s-rock-5a.dts | 15 +- arch/arm64/boot/dts/ti/k3-am62p.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am69-sk.dts | 8 +- .../boot/dts/ti/k3-j784s4-j742s2-evm-common.dtsi | 4 +- arch/arm64/mm/mmu.c | 214 +++++++----- arch/arm64/mm/pageattr.c | 5 +- arch/powerpc/kernel/entry_32.S | 10 +- arch/powerpc/kexec/ranges.c | 2 +- arch/powerpc/mm/book3s64/hash_utils.c | 10 +- arch/powerpc/mm/ptdump/hashpagetable.c | 6 + arch/riscv/kvm/vcpu_insn.c | 22 ++ arch/s390/include/asm/fpu-insn.h | 3 + arch/s390/kernel/smp.c | 1 + arch/um/Kconfig | 1 + arch/um/Makefile | 12 +- arch/um/include/asm/kasan.h | 4 - arch/x86/boot/compressed/pgtable_64.c | 11 +- arch/x86/events/core.c | 5 +- arch/x86/events/intel/core.c | 7 +- arch/x86/events/intel/cstate.c | 3 +- arch/x86/kernel/dumpstack.c | 23 +- block/blk-lib.c | 6 +- block/blk-mq.c | 35 +- block/blk-throttle.c | 9 +- block/mq-deadline.c | 129 ++++--- crypto/aead.c | 1 + crypto/ahash.c | 18 +- crypto/asymmetric_keys/asymmetric_type.c | 12 +- crypto/authenc.c | 75 +++-- drivers/accel/amdxdna/aie2_ctx.c | 22 +- drivers/accel/amdxdna/aie2_pci.c | 10 +- drivers/accel/amdxdna/amdxdna_ctx.c | 1 + drivers/accel/amdxdna/amdxdna_ctx.h | 1 + drivers/accel/amdxdna/amdxdna_gem.c | 47 ++- drivers/accel/amdxdna/amdxdna_mailbox.c | 1 + drivers/accel/ivpu/ivpu_gem.c | 97 ++++-- drivers/accel/ivpu/ivpu_gem.h | 2 +- drivers/accel/ivpu/ivpu_hw_btrs.c | 2 +- drivers/accel/ivpu/ivpu_hw_btrs.h | 2 +- drivers/accel/ivpu/ivpu_job.c | 6 +- drivers/accel/ivpu/ivpu_pm.c | 9 +- drivers/acpi/apei/ghes.c | 27 +- drivers/acpi/processor_core.c | 2 +- drivers/acpi/property.c | 1 + drivers/base/firmware_loader/Kconfig | 2 +- drivers/block/nbd.c | 5 +- drivers/block/ps3disk.c | 4 + drivers/block/ublk_drv.c | 4 +- drivers/char/random.c | 19 +- drivers/clk/Makefile | 3 +- drivers/clk/qcom/camcc-sm6350.c | 13 +- drivers/clk/qcom/camcc-sm7150.c | 6 +- drivers/clk/qcom/camcc-sm8550.c | 10 + drivers/clk/qcom/clk-rpmh.c | 1 + drivers/clk/qcom/gcc-glymur.c | 24 +- drivers/clk/qcom/gcc-ipq5424.c | 3 +- drivers/clk/qcom/gcc-qcs615.c | 6 +- drivers/clk/qcom/gcc-sm8750.c | 1 + drivers/clk/qcom/tcsrcc-glymur.c | 54 +-- drivers/clk/renesas/r9a06g032-clocks.c | 6 +- drivers/clk/renesas/r9a09g077-cpg.c | 4 +- drivers/clk/renesas/renesas-cpg-mssr.c | 57 ++-- drivers/clk/spacemit/ccu-k1.c | 4 +- drivers/clocksource/arm_arch_timer_mmio.c | 2 + drivers/clocksource/timer-nxp-pit.c | 3 +- drivers/clocksource/timer-nxp-stm.c | 23 +- drivers/clocksource/timer-ralink.c | 11 +- drivers/cpufreq/amd-pstate.c | 2 +- drivers/crypto/ccree/cc_buffer_mgr.c | 6 +- drivers/crypto/hisilicon/qm.c | 14 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 2 +- drivers/crypto/starfive/jh7110-hash.c | 6 +- drivers/devfreq/hisi_uncore_freq.c | 3 +- drivers/firmware/efi/cper-arm.c | 52 ++- drivers/firmware/efi/cper.c | 60 ++++ drivers/firmware/efi/libstub/x86-5lvl.c | 4 +- drivers/firmware/imx/imx-scu-irq.c | 4 +- drivers/firmware/stratix10-svc.c | 1 + drivers/firmware/ti_sci.c | 21 +- drivers/firmware/ti_sci.h | 2 + drivers/gpio/Kconfig | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_userq.c | 44 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_userq.h | 12 +- drivers/gpu/drm/amd/amdgpu/mes_userqueue.c | 31 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 46 ++- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 4 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 8 +- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 27 +- drivers/gpu/drm/drm_plane.c | 8 +- drivers/gpu/drm/i915/display/intel_fbdev.c | 43 ++- drivers/gpu/drm/i915/display/intel_fbdev_fb.c | 42 +-- drivers/gpu/drm/i915/display/intel_fbdev_fb.h | 8 +- drivers/gpu/drm/imagination/pvr_device.c | 2 +- drivers/gpu/drm/mediatek/mtk_disp_ccorr.c | 23 +- drivers/gpu/drm/msm/adreno/a2xx_gpu.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 34 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 10 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dsc.h | 6 - drivers/gpu/drm/msm/msm_gpu.c | 21 +- .../gpu/drm/nouveau/dispnv04/nouveau_i2c_encoder.c | 20 -- .../drm/nouveau/include/dispnv04/i2c/encoder_i2c.h | 19 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 6 +- drivers/gpu/drm/nouveau/nvkm/subdev/fb/base.c | 2 +- drivers/gpu/drm/nova/Kconfig | 1 + drivers/gpu/drm/panel/panel-novatek-nt35560.c | 8 +- drivers/gpu/drm/panel/panel-visionox-rm69299.c | 4 +- drivers/gpu/drm/panthor/panthor_device.c | 4 +- drivers/gpu/drm/panthor/panthor_gem.c | 20 +- drivers/gpu/drm/panthor/panthor_mmu.c | 18 +- drivers/gpu/drm/panthor/panthor_sched.c | 25 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 4 +- drivers/gpu/drm/tidss/tidss_dispc.c | 93 +++-- drivers/gpu/drm/tidss/tidss_dispc.h | 3 - drivers/gpu/drm/tidss/tidss_drv.h | 2 + drivers/gpu/drm/tidss/tidss_oldi.c | 22 ++ drivers/gpu/drm/vgem/vgem_fence.c | 2 +- drivers/gpu/drm/xe/display/intel_fbdev_fb.c | 32 +- drivers/gpu/drm/xe/xe_exec_queue.c | 3 + drivers/gpu/host1x/syncpt.c | 4 +- drivers/gpu/nova-core/firmware/gsp.rs | 8 +- drivers/greybus/gb-beagleplay.c | 12 +- drivers/hid/hid-logitech-hidpp.c | 9 +- drivers/hv/mshv_root_main.c | 89 +++-- drivers/hwmon/sy7636a-hwmon.c | 7 +- drivers/hwtracing/coresight/coresight-etm-perf.c | 1 + drivers/hwtracing/coresight/coresight-etm3x-core.c | 59 ++-- drivers/hwtracing/coresight/coresight-etm4x-core.c | 103 ++++-- drivers/hwtracing/coresight/coresight-etm4x.h | 3 - drivers/hwtracing/coresight/coresight-tmc-etr.c | 10 +- drivers/i2c/busses/i2c-k1.c | 19 +- drivers/i3c/master.c | 8 +- drivers/i3c/master/svc-i3c-master.c | 22 +- drivers/iio/imu/bmi270/bmi270_spi.c | 2 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 2 +- drivers/iio/industrialio-core.c | 17 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_sp.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_sp.h | 2 +- drivers/infiniband/hw/irdma/cm.c | 2 +- drivers/infiniband/hw/irdma/ctrl.c | 6 +- drivers/infiniband/hw/irdma/icrdma_if.c | 6 +- drivers/infiniband/hw/irdma/ig3rdma_if.c | 4 + drivers/infiniband/hw/irdma/main.h | 2 +- drivers/infiniband/hw/irdma/pble.c | 6 +- drivers/infiniband/hw/irdma/puda.c | 1 - drivers/infiniband/hw/irdma/uk.c | 31 +- drivers/infiniband/hw/irdma/user.h | 1 - drivers/infiniband/hw/irdma/verbs.c | 24 +- drivers/infiniband/hw/irdma/verbs.h | 3 +- drivers/infiniband/sw/rxe/rxe_srq.c | 7 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 2 +- drivers/interconnect/debugfs-client.c | 7 +- drivers/interconnect/qcom/msm8996.c | 1 + drivers/iommu/amd/debugfs.c | 2 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 27 +- drivers/iommu/intel/Kconfig | 2 +- drivers/iommu/intel/iommu.h | 2 +- drivers/irqchip/irq-bcm2712-mip.c | 11 +- drivers/irqchip/irq-bcm7038-l1.c | 11 +- drivers/irqchip/irq-bcm7120-l2.c | 31 +- drivers/irqchip/irq-brcmstb-l2.c | 25 +- drivers/irqchip/irq-imx-mu-msi.c | 28 +- drivers/irqchip/irq-mchp-eic.c | 7 +- drivers/irqchip/irq-meson-gpio.c | 5 +- drivers/irqchip/irq-qcom-mpm.c | 6 +- drivers/irqchip/irq-renesas-rzg2l.c | 37 +- drivers/irqchip/irq-renesas-rzv2h.c | 32 +- drivers/irqchip/irq-starfive-jh8100-intc.c | 6 +- drivers/irqchip/irqchip.c | 10 +- drivers/irqchip/qcom-irq-combiner.c | 2 +- drivers/irqchip/qcom-pdc.c | 5 +- drivers/leds/leds-netxbig.c | 36 +- drivers/leds/leds-upboard.c | 2 +- drivers/leds/rgb/leds-qcom-lpg.c | 4 +- drivers/macintosh/mac_hid.c | 3 +- drivers/md/dm-log-writes.c | 1 + drivers/md/dm-raid.c | 2 + drivers/md/md.c | 92 ++--- drivers/md/md.h | 9 +- drivers/md/raid5.c | 6 +- drivers/mfd/da9055-core.c | 1 + drivers/mfd/mt6358-irq.c | 1 + drivers/mfd/mt6397-irq.c | 1 + drivers/misc/rp1/rp1_pci.c | 3 + drivers/mtd/lpddr/lpddr_cmds.c | 8 +- drivers/mtd/nand/raw/lpc32xx_slc.c | 2 + drivers/mtd/nand/raw/marvell_nand.c | 13 +- drivers/mtd/nand/raw/nand_base.c | 13 +- drivers/mtd/nand/raw/renesas-nand-controller.c | 5 +- drivers/net/dsa/b53/b53_common.c | 331 ++++++++++++------ drivers/net/dsa/b53/b53_priv.h | 111 +++++- drivers/net/dsa/b53/b53_regs.h | 41 ++- drivers/net/dsa/xrs700x/xrs700x.c | 11 + drivers/net/ethernet/intel/iavf/iavf_ptp.c | 7 + drivers/net/ethernet/intel/ice/devlink/devlink.c | 21 +- drivers/net/ethernet/intel/ice/ice.h | 4 + drivers/net/ethernet/intel/ice/ice_common.c | 3 + drivers/net/ethernet/intel/ice/ice_main.c | 169 +++++----- drivers/net/ethernet/stmicro/stmmac/dwmac-sophgo.c | 20 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_vlan.c | 3 +- drivers/net/phy/adin1100.c | 2 +- drivers/net/phy/aquantia/aquantia_firmware.c | 2 +- drivers/net/phy/mscc/mscc_main.c | 6 +- drivers/net/phy/phy-core.c | 43 +++ drivers/net/phy/realtek/realtek_main.c | 65 ++-- drivers/net/vxlan/vxlan_core.c | 18 +- drivers/net/wireless/ath/ath10k/core.c | 20 +- drivers/net/wireless/ath/ath10k/core.h | 2 +- drivers/net/wireless/ath/ath10k/mac.c | 2 +- drivers/net/wireless/ath/ath11k/mac.c | 8 +- drivers/net/wireless/ath/ath11k/pci.c | 20 +- drivers/net/wireless/ath/ath11k/wmi.c | 20 +- drivers/net/wireless/ath/ath11k/wmi.h | 2 + drivers/net/wireless/ath/ath12k/core.c | 24 +- drivers/net/wireless/ath/ath12k/core.h | 1 - drivers/net/wireless/ath/ath12k/dp_rx.c | 70 +++- drivers/net/wireless/ath/ath12k/hal_rx.c | 10 +- drivers/net/wireless/ath/ath12k/mac.c | 28 +- drivers/net/wireless/ath/ath12k/pci.c | 20 +- drivers/net/wireless/ath/ath12k/qmi.c | 11 +- drivers/net/wireless/ath/ath12k/qmi.h | 5 +- drivers/net/wireless/ath/ath12k/wmi.c | 23 +- drivers/net/wireless/ath/ath12k/wmi.h | 2 + drivers/net/wireless/ath/ath12k/wow.c | 1 + drivers/net/wireless/intel/iwlwifi/mld/d3.c | 4 + drivers/net/wireless/mediatek/mt76/mac80211.c | 2 - drivers/net/wireless/mediatek/mt76/mt76.h | 9 + drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 2 + drivers/net/wireless/mediatek/mt76/mt792x_core.c | 1 - drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 15 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 19 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 18 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 115 ++++--- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 69 ++-- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 1 + drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 11 +- drivers/net/wireless/mediatek/mt76/wed.c | 10 +- drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c | 9 +- drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 27 +- drivers/net/wireless/realtek/rtw89/usb.c | 13 +- drivers/net/wireless/st/cw1200/bh.c | 6 +- drivers/nvme/host/auth.c | 2 +- drivers/of/fdt.c | 85 +++-- drivers/of/of_kunit_helpers.c | 5 +- drivers/pci/controller/Kconfig | 7 +- drivers/pci/controller/cadence/pcie-sg2042.c | 3 - drivers/pci/controller/dwc/pci-keystone.c | 2 + drivers/pci/controller/dwc/pcie-designware.h | 2 +- drivers/pci/controller/dwc/pcie-stm32-ep.c | 41 +-- drivers/pci/endpoint/functions/pci-epf-test.c | 5 +- drivers/pci/setup-bus.c | 5 + drivers/phy/freescale/phy-fsl-imx8qm-hsio.c | 5 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 20 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 15 + drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 27 +- drivers/pinctrl/pinctrl-single.c | 7 +- drivers/pinctrl/qcom/pinctrl-glymur.c | 6 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 6 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 2 +- drivers/platform/x86/asus-wmi.c | 8 +- drivers/platform/x86/intel/pmc/core.h | 2 +- drivers/power/supply/apm_power.c | 3 +- drivers/power/supply/cw2015_battery.c | 8 +- drivers/power/supply/max17040_battery.c | 6 +- drivers/power/supply/qcom_battmgr.c | 26 +- drivers/power/supply/rt5033_charger.c | 2 + drivers/power/supply/rt9467-charger.c | 6 +- drivers/power/supply/wm831x_power.c | 10 +- drivers/pwm/core.c | 5 +- drivers/pwm/pwm-bcm2835.c | 28 +- drivers/ras/ras.c | 40 ++- drivers/regulator/core.c | 37 +- drivers/regulator/fixed.c | 11 +- drivers/regulator/pca9450-regulator.c | 7 +- drivers/regulator/spacemit-p1.c | 4 +- drivers/remoteproc/imx_rproc.c | 9 +- drivers/remoteproc/qcom_q6v5_wcss.c | 8 +- drivers/rtc/rtc-amlogic-a4.c | 4 - drivers/rtc/rtc-gamecube.c | 4 + drivers/rtc/rtc-max31335.c | 6 +- drivers/s390/crypto/ap_bus.c | 8 +- drivers/scsi/imm.c | 1 + drivers/scsi/qla2xxx/qla_nvme.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 20 +- drivers/scsi/qla2xxx/qla_target.c | 5 +- drivers/scsi/qla2xxx/qla_target.h | 1 + drivers/scsi/sim710.c | 2 + drivers/scsi/smartpqi/smartpqi_init.c | 19 ++ drivers/scsi/stex.c | 1 + drivers/soc/qcom/qcom_gsbi.c | 8 - drivers/soc/qcom/smem.c | 3 +- drivers/soc/renesas/r9a08g045-sysc.c | 69 ++++ drivers/soc/renesas/r9a09g047-sys.c | 79 +++++ drivers/soc/renesas/r9a09g056-sys.c | 69 ++++ drivers/soc/renesas/r9a09g057-sys.c | 101 ++++++ drivers/soc/renesas/rz-sysc.c | 2 + drivers/soc/renesas/rz-sysc.h | 4 + drivers/soc/samsung/exynos-pmu.c | 7 +- drivers/soc/tegra/fuse/speedo-tegra210.c | 58 +++- drivers/spi/spi-airoha-snfi.c | 25 +- drivers/spi/spi-ch341.c | 2 +- drivers/spi/spi-sg2044-nor.c | 4 +- drivers/spi/spi-tegra210-quad.c | 22 +- drivers/staging/fbtft/fbtft-core.c | 4 +- drivers/staging/most/Kconfig | 2 - drivers/staging/most/Makefile | 1 - drivers/staging/most/i2c/Kconfig | 13 - drivers/staging/most/i2c/Makefile | 4 - drivers/staging/most/i2c/i2c.c | 374 --------------------- drivers/target/target_core_configfs.c | 1 - drivers/target/target_core_stat.c | 24 +- drivers/tty/serial/imx.c | 14 + drivers/ufs/core/ufshcd-priv.h | 2 + drivers/ufs/core/ufshcd.c | 27 +- drivers/ufs/host/ufs-rockchip.c | 19 +- drivers/uio/uio_fsl_elbc_gpcm.c | 7 + drivers/usb/core/message.c | 2 +- drivers/usb/dwc2/platform.c | 17 +- drivers/usb/dwc3/host.c | 5 +- drivers/usb/gadget/legacy/raw_gadget.c | 3 + drivers/usb/gadget/udc/tegra-xudc.c | 6 - drivers/usb/misc/chaoskey.c | 16 +- drivers/usb/phy/phy.c | 4 + drivers/usb/typec/ucsi/ucsi_huawei_gaokun.c | 2 + drivers/vdpa/mlx5/net/mlx5_vnet.c | 2 +- drivers/vdpa/pds/vdpa_dev.c | 2 +- drivers/vfio/pci/vfio_pci_core.c | 68 ++-- drivers/vfio/pci/vfio_pci_intrs.c | 52 +-- drivers/vfio/pci/vfio_pci_priv.h | 4 + drivers/vhost/net.c | 12 +- drivers/vhost/vhost.c | 4 +- drivers/video/backlight/led_bl.c | 13 + drivers/video/fbdev/ssd1307fb.c | 4 +- drivers/virtio/virtio.c | 12 +- drivers/virtio/virtio_debug.c | 10 +- drivers/virtio/virtio_pci_modern_dev.c | 6 +- drivers/virtio/virtio_ring.c | 7 +- drivers/virtio/virtio_vdpa.c | 2 +- drivers/watchdog/starfive-wdt.c | 4 +- drivers/watchdog/wdat_wdt.c | 64 ++-- fs/9p/v9fs.c | 4 +- fs/9p/vfs_file.c | 11 +- fs/9p/vfs_inode.c | 3 +- fs/9p/vfs_inode_dotl.c | 2 +- fs/btrfs/block-group.c | 6 +- fs/btrfs/ctree.c | 2 +- fs/btrfs/delayed-ref.c | 43 ++- fs/btrfs/scrub.c | 2 +- fs/btrfs/space-info.c | 22 +- fs/btrfs/space-info.h | 6 +- fs/erofs/super.c | 38 ++- fs/exfat/balloc.c | 2 +- fs/exfat/namei.c | 20 +- fs/ext4/mballoc.c | 49 ++- fs/ext4/move_extent.c | 2 +- fs/f2fs/f2fs.h | 2 + fs/f2fs/gc.c | 132 +++++--- fs/f2fs/recovery.c | 2 +- fs/f2fs/segment.c | 38 ++- fs/f2fs/segment.h | 8 +- fs/f2fs/super.c | 14 + fs/f2fs/sysfs.c | 7 + fs/fuse/control.c | 19 +- fs/gfs2/glock.c | 5 +- fs/gfs2/inode.c | 15 + fs/gfs2/inode.h | 1 + fs/gfs2/ops_fstype.c | 2 +- fs/hfs/catalog.c | 2 +- fs/inode.c | 58 ++-- fs/iomap/direct-io.c | 23 +- fs/kernfs/dir.c | 5 +- fs/nfs/client.c | 21 +- fs/nfs/dir.c | 27 +- fs/nfs/internal.h | 3 +- fs/nfs/localio.c | 4 +- fs/nfs/namespace.c | 11 +- fs/nfs/nfs4client.c | 18 +- fs/nfs/nfs4proc.c | 27 +- fs/nfs/pnfs.c | 1 + fs/nfs/super.c | 33 +- fs/nfsd/blocklayout.c | 4 +- fs/nls/nls_base.c | 27 +- fs/ntfs3/frecord.c | 8 +- fs/ntfs3/fsntfs.c | 9 +- fs/ntfs3/inode.c | 7 +- fs/ocfs2/alloc.c | 1 - fs/ocfs2/inode.c | 10 +- fs/ocfs2/move_extents.c | 8 +- fs/pidfs.c | 2 + fs/smb/client/cifssmb.c | 2 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/client/smbdirect.c | 28 +- fs/smb/common/smbdirect/smbdirect_socket.h | 51 +++ fs/smb/server/transport_rdma.c | 40 ++- fs/tracefs/event_inode.c | 3 +- include/asm-generic/mshyperv.h | 17 +- include/asm-generic/rqspinlock.h | 60 ++-- include/linux/blk_types.h | 5 +- include/linux/cleanup.h | 15 +- include/linux/coresight.h | 35 +- include/linux/cper.h | 12 +- include/linux/f2fs_fs.h | 5 +- include/linux/filter.h | 12 +- include/linux/firmware/qcom/qcom_tzmem.h | 15 +- include/linux/ieee80211.h | 4 +- include/linux/if_hsr.h | 9 + include/linux/irq-entry-common.h | 2 +- include/linux/irqchip.h | 8 +- include/linux/netdevice.h | 1 + include/linux/nfs_fs_sb.h | 5 + include/linux/ns_common.h | 11 + include/linux/of_fdt.h | 9 + include/linux/phy.h | 3 + include/linux/platform_data/lp855x.h | 4 +- include/linux/ras.h | 16 +- include/linux/soc/mediatek/mtk_wed.h | 1 + include/linux/vfio_pci_core.h | 10 +- include/linux/virtio.h | 2 +- include/linux/virtio_config.h | 24 +- include/linux/virtio_features.h | 29 +- include/linux/virtio_pci_modern.h | 8 +- include/net/netfilter/nf_conntrack_count.h | 15 +- include/ras/ras_event.h | 49 ++- include/sound/tas2781.h | 2 +- include/target/target_core_base.h | 12 +- include/uapi/linux/pidfd.h | 1 + include/uapi/sound/asound.h | 2 +- include/ufs/ufshcd.h | 1 - io_uring/io_uring.c | 10 +- io_uring/kbuf.c | 10 +- io_uring/zcrx.c | 16 +- kernel/bpf/hashtab.c | 10 +- kernel/bpf/helpers.c | 3 + kernel/bpf/rqspinlock.c | 36 +- kernel/bpf/stackmap.c | 62 ++-- kernel/bpf/syscall.c | 6 +- kernel/bpf/trampoline.c | 4 +- kernel/bpf/verifier.c | 89 +++-- kernel/cgroup/cpuset.c | 35 +- kernel/cgroup/namespace.c | 2 +- kernel/cpu.c | 25 +- kernel/dma/pool.c | 2 +- kernel/events/core.c | 22 +- kernel/locking/locktorture.c | 8 +- kernel/resource.c | 10 +- kernel/sched/fair.c | 17 +- kernel/sched/stats.h | 7 +- kernel/task_work.c | 8 +- kernel/time/timer_migration.c | 264 ++++++++------- lib/vsprintf.c | 6 +- net/bpf/test_run.c | 5 + net/core/dev.h | 1 - net/core/filter.c | 16 +- net/core/netpoll.c | 2 +- net/hsr/hsr_device.c | 20 ++ net/hsr/hsr_slave.c | 7 +- net/ipv6/ip6_fib.c | 4 + net/mac80211/aes_cmac.c | 63 +++- net/mac80211/aes_cmac.h | 8 +- net/mac80211/wpa.c | 20 +- net/netfilter/nf_conncount.c | 195 +++++++---- net/netfilter/nft_connlimit.c | 34 +- net/netfilter/nft_flow_offload.c | 9 +- net/netfilter/xt_connlimit.c | 14 +- net/openvswitch/conntrack.c | 16 +- net/sched/sch_cake.c | 60 ++-- net/sctp/socket.c | 5 +- scripts/cc-can-link.sh | 2 +- scripts/lib/kdoc/kdoc_parser.py | 16 +- scripts/package/install-extmod-build | 2 +- security/integrity/ima/ima_main.c | 40 ++- security/integrity/ima/ima_policy.c | 2 +- security/landlock/errata/abi-1.h | 16 + security/landlock/fs.c | 40 ++- security/smack/smack.h | 3 + security/smack/smack_access.c | 93 +++-- security/smack/smack_lsm.c | 277 ++++++++++----- sound/firewire/dice/dice-extension.c | 4 +- sound/firewire/motu/motu-hwdep.c | 7 +- sound/hda/codecs/realtek/alc269.c | 2 + sound/hda/codecs/side-codecs/cs35l41_hda.c | 2 + sound/hda/codecs/side-codecs/tas2781_hda_i2c.c | 44 +-- sound/isa/wavefront/wavefront_midi.c | 2 + sound/isa/wavefront/wavefront_synth.c | 4 +- sound/soc/amd/acp/acp-i2s.c | 2 + sound/soc/amd/acp/acp-legacy-common.c | 30 +- sound/soc/bcm/bcm63xx-pcm-whistler.c | 4 +- sound/soc/codecs/Kconfig | 5 + sound/soc/codecs/Makefile | 2 + sound/soc/codecs/ak4458.c | 10 +- sound/soc/codecs/ak5558.c | 10 +- sound/soc/codecs/nau8325.c | 3 +- sound/soc/codecs/tas2781-comlib-i2c.c | 2 +- sound/soc/codecs/tas2781-i2c.c | 2 +- sound/soc/fsl/fsl_xcvr.c | 2 +- sound/soc/intel/catpt/pcm.c | 4 +- sound/soc/sdca/sdca_functions.c | 2 +- tools/bpf/bpftool/sign.c | 6 + tools/include/nolibc/arch-x86.h | 6 +- tools/include/nolibc/dirent.h | 6 +- tools/include/nolibc/stdio.h | 4 + tools/include/nolibc/sys/wait.h | 18 +- tools/lib/bpf/btf.c | 4 +- tools/objtool/check.c | 3 +- tools/objtool/elf.c | 8 +- tools/perf/builtin-kvm.c | 2 +- tools/perf/builtin-record.c | 2 +- tools/perf/builtin-stat.c | 15 +- .../pmu-events/arch/s390/cf_z16/transaction.json | 8 +- .../pmu-events/arch/s390/cf_z17/transaction.json | 8 +- tools/perf/util/annotate.c | 2 +- .../util/arm-spe-decoder/arm-spe-pkt-decoder.c | 25 +- .../util/arm-spe-decoder/arm-spe-pkt-decoder.h | 15 +- tools/perf/util/bpf_counter.c | 7 +- tools/perf/util/bpf_lock_contention.c | 6 +- tools/perf/util/evsel.c | 2 +- tools/perf/util/genelf.c | 32 +- tools/perf/util/hist.c | 6 +- tools/perf/util/hist.h | 8 +- tools/perf/util/hwmon_pmu.c | 3 +- tools/perf/util/parse-events.c | 44 ++- tools/perf/util/parse-events.h | 3 +- tools/perf/util/parse-events.y | 2 +- tools/perf/util/symbol.c | 5 +- tools/power/x86/turbostat/turbostat.c | 12 +- tools/testing/selftests/bpf/.gitignore | 1 + tools/testing/selftests/bpf/Makefile | 6 +- .../selftests/bpf/prog_tests/kmem_cache_iter.c | 3 +- .../selftests/bpf/prog_tests/perf_branches.c | 22 +- .../testing/selftests/bpf/prog_tests/send_signal.c | 5 + .../selftests/bpf/progs/test_perf_branches.c | 3 + tools/testing/selftests/bpf/test_tag.c | 2 +- .../drivers/net/bonding/bond_macvlan_ipvlan.sh | 1 + tools/testing/selftests/landlock/Makefile | 2 +- .../tcp_syscall_bad_arg_sendmsg-empty-iov.pkt | 4 + .../net/packetdrill/tcp_zerocopy_basic.pkt | 2 + .../net/packetdrill/tcp_zerocopy_batch.pkt | 2 + .../net/packetdrill/tcp_zerocopy_client.pkt | 2 + .../net/packetdrill/tcp_zerocopy_closed.pkt | 2 + .../net/packetdrill/tcp_zerocopy_epoll_edge.pkt | 3 + .../packetdrill/tcp_zerocopy_epoll_exclusive.pkt | 3 + .../net/packetdrill/tcp_zerocopy_epoll_oneshot.pkt | 3 + .../packetdrill/tcp_zerocopy_fastopen-client.pkt | 2 + .../packetdrill/tcp_zerocopy_fastopen-server.pkt | 2 + .../net/packetdrill/tcp_zerocopy_maxfrags.pkt | 2 + .../net/packetdrill/tcp_zerocopy_small.pkt | 2 + tools/tracing/rtla/Makefile.rtla | 2 +- tools/tracing/rtla/src/common.c | 24 +- tools/tracing/rtla/src/osnoise_hist.c | 3 +- tools/tracing/rtla/src/osnoise_top.c | 3 +- tools/tracing/rtla/src/timerlat.c | 3 +- tools/tracing/rtla/src/timerlat_hist.c | 3 +- tools/tracing/rtla/src/timerlat_top.c | 3 +- tools/tracing/rtla/tests/osnoise.t | 6 +- tools/tracing/rtla/tests/timerlat.t | 4 +- 616 files changed, 6319 insertions(+), 3850 deletions(-)

6 days, 14 hours

20
645
0 0

[PATCH 6.1.y] net: openvswitch: fix middle attribute validation in push_nsh() action

by Adrian Yip

From: Ilya Maximets <i.maximets(a)ovn.org> [ Upstream commit 5ace7ef87f059d68b5f50837ef3e8a1a4870c36e ] The push_nsh() action structure looks like this: OVS_ACTION_ATTR_PUSH_NSH(OVS_KEY_ATTR_NSH(OVS_NSH_KEY_ATTR_BASE,...)) The outermost OVS_ACTION_ATTR_PUSH_NSH attribute is OK'ed by the nla_for_each_nested() inside __ovs_nla_copy_actions(). The innermost OVS_NSH_KEY_ATTR_BASE/MD1/MD2 are OK'ed by the nla_for_each_nested() inside nsh_key_put_from_nlattr(). But nothing checks if the attribute in the middle is OK. We don't even check that this attribute is the OVS_KEY_ATTR_NSH. We just do a double unwrap with a pair of nla_data() calls - first time directly while calling validate_push_nsh() and the second time as part of the nla_for_each_nested() macro, which isn't safe, potentially causing invalid memory access if the size of this attribute is incorrect. The failure may not be noticed during validation due to larger netlink buffer, but cause trouble later during action execution where the buffer is allocated exactly to the size: BUG: KASAN: slab-out-of-bounds in nsh_hdr_from_nlattr+0x1dd/0x6a0 [openvswitch] Read of size 184 at addr ffff88816459a634 by task a.out/22624 CPU: 8 UID: 0 PID: 22624 6.18.0-rc7+ #115 PREEMPT(voluntary) Call Trace: <TASK> dump_stack_lvl+0x51/0x70 print_address_description.constprop.0+0x2c/0x390 kasan_report+0xdd/0x110 kasan_check_range+0x35/0x1b0 __asan_memcpy+0x20/0x60 nsh_hdr_from_nlattr+0x1dd/0x6a0 [openvswitch] push_nsh+0x82/0x120 [openvswitch] do_execute_actions+0x1405/0x2840 [openvswitch] ovs_execute_actions+0xd5/0x3b0 [openvswitch] ovs_packet_cmd_execute+0x949/0xdb0 [openvswitch] genl_family_rcv_msg_doit+0x1d6/0x2b0 genl_family_rcv_msg+0x336/0x580 genl_rcv_msg+0x9f/0x130 netlink_rcv_skb+0x11f/0x370 genl_rcv+0x24/0x40 netlink_unicast+0x73e/0xaa0 netlink_sendmsg+0x744/0xbf0 __sys_sendto+0x3d6/0x450 do_syscall_64+0x79/0x2c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> Let's add some checks that the attribute is properly sized and it's the only one attribute inside the action. Technically, there is no real reason for OVS_KEY_ATTR_NSH to be there, as we know that we're pushing an NSH header already, it just creates extra nesting, but that's how uAPI works today. So, keeping as it is. Fixes: b2d0f5d5dc53 ("openvswitch: enable NSH support") Reported-by: Junvy Yang <zhuque(a)tencent.com> Signed-off-by: Ilya Maximets <i.maximets(a)ovn.org> Acked-by: Eelco Chaudron echaudro(a)redhat.com Reviewed-by: Aaron Conole <aconole(a)redhat.com> Link: https://patch.msgid.link/20251204105334.900379-1-i.maximets@ovn.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> (cherry picked from commit 5ace7ef87f059d68b5f50837ef3e8a1a4870c36e) Signed-off-by: Adrian Yip <adrian.ytw(a)gmail.com> --- net/openvswitch/flow_netlink.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index d0b6e5872081..d4c8b4aa98b1 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -2786,13 +2786,20 @@ static int validate_and_copy_set_tun(const struct nlattr *attr, return err; } -static bool validate_push_nsh(const struct nlattr *attr, bool log) +static bool validate_push_nsh(const struct nlattr *a, bool log) { + struct nlattr *nsh_key = nla_data(a); struct sw_flow_match match; struct sw_flow_key key; + /* There must be one and only one NSH header. */ + if (!nla_ok(nsh_key, nla_len(a)) || + nla_total_size(nla_len(nsh_key)) != nla_len(a) || + nla_type(nsh_key) != OVS_KEY_ATTR_NSH) + return false; + ovs_match_init(&match, &key, true, NULL); - return !nsh_key_put_from_nlattr(attr, &match, false, true, log); + return !nsh_key_put_from_nlattr(nsh_key, &match, false, true, log); } /* Return false if there are any non-masked bits set. @@ -3346,7 +3353,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, return -EINVAL; } mac_proto = MAC_PROTO_NONE; - if (!validate_push_nsh(nla_data(a), log)) + if (!validate_push_nsh(a, log)) return -EINVAL; break; -- 2.52.0

6 days, 14 hours

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror