- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.245 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/freescale/imx8mp.dtsi | 4 arch/um/drivers/virtio_uml.c | 6 arch/x86/kvm/svm/svm.c | 3 crypto/af_alg.c | 7 drivers/cpufreq/cpufreq.c | 20 - drivers/dma/qcom/bam_dma.c | 8 drivers/dma/ti/edma.c | 4 drivers/edac/altera_edac.c | 1 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 6 drivers/gpu/drm/gma500/oaktrail_hdmi.c | 2 drivers/gpu/drm/i915/display/intel_display_power.c | 6 drivers/infiniband/hw/mlx5/devx.c | 1 drivers/input/serio/i8042-acpipnpio.h | 14 drivers/media/i2c/imx214.c | 27 + drivers/media/platform/mtk-vcodec/venc/venc_h264_if.c | 6 drivers/mmc/host/mvsdio.c | 2 drivers/mtd/mtdpstore.c | 3 drivers/mtd/nand/raw/atmel/nand-controller.c | 18 - drivers/mtd/nand/raw/stm32_fmc2_nand.c | 48 +- drivers/net/can/rcar/rcar_can.c | 8 drivers/net/can/spi/hi311x.c | 1 drivers/net/can/sun4i_can.c | 1 drivers/net/can/usb/mcba_usb.c | 1 drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 2 drivers/net/ethernet/broadcom/cnic.c | 3 drivers/net/ethernet/cavium/liquidio/request_manager.c | 2 drivers/net/ethernet/freescale/fec_main.c | 3 drivers/net/ethernet/intel/i40e/i40e.h | 1 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 25 + drivers/net/ethernet/intel/i40e/i40e_main.c | 10 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 ++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 drivers/net/ethernet/intel/igb/igb_ethtool.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/natsemi/ns83820.c | 13 drivers/net/ethernet/qlogic/qed/qed_debug.c | 7 drivers/pcmcia/omap_cf.c | 8 drivers/phy/broadcom/phy-bcm-cygnus-pcie.c | 4 drivers/phy/broadcom/phy-bcm-kona-usb2.c | 4 drivers/phy/broadcom/phy-bcm-ns-usb2.c | 4 drivers/phy/broadcom/phy-bcm-ns-usb3.c | 168 ---------- drivers/phy/broadcom/phy-bcm-ns2-usbdrd.c | 13 drivers/phy/broadcom/phy-bcm-sr-pcie.c | 5 drivers/phy/broadcom/phy-bcm-sr-usb.c | 4 drivers/phy/broadcom/phy-brcm-sata.c | 8 drivers/phy/marvell/phy-berlin-usb.c | 7 drivers/phy/ralink/phy-ralink-usb.c | 10 drivers/phy/rockchip/phy-rockchip-pcie.c | 11 drivers/phy/rockchip/phy-rockchip-usb.c | 10 drivers/phy/ti/phy-omap-control.c | 26 - drivers/phy/ti/phy-omap-usb2.c | 28 + drivers/phy/ti/phy-ti-pipe3.c | 42 +- drivers/power/supply/bq27xxx_battery.c | 4 drivers/soc/qcom/mdt_loader.c | 12 drivers/tty/hvc/hvc_console.c | 6 drivers/tty/serial/sc16is7xx.c | 14 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/udc/dummy_hcd.c | 25 - drivers/usb/host/xhci-dbgcap.c | 94 +++-- drivers/usb/serial/option.c | 17 + drivers/video/fbdev/core/fbcon.c | 13 fs/btrfs/tree-checker.c | 4 fs/fuse/file.c | 5 fs/hugetlbfs/inode.c | 14 fs/nfs/client.c | 2 fs/nfs/flexfilelayout/flexfilelayout.c | 21 - fs/nfs/nfs4proc.c | 1 fs/nilfs2/sysfs.c | 4 fs/nilfs2/sysfs.h | 8 fs/ocfs2/extent_map.c | 10 include/crypto/if_alg.h | 10 include/linux/compiler-clang.h | 42 +- include/linux/compiler-gcc.h | 4 include/linux/interrupt.h | 72 ++-- include/linux/overflow.h | 208 ++---------- include/net/nexthop.h | 3 include/net/sock.h | 40 ++ include/uapi/linux/rtnetlink.h | 6 kernel/cgroup/cgroup.c | 43 ++ kernel/irq/manage.c | 111 ++++++ kernel/trace/trace.c | 4 kernel/trace/trace_dynevent.c | 4 mm/khugepaged.c | 2 mm/memory-failure.c | 7 mm/migrate.c | 12 net/can/j1939/bus.c | 5 net/can/j1939/socket.c | 3 net/core/sock.c | 5 net/ipv4/fib_semantics.c | 2 net/ipv4/ip_tunnel_core.c | 6 net/ipv4/nexthop.c | 28 + net/ipv4/tcp.c | 5 net/ipv4/tcp_bpf.c | 5 net/mac80211/driver-ops.h | 2 net/mptcp/pm_netlink.c | 1 net/mptcp/protocol.c | 16 net/rds/ib_frmr.c | 20 - net/rfkill/rfkill-gpio.c | 22 + sound/firewire/motu/motu-hwdep.c | 2 sound/soc/codecs/wm8940.c | 2 sound/soc/codecs/wm8974.c | 8 sound/soc/sof/intel/hda-stream.c | 2 sound/usb/mixer_quirks.c | 285 ++++++++++++++++- tools/include/linux/compiler-gcc.h | 4 tools/include/linux/overflow.h | 140 -------- tools/testing/selftests/net/fib_nexthops.sh | 12 109 files changed, 1181 insertions(+), 895 deletions(-) Alan Stern (1): USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels Alexander Dahl (1): mtd: nand: raw: atmel: Fix comment in timings preparation Alexander Sverdlin (1): mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing Alexey Nepomnyashih (1): net: liquidio: fix overflow in octeon_init_instr_queue() Alok Tiwari (1): bnxt_en: correct offset handling for IPv6 destination address Anders Roxell (1): dmaengine: ti: edma: Fix memory allocation size for queue_priority_map André Apitzsch (1): media: i2c: imx214: Fix link frequency validation Antoine Tenart (1): tunnels: reset the GSO metadata before reusing the skb Arnd Bergmann (1): media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning Bjorn Andersson (1): soc: qcom: mdt_loader: Deal with zero e_shentsize Charles Keepax (2): ASoC: wm8940: Correct typo in control name ASoC: wm8974: Correct PLL rate rounding Chen Ni (1): ALSA: usb-audio: Convert comma to semicolon Chen Ridong (1): cgroup: split cgroup_destroy_wq into 3 workqueues Christian Loehle (1): cpufreq: Initialize cpufreq-based invariance before subsys Christoffer Sandberg (1): Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table Christophe Kerello (2): mtd: rawnand: stm32_fmc2: fix ECC overwrite mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Chunfeng Yun (2): phy: broadcom: convert to devm_platform_ioremap_resource(_byname) phy: ti: convert to devm_platform_ioremap_resource(_byname) Colin Ian King (1): ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message Cristian Ciocaltea (6): ALSA: usb-audio: Fix block comments in mixer_quirks ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks ALSA: usb-audio: Avoid multiple assignments in mixer_quirks ALSA: usb-audio: Simplify NULL comparison in mixer_quirks ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 David Hildenbrand (1): mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Duoming Zhou (1): cnic: Fix use-after-free bugs in cnic_delete_task Eric Biggers (1): crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Fabian Vogt (1): tty: hvc_console: Call hvc_kick in hvc_write unconditionally Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990A w/audio compositions USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions Geert Uytterhoeven (2): pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch can: rcar_can: rcar_can_resume(): fix s2ram with PSCI Greg Kroah-Hartman (1): Linux 5.10.245 H. Nikolaus Schaller (2): power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery power: supply: bq27xxx: restrict no-battery detection to bq27000 Hans de Goede (1): net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Herbert Xu (1): crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Hugo Villeneuve (1): serial: sc16is7xx: fix bug in flow control levels init Håkon Bugge (1): rds: ib: Increment i_fastreg_wrs before bailing out Ido Schimmel (6): nexthop: Pass extack to nexthop notifier rtnetlink: Add RTNH_F_TRAP flag nexthop: Emit a notification when a nexthop is added nexthop: Emit a notification when a single nexthop is replaced nexthop: Forbid FDB status change while nexthop is in a group selftests: fib_nexthops: Fix creation of non-FDB nexthops Jack Wang (1): mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check Jakob Koschel (1): usb: gadget: dummy_hcd: remove usage of list iterator past the loop body Jamie Bainbridge (1): qed: Don't collect too many protection override GRC elements Jani Nikula (1): drm/i915/power: fix size for for_each_set_bit() in abox iteration Jiasheng Jiang (1): mtd: Add check for devm_kcalloc() Jiayi Li (1): usb: core: Add 0x prefix to quirks debug output Jinjiang Tu (1): mm/hugetlb: fix folio is still mapped when deleted Johan Hovold (2): phy: ti-pipe3: fix device leak at unbind phy: ti: omap-usb2: fix device leak at unbind John Garry (1): genirq/affinity: Add irq_update_affinity_desc() Jonathan Curley (1): NFSv4/flexfiles: Fix layout merge mirror check. Justin Bronder (1): i40e: increase max descriptors for XL710 Kees Cook (1): overflow: Allow mixed type arguments Keith Busch (1): overflow: Correct check_shl_overflow() comment Kohei Enju (1): igb: fix link test skipping when interface is admin down Krzysztof Kozlowski (1): phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning Kuniyuki Iwashima (3): net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). Liao Yuanhong (1): wifi: mac80211: fix incorrect type for ret Lukasz Czapnik (7): i40e: fix idx validation in i40e_validate_queue_map i40e: fix input validation logic for action_meta i40e: add max boundary check for VF filters i40e: add mask to apply valid bits for itr_idx i40e: add validation for ring_len param i40e: fix idx validation in config queues msg i40e: fix validation of VF state in get resources Luo Gengkun (1): tracing: Fix tracing_marker may trigger page fault during preempt_disable Maciej Fijalkowski (1): i40e: remove redundant memory barrier when cleaning Tx descs Maciej S. Szmigiero (1): KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active Mark Tinguely (1): ocfs2: fix recursive semaphore deadlock in fiemap call Masami Hiramatsu (Google) (1): tracing: dynevent: Add a missing lockdown check on dynevent Mathias Nyman (2): xhci: dbc: decouple endpoint allocation from initialization xhci: dbc: Fix full DbC transfer ring after several reconnects Matthieu Baerts (NGI0) (2): mptcp: pm: kernel: flush: do not reset ADD_ADDR limit mptcp: propagate shutdown to subflows when possible Miaohe Lin (1): mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory Miaoqian Lin (1): um: virtio_uml: Fix use-after-free after put_device in probe Michal Schmidt (1): i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path Miklos Szeredi (2): fuse: check if copy_file_range() returns larger than requested size fuse: prevent overflow in copy_file_range return value Nathan Chancellor (2): compiler-clang.h: define __SANITIZE_*__ macros only when undefined nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* Nick Desaulniers (1): compiler.h: drop fallback overflow checkers Nitesh Narayan Lal (1): i40e: Use irq_update_affinity_hint() Or Har-Toov (1): IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions Peng Fan (1): arm64: dts: imx8mp: Correct thermal sensor index Philipp Zabel (1): net: rfkill: gpio: add DT support Qi Xi (1): drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path Qu Wenruo (1): btrfs: tree-checker: fix the incorrect inode ref size check Rafał Miłecki (1): phy: phy-bcm-ns-usb3: drop support for deprecated DT binding Rob Herring (1): phy: Use device_get_match_data() Salah Triki (1): EDAC/altera: Delete an inappropriate dma_free_coherent() call Samasth Norway Ananda (1): fbcon: fix integer overflow in fbcon_do_set_font Stefan Wahren (1): net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() Stephan Gerhold (1): dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees Stéphane Grosjean (1): can: peak_usb: fix shift-out-of-bounds issue Takashi Iwai (1): ALSA: usb-audio: Fix build with CONFIG_INPUT=n Takashi Sakamoto (1): ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported Tariq Toukan (1): Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" Tetsuo Handa (2): can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails Thomas Fourier (1): mmc: mvsdio: Fix dma_unmap_sg() nents value Thomas Gleixner (2): genirq: Export affinity setter for modules genirq: Provide new interfaces for affinity hints Thomas Zimmermann (1): fbcon: Fix OOB access in font allocation Tigran Mkrtchyan (1): flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read Trond Myklebust (2): NFSv4: Don't clear capabilities that won't be reset NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server Vincent Mailhol (3): can: hi311x: populate ndo_change_mtu() to prevent buffer overflow can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Wei Yang (1): mm/khugepaged: fix the address passed to notifier on testing young Yeounsu Moon (1): net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure Zabelin Nikita (1): drm/gma500: Fix null dereference in hdmi teardown

1 month, 1 week

1
1
0 0

Linux 5.4.300

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.300 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/x86/kvm/svm.c | 3 drivers/dma/qcom/bam_dma.c | 8 drivers/dma/ti/edma.c | 4 drivers/edac/altera_edac.c | 1 drivers/gpu/drm/gma500/oaktrail_hdmi.c | 2 drivers/infiniband/hw/mlx5/devx.c | 1 drivers/mmc/host/mvsdio.c | 2 drivers/mtd/nand/raw/atmel/nand-controller.c | 18 - drivers/mtd/nand/raw/stm32_fmc2_nand.c | 45 +- drivers/net/can/rcar/rcar_can.c | 8 drivers/net/can/spi/hi311x.c | 1 drivers/net/can/sun4i_can.c | 1 drivers/net/can/usb/mcba_usb.c | 1 drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 drivers/net/ethernet/broadcom/cnic.c | 3 drivers/net/ethernet/cavium/liquidio/request_manager.c | 2 drivers/net/ethernet/freescale/fec_main.c | 3 drivers/net/ethernet/intel/i40e/i40e.h | 1 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 25 + drivers/net/ethernet/intel/i40e/i40e_main.c | 10 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 46 ++ drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 drivers/net/ethernet/intel/igb/igb_ethtool.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/natsemi/ns83820.c | 13 drivers/pcmcia/omap_cf.c | 8 drivers/phy/ti/phy-ti-pipe3.c | 13 drivers/power/supply/bq27xxx_battery.c | 4 drivers/soc/qcom/mdt_loader.c | 12 drivers/tty/hvc/hvc_console.c | 6 drivers/tty/serial/sc16is7xx.c | 13 drivers/usb/core/hub.c | 21 - drivers/usb/core/hub.h | 1 drivers/usb/core/quirks.c | 2 drivers/usb/gadget/udc/dummy_hcd.c | 25 - drivers/usb/serial/option.c | 17 + drivers/video/fbdev/core/fbcon.c | 13 fs/fuse/file.c | 5 fs/hugetlbfs/inode.c | 14 fs/nfs/nfs4proc.c | 1 fs/nilfs2/sysfs.c | 4 fs/nilfs2/sysfs.h | 8 fs/ocfs2/extent_map.c | 10 include/linux/interrupt.h | 72 +++- include/net/sock.h | 40 ++ kernel/cgroup/cgroup.c | 43 ++ kernel/irq/manage.c | 111 ++++++ mm/khugepaged.c | 2 mm/memory-failure.c | 7 mm/migrate.c | 12 net/can/j1939/bus.c | 5 net/can/j1939/socket.c | 3 net/core/sock.c | 5 net/ipv4/tcp.c | 5 net/ipv4/tcp_bpf.c | 5 net/mac80211/driver-ops.h | 2 net/rds/ib_frmr.c | 20 - net/rfkill/rfkill-gpio.c | 22 + sound/firewire/motu/motu-hwdep.c | 2 sound/soc/codecs/wm8940.c | 2 sound/soc/codecs/wm8974.c | 8 sound/soc/sof/intel/hda-stream.c | 2 sound/usb/mixer_quirks.c | 279 ++++++++++++++++- 65 files changed, 816 insertions(+), 223 deletions(-) Alan Stern (1): USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels Alexander Dahl (1): mtd: nand: raw: atmel: Fix comment in timings preparation Alexander Sverdlin (1): mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing Alexey Nepomnyashih (1): net: liquidio: fix overflow in octeon_init_instr_queue() Anders Roxell (1): dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Bjorn Andersson (1): soc: qcom: mdt_loader: Deal with zero e_shentsize Charles Keepax (2): ASoC: wm8940: Correct typo in control name ASoC: wm8974: Correct PLL rate rounding Chen Ni (1): ALSA: usb-audio: Convert comma to semicolon Chen Ridong (1): cgroup: split cgroup_destroy_wq into 3 workqueues Christophe Kerello (2): mtd: rawnand: stm32_fmc2: fix ECC overwrite mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Colin Ian King (1): ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message Cristian Ciocaltea (5): ALSA: usb-audio: Fix block comments in mixer_quirks ALSA: usb-audio: Avoid multiple assignments in mixer_quirks ALSA: usb-audio: Simplify NULL comparison in mixer_quirks ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 David Hildenbrand (1): mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() Duoming Zhou (1): cnic: Fix use-after-free bugs in cnic_delete_task Fabian Vogt (1): tty: hvc_console: Call hvc_kick in hvc_write unconditionally Fabio Porcedda (2): USB: serial: option: add Telit Cinterion FN990A w/audio compositions USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions Geert Uytterhoeven (2): pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch can: rcar_can: rcar_can_resume(): fix s2ram with PSCI Greg Kroah-Hartman (1): Linux 5.4.300 H. Nikolaus Schaller (2): power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery power: supply: bq27xxx: restrict no-battery detection to bq27000 Hans de Goede (1): net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Hugo Villeneuve (1): serial: sc16is7xx: fix bug in flow control levels init Håkon Bugge (1): rds: ib: Increment i_fastreg_wrs before bailing out Jakob Koschel (1): usb: gadget: dummy_hcd: remove usage of list iterator past the loop body Jiayi Li (1): usb: core: Add 0x prefix to quirks debug output Jinjiang Tu (1): mm/hugetlb: fix folio is still mapped when deleted Johan Hovold (1): phy: ti-pipe3: fix device leak at unbind John Garry (1): genirq/affinity: Add irq_update_affinity_desc() Justin Bronder (1): i40e: increase max descriptors for XL710 Kohei Enju (1): igb: fix link test skipping when interface is admin down Kuniyuki Iwashima (3): net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). Liao Yuanhong (1): wifi: mac80211: fix incorrect type for ret Lukasz Czapnik (7): i40e: fix idx validation in i40e_validate_queue_map i40e: fix input validation logic for action_meta i40e: add max boundary check for VF filters i40e: add validation for ring_len param i40e: fix idx validation in config queues msg i40e: fix validation of VF state in get resources i40e: add mask to apply valid bits for itr_idx Maciej Fijalkowski (1): i40e: remove redundant memory barrier when cleaning Tx descs Maciej S. Szmigiero (1): KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active Mark Tinguely (1): ocfs2: fix recursive semaphore deadlock in fiemap call Mathias Nyman (1): usb: hub: Fix flushing of delayed work used for post resume purposes Miaohe Lin (1): mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory Michal Schmidt (1): i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path Miklos Szeredi (2): fuse: check if copy_file_range() returns larger than requested size fuse: prevent overflow in copy_file_range return value Nathan Chancellor (1): nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* Nitesh Narayan Lal (1): i40e: Use irq_update_affinity_hint() Or Har-Toov (1): IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions Philipp Zabel (1): net: rfkill: gpio: add DT support Salah Triki (1): EDAC/altera: Delete an inappropriate dma_free_coherent() call Samasth Norway Ananda (1): fbcon: fix integer overflow in fbcon_do_set_font Stefan Wahren (1): net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() Stephan Gerhold (1): dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees Stéphane Grosjean (1): can: peak_usb: fix shift-out-of-bounds issue Takashi Iwai (1): ALSA: usb-audio: Fix build with CONFIG_INPUT=n Takashi Sakamoto (1): ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported Tariq Toukan (1): Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" Tetsuo Handa (2): can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails Thomas Fourier (1): mmc: mvsdio: Fix dma_unmap_sg() nents value Thomas Gleixner (2): genirq: Export affinity setter for modules genirq: Provide new interfaces for affinity hints Thomas Zimmermann (1): fbcon: Fix OOB access in font allocation Trond Myklebust (1): NFSv4: Don't clear capabilities that won't be reset Vincent Mailhol (3): can: hi311x: populate ndo_change_mtu() to prevent buffer overflow can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Wei Yang (1): mm/khugepaged: fix the address passed to notifier on testing young Yeounsu Moon (1): net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure Zabelin Nikita (1): drm/gma500: Fix null dereference in hdmi teardown

1 month, 1 week

1
1
0 0

[PATCH v2] i2c: fix reference leak in MP2 PCI device

by Ma Ke

In i2c_amd_probe(), amd_mp2_find_device() utilizes driver_find_next_device() which internally calls driver_find_device() to locate the matching device. driver_find_device() increments the reference count of the found device by calling get_device(), but amd_mp2_find_device() fails to call put_device() to decrement the reference count before returning. This results in a reference count leak of the PCI device each time i2c_amd_probe() is executed, which may prevent the device from being properly released and cause a memory leak. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 529766e0a011 ("i2c: Add drivers for the AMD PCIe MP2 I2C controller") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the missing initialization in the patch. Sorry for the omission. --- drivers/i2c/busses/i2c-amd-mp2-pci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-amd-mp2-pci.c b/drivers/i2c/busses/i2c-amd-mp2-pci.c index ef7370d3dbea..60edbabc2986 100644 --- a/drivers/i2c/busses/i2c-amd-mp2-pci.c +++ b/drivers/i2c/busses/i2c-amd-mp2-pci.c @@ -458,13 +458,16 @@ struct amd_mp2_dev *amd_mp2_find_device(void) { struct device *dev; struct pci_dev *pci_dev; + struct amd_mp2_dev *mp2_dev; dev = driver_find_next_device(&amd_mp2_pci_driver.driver, NULL); if (!dev) return NULL; pci_dev = to_pci_dev(dev); - return (struct amd_mp2_dev *)pci_get_drvdata(pci_dev); + mp2_dev = (struct amd_mp2_dev *)pci_get_drvdata(pci_dev); + put_device(dev); + return mp2_dev; } EXPORT_SYMBOL_GPL(amd_mp2_find_device); -- 2.17.1

1 month, 1 week

4
5
0 0

[PATCH 2/2] rv: Make rtapp/pagefault monitor depends on CONFIG_MMU

by Nam Cao

There is no page fault without MMU. Compiling the rtapp/pagefault monitor without CONFIG_MMU fails as page fault tracepoints' definitions are not available. Make rtapp/pagefault monitor depends on CONFIG_MMU. Fixes: 9162620eb604 ("rv: Add rtapp_pagefault monitor") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202509260455.6Z9Vkty4-lkp@intel.com/ Cc: stable(a)vger.kernel.org --- kernel/trace/rv/monitors/pagefault/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/trace/rv/monitors/pagefault/Kconfig b/kernel/trace/rv/monitors/pagefault/Kconfig index 5e16625f1653..0e013f00c33b 100644 --- a/kernel/trace/rv/monitors/pagefault/Kconfig +++ b/kernel/trace/rv/monitors/pagefault/Kconfig @@ -5,6 +5,7 @@ config RV_MON_PAGEFAULT select RV_LTL_MONITOR depends on RV_MON_RTAPP depends on X86 || RISCV + depends on MMU default y select LTL_MON_EVENTS_ID bool "pagefault monitor" -- 2.51.0

1 month, 1 week

2
1
0 0

[PATCH 1/2] rv: Fully convert enabled_monitors to use list_head as iterator

by Nam Cao

The callbacks in enabled_monitors_seq_ops are inconsistent. Some treat the iterator as struct rv_monitor *, while others treat the iterator as struct list_head *. This causes a wrong type cast and crashes the system as reported by Nathan. Convert everything to use struct list_head * as iterator. This also makes enabled_monitors consistent with available_monitors. Fixes: de090d1ccae1 ("rv: Fix wrong type cast in enabled_monitors_next()") Reported-by: Nathan Chancellor <nathan(a)kernel.org> Closes: https://lore.kernel.org/linux-trace-kernel/20250923002004.GA2836051@ax162/ Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> --- kernel/trace/rv/rv.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kernel/trace/rv/rv.c b/kernel/trace/rv/rv.c index 48338520376f..43e9ea473cda 100644 --- a/kernel/trace/rv/rv.c +++ b/kernel/trace/rv/rv.c @@ -501,7 +501,7 @@ static void *enabled_monitors_next(struct seq_file *m, void *p, loff_t *pos) list_for_each_entry_continue(mon, &rv_monitors_list, list) { if (mon->enabled) - return mon; + return &mon->list; } return NULL; @@ -509,7 +509,7 @@ static void *enabled_monitors_next(struct seq_file *m, void *p, loff_t *pos) static void *enabled_monitors_start(struct seq_file *m, loff_t *pos) { - struct rv_monitor *mon; + struct list_head *head; loff_t l; mutex_lock(&rv_interface_lock); @@ -517,15 +517,15 @@ static void *enabled_monitors_start(struct seq_file *m, loff_t *pos) if (list_empty(&rv_monitors_list)) return NULL; - mon = list_entry(&rv_monitors_list, struct rv_monitor, list); + head = &rv_monitors_list; for (l = 0; l <= *pos; ) { - mon = enabled_monitors_next(m, mon, &l); - if (!mon) + head = enabled_monitors_next(m, head, &l); + if (!head) break; } - return mon; + return head; } /* -- 2.51.0

1 month, 1 week

2
1
0 0

[PATCH] stable: crypto: sha256 - fix crash at kexec

by Breno Leitao

Loading a large (~2.1G) files with kexec crashes the host with when running: # kexec --load kernel --initrd initrd_with_2G_or_more UBSAN: signed-integer-overflow in ./include/crypto/sha256_base.h:64:19 34152083 * 64 cannot be represented in type 'int' ... BUG: unable to handle page fault for address: ff9fffff83b624c0 sha256_update (lib/crypto/sha256.c:137) crypto_sha256_update (crypto/sha256_generic.c:40) kexec_calculate_store_digests (kernel/kexec_file.c:769) __se_sys_kexec_file_load (kernel/kexec_file.c:397 kernel/kexec_file.c:332) ... (Line numbers based on commit da274362a7bd9 ("Linux 6.12.49") This is not happening upstream (v6.16+), given that `block` type was upgraded from "int" to "size_t" in commit 74a43a2cf5e8 ("crypto: lib/sha256 - Move partial block handling out") Upgrade the block type similar to the commit above, avoiding hitting the overflow. This patch is only suitable for the stable tree, and before 6.16, which got commit 74a43a2cf5e8 ("crypto: lib/sha256 - Move partial block handling out") Signed-off-by: Breno Leitao <leitao(a)debian.org> Fixes: 11b8d5ef9138 ("crypto: sha256 - implement base layer for SHA-256") # not after v6.16 Reported-by: Michael van der Westhuizen <rmikey(a)meta.com> Reported-by: Tobias Fleig <tfleig(a)meta.com> --- include/crypto/sha256_base.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/crypto/sha256_base.h b/include/crypto/sha256_base.h index e0418818d63c8..fa63af10102b2 100644 --- a/include/crypto/sha256_base.h +++ b/include/crypto/sha256_base.h @@ -44,7 +44,7 @@ static inline int lib_sha256_base_do_update(struct sha256_state *sctx, sctx->count += len; if (unlikely((partial + len) >= SHA256_BLOCK_SIZE)) { - int blocks; + size_t blocks; if (partial) { int p = SHA256_BLOCK_SIZE - partial; --- base-commit: da274362a7bd9ab3a6e46d15945029145ebce672 change-id: 20251001-stable_crash-f2151baf043b Best regards, -- Breno Leitao <leitao(a)debian.org>

1 month, 1 week

3
5
0 0

New September Order. 27115 Thursday, October 2, 2025 at 05:34:29 AM

by Info - Albinayah 204

Hi Stable, Please provide a quote for your products: Include: 1.Pricing (per unit) 2.Delivery cost & timeline 3.Quote expiry date Deadline: September Thanks! Kamal Prasad Albinayah Trading

1 month, 1 week

1
0
0 0

[PATCH 4/7] drm/amd/display: Incorrect Mirror Cositing

by Alex Hung

From: Jesse Agate <jesse.agate(a)amd.com> [WHY] hinit/vinit are incorrect in the case of mirroring. [HOW] Cositing sign must be flipped when image is mirrored in the vertical or horizontal direction. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Samson Tam <samson.tam(a)amd.com> Signed-off-by: Jesse Agate <jesse.agate(a)amd.com> Signed-off-by: Brendan Leder <breleder(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c b/drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c index 55b929ca7982..b1fb0f8a253a 100644 --- a/drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c +++ b/drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c @@ -641,16 +641,16 @@ static void spl_calculate_inits_and_viewports(struct spl_in *spl_in, /* this gives the direction of the cositing (negative will move * left, right otherwise) */ - int sign = 1; + int h_sign = flip_horz_scan_dir ? -1 : 1; + int v_sign = flip_vert_scan_dir ? -1 : 1; switch (spl_in->basic_in.cositing) { - case CHROMA_COSITING_TOPLEFT: - init_adj_h = spl_fixpt_from_fraction(sign, 4); - init_adj_v = spl_fixpt_from_fraction(sign, 4); + init_adj_h = spl_fixpt_from_fraction(h_sign, 4); + init_adj_v = spl_fixpt_from_fraction(v_sign, 4); break; case CHROMA_COSITING_LEFT: - init_adj_h = spl_fixpt_from_fraction(sign, 4); + init_adj_h = spl_fixpt_from_fraction(h_sign, 4); init_adj_v = spl_fixpt_zero; break; case CHROMA_COSITING_NONE: -- 2.43.0

1 month, 1 week

1
0
0 0

[PATCH 3/7] drm/amd/display: Enable Dynamic DTBCLK Switch

by Alex Hung

From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> [WHAT] Since dcn35, DTBCLK can be disabled when no DP2 sink connected for power saving purpose. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 20ab9fd1b82a..6f5be090b744 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -2000,6 +2000,10 @@ static int amdgpu_dm_init(struct amdgpu_device *adev) init_data.flags.disable_ips_in_vpb = 0; + /* DCN35 and above supports dynamic DTBCLK switch */ + if (amdgpu_ip_version(adev, DCE_HWIP, 0) >= IP_VERSION(3, 5, 0)) + init_data.flags.allow_0_dtb_clk = true; + /* Enable DWB for tested platforms only */ if (amdgpu_ip_version(adev, DCE_HWIP, 0) >= IP_VERSION(3, 0, 0)) init_data.num_virtual_links = 1; -- 2.43.0

1 month, 1 week

1
0
0 0

+ mm-ksm-fix-flag-dropping-behavior-in-ksm_madvise.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/ksm: fix flag-dropping behavior in ksm_madvise has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-ksm-fix-flag-dropping-behavior-in-ksm_madvise.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jakub Acs <acsjakub(a)amazon.de> Subject: mm/ksm: fix flag-dropping behavior in ksm_madvise Date: Wed, 1 Oct 2025 09:03:52 +0000 syzkaller discovered the following crash: (kernel BUG) [ 44.607039] ------------[ cut here ]------------ [ 44.607422] kernel BUG at mm/userfaultfd.c:2067! [ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI [ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none) [ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460 <snip other registers, drop unreliable trace> [ 44.617726] Call Trace: [ 44.617926] <TASK> [ 44.619284] userfaultfd_release+0xef/0x1b0 [ 44.620976] __fput+0x3f9/0xb60 [ 44.621240] fput_close_sync+0x110/0x210 [ 44.622222] __x64_sys_close+0x8f/0x120 [ 44.622530] do_syscall_64+0x5b/0x2f0 [ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 44.623244] RIP: 0033:0x7f365bb3f227 Kernel panics because it detects UFFD inconsistency during userfaultfd_release_all(). Specifically, a VMA which has a valid pointer to vma->vm_userfaultfd_ctx, but no UFFD flags in vma->vm_flags. The inconsistency is caused in ksm_madvise(): when user calls madvise() with MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode, it accidentally clears all flags stored in the upper 32 bits of vma->vm_flags. Assuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and int are 32-bit wide. This setup causes the following mishap during the &= ~VM_MERGEABLE assignment. VM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000'0000. After ~ is applied, it becomes 0x7fff'ffff unsigned int, which is then promoted to unsigned long before the & operation. This promotion fills upper 32 bits with leading 0s, as we're doing unsigned conversion (and even for a signed conversion, this wouldn't help as the leading bit is 0). & operation thus ends up AND-ing vm_flags with 0x0000'0000'7fff'ffff instead of intended 0xffff'ffff'7fff'ffff and hence accidentally clears the upper 32-bits of its value. Fix it by changing `VM_MERGEABLE` constant to unsigned long, using the BIT() macro. Note: other VM_* flags are not affected: This only happens to the VM_MERGEABLE flag, as the other VM_* flags are all constants of type int and after ~ operation, they end up with leading 1 and are thus converted to unsigned long with leading 1s. Note 2: After commit 31defc3b01d9 ("userfaultfd: remove (VM_)BUG_ON()s"), this is no longer a kernel BUG, but a WARNING at the same place: [ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067 but the root-cause (flag-drop) remains the same. Link: https://lkml.kernel.org/r/20251001090353.57523-2-acsjakub@amazon.de Fixes: 7677f7fd8be7 ("userfaultfd: add minor fault registration mode") Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: SeongJae Park <sj(a)kernel.org> Cc: Xu Xin <xu.xin16(a)zte.com.cn> Cc: Chengming Zhou <chengming.zhou(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/mm.h~mm-ksm-fix-flag-dropping-behavior-in-ksm_madvise +++ a/include/linux/mm.h @@ -296,7 +296,7 @@ extern unsigned int kobjsize(const void #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ #define VM_HUGEPAGE 0x20000000 /* MADV_HUGEPAGE marked this vma */ #define VM_NOHUGEPAGE 0x40000000 /* MADV_NOHUGEPAGE marked this vma */ -#define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ +#define VM_MERGEABLE BIT(31) /* KSM may merge identical pages */ #ifdef CONFIG_ARCH_USES_HIGH_VMA_FLAGS #define VM_HIGH_ARCH_BIT_0 32 /* bit only usable on 64-bit architectures */ _ Patches currently in -mm which might be from acsjakub(a)amazon.de are mm-ksm-fix-flag-dropping-behavior-in-ksm_madvise.patch

1 month, 1 week

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror