- Linux-stable-mirror - lists.linaro.org

[REGRESSION] bisected: perf: hang when using async-profiler caused by perf: Fix the POLL_HUP delivery breakage

by Octavia Togami

Using async-profiler (https://github.com/async-profiler/async-profiler/) on Linux 6.17.1-arch1-1 causes a complete hang of the CPU. This has been reported by many people at https://github.com/lucko/spark/issues/530. spark is a piece of software that uses async-profiler internally. As seen in https://github.com/lucko/spark/issues/530#issuecomment-3339974827, this was bisected to 18dbcbfabfffc4a5d3ea10290c5ad27f22b0d240 perf: Fix the POLL_HUP delivery breakage. Reverting this commit on 6.17.1 fixed the issue for me. Steps to reproduce: 1. Get a copy of async-profiler. I tested both v3 (affects older spark versions) and v4.1 (latest at time of writing). Unarchive it, this is <async-profiler-dir>. 2. Set kernel parameters kernel.perf_event_paranoid=1 and kernel.kptr_restrict=0 as instructed by https://github.com/async-profiler/async-profiler/blob/fb673227c7fb311f872ce… 3. Install a version of Java that comes with jshell, i.e. Java 9 or newer. Note: jshell is used for ease of reproduction. Any Java application that is actively running will work. 4. Run `printf 'int acc; while (true) { acc++; }' | jshell -`. This will start an infinitely running Java process. 5. Run `jps` and take the PID next to the text RemoteExecutionControl -- this is the process that was just started. 6. Attach async-profiler to this process by running `<async-profiler-dir>/bin/asprof -d 1 <PID>`. This will run for one second, then the system should freeze entirely shortly thereafter. I triggered a sysrq crash while the system was frozen, and the output I found in journalctl afterwards is at https://gist.github.com/octylFractal/76611ee76060051e5efc0c898dd0949e I'm not sure if that text is actually from the triggered crash, but it seems relevant. If needed, please tell me how to get the actual crash report, I'm not sure where it is. I'm using an AMD Ryzen 9 5900X 12-Core Processor. Given that I've seen no Intel reports, it may be AMD specific. I don't have an Intel CPU on hand to test with. /proc/version: Linux version 6.17.1-arch1-1 (linux@archlinux) (gcc (GCC) 15.2.1 20250813, GNU ld (GNU Binutils) 2.45.0) #1 SMP PREEMPT_DYNAMIC Mon, 06 Oct 2025 18:48:29 +0000 Operating System: Arch Linux uname -mi: x86_64 unknown

1 month, 1 week

3
7
0 0

[PATCH net v3 0/6] Intel Wired LAN Driver Updates 2025-10-01 (idpf, ixgbe, ixgbevf)

by Jacob Keller

For idpf: Milena fixes a memory leak in the idpf reset logic when the driver resets with an outstanding Tx timestamp. For ixgbe and ixgbevf: Jedrzej fixes an issue with reporting link speed on E610 VFs. Jedrzej also fixes the VF mailbox API incompatibilities caused by the confusion with API v1.4, v1.5, and v1.6. The v1.4 API introduced IPSEC offload, but this was only supported on Linux hosts. The v1.5 API introduced a new mailbox API which is necessary to resolve issues on ESX hosts. The v1.6 API introduced a new link management API for E610. Jedrzej introduces a new v1.7 API with a feature negotiation which enables properly checking if features such as IPSEC or the ESX mailbox APIs are supported. This resolves issues with compatibility on different hosts, and aligns the API across hosts instead of having Linux require custom mailbox API versions for IPSEC offload. Koichiro fixes a KASAN use-after-free bug in ixgbe_remove(). Signed-off-by: Jacob Keller <jacob.e.keller(a)intel.com> --- Changes in v3: - Rebase and verified compilation issues are resolved. - Configured b4 to exclude undeliverable addresses. - Link to v2: https://lore.kernel.org/r/20251003-jk-iwl-net-2025-10-01-v2-0-e59b4141c1b5@… Changes in v2: - Drop Emil's idpf_vport_open race fix for now. - Add my signature. - Link to v1: https://lore.kernel.org/r/20251001-jk-iwl-net-2025-10-01-v1-0-49fa99e86600@… --- Jedrzej Jagielski (4): ixgbevf: fix getting link speed data for E610 devices ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation ixgbevf: fix mailbox API compatibility by negotiating supported features ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd Koichiro Den (1): ixgbe: fix too early devlink_free() in ixgbe_remove() Milena Olech (1): idpf: cleanup remaining SKBs in PTP flows drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 15 ++ drivers/net/ethernet/intel/ixgbevf/defines.h | 1 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 + drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.h | 1 + drivers/net/ethernet/intel/idpf/idpf_ptp.c | 3 + .../net/ethernet/intel/idpf/idpf_virtchnl_ptp.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 79 +++++++++ drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 ++ drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 +++- drivers/net/ethernet/intel/ixgbevf/vf.c | 182 +++++++++++++++++---- 12 files changed, 310 insertions(+), 34 deletions(-) --- base-commit: fea8cdf6738a8b25fccbb7b109b440795a0892cb change-id: 20251001-jk-iwl-net-2025-10-01-92cd2a626ff7 Best regards, -- Jacob Keller <jacob.e.keller(a)intel.com>

1 month, 1 week

2
4
0 0

+ mm-damon-core-fix-list_add_tail-call-on-damon_call.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/core: fix list_add_tail() call on damon_call() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-core-fix-list_add_tail-call-on-damon_call.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/core: fix list_add_tail() call on damon_call() Date: Tue, 14 Oct 2025 13:59:36 -0700 Each damon_ctx maintains callback requests using a linked list (damon_ctx->call_controls). When a new callback request is received via damon_call(), the new request should be added to the list. However, the function is making a mistake at list_add_tail() invocation: putting the new item to add and the list head to add it before, in the opposite order. Because of the linked list manipulation implementation, the new request can still be reached from the context's list head. But the list items that were added before the new request are dropped from the list. As a result, the callbacks are unexpectedly not invocated. Worse yet, if the dropped callback requests were dynamically allocated, the memory is leaked. Actually DAMON sysfs interface is using a dynamically allocated repeat-mode callback request for automatic essential stats update. And because the online DAMON parameters commit is using a non-repeat-mode callback request, the issue can easily be reproduced, like below. # damo start --damos_action stat --refresh_stat 1s # damo tune --damos_action stat --refresh_stat 1s The first command dynamically allocates the repeat-mode callback request for automatic essential stat update. Users can see the essential stats are automatically updated for every second, using the sysfs interface. The second command calls damon_commit() with a new callback request that was made for the commit. As a result, the previously added repeat-mode callback request is dropped from the list. The automatic stats refresh stops working, and the memory for the repeat-mode callback request is leaked. It can be confirmed using kmemleak. Fix the mistake on the list_add_tail() call. Link: https://lkml.kernel.org/r/20251014205939.1206-1-sj@kernel.org Fixes: 004ded6bee11 ("mm/damon: accept parallel damon_call() requests") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/damon/core.c~mm-damon-core-fix-list_add_tail-call-on-damon_call +++ a/mm/damon/core.c @@ -1450,7 +1450,7 @@ int damon_call(struct damon_ctx *ctx, st INIT_LIST_HEAD(&control->list); mutex_lock(&ctx->call_controls_lock); - list_add_tail(&ctx->call_controls, &control->list); + list_add_tail(&control->list, &ctx->call_controls); mutex_unlock(&ctx->call_controls_lock); if (!damon_is_running(ctx)) return -EINVAL; _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-sysfs-catch-commit-test-ctx-alloc-failure.patch mm-damon-sysfs-dealloc-commit-test-ctx-always.patch mm-damon-core-fix-list_add_tail-call-on-damon_call.patch mm-zswap-remove-unnecessary-dlen-writes-for-incompressible-pages.patch mm-zswap-fix-typos-s-zwap-zswap.patch mm-zswap-s-red-black-tree-xarray.patch docs-admin-guide-mm-zswap-s-red-black-tree-xarray.patch

1 month, 1 week

1
0
0 0

[PATCH Resend] PCI: Limit islolated function probing on bus 0 for LoongArch

by Huacai Chen

We found some discrete AMD graphics devices hide funtion 0 and the whole is not supposed to be probed. Since our original purpose is to allow integrated devices (on bus 0) to be probed without function 0, we can limit the islolated function probing only on bus 0. Cc: stable(a)vger.kernel.org Fixes: a02fd05661d73a8 ("PCI: Extend isolated function probing to LoongArch") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- Resend to correct the subject line. drivers/pci/probe.c | 2 +- include/linux/hypervisor.h | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index c83e75a0ec12..da6a2aef823a 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -2883,7 +2883,7 @@ int pci_scan_slot(struct pci_bus *bus, int devfn) * a hypervisor that passes through individual PCI * functions. */ - if (!hypervisor_isolated_pci_functions()) + if (!hypervisor_isolated_pci_functions(bus->number)) break; } fn = next_fn(bus, dev, fn); diff --git a/include/linux/hypervisor.h b/include/linux/hypervisor.h index be5417303ecf..30ece04a16d9 100644 --- a/include/linux/hypervisor.h +++ b/include/linux/hypervisor.h @@ -32,13 +32,15 @@ static inline bool jailhouse_paravirt(void) #endif /* !CONFIG_X86 */ -static inline bool hypervisor_isolated_pci_functions(void) +static inline bool hypervisor_isolated_pci_functions(int bus) { if (IS_ENABLED(CONFIG_S390)) return true; - if (IS_ENABLED(CONFIG_LOONGARCH)) - return true; + if (IS_ENABLED(CONFIG_LOONGARCH)) { + if (bus == 0) + return true; + } return jailhouse_paravirt(); } -- 2.47.3

1 month, 1 week

2
1
0 0

[PATCH] mm/damon/core: fix list_add_tail() call on damon_call()

by SeongJae Park

Each damon_ctx maintains callback requests using a linked list (damon_ctx->call_controls). When a new callback request is received via damon_call(), the new request should be added to the list. However, the function is making a mistake at list_add_tail() invocation: putting the new item to add and the list head to add it before, in the opposite order. Because of the linked list manipulation implementation, the new request can still be reached from the context's list head. But the list items that were added before the new request are dropped from the list. As a result, the callbacks are unexpectedly not invocated. Worse yet, if the dropped callback requests were dynamically allocated, the memory is leaked. Actually DAMON sysfs interface is using a dynamically allocated repeat-mode callback request for automatic essential stats update. And because the online DAMON parameters commit is using a non-repeat-mode callback request, the issue can easily be reproduced, like below. # damo start --damos_action stat --refresh_stat 1s # damo tune --damos_action stat --refresh_stat 1s The first command dynamically allocates the repeat-mode callback request for automatic essential stat update. Users can see the essential stats are automatically updated for every second, using the sysfs interface. The second command calls damon_commit() with a new callback request that was made for the commit. As a result, the previously added repeat-mode callback request is dropped from the list. The automatic stats refresh stops working, and the memory for the repeat-mode callback request is leaked. It can be confirmed using kmemleak. Fix the mistake on the list_add_tail() call. Fixes: 004ded6bee11 ("mm/damon: accept parallel damon_call() requests") Cc: <stable(a)vger.kernel.org> # 6.17.x Signed-off-by: SeongJae Park <sj(a)kernel.org> --- mm/damon/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/damon/core.c b/mm/damon/core.c index 417f33a7868e..109b050c795a 100644 --- a/mm/damon/core.c +++ b/mm/damon/core.c @@ -1453,7 +1453,7 @@ int damon_call(struct damon_ctx *ctx, struct damon_call_control *control) INIT_LIST_HEAD(&control->list); mutex_lock(&ctx->call_controls_lock); - list_add_tail(&ctx->call_controls, &control->list); + list_add_tail(&control->list, &ctx->call_controls); mutex_unlock(&ctx->call_controls_lock); if (!damon_is_running(ctx)) return -EINVAL; base-commit: 49926cfb24ad064c8c26f8652e8a61bbcde37701 -- 2.47.3

1 month, 1 week

1
0
0 0

[PATCH] smb: client: Fix format specifiers for size_t in parse_dfs_referrals()

by Nathan Chancellor

When building for 32-bit platforms, for which 'size_t' is 'unsigned int', there are a couple instances of -Wformat: fs/smb/client/misc.c:922:25: error: format specifies type 'unsigned long' but the argument has type 'unsigned int' [-Werror,-Wformat] 921 | "%s: header is malformed (size is %u, must be %lu)\n", | ~~~ | %u 922 | __func__, rsp_size, sizeof(*rsp)); | ^~~~~~~~~~~~ fs/smb/client/misc.c:940:5: error: format specifies type 'unsigned long' but the argument has type 'unsigned int' [-Werror,-Wformat] 938 | "%s: malformed buffer (size is %u, must be at least %lu)\n", | ~~~ | %u 939 | __func__, rsp_size, 940 | sizeof(*rsp) + *num_of_nodes * sizeof(REFERRAL3)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Use the proper 'size_t' format specifier, '%zu', to clear up these warnings. Cc: stable(a)vger.kernel.org Fixes: c1047752ed9f ("cifs: parse_dfs_referrals: prevent oob on malformed input") Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Feel free to squash this into the original change to make backporting easier. I included the tags in case rebasing was not an option. --- fs/smb/client/misc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c index 987f0ca73123..e10123d8cd7d 100644 --- a/fs/smb/client/misc.c +++ b/fs/smb/client/misc.c @@ -918,7 +918,7 @@ parse_dfs_referrals(struct get_dfs_referral_rsp *rsp, u32 rsp_size, if (rsp_size < sizeof(*rsp)) { cifs_dbg(VFS | ONCE, - "%s: header is malformed (size is %u, must be %lu)\n", + "%s: header is malformed (size is %u, must be %zu)\n", __func__, rsp_size, sizeof(*rsp)); rc = -EINVAL; goto parse_DFS_referrals_exit; @@ -935,7 +935,7 @@ parse_dfs_referrals(struct get_dfs_referral_rsp *rsp, u32 rsp_size, if (sizeof(*rsp) + *num_of_nodes * sizeof(REFERRAL3) > rsp_size) { cifs_dbg(VFS | ONCE, - "%s: malformed buffer (size is %u, must be at least %lu)\n", + "%s: malformed buffer (size is %u, must be at least %zu)\n", __func__, rsp_size, sizeof(*rsp) + *num_of_nodes * sizeof(REFERRAL3)); rc = -EINVAL; --- base-commit: 4e47319b091f90d5776efe96d6c198c139f34883 change-id: 20251014-smb-client-fix-wformat-32b-parse_dfs_referrals-189b8c6fdf75 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 month, 1 week

2
1
0 0

[PATCH] perf tools: Fix bool return value in gzip_is_compressed()

by Miaoqian Lin

gzip_is_compressed() returns -1 on error but is declared as bool. And -1 gets converted to true, which could be misleading. Return false instead to match the declared type. Fixes: 88c74dc76a30 ("perf tools: Add gzip_is_compressed function") Cc: <stable(a)vger.kernel.org> Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- tools/perf/util/zlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/zlib.c b/tools/perf/util/zlib.c index 78d2297c1b67..1f7c06523059 100644 --- a/tools/perf/util/zlib.c +++ b/tools/perf/util/zlib.c @@ -88,7 +88,7 @@ bool gzip_is_compressed(const char *input) ssize_t rc; if (fd < 0) - return -1; + return false; rc = read(fd, buf, sizeof(buf)); close(fd); -- 2.39.5 (Apple Git-154)

1 month, 1 week

4
5
0 0

[PATCH] arm64: dts: rockchip: Remove non-functioning CPU OPPs from RK3576

by Alexey Charkov

Drop the top-frequency OPPs from both the LITTLE and big CPU clusters on RK3576, as neither the opensource TF-A [1] nor the recent (after v1.08) binary BL31 images provided by Rockchip expose those. This fixes the problem [2] when the cpufreq governor tries to jump directly to the highest-frequency OPP, which results in a failed SCMI call leaving the system stuck at the previous OPP before the attempted change. [1] https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/rockc… [2] https://lore.kernel.org/linux-rockchip/CABjd4Yz4NbqzZH4Qsed3ias56gcga9K6CmY… Fixes: 57b1ce903966 ("arm64: dts: rockchip: Add rk3576 SoC base DT") Cc: stable(a)vger.kernel.org Signed-off-by: Alexey Charkov <alchark(a)gmail.com> --- arch/arm64/boot/dts/rockchip/rk3576.dtsi | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/arch/arm64/boot/dts/rockchip/rk3576.dtsi b/arch/arm64/boot/dts/rockchip/rk3576.dtsi index fc4e9e07f1cf35fb57f132c6d82c48c62bd6265d..f0c3ab00a7f3447a1dbf7874c7bf758e82e04f25 100644 --- a/arch/arm64/boot/dts/rockchip/rk3576.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3576.dtsi @@ -276,12 +276,6 @@ opp-2016000000 { opp-microvolt = <900000 900000 950000>; clock-latency-ns = <40000>; }; - - opp-2208000000 { - opp-hz = /bits/ 64 <2208000000>; - opp-microvolt = <950000 950000 950000>; - clock-latency-ns = <40000>; - }; }; cluster1_opp_table: opp-table-cluster1 { @@ -348,12 +342,6 @@ opp-2208000000 { opp-microvolt = <925000 925000 950000>; clock-latency-ns = <40000>; }; - - opp-2304000000 { - opp-hz = /bits/ 64 <2304000000>; - opp-microvolt = <950000 950000 950000>; - clock-latency-ns = <40000>; - }; }; gpu_opp_table: opp-table-gpu { --- base-commit: ec714e371f22f716a04e6ecb2a24988c92b26911 change-id: 20251009-rk3576_opp-7bafcadef820 Best regards, -- Alexey Charkov <alchark(a)gmail.com>

1 month, 1 week

2
1
0 0

[PATCH 6.6 000/196] 6.6.112-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.112 release. There are 196 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 15 Oct 2025 14:42:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.112-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.112-rc1 Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: qcm2290: Disable USB SS bus instances in park mode Sven Peter <sven(a)kernel.org> usb: typec: tipd: Clear interrupts first Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Salah Triki <salah.triki(a)gmail.com> bus: fsl-mc: Check return value of platform_get_resource() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: check the return value of pinmux_ops::get_function_name() Zhen Ni <zhen.ni(a)easystack.cn> remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() Lei Lu <llfamsec(a)gmail.com> sunrpc: fix null pointer dereference on zero-length checksum Zhen Ni <zhen.ni(a)easystack.cn> Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak Marek Vasut <marek.vasut(a)mailbox.org> Input: atmel_mxt_ts - allow reset GPIO to sleep Ling Xu <quic_lxu5(a)quicinc.com> misc: fastrpc: Skip reference for DMA handles Ling Xu <quic_lxu5(a)quicinc.com> misc: fastrpc: fix possible map leak in fastrpc_put_args Ling Xu <quic_lxu5(a)quicinc.com> misc: fastrpc: Fix fastrpc_map_lookup operation Guangshuo Li <lgs201920130244(a)gmail.com> nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() Yang Shi <yang(a)os.amperecomputing.com> mm: hugetlb: avoid soft lockup when mprotect to large memory area Jan Kara <jack(a)suse.cz> ext4: fix checks for orphan inodes Matvey Kovalev <matvey.kovalev(a)ispras.ru> ksmbd: fix error code overwriting in smb2_get_info_filesystem() Youling Tang <tangyouling(a)kylinos.cn> LoongArch: Automatically disable kaslr if boot from kexec_file Zheng Qixing <zhengqixing(a)huawei.com> dm: fix NULL pointer dereference in __dm_suspend() Zheng Qixing <zhengqixing(a)huawei.com> dm: fix queue start/stop imbalance under suspend/load/resume races Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() Cosmin Tanislav <cosmin-gabriel.tanislav.xa(a)renesas.com> mfd: rz-mtu3: Fix MTU5 NFCR register offset Deepak Sharma <deepak.sharma.472935(a)gmail.com> net: nfc: nci: Add parameter validation for packet data Larshin Sergey <Sergey.Larshin(a)kaspersky.com> fs: udf: fix OOB read in lengthAllocDescs handling Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down Ma Ke <make24(a)iscas.ac.cn> ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Let userspace take care of interrupt mask Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: fix uninit-value in squashfs_get_parent Yazhou Tang <tangyazhou518(a)outlook.com> bpf: Reject negative offsets for ALU ops zhang jiao <zhangjiao2(a)cmss.chinamobile.com> vhost: vringh: Modify the return value check Jakub Kicinski <kuba(a)kernel.org> Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix crypto buffers in non-linear memory Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: fw reset, add reset timeout work Shay Drory <shayd(a)nvidia.com> net/mlx5: pagealloc: Fix reclaim race during command interface teardown Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Stop polling for command response if interface goes down Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle copy_thresh allocation failure Kohei Enju <enjuk(a)amazon.com> net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Kohei Enju <enjuk(a)amazon.com> nfp: fix RSS hash key size when RSS is not supported Erick Karanja <karanja99erick(a)gmail.com> mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: fix double free in register_one_node() Dan Carpenter <dan.carpenter(a)linaro.org> ocfs2: fix double free in user_cluster_connect() Nishanth Menon <nm(a)ti.com> hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fan Wu <wufan(a)kernel.org> KEYS: X.509: Fix Basic Constraints CA flag parsing Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements Pauli Virtanen <pav(a)iki.fi> Bluetooth: ISO: don't leak skb in ISO_CONT RX Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Fix possible UAF on iso_conn_free Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO Michael S. Tsirkin <mst(a)redhat.com> vhost: vringh: Fix copy_to_iter return value check I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Bernard Metzler <bernard.metzler(a)linux.dev> RDMA/siw: Always report immediate post SQ errors Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> usb: vhci-hcd: Prevent suspending virtually attached devices Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Slavin Liu <slavin452(a)gmail.com> ipvs: Defer ip_vs_ftp unregister during netns cleanup Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix backchannel max_resp_sz verification check Leo Yan <leo.yan(a)arm.com> coresight: trbe: Return NULL pointer for allocation failures Leo Yan <leo.yan(a)arm.com> coresight: etm4x: Support atclk Yuanfang Zhang <yuanfang.zhang(a)oss.qualcomm.com> coresight-etm4x: Conditionally access register TRCEXTINSELR Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice Nagarjuna Kristam <nkristam(a)nvidia.com> PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: avoid circular locking dependency in ser_state_run() Gui-Dong Han <hanguidong02(a)gmail.com> RDMA/rxe: Fix race in do_task() when draining Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs Zilin Guan <zilin(a)seu.edu.cn> vfio/pds: replace bitmap_free with vfree Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_to_user for Niagara 4 Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Michael Karcher <kernel(a)mkarcher.dialup.fu-berlin.de> sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC Aditya Kumar Singh <aditya.kumar.singh(a)oss.qualcomm.com> wifi: mac80211: fix Rx packet handling when pubsta information is not available Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> wifi: ath10k: avoid unnecessary wait for service ready message Bagas Sanjaya <bagasdotme(a)gmail.com> Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Vlad Dumitrescu <vdumitrescu(a)nvidia.com> IB/sa: Fix sa_local_svc_timeout_ms read race Parav Pandit <parav(a)nvidia.com> RDMA/core: Resolve MAC of next-hop device without ARP support Michal Pecio <michal.pecio(a)gmail.com> Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" wangzijie <wangzijie1(a)honor.com> f2fs: fix zero-sized extent for precache extents Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: qla2xxx: edif: Fix incorrect sign of error code Colin Ian King <colin.i.king(a)gmail.com> ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Chao Yu <chao(a)kernel.org> f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() Chao Yu <chao(a)kernel.org> f2fs: fix to truncate first page in error path of f2fs_truncate() Chao Yu <chao(a)kernel.org> f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: mt76: fix potential memory leak in mt76_wmac_probe() Håkon Bugge <haakon.bugge(a)oracle.com> RDMA/cm: Rate limit destroy CM ID timeout error message Donet Tom <donettom(a)linux.ibm.com> drivers/base/node: handle error properly in register_one_node() Christophe Leroy <christophe.leroy(a)csgroup.eu> watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Zhang Tengfei <zhtfdev(a)gmail.com> ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable Zhen Ni <zhen.ni(a)easystack.cn> netfilter: ipset: Remove unused htable_bits in macro ahash_region Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix offset handling in iio_convert_raw_to_processed() Hans de Goede <hansg(a)kernel.org> iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() Moon Hee Lee <moonhee.lee.ca(a)gmail.com> fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Vitaly Grigoryev <Vitaly.Grigoryev(a)kaspersky.com> fs: ntfs3: Fix integer overflow in run_unpack() Qianfeng Rong <rongqianfeng(a)vivo.com> drm/msm/dpu: fix incorrect type for ret Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping Takashi Iwai <tiwai(a)suse.de> ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping Wang Liang <wangliang74(a)huawei.com> pps: fix warning in pps_register_cdev when register device fail Colin Ian King <colin.i.king(a)gmail.com> misc: genwqe: Fix incorrect cmd field being reported in error Seppo Takalo <seppo.takalo(a)nordicsemi.no> tty: n_gsm: Don't block input queue by waiting MSC William Wu <william.wu(a)rock-chips.com> usb: gadget: configfs: Correctly set use_os_string at bind Xichao Zhao <zhao.xichao(a)vivo.com> usb: phy: twl6030: Fix incorrect type for ret Qianfeng Rong <rongqianfeng(a)vivo.com> drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() Eric Dumazet <edumazet(a)google.com> tcp: fix __tcp_close() to only send RST when required Alok Tiwari <alok.a.tiwari(a)oracle.com> PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation Stefan Kerkmann <s.kerkmann(a)pengutronix.de> wifi: mwifiex: send world regulatory domain to driver Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Adjust si_upload_smc_data register programming (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Fix si_upload_smc_data (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/pm: Disable ULV even if unsupported (v3) Timur Kristóf <timur.kristof(a)gmail.com> drm/amdgpu: Power up UVD 3 for FW validation (v2) Yuanfang Zhang <quic_yuanfang(a)quicinc.com> coresight: Only register perf symlink for sinks with alloc_buffer Eric Dumazet <edumazet(a)google.com> inet: ping: check sock_net() in ping_get_port() and ping_lookup() Zhushuai Yin <yinzhushuai(a)huawei.com> crypto: hisilicon/qm - check whether the input function and PF are on the same device Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon - re-enable address prefetch after device resuming Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations Arnd Bergmann <arnd(a)arndb.de> media: st-delta: avoid excessive stack usage Qianfeng Rong <rongqianfeng(a)vivo.com> ALSA: lx_core: use int type to store negative error codes Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix vport loopback forcing for MPV device Zhang Shurong <zhang_shurong(a)foxmail.com> media: rj54n1cb0c: Fix memleak in rj54n1_probe() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: myrs: Fix dma_alloc_coherent() error check Niklas Cassel <cassel(a)kernel.org> scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Arnd Bergmann <arnd(a)arndb.de> hwrng: nomadik - add ARM_AMBA dependency Thomas Fourier <fourier.thomas(a)gmail.com> crypto: keembay - Add missing check after sg_nents_for_len() Liao Yuanhong <liaoyuanhong(a)vivo.com> drm/amd/display: Remove redundant semicolons Dan Carpenter <dan.carpenter(a)linaro.org> serial: max310x: Add error checking in probe() Komal Bajaj <komal.bajaj(a)oss.qualcomm.com> usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls Dan Carpenter <dan.carpenter(a)linaro.org> usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup Jonas Karlman <jonas(a)kwiboo.se> phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: zoran: Remove zoran_fh structure Chia-I Wu <olvaffe(a)gmail.com> drm/bridge: it6505: select REGMAP_I2C Chao Yu <chao(a)kernel.org> f2fs: fix condition in __allow_reserved_blocks() Brahmajit Das <listout(a)listout.xyz> drm/radeon/r600_cs: clean up of dead code in r600_cs Brigham Campbell <me(a)brighamcampbell.com> drm/panel: novatek-nt35560: Fix invalid return value Daniel Borkmann <daniel(a)iogearbox.net> bpf: Enforce expected_attach_type for tailcall compatibility Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Add disabling clocks when probe fails Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> i2c: designware: Fix clock issue when PM is disabled Leilk.Liu <leilk.liu(a)mediatek.com> i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> thermal/drivers/qcom/lmh: Add missing IRQ includes Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> thermal/drivers/qcom: Make LMH select QCOM_SCM Vadim Pasternak <vadimp(a)nvidia.com> hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems Qi Xi <xiqi2(a)huawei.com> once: fix race by moving DO_ONCE to separate section Zhouyi Zhou <zhouzhouyi(a)gmail.com> tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> smp: Fix up and expand the smp_call_function_many() kerneldoc Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Explicitly check accesses to bpf_sock_addr Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Stanley Chu <stanley.chuys(a)gmail.com> i3c: master: svc: Recycle unused IBI slot Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use manual response for IBI events Daniel Wagner <wagi(a)kernel.org> nvmet-fc: move lsop put work to nvmet_fc_ls_req_op Dmitry Antipov <dmantipov(a)yandex.ru> ACPICA: Fix largest possible resource descriptor index Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: tiehrpwm: Fix corner case in clock divisor calculation AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt6331: Fix pmic, regulators, rtc, keys node names Johan Hovold <johan(a)kernel.org> cpuidle: qcom-spm: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> firmware: firmware: meson-sm: fix compile-test default Eric Dumazet <edumazet(a)google.com> nbd: restrict sockets to TCP and UDP Guoqing Jiang <guoqing.jiang(a)canonical.com> arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie0 Genjian Zhang <zhanggenjian(a)kylinos.cn> null_blk: Fix the description of the cache_size module argument Qianfeng Rong <rongqianfeng(a)vivo.com> pinctrl: renesas: Use int type to store negative error codes Andy Yan <andyshrk(a)163.com> power: supply: cw2015: Fix a alignment coding style issue Dan Carpenter <dan.carpenter(a)linaro.org> PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: ti: omap: omap3-devkit8000-lcd: Fix ti,keep-vref-on property to use correct boolean syntax in DTS Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: ti: omap: am335x-baltos: Fix ti,en-ck32k-xtal property in DTS to use correct boolean syntax Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Clear power.must_resume in noirq suspend error path Qianfeng Rong <rongqianfeng(a)vivo.com> block: use int to store blk_stack_limits() return value Benjamin Berg <benjamin.berg(a)intel.com> selftests/nolibc: fix EXPECT_NZ macro Qianfeng Rong <rongqianfeng(a)vivo.com> regulator: scmi: Use int type to store negative error codes Janne Grunau <j(a)jannau.net> arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: fix MCKx restore routine Li Nan <linan122(a)huawei.com> blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Da Xue <da(a)libre.computer> pinctrl: meson-gxl: add missing i2c_d pinmux Sneh Mankad <sneh.mankad(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Huisong Li <lihuisong(a)huawei.com> ACPI: processor: idle: Fix memory leak when register cpuidle device failed Florian Fainelli <florian.fainelli(a)broadcom.com> cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL Fenglin Wu <fenglin.wu(a)oss.qualcomm.com> leds: flash: leds-qcom-flash: Update torch current clamp setting Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: dts: renesas: porter: Fix CAN pin group Yureka Lilian <yuka(a)yuka.dev> libbpf: Fix reuse of DEVMAP Tao Chen <chen.dylane(a)linux.dev> bpf: Remove migrate_disable in kprobe_multi_link_prog_run Matt Bobrowski <mattbobrowski(a)google.com> bpf/selftests: Fix test_tcpnotify_user Geert Uytterhoeven <geert+renesas(a)glider.be> regmap: Remove superfluous check for !config in __regmap_init() Biju Das <biju.das.jz(a)bp.renesas.com> arm64: dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 Uros Bizjak <ubizjak(a)gmail.com> x86/vdso: Fix output operand size of RDPID Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller Stefan Metzmacher <metze(a)samba.org> smb: server: fix IRD/ORD negotiation with the client Leo Yan <leo.yan(a)arm.com> perf: arm_spe: Prevent overflow in PERF_IDX2OFF() Leo Yan <leo.yan(a)arm.com> coresight: trbe: Prevent overflow in PERF_IDX2OFF() Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote Bala-Vignesh-Reddy <reddybalavignesh9979(a)gmail.com> selftests: arm64: Check fread return value in exec_target Johannes Nixdorf <johannes(a)nixdorf.dev> seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast Geert Uytterhoeven <geert+renesas(a)glider.be> init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD Jeff Layton <jlayton(a)kernel.org> filelock: add FL_RECLAIM to show_fl_flags() macro ------------- Diffstat: Documentation/trace/histogram-design.rst | 4 +- Makefile | 4 +- arch/arm/boot/dts/renesas/r8a7791-porter.dts | 2 +- arch/arm/boot/dts/ti/omap/am335x-baltos.dtsi | 2 +- arch/arm/boot/dts/ti/omap/am335x-cm-t335.dts | 2 - .../dts/ti/omap/omap3-devkit8000-lcd-common.dtsi | 2 +- arch/arm/mach-at91/pm_suspend.S | 4 +- arch/arm64/boot/dts/apple/t8103-j457.dts | 12 +- arch/arm64/boot/dts/mediatek/mt6331.dtsi | 10 +- .../boot/dts/mediatek/mt6795-sony-xperia-m5.dts | 2 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 3 - arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 +- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 1 + arch/arm64/boot/dts/renesas/rzg2lc-smarc.dtsi | 5 +- arch/loongarch/kernel/relocate.c | 4 + arch/s390/net/bpf_jit_comp.c | 26 ++-- arch/sparc/lib/M7memcpy.S | 20 +-- arch/sparc/lib/Memcpy_utils.S | 9 ++ arch/sparc/lib/NG4memcpy.S | 2 +- arch/sparc/lib/NGmemcpy.S | 29 +++-- arch/sparc/lib/U1memcpy.S | 19 +-- arch/sparc/lib/U3memcpy.S | 2 +- arch/x86/include/asm/segment.h | 8 +- block/blk-mq-sysfs.c | 6 +- block/blk-settings.c | 3 +- crypto/asymmetric_keys/x509_cert_parser.c | 16 ++- drivers/acpi/acpica/aclocal.h | 2 +- drivers/acpi/nfit/core.c | 2 +- drivers/acpi/processor_idle.c | 3 + drivers/base/node.c | 4 + drivers/base/power/main.c | 14 ++- drivers/base/regmap/regmap.c | 2 +- drivers/block/nbd.c | 8 ++ drivers/block/null_blk/main.c | 2 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 3 + drivers/char/hw_random/Kconfig | 1 + drivers/char/hw_random/ks-sa-rng.c | 4 + drivers/cpufreq/scmi-cpufreq.c | 10 ++ drivers/cpuidle/cpuidle-qcom-spm.c | 7 +- drivers/crypto/hisilicon/debugfs.c | 1 + drivers/crypto/hisilicon/hpre/hpre_main.c | 3 +- drivers/crypto/hisilicon/qm.c | 7 +- drivers/crypto/hisilicon/sec2/sec_main.c | 80 ++++++------ drivers/crypto/hisilicon/zip/zip_main.c | 17 +-- .../crypto/intel/keembay/keembay-ocs-hcu-core.c | 5 +- drivers/devfreq/mtk-cci-devfreq.c | 3 +- drivers/edac/i10nm_base.c | 14 +++ drivers/firmware/meson/Kconfig | 2 +- drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 ++++- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 +- .../display/dc/dml/dcn32/display_rq_dlg_calc_32.c | 1 - drivers/gpu/drm/amd/pm/amdgpu_dpm_internal.c | 7 ++ drivers/gpu/drm/amd/pm/legacy-dpm/si_dpm.c | 92 +++++++++----- drivers/gpu/drm/bridge/Kconfig | 1 + .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 2 +- drivers/gpu/drm/panel/panel-novatek-nt35560.c | 2 +- drivers/gpu/drm/radeon/r600_cs.c | 4 +- drivers/hwmon/mlxreg-fan.c | 24 ++-- drivers/hwtracing/coresight/coresight-core.c | 5 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 31 +++-- drivers/hwtracing/coresight/coresight-etm4x.h | 6 +- drivers/hwtracing/coresight/coresight-trbe.c | 9 +- drivers/i2c/busses/i2c-designware-platdrv.c | 5 +- drivers/i2c/busses/i2c-mt65xx.c | 17 +-- drivers/i3c/master/svc-i3c-master.c | 31 ++++- drivers/iio/inkern.c | 30 ++--- drivers/infiniband/core/addr.c | 10 +- drivers/infiniband/core/cm.c | 4 +- drivers/infiniband/core/sa_query.c | 6 +- drivers/infiniband/hw/mlx5/main.c | 19 ++- drivers/infiniband/hw/mlx5/mlx5_ib.h | 1 + drivers/infiniband/sw/rxe/rxe_task.c | 8 +- drivers/infiniband/sw/siw/siw_verbs.c | 25 ++-- drivers/input/misc/uinput.c | 1 + drivers/input/touchscreen/atmel_mxt_ts.c | 2 +- drivers/leds/flash/leds-qcom-flash.c | 62 ++++++---- drivers/md/dm-core.h | 1 + drivers/md/dm.c | 13 +- drivers/media/i2c/rj54n1cb0c.c | 9 +- drivers/media/pci/zoran/zoran.h | 6 - drivers/media/pci/zoran/zoran_driver.c | 3 +- .../media/platform/st/sti/delta/delta-mjpeg-dec.c | 20 +-- drivers/mfd/rz-mtu3.c | 2 +- drivers/mfd/vexpress-sysreg.c | 6 +- drivers/misc/fastrpc.c | 62 ++++++---- drivers/misc/genwqe/card_ddcb.c | 2 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 4 +- drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 6 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 -- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +-- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 24 ++++ .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 7 +- .../net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 +- drivers/net/usb/asix_devices.c | 29 +++++ drivers/net/usb/rtl8150.c | 2 - drivers/net/wireless/ath/ath10k/wmi.c | 39 +++--- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 +- drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 +- drivers/net/wireless/realtek/rtw89/ser.c | 3 +- drivers/nvme/target/fc.c | 19 ++- drivers/pci/controller/dwc/pcie-tegra194.c | 4 +- drivers/pci/controller/pci-tegra.c | 2 +- drivers/perf/arm_spe_pmu.c | 3 +- drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 12 ++ drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 ++ drivers/pinctrl/pinmux.c | 2 +- drivers/pinctrl/renesas/pinctrl.c | 3 +- drivers/power/supply/cw2015_battery.c | 3 +- drivers/pps/kapi.c | 5 +- drivers/pps/pps.c | 5 +- drivers/pwm/pwm-tiehrpwm.c | 4 +- drivers/regulator/scmi-regulator.c | 3 +- drivers/remoteproc/pru_rproc.c | 3 +- drivers/remoteproc/qcom_q6v5.c | 3 - drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 +- drivers/scsi/myrs.c | 8 +- drivers/scsi/pm8001/pm8001_sas.c | 9 +- drivers/scsi/qla2xxx/qla_edif.c | 4 +- drivers/scsi/qla2xxx/qla_init.c | 4 +- drivers/scsi/qla2xxx/qla_nvme.c | 2 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/thermal/qcom/Kconfig | 3 +- drivers/thermal/qcom/lmh.c | 2 + drivers/tty/n_gsm.c | 25 +++- drivers/tty/serial/max310x.c | 2 + drivers/uio/uio_hv_generic.c | 7 +- drivers/usb/cdns3/cdnsp-pci.c | 5 +- drivers/usb/gadget/configfs.c | 2 + drivers/usb/host/max3421-hcd.c | 2 +- drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/misc/Kconfig | 1 + drivers/usb/misc/qcom_eud.c | 33 +++-- drivers/usb/phy/phy-twl6030-usb.c | 3 +- drivers/usb/typec/tipd/core.c | 24 ++-- drivers/usb/usbip/vhci_hcd.c | 22 ++++ drivers/vfio/pci/pds/dirty.c | 2 +- drivers/vhost/vringh.c | 14 ++- drivers/watchdog/mpc8xxx_wdt.c | 2 + fs/ext4/ext4.h | 10 ++ fs/ext4/file.c | 2 +- fs/ext4/inode.c | 2 +- fs/ext4/orphan.c | 6 +- fs/ext4/super.c | 4 +- fs/f2fs/data.c | 9 +- fs/f2fs/f2fs.h | 4 +- fs/f2fs/file.c | 49 ++++---- fs/gfs2/glock.c | 2 - fs/nfs/nfs4proc.c | 2 +- fs/ntfs3/index.c | 10 ++ fs/ntfs3/run.c | 12 +- fs/ocfs2/stack_user.c | 1 + fs/smb/client/smb2ops.c | 17 +-- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_rdma.c | 97 +++++++++++++-- fs/squashfs/inode.c | 7 ++ fs/squashfs/squashfs_fs_i.h | 2 +- fs/udf/inode.c | 3 + include/asm-generic/vmlinux.lds.h | 1 + include/linux/bpf.h | 1 + include/linux/once.h | 4 +- include/trace/events/filelock.h | 3 +- init/Kconfig | 1 + kernel/bpf/core.c | 5 + kernel/bpf/verifier.c | 4 +- kernel/seccomp.c | 12 +- kernel/smp.c | 11 +- kernel/trace/bpf_trace.c | 9 +- mm/hugetlb.c | 2 + net/bluetooth/hci_sync.c | 10 +- net/bluetooth/iso.c | 9 +- net/bluetooth/mgmt.c | 10 +- net/core/filter.c | 16 ++- net/ipv4/ping.c | 14 ++- net/ipv4/tcp.c | 9 +- net/mac80211/rx.c | 28 ++++- net/netfilter/ipset/ip_set_hash_gen.h | 8 +- net/netfilter/ipvs/ip_vs_conn.c | 4 +- net/netfilter/ipvs/ip_vs_core.c | 11 +- net/netfilter/ipvs/ip_vs_ctl.c | 6 +- net/netfilter/ipvs/ip_vs_est.c | 16 +-- net/netfilter/ipvs/ip_vs_ftp.c | 4 +- net/nfc/nci/ntf.c | 135 +++++++++++++++------ net/sunrpc/auth_gss/svcauth_gss.c | 2 +- sound/pci/lx6464es/lx_core.c | 4 +- sound/soc/codecs/wcd934x.c | 17 ++- sound/soc/intel/boards/bytcht_es8316.c | 20 ++- sound/soc/intel/boards/bytcr_rt5640.c | 7 +- sound/soc/intel/boards/bytcr_rt5651.c | 26 +++- sound/soc/sof/ipc3-topology.c | 10 +- tools/include/nolibc/std.h | 2 +- tools/lib/bpf/libbpf.c | 10 ++ tools/testing/nvdimm/test/ndtest.c | 13 +- tools/testing/selftests/arm64/pauth/exec_target.c | 7 +- .../selftests/bpf/progs/test_tcpnotify_kern.c | 1 - tools/testing/selftests/bpf/test_tcpnotify_user.c | 20 +-- tools/testing/selftests/nolibc/nolibc-test.c | 4 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 199 files changed, 1405 insertions(+), 721 deletions(-)

1 month, 1 week

10
205
0 0

FAILED: patch "[PATCH] net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3d3c4cd5c62f24bb3cb4511b7a95df707635e00a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101349-reptile-seldom-427d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d3c4cd5c62f24bb3cb4511b7a95df707635e00a Mon Sep 17 00:00:00 2001 From: Oleksij Rempel <o.rempel(a)pengutronix.de> Date: Sun, 5 Oct 2025 10:12:03 +0200 Subject: [PATCH] net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prevent USB runtime PM (autosuspend) for AX88772* in bind. usbnet enables runtime PM (autosuspend) by default, so disabling it via the usb_driver flag is ineffective. On AX88772B, autosuspend shows no measurable power saving with current driver (no link partner, admin up/down). The ~0.453 W -> ~0.248 W drop on v6.1 comes from phylib powering the PHY off on admin-down, not from USB autosuspend. The real hazard is that with runtime PM enabled, ndo_open() (under RTNL) may synchronously trigger autoresume (usb_autopm_get_interface()) into asix_resume() while the USB PM lock is held. Resume paths then invoke phylink/phylib and MDIO, which also expect RTNL, leading to possible deadlocks or PM lock vs MDIO wake issues. To avoid this, keep the device runtime-PM active by taking a usage reference in ax88772_bind() and dropping it in unbind(). A non-zero PM usage count blocks runtime suspend regardless of userspace policy (.../power/control - pm_runtime_allow/forbid), making this approach robust against sysfs overrides. Holding a runtime-PM usage ref does not affect system-wide suspend; system sleep/resume callbacks continue to run as before. Fixes: 4a2c7217cd5a ("net: usb: asix: ax88772: manage PHY PM from MAC") Reported-by: Hubert Wiśniewski <hubert.wisniewski.25632(a)gmail.com> Closes: https://lore.kernel.org/all/DCGHG5UJT9G3.2K1GHFZ3H87T0@gmail.com Tested-by: Hubert Wiśniewski <hubert.wisniewski.25632(a)gmail.com> Reported-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Closes: https://lore.kernel.org/all/b5ea8296-f981-445d-a09a-2f389d7f6fdd@samsung.com Cc: stable(a)vger.kernel.org Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> Link: https://patch.msgid.link/20251005081203.3067982-1-o.rempel@pengutronix.de Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/usb/asix_devices.c b/drivers/net/usb/asix_devices.c index 792ddda1ad49..85bd5d845409 100644 --- a/drivers/net/usb/asix_devices.c +++ b/drivers/net/usb/asix_devices.c @@ -625,6 +625,21 @@ static void ax88772_suspend(struct usbnet *dev) asix_read_medium_status(dev, 1)); } +/* Notes on PM callbacks and locking context: + * + * - asix_suspend()/asix_resume() are invoked for both runtime PM and + * system-wide suspend/resume. For struct usb_driver the ->resume() + * callback does not receive pm_message_t, so the resume type cannot + * be distinguished here. + * + * - The MAC driver must hold RTNL when calling phylink interfaces such as + * phylink_suspend()/resume(). Those calls will also perform MDIO I/O. + * + * - Taking RTNL and doing MDIO from a runtime-PM resume callback (while + * the USB PM lock is held) is fragile. Since autosuspend brings no + * measurable power saving here, we block it by holding a PM usage + * reference in ax88772_bind(). + */ static int asix_suspend(struct usb_interface *intf, pm_message_t message) { struct usbnet *dev = usb_get_intfdata(intf); @@ -919,6 +934,13 @@ static int ax88772_bind(struct usbnet *dev, struct usb_interface *intf) if (ret) goto initphy_err; + /* Keep this interface runtime-PM active by taking a usage ref. + * Prevents runtime suspend while bound and avoids resume paths + * that could deadlock (autoresume under RTNL while USB PM lock + * is held, phylink/MDIO wants RTNL). + */ + pm_runtime_get_noresume(&intf->dev); + return 0; initphy_err: @@ -948,6 +970,8 @@ static void ax88772_unbind(struct usbnet *dev, struct usb_interface *intf) phylink_destroy(priv->phylink); ax88772_mdio_unregister(priv); asix_rx_fixup_common_free(dev->driver_priv); + /* Drop the PM usage ref taken in bind() */ + pm_runtime_put(&intf->dev); } static void ax88178_unbind(struct usbnet *dev, struct usb_interface *intf) @@ -1600,6 +1624,11 @@ static struct usb_driver asix_driver = { .resume = asix_resume, .reset_resume = asix_resume, .disconnect = usbnet_disconnect, + /* usbnet enables autosuspend by default (supports_autosuspend=1). + * We keep runtime-PM active for AX88772* by taking a PM usage + * reference in ax88772_bind() (pm_runtime_get_noresume()) and + * dropping it in unbind(), which effectively blocks autosuspend. + */ .supports_autosuspend = 1, .disable_hub_initiated_lpm = 1, };

1 month, 1 week

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror