- Linux-stable-mirror - lists.linaro.org

[BUG] Missing backport for commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x")

by Slavin Liu

Hi, I would like to request backporting commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x") to all LTS kernels. This patch actually fixes a use-after-free issue, but it hasn't been backported to any of the LTS versions, which are still being affected. As the patch describes, a specific trigger scenario could be: If a tunnel packet is received (e.g., in ip_local_deliver()), with the outer layer being IPComp protocol and the inner layer being fragmented packets, during outer packet processing, it will go through xfrm_input() to hold a reference to the IPComp xfrm_state. Then, it is re-injected into the network stack via gro_cells_receive() and placed in the reassembly queue. When exiting the netns and calling cleanup_net(), although ipv4_frags_exit_net() is called before xfrm_net_exit(), due to asynchronous scheduling, fqdir_free_work() may execute after xfrm_state_fini(). In xfrm_state_fini(), xfrm_state_flush() puts and deletes the xfrm_state for IPPROTO_COMP, but does not delete the xfrm_state for IPPROTO_IPIP. Meanwhile, the skb in the reassembly queue holds the last reference to the IPPROTO_COMP xfrm_state, so it isn't destroyed yet. Only when the skb in the reassembly queue is destroyed does the IPPROTO_COMP xfrm_state get fully destroyed, which calls ipcomp_destroy() to delete the IPPROTO_IPIP xfrm_state. However, by this time, the hash tables (net->xfrm.state_byxxx) have already been kfreed in xfrm_state_fini(), leading to a use-after-free during the deletion. The bug has existed since kernel v2.6.29, so the patch should be backported to all LTS kernels. thanks, Slavin Liu

5 days

2
2
0 0

Linux 6.17.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.10 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +- Documentation/wmi/driver-development-guide.rst | 1 Makefile | 2 arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3576.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 arch/arm64/kvm/hyp/nvhe/ffa.c | 9 arch/loongarch/include/uapi/asm/ptrace.h | 40 +-- arch/loongarch/kernel/numa.c | 60 +--- arch/loongarch/net/bpf_jit.c | 3 arch/loongarch/pci/pci.c | 8 arch/mips/boot/dts/econet/en751221.dtsi | 2 arch/mips/kernel/process.c | 2 arch/mips/mti-malta/malta-init.c | 20 + arch/s390/include/asm/pgtable.h | 12 arch/s390/mm/pgtable.c | 4 arch/x86/events/intel/uncore.c | 1 arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/microcode/amd.c | 20 + arch/x86/kvm/svm/svm.c | 9 arch/x86/kvm/svm/svm.h | 1 block/blk-crypto.c | 2 drivers/acpi/apei/einj-core.c | 64 +++-- drivers/ata/libata-scsi.c | 11 drivers/base/power/main.c | 25 +- drivers/bcma/main.c | 6 drivers/clk/sunxi-ng/ccu-sun55i-a523-r.c | 4 drivers/clk/sunxi-ng/ccu-sun55i-a523.c | 2 drivers/gpio/gpiolib-cdev.c | 9 drivers/gpio/gpiolib-swnode.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 65 +++++ drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.h | 10 drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 58 ---- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 6 drivers/gpu/drm/amd/amdgpu/jpeg_v2_5.c | 4 drivers/gpu/drm/amd/amdgpu/jpeg_v3_0.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_5.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_1.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 +--- drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 4 drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 26 +- drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 11 drivers/gpu/drm/drm_plane.c | 4 drivers/gpu/drm/i915/display/intel_cx0_phy.c | 14 - drivers/gpu/drm/i915/display/intel_display_device.c | 13 + drivers/gpu/drm/i915/display/intel_display_device.h | 4 drivers/gpu/drm/i915/display/intel_dmc.c | 10 drivers/gpu/drm/i915/display/intel_dp.c | 30 -- drivers/gpu/drm/i915/display/intel_psr.c | 36 ++ drivers/gpu/drm/i915/display/intel_quirks.c | 9 drivers/gpu/drm/i915/display/intel_quirks.h | 1 drivers/gpu/drm/msm/msm_iommu.c | 5 drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 drivers/gpu/drm/radeon/radeon_fence.c | 7 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tegra/dsi.c | 9 drivers/gpu/drm/tegra/uapi.c | 7 drivers/gpu/drm/xe/tests/xe_mocs.c | 2 drivers/gpu/drm/xe/xe_irq.c | 18 - drivers/gpu/drm/xe/xe_pci.c | 1 drivers/gpu/drm/xe/xe_vm.c | 4 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 drivers/hid/hid-ids.h | 4 drivers/hid/hid-quirks.c | 13 - drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/tablet/pegasus_notetaker.c | 9 drivers/input/touchscreen/goodix.c | 1 drivers/mtd/mtdchar.c | 6 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 - drivers/net/dsa/microchip/lan937x_main.c | 1 drivers/net/ethernet/airoha/airoha_eth.h | 11 drivers/net/ethernet/airoha/airoha_ppe.c | 103 ++++++-- drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/intel/ice/ice_ptp.c | 22 + drivers/net/ethernet/intel/idpf/idpf_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 drivers/net/ethernet/ti/netcp_core.c | 10 drivers/net/phy/phylink.c | 3 drivers/net/veth.c | 38 +-- drivers/net/wireless/realtek/rtw89/fw.c | 7 drivers/nvme/host/fc.c | 15 - drivers/nvme/host/multipath.c | 2 drivers/nvme/target/auth.c | 4 drivers/nvme/target/fabrics-cmd-auth.c | 1 drivers/nvme/target/nvmet.h | 1 drivers/perf/riscv_pmu_sbi.c | 2 drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 23 + drivers/pinctrl/mediatek/pinctrl-mt8189.c | 4 drivers/pinctrl/mediatek/pinctrl-mt8196.c | 6 drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 drivers/pinctrl/realtek/Kconfig | 1 drivers/platform/x86/Kconfig | 1 drivers/platform/x86/dell/alienware-wmi-wmax.c | 104 ++------ drivers/platform/x86/intel/speed_select_if/isst_if_mmio.c | 4 drivers/platform/x86/intel/uncore-frequency/uncore-frequency-common.h | 9 drivers/platform/x86/msi-wmi-platform.c | 43 +++ drivers/reset/reset-imx8mp-audiomix.c | 4 drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/sg.c | 10 drivers/soc/ti/knav_dma.c | 14 - drivers/target/loopback/tcm_loop.c | 3 drivers/tty/vt/vt_ioctl.c | 4 drivers/ufs/host/ufs-qcom.c | 15 + fs/btrfs/inode.c | 1 fs/btrfs/tree-log.c | 3 fs/exfat/super.c | 5 fs/fat/inode.c | 6 fs/isofs/inode.c | 5 fs/namespace.c | 4 fs/smb/client/cached_dir.c | 43 +++ fs/smb/client/cifsfs.c | 2 fs/smb/client/cifsproto.h | 2 fs/smb/client/connect.c | 38 +-- fs/smb/client/dfs_cache.c | 55 +++- fs/smb/client/fs_context.c | 4 fs/xfs/scrub/symlink_repair.c | 4 fs/xfs/xfs_super.c | 5 include/drm/intel/pciids.h | 5 include/linux/ata.h | 1 include/net/tls.h | 25 +- include/net/xfrm.h | 3 io_uring/cmd_net.c | 2 kernel/events/core.c | 2 kernel/sched/ext.c | 121 +++++++++- kernel/sched/sched.h | 1 kernel/time/tick-sched.c | 11 kernel/time/timekeeping.c | 21 - kernel/time/timer.c | 7 lib/test_kho.c | 3 mm/mempool.c | 32 ++ mm/shmem.c | 15 - mm/truncate.c | 35 ++ net/core/dev_ioctl.c | 3 net/devlink/rate.c | 4 net/ipv4/esp4_offload.c | 6 net/ipv6/esp6_offload.c | 6 net/mptcp/options.c | 54 ++++ net/mptcp/pm.c | 20 + net/mptcp/pm_kernel.c | 2 net/mptcp/protocol.c | 84 ++++-- net/mptcp/protocol.h | 3 net/mptcp/subflow.c | 8 net/openvswitch/actions.c | 68 ----- net/openvswitch/flow_netlink.c | 64 ----- net/openvswitch/flow_netlink.h | 2 net/tls/tls_device.c | 4 net/unix/af_unix.c | 3 net/vmw_vsock/af_vsock.c | 40 ++- net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_output.c | 8 net/xfrm/xfrm_state.c | 16 - net/xfrm/xfrm_user.c | 5 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 security/selinux/hooks.c | 79 +++--- security/selinux/include/objsec.h | 20 + sound/hda/codecs/realtek/alc269.c | 2 sound/soc/codecs/rt721-sdca.c | 4 sound/soc/codecs/rt721-sdca.h | 1 sound/usb/mixer.c | 2 tools/arch/riscv/include/asm/csr.h | 5 tools/testing/selftests/cachestat/test_cachestat.c | 4 tools/testing/selftests/net/bareudp.sh | 2 tools/testing/selftests/net/forwarding/lib_sh_test.sh | 7 tools/testing/selftests/net/lib.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 - tools/tracing/latency/latency-collector.c | 2 184 files changed, 1493 insertions(+), 919 deletions(-) Aleksander Jan Bajkowski (1): mips: dts: econet: fix EN751221 core type Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alexey Charkov (1): arm64: dts: rockchip: Remove non-functioning CPU OPPs from RK3576 Alistair Francis (1): nvmet-auth: update sc_c in target host hash calculation Andrea Righi (1): sched_ext: Fix scx_kick_pseqs corruption on concurrent scheduler loads Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Ankit Nautiyal (2): Revert "drm/i915/dp: Reject HBR3 when sink doesn't support TPS4" drm/i915/dp: Add device specific quirk to limit eDP rate to HBR2 Anthony Wong (1): platform/x86: alienware-wmi-wmax: Add AWCC support to Alienware 16 Aurora Armin Wolf (2): platform/x86: msi-wmi-platform: Only load on MSI devices platform/x86: msi-wmi-platform: Fix typo in WMI GUID Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Bartosz Golaszewski (1): gpio: cdev: make sure the cdev fd is still active before emitting events Bibo Mao (1): LoongArch: Fix NUMA node parsing with numa_memblks Bitterblue Smith (1): wifi: rtw89: hw_scan: Don't let the operating channel be last Borislav Petkov (AMD) (2): x86/microcode/AMD: Limit Entrysign signature checking to known generations x86/CPU/AMD: Extend Zen6 model range Carlos Llamas (1): blk-crypto: use BLK_STS_INVAL for alignment errors Charlene Liu (1): drm/amd/display: Insert dccg log for easy debug Charles Keepax (1): Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" Chen Pei (1): tools: riscv: Fixed misalignment of CSR related definitions Chen-Yu Tsai (2): clk: sunxi-ng: sun55i-a523-r-ccu: Mark bus-r-dma as critical clk: sunxi-ng: sun55i-a523-ccu: Lower audio0 pll minimum rate Dan Carpenter (2): mtdchar: fix integer overflow in read/write ioctls Input: imx_sc_key - fix memory corruption on unload Dapeng Mi (1): perf: Fix 0 count issue of cpu-clock Darrick J. Wong (1): xfs: fix out of bounds memory read error in symlink repair Diederik de Haas (1): arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Diogo Ivo (1): Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Dnyaneshwar Bhadane (4): drm/i915/xe3lpd: Load DMC for Xe3_LPD version 30.02 drm/pcids: Split PTL pciids group to make wcl subplatform drm/i915/display: Add definition for wcl as subplatform drm/i915/xe3: Restrict PTL intel_encoder_is_c10phy() to only PHY A Emil Tantilov (1): idpf: fix possible vport_config NULL pointer deref in remove Emil Tsalapatis (2): sched_ext: defer queue_balance_callback() until after ops.dispatch sched_ext: fix flag check for deferred callbacks Eren Demir (1): ALSA: hda/realtek: Fix mute led for HP Victus 15-fa1xxx (MB 8C2D) Eric Dumazet (2): mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Ewan D. Milne (2): nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Fangzhi Zuo (2): drm/amd/display: Fix pbn to kbps Conversion drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Filipe Manana (1): btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name Gang Yan (1): mptcp: fix address removal logic in mptcp_pm_nl_rm_addr Greg Kroah-Hartman (1): Linux 6.17.10 Grzegorz Nitka (1): ice: fix PTP cleanup on driver removal in error path Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hans de Goede (1): Input: goodix - add support for ACPI ID GDIX1003 Haotian Zhang (2): pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Heiko Carstens (1): s390/mm: Fix __ptep_rdp() inline assembly Henrique Carvalho (2): smb: client: introduce close_cached_dir_locked() smb: client: fix incomplete backport in cfids_invalidation_worker() Huacai Chen (1): LoongArch: Don't panic if no valid cache info for PCI Ido Schimmel (1): selftests: net: lib: Do not overwrite error messages Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Imre Deak (1): drm/i915/dp_mst: Disable Panel Replay Ivan Lipski (1): drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 J-Donald Tournier (1): ALSA: hda/realtek: Add quirk for Lenovo Yoga 7 2-in-1 14AKP10 Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jared Kangas (2): pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jari Ruusu (1): tty/vt: fix up incorrect backport to stable releases Jens Axboe (1): io_uring/cmd_net: fix wrong argument types for skb_queue_splice() Jernej Skrabec (1): clk: sunxi-ng: Mark A523 bus-r-cpucfg clock as critical Jesper Dangaard Brouer (1): veth: more robust handing of race to avoid txq getting stuck Jiaming Zhang (1): net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() Jianbo Liu (3): xfrm: Check inner packet family directly from skb_dst xfrm: Determine inner GSO type from packet inner protocol xfrm: Prevent locally generated packets from direct output in tunnel mode Jiayuan Chen (2): mptcp: Disallow MPTCP subflows from sockmap mptcp: Fix proto fallback detection with BPF Jouni Högander (1): drm/i915/psr: Check drm_dp_dpcd_read return value on PSR dpcd init Kiryl Shutsemau (1): mm/truncate: unmap large folio on split failure Krzysztof Kozlowski (1): dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Kuniyuki Iwashima (1): af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Kurt Borja (4): platform/x86: alienware-wmi-wmax: Fix "Alienware m16 R1 AMD" quirk order platform/x86: alienware-wmi-wmax: Add support for the whole "M" family platform/x86: alienware-wmi-wmax: Add support for the whole "X" family platform/x86: alienware-wmi-wmax: Add support for the whole "G" family Laurentiu Mihalcea (1): reset: imx8mp-audiomix: Fix bad mask values Lorenzo Bianconi (2): net: airoha: Add wlan flowtable TX offload net: airoha: Do not loopback traffic to GDM2 if it is available on the device Louis-Alexis Eyraud (2): pinctrl: mediatek: mt8196: align register base names to dt-bindings ones pinctrl: mediatek: mt8189: align register base names to dt-bindings ones Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki (1): MIPS: Malta: Fix !EVA SOC-it PCI MMIO Malaya Kumar Rout (1): timekeeping: Fix resource leak in tk_aux_sysfs_init() error paths Marcelo Moreira (1): xfs: Replace strncpy with memcpy Mario Limonciello (1): drm/amd: Skip power ungate during suspend for VPE Mario Limonciello (AMD) (3): HID: amd_sfh: Stop sensor before starting drm/amd/display: Increase DPCD read retries drm/amd/display: Move sleep into each retry for retrieve_link_cap() Matt Roper (1): drm/xe/kunit: Fix forcewake assertion in mocs test Matthieu Baerts (NGI0) (2): selftests: mptcp: join: endpoints: longer timeout selftests: mptcp: join: userspace: longer timeout Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Yuan (1): shmem: fix tmpfs reconfiguration (remount) when noswap is set Mykola Kvach (1): arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Nam Cao (1): nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niravkumar L Rabara (1): mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Nitin Rawat (1): scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) Oleksij Rempel (1): net: dsa: microchip: lan937x: Fix RGMII delay tuning Paolo Abeni (6): mptcp: fix ack generation for fallback msk mptcp: fix duplicate reset on fastclose mptcp: fix premature close in case of fallback mptcp: avoid unneeded subflow-level drops mptcp: decouple mptcp fastclose from tcp close mptcp: do not fallback when OoO is present Pasha Tatashin (1): lib/test_kho: check if KHO is enabled Paulo Alcantara (1): smb: client: handle lack of IPC in dfs_cache_refresh() Pavel Zhigulin (3): net: dsa: hellcreek: fix missing error handling in LED registration net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Po-Hsu Lin (1): selftests: net: use BASH for bareudp testing Pradyumn Rahar (1): net/mlx5: Clean up only new IRQ glue on request_irq() failure Prateek Agarwal (1): drm/tegra: Add call to put_pid() Quentin Schulz (2): arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 arm64: dts: rockchip: disable HS400 on RK3588 Tiger Rafael J. Wysocki (1): PM: sleep: core: Fix runtime PM enabling in device_resume_early() Rafał Miłecki (1): bcma: don't register devices disabled in OF Randy Dunlap (1): platform/x86: intel-uncore-freq: fix all header kernel-doc warnings René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Rob Clark (1): drm/msm: Fix pgtable prealloc error path Robert McClinton (1): drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Sabrina Dubroca (4): xfrm: drop SA reference in xfrm_state_update if dir doesn't match xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added xfrm: call xfrm_dev_state_delete when xfrm_state_migrate fails to add the state xfrm: set err and extack on failure to create pcpu SA Saket Kumar Bhaskar (1): sched_ext: Fix scx_enable() crash on helper kthread creation failure Samuel Zhang (1): drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Sathishkumar S (2): drm/amdgpu/jpeg: Move parse_cs to amdgpu_jpeg.c drm/amdgpu/jpeg: Add parse_cs for JPEG5_0_1 Sebastian Ene (1): KVM: arm64: Check the untrusted offset in FF-A memory share Seungjin Bae (1): Input: pegasus-notetaker - fix potential out-of-bounds access Shahar Shitrit (2): net: tls: Change async resync helpers argument net: tls: Cancel RX async resync request on rcd_delta overflow Shaurya Rane (1): cifs: fix memory leak in smb3_fs_context_parse_param error path Shay Drory (1): devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Shin'ichiro Kawasaki (1): nvme-multipath: fix lockdep WARN due to partition scan work Shuicheng Lin (1): drm/xe: Prevent BIT() overflow when handling invalid prefetch region Shuming Fan (1): ASoC: rt721: fix prepare clock stop failed Sidharth Seela (1): selftests: cachestat: Fix warning on declaration under label Stephen Smalley (2): selinux: rename task_security_struct to cred_security_struct selinux: move avdcache to per-task security struct Steve French (1): cifs: fix typo in enable_gcm_256 module parameter Tejun Heo (1): sched_ext: Allocate scx_kick_cpus_pnt_seqs lazily using kvzalloc() Thomas Bogendoerfer (1): MIPS: kernel: Fix random segmentation faults Thomas Weißschuh (1): LoongArch: Use UAPI types in ptrace UAPI header Tony Luck (1): ACPI: APEI: EINJ: Fix EINJV2 initialization and injection Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Venkata Ramana Nayana (1): drm/xe/irq: Handle msix vector0 interrupt Ville Syrjälä (1): drm/plane: Fix create_in_format_blob() return value Vincent Li (1): LoongArch: BPF: Disable trampoline for kernel module function trace Vlastimil Babka (1): mm/mempool: fix poisoning order>0 pages with HIGHMEM Wei Fang (1): net: phylink: add missing supported link modes for the fixed-link Wen Yang (1): tick/sched: Fix bogus condition in report_idle_softirq() Yifan Zha (1): drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Yihang Li (1): ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Yipeng Zou (1): timers: Fix NULL function pointer race in timer_shutdown_sync() Yongpeng Yang (4): vfat: fix missing sb_min_blocksize() return value checks xfs: check the return value of sb_min_blocksize() in xfs_fs_fill_super isofs: check the return value of sb_min_blocksize() in isofs_fill_super exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Yosry Ahmed (1): KVM: SVM: Fix redundant updates of LBR MSR intercepts Yu-Chun Lin (1): pinctrl: realtek: Select REGMAP_MMIO for RTD driver Zhang Chujun (1): tracing/tools: Fix incorrcet short option in usage text for --threads Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zhen Ni (1): fs: Fix uninitialized 'offp' in statmount_string() Zilin Guan (1): mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() dongsheng (1): perf/x86/intel/uncore: Add uncore PMU support for Wildcat Lake

5 days

1
1
0 0

Linux 6.12.60

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.60 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +-- Documentation/wmi/driver-development-guide.rst | 1 Makefile | 2 arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 arch/arm64/kvm/hyp/nvhe/ffa.c | 9 - arch/arm64/kvm/sys_regs.c | 61 +++---- arch/loongarch/include/uapi/asm/ptrace.h | 40 ++-- arch/loongarch/pci/pci.c | 8 arch/mips/mti-malta/malta-init.c | 20 +- arch/s390/include/asm/pgtable.h | 12 - arch/s390/mm/pgtable.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 20 ++ block/blk-crypto.c | 2 drivers/ata/libata-scsi.c | 11 + drivers/bcma/main.c | 6 drivers/gpio/gpiolib-swnode.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 ++----- drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 20 +- drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 60 +++++-- drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 +- drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 11 - drivers/gpu/drm/i915/display/intel_psr.c | 4 drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 drivers/gpu/drm/radeon/radeon_fence.c | 7 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tegra/dsi.c | 9 - drivers/gpu/drm/tegra/uapi.c | 7 drivers/gpu/drm/xe/xe_vm.c | 4 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 drivers/hid/hid-ids.h | 4 drivers/hid/hid-quirks.c | 13 + drivers/infiniband/hw/irdma/Kconfig | 7 drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/tablet/pegasus_notetaker.c | 9 + drivers/input/touchscreen/goodix.c | 1 drivers/mtd/mtdchar.c | 6 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 + drivers/net/dsa/microchip/lan937x_main.c | 1 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/intel/ice/ice_ptp.c | 22 ++ drivers/net/ethernet/intel/idpf/idpf_main.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 - drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 drivers/net/ethernet/ti/netcp_core.c | 10 - drivers/nvme/host/fc.c | 15 - drivers/nvme/host/multipath.c | 2 drivers/perf/riscv_pmu_sbi.c | 2 drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 23 ++ drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 drivers/pinctrl/realtek/Kconfig | 1 drivers/platform/x86/Kconfig | 1 drivers/platform/x86/intel/speed_select_if/isst_if_mmio.c | 4 drivers/platform/x86/msi-wmi-platform.c | 43 ++++- drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/sg.c | 10 + drivers/soc/ti/knav_dma.c | 14 - drivers/target/loopback/tcm_loop.c | 3 drivers/tty/vt/vt_ioctl.c | 4 fs/exfat/super.c | 5 fs/isofs/inode.c | 5 fs/smb/client/cached_dir.c | 43 ++++- fs/smb/client/cifsfs.c | 2 fs/smb/client/fs_context.c | 4 fs/xfs/scrub/symlink_repair.c | 4 include/linux/ata.h | 1 include/net/tls.h | 25 +- include/net/xfrm.h | 3 kernel/time/timer.c | 7 lib/maple_tree.c | 30 +-- mm/mempool.c | 32 +++ mm/shmem.c | 15 - net/devlink/rate.c | 4 net/ipv4/esp4_offload.c | 6 net/ipv6/esp6_offload.c | 6 net/mptcp/options.c | 54 ++++++ net/mptcp/pm_netlink.c | 20 +- net/mptcp/protocol.c | 84 ++++++---- net/mptcp/protocol.h | 3 net/mptcp/subflow.c | 8 net/openvswitch/actions.c | 68 -------- net/openvswitch/flow_netlink.c | 64 ------- net/openvswitch/flow_netlink.h | 2 net/tls/tls_device.c | 4 net/unix/af_unix.c | 36 ++-- net/vmw_vsock/af_vsock.c | 40 +++- net/xfrm/xfrm_output.c | 6 net/xfrm/xfrm_state.c | 8 net/xfrm/xfrm_user.c | 5 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/usb/endpoint.c | 3 sound/usb/mixer.c | 2 tools/arch/riscv/include/asm/csr.h | 5 tools/testing/selftests/net/bareudp.sh | 2 tools/testing/selftests/net/forwarding/lib_sh_test.sh | 7 tools/testing/selftests/net/lib.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 +- tools/tracing/latency/latency-collector.c | 2 112 files changed, 850 insertions(+), 522 deletions(-) Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Armin Wolf (2): platform/x86: msi-wmi-platform: Only load on MSI devices platform/x86: msi-wmi-platform: Fix typo in WMI GUID Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Borislav Petkov (AMD) (1): x86/microcode/AMD: Limit Entrysign signature checking to known generations Carlos Llamas (1): blk-crypto: use BLK_STS_INVAL for alignment errors Charlene Liu (3): drm/amd/display: avoid reset DTBCLK at clock init drm/amd/display: disable DPP RCG before DPP CLK enable drm/amd/display: Insert dccg log for easy debug Charles Keepax (1): Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" Chen Pei (1): tools: riscv: Fixed misalignment of CSR related definitions Dan Carpenter (2): mtdchar: fix integer overflow in read/write ioctls Input: imx_sc_key - fix memory corruption on unload Darrick J. Wong (1): xfs: fix out of bounds memory read error in symlink repair Diederik de Haas (1): arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Diogo Ivo (1): Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Emil Tantilov (1): idpf: fix possible vport_config NULL pointer deref in remove Eric Dumazet (2): mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Ewan D. Milne (2): nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Fangzhi Zuo (2): drm/amd/display: Fix pbn to kbps Conversion drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Greg Kroah-Hartman (1): Linux 6.12.60 Grzegorz Nitka (1): ice: fix PTP cleanup on driver removal in error path Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hans de Goede (1): Input: goodix - add support for ACPI ID GDIX1003 Haotian Zhang (2): pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Heiko Carstens (1): s390/mm: Fix __ptep_rdp() inline assembly Henrique Carvalho (2): smb: client: introduce close_cached_dir_locked() smb: client: fix incomplete backport in cfids_invalidation_worker() Huacai Chen (1): LoongArch: Don't panic if no valid cache info for PCI Ido Schimmel (1): selftests: net: lib: Do not overwrite error messages Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Imre Deak (1): drm/i915/dp_mst: Disable Panel Replay Ivan Lipski (1): drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jared Kangas (2): pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jari Ruusu (1): tty/vt: fix up incorrect backport to stable releases Jianbo Liu (2): xfrm: Determine inner GSO type from packet inner protocol xfrm: Prevent locally generated packets from direct output in tunnel mode Jiayuan Chen (2): mptcp: Disallow MPTCP subflows from sockmap mptcp: Fix proto fallback detection with BPF Krzysztof Kozlowski (1): dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Kuniyuki Iwashima (2): af_unix: Cache state->msg in unix_stream_read_generic(). af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki (1): MIPS: Malta: Fix !EVA SOC-it PCI MMIO Marc Zyngier (1): KVM: arm64: Make all 32bit ID registers fully writable Marcelo Moreira (1): xfs: Replace strncpy with memcpy Mario Limonciello (1): drm/amd: Skip power ungate during suspend for VPE Mario Limonciello (AMD) (3): HID: amd_sfh: Stop sensor before starting drm/amd/display: Increase DPCD read retries drm/amd/display: Move sleep into each retry for retrieve_link_cap() Martin Kaiser (1): maple_tree: fix tracepoint string pointers Matthieu Baerts (NGI0) (2): selftests: mptcp: join: endpoints: longer timeout selftests: mptcp: join: userspace: longer timeout Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Yuan (1): shmem: fix tmpfs reconfiguration (remount) when noswap is set Mykola Kvach (1): arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Nam Cao (1): nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niravkumar L Rabara (1): mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Oleksij Rempel (1): net: dsa: microchip: lan937x: Fix RGMII delay tuning Paolo Abeni (6): mptcp: fix ack generation for fallback msk mptcp: fix duplicate reset on fastclose mptcp: fix premature close in case of fallback mptcp: avoid unneeded subflow-level drops mptcp: decouple mptcp fastclose from tcp close mptcp: do not fallback when OoO is present Pavel Zhigulin (3): net: dsa: hellcreek: fix missing error handling in LED registration net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Po-Hsu Lin (1): selftests: net: use BASH for bareudp testing Pradyumn Rahar (1): net/mlx5: Clean up only new IRQ glue on request_irq() failure Prateek Agarwal (1): drm/tegra: Add call to put_pid() Quentin Schulz (2): arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 arm64: dts: rockchip: disable HS400 on RK3588 Tiger Rafał Miłecki (1): bcma: don't register devices disabled in OF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Robert McClinton (1): drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Sabrina Dubroca (2): xfrm: drop SA reference in xfrm_state_update if dir doesn't match xfrm: set err and extack on failure to create pcpu SA Samuel Zhang (1): drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Sebastian Ene (1): KVM: arm64: Check the untrusted offset in FF-A memory share Seungjin Bae (1): Input: pegasus-notetaker - fix potential out-of-bounds access Shahar Shitrit (2): net: tls: Change async resync helpers argument net: tls: Cancel RX async resync request on rcd_delta overflow Shaurya Rane (1): cifs: fix memory leak in smb3_fs_context_parse_param error path Shay Drory (1): devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Shin'ichiro Kawasaki (1): nvme-multipath: fix lockdep WARN due to partition scan work Shuicheng Lin (1): drm/xe: Prevent BIT() overflow when handling invalid prefetch region Steve French (1): cifs: fix typo in enable_gcm_256 module parameter Takashi Iwai (1): ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Thomas Weißschuh (1): LoongArch: Use UAPI types in ptrace UAPI header Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Vlastimil Babka (1): mm/mempool: fix poisoning order>0 pages with HIGHMEM Wentao Guan (1): Revert "RDMA/irdma: Update Kconfig" Yifan Zha (1): drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Yihang Li (1): ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Yipeng Zou (1): timers: Fix NULL function pointer race in timer_shutdown_sync() Yongpeng Yang (2): isofs: check the return value of sb_min_blocksize() in isofs_fill_super exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Yu-Chun Lin (1): pinctrl: realtek: Select REGMAP_MMIO for RTD driver Zhang Chujun (1): tracing/tools: Fix incorrcet short option in usage text for --threads Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zilin Guan (1): mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()

5 days

1
1
0 0

Linux 6.6.118

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.118 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +-- Makefile | 2 arch/arm64/kvm/hyp/nvhe/ffa.c | 9 - arch/loongarch/include/uapi/asm/ptrace.h | 40 ++--- arch/loongarch/pci/pci.c | 8 - arch/mips/mti-malta/malta-init.c | 20 +- arch/s390/include/asm/pgtable.h | 12 - arch/s390/mm/pgtable.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 20 ++ drivers/ata/libata-scsi.c | 11 + drivers/bcma/main.c | 6 drivers/firmware/arm_scmi/scmi_pm_domain.c | 13 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_capability.c | 11 - drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 drivers/gpu/drm/tegra/dc.c | 1 drivers/gpu/drm/tegra/dsi.c | 9 - drivers/gpu/drm/tegra/uapi.c | 7 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 drivers/hid/hid-ids.h | 4 drivers/hid/hid-quirks.c | 13 + drivers/input/keyboard/cros_ec_keyb.c | 6 drivers/input/keyboard/imx_sc_key.c | 2 drivers/input/tablet/pegasus_notetaker.c | 9 + drivers/input/touchscreen/goodix.c | 1 drivers/mtd/mtdchar.c | 6 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 + drivers/net/dsa/microchip/lan937x_main.c | 1 drivers/net/ethernet/emulex/benet/be_main.c | 7 drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 drivers/net/ethernet/mellanox/mlxsw/core_linecards.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 drivers/net/ethernet/ti/netcp_core.c | 10 - drivers/nvme/host/fc.c | 15 +- drivers/nvme/host/multipath.c | 2 drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 23 ++- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 drivers/platform/x86/intel/speed_select_if/isst_if_mmio.c | 4 drivers/pmdomain/imx/gpc.c | 22 +- drivers/s390/net/ctcm_mpc.c | 1 drivers/scsi/hosts.c | 5 drivers/scsi/sg.c | 10 + drivers/soc/ti/knav_dma.c | 14 - drivers/target/loopback/tcm_loop.c | 3 drivers/uio/uio_hv_generic.c | 21 ++ fs/exfat/super.c | 5 fs/f2fs/compress.c | 74 +++++----- fs/f2fs/f2fs.h | 2 fs/smb/client/cached_dir.c | 43 +++++ fs/smb/client/cifsfs.c | 2 fs/smb/client/fs_context.c | 4 include/linux/array_size.h | 13 + include/linux/ata.h | 1 include/linux/kernel.h | 7 include/linux/string.h | 1 include/net/tls.h | 6 include/net/xfrm.h | 3 kernel/bpf/trampoline.c | 4 kernel/kexec_core.c | 2 kernel/time/timer.c | 7 kernel/trace/ftrace.c | 20 +- lib/maple_tree.c | 32 ++-- mm/mempool.c | 32 +++- mm/shmem.c | 15 -- net/devlink/rate.c | 4 net/ipv4/esp4_offload.c | 6 net/ipv6/esp6_offload.c | 6 net/mptcp/options.c | 54 +++++++ net/mptcp/pm_netlink.c | 20 +- net/mptcp/protocol.c | 48 ++++-- net/mptcp/protocol.h | 3 net/mptcp/subflow.c | 8 + net/openvswitch/actions.c | 68 --------- net/openvswitch/flow_netlink.c | 64 +------- net/openvswitch/flow_netlink.h | 2 net/tls/tls_device.c | 4 net/vmw_vsock/af_vsock.c | 40 ++++- net/wireless/reg.c | 5 net/xfrm/xfrm_output.c | 6 scripts/kconfig/mconf.c | 3 scripts/kconfig/nconf.c | 3 sound/usb/mixer.c | 2 tools/testing/selftests/net/bareudp.sh | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 8 - tools/tracing/latency/latency-collector.c | 2 87 files changed, 650 insertions(+), 406 deletions(-) Alejandro Colomar (1): kernel.h: Move ARRAY_SIZE() to a separate header Aleksei Nikiforov (1): s390/ctcm: Fix double-kfree Alexander Wetzel (1): wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Andrey Vatoropin (1): be2net: pass wrb_params in case of OS2BMC Bart Van Assche (2): scsi: sg: Do not sleep in atomic context scsi: core: Fix a regression triggered by scsi_host_busy() Borislav Petkov (AMD) (1): x86/microcode/AMD: Limit Entrysign signature checking to known generations Dan Carpenter (2): mtdchar: fix integer overflow in read/write ioctls Input: imx_sc_key - fix memory corruption on unload Diogo Ivo (1): Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Eric Dumazet (2): mptcp: fix race condition in mptcp_schedule_work() mptcp: fix a race in mptcp_pm_del_add_timer() Ewan D. Milne (2): nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Fabio M. De Francesco (1): mm/mempool: replace kmap_atomic() with kmap_local_page() Greg Kroah-Hartman (1): Linux 6.6.118 Hamza Mahfooz (1): scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Hans de Goede (1): Input: goodix - add support for ACPI ID GDIX1003 Haotian Zhang (2): pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Heiko Carstens (1): s390/mm: Fix __ptep_rdp() inline assembly Henrique Carvalho (2): smb: client: introduce close_cached_dir_locked() smb: client: fix incomplete backport in cfids_invalidation_worker() Huacai Chen (1): LoongArch: Don't panic if no valid cache info for PCI Ilya Maximets (1): net: openvswitch: remove never-working support for setting nsh fields Jakub Horký (2): kconfig/mconf: Initialize the default locale at startup kconfig/nconf: Initialize the default locale at startup Jared Kangas (2): pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jianbo Liu (2): xfrm: Determine inner GSO type from packet inner protocol xfrm: Prevent locally generated packets from direct output in tunnel mode Jiayuan Chen (2): mptcp: Disallow MPTCP subflows from sockmap mptcp: Fix proto fallback detection with BPF Krzysztof Kozlowski (1): dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Long Li (1): uio_hv_generic: Set event for all channels on the device Ma Ke (1): drm/tegra: dc: Fix reference leak in tegra_dc_couple() Maciej W. Rozycki (1): MIPS: Malta: Fix !EVA SOC-it PCI MMIO Mario Limonciello (AMD) (3): drm/amd/display: Increase DPCD read retries drm/amd/display: Move sleep into each retry for retrieve_link_cap() HID: amd_sfh: Stop sensor before starting Martin Kaiser (1): maple_tree: fix tracepoint string pointers Matthieu Baerts (NGI0) (1): selftests: mptcp: join: endpoints: longer transfer Miaoqian Lin (1): pmdomain: imx: Fix reference count leak in imx_gpc_remove Michal Luczaj (1): vsock: Ignore signal/timeout on connect() if already established Mike Yuan (1): shmem: fix tmpfs reconfiguration (remount) when noswap is set Nam Cao (1): nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Niklas Cassel (1): ata: libata-scsi: Fix system suspend for a security locked drive Niravkumar L Rabara (1): mtd: rawnand: cadence: fix DMA device NULL pointer dereference Nishanth Menon (1): net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Oleksij Rempel (1): net: dsa: microchip: lan937x: Fix RGMII delay tuning Paolo Abeni (5): mptcp: fix ack generation for fallback msk mptcp: fix premature close in case of fallback mptcp: avoid unneeded subflow-level drops mptcp: decouple mptcp fastclose from tcp close mptcp: do not fallback when OoO is present Pavel Zhigulin (3): net: dsa: hellcreek: fix missing error handling in LED registration net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Po-Hsu Lin (1): selftests: net: use BASH for bareudp testing Pradyumn Rahar (1): net/mlx5: Clean up only new IRQ glue on request_irq() failure Prateek Agarwal (1): drm/tegra: Add call to put_pid() Rafał Miłecki (1): bcma: don't register devices disabled in OF René Rebe (1): ALSA: usb-audio: fix uac2 clock source at terminal parser Sebastian Ene (1): KVM: arm64: Check the untrusted offset in FF-A memory share Seungjin Bae (1): Input: pegasus-notetaker - fix potential out-of-bounds access Shahar Shitrit (1): net: tls: Cancel RX async resync request on rcd_delta overflow Shaurya Rane (1): cifs: fix memory leak in smb3_fs_context_parse_param error path Shay Drory (1): devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Shin'ichiro Kawasaki (1): nvme-multipath: fix lockdep WARN due to partition scan work Song Liu (1): ftrace: Fix BPF fexit with livepatch Sourabh Jain (1): crash: fix crashkernel resource shrink Steve French (1): cifs: fix typo in enable_gcm_256 module parameter Sudeep Holla (1): pmdomain: arm: scmi: Fix genpd leak on provider registration failure Thomas Weißschuh (1): LoongArch: Use UAPI types in ptrace UAPI header Tzung-Bi Shih (1): Input: cros_ec_keyb - fix an invalid memory access Uwe Kleine-König (1): pmdomain: imx-gpc: Convert to platform remove callback returning void Vlastimil Babka (1): mm/mempool: fix poisoning order>0 pages with HIGHMEM Yifan Zha (1): drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Yihang Li (1): ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Yipeng Zou (1): timers: Fix NULL function pointer race in timer_shutdown_sync() Yongpeng Yang (1): exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Zhang Chujun (1): tracing/tools: Fix incorrcet short option in usage text for --threads Zhang Heng (1): HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Zhiguo Niu (2): f2fs: compress: change the first parameter of page_array_{alloc,free} to sbi f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic Zilin Guan (1): mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()

5 days

1
1
0 0

[PATCH] powerpc/64s/radix/kfence: map __kfence_pool at page granularity

by Aboorva Devarajan

From: Hari Bathini <hbathini(a)linux.ibm.com> When KFENCE is enabled, total system memory is mapped at page level granularity. But in radix MMU mode, ~3GB additional memory is needed to map 100GB of system memory at page level granularity when compared to using 2MB direct mapping.This is not desired considering KFENCE is designed to be enabled in production kernels [1]. Mapping only the memory allocated for KFENCE pool at page granularity is sufficient to enable KFENCE support. So, allocate __kfence_pool during bootup and map it at page granularity instead of mapping all system memory at page granularity. Without patch: # cat /proc/meminfo MemTotal: 101201920 kB With patch: # cat /proc/meminfo MemTotal: 104483904 kB Note that enabling KFENCE at runtime is disabled for radix MMU for now, as it depends on the ability to split page table mappings and such APIs are not currently implemented for radix MMU. All kfence_test.c testcases passed with this patch. [1] https://lore.kernel.org/all/20201103175841.3495947-2-elver@google.com/ Fixes: a5edf9815dd7 ("powerpc/64s: Enable KFENCE on book3s64") Cc: stable(a)vger.kernel.org Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Aboorva Devarajan <aboorvad(a)linux.ibm.com> Link: https://msgid.link/20240701130021.578240-1-hbathini@linux.ibm.com --- Upstream commit 353d7a84c214 ("powerpc/64s/radix/kfence: map __kfence_pool at page granularity") This has already been merged upstream and is required in stable kernels as well. --- arch/powerpc/include/asm/kfence.h | 11 +++- arch/powerpc/mm/book3s64/radix_pgtable.c | 84 ++++++++++++++++++++++-- arch/powerpc/mm/init-common.c | 3 + 3 files changed, 93 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/kfence.h b/arch/powerpc/include/asm/kfence.h index 424ceef82ae615..fab124ada1c7f2 100644 --- a/arch/powerpc/include/asm/kfence.h +++ b/arch/powerpc/include/asm/kfence.h @@ -15,10 +15,19 @@ #define ARCH_FUNC_PREFIX "." #endif +#ifdef CONFIG_KFENCE +extern bool kfence_disabled; + +static inline void disable_kfence(void) +{ + kfence_disabled = true; +} + static inline bool arch_kfence_init_pool(void) { - return true; + return !kfence_disabled; } +#endif #ifdef CONFIG_PPC64 static inline bool kfence_protect_page(unsigned long addr, bool protect) diff --git a/arch/powerpc/mm/book3s64/radix_pgtable.c b/arch/powerpc/mm/book3s64/radix_pgtable.c index 15e88f1439ec20..b0d927009af83c 100644 --- a/arch/powerpc/mm/book3s64/radix_pgtable.c +++ b/arch/powerpc/mm/book3s64/radix_pgtable.c @@ -17,6 +17,7 @@ #include <linux/hugetlb.h> #include <linux/string_helpers.h> #include <linux/memory.h> +#include <linux/kfence.h> #include <asm/pgalloc.h> #include <asm/mmu_context.h> @@ -31,6 +32,7 @@ #include <asm/uaccess.h> #include <asm/ultravisor.h> #include <asm/set_memory.h> +#include <asm/kfence.h> #include <trace/events/thp.h> @@ -293,7 +295,8 @@ static unsigned long next_boundary(unsigned long addr, unsigned long end) static int __meminit create_physical_mapping(unsigned long start, unsigned long end, - int nid, pgprot_t _prot) + int nid, pgprot_t _prot, + unsigned long mapping_sz_limit) { unsigned long vaddr, addr, mapping_size = 0; bool prev_exec, exec = false; @@ -301,7 +304,10 @@ static int __meminit create_physical_mapping(unsigned long start, int psize; unsigned long max_mapping_size = memory_block_size; - if (debug_pagealloc_enabled_or_kfence()) + if (mapping_sz_limit < max_mapping_size) + max_mapping_size = mapping_sz_limit; + + if (debug_pagealloc_enabled()) max_mapping_size = PAGE_SIZE; start = ALIGN(start, PAGE_SIZE); @@ -356,8 +362,74 @@ static int __meminit create_physical_mapping(unsigned long start, return 0; } +#ifdef CONFIG_KFENCE +static bool __ro_after_init kfence_early_init = !!CONFIG_KFENCE_SAMPLE_INTERVAL; + +static int __init parse_kfence_early_init(char *arg) +{ + int val; + + if (get_option(&arg, &val)) + kfence_early_init = !!val; + return 0; +} +early_param("kfence.sample_interval", parse_kfence_early_init); + +static inline phys_addr_t alloc_kfence_pool(void) +{ + phys_addr_t kfence_pool; + + /* + * TODO: Support to enable KFENCE after bootup depends on the ability to + * split page table mappings. As such support is not currently + * implemented for radix pagetables, support enabling KFENCE + * only at system startup for now. + * + * After support for splitting mappings is available on radix, + * alloc_kfence_pool() & map_kfence_pool() can be dropped and + * mapping for __kfence_pool memory can be + * split during arch_kfence_init_pool(). + */ + if (!kfence_early_init) + goto no_kfence; + + kfence_pool = memblock_phys_alloc(KFENCE_POOL_SIZE, PAGE_SIZE); + if (!kfence_pool) + goto no_kfence; + + memblock_mark_nomap(kfence_pool, KFENCE_POOL_SIZE); + return kfence_pool; + +no_kfence: + disable_kfence(); + return 0; +} + +static inline void map_kfence_pool(phys_addr_t kfence_pool) +{ + if (!kfence_pool) + return; + + if (create_physical_mapping(kfence_pool, kfence_pool + KFENCE_POOL_SIZE, + -1, PAGE_KERNEL, PAGE_SIZE)) + goto err; + + memblock_clear_nomap(kfence_pool, KFENCE_POOL_SIZE); + __kfence_pool = __va(kfence_pool); + return; + +err: + memblock_phys_free(kfence_pool, KFENCE_POOL_SIZE); + disable_kfence(); +} +#else +static inline phys_addr_t alloc_kfence_pool(void) { return 0; } +static inline void map_kfence_pool(phys_addr_t kfence_pool) { } +#endif + static void __init radix_init_pgtable(void) { + phys_addr_t kfence_pool; unsigned long rts_field; phys_addr_t start, end; u64 i; @@ -365,6 +437,8 @@ static void __init radix_init_pgtable(void) /* We don't support slb for radix */ slb_set_size(0); + kfence_pool = alloc_kfence_pool(); + /* * Create the linear mapping */ @@ -381,9 +455,11 @@ static void __init radix_init_pgtable(void) } WARN_ON(create_physical_mapping(start, end, - -1, PAGE_KERNEL)); + -1, PAGE_KERNEL, ~0UL)); } + map_kfence_pool(kfence_pool); + if (!cpu_has_feature(CPU_FTR_HVMODE) && cpu_has_feature(CPU_FTR_P9_RADIX_PREFETCH_BUG)) { /* @@ -875,7 +951,7 @@ int __meminit radix__create_section_mapping(unsigned long start, } return create_physical_mapping(__pa(start), __pa(end), - nid, prot); + nid, prot, ~0UL); } int __meminit radix__remove_section_mapping(unsigned long start, unsigned long end) diff --git a/arch/powerpc/mm/init-common.c b/arch/powerpc/mm/init-common.c index d3a7726ecf512c..21131b96d20901 100644 --- a/arch/powerpc/mm/init-common.c +++ b/arch/powerpc/mm/init-common.c @@ -31,6 +31,9 @@ EXPORT_SYMBOL_GPL(kernstart_virt_addr); bool disable_kuep = !IS_ENABLED(CONFIG_PPC_KUEP); bool disable_kuap = !IS_ENABLED(CONFIG_PPC_KUAP); +#ifdef CONFIG_KFENCE +bool __ro_after_init kfence_disabled; +#endif static int __init parse_nosmep(char *p) {

5 days, 1 hour

2
3
0 0

[PATCH 6.12 000/112] 6.12.60-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.60 release. There are 112 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 29 Nov 2025 14:40:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.60-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.60-rc1 Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: Insert dccg log for easy debug Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: disable DPP RCG before DPP CLK enable Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: avoid reset DTBCLK at clock init Darrick J. Wong <djwong(a)kernel.org> xfs: fix out of bounds memory read error in symlink repair Marcelo Moreira <marcelomoreira1905(a)gmail.com> xfs: Replace strncpy with memcpy Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Disable Panel Replay Martin Kaiser <martin(a)kaiser.cx> maple_tree: fix tracepoint string pointers Jari Ruusu <jariruusu(a)protonmail.com> tty/vt: fix up incorrect backport to stable releases Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix incomplete backport in cfids_invalidation_worker() Samuel Zhang <guoqing.zhang(a)amd.com> drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix __ptep_rdp() inline assembly Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Prevent BIT() overflow when handling invalid prefetch region Wentao Guan <guanwentao(a)uniontech.com> Revert "RDMA/irdma: Update Kconfig" Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make all 32bit ID registers fully writable Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Carlos Llamas <cmllamas(a)google.com> blk-crypto: use BLK_STS_INVAL for alignment errors Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Change async resync helpers argument Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Limit Entrysign signature checking to known generations Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> cifs: fix memory leak in smb3_fs_context_parse_param error path Thomas Weißschuh <linux(a)weissschuh.net> LoongArch: Use UAPI types in ptrace UAPI header Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Cache state->msg in unix_stream_read_generic(). Pradyumn Rahar <pradyumn.rahar(a)oracle.com> net/mlx5: Clean up only new IRQ glue on request_irq() failure Shay Drory <shayd(a)nvidia.com> devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix PTP cleanup on driver removal in error path Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix possible vport_config NULL pointer deref in remove Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Ido Schimmel <idosch(a)nvidia.com> selftests: net: lib: Do not overwrite error messages Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Chen Pei <cp0613(a)linux.alibaba.com> tools: riscv: Fixed misalignment of CSR related definitions Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Fix typo in WMI GUID Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Only load on MSI devices Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Prevent locally generated packets from direct output in tunnel mode Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Yu-Chun Lin <eleanor.lin(a)realtek.com> pinctrl: realtek: Select REGMAP_MMIO for RTD driver Sabrina Dubroca <sd(a)queasysnail.net> xfrm: set err and extack on failure to create pcpu SA Sabrina Dubroca <sd(a)queasysnail.net> xfrm: drop SA reference in xfrm_state_update if dir doesn't match Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix pbn to kbps Conversion Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Move sleep into each retry for retrieve_link_cap() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase DPCD read retries Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Skip power ungate during suspend for VPE Robert McClinton <rbmccav(a)gmail.com> drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: userspace: longer timeout Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer timeout Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() Nam Cao <namcao(a)linutronix.de> nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Hans de Goede <hdegoede(a)redhat.com> Input: goodix - add support for ACPI ID GDIX1003 Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: introduce close_cached_dir_locked() Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Mike Yuan <me(a)yhndnzj.com> shmem: fix tmpfs reconfiguration (remount) when noswap is set Yongpeng Yang <yangyongpeng(a)xiaomi.com> isofs: check the return value of sb_min_blocksize() in isofs_fill_super Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable HS400 on RK3588 Tiger Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 Mykola Kvach <xakep.amatop(a)gmail.com> arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Diederik de Haas <diederik(a)cknow-tech.com> arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Check the untrusted offset in FF-A memory share ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +++--- Documentation/wmi/driver-development-guide.rst | 1 + Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 +- .../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 9 +- arch/arm64/kvm/sys_regs.c | 63 +++++++------ arch/loongarch/include/uapi/asm/ptrace.h | 40 ++++---- arch/loongarch/pci/pci.c | 8 +- arch/mips/mm/tlb-r4k.c | 102 +++++++++++++-------- arch/mips/mti-malta/malta-init.c | 20 ++-- arch/s390/include/asm/pgtable.h | 12 +-- arch/s390/mm/pgtable.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 20 +++- block/blk-crypto.c | 2 +- drivers/ata/libata-scsi.c | 11 ++- drivers/bcma/main.c | 6 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 +++++------- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 20 ++-- .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 60 ++++++++---- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 ++ .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 +++-- .../display/dc/link/protocols/link_dp_capability.c | 11 ++- drivers/gpu/drm/i915/display/intel_psr.c | 4 + drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 + drivers/gpu/drm/radeon/radeon_fence.c | 7 -- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/dsi.c | 9 -- drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/gpu/drm/xe/xe_vm.c | 4 +- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-quirks.c | 13 ++- drivers/infiniband/hw/irdma/Kconfig | 7 +- drivers/input/keyboard/cros_ec_keyb.c | 6 ++ drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 ++ drivers/input/touchscreen/goodix.c | 1 + drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 ++- drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 22 ++++- drivers/net/ethernet/intel/idpf/idpf_main.c | 2 + .../ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/nvme/host/fc.c | 15 +-- drivers/nvme/host/multipath.c | 2 +- drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 21 ++++- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 +- drivers/pinctrl/realtek/Kconfig | 1 + drivers/platform/x86/Kconfig | 1 + .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- drivers/platform/x86/msi-wmi-platform.c | 43 ++++++++- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/sg.c | 10 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/target/loopback/tcm_loop.c | 3 + drivers/tty/vt/vt_ioctl.c | 4 +- fs/exfat/super.c | 5 +- fs/isofs/inode.c | 5 + fs/smb/client/cached_dir.c | 43 ++++++++- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/fs_context.c | 4 + fs/xfs/scrub/symlink_repair.c | 4 +- include/linux/ata.h | 1 + include/net/tls.h | 25 ++--- include/net/xfrm.h | 3 +- kernel/time/timer.c | 7 +- lib/maple_tree.c | 30 +++--- mm/mempool.c | 32 +++++-- mm/shmem.c | 15 ++- net/devlink/rate.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv6/esp6_offload.c | 6 +- net/mptcp/options.c | 54 ++++++++++- net/mptcp/pm_netlink.c | 20 ++-- net/mptcp/protocol.c | 84 +++++++++++------ net/mptcp/protocol.h | 3 +- net/mptcp/subflow.c | 8 ++ net/openvswitch/actions.c | 68 +------------- net/openvswitch/flow_netlink.c | 64 ++----------- net/openvswitch/flow_netlink.h | 2 - net/tls/tls_device.c | 4 +- net/unix/af_unix.c | 36 ++++---- net/vmw_vsock/af_vsock.c | 40 ++++++-- net/xfrm/xfrm_output.c | 6 +- net/xfrm/xfrm_state.c | 8 +- net/xfrm/xfrm_user.c | 5 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + sound/usb/endpoint.c | 3 +- sound/usb/mixer.c | 2 +- tools/arch/riscv/include/asm/csr.h | 5 +- tools/testing/selftests/net/bareudp.sh | 2 +- .../selftests/net/forwarding/lib_sh_test.sh | 7 ++ tools/testing/selftests/net/lib.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 ++-- tools/tracing/latency/latency-collector.c | 2 +- 112 files changed, 914 insertions(+), 560 deletions(-)

5 days, 1 hour

4
115
0 0

[PATCH 6.17 000/175] 6.17.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.10 release. There are 175 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 29 Nov 2025 14:40:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.10-rc1 Emil Tsalapatis <etsal(a)meta.com> sched_ext: fix flag check for deferred callbacks Andrea Righi <arighi(a)nvidia.com> sched_ext: Fix scx_kick_pseqs corruption on concurrent scheduler loads Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Add device specific quirk to limit eDP rate to HBR2 Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> Revert "drm/i915/dp: Reject HBR3 when sink doesn't support TPS4" Jari Ruusu <jariruusu(a)protonmail.com> tty/vt: fix up incorrect backport to stable releases Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched Charlene Liu <Charlene.Liu(a)amd.com> drm/amd/display: Insert dccg log for easy debug Gang Yan <yangang(a)kylinos.cn> mptcp: fix address removal logic in mptcp_pm_nl_rm_addr Darrick J. Wong <djwong(a)kernel.org> xfs: fix out of bounds memory read error in symlink repair Marcelo Moreira <marcelomoreira1905(a)gmail.com> xfs: Replace strncpy with memcpy Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Add parse_cs for JPEG5_0_1 Sathishkumar S <sathishkumar.sundararaju(a)amd.com> drm/amdgpu/jpeg: Move parse_cs to amdgpu_jpeg.c Imre Deak <imre.deak(a)intel.com> drm/i915/dp_mst: Disable Panel Replay Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Check drm_dp_dpcd_read return value on PSR dpcd init Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: fix incomplete backport in cfids_invalidation_worker() Samuel Zhang <guoqing.zhang(a)amd.com> drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Filipe Manana <fdmanana(a)suse.com> btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name Zhang Chujun <zhangchujun(a)cmss.chinamobile.com> tracing/tools: Fix incorrcet short option in usage text for --threads Nishanth Menon <nm(a)ti.com> net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Nitin Rawat <nitin.rawat(a)oss.qualcomm.com> scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3) René Rebe <rene(a)exactco.de> ALSA: usb-audio: fix uac2 clock source at terminal parser Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Prevent BIT() overflow when handling invalid prefetch region Jakub Horký <jakub.git(a)horky.net> kconfig/nconf: Initialize the default locale at startup Jakub Horký <jakub.git(a)horky.net> kconfig/mconf: Initialize the default locale at startup Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Extend Zen6 model range Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Cancel RX async resync request on rcd_delta overflow Carlos Llamas <cmllamas(a)google.com> blk-crypto: use BLK_STS_INVAL for alignment errors Shahar Shitrit <shshitrit(a)nvidia.com> net: tls: Change async resync helpers argument Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: use BASH for bareudp testing Paulo Alcantara <pc(a)manguebit.org> smb: client: handle lack of IPC in dfs_cache_refresh() Sidharth Seela <sidharthseela(a)gmail.com> selftests: cachestat: Fix warning on declaration under label Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Limit Entrysign signature checking to known generations dongsheng <dongsheng.x.zhang(a)intel.com> perf/x86/intel/uncore: Add uncore PMU support for Wildcat Lake Eren Demir <eren.demir2479090(a)gmail.com> ALSA: hda/realtek: Fix mute led for HP Victus 15-fa1xxx (MB 8C2D) Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a regression triggered by scsi_host_busy() Steve French <stfrench(a)microsoft.com> cifs: fix typo in enable_gcm_256 module parameter Shuming Fan <shumingf(a)realtek.com> ASoC: rt721: fix prepare clock stop failed Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Fix pgtable prealloc error path Emil Tsalapatis <etsal(a)meta.com> sched_ext: defer queue_balance_callback() until after ops.dispatch Rafał Miłecki <rafal(a)milecki.pl> bcma: don't register devices disabled in OF Tejun Heo <tj(a)kernel.org> sched_ext: Allocate scx_kick_cpus_pnt_seqs lazily using kvzalloc() J-Donald Tournier <jdtournier(a)gmail.com> ALSA: hda/realtek: Add quirk for Lenovo Yoga 7 2-in-1 14AKP10 Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: kernel: Fix random segmentation faults Malaya Kumar Rout <mrout(a)redhat.com> timekeeping: Fix resource leak in tk_aux_sysfs_init() error paths Michal Luczaj <mhal(a)rbox.co> vsock: Ignore signal/timeout on connect() if already established Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf: Fix 0 count issue of cpu-clock Shaurya Rane <ssrane_b23(a)ee.vjti.ac.in> cifs: fix memory leak in smb3_fs_context_parse_param error path Thomas Weißschuh <linux(a)weissschuh.net> LoongArch: Use UAPI types in ptrace UAPI header Wen Yang <wen.yang(a)linux.dev> tick/sched: Fix bogus condition in report_idle_softirq() Wei Fang <wei.fang(a)nxp.com> net: phylink: add missing supported link modes for the fixed-link Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: make sure the cdev fd is still active before emitting events Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). Pradyumn Rahar <pradyumn.rahar(a)oracle.com> net/mlx5: Clean up only new IRQ glue on request_irq() failure Shay Drory <shayd(a)nvidia.com> devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() Jared Kangas <jkangas(a)redhat.com> pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix PTP cleanup on driver removal in error path Emil Tantilov <emil.s.tantilov(a)intel.com> idpf: fix possible vport_config NULL pointer deref in remove Venkata Ramana Nayana <venkata.ramana.nayana(a)intel.com> drm/xe/irq: Handle msix vector0 interrupt Matt Roper <matthew.d.roper(a)intel.com> drm/xe/kunit: Fix forcewake assertion in mocs test Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/xe3: Restrict PTL intel_encoder_is_c10phy() to only PHY A Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/display: Add definition for wcl as subplatform Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/pcids: Split PTL pciids group to make wcl subplatform Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() Randy Dunlap <rdunlap(a)infradead.org> platform/x86: intel-uncore-freq: fix all header kernel-doc warnings Haotian Zhang <vulab(a)iscas.ac.cn> platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Do not loopback traffic to GDM2 if it is available on the device Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Add wlan flowtable TX offload Ido Schimmel <idosch(a)nvidia.com> selftests: net: lib: Do not overwrite error messages Aleksei Nikiforov <aleksei.nikiforov(a)linux.ibm.com> s390/ctcm: Fix double-kfree Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/xe3lpd: Load DMC for Xe3_LPD version 30.02 Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> nvme-multipath: fix lockdep WARN due to partition scan work Alistair Francis <alistair.francis(a)wdc.com> nvmet-auth: update sc_c in target host hash calculation Chen Pei <cp0613(a)linux.alibaba.com> tools: riscv: Fixed misalignment of CSR related definitions Jesper Dangaard Brouer <hawk(a)kernel.org> veth: more robust handing of race to avoid txq getting stuck Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove never-working support for setting nsh fields Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() Pavel Zhigulin <Pavel.Zhigulin(a)kaspersky.com> net: dsa: hellcreek: fix missing error handling in LED registration Prateek Agarwal <praagarwal(a)nvidia.com> drm/tegra: Add call to put_pid() Zilin Guan <zilin(a)seu.edu.cn> mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() Jiaming Zhang <r772577952(a)gmail.com> net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: dts: econet: fix EN751221 core type Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Fix typo in WMI GUID Armin Wolf <W_Armin(a)gmx.de> platform/x86: msi-wmi-platform: Only load on MSI devices Haotian Zhang <vulab(a)iscas.ac.cn> pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() Jianbo Liu <jianbol(a)nvidia.com> xfrm: Prevent locally generated packets from direct output in tunnel mode Jianbo Liu <jianbol(a)nvidia.com> xfrm: Determine inner GSO type from packet inner protocol Jianbo Liu <jianbol(a)nvidia.com> xfrm: Check inner packet family directly from skb_dst Yu-Chun Lin <eleanor.lin(a)realtek.com> pinctrl: realtek: Select REGMAP_MMIO for RTD driver Chen-Yu Tsai <wens(a)kernel.org> clk: sunxi-ng: sun55i-a523-ccu: Lower audio0 pll minimum rate Chen-Yu Tsai <wens(a)kernel.org> clk: sunxi-ng: sun55i-a523-r-ccu: Mark bus-r-dma as critical Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: Mark A523 bus-r-cpucfg clock as critical Sabrina Dubroca <sd(a)queasysnail.net> xfrm: set err and extack on failure to create pcpu SA Sabrina Dubroca <sd(a)queasysnail.net> xfrm: call xfrm_dev_state_delete when xfrm_state_migrate fails to add the state Sabrina Dubroca <sd(a)queasysnail.net> xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added Sabrina Dubroca <sd(a)queasysnail.net> xfrm: drop SA reference in xfrm_state_update if dir doesn't match Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> pinctrl: mediatek: mt8189: align register base names to dt-bindings ones Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> pinctrl: mediatek: mt8196: align register base names to dt-bindings ones Kiryl Shutsemau <kas(a)kernel.org> mm/truncate: unmap large folio on split failure Ivan Lipski <ivan.lipski(a)amd.com> drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix pbn to kbps Conversion Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Move sleep into each retry for retrieve_link_cap() Mario Limonciello (AMD) <superm1(a)kernel.org> drm/amd/display: Increase DPCD read retries Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Skip power ungate during suspend for VPE Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/plane: Fix create_in_format_blob() return value Robert McClinton <rbmccav(a)gmail.com> drm/radeon: delete radeon_fence_process in is_signaled, no deadlock Ma Ke <make24(a)iscas.ac.cn> drm/tegra: dc: Fix reference leak in tegra_dc_couple() Paolo Abeni <pabeni(a)redhat.com> mptcp: do not fallback when OoO is present Paolo Abeni <pabeni(a)redhat.com> mptcp: decouple mptcp fastclose from tcp close Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid unneeded subflow-level drops Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: userspace: longer timeout Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: endpoints: longer timeout Paolo Abeni <pabeni(a)redhat.com> mptcp: fix premature close in case of fallback Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate reset on fastclose Paolo Abeni <pabeni(a)redhat.com> mptcp: fix ack generation for fallback msk Eric Dumazet <edumazet(a)google.com> mptcp: fix a race in mptcp_pm_del_add_timer() Eric Dumazet <edumazet(a)google.com> mptcp: fix race condition in mptcp_schedule_work() Anthony Wong <anthony.wong(a)ubuntu.com> platform/x86: alienware-wmi-wmax: Add AWCC support to Alienware 16 Aurora Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "G" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "X" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Add support for the whole "M" family Kurt Borja <kuurtb(a)gmail.com> platform/x86: alienware-wmi-wmax: Fix "Alienware m16 R1 AMD" quirk order Bibo Mao <maobibo(a)loongson.cn> LoongArch: Fix NUMA node parsing with numa_memblks Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Don't panic if no valid cache info for PCI Vincent Li <vincent.mc.li(a)gmail.com> LoongArch: BPF: Disable trampoline for kernel module function trace Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix !EVA SOC-it PCI MMIO Hamza Mahfooz <hamzamahfooz(a)linux.microsoft.com> scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Do not sleep in atomic context Saket Kumar Bhaskar <skb99(a)linux.ibm.com> sched_ext: Fix scx_enable() crash on helper kthread creation failure Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: core: Fix runtime PM enabling in device_resume_early() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() Ewan D. Milne <emilne(a)redhat.com> nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() Nam Cao <namcao(a)linutronix.de> nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot Vlastimil Babka <vbabka(a)suse.cz> mm/mempool: fix poisoning order>0 pages with HIGHMEM Seungjin Bae <eeodqql09(a)gmail.com> Input: pegasus-notetaker - fix potential out-of-bounds access Dan Carpenter <dan.carpenter(a)linaro.org> Input: imx_sc_key - fix memory corruption on unload Hans de Goede <hansg(a)kernel.org> Input: goodix - add support for ACPI ID GDIX1003 Tzung-Bi Shih <tzungbi(a)kernel.org> Input: cros_ec_keyb - fix an invalid memory access Diogo Ivo <diogo.ivo(a)tecnico.ulisboa.pt> Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: lan937x: Fix RGMII delay tuning Jens Axboe <axboe(a)kernel.dk> io_uring/cmd_net: fix wrong argument types for skb_queue_splice() Andrey Vatoropin <a.vatoropin(a)crpt.ru> be2net: pass wrb_params in case of OS2BMC Yihang Li <liyihang9(a)h-partners.com> ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: hw_scan: Don't let the operating channel be last Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: introduce close_cached_dir_locked() Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: move avdcache to per-task security struct Stephen Smalley <stephen.smalley.work(a)gmail.com> selinux: rename task_security_struct to cred_security_struct Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: mm: Prevent a TLB shutdown on initial uniquification Niklas Cassel <cassel(a)kernel.org> ata: libata-scsi: Fix system suspend for a security locked drive Tony Luck <tony.luck(a)intel.com> ACPI: APEI: EINJ: Fix EINJV2 initialization and injection Pasha Tatashin <pasha.tatashin(a)soleen.com> lib/test_kho: check if KHO is enabled Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Fix proto fallback detection with BPF Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Fix __ptep_rdp() inline assembly Jiayuan Chen <jiayuan.chen(a)linux.dev> mptcp: Disallow MPTCP subflows from sockmap Yongpeng Yang <yangyongpeng(a)xiaomi.com> exfat: check return value of sb_min_blocksize in exfat_read_boot_sector Mike Yuan <me(a)yhndnzj.com> shmem: fix tmpfs reconfiguration (remount) when noswap is set Yongpeng Yang <yangyongpeng(a)xiaomi.com> isofs: check the return value of sb_min_blocksize() in isofs_fill_super Yongpeng Yang <yangyongpeng(a)xiaomi.com> xfs: check the return value of sb_min_blocksize() in xfs_fs_fill_super Dan Carpenter <dan.carpenter(a)linaro.org> mtdchar: fix integer overflow in read/write ioctls Zhen Ni <zhen.ni(a)easystack.cn> fs: Fix uninitialized 'offp' in statmount_string() Niravkumar L Rabara <niravkumarlaxmidas.rabara(a)altera.com> mtd: rawnand: cadence: fix DMA device NULL pointer dereference Yongpeng Yang <yangyongpeng(a)xiaomi.com> vfat: fix missing sb_min_blocksize() return value checks Yosry Ahmed <yosry.ahmed(a)linux.dev> KVM: SVM: Fix redundant updates of LBR MSR intercepts Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable HS400 on RK3588 Tiger Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> reset: imx8mp-audiomix: Fix bad mask values Mykola Kvach <xakep.amatop(a)gmail.com> arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 Diederik de Haas <diederik(a)cknow-tech.com> arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 Zhang Heng <zhangheng(a)kylinos.cn> HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 Mario Limonciello (AMD) <superm1(a)kernel.org> HID: amd_sfh: Stop sensor before starting Alexey Charkov <alchark(a)gmail.com> arm64: dts: rockchip: Remove non-functioning CPU OPPs from RK3576 Yipeng Zou <zouyipeng(a)huawei.com> timers: Fix NULL function pointer race in timer_shutdown_sync() Sebastian Ene <sebastianene(a)google.com> KVM: arm64: Check the untrusted offset in FF-A memory share ------------- Diffstat: .../bindings/pinctrl/toshiba,visconti-pinctrl.yaml | 26 +++-- Documentation/wmi/driver-development-guide.rst | 1 + Makefile | 4 +- arch/arm64/boot/dts/rockchip/rk3399-op1.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3566-pinetab2.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3576.dtsi | 12 -- arch/arm64/boot/dts/rockchip/rk3588-tiger.dtsi | 4 +- .../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 4 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 9 +- arch/loongarch/include/uapi/asm/ptrace.h | 40 +++---- arch/loongarch/kernel/numa.c | 60 +++------- arch/loongarch/net/bpf_jit.c | 3 + arch/loongarch/pci/pci.c | 8 +- arch/mips/boot/dts/econet/en751221.dtsi | 2 +- arch/mips/kernel/process.c | 2 +- arch/mips/mm/tlb-r4k.c | 102 ++++++++++------- arch/mips/mti-malta/malta-init.c | 20 ++-- arch/s390/include/asm/pgtable.h | 12 +- arch/s390/mm/pgtable.c | 4 +- arch/x86/events/intel/uncore.c | 1 + arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 20 +++- arch/x86/kvm/svm/svm.c | 9 +- arch/x86/kvm/svm/svm.h | 1 + block/blk-crypto.c | 2 +- drivers/acpi/apei/einj-core.c | 64 +++++++---- drivers/ata/libata-scsi.c | 11 +- drivers/base/power/main.c | 25 +++-- drivers/bcma/main.c | 6 + drivers/clk/sunxi-ng/ccu-sun55i-a523-r.c | 4 +- drivers/clk/sunxi-ng/ccu-sun55i-a523.c | 2 +- drivers/gpio/gpiolib-cdev.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.c | 65 +++++++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_jpeg.h | 10 ++ drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 4 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 58 +--------- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.h | 6 - drivers/gpu/drm/amd/amdgpu/jpeg_v2_5.c | 4 +- drivers/gpu/drm/amd/amdgpu/jpeg_v3_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_5.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/jpeg_v5_0_1.c | 1 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 59 ++++------ .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 4 +- .../gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c | 26 ++++- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 8 ++ .../display/dc/link/protocols/link_dp_capability.c | 11 +- drivers/gpu/drm/drm_plane.c | 4 +- drivers/gpu/drm/i915/display/intel_cx0_phy.c | 14 +-- .../gpu/drm/i915/display/intel_display_device.c | 13 +++ .../gpu/drm/i915/display/intel_display_device.h | 4 +- drivers/gpu/drm/i915/display/intel_dmc.c | 10 +- drivers/gpu/drm/i915/display/intel_dp.c | 30 ++--- drivers/gpu/drm/i915/display/intel_psr.c | 36 ++++-- drivers/gpu/drm/i915/display/intel_quirks.c | 9 ++ drivers/gpu/drm/i915/display/intel_quirks.h | 1 + drivers/gpu/drm/msm/msm_iommu.c | 5 + drivers/gpu/drm/nouveau/nvkm/falcon/fw.c | 2 + drivers/gpu/drm/radeon/radeon_fence.c | 7 -- drivers/gpu/drm/tegra/dc.c | 1 + drivers/gpu/drm/tegra/dsi.c | 9 -- drivers/gpu/drm/tegra/uapi.c | 7 +- drivers/gpu/drm/xe/tests/xe_mocs.c | 2 +- drivers/gpu/drm/xe/xe_irq.c | 18 +-- drivers/gpu/drm/xe/xe_pci.c | 1 + drivers/gpu/drm/xe/xe_vm.c | 4 +- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 + drivers/hid/hid-ids.h | 4 +- drivers/hid/hid-quirks.c | 13 ++- drivers/input/keyboard/cros_ec_keyb.c | 6 + drivers/input/keyboard/imx_sc_key.c | 2 +- drivers/input/tablet/pegasus_notetaker.c | 9 ++ drivers/input/touchscreen/goodix.c | 1 + drivers/mtd/mtdchar.c | 6 +- drivers/mtd/nand/raw/cadence-nand-controller.c | 3 +- drivers/net/dsa/hirschmann/hellcreek_ptp.c | 14 ++- drivers/net/dsa/microchip/lan937x_main.c | 1 + drivers/net/ethernet/airoha/airoha_eth.h | 11 ++ drivers/net/ethernet/airoha/airoha_ppe.c | 95 +++++++++++----- drivers/net/ethernet/emulex/benet/be_main.c | 7 +- drivers/net/ethernet/intel/ice/ice_ptp.c | 22 +++- drivers/net/ethernet/intel/idpf/idpf_main.c | 2 + .../ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 9 +- drivers/net/ethernet/mellanox/mlx5/core/pci_irq.c | 6 +- .../net/ethernet/mellanox/mlxsw/core_linecards.c | 2 + .../net/ethernet/mellanox/mlxsw/spectrum_flower.c | 6 +- drivers/net/ethernet/qlogic/qede/qede_fp.c | 5 +- drivers/net/ethernet/ti/netcp_core.c | 10 +- drivers/net/phy/phylink.c | 3 + drivers/net/veth.c | 38 ++++--- drivers/net/wireless/realtek/rtw89/fw.c | 7 ++ drivers/nvme/host/fc.c | 15 +-- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/auth.c | 4 +- drivers/nvme/target/fabrics-cmd-auth.c | 1 + drivers/nvme/target/nvmet.h | 1 + drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/pinctrl/cirrus/pinctrl-cs42l43.c | 21 +++- drivers/pinctrl/mediatek/pinctrl-mt8189.c | 4 +- drivers/pinctrl/mediatek/pinctrl-mt8196.c | 6 +- drivers/pinctrl/nxp/pinctrl-s32cc.c | 3 +- drivers/pinctrl/realtek/Kconfig | 1 + drivers/platform/x86/Kconfig | 1 + drivers/platform/x86/dell/alienware-wmi-wmax.c | 104 +++++------------- .../x86/intel/speed_select_if/isst_if_mmio.c | 4 +- .../uncore-frequency/uncore-frequency-common.h | 9 +- drivers/platform/x86/msi-wmi-platform.c | 43 +++++++- drivers/reset/reset-imx8mp-audiomix.c | 4 +- drivers/s390/net/ctcm_mpc.c | 1 - drivers/scsi/hosts.c | 5 +- drivers/scsi/sg.c | 10 +- drivers/soc/ti/knav_dma.c | 14 +-- drivers/target/loopback/tcm_loop.c | 3 + drivers/tty/vt/vt_ioctl.c | 4 +- drivers/ufs/host/ufs-qcom.c | 15 ++- fs/btrfs/inode.c | 1 - fs/btrfs/tree-log.c | 3 + fs/exfat/super.c | 5 +- fs/fat/inode.c | 6 +- fs/isofs/inode.c | 5 + fs/namespace.c | 4 +- fs/smb/client/cached_dir.c | 43 +++++++- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/cifsproto.h | 2 + fs/smb/client/connect.c | 38 +++---- fs/smb/client/dfs_cache.c | 55 ++++++++-- fs/smb/client/fs_context.c | 4 + fs/xfs/scrub/symlink_repair.c | 4 +- fs/xfs/xfs_super.c | 5 +- include/drm/intel/pciids.h | 5 +- include/linux/ata.h | 1 + include/net/tls.h | 25 +++-- include/net/xfrm.h | 3 +- io_uring/cmd_net.c | 2 +- kernel/events/core.c | 2 +- kernel/sched/ext.c | 121 +++++++++++++++++++-- kernel/sched/sched.h | 1 + kernel/time/tick-sched.c | 11 +- kernel/time/timekeeping.c | 21 ++-- kernel/time/timer.c | 7 +- lib/test_kho.c | 3 + mm/mempool.c | 32 +++++- mm/shmem.c | 15 ++- mm/truncate.c | 35 +++++- net/core/dev_ioctl.c | 3 + net/devlink/rate.c | 4 +- net/ipv4/esp4_offload.c | 6 +- net/ipv6/esp6_offload.c | 6 +- net/mptcp/options.c | 54 ++++++++- net/mptcp/pm.c | 20 ++-- net/mptcp/pm_kernel.c | 2 +- net/mptcp/protocol.c | 84 +++++++++----- net/mptcp/protocol.h | 3 +- net/mptcp/subflow.c | 8 ++ net/openvswitch/actions.c | 68 +----------- net/openvswitch/flow_netlink.c | 64 ++--------- net/openvswitch/flow_netlink.h | 2 - net/tls/tls_device.c | 4 +- net/unix/af_unix.c | 3 +- net/vmw_vsock/af_vsock.c | 40 +++++-- net/xfrm/xfrm_device.c | 2 +- net/xfrm/xfrm_output.c | 8 +- net/xfrm/xfrm_state.c | 16 ++- net/xfrm/xfrm_user.c | 5 +- scripts/kconfig/mconf.c | 3 + scripts/kconfig/nconf.c | 3 + security/selinux/hooks.c | 79 +++++++------- security/selinux/include/objsec.h | 20 +++- sound/hda/codecs/realtek/alc269.c | 2 + sound/soc/codecs/rt721-sdca.c | 4 + sound/soc/codecs/rt721-sdca.h | 1 + sound/usb/mixer.c | 2 +- tools/arch/riscv/include/asm/csr.h | 5 +- tools/testing/selftests/cachestat/test_cachestat.c | 4 +- tools/testing/selftests/net/bareudp.sh | 2 +- .../selftests/net/forwarding/lib_sh_test.sh | 7 ++ tools/testing/selftests/net/lib.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 18 +-- tools/tracing/latency/latency-collector.c | 2 +- 184 files changed, 1552 insertions(+), 952 deletions(-)

5 days, 1 hour

3
179
0 0

[PATCH v4] platform/x86: intel_pmc_ipc: fix ACPI buffer memory leak

by yongxin.liu＠windriver.com

From: Yongxin Liu <yongxin.liu(a)windriver.com> The intel_pmc_ipc() function uses ACPI_ALLOCATE_BUFFER to allocate memory for the ACPI evaluation result but never frees it, causing a 192-byte memory leak on each call. This leak is triggered during network interface initialization when the stmmac driver calls intel_mac_finish() -> intel_pmc_ipc(). unreferenced object 0xffff96a848d6ea80 (size 192): comm "dhcpcd", pid 541, jiffies 4294684345 hex dump (first 32 bytes): 04 00 00 00 05 00 00 00 98 ea d6 48 a8 96 ff ff ...........H.... 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ backtrace (crc b1564374): kmemleak_alloc+0x2d/0x40 __kmalloc_noprof+0x2fa/0x730 acpi_ut_initialize_buffer+0x83/0xc0 acpi_evaluate_object+0x29a/0x2f0 intel_pmc_ipc+0xfd/0x170 intel_mac_finish+0x168/0x230 stmmac_mac_finish+0x3d/0x50 phylink_major_config+0x22b/0x5b0 phylink_mac_initial_config.constprop.0+0xf1/0x1b0 phylink_start+0x8e/0x210 __stmmac_open+0x12c/0x2b0 stmmac_open+0x23c/0x380 __dev_open+0x11d/0x2c0 __dev_change_flags+0x1d2/0x250 netif_change_flags+0x2b/0x70 dev_change_flags+0x40/0xb0 Add __free(kfree) for ACPI object to properly release the allocated buffer. Cc: stable(a)vger.kernel.org Fixes: 7e2f7e25f6ff ("arch: x86: add IPC mailbox accessor function and add SoC register access") Signed-off-by: Yongxin Liu <yongxin.liu(a)windriver.com> --- V3->V4: Move declaration of *obj to where it gets assigned. V2->V3: Use __free(kfree) instead of goto and kfree(); V1->V2: Cover all potential paths for kfree(); --- include/linux/platform_data/x86/intel_pmc_ipc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/platform_data/x86/intel_pmc_ipc.h b/include/linux/platform_data/x86/intel_pmc_ipc.h index 1d34435b7001..85ea381e4a27 100644 --- a/include/linux/platform_data/x86/intel_pmc_ipc.h +++ b/include/linux/platform_data/x86/intel_pmc_ipc.h @@ -9,6 +9,7 @@ #ifndef INTEL_PMC_IPC_H #define INTEL_PMC_IPC_H #include <linux/acpi.h> +#include <linux/cleanup.h> #define IPC_SOC_REGISTER_ACCESS 0xAA #define IPC_SOC_SUB_CMD_READ 0x00 @@ -48,7 +49,6 @@ static inline int intel_pmc_ipc(struct pmc_ipc_cmd *ipc_cmd, struct pmc_ipc_rbuf {.type = ACPI_TYPE_INTEGER,}, }; struct acpi_object_list arg_list = { PMC_IPCS_PARAM_COUNT, params }; - union acpi_object *obj; int status; if (!ipc_cmd || !rbuf) @@ -72,7 +72,7 @@ static inline int intel_pmc_ipc(struct pmc_ipc_cmd *ipc_cmd, struct pmc_ipc_rbuf if (ACPI_FAILURE(status)) return -ENODEV; - obj = buffer.pointer; + union acpi_object *obj __free(kfree) = buffer.pointer; if (obj && obj->type == ACPI_TYPE_PACKAGE && obj->package.count == VALID_IPC_RESPONSE) { -- 2.46.2

5 days, 1 hour

2
1
0 0

[PATCH v2] ocfs2: fix kernel BUG in ocfs2_find_victim_chain

by Prithvi Tambewagh

syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list is 0, triggring the BUG_ON(!cl->cl_next_free_rec) condition and panicking the kernel. To fix this, `cl_next_free_rec` is checked inside the caller of ocfs2_find_victim_chain() i.e. ocfs2_claim_suballoc_bits() and if it is equal to 0, ocfs2_error() is called, to log the corruption and force the filesystem into read-only mode, to prevent further damage. Reported-by: syzbot+96d38c6e1655c1420a72(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=96d38c6e1655c1420a72 Tested-by: syzbot+96d38c6e1655c1420a72(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Prithvi Tambewagh <activprithvi(a)gmail.com> --- v1->v2: - Remove extra line before the if statement in patch - Add upper limit check for cl->cl_next_free_rec in the if condition fs/ocfs2/suballoc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c index 6ac4dcd54588..1257c39c2c11 100644 --- a/fs/ocfs2/suballoc.c +++ b/fs/ocfs2/suballoc.c @@ -1992,6 +1992,13 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac, } cl = (struct ocfs2_chain_list *) &fe->id2.i_chain; + if (!le16_to_cpu(cl->cl_next_free_rec) || + le16_to_cpu(cl->cl_next_free_rec) > le16_to_cpu(cl->cl_count)) { + status = ocfs2_error(ac->ac_inode->i_sb, + "Chain allocator dinode %llu has 0 chains\n", + (unsigned long long)le64_to_cpu(fe->i_blkno)); + goto bail; + } victim = ocfs2_find_victim_chain(cl); ac->ac_chain = victim; base-commit: 939f15e640f193616691d3bcde0089760e75b0d3 -- 2.34.1

5 days, 2 hours

1
0
0 0

Re: [PATCH] bcache: call bio_endio() to replace directly calling bio->bi_end_io()

by Stephen Zhang

Hi Coly, For this issue, I've previously sent a fix here: https://lore.kernel.org/all/20251129090122.2457896-2-zhangshida@kylinos.cn/ Would you be able to take a look and see if that one is suitable to pick up? Thanks, Shida

5 days, 6 hours

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror