- Linux-stable-mirror - lists.linaro.org

[PATCH 5.15 000/392] 5.15.197-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.197 release. There are 392 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 05 Dec 2025 15:23:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.197-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.197-rc1 Daniel T. Lee <danieltimlee(a)gmail.com> libbpf: Fix invalid return address register in s390 Yixun Lan <dlan(a)gentoo.org> libbpf, riscv: Use a0 for RC register Ilya Leoshkevich <iii(a)linux.ibm.com> libbpf: Fix riscv register names Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: Don't rely on preserving volatile in PT_REGS macros in loop3 Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we Alex Lu <alex_lu(a)realsil.com.cn> Bluetooth: Add more enc key size check Jameson Thies <jthies(a)google.com> usb: typec: ucsi: psy: Set max current to zero when disconnected Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> usb: renesas_usbhs: Fix synchronous external abort on unbind Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: renesas_usbhs: Convert to platform remove callback returning void Paulo Alcantara <pc(a)manguebit.org> smb: client: fix memory leak in cifs_construct_tcon() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: rm: set backup flag Philipp Hortmann <philipp.g.hortmann(a)gmail.com> staging: rtl8712: Remove driver using deprecated API wext ziming zhang <ezrakiez(a)gmail.com> libceph: prevent potential out-of-bounds writes in handle_auth_session_key() Ilya Dryomov <idryomov(a)gmail.com> libceph: fix potential use-after-free in have_mon_and_osd_map() Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check NULL before accessing Johan Hovold <johan(a)kernel.org> drm: sti: fix device leaks at component probe Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add support for Rolling RW101R-GL Oleksandr Suvorov <cryosay(a)gmail.com> USB: serial: ftdi_sio: add support for u-blox EVK-M101 Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbgtty: Fix data corruption when transmitting data form DbC to host Manish Nagar <manish.nagar(a)oss.qualcomm.com> usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Owen Gu <guhuinan(a)xiaomi.com> usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer Tianchu Chen <flynnnchen(a)tencent.com> usb: storage: sddr55: Reject out-of-bound new_pba Alan Stern <stern(a)rowland.harvard.edu> USB: storage: Remove subclass and protocol overrides from Novatek quirk Desnes Nunes <desnesn(a)redhat.com> usb: storage: Fix memory leak in USB bulk transport Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_eem: Fix memory leak in eem_unwrap Miaoqian Lin <linmq006(a)gmail.com> usb: cdns3: Fix double resource release in cdns3_pci_probe Johan Hovold <johan(a)kernel.org> most: usb: fix double free on late probe failure Miaoqian Lin <linmq006(a)gmail.com> serial: amba-pl011: prefer dma_mapping_error() over explicit address checking Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> firmware: stratix10-svc: fix bug in saving controller data Miaoqian Lin <linmq006(a)gmail.com> slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> thunderbolt: Add support for Intel Wildcat Lake Jamie Iles <jamie.iles(a)oss.qualcomm.com> drivers/usb/dwc3: fix PCI parent check Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: fix unreliable memory allocation Marc Kleine-Budde <mkl(a)pengutronix.de> can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling Thomas Mühlbacher <tmuehlbacher(a)posteo.net> can: sja1000: fix max irq loop handling Gui-Dong Han <hanguidong02(a)gmail.com> atm/fore200e: Fix possible data race in fore200e_open() Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Linus Walleij <linus.walleij(a)linaro.org> iio: accel: bmc150: Fix irq assumption regression Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio:common:ssp_sensors: Fix an error handling path ssp_probe() Francesco Lavra <flavra(a)baylibre.com> iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields Jiri Olsa <jolsa(a)kernel.org> Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" Hang Zhou <929513338(a)qq.com> spi: bcm63xx: fix premature CS deassertion on RX-only transactions Haotian Zhang <vulab(a)iscas.ac.cn> mailbox: mailbox-test: Fix debugfs_create_dir error checking Jiefeng Zhang <jiefeng.z.zhang(a)gmail.com> net: atlantic: fix fragment overflow handling in RX path Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: sja1105: simplify static configuration reload Andrew Lunn <andrew(a)lunn.ch> net: dsa: sja1105: Convert to mdiobus_c45_read Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> net: sxgbe: fix potential NULL dereference in sxgbe_rx() Danielle Costantino <dcostantino(a)meta.com> net/mlx5e: Fix validation logic in rate limiting Kai-Heng Feng <kaihengf(a)nvidia.com> net: aquantia: Add missing descriptor cache invalidation on ATL2 Dan Carpenter <dan.carpenter(a)linaro.org> platform/x86: intel: punit_ipc: fix memory corruption Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix not generating mackey and ltk when repairing Seungjin Bae <eeodqql09(a)gmail.com> can: kvaser_usb: leaf: Fix potential infinite loop in command parsers Gulam Mohamed <gulam.mohamed(a)oracle.com> Revert "block: don't add or resize partition on the disk with GENHD_FL_NO_PART" Gulam Mohamed <gulam.mohamed(a)oracle.com> Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()" Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Fabio M. De Francesco <fabio.maria.de.francesco(a)linux.intel.com> mm/mempool: replace kmap_atomic() with kmap_local_page() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Input: remove third argument of usb_maxpacket() Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: deprecate the third argument of usb_maxpacket() Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix fallback note due to OoO André Draszik <andre.draszik(a)linaro.org> pmdomain: samsung: plug potential memleak during probe Sudeep Holla <sudeep.holla(a)arm.com> pmdomain: arm: scmi: Fix genpd leak on provider registration failure Miaoqian Lin <linmq006(a)gmail.com> pmdomain: imx: Fix reference count leak in imx_gpc_remove Breno Leitao <leitao(a)debian.org> net: netpoll: fix incorrect refcount handling causing incorrect cleanup Shawn Lin <shawn.lin(a)rock-chips.com> mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Omar Sandoval <osandov(a)fb.com> btrfs: fix crash on racing fsync and size-extending write into prealloc Filipe Manana <fdmanana(a)suse.com> btrfs: add helper to truncate inode items when logging inode Nick Desaulniers <ndesaulniers(a)google.com> Makefile.compiler: replace cc-ifversion with compiler-specific macros Long Li <longli(a)microsoft.com> uio_hv_generic: Set event for all channels on the device Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Lance Yang <lance.yang(a)linux.dev> mm/secretmem: fix use-after-free race in fault handler Isaac J. Manjarres <isaacmanjarres(a)google.com> mm/mm_init: fix hash table order logging in alloc_large_system_hash() Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Alejandro Colomar <alx(a)kernel.org> kernel.h: Move ARRAY_SIZE() to a separate header Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: handle errno on tcf_idr_check_alloc Abdun Nihaal <nihaal(a)cse.iitm.ac.in> isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> EDAC/altera: Handle OCRAM ECC enable after warm reset Hans de Goede <hansg(a)kernel.org> spi: Try to get ACPI GPIO IRQ earlier Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix potential overflow of PCM transfer buffer Wei Yang <albinwyang(a)tencent.com> fs/proc: fix uaf in proc_readdir_de() Chuang Wang <nashuiliang(a)gmail.com> ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe Nate Karstens <nate.karstens(a)garmin.com> strparser: Fix signed/unsigned mismatch bug Peter Oberparleiter <oberpar(a)linux.ibm.com> gcov: add support for GCC 15 Olga Kornievskaia <okorniev(a)redhat.com> NFSD: free copynotify stateid in nfs4_free_ol_stateid() Masami Ichikawa <masami256(a)gmail.com> HID: hid-ntrig: Prevent memory leak in ntrig_report_version() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject duplicate device on updates Dan Carpenter <dan.carpenter(a)linaro.org> mtd: onenand: Pass correct pointer to IRQ handler Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN Jakub Acs <acsjakub(a)amazon.de> mm/ksm: fix flag-dropping behavior in ksm_madvise Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR Eric Dumazet <edumazet(a)google.com> bpf: Add bpf_prog_run_data_pointers() Haein Lee <lhi0729(a)kaist.ac.kr> ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE Haotian Zhang <vulab(a)iscas.ac.cn> ASoC: cs4271: Fix regulator leak on probe failure Haotian Zhang <vulab(a)iscas.ac.cn> regulator: fixed: fix GPIO descriptor leak on register failure Shuai Xue <xueshuai(a)linux.alibaba.com> acpi,srat: Fix incorrect device handle check for Generic Initiator Pauli Virtanen <pav(a)iki.fi> Bluetooth: L2CAP: export l2cap_chan_hold for modules Felix Maurer <fmaurer(a)redhat.com> hsr: Fix supervision frame sending on HSRv0 Eric Dumazet <edumazet(a)google.com> net_sched: limit try_bulk_dequeue_skb() batches Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps Gal Pressman <gal(a)nvidia.com> net/mlx5e: Fix maxrate wraparound in threshold between units Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak Ranganath V N <vnranganath.20(a)gmail.com> net: sched: act_connmark: initialize struct tc_ife to fix kernel leak Eric Dumazet <edumazet(a)google.com> net_sched: act_connmark: use RCU in tcf_connmark_dump() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: act_connmark: transition to percpu stats and rcu Zhengchao Shao <shaozhengchao(a)huawei.com> net: sched: act_connmark: get rid of tcf_connmark_walker and tcf_connmark_search Zhengchao Shao <shaozhengchao(a)huawei.com> net: sched: act: move global static variable net_id to tc_action_ops Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: skip rate verification for not captured PSDUs Buday Csaba <buday.csaba(a)prolan.hu> net: mdio: fix resource leak in mdiobus_register_device() Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_mon_reinit_self(). D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix mismatch between CLC header and proposal Eric Dumazet <edumazet(a)google.com> sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion Pauli Virtanen <pav(a)iki.fi> Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Raphael Pinsonneault-Thibeault <rpthibeault(a)gmail.com> Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF Wei Fang <wei.fang(a)nxp.com> net: fec: correct rx_bytes statistic for the case SHIFT16 is set Sharique Mohammad <sharq0406(a)gmail.com> ASoC: max98090/91: fixed max98091 ALSA widget powering up/down Scott Mayhew <smayhew(a)redhat.com> NFS: check if suid/sgid was cleared after a write as needed Tristan Lobb <tristan.lobb(a)it-lobb.de> HID: quirks: avoid Cooler Master MM712 dongle wakeup bug Joshua Watt <jpewhacker(a)gmail.com> NFS4: Fix state renewals missing after boot Danil Skrebenkov <danil.skrebenkov(a)cloudbear.ru> RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors Peter Zijlstra <peterz(a)infradead.org> compiler_types: Move unused static inline functions warning to W=2 Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD Jakub Kicinski <kuba(a)kernel.org> selftests: netdevsim: set test timeout to 10 minutes Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Cleanup wakeup source only if it was enabled Nathan Chancellor <nathan(a)kernel.org> lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC Yuta Hayama <hayama(a)lineo.co.jp> rtc: rx8025: fix incorrect register reference Zilin Guan <zilin(a)seu.edu.cn> tracing: Fix memory leaks in create_field_var() Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix a possible memory leak in bnxt_ptp_init Pavan Chebbi <pavan.chebbi(a)broadcom.com> bnxt_en: PTP: Refactor PTP initialization functions Qendrim Maxhuni <qendrim.maxhuni(a)garderos.com> net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold sock lock while iterating over address list Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Prevent TOCTOU out-of-bounds write Stefan Wiehler <stefan.wiehler(a)nokia.com> sctp: Hold RCU read lock while iterating over address list Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: stop reading ARL entries if search is done Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix enabling ip multicast Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix resetting speed and pause on forced link Hangbin Liu <liuhangbin(a)gmail.com> net: vlan: sync VLAN features with lower device Wang Liang <wangliang74(a)huawei.com> selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh David Wei <dw(a)davidwei.uk> netdevsim: add Makefile for selftests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: use destination options instead of hop-by-hop Richard Gobert <richardbgobert(a)gmail.com> selftests/net: fix GRO coalesce test and add ext header coalesce tests Anubhav Singh <anubhavsinggh(a)google.com> selftests/net: fix out-of-order delivery of FIN in gro:tcp test Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx Josephine Pfeiffer <hi(a)josie.lol> riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Revert "wifi: ath10k: avoid unnecessary wait for service ready message" Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again Viacheslav Dubeyko <Slava.Dubeyko(a)ibm.com> ceph: add checking of wait_for_completion_killable() return value Valerio Setti <vsetti(a)baylibre.com> ASoC: meson: aiu-encoder-i2s: fix bit clock polarity Albin Babu Varghese <albinbabuvarghese20(a)gmail.com> fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Ian Rogers <irogers(a)google.com> tools bitmap: Add missing asm-generic/bitsperlong.h include Sakari Ailus <sakari.ailus(a)linux.intel.com> ACPI: property: Return present device nodes only on fwnode interface Randall P. Embry <rpembry(a)gmail.com> 9p: sysfs_init: don't hardcode error to ENOMEM Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Initialize all cores to max frequencies Randall P. Embry <rpembry(a)gmail.com> 9p: fix /sys/fs/9p/caches overwriting itself Matthias Schiffer <matthias.schiffer(a)tq-group.com> clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled Ryan Wanner <Ryan.Wanner(a)microchip.com> clk: at91: clk-master: Add check for divide by 3 Nicolas Ferre <nicolas.ferre(a)microchip.com> ARM: at91: pm: save and restore ACR during PLL disable/enable Josua Mayer <josua(a)solid-run.com> rtc: pcf2127: clear minute/second interrupt Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix help message for ssl-non-raw Yikang Yue <yikangy2(a)illinois.edu> fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink austinchang <austinchang(a)synology.com> btrfs: mark dirty extent range for out of bound prealloc extents Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong WQE data when QP wraps around Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Set irdma_cq cq_num field during CQ create Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Remove unused struct irdma_cq fields Jacob Moroni <jmoroni(a)google.com> RDMA/irdma: Fix SD index calculation Saket Dumbre <saket.dumbre(a)intel.com> ACPICA: Update dsmethod.c to get rid of unused variable warning Mike Marshall <hubcap(a)omnibond.com> orangefs: fix xattr related buffer overflow... Dragos Tatulea <dtatulea(a)nvidia.com> page_pool: Clamp pool size to max 16K pages Chi Zhiling <chizhiling(a)kylinos.cn> exfat: limit log print for IO error Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: add mono main switch to Presonus S1824c Ivan Pravdin <ipravdin.official(a)gmail.com> Bluetooth: bcsp: receive data only if registered Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_conn_free Théo Lebrun <theo.lebrun(a)bootlin.com> net: macb: avoid dealing with endianness in macb_set_hwaddr() chuguangqing <chuguangqing(a)inspur.com> fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() Al Viro <viro(a)zeniv.linux.org.uk> nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Anthony Iliopoulos <ailiop(a)suse.com> NFSv4.1: fix mount hang after CREATE_SESSION failure Olga Kornievskaia <okorniev(a)redhat.com> NFSv4: handle ERR_GRACE on delegation recalls Stephan Gerhold <stephan.gerhold(a)linaro.org> remoteproc: qcom: q6v5: Avoid handling handover twice Koakuma <koachan(a)protonmail.com> sparc/module: Add R_SPARC_UA64 relocation handling Chen Wang <unicorn_wang(a)outlook.com> PCI: cadence: Check for the existence of cdns_pcie::ops before using it ChunHao Lin <hau(a)realtek.com> r8169: set EEE speed down ratio to 1 Brahmajit Das <listout(a)listout.xyz> net: intel: fm10k: Fix parameter idx set but not used Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix connection after GTK rekeying Seyediman Seyedarab <ImanDevel(a)gmail.com> iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() Robert Marko <robert.marko(a)sartura.hr> net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> jfs: fix uninitialized waitqueue in transaction manager Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> jfs: Verify inode mode when loading from disk Eric Dumazet <edumazet(a)google.com> ipv6: np->rxpmtu race annotation Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: xhci: plat: Facilitate using autosuspend for xhci plat devices Forest Crossman <cyrozap(a)gmail.com> usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs Al Viro <viro(a)zeniv.linux.org.uk> allow finish_no_open(file, ERR_PTR(-E...)) Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Define size of debugfs entry for xri rebalancing Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET Nai-Chen Cheng <bleach1827(a)gmail.com> selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency Jakub Kicinski <kuba(a)kernel.org> page_pool: always add GFP_NOWARN for ATOMIC allocations Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl Yafang Shao <laoar.shao(a)gmail.com> net/cls_cgroup: Fix task_get_classid() during qdisc run Alok Tiwari <alok.a.tiwari(a)oracle.com> udp_tunnel: use netdev_warn() instead of netdev_WARN() David Ahern <dsahern(a)kernel.org> selftests: Replace sleep with slowwait Daniel Palmer <daniel(a)thingy.jp> eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP David Ahern <dsahern(a)kernel.org> selftests: Disable dad for ipv6 in fcnal-test.sh Li RongQing <lirongqing(a)baidu.com> x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't reply to icmp error messages Ido Schimmel <idosch(a)nvidia.com> selftests: traceroute: Use require_command() Qianfeng Rong <rongqianfeng(a)vivo.com> media: redrat3: use int type to store negative error codes Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> net: sh_eth: Disable WoL if system can not suspend Michael Riesch <michael.riesch(a)collabora.com> phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 Harikrishna Shenoy <h-shenoy(a)ti.com> phy: cadence: cdns-dphy: Enable lower resolutions in dphy Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> ntfs3: pretend $Extend records as regular files Rohan G Thomas <rohan.g.thomas(a)altera.com> net: phy: marvell: Fix 88e1510 downshift counter errata Antonino Maniscalco <antomani103(a)gmail.com> drm/msm: make sure to not queue up recovery more than once Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget William Wu <william.wu(a)rock-chips.com> usb: gadget: f_hid: Fix zero length packet transfer Alex Deucher <alexander.deucher(a)amd.com> drm/amd: add more cyan skillfish PCI ids Ashish Kalra <ashish.kalra(a)amd.com> iommu/amd: Skip enabling command/event buffers for kdump Eric Dumazet <edumazet(a)google.com> net: call cond_resched() less often in __release_sock() Juraj Šarinay <juraj(a)sarinay.com> net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms Yue Haibing <yuehaibing(a)huawei.com> ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy_7nm: Fix missing initial VCO rate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL Devendra K Verma <devverma(a)amd.com> dmaengine: dw-edma: Set status for callback_result Rosen Penev <rosenp(a)gmail.com> dmaengine: mv_xor: match alloc_wc and free_wc Thomas Andreatta <thomasandreatta2000(a)gmail.com> dmaengine: sh: setup_xref error handling Miroslav Lichvar <mlichvar(a)redhat.com> ptp: Limit time setting of PTP clocks Qianfeng Rong <rongqianfeng(a)vivo.com> scsi: pm8001: Use int instead of u32 to store error codes Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename stp clock Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing device_type in pci node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: danube: add missing properties to cpu node Chelsy Ratnawat <chelsyratnawat2001(a)gmail.com> media: fix uninitialized symbol warnings Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> extcon: adc-jack: Fix wakeup source leaks on device unbind Francisco Gutierrez <frankramirez(a)google.com> scsi: pm80xx: Fix race condition caused by static variables Chandrakanth Patil <chandrakanth.patil(a)broadcom.com> scsi: mpi3mr: Fix controller init failure on fault during queue creation Ujwal Kundur <ujwal.kundur(a)gmail.com> rds: Fix endianness annotation for RDS_MPATH_HASH Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Add validation of UAC2/UAC3 effect units Sungho Kim <sungho.kim(a)furiosa.ai> PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call Kuniyuki Iwashima <kuniyu(a)google.com> net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. Christoph Paasch <cpaasch(a)openai.com> net: When removing nexthops, don't call synchronize_net if it is not necessary Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Does not request module for miscdevice with dynamic minor raub camaioni <raubcameo(a)gmail.com> usb: gadget: f_ncm: Fix MAC assignment NCM ethernet Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> media: imon: make send_packet() more robust Charalampos Mitrodimas <charmitro(a)posteo.net> net: ipv6: fix field-spanning memcpy warning in AH output Ido Schimmel <idosch(a)nvidia.com> bridge: Redirect to backup port when port is administratively down Niklas Schnelle <schnelle(a)linux.ibm.com> powerpc/eeh: Use result of error_detected() in uevent Lukas Wunner <lukas(a)wunner.de> thunderbolt: Use is_pciehp instead of is_hotplug_bridge Tiezhu Yang <yangtiezhu(a)loongson.cn> net: stmmac: Check stmmac_hw_setup() in stmmac_resume() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall Jayesh Choudhary <j-choudhary(a)ti.com> drm/tidss: Set crtc modesetting parameters with adjusted mode Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/tidss: Use the crtc_* timings when programming the HW Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: pci: ivtv: Don't create fake v4l2_fh Geoffrey McRae <geoffrey.mcrae(a)amd.com> drm/amdkfd: return -ENOTTY for unsupported IOCTLs Wake Liu <wakel(a)google.com> selftests/net: Ensure assert() triggers in psock_tpacket.c Wake Liu <wakel(a)google.com> selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 Marcos Del Sol Vives <marcos(a)orca.pet> PCI: Disable MSI on RDC PCI to PCIe bridges Seyediman Seyedarab <imandevel(a)gmail.com> drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on arcturus Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Use cached metrics data on aldebaran Jens Kehne <jens.kehne(a)agilent.com> mfd: da9063: Split chip variant reading in two bus transactions Arnd Bergmann <arnd(a)arndb.de> mfd: madera: Work around false-positive -Wininitialized warning Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe-i2c: Add missing MODULE_LICENSE Alexander Stein <alexander.stein(a)ew.tq-group.com> mfd: stmpe: Remove IRQ domain upon removal Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Prefer driver HWP limits Len Brown <len.brown(a)intel.com> tools/power x86_energy_perf_policy: Enhance HWP enable Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: Fix incorrect size in cpuidle_state_disable() Armin Wolf <W_Armin(a)gmx.de> hwmon: (dell-smm) Add support for Dell OptiPlex 7040 Jiri Olsa <jolsa(a)kernel.org> uprobe: Do not emulate/sstep original instruction when ip is changed Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: Fail cpuidle device registration if there is one already Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> tools/cpupower: fix error return value in cpupower_write_sysfs() Svyatoslav Ryhel <clamor95(a)gmail.com> video: backlight: lp855x_bl: Set correct EPROM start for LP8556 Daniel Wagner <wagi(a)kernel.org> nvme-fc: use lock accessing port_state and rport state Daniel Wagner <wagi(a)kernel.org> nvmet-fc: avoid scheduling association deletion twice Amirreza Zarrabi <amirreza.zarrabi(a)oss.qualcomm.com> tee: allow a driver to allocate a tee_device without a pool Hans de Goede <hansg(a)kernel.org> ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card Svyatoslav Ryhel <clamor95(a)gmail.com> soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups Fabien Proriol <fabien.proriol(a)viavisolutions.com> power: supply: sbs-charger: Support multiple devices Chuande Chen <chuachen(a)cisco.com> hwmon: (sbtsi_temp) AMD CPU extended temperature range support Hans de Goede <hansg(a)kernel.org> ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] Shang song (Lenovo) <shangsong2(a)foxmail.com> ACPI: PRM: Skip handlers with NULL handler_address or NULL VA Christian Bruel <christian.bruel(a)foss.st.com> irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment Kees Cook <kees(a)kernel.org> arc: Fix __fls() const-foldability via __builtin_clzl() Dennis Beier <nanovim(a)gmail.com> cpufreq/longhaul: handle NULL policy in longhaul_exit Ricardo B. Marlière <rbm(a)suse.com> selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 Mario Limonciello (AMD) <superm1(a)kernel.org> ACPI: video: force native for Lenovo 82K8 Jiayi Li <lijiayi(a)kylinos.cn> memstick: Add timeout to prevent indefinite waiting Biju Das <biju.das.jz(a)bp.renesas.com> mmc: host: renesas_sdhi: Fix the actual clock Chi Zhang <chizhang(a)asrmicro.com> pinctrl: single: fix bias pull up/down handling in pin_config_set Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> bpf: Don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> soc: ti: pruss: don't use %pK through printk Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> spi: loopback-test: Don't use %pK through printk Jens Reidel <adrian(a)mainlining.org> soc: qcom: smem: Fix endian-unaware access of num_entries Ryan Chen <ryan_chen(a)aspeedtech.com> soc: aspeed: socinfo: Add AST27xx silicon IDs Damien Le Moal <dlemoal(a)kernel.org> block: make REQ_OP_ZONE_OPEN a write operation Thomas Zimmermann <tzimmermann(a)suse.de> drm/sysfb: Do not dereference NULL pointer in plane reset Philipp Stanner <phasta(a)kernel.org> drm/sched: Fix race in drm_sched_entity_select_rq() Owen Gu <guhuinan(a)xiaomi.com> usb: gadget: f_fs: Fix epfile null pointer access after ep enable. Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Revert "docs/process/howto: Replace C89 with C11" Matthieu Baerts (NGI0) <matttbe(a)kernel.org> arch: back to -std=gnu89 in < v5.18 Alexey Dobriyan <adobriyan(a)gmail.com> x86/boot: Compile boot code with -std=gnu11 too Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Improve performance by removing delay in transfer event polling. Uday M Bhat <uday.m.bhat(a)intel.com> xhci: dbc: Allow users to modify DbC poll interval via sysfs Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: poll at different rate depending on data transfer activity Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Provide sysfs option to configure dbc descriptors Babu Moger <babu.moger(a)amd.com> x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> net: phy: dp83867: Disable EEE support as not implemented Celeste Liu <uwu(a)coelacanthus.name> can: gs_usb: increase max interface to U8_MAX Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Enforce descriptor type ordering Biju Das <biju.das.jz(a)bp.renesas.com> ravb: Exclude gPTP feature support for RZ/G2L Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp Artem Shimko <a.shimko.dev(a)gmail.com> serial: 8250_dw: handle reset control deassert error Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: 8250_dw: Use devm_add_action_or_reset() Alexey Klimov <alexey.klimov(a)linaro.org> regmap: slimbus: fix bus_context pointer in regmap init calls Damien Le Moal <dlemoal(a)kernel.org> block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland John Smith <itistotalbotnet(a)gmail.com> drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji Yang Wang <kevinyang.wang(a)amd.com> drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() Jijie Shao <shaojijie(a)huawei.com> net: hns3: return error code when function fails Tomeu Vizoso <tomeu(a)tomeuvizoso.net> drm/etnaviv: fix flush sequence logic Lizhi Xu <lizhi.xu(a)windriver.com> usbnet: Prevents free active kevent Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix powerpc's stack register definition in bpf_tracing.h Andrii Nakryiko <andrii(a)kernel.org> libbpf: Normalize PT_REGS_xxx() macro definitions Björn Töpel <bjorn(a)kernel.org> riscv, libbpf: Add RISC-V (RV64) support to bpf_tracing.h Ondrej Mosnacek <omosnace(a)redhat.com> bpf: Do not audit capability check in do_jit() Noorain Eqbal <nooraineqbal(a)gmail.com> bpf: Sync pending IRQ work before freeing ring buffer Roy Vegard Ovesen <roy.vegard.ovesen(a)gmail.com> ALSA: usb-audio: fix control pipe direction Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix GMU firmware parser Loic Poulain <loic.poulain(a)oss.qualcomm.com> wifi: ath10k: Fix memory leak on unsupported WMI command Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> ASoC: qdsp6: q6asm: do not sleep while atomic Paolo Abeni <pabeni(a)redhat.com> mptcp: restore window probe Miaoqian Lin <linmq006(a)gmail.com> fbdev: valkyriefb: Fix reference count leak in valkyriefb_init Florian Fuchs <fuchsfl(a)gmail.com> fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Junjie Cao <junjie.cao(a)intel.com> fbdev: bitblit: bound-check glyph index in bit_putcs* Yuhao Jiang <danisjiang(a)gmail.com> ACPI: video: Fix use-after-free in acpi_video_switch_brightness() Daniel Palmer <daniel(a)0x0f.com> fbdev: atyfb: Check if pll_ops->init_pll failed Miaoqian Lin <linmq006(a)gmail.com> net: usb: asix_devices: Check return value of usbnet_get_endpoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix crash in nfsd4_read_release() Filipe Manana <fdmanana(a)suse.com> btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() Filipe Manana <fdmanana(a)suse.com> btrfs: always drop log root tree reference in btrfs_replay_log() Thorsten Blum <thorsten.blum(a)linux.dev> btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() David Kaplan <david.kaplan(a)amd.com> x86/bugs: Fix reporting of LFENCE retpoline Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix null-deref in agg_dequeue ------------- Diffstat: .../ABI/testing/sysfs-bus-pci-drivers-xhci_hcd | 62 + .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +- .../devicetree/bindings/usb/fsl,imx8mp-dwc3.yaml | 10 +- Documentation/kbuild/makefiles.rst | 29 +- Documentation/process/howto.rst | 2 +- Documentation/translations/it_IT/process/howto.rst | 2 +- Documentation/translations/ja_JP/howto.rst | 2 +- Documentation/translations/ko_KR/howto.rst | 2 +- Documentation/translations/zh_CN/process/howto.rst | 2 +- Documentation/translations/zh_TW/process/howto.rst | 2 +- MAINTAINERS | 7 +- Makefile | 10 +- arch/arc/include/asm/bitops.h | 2 + arch/arm/crypto/Kconfig | 2 +- arch/arm/mach-at91/pm_suspend.S | 8 +- arch/mips/boot/dts/lantiq/danube.dtsi | 6 + arch/mips/lantiq/xway/sysctrl.c | 2 +- arch/mips/loongson64/Platform | 2 +- arch/mips/mm/tlb-r4k.c | 118 +- arch/mips/mti-malta/malta-init.c | 20 +- arch/parisc/boot/compressed/Makefile | 2 +- arch/powerpc/kernel/eeh_driver.c | 2 +- arch/riscv/kernel/cpu-hotplug.c | 1 + arch/riscv/mm/ptdump.c | 2 +- arch/s390/Makefile | 6 +- arch/s390/purgatory/Makefile | 2 +- arch/sparc/include/asm/elf_64.h | 1 + arch/sparc/kernel/module.c | 1 + arch/um/drivers/ssl.c | 5 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/entry/vsyscall/vsyscall_64.c | 17 +- arch/x86/events/core.c | 10 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/resctrl/monitor.c | 10 +- arch/x86/kernel/kvm.c | 20 +- arch/x86/net/bpf_jit_comp.c | 2 +- block/partitions/core.c | 5 - drivers/acpi/acpi_video.c | 4 +- drivers/acpi/acpica/dsmethod.c | 10 +- drivers/acpi/numa/srat.c | 2 +- drivers/acpi/prmt.c | 19 +- drivers/acpi/property.c | 24 +- drivers/acpi/scan.c | 2 + drivers/acpi/video_detect.c | 8 + drivers/ata/libata-scsi.c | 8 + drivers/atm/fore200e.c | 2 + drivers/base/regmap/regmap-slimbus.c | 6 +- drivers/bluetooth/btusb.c | 13 +- drivers/bluetooth/hci_bcsp.c | 3 + drivers/char/misc.c | 8 +- drivers/clk/at91/clk-master.c | 3 + drivers/clk/ti/clk-33xx.c | 2 + drivers/clocksource/timer-vf-pit.c | 22 +- drivers/cpufreq/longhaul.c | 3 + drivers/cpufreq/tegra186-cpufreq.c | 27 +- drivers/cpuidle/cpuidle.c | 8 +- drivers/dma/dw-edma/dw-edma-core.c | 22 + drivers/dma/mv_xor.c | 4 +- drivers/dma/sh/shdma-base.c | 25 +- drivers/dma/sh/shdmac.c | 17 +- drivers/edac/altera_edac.c | 22 +- drivers/extcon/extcon-adc-jack.c | 2 + drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 +- drivers/firmware/efi/libstub/Makefile | 2 +- drivers/firmware/stratix10-svc.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 19 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 5 + drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 8 +- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 9 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 11 +- drivers/gpu/drm/amd/display/dc/dcn20/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn21/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn30/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn301/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn302/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn303/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dcn31/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dml/Makefile | 2 +- .../gpu/drm/amd/pm/powerplay/smumgr/fiji_smumgr.c | 2 +- .../drm/amd/pm/powerplay/smumgr/iceland_smumgr.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu_cmn.c | 2 +- drivers/gpu/drm/bridge/display-connector.c | 3 +- drivers/gpu/drm/drm_gem_atomic_helper.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_buffer.c | 2 +- drivers/gpu/drm/i915/i915_vma.c | 16 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 5 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 3 + drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 10 + drivers/gpu/drm/nouveau/nvkm/core/enum.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 3 +- drivers/gpu/drm/sti/sti_vtg.c | 7 +- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tidss/tidss_crtc.c | 7 +- drivers/gpu/drm/tidss/tidss_dispc.c | 16 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 5 + drivers/hid/hid-ids.h | 7 +- drivers/hid/hid-ntrig.c | 7 +- drivers/hid/hid-quirks.c | 14 +- drivers/hwmon/dell-smm-hwmon.c | 7 + drivers/hwmon/sbtsi_temp.c | 46 +- drivers/iio/accel/bmc150-accel-core.c | 5 + drivers/iio/accel/bmc150-accel.h | 1 + drivers/iio/adc/spear_adc.c | 9 +- drivers/iio/common/ssp_sensors/ssp_dev.c | 4 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx.h | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 11 +- drivers/infiniband/hw/irdma/pble.c | 2 +- drivers/infiniband/hw/irdma/verbs.c | 4 +- drivers/infiniband/hw/irdma/verbs.h | 8 +- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/misc/ati_remote2.c | 2 +- drivers/input/misc/cm109.c | 2 +- drivers/input/misc/powermate.c | 2 +- drivers/input/misc/yealink.c | 2 +- drivers/input/tablet/acecad.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 11 +- drivers/iommu/amd/init.c | 28 +- drivers/iommu/intel/debugfs.c | 10 +- drivers/iommu/intel/perf.c | 10 +- drivers/iommu/intel/perf.h | 5 +- drivers/irqchip/irq-gic-v2m.c | 13 +- drivers/isdn/hardware/mISDN/hfcsusb.c | 18 +- drivers/mailbox/mailbox-test.c | 2 +- drivers/md/dm-verity-fec.c | 6 +- drivers/media/i2c/ir-kbd-i2c.c | 6 +- drivers/media/pci/ivtv/ivtv-alsa-pcm.c | 2 - drivers/media/pci/ivtv/ivtv-driver.h | 3 +- drivers/media/pci/ivtv/ivtv-fileops.c | 18 +- drivers/media/pci/ivtv/ivtv-irq.c | 4 +- drivers/media/rc/imon.c | 61 +- drivers/media/rc/redrat3.c | 2 +- drivers/media/tuners/xc4000.c | 8 +- drivers/media/tuners/xc5000.c | 12 +- drivers/memstick/core/memstick.c | 8 +- drivers/mfd/da9063-i2c.c | 27 +- drivers/mfd/madera-core.c | 4 +- drivers/mfd/stmpe-i2c.c | 1 + drivers/mfd/stmpe.c | 3 + drivers/mmc/host/renesas_sdhi_core.c | 6 +- drivers/mmc/host/sdhci-msm.c | 15 + drivers/mmc/host/sdhci-of-dwcmshc.c | 2 +- drivers/most/most_usb.c | 14 +- drivers/mtd/nand/onenand/onenand_samsung.c | 2 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/can/sja1000/sja1000.c | 4 +- drivers/net/can/sun4i_can.c | 4 +- drivers/net/can/usb/gs_usb.c | 23 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 4 +- drivers/net/dsa/b53/b53_common.c | 15 +- drivers/net/dsa/b53/b53_regs.h | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 +- drivers/net/dsa/sja1105/sja1105_main.c | 71 +- .../net/ethernet/aquantia/atlantic/aq_hw_utils.c | 22 + .../net/ethernet/aquantia/atlantic/aq_hw_utils.h | 1 + drivers/net/ethernet/aquantia/atlantic/aq_ring.c | 5 + .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 19 +- .../ethernet/aquantia/atlantic/hw_atl2/hw_atl2.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 45 +- drivers/net/ethernet/cadence/macb_main.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/freescale/fec_main.c | 2 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 9 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_common.c | 5 +- drivers/net/ethernet/intel/fm10k/fm10k_common.h | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 2 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 15 +- .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/microchip/sparx5/Kconfig | 2 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- drivers/net/ethernet/realtek/Kconfig | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/renesas/ravb_main.c | 101 +- drivers/net/ethernet/renesas/sh_eth.c | 4 + drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/dp83867.c | 6 + drivers/net/phy/marvell.c | 39 +- drivers/net/phy/mdio_bus.c | 5 +- drivers/net/usb/asix_devices.c | 12 +- drivers/net/usb/qmi_wwan.c | 6 + drivers/net/usb/usbnet.c | 2 + drivers/net/wireless/ath/ath10k/mac.c | 12 +- drivers/net/wireless/ath/ath10k/wmi.c | 40 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.c | 28 +- .../net/wireless/broadcom/brcm80211/brcmfmac/p2p.h | 3 +- drivers/nvme/host/fc.c | 12 +- drivers/nvme/target/fc.c | 16 +- drivers/pci/controller/cadence/pcie-cadence-host.c | 2 +- drivers/pci/controller/cadence/pcie-cadence.c | 4 +- drivers/pci/controller/cadence/pcie-cadence.h | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/quirks.c | 3 +- drivers/phy/cadence/cdns-dphy.c | 4 +- drivers/phy/rockchip/phy-rockchip-inno-csidphy.c | 5 +- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/platform/x86/intel/punit_ipc.c | 2 +- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/power/supply/sbs-charger.c | 16 +- drivers/ptp/ptp_clock.c | 13 +- drivers/regulator/fixed.c | 1 + drivers/remoteproc/qcom_q6v5.c | 5 + drivers/rtc/rtc-pcf2127.c | 4 +- drivers/rtc/rtc-rx8025.c | 2 +- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/libfc/fc_encode.h | 2 +- drivers/scsi/lpfc/lpfc_debugfs.h | 3 + drivers/scsi/lpfc/lpfc_els.c | 6 +- drivers/scsi/lpfc/lpfc_init.c | 7 - drivers/scsi/lpfc/lpfc_scsi.c | 14 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 10 + drivers/scsi/pm8001/pm8001_ctl.c | 24 +- drivers/scsi/pm8001/pm8001_init.c | 1 + drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/scsi/pm8001/pm8001_sas.h | 4 + drivers/scsi/sg.c | 10 +- drivers/slimbus/qcom-ngd-ctrl.c | 1 + drivers/soc/aspeed/aspeed-socinfo.c | 4 + drivers/soc/imx/gpc.c | 2 + drivers/soc/qcom/smem.c | 2 +- drivers/soc/samsung/pm_domains.c | 11 +- drivers/soc/tegra/fuse/fuse-tegra30.c | 122 + drivers/soc/ti/knav_dma.c | 14 +- drivers/soc/ti/pruss.c | 2 +- drivers/spi/spi-bcm63xx.c | 14 + drivers/spi/spi-loopback-test.c | 12 +- drivers/spi/spi.c | 10 + drivers/staging/Kconfig | 2 - drivers/staging/Makefile | 1 - drivers/staging/rtl8712/Kconfig | 21 - drivers/staging/rtl8712/Makefile | 35 - drivers/staging/rtl8712/TODO | 13 - drivers/staging/rtl8712/basic_types.h | 28 - drivers/staging/rtl8712/drv_types.h | 176 -- drivers/staging/rtl8712/ethernet.h | 21 - drivers/staging/rtl8712/hal_init.c | 401 ---- drivers/staging/rtl8712/ieee80211.c | 415 ---- drivers/staging/rtl8712/ieee80211.h | 165 -- drivers/staging/rtl8712/mlme_linux.c | 160 -- drivers/staging/rtl8712/mlme_osdep.h | 31 - drivers/staging/rtl8712/mp_custom_oid.h | 287 --- drivers/staging/rtl8712/os_intfs.c | 464 ---- drivers/staging/rtl8712/osdep_intf.h | 32 - drivers/staging/rtl8712/osdep_service.h | 61 - drivers/staging/rtl8712/recv_linux.c | 139 -- drivers/staging/rtl8712/recv_osdep.h | 39 - drivers/staging/rtl8712/rtl8712_bitdef.h | 26 - drivers/staging/rtl8712/rtl8712_cmd.c | 409 ---- drivers/staging/rtl8712/rtl8712_cmd.h | 231 -- drivers/staging/rtl8712/rtl8712_cmdctrl_bitdef.h | 96 - drivers/staging/rtl8712/rtl8712_cmdctrl_regdef.h | 19 - drivers/staging/rtl8712/rtl8712_debugctrl_bitdef.h | 41 - drivers/staging/rtl8712/rtl8712_debugctrl_regdef.h | 32 - .../staging/rtl8712/rtl8712_edcasetting_bitdef.h | 65 - .../staging/rtl8712/rtl8712_edcasetting_regdef.h | 24 - drivers/staging/rtl8712/rtl8712_efuse.c | 566 ----- drivers/staging/rtl8712/rtl8712_efuse.h | 43 - drivers/staging/rtl8712/rtl8712_event.h | 86 - drivers/staging/rtl8712/rtl8712_fifoctrl_bitdef.h | 131 -- drivers/staging/rtl8712/rtl8712_fifoctrl_regdef.h | 61 - drivers/staging/rtl8712/rtl8712_gp_bitdef.h | 68 - drivers/staging/rtl8712/rtl8712_gp_regdef.h | 29 - drivers/staging/rtl8712/rtl8712_hal.h | 142 -- drivers/staging/rtl8712/rtl8712_interrupt_bitdef.h | 44 - drivers/staging/rtl8712/rtl8712_io.c | 99 - drivers/staging/rtl8712/rtl8712_led.c | 1830 --------------- .../staging/rtl8712/rtl8712_macsetting_bitdef.h | 34 - .../staging/rtl8712/rtl8712_macsetting_regdef.h | 22 - drivers/staging/rtl8712/rtl8712_powersave_bitdef.h | 39 - drivers/staging/rtl8712/rtl8712_powersave_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_ratectrl_bitdef.h | 36 - drivers/staging/rtl8712/rtl8712_ratectrl_regdef.h | 44 - drivers/staging/rtl8712/rtl8712_recv.c | 1079 --------- drivers/staging/rtl8712/rtl8712_recv.h | 145 -- drivers/staging/rtl8712/rtl8712_regdef.h | 32 - drivers/staging/rtl8712/rtl8712_security_bitdef.h | 35 - drivers/staging/rtl8712/rtl8712_spec.h | 124 -- drivers/staging/rtl8712/rtl8712_syscfg_bitdef.h | 167 -- drivers/staging/rtl8712/rtl8712_syscfg_regdef.h | 44 - drivers/staging/rtl8712/rtl8712_timectrl_bitdef.h | 50 - drivers/staging/rtl8712/rtl8712_timectrl_regdef.h | 26 - drivers/staging/rtl8712/rtl8712_wmac_bitdef.h | 50 - drivers/staging/rtl8712/rtl8712_wmac_regdef.h | 36 - drivers/staging/rtl8712/rtl8712_xmit.c | 745 ------- drivers/staging/rtl8712/rtl8712_xmit.h | 108 - drivers/staging/rtl8712/rtl871x_cmd.c | 796 ------- drivers/staging/rtl8712/rtl871x_cmd.h | 764 ------- drivers/staging/rtl8712/rtl871x_debug.h | 130 -- drivers/staging/rtl8712/rtl871x_eeprom.c | 220 -- drivers/staging/rtl8712/rtl871x_eeprom.h | 88 - drivers/staging/rtl8712/rtl871x_event.h | 109 - drivers/staging/rtl8712/rtl871x_ht.h | 33 - drivers/staging/rtl8712/rtl871x_io.c | 147 -- drivers/staging/rtl8712/rtl871x_io.h | 236 -- drivers/staging/rtl8712/rtl871x_ioctl.h | 95 - drivers/staging/rtl8712/rtl871x_ioctl_linux.c | 2330 -------------------- drivers/staging/rtl8712/rtl871x_ioctl_rtl.c | 520 ----- drivers/staging/rtl8712/rtl871x_ioctl_rtl.h | 109 - drivers/staging/rtl8712/rtl871x_ioctl_set.c | 355 --- drivers/staging/rtl8712/rtl871x_ioctl_set.h | 45 - drivers/staging/rtl8712/rtl871x_led.h | 118 - drivers/staging/rtl8712/rtl871x_mlme.c | 1749 --------------- drivers/staging/rtl8712/rtl871x_mlme.h | 205 -- drivers/staging/rtl8712/rtl871x_mp.c | 724 ------ drivers/staging/rtl8712/rtl871x_mp.h | 275 --- drivers/staging/rtl8712/rtl871x_mp_ioctl.c | 883 -------- drivers/staging/rtl8712/rtl871x_mp_ioctl.h | 329 --- drivers/staging/rtl8712/rtl871x_mp_phy_regdef.h | 1037 --------- drivers/staging/rtl8712/rtl871x_pwrctrl.c | 234 -- drivers/staging/rtl8712/rtl871x_pwrctrl.h | 113 - drivers/staging/rtl8712/rtl871x_recv.c | 670 ------ drivers/staging/rtl8712/rtl871x_recv.h | 216 -- drivers/staging/rtl8712/rtl871x_rf.h | 55 - drivers/staging/rtl8712/rtl871x_security.c | 1387 ------------ drivers/staging/rtl8712/rtl871x_security.h | 218 -- drivers/staging/rtl8712/rtl871x_sta_mgt.c | 263 --- drivers/staging/rtl8712/rtl871x_wlan_sme.h | 35 - drivers/staging/rtl8712/rtl871x_xmit.c | 1059 --------- drivers/staging/rtl8712/rtl871x_xmit.h | 288 --- drivers/staging/rtl8712/sta_info.h | 133 -- drivers/staging/rtl8712/usb_halinit.c | 307 --- drivers/staging/rtl8712/usb_intf.c | 638 ------ drivers/staging/rtl8712/usb_ops.c | 195 -- drivers/staging/rtl8712/usb_ops.h | 38 - drivers/staging/rtl8712/usb_ops_linux.c | 508 ----- drivers/staging/rtl8712/usb_osintf.h | 35 - drivers/staging/rtl8712/wifi.h | 197 -- drivers/staging/rtl8712/wlan_bssdef.h | 223 -- drivers/staging/rtl8712/xmit_linux.c | 187 -- drivers/staging/rtl8712/xmit_osdep.h | 52 - drivers/target/loopback/tcm_loop.c | 3 + drivers/tee/tee_core.c | 2 +- drivers/thunderbolt/nhi.c | 2 + drivers/thunderbolt/nhi.h | 1 + drivers/thunderbolt/tb.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 67 +- drivers/tty/serial/amba-pl011.c | 2 +- drivers/uio/uio_hv_generic.c | 21 +- drivers/usb/cdns3/cdns3-pci-wrap.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 8 +- drivers/usb/dwc3/core.c | 3 +- drivers/usb/dwc3/ep0.c | 1 + drivers/usb/dwc3/gadget.c | 7 + drivers/usb/gadget/function/f_eem.c | 7 +- drivers/usb/gadget/function/f_fs.c | 8 +- drivers/usb/gadget/function/f_hid.c | 4 +- drivers/usb/gadget/function/f_ncm.c | 3 +- drivers/usb/host/xhci-dbgcap.c | 261 ++- drivers/usb/host/xhci-dbgcap.h | 12 +- drivers/usb/host/xhci-dbgtty.c | 17 +- drivers/usb/host/xhci-plat.c | 1 + drivers/usb/mon/mon_bin.c | 14 +- drivers/usb/renesas_usbhs/common.c | 18 +- drivers/usb/serial/ftdi_sio.c | 1 + drivers/usb/serial/ftdi_sio_ids.h | 1 + drivers/usb/serial/option.c | 10 +- drivers/usb/storage/sddr55.c | 6 + drivers/usb/storage/transport.c | 16 + drivers/usb/storage/uas.c | 5 + drivers/usb/storage/unusual_devs.h | 2 +- drivers/usb/typec/ucsi/psy.c | 5 + drivers/video/backlight/lp855x_bl.c | 2 +- drivers/video/fbdev/aty/atyfb_base.c | 8 +- drivers/video/fbdev/core/bitblit.c | 33 +- drivers/video/fbdev/pvr2fb.c | 2 +- drivers/video/fbdev/valkyriefb.c | 2 + fs/9p/v9fs.c | 9 +- fs/btrfs/disk-io.c | 2 +- fs/btrfs/file.c | 10 + fs/btrfs/scrub.c | 3 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 48 +- fs/ceph/locks.c | 5 +- fs/cifs/connect.c | 1 + fs/exfat/fatent.c | 11 +- fs/exfat/super.c | 5 +- fs/ext4/xattr.c | 2 +- fs/hpfs/namei.c | 18 +- fs/jfs/inode.c | 8 +- fs/jfs/jfs_txnmgr.c | 9 +- fs/nfs/nfs4client.c | 1 + fs/nfs/nfs4proc.c | 15 +- fs/nfs/nfs4state.c | 3 + fs/nfs/write.c | 3 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4state.c | 3 +- fs/ntfs3/inode.c | 1 + fs/open.c | 10 +- fs/orangefs/xattr.c | 12 +- fs/proc/generic.c | 12 +- include/linux/array_size.h | 13 + include/linux/ata.h | 1 + include/linux/blk_types.h | 11 +- include/linux/compiler_types.h | 5 +- include/linux/filter.h | 22 +- include/linux/kernel.h | 7 +- include/linux/mm.h | 2 +- include/linux/shdma-base.h | 2 +- include/linux/string.h | 1 + include/linux/usb.h | 16 +- include/net/act_api.h | 1 + include/net/cls_cgroup.h | 2 +- include/net/nfc/nci_core.h | 2 +- include/net/pkt_sched.h | 25 +- include/net/tc_act/tc_connmark.h | 10 +- include/net/tls.h | 6 + kernel/bpf/ringbuf.c | 2 + kernel/events/uprobes.c | 7 + kernel/gcov/gcc_4_7.c | 4 +- kernel/trace/trace_events_hist.c | 6 +- lib/crypto/Makefile | 2 +- mm/mempool.c | 32 +- mm/page_alloc.c | 2 +- mm/secretmem.c | 2 +- net/8021q/vlan.c | 2 + net/bluetooth/6lowpan.c | 103 +- net/bluetooth/hci_event.c | 21 +- net/bluetooth/l2cap_core.c | 1 + net/bluetooth/sco.c | 7 + net/bluetooth/smp.c | 31 +- net/bridge/br_forward.c | 3 +- net/ceph/auth_x.c | 2 + net/ceph/ceph_common.c | 53 +- net/ceph/debugfs.c | 16 +- net/core/netpoll.c | 7 +- net/core/page_pool.c | 12 +- net/core/sock.c | 15 +- net/dsa/tag_brcm.c | 10 +- net/hsr/hsr_device.c | 3 + net/ipv4/netfilter/nf_reject_ipv4.c | 25 + net/ipv4/nexthop.c | 6 + net/ipv4/route.c | 5 + net/ipv4/udp_tunnel_nic.c | 2 +- net/ipv6/addrconf.c | 4 +- net/ipv6/ah6.c | 50 +- net/ipv6/netfilter/nf_reject_ipv6.c | 30 + net/ipv6/raw.c | 2 +- net/ipv6/udp.c | 2 +- net/mac80211/rx.c | 10 +- net/mptcp/options.c | 57 +- net/mptcp/pm_netlink.c | 26 +- net/mptcp/protocol.c | 47 +- net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 8 + net/netfilter/nf_tables_api.c | 15 + net/openvswitch/actions.c | 68 +- net/openvswitch/flow_netlink.c | 64 +- net/openvswitch/flow_netlink.h | 2 - net/rds/rds.h | 2 +- net/sched/act_bpf.c | 19 +- net/sched/act_connmark.c | 154 +- net/sched/act_csum.c | 13 +- net/sched/act_ct.c | 17 +- net/sched/act_ctinfo.c | 13 +- net/sched/act_gact.c | 13 +- net/sched/act_gate.c | 13 +- net/sched/act_ife.c | 25 +- net/sched/act_ipt.c | 31 +- net/sched/act_mirred.c | 13 +- net/sched/act_mpls.c | 13 +- net/sched/act_nat.c | 13 +- net/sched/act_pedit.c | 13 +- net/sched/act_police.c | 13 +- net/sched/act_sample.c | 13 +- net/sched/act_simple.c | 13 +- net/sched/act_skbedit.c | 13 +- net/sched/act_skbmod.c | 13 +- net/sched/act_tunnel_key.c | 13 +- net/sched/act_vlan.c | 13 +- net/sched/cls_bpf.c | 6 +- net/sched/sch_api.c | 10 - net/sched/sch_generic.c | 17 +- net/sched/sch_hfsc.c | 16 - net/sched/sch_qfq.c | 2 +- net/sctp/diag.c | 23 +- net/sctp/transport.c | 13 +- net/smc/smc_clc.c | 1 + net/strparser/strparser.c | 2 +- net/tipc/net.c | 2 + net/tls/tls_device.c | 4 +- net/vmw_vsock/af_vsock.c | 40 +- scripts/Makefile.compiler | 10 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/pci/hda/patch_realtek.c | 17 +- sound/soc/codecs/cs4271.c | 10 +- sound/soc/codecs/max98090.c | 6 +- sound/soc/meson/aiu-encoder-i2s.c | 9 +- sound/soc/qcom/qdsp6/q6asm.c | 2 +- sound/usb/endpoint.c | 5 + sound/usb/mixer.c | 4 +- sound/usb/mixer_s1810c.c | 28 +- sound/usb/validate.c | 9 +- tools/include/linux/bitmap.h | 1 + tools/lib/bpf/bpf_tracing.h | 357 ++- tools/power/cpupower/lib/cpuidle.c | 5 +- tools/power/cpupower/lib/cpupower.c | 2 +- .../x86_energy_perf_policy.c | 30 +- tools/testing/selftests/Makefile | 2 +- tools/testing/selftests/bpf/progs/loop3.c | 4 +- tools/testing/selftests/bpf/test_lirc_mode2_user.c | 2 +- .../selftests/drivers/net/netdevsim/Makefile | 21 + .../selftests/drivers/net/netdevsim/settings | 1 + tools/testing/selftests/net/bareudp.sh | 2 +- tools/testing/selftests/net/fcnal-test.sh | 4 +- tools/testing/selftests/net/gro.c | 101 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 54 +- tools/testing/selftests/net/psock_tpacket.c | 4 +- tools/testing/selftests/net/traceroute.sh | 13 +- tools/tracing/latency/latency-collector.c | 2 +- 522 files changed, 3487 insertions(+), 29503 deletions(-)

2 hours, 54 minutes

13
411
0 0

Re: [PATCH 1/2 net-next v2] ipv6: clear RA flags when adding a static route

by Uwe Kleine-König

Hello, On Sat, Nov 15, 2025 at 10:59:38AM +0100, Fernando Fernandez Mancera wrote: > When an IPv6 Router Advertisement (RA) is received for a prefix, the > kernel creates the corresponding on-link route with flags RTF_ADDRCONF > and RTF_PREFIX_RT configured and RTF_EXPIRES if lifetime is set. > > If later a user configures a static IPv6 address on the same prefix the > kernel clears the RTF_EXPIRES flag but it doesn't clear the RTF_ADDRCONF > and RTF_PREFIX_RT. When the next RA for that prefix is received, the > kernel sees the route as RA-learned and wrongly configures back the > lifetime. This is problematic because if the route expires, the static > address won't have the corresponding on-link route. > > This fix clears the RTF_ADDRCONF and RTF_PREFIX_RT flags preventing that > the lifetime is configured when the next RA arrives. If the static > address is deleted, the route becomes RA-learned again. > > Fixes: 14ef37b6d00e ("ipv6: fix route lookup in addrconf_prefix_rcv()") > Reported-by: Garri Djavadyan <g.djavadyan(a)gmail.com> > Closes: https://lore.kernel.org/netdev/ba807d39aca5b4dcf395cc11dca61a130a52cfd3.cam… > Signed-off-by: Fernando Fernandez Mancera <fmancera(a)suse.de> this commit is in the mainline now as f72514b3c5698e4b900b25345e09f9ed33123de6 and is supposed to fix https://bugs.debian.org/1117959. I would have expected this to get backported to stable (here: 6.12.x), but it's not in the list for 6.12.62-rc1[1]. Can we please have this patch backported? [1] https://lore.kernel.org/all/20251210072948.125620687@linuxfoundation.org/ Thanks Uwe

3 hours, 47 minutes

1
0
0 0

Export Inquiry from Best Way Group Limited

by Bestway Group Limited

4 hours, 1 minute

1
0
0 0

[PATCH v3] pmdomain: imx: Fix reference count leak in imx_gpc_probe()

by Wentao Liang

of_get_child_by_name() returns a node pointer with refcount incremented. Use the __free() attribute to manage the pgc_node reference, ensuring automatic of_node_put() cleanup when pgc_node goes out of scope. This eliminates the need for explicit error handling paths and avoids reference count leaks. Fixes: 721cabf6c660 ("soc: imx: move PGC handling to a new GPC driver") Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- Change in V3: - Ensure variable is assigned when using cleanup attribute Change in V2: - Use __free() attribute instead of explicit of_node_put() calls --- drivers/pmdomain/imx/gpc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/pmdomain/imx/gpc.c b/drivers/pmdomain/imx/gpc.c index f18c7e6e75dd..0fb3250dbf5f 100644 --- a/drivers/pmdomain/imx/gpc.c +++ b/drivers/pmdomain/imx/gpc.c @@ -403,13 +403,12 @@ static int imx_gpc_old_dt_init(struct device *dev, struct regmap *regmap, static int imx_gpc_probe(struct platform_device *pdev) { const struct imx_gpc_dt_data *of_id_data = device_get_match_data(&pdev->dev); - struct device_node *pgc_node; + struct device_node *pgc_node __free(pgc_node) + = of_get_child_by_name(pdev->dev.of_node, "pgc"); struct regmap *regmap; void __iomem *base; int ret; - pgc_node = of_get_child_by_name(pdev->dev.of_node, "pgc"); - /* bail out if DT too old and doesn't provide the necessary info */ if (!of_property_present(pdev->dev.of_node, "#power-domain-cells") && !pgc_node) -- 2.34.1

4 hours, 18 minutes

2
1
0 0

[PATCH v1 4/4] mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather

by David Hildenbrand (Red Hat)

As reported, ever since commit 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race") we can end up in some situations where we perform so many IPI broadcasts when unsharing hugetlb PMD page tables that it severely regresses some workloads. In particular, when we fork()+exit(), or when we munmap() a large area backed by many shared PMD tables, we perform one IPI broadcast per unshared PMD table. There are two optimizations to be had: (1) When we process (unshare) multiple such PMD tables, such as during exit(), it is sufficient to send a single IPI broadcast (as long as we respect locking rules) instead of one per PMD table. Locking prevents that any of these PMD tables could get reuse before we drop the lock. (2) When we are not the last sharer (> 2 users including us), there is no need to send the IPI broadcast. The shared PMD tables cannot become exclusive (fully unshared) before an IPI will be broadcasted by the last sharer. Concurrent GUP-fast could walk into a PMD table just before we unshared it. It could then succeed in grabbing a page from the shared page table even after munmap() etc succeeded (and supressed an IPI). But there is not difference compared to GUP-fast just sleeping for a while after grabbing the page and re-enabling IRQs. Most importantly, GUP-fast will never walk into page tables that are no-longer shared, because the last sharer will issue an IPI broadcast. (if ever required, checking whether the PUD changed in GUP-fast after grabbing the page like we do in the PTE case could handle this) So let's rework PMD sharing TLB flushing + IPI sync to use the mmu_gather infrastructure so we can implement these optimizations and demystify the code at least a bit. Extend the mmu_gather infrastructure to be able to deal with our special hugetlb PMD table sharing implementation. We'll consolidate the handling for (full) unsharing of PMD tables in tlb_unshare_pmd_ptdesc() and tlb_flush_unshared_tables(), and track in "struct mmu_gather" whether we had (full) unsharing of PMD tables. Because locking is very special (concurrent unsharing+reuse must be prevented), we disallow deferring flushing to tlb_finish_mmu() and instead require an explicit earlier call to tlb_flush_unshared_tables(). From hugetlb code, we call huge_pmd_unshare_flush() where we make sure that the expected lock protecting us from concurrent unsharing+reuse is still held. Check with a VM_WARN_ON_ONCE() in tlb_finish_mmu() that tlb_flush_unshared_tables() was properly called earlier. Document it all properly. Notes about tlb_remove_table_sync_one() interaction with unsharing: There are two fairly tricky things: (1) tlb_remove_table_sync_one() is a NOP on architectures without CONFIG_MMU_GATHER_RCU_TABLE_FREE. Here, the assumption is that the previous TLB flush would send an IPI to all relevant CPUs. Careful: some architectures like x86 only send IPIs to all relevant CPUs when tlb->freed_tables is set. The relevant architectures should be selecting MMU_GATHER_RCU_TABLE_FREE, but x86 might not do that in stable kernels and it might have been problematic before this patch. Also, the arch flushing behavior (independent of IPIs) is different when tlb->freed_tables is set. Do we have to enlighten them to also take care of tlb->unshared_tables? So far we didn't care, so hopefully we are fine. Of course, we could be setting tlb->freed_tables as well, but that might then unnecessarily flush too much, because the semantics of tlb->freed_tables are a bit fuzzy. This patch changes nothing in this regard. (2) tlb_remove_table_sync_one() is not a NOP on architectures with CONFIG_MMU_GATHER_RCU_TABLE_FREE that actually don't need a sync. Take x86 as an example: in the common case (!pv, !X86_FEATURE_INVLPGB) we still issue IPIs during TLB flushes and don't actually need the second tlb_remove_table_sync_one(). This optimized can be implemented on top of this, by checking e.g., in tlb_remove_table_sync_one() whether we really need IPIs. But as described in (1), it really must honor tlb->freed_tables then to send IPIs to all relevant CPUs. Further note that the ptdesc_pmd_pts_dec() in huge_pmd_share() is not a concern, as we are holding the i_mmap_lock the whole time, preventing concurrent unsharing. That ptdesc_pmd_pts_dec() usage will be removed separately as a cleanup later. There are plenty more cleanups to be had, but they have to wait until this is fixed. Fixes: 1013af4f585f ("mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race") Reported-by: Uschakow, Stanislav" <suschako(a)amazon.de> Closes: https://lore.kernel.org/all/4d3878531c76479d9f8ca9789dc6485d@amazon.de/ Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand (Red Hat) <david(a)kernel.org> --- include/asm-generic/tlb.h | 69 +++++++++++++++++++++- include/linux/hugetlb.h | 19 +++--- mm/hugetlb.c | 121 ++++++++++++++++++++++---------------- mm/mmu_gather.c | 6 ++ mm/mprotect.c | 2 +- mm/rmap.c | 25 +++++--- 6 files changed, 173 insertions(+), 69 deletions(-) diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h index 1fff717cae510..324a21f53b644 100644 --- a/include/asm-generic/tlb.h +++ b/include/asm-generic/tlb.h @@ -364,6 +364,17 @@ struct mmu_gather { unsigned int vma_huge : 1; unsigned int vma_pfn : 1; + /* + * Did we unshare (unmap) any shared page tables? + */ + unsigned int unshared_tables : 1; + + /* + * Did we unshare any page tables such that they are now exclusive + * and could get reused+modified by the new owner? + */ + unsigned int fully_unshared_tables : 1; + unsigned int batch_count; #ifndef CONFIG_MMU_GATHER_NO_GATHER @@ -400,6 +411,7 @@ static inline void __tlb_reset_range(struct mmu_gather *tlb) tlb->cleared_pmds = 0; tlb->cleared_puds = 0; tlb->cleared_p4ds = 0; + tlb->unshared_tables = 0; /* * Do not reset mmu_gather::vma_* fields here, we do not * call into tlb_start_vma() again to set them if there is an @@ -484,7 +496,7 @@ static inline void tlb_flush_mmu_tlbonly(struct mmu_gather *tlb) * these bits. */ if (!(tlb->freed_tables || tlb->cleared_ptes || tlb->cleared_pmds || - tlb->cleared_puds || tlb->cleared_p4ds)) + tlb->cleared_puds || tlb->cleared_p4ds || tlb->unshared_tables)) return; tlb_flush(tlb); @@ -773,6 +785,61 @@ static inline bool huge_pmd_needs_flush(pmd_t oldpmd, pmd_t newpmd) } #endif +#ifdef CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING +static inline void tlb_unshare_pmd_ptdesc(struct mmu_gather *tlb, struct ptdesc *pt, + unsigned long addr) +{ + /* + * The caller must make sure that concurrent unsharing + exclusive + * reuse is impossible until tlb_flush_unshared_tables() was called. + */ + VM_WARN_ON_ONCE(!ptdesc_pmd_is_shared(pt)); + ptdesc_pmd_pts_dec(pt); + + /* Clearing a PUD pointing at a PMD table with PMD leaves. */ + tlb_flush_pmd_range(tlb, addr & PUD_MASK, PUD_SIZE); + + /* + * If the page table is now exclusively owned, we fully unshared + * a page table. + */ + if (!ptdesc_pmd_is_shared(pt)) + tlb->fully_unshared_tables = true; + tlb->unshared_tables = true; +} + +static inline void tlb_flush_unshared_tables(struct mmu_gather *tlb) +{ + /* + * As soon as the caller drops locks to allow for reuse of + * previously-shared tables, these tables could get modified and + * even reused outside of hugetlb context. So flush the TLB now. + * + * Note that we cannot defer the flush to a later point even if we are + * not the last sharer of the page table. + */ + if (tlb->unshared_tables) + tlb_flush_mmu_tlbonly(tlb); + + /* + * Similarly, we must make sure that concurrent GUP-fast will not + * walk previously-shared page tables that are getting modified+reused + * elsewhere. So broadcast an IPI to wait for any concurrent GUP-fast. + * + * We only perform this when we are the last sharer of a page table, + * as the IPI will reach all CPUs: any GUP-fast. + * + * Note that on configs where tlb_remove_table_sync_one() is a NOP, + * the expectation is that the tlb_flush_mmu_tlbonly() would have issued + * required IPIs already for us. + */ + if (tlb->fully_unshared_tables) { + tlb_remove_table_sync_one(); + tlb->fully_unshared_tables = false; + } +} +#endif /* CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */ + #endif /* CONFIG_MMU */ #endif /* _ASM_GENERIC__TLB_H */ diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index 03c8725efa289..63b248c6bfd47 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -240,8 +240,9 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, unsigned long sz); unsigned long hugetlb_mask_last_page(struct hstate *h); -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep); +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep); +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma); void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, unsigned long *start, unsigned long *end); @@ -271,7 +272,7 @@ void hugetlb_vma_unlock_write(struct vm_area_struct *vma); int hugetlb_vma_trylock_write(struct vm_area_struct *vma); void hugetlb_vma_assert_locked(struct vm_area_struct *vma); void hugetlb_vma_lock_release(struct kref *kref); -long hugetlb_change_protection(struct vm_area_struct *vma, +long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags); void hugetlb_unshare_all_pmds(struct vm_area_struct *vma); @@ -300,13 +301,17 @@ static inline struct address_space *hugetlb_folio_mapping_lock_write( return NULL; } -static inline int huge_pmd_unshare(struct mm_struct *mm, - struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +static inline int huge_pmd_unshare(struct mmu_gather *tlb, + struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) { return 0; } +static inline void huge_pmd_unshare_flush(struct mmu_gather *tlb, + struct vm_area_struct *vma) +{ +} + static inline void adjust_range_if_pmd_sharing_possible( struct vm_area_struct *vma, unsigned long *start, unsigned long *end) @@ -432,7 +437,7 @@ static inline void move_hugetlb_state(struct folio *old_folio, { } -static inline long hugetlb_change_protection( +static inline long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 3c77cdef12a32..3db94693a06fc 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5096,8 +5096,9 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, unsigned long last_addr_mask; pte_t *src_pte, *dst_pte; struct mmu_notifier_range range; - bool shared_pmd = false; + struct mmu_gather tlb; + tlb_gather_mmu(&tlb, vma->vm_mm); mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, mm, old_addr, old_end); adjust_range_if_pmd_sharing_possible(vma, &range.start, &range.end); @@ -5122,12 +5123,12 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, if (huge_pte_none(huge_ptep_get(mm, old_addr, src_pte))) continue; - if (huge_pmd_unshare(mm, vma, old_addr, src_pte)) { - shared_pmd = true; + if (huge_pmd_unshare(&tlb, vma, old_addr, src_pte)) { old_addr |= last_addr_mask; new_addr |= last_addr_mask; continue; } + tlb_remove_huge_tlb_entry(h, &tlb, src_pte, old_addr); dst_pte = huge_pte_alloc(mm, new_vma, new_addr, sz); if (!dst_pte) @@ -5136,13 +5137,13 @@ int move_hugetlb_page_tables(struct vm_area_struct *vma, move_huge_pte(vma, old_addr, new_addr, src_pte, dst_pte, sz); } - if (shared_pmd) - flush_hugetlb_tlb_range(vma, range.start, range.end); - else - flush_hugetlb_tlb_range(vma, old_end - len, old_end); + tlb_flush_mmu_tlbonly(&tlb); + huge_pmd_unshare_flush(&tlb, vma); + mmu_notifier_invalidate_range_end(&range); i_mmap_unlock_write(mapping); hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); return len + old_addr - old_end; } @@ -5161,7 +5162,6 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long sz = huge_page_size(h); bool adjust_reservation; unsigned long last_addr_mask; - bool force_flush = false; WARN_ON(!is_vm_hugetlb_page(vma)); BUG_ON(start & ~huge_page_mask(h)); @@ -5184,10 +5184,8 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, } ptl = huge_pte_lock(h, mm, ptep); - if (huge_pmd_unshare(mm, vma, address, ptep)) { + if (huge_pmd_unshare(tlb, vma, address, ptep)) { spin_unlock(ptl); - tlb_flush_pmd_range(tlb, address & PUD_MASK, PUD_SIZE); - force_flush = true; address |= last_addr_mask; continue; } @@ -5303,14 +5301,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma, } tlb_end_vma(tlb, vma); - /* - * There is nothing protecting a previously-shared page table that we - * unshared through huge_pmd_unshare() from getting freed after we - * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare() - * succeeded, flush the range corresponding to the pud. - */ - if (force_flush) - tlb_flush_mmu_tlbonly(tlb); + huge_pmd_unshare_flush(tlb, vma); } void __hugetlb_zap_begin(struct vm_area_struct *vma, @@ -6399,7 +6390,7 @@ int hugetlb_mfill_atomic_pte(pte_t *dst_pte, } #endif /* CONFIG_USERFAULTFD */ -long hugetlb_change_protection(struct vm_area_struct *vma, +long hugetlb_change_protection(struct mmu_gather *tlb, struct vm_area_struct *vma, unsigned long address, unsigned long end, pgprot_t newprot, unsigned long cp_flags) { @@ -6409,7 +6400,6 @@ long hugetlb_change_protection(struct vm_area_struct *vma, pte_t pte; struct hstate *h = hstate_vma(vma); long pages = 0, psize = huge_page_size(h); - bool shared_pmd = false; struct mmu_notifier_range range; unsigned long last_addr_mask; bool uffd_wp = cp_flags & MM_CP_UFFD_WP; @@ -6452,7 +6442,7 @@ long hugetlb_change_protection(struct vm_area_struct *vma, } } ptl = huge_pte_lock(h, mm, ptep); - if (huge_pmd_unshare(mm, vma, address, ptep)) { + if (huge_pmd_unshare(tlb, vma, address, ptep)) { /* * When uffd-wp is enabled on the vma, unshare * shouldn't happen at all. Warn about it if it @@ -6461,7 +6451,6 @@ long hugetlb_change_protection(struct vm_area_struct *vma, WARN_ON_ONCE(uffd_wp || uffd_wp_resolve); pages++; spin_unlock(ptl); - shared_pmd = true; address |= last_addr_mask; continue; } @@ -6522,22 +6511,16 @@ long hugetlb_change_protection(struct vm_area_struct *vma, pte = huge_pte_clear_uffd_wp(pte); huge_ptep_modify_prot_commit(vma, address, ptep, old_pte, pte); pages++; + tlb_remove_huge_tlb_entry(h, tlb, ptep, address); } next: spin_unlock(ptl); cond_resched(); } - /* - * There is nothing protecting a previously-shared page table that we - * unshared through huge_pmd_unshare() from getting freed after we - * release i_mmap_rwsem, so flush the TLB now. If huge_pmd_unshare() - * succeeded, flush the range corresponding to the pud. - */ - if (shared_pmd) - flush_hugetlb_tlb_range(vma, range.start, range.end); - else - flush_hugetlb_tlb_range(vma, start, end); + + tlb_flush_mmu_tlbonly(tlb); + huge_pmd_unshare_flush(tlb, vma); /* * No need to call mmu_notifier_arch_invalidate_secondary_tlbs() we are * downgrading page table protection not changing it to point to a new @@ -6904,18 +6887,27 @@ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, return pte; } -/* - * unmap huge page backed by shared pte. +/** + * huge_pmd_unshare - Unmap a pmd table if it is shared by multiple users + * @tlb: the current mmu_gather. + * @vma: the vma covering the pmd table. + * @addr: the address we are trying to unshare. + * @ptep: pointer into the (pmd) page table. + * + * Called with the page table lock held, the i_mmap_rwsem held in write mode + * and the hugetlb vma lock held in write mode. * - * Called with page table lock held. + * Note: The caller must call huge_pmd_unshare_flush() before dropping the + * i_mmap_rwsem. * - * returns: 1 successfully unmapped a shared pte page - * 0 the underlying pte page is not shared, or it is the last user + * Returns: 1 if it was a shared PMD table and it got unmapped, or 0 if it + * was not a shared PMD table. */ -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep) { unsigned long sz = huge_page_size(hstate_vma(vma)); + struct mm_struct *mm = vma->vm_mm; pgd_t *pgd = pgd_offset(mm, addr); p4d_t *p4d = p4d_offset(pgd, addr); pud_t *pud = pud_offset(p4d, addr); @@ -6927,18 +6919,36 @@ int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, i_mmap_assert_write_locked(vma->vm_file->f_mapping); hugetlb_vma_assert_locked(vma); pud_clear(pud); - /* - * Once our caller drops the rmap lock, some other process might be - * using this page table as a normal, non-hugetlb page table. - * Wait for pending gup_fast() in other threads to finish before letting - * that happen. - */ - tlb_remove_table_sync_one(); - ptdesc_pmd_pts_dec(virt_to_ptdesc(ptep)); + + tlb_unshare_pmd_ptdesc(tlb, virt_to_ptdesc(ptep), addr); + mm_dec_nr_pmds(mm); return 1; } +/* + * huge_pmd_unshare_flush - Complete a sequence of huge_pmd_unshare() calls + * @tlb: the current mmu_gather. + * @vma: the vma covering the pmd table. + * + * Perform necessary TLB flushes or IPI broadcasts to synchronize PMD table + * unsharing with concurrent page table walkers (TLB, GUP-fast, etc.). + * + * This function must be called after a sequence of huge_pmd_unshare() + * calls while still holding the i_mmap_rwsem. + */ +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma) +{ + /* + * We must synchronize page table unsharing such that nobody will + * try reusing a previously-shared page table while it might still + * be in use by previous sharers (TLB, GUP_fast). + */ + i_mmap_assert_write_locked(vma->vm_file->f_mapping); + + tlb_flush_unshared_tables(tlb); +} + #else /* !CONFIG_HUGETLB_PMD_PAGE_TABLE_SHARING */ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, @@ -6947,12 +6957,16 @@ pte_t *huge_pmd_share(struct mm_struct *mm, struct vm_area_struct *vma, return NULL; } -int huge_pmd_unshare(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep) +int huge_pmd_unshare(struct mmu_gather *tlb, struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep) { return 0; } +void huge_pmd_unshare_flush(struct mmu_gather *tlb, struct vm_area_struct *vma) +{ +} + void adjust_range_if_pmd_sharing_possible(struct vm_area_struct *vma, unsigned long *start, unsigned long *end) { @@ -7219,6 +7233,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, unsigned long sz = huge_page_size(h); struct mm_struct *mm = vma->vm_mm; struct mmu_notifier_range range; + struct mmu_gather tlb; unsigned long address; spinlock_t *ptl; pte_t *ptep; @@ -7229,6 +7244,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, if (start >= end) return; + tlb_gather_mmu(&tlb, mm); flush_cache_range(vma, start, end); /* * No need to call adjust_range_if_pmd_sharing_possible(), because @@ -7248,10 +7264,10 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, if (!ptep) continue; ptl = huge_pte_lock(h, mm, ptep); - huge_pmd_unshare(mm, vma, address, ptep); + huge_pmd_unshare(&tlb, vma, address, ptep); spin_unlock(ptl); } - flush_hugetlb_tlb_range(vma, start, end); + huge_pmd_unshare_flush(&tlb, vma); if (take_locks) { i_mmap_unlock_write(vma->vm_file->f_mapping); hugetlb_vma_unlock_write(vma); @@ -7261,6 +7277,7 @@ static void hugetlb_unshare_pmds(struct vm_area_struct *vma, * Documentation/mm/mmu_notifier.rst. */ mmu_notifier_invalidate_range_end(&range); + tlb_finish_mmu(&tlb); } /* diff --git a/mm/mmu_gather.c b/mm/mmu_gather.c index 247e3f9db6c7a..822a790127375 100644 --- a/mm/mmu_gather.c +++ b/mm/mmu_gather.c @@ -468,6 +468,12 @@ void tlb_gather_mmu_fullmm(struct mmu_gather *tlb, struct mm_struct *mm) */ void tlb_finish_mmu(struct mmu_gather *tlb) { + /* + * We expect an earlier huge_pmd_unshare_flush() call to sort this out, + * due to complicated locking requirements with page table unsharing. + */ + VM_WARN_ON_ONCE(tlb->fully_unshared_tables); + /* * If there are parallel threads are doing PTE changes on same range * under non-exclusive lock (e.g., mmap_lock read-side) but defer TLB diff --git a/mm/mprotect.c b/mm/mprotect.c index 283889e4f1cec..5c330e817129e 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -652,7 +652,7 @@ long change_protection(struct mmu_gather *tlb, #endif if (is_vm_hugetlb_page(vma)) - pages = hugetlb_change_protection(vma, start, end, newprot, + pages = hugetlb_change_protection(tlb, vma, start, end, newprot, cp_flags); else pages = change_protection_range(tlb, vma, start, end, newprot, diff --git a/mm/rmap.c b/mm/rmap.c index 748f48727a162..d6799afe11147 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -76,7 +76,7 @@ #include <linux/mm_inline.h> #include <linux/oom.h> -#include <asm/tlbflush.h> +#include <asm/tlb.h> #define CREATE_TRACE_POINTS #include <trace/events/migrate.h> @@ -2008,13 +2008,17 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, * if unsuccessful. */ if (!anon) { + struct mmu_gather tlb; + VM_BUG_ON(!(flags & TTU_RMAP_LOCKED)); if (!hugetlb_vma_trylock_write(vma)) goto walk_abort; - if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) { + + tlb_gather_mmu(&tlb, mm); + if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) { hugetlb_vma_unlock_write(vma); - flush_tlb_range(vma, - range.start, range.end); + huge_pmd_unshare_flush(&tlb, vma); + tlb_finish_mmu(&tlb); /* * The PMD table was unmapped, * consequently unmapping the folio. @@ -2022,6 +2026,7 @@ static bool try_to_unmap_one(struct folio *folio, struct vm_area_struct *vma, goto walk_done; } hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); } pteval = huge_ptep_clear_flush(vma, address, pvmw.pte); if (pte_dirty(pteval)) @@ -2398,17 +2403,20 @@ static bool try_to_migrate_one(struct folio *folio, struct vm_area_struct *vma, * fail if unsuccessful. */ if (!anon) { + struct mmu_gather tlb; + VM_BUG_ON(!(flags & TTU_RMAP_LOCKED)); if (!hugetlb_vma_trylock_write(vma)) { page_vma_mapped_walk_done(&pvmw); ret = false; break; } - if (huge_pmd_unshare(mm, vma, address, pvmw.pte)) { - hugetlb_vma_unlock_write(vma); - flush_tlb_range(vma, - range.start, range.end); + tlb_gather_mmu(&tlb, mm); + if (huge_pmd_unshare(&tlb, vma, address, pvmw.pte)) { + hugetlb_vma_unlock_write(vma); + huge_pmd_unshare_flush(&tlb, vma); + tlb_finish_mmu(&tlb); /* * The PMD table was unmapped, * consequently unmapping the folio. @@ -2417,6 +2425,7 @@ static bool try_to_migrate_one(struct folio *folio, struct vm_area_struct *vma, break; } hugetlb_vma_unlock_write(vma); + tlb_finish_mmu(&tlb); } /* Nuke the hugetlb page table entry */ pteval = huge_ptep_clear_flush(vma, address, pvmw.pte); -- 2.52.0

4 hours, 36 minutes

3
4
0 0

[PATCH v1 1/1] scsi: ufs : core: Add ufshcd_update_evt_hist for ufs suspend error.

by Seunghwan Baek

If the ufs resume fails, the event history is updated in ufshcd_resume, but there is no code anywhere to record ufs suspend. Therefore, add code to record ufs suspend error event history. Fixes: dd11376b9f1b ("scsi: ufs: Split the drivers/scsi/ufs directory") Cc: stable(a)vger.kernel.org Signed-off-by: Seunghwan Baek <sh8267.baek(a)samsung.com> --- drivers/ufs/core/ufshcd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 040a0ceb170a..6bb2781aefc7 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -10337,7 +10337,7 @@ static int ufshcd_suspend(struct ufs_hba *hba) ret = ufshcd_setup_clocks(hba, false); if (ret) { ufshcd_enable_irq(hba); - return ret; + goto out; } if (ufshcd_is_clkgating_allowed(hba)) { hba->clk_gating.state = CLKS_OFF; @@ -10349,6 +10349,9 @@ static int ufshcd_suspend(struct ufs_hba *hba) /* Put the host controller in low power mode if possible */ ufshcd_hba_vreg_set_lpm(hba); ufshcd_pm_qos_update(hba, false); +out: + if (ret) + ufshcd_update_evt_hist(hba, UFS_EVT_SUSPEND_ERR, (u32)ret); return ret; } -- 2.43.0

7 hours, 13 minutes

2
1
0 0

[PATCH] input: synaptics_i2c - cancel delayed work before freeing device

by Minseong Kim

synaptics_i2c_irq() schedules touch->dwork via mod_delayed_work(). The delayed work performs I2C transactions and may still be running (or get queued) when the device is removed. synaptics_i2c_remove() currently frees 'touch' without canceling touch->dwork. If removal happens while the work is pending/running, the work handler may dereference freed memory, leading to a potential use-after-free. Cancel the delayed work synchronously before unregistering/freeing the device. Fixes: eef3e4cab72e Input: add driver for Synaptics I2C touchpad Reported-by: Minseong Kim <ii4gsp(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Minseong Kim <ii4gsp(a)gmail.com> --- drivers/input/mouse/synaptics_i2c.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/input/mouse/synaptics_i2c.c b/drivers/input/mouse/synaptics_i2c.c index a0d707e47d93..fe30bf9aea3a 100644 --- a/drivers/input/mouse/synaptics_i2c.c +++ b/drivers/input/mouse/synaptics_i2c.c @@ -593,6 +593,8 @@ static void synaptics_i2c_remove(struct i2c_client *client) if (!polling_req) free_irq(client->irq, touch); + cancel_delayed_work_sync(&touch->dwork); + input_unregister_device(touch->input); kfree(touch); } -- 2.39.5

7 hours, 17 minutes

3
3
0 0

[PATCH 6.1.y] page_pool: Fix use-after-free in page_pool_recycle_in_ring

by ruohanlan＠aliyun.com

From: Dong Chenchen <dongchenchen2(a)huawei.com> [ Upstream commit 271683bb2cf32e5126c592b5d5e6a756fa374fd9 ] syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline] page_pool_recycle_in_ring net/core/page_pool.c:707 [inline] page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826 page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline] page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline] napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036 skb_pp_recycle net/core/skbuff.c:1047 [inline] skb_free_head net/core/skbuff.c:1094 [inline] skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1263 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline] root cause is: page_pool_recycle_in_ring ptr_ring_produce spin_lock(&r->producer_lock); WRITE_ONCE(r->queue[r->producer++], ptr) //recycle last page to pool page_pool_release page_pool_scrub page_pool_empty_ring ptr_ring_consume page_pool_return_page //release all page __page_pool_destroy free_percpu(pool->recycle_stats); free(pool) //free spin_unlock(&r->producer_lock); //pool->ring uaf read recycle_stat_inc(pool, ring); page_pool can be free while page pool recycle the last page in ring. Add producer-lock barrier to page_pool_release to prevent the page pool from being free before all pages have been recycled. recycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not enabled, which will trigger Wempty-body build warning. Add definition for pool stat macro to fix warning. Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Link: https://lore.kernel.org/netdev/20250513083123.3514193-1-dongchenchen2@huawe… Fixes: ff7d6b27f894 ("page_pool: refurbish version of page_pool code") Reported-by: syzbot+204a4382fcb3311f3858(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=204a4382fcb3311f3858 Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> Reviewed-by: Toke Høiland-Jørgensen <toke(a)redhat.com> Reviewed-by: Mina Almasry <almasrymina(a)google.com> Link: https://patch.msgid.link/20250527114152.3119109-1-dongchenchen2@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ Minor context change fixed. ] Signed-off-by: Ruohan Lan <ruohanlan(a)aliyun.com> --- net/core/page_pool.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/net/core/page_pool.c b/net/core/page_pool.c index 5c66092f9580..4a3abd86f8ce 100644 --- a/net/core/page_pool.c +++ b/net/core/page_pool.c @@ -128,9 +128,9 @@ u64 *page_pool_ethtool_stats_get(u64 *data, void *stats) EXPORT_SYMBOL(page_pool_ethtool_stats_get); #else -#define alloc_stat_inc(pool, __stat) -#define recycle_stat_inc(pool, __stat) -#define recycle_stat_add(pool, __stat, val) +#define alloc_stat_inc(...) do { } while (0) +#define recycle_stat_inc(...) do { } while (0) +#define recycle_stat_add(...) do { } while (0) #endif static bool page_pool_producer_lock(struct page_pool *pool) @@ -539,19 +539,16 @@ static void page_pool_return_page(struct page_pool *pool, struct page *page) static bool page_pool_recycle_in_ring(struct page_pool *pool, struct page *page) { - int ret; - /* BH protection not needed if current is softirq */ - if (in_softirq()) - ret = ptr_ring_produce(&pool->ring, page); - else - ret = ptr_ring_produce_bh(&pool->ring, page); + bool in_softirq, ret; - if (!ret) { + /* BH protection not needed if current is softirq */ + in_softirq = page_pool_producer_lock(pool); + ret = !__ptr_ring_produce(&pool->ring, page); + if (ret) recycle_stat_inc(pool, ring); - return true; - } + page_pool_producer_unlock(pool, in_softirq); - return false; + return ret; } /* Only allow direct recycling in special circumstances, into the @@ -826,10 +823,14 @@ static void page_pool_scrub(struct page_pool *pool) static int page_pool_release(struct page_pool *pool) { + bool in_softirq; int inflight; page_pool_scrub(pool); inflight = page_pool_inflight(pool); + /* Acquire producer lock to make sure producers have exited. */ + in_softirq = page_pool_producer_lock(pool); + page_pool_producer_unlock(pool, in_softirq); if (!inflight) page_pool_free(pool); -- 2.43.0

7 hours, 27 minutes

1
0
0 0

[PATCH 6.6.y] page_pool: Fix use-after-free in page_pool_recycle_in_ring

by ruohanlan＠aliyun.com

From: Dong Chenchen <dongchenchen2(a)huawei.com> [ Upstream commit 271683bb2cf32e5126c592b5d5e6a756fa374fd9 ] syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline] page_pool_recycle_in_ring net/core/page_pool.c:707 [inline] page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826 page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline] page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline] napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036 skb_pp_recycle net/core/skbuff.c:1047 [inline] skb_free_head net/core/skbuff.c:1094 [inline] skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1263 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline] root cause is: page_pool_recycle_in_ring ptr_ring_produce spin_lock(&r->producer_lock); WRITE_ONCE(r->queue[r->producer++], ptr) //recycle last page to pool page_pool_release page_pool_scrub page_pool_empty_ring ptr_ring_consume page_pool_return_page //release all page __page_pool_destroy free_percpu(pool->recycle_stats); free(pool) //free spin_unlock(&r->producer_lock); //pool->ring uaf read recycle_stat_inc(pool, ring); page_pool can be free while page pool recycle the last page in ring. Add producer-lock barrier to page_pool_release to prevent the page pool from being free before all pages have been recycled. recycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not enabled, which will trigger Wempty-body build warning. Add definition for pool stat macro to fix warning. Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Link: https://lore.kernel.org/netdev/20250513083123.3514193-1-dongchenchen2@huawe… Fixes: ff7d6b27f894 ("page_pool: refurbish version of page_pool code") Reported-by: syzbot+204a4382fcb3311f3858(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=204a4382fcb3311f3858 Signed-off-by: Dong Chenchen <dongchenchen2(a)huawei.com> Reviewed-by: Toke Høiland-Jørgensen <toke(a)redhat.com> Reviewed-by: Mina Almasry <almasrymina(a)google.com> Link: https://patch.msgid.link/20250527114152.3119109-1-dongchenchen2@huawei.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ Minor context change fixed. ] Signed-off-by: Ruohan Lan <ruohanlan(a)aliyun.com> --- net/core/page_pool.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/net/core/page_pool.c b/net/core/page_pool.c index 0188d7f00785..c8e92a12af35 100644 --- a/net/core/page_pool.c +++ b/net/core/page_pool.c @@ -140,9 +140,9 @@ u64 *page_pool_ethtool_stats_get(u64 *data, void *stats) EXPORT_SYMBOL(page_pool_ethtool_stats_get); #else -#define alloc_stat_inc(pool, __stat) -#define recycle_stat_inc(pool, __stat) -#define recycle_stat_add(pool, __stat, val) +#define alloc_stat_inc(...) do { } while (0) +#define recycle_stat_inc(...) do { } while (0) +#define recycle_stat_add(...) do { } while (0) #endif static bool page_pool_producer_lock(struct page_pool *pool) @@ -549,19 +549,16 @@ static void page_pool_return_page(struct page_pool *pool, struct page *page) static bool page_pool_recycle_in_ring(struct page_pool *pool, struct page *page) { - int ret; - /* BH protection not needed if current is softirq */ - if (in_softirq()) - ret = ptr_ring_produce(&pool->ring, page); - else - ret = ptr_ring_produce_bh(&pool->ring, page); + bool in_softirq, ret; - if (!ret) { + /* BH protection not needed if current is softirq */ + in_softirq = page_pool_producer_lock(pool); + ret = !__ptr_ring_produce(&pool->ring, page); + if (ret) recycle_stat_inc(pool, ring); - return true; - } + page_pool_producer_unlock(pool, in_softirq); - return false; + return ret; } /* Only allow direct recycling in special circumstances, into the @@ -850,10 +847,14 @@ static void page_pool_scrub(struct page_pool *pool) static int page_pool_release(struct page_pool *pool) { + bool in_softirq; int inflight; page_pool_scrub(pool); inflight = page_pool_inflight(pool); + /* Acquire producer lock to make sure producers have exited. */ + in_softirq = page_pool_producer_lock(pool); + page_pool_producer_unlock(pool, in_softirq); if (!inflight) page_pool_free(pool); -- 2.43.0

7 hours, 28 minutes

1
0
0 0

[PATCH iwl-net v1] ixgbevf: fix link setup issue

by Jedrzej Jagielski

It may happen that VF spawned for E610 adapter has problem with setting link up. This happens when ixgbevf supporting mailbox API 1.6 coopearates with PF driver which doesn't support this version of API, and hence doesn't support new approach for getting PF link data. In that case VF asks PF to provide link data but as PF doesn't support it, returns -EOPNOTSUPP what leads to early bail from link configuration sequence. Avoid such situation by using legacy VFLINKS approach whenever negotiated API version is less than 1.6. Fixes: 53f0eb62b4d2 ("ixgbevf: fix getting link speed data for E610 devices") Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> Reviewed-by: Piotr Kwapulinski <piotr.kwapulinski(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> --- drivers/net/ethernet/intel/ixgbevf/vf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c b/drivers/net/ethernet/intel/ixgbevf/vf.c index 29c5ce967938..8af88f615776 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.c +++ b/drivers/net/ethernet/intel/ixgbevf/vf.c @@ -846,7 +846,8 @@ static s32 ixgbevf_check_mac_link_vf(struct ixgbe_hw *hw, if (!mac->get_link_status) goto out; - if (hw->mac.type == ixgbe_mac_e610_vf) { + if (hw->mac.type == ixgbe_mac_e610_vf && + hw->api_version >= ixgbe_mbox_api_16) { ret_val = ixgbevf_get_pf_link_state(hw, speed, link_up); if (ret_val) goto out; -- 2.31.1

8 hours, 7 minutes

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror