Commit ff90afa75573 ("KVM: x86: Evaluate latched_init in
KVM_SET_VCPU_EVENTS when vCPU not in SMM") changes KVM_SET_VCPU_EVENTS
handler to set pending LAPIC INIT event regardless of if vCPU is in
SMM mode or not.
However, latch INIT without checking CPU state exists race condition,
which causes the loss of INIT event. This is fatal during the VM
startup process because it will cause some AP to never switch to
non-root mode. Just as commit f4ef19108608 ("KVM: X86: Fix loss of
pending INIT due to race") said:
BSP AP
kvm_vcpu_ioctl_x86_get_vcpu_events
events->smi.latched_init = 0
kvm_vcpu_block
kvm_vcpu_check_block
schedule
send INIT to AP
kvm_vcpu_ioctl_x86_set_vcpu_events
(e.g. `info registers -a` when VM starts/reboots)
if (events->smi.latched_init == 0)
clear INIT in pending_events
kvm_apic_accept_events
test_bit(KVM_APIC_INIT, &pe) == false
vcpu->arch.mp_state maintains UNINITIALIZED
send SIPI to AP
kvm_apic_accept_events
test_bit(KVM_APIC_SIPI, &pe) == false
vcpu->arch.mp_state will never change to RUNNABLE
(defy: UNINITIALIZED => INIT_RECEIVED => RUNNABLE)
AP will never switch to non-root operation
In such race result, VM hangs. E.g., BSP loops in SeaBIOS's SMPLock and
AP will never be reset, and qemu hmp "info registers -a" shows:
CPU#0
EAX=00000002 EBX=00000002 ECX=00000000 EDX=00020000
ESI=00000000 EDI=00000000 EBP=00000008 ESP=00006c6c
EIP=000ef570 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
......
CPU#1
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00080660
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
......
Fix this by handling latched INITs only in specific CPU states (SMM,
VMX non-root mode, SVM with GIF=0) in KVM_SET_VCPU_EVENTS.
Cc: stable(a)vger.kernel.org
Fixes: ff90afa75573 ("KVM: x86: Evaluate latched_init in KVM_SET_VCPU_EVENTS when vCPU not in SMM")
Signed-off-by: Fei Li <lifei.shirley(a)bytedance.com>
---
arch/x86/kvm/x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a1c49bc681c46..7001b2af00ed1 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5556,7 +5556,7 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
return -EINVAL;
#endif
- if (lapic_in_kernel(vcpu)) {
+ if (!kvm_apic_init_sipi_allowed(vcpu) && lapic_in_kernel(vcpu)) {
if (events->smi.latched_init)
set_bit(KVM_APIC_INIT, &vcpu->arch.apic->pending_events);
else
--
2.39.2 (Apple Git-143)
The patch titled
Subject: samples/damon/mtier: avoid starting DAMON before initialization
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
samples-damon-mtier-avoid-starting-damon-before-initialization.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: SeongJae Park <sj(a)kernel.org>
Subject: samples/damon/mtier: avoid starting DAMON before initialization
Date: Mon, 8 Sep 2025 19:22:38 -0700
Commit 964314344eab ("samples/damon/mtier: support boot time enable
setup") is somehow incompletely applying the origin patch [1]. It is
missing the part that avoids starting DAMON before module initialization.
Probably a mistake during a merge has happened. Fix it by applying the
missed part again.
Link: https://lkml.kernel.org/r/20250909022238.2989-4-sj@kernel.org
Link: https://lore.kernel.org/20250706193207.39810-4-sj@kernel.org [1]
Fixes: 964314344eab ("samples/damon/mtier: support boot time enable setup")
Signed-off-by: SeongJae Park <sj(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
samples/damon/mtier.c | 3 +++
1 file changed, 3 insertions(+)
--- a/samples/damon/mtier.c~samples-damon-mtier-avoid-starting-damon-before-initialization
+++ a/samples/damon/mtier.c
@@ -208,6 +208,9 @@ static int damon_sample_mtier_enable_sto
if (enabled == is_enabled)
return 0;
+ if (!init_called)
+ return 0;
+
if (enabled) {
err = damon_sample_mtier_start();
if (err)
_
Patches currently in -mm which might be from sj(a)kernel.org are
mm-damon-core-introduce-damon_call_control-dealloc_on_cancel.patch
mm-damon-sysfs-use-dynamically-allocated-repeat-mode-damon_call_control.patch
samples-damon-wsse-avoid-starting-damon-before-initialization.patch
samples-damon-prcl-avoid-starting-damon-before-initialization.patch
samples-damon-mtier-avoid-starting-damon-before-initialization.patch
mm-zswap-store-page_size-compression-failed-page-as-is.patch
mm-zswap-store-page_size-compression-failed-page-as-is-fix.patch
mm-zswap-store-page_size-compression-failed-page-as-is-v5.patch
mm-zswap-store-page_size-compression-failed-page-as-is-fix-2.patch
mm-damon-core-add-damon_ctx-addr_unit.patch
mm-damon-paddr-support-addr_unit-for-access-monitoring.patch
mm-damon-paddr-support-addr_unit-for-damos_pageout.patch
mm-damon-paddr-support-addr_unit-for-damos_lru_prio.patch
mm-damon-paddr-support-addr_unit-for-migrate_hotcold.patch
mm-damon-paddr-support-addr_unit-for-damos_stat.patch
mm-damon-sysfs-implement-addr_unit-file-under-context-dir.patch
docs-mm-damon-design-document-address-unit-parameter.patch
docs-admin-guide-mm-damon-usage-document-addr_unit-file.patch
docs-abi-damon-document-addr_unit-file.patch
The patch titled
Subject: samples/damon/prcl: avoid starting DAMON before initialization
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
samples-damon-prcl-avoid-starting-damon-before-initialization.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: SeongJae Park <sj(a)kernel.org>
Subject: samples/damon/prcl: avoid starting DAMON before initialization
Date: Mon, 8 Sep 2025 19:22:37 -0700
Commit 2780505ec2b4 ("samples/damon/prcl: fix boot time enable crash") is
somehow incompletely applying the origin patch [1]. It is missing the
part that avoids starting DAMON before module initialization. Probably a
mistake during a merge has happened. Fix it by applying the missed part
again.
Link: https://lkml.kernel.org/r/20250909022238.2989-3-sj@kernel.org
Link: https://lore.kernel.org/20250706193207.39810-3-sj@kernel.org [1]
Fixes: 2780505ec2b4 ("samples/damon/prcl: fix boot time enable crash")
Signed-off-by: SeongJae Park <sj(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
samples/damon/prcl.c | 3 +++
1 file changed, 3 insertions(+)
--- a/samples/damon/prcl.c~samples-damon-prcl-avoid-starting-damon-before-initialization
+++ a/samples/damon/prcl.c
@@ -137,6 +137,9 @@ static int damon_sample_prcl_enable_stor
if (enabled == is_enabled)
return 0;
+ if (!init_called)
+ return 0;
+
if (enabled) {
err = damon_sample_prcl_start();
if (err)
_
Patches currently in -mm which might be from sj(a)kernel.org are
mm-damon-core-introduce-damon_call_control-dealloc_on_cancel.patch
mm-damon-sysfs-use-dynamically-allocated-repeat-mode-damon_call_control.patch
samples-damon-wsse-avoid-starting-damon-before-initialization.patch
samples-damon-prcl-avoid-starting-damon-before-initialization.patch
samples-damon-mtier-avoid-starting-damon-before-initialization.patch
mm-zswap-store-page_size-compression-failed-page-as-is.patch
mm-zswap-store-page_size-compression-failed-page-as-is-fix.patch
mm-zswap-store-page_size-compression-failed-page-as-is-v5.patch
mm-zswap-store-page_size-compression-failed-page-as-is-fix-2.patch
mm-damon-core-add-damon_ctx-addr_unit.patch
mm-damon-paddr-support-addr_unit-for-access-monitoring.patch
mm-damon-paddr-support-addr_unit-for-damos_pageout.patch
mm-damon-paddr-support-addr_unit-for-damos_lru_prio.patch
mm-damon-paddr-support-addr_unit-for-migrate_hotcold.patch
mm-damon-paddr-support-addr_unit-for-damos_stat.patch
mm-damon-sysfs-implement-addr_unit-file-under-context-dir.patch
docs-mm-damon-design-document-address-unit-parameter.patch
docs-admin-guide-mm-damon-usage-document-addr_unit-file.patch
docs-abi-damon-document-addr_unit-file.patch
The patch titled
Subject: samples/damon/wsse: avoid starting DAMON before initialization
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
samples-damon-wsse-avoid-starting-damon-before-initialization.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: SeongJae Park <sj(a)kernel.org>
Subject: samples/damon/wsse: avoid starting DAMON before initialization
Date: Mon, 8 Sep 2025 19:22:36 -0700
Patch series "samples/damon: fix boot time enable handling fixup merge
mistakes".
This patch (of 3):
Commit 0ed1165c3727 ("samples/damon/wsse: fix boot time enable handling")
is somehow incompletely applying the origin patch [1]. It is missing the
part that avoids starting DAMON before module initialization. Probably a
mistake during a merge has happened. Fix it by applying the missed part
again.
Link: https://lkml.kernel.org/r/20250909022238.2989-1-sj@kernel.org
Link: https://lkml.kernel.org/r/20250909022238.2989-2-sj@kernel.org
Link: https://lore.kernel.org/20250706193207.39810-2-sj@kernel.org [1]
Fixes: 0ed1165c3727 ("samples/damon/wsse: fix boot time enable handling")
Signed-off-by: SeongJae Park <sj(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
samples/damon/wsse.c | 3 +++
1 file changed, 3 insertions(+)
--- a/samples/damon/wsse.c~samples-damon-wsse-avoid-starting-damon-before-initialization
+++ a/samples/damon/wsse.c
@@ -118,6 +118,9 @@ static int damon_sample_wsse_enable_stor
return 0;
if (enabled) {
+ if (!init_called)
+ return 0;
+
err = damon_sample_wsse_start();
if (err)
enabled = false;
_
Patches currently in -mm which might be from sj(a)kernel.org are
mm-damon-core-introduce-damon_call_control-dealloc_on_cancel.patch
mm-damon-sysfs-use-dynamically-allocated-repeat-mode-damon_call_control.patch
samples-damon-wsse-avoid-starting-damon-before-initialization.patch
samples-damon-prcl-avoid-starting-damon-before-initialization.patch
samples-damon-mtier-avoid-starting-damon-before-initialization.patch
mm-zswap-store-page_size-compression-failed-page-as-is.patch
mm-zswap-store-page_size-compression-failed-page-as-is-fix.patch
mm-zswap-store-page_size-compression-failed-page-as-is-v5.patch
mm-zswap-store-page_size-compression-failed-page-as-is-fix-2.patch
mm-damon-core-add-damon_ctx-addr_unit.patch
mm-damon-paddr-support-addr_unit-for-access-monitoring.patch
mm-damon-paddr-support-addr_unit-for-damos_pageout.patch
mm-damon-paddr-support-addr_unit-for-damos_lru_prio.patch
mm-damon-paddr-support-addr_unit-for-migrate_hotcold.patch
mm-damon-paddr-support-addr_unit-for-damos_stat.patch
mm-damon-sysfs-implement-addr_unit-file-under-context-dir.patch
docs-mm-damon-design-document-address-unit-parameter.patch
docs-admin-guide-mm-damon-usage-document-addr_unit-file.patch
docs-abi-damon-document-addr_unit-file.patch
In the old days, RDS used FMR (Fast Memory Registration) to register
IB MRs to be used by RDMA. A newer and better verbs based
registration/de-registration method called FRWR (Fast Registration
Work Request) was added to RDS by commit 1659185fb4d0 ("RDS: IB:
Support Fastreg MR (FRMR) memory registration mode") in 2016.
Detection and enablement of FRWR was done in commit 2cb2912d6563
("RDS: IB: add Fastreg MR (FRMR) detection support"). But said commit
added an extern bool prefer_frmr, which was not used by said commit -
nor used by later commits. Hence, remove it.
Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com>
Reviewed-by: Allison Henderson <allison.henderson(a)oracle.com>
---
v3 -> v4:
* Added Allison's r-b
* Removed indentation for this section
v2 -> v3:
* As per Jakub's request, removed Cc: and Fixes: tags
* Subject to net-next (instead of net)
v1 -> v2:
* Added commit message
* Added Cc: stable(a)vger.kernel.org
---
net/rds/ib_mr.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/rds/ib_mr.h b/net/rds/ib_mr.h
index ea5e9aee4959e..5884de8c6f45b 100644
--- a/net/rds/ib_mr.h
+++ b/net/rds/ib_mr.h
@@ -108,7 +108,6 @@ struct rds_ib_mr_pool {
};
extern struct workqueue_struct *rds_ib_mr_wq;
-extern bool prefer_frmr;
struct rds_ib_mr_pool *rds_ib_create_mr_pool(struct rds_ib_device *rds_dev,
int npages);
--
2.43.5
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x d7d8e3169b56e7696559a2427c922c0d55debcec
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025040835-legroom-backshift-766c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d7d8e3169b56e7696559a2427c922c0d55debcec Mon Sep 17 00:00:00 2001
From: Chuck Lever <chuck.lever(a)oracle.com>
Date: Sun, 26 Jan 2025 16:50:17 -0500
Subject: [PATCH] NFSD: nfsd_unlink() clobbers non-zero status returned from
fh_fill_pre_attrs()
If fh_fill_pre_attrs() returns a non-zero status, the error flow
takes it through out_unlock, which then overwrites the returned
status code with
err = nfserrno(host_err);
Fixes: a332018a91c4 ("nfsd: handle failure to collect pre/post-op attrs more sanely")
Reviewed-by: Jeff Layton <jlayton(a)kernel.org>
Cc: stable(a)vger.kernel.org
Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com>
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 188c978a0c79..749dd84bdb41 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -2010,11 +2010,9 @@ nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
* error status.
*/
err = nfserr_file_open;
- } else {
- err = nfserrno(host_err);
}
out:
- return err;
+ return err != nfs_ok ? err : nfserrno(host_err);
out_unlock:
inode_unlock(dirp);
goto out_drop_write;
From: Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
[ Upstream commit 7e2f3213e85eba00acb4cfe6d71647892d63c3a1 ]
Currently the S1G capability element is not taken into account
for the scan_ies_len, which leads to a buffer length validation
failure in ieee80211_prep_hw_scan() and subsequent WARN in
__ieee80211_start_scan(). This prevents hw scanning from functioning.
To fix ensure we accommodate for the S1G capability length.
Signed-off-by: Lachlan Hodges <lachlan.hodges(a)morsemicro.com>
Link: https://patch.msgid.link/20250826085437.3493-1-lachlan.hodges@morsemicro.com
Signed-off-by: Johannes Berg <johannes.berg(a)intel.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
LLM Generated explanations, may be completely bogus:
Perfect! Now I have all the context I need. Let me provide my analysis:
## Backport Status: **YES**
### Extensive Analysis:
**This commit fixes a real bug that causes hardware scanning to fail for
S1G (802.11ah) WiFi devices.**
#### The Bug Details:
1. **Root Cause**: When commit `0333a81bc8343` ("wifi: mac80211: S1G
capabilities information element in probe request") was merged in
February 2023, it added S1G capability elements to probe requests.
However, it failed to update the buffer size calculation
(`scan_ies_len`) to account for these additional 17 bytes (2 byte
element header + 15 byte `struct ieee80211_s1g_cap`).
2. **Failure Mechanism**:
- In `__ieee80211_start_scan()` at net/mac80211/scan.c:755, the
buffer size is calculated as `local->scan_ies_len + req->ie_len`
- When `ieee80211_prep_hw_scan()` is called at line 870, it attempts
to build probe request IEs using `ieee80211_build_preq_ies()`
- The function `ieee80211_build_preq_ies_band()` checks buffer space
and adds S1G capability for S1G bands (lines 1963-1965 in util.c)
- Without the fix, the buffer is 17 bytes too small, causing
`-ENOBUFS` to be returned
- This triggers the `WARN_ON(!ieee80211_prep_hw_scan(sdata))` at line
870, producing a kernel warning and aborting the scan
3. **User Impact**:
- Produces a visible kernel WARNING in dmesg
- Hardware scanning completely fails for S1G devices
- The device cannot perform network discovery
- This is a **functional regression** introduced in kernel 6.3 (when
commit 0333a81bc8343 was merged)
#### Why This Should Be Backported:
1. **Fixes a Real Bug**: This is not a theoretical issue - it causes
actual hardware scanning failures with kernel warnings for any
S1G-capable hardware.
2. **Regression Fix**: This fixes a regression introduced by commit
0333a81bc8343 in kernel 6.3. Any stable kernel that includes that
commit needs this fix.
3. **Small and Contained**: The fix is minimal - just 4 lines of actual
code changes:
- Adding `supp_s1g` boolean variable
- Setting it based on S1G capability presence
- Adding 17 bytes to buffer calculation when S1G is supported
4. **No Side Effects**: The change only affects S1G-capable devices and
simply ensures adequate buffer space. It cannot negatively impact
non-S1G devices.
5. **Clear Bug Pattern**: This is a classic "forgot to update buffer
size calculation" bug that's straightforward to understand and
verify.
6. **Vendor Support**: MorseMicro is actively developing S1G hardware
and drivers, making this functionality important for emerging
IoT/long-range WiFi deployments.
#### Stable Tree Considerations:
- Should be backported to **kernel 6.3 and later** (where commit
0333a81bc8343 exists)
- The fix applies cleanly as it only adds to existing initialization
code
- No dependencies on other commits
- Follows stable tree rules: fixes an important bug with minimal risk
The commit message could have been clearer by mentioning this was a
regression from commit 0333a81bc8343, but the fix itself is correct and
necessary for S1G hardware to function properly.
net/mac80211/main.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 1bad353d8a772..35c6755b817a8 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1136,7 +1136,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
int result, i;
enum nl80211_band band;
int channels, max_bitrates;
- bool supp_ht, supp_vht, supp_he, supp_eht;
+ bool supp_ht, supp_vht, supp_he, supp_eht, supp_s1g;
struct cfg80211_chan_def dflt_chandef = {};
if (ieee80211_hw_check(hw, QUEUE_CONTROL) &&
@@ -1252,6 +1252,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
supp_vht = false;
supp_he = false;
supp_eht = false;
+ supp_s1g = false;
for (band = 0; band < NUM_NL80211_BANDS; band++) {
const struct ieee80211_sband_iftype_data *iftd;
struct ieee80211_supported_band *sband;
@@ -1299,6 +1300,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
max_bitrates = sband->n_bitrates;
supp_ht = supp_ht || sband->ht_cap.ht_supported;
supp_vht = supp_vht || sband->vht_cap.vht_supported;
+ supp_s1g = supp_s1g || sband->s1g_cap.s1g;
for_each_sband_iftype_data(sband, i, iftd) {
u8 he_40_mhz_cap;
@@ -1432,6 +1434,9 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
local->scan_ies_len +=
2 + sizeof(struct ieee80211_vht_cap);
+ if (supp_s1g)
+ local->scan_ies_len += 2 + sizeof(struct ieee80211_s1g_cap);
+
/*
* HE cap element is variable in size - set len to allow max size */
if (supp_he) {
--
2.51.0
This is the start of the stable review cycle for the 6.1.151 release.
There are 104 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Tue, 09 Sep 2025 19:55:53 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.151-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.1.151-rc1
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo()
Aaron Kling <webgeek1234(a)gmail.com>
spi: tegra114: Use value to check for invalid delays
Qiu-ji Chen <chenqiuji666(a)gmail.com>
dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()
yangshiguang <yangshiguang(a)xiaomi.com>
mm: slub: avoid wake up kswapd in set_track_prepare
Chengming Zhou <zhouchengming(a)bytedance.com>
slub: Reflow ___slab_alloc()
Vlastimil Babka <vbabka(a)suse.cz>
mm, slub: refactor free debug processing
zhang jiao <zhangjiao2(a)cmss.chinamobile.com>
tools: gpio: remove the include directory on make clean
zhangjiao <zhangjiao2(a)cmss.chinamobile.com>
tools: gpio: rm .*.cmd on make clean
Colin Ian King <colin.i.king(a)gmail.com>
drm/amd/amdgpu: Fix missing error return on kzalloc failure
Hawking Zhang <Hawking.Zhang(a)amd.com>
drm/amdgpu: Replace DRM_* with dev_* in amdgpu_psp.c
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Make flashing messages quieter
Lijo Lazar <lijo.lazar(a)amd.com>
drm/amdgpu: Skip TMR allocation if not required
Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com>
drm/amd/amdgpu: Fix style problems in amdgpu_psp.c
Tao Zhou <tao.zhou1(a)amd.com>
drm/amdgpu: remove the check of init status in psp_ras_initialize
Candice Li <candice.li(a)amd.com>
drm/amdgpu: Optimize RAS TA initialization and TA unload funcs
Ian Rogers <irogers(a)google.com>
perf bpf-utils: Harden get_bpf_prog_info_linear
Ian Rogers <irogers(a)google.com>
perf bpf-utils: Constify bpil_array_desc
Michael Walle <mwalle(a)kernel.org>
drm/bridge: ti-sn65dsi86: fix REFCLK setting
Larisa Grigore <larisa.grigore(a)nxp.com>
spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
Larisa Grigore <larisa.grigore(a)nxp.com>
spi: spi-fsl-lpspi: Set correct chip-select polarity bit
Larisa Grigore <larisa.grigore(a)nxp.com>
spi: spi-fsl-lpspi: Fix transmissions when using CONT
Vadim Pasternak <vadimp(a)nvidia.com>
hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM
Wentao Liang <vulab(a)iscas.ac.cn>
pcmcia: Add error handling for add_interval() in do_validate_mem()
Chen Ni <nichen(a)iscas.ac.cn>
pcmcia: omap: Add missing check for platform_get_resource
Alex Deucher <alexander.deucher(a)amd.com>
Revert "drm/amdgpu: Avoid extra evict-restore process."
Aaron Erhardt <aer(a)tuxedocomputers.com>
ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
Alex Hung <alex.hung(a)amd.com>
drm/amd/display: Check link_res->hpo_dp_link_enc before using it
Amir Goldstein <amir73il(a)gmail.com>
fs: relax assertions on failure to encode file handles
Stefan Binding <sbinding(a)opensource.cirrus.com>
ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller
Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com>
cpufreq: intel_pstate: Revise global turbo disable check
Aaron Kling <webgeek1234(a)gmail.com>
spi: tegra114: Don't fail set_cs_timing when delays are zero
Alexander Danilenko <al.b.danilenko(a)gmail.com>
spi: tegra114: Remove unnecessary NULL-pointer checks
Ronak Doshi <ronak.doshi(a)broadcom.com>
vmxnet3: update MTU after device quiesce
Jakob Unterwurzacher <jakobunt(a)gmail.com>
net: dsa: microchip: linearize skb for tail-tagging switches
Pieter Van Trappen <pieter.van.trappen(a)cern.ch>
net: dsa: microchip: update tag_ksz masks for KSZ9477 family
Chris Chiu <chris.chiu(a)canonical.com>
ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
Qiu-ji Chen <chenqiuji666(a)gmail.com>
dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status()
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
Luca Ceresoli <luca.ceresoli(a)bootlin.com>
iio: light: opt3001: fix deadlock due to concurrent flag access
David Lechner <dlechner(a)baylibre.com>
iio: chemical: pms7003: use aligned_s64 for timestamp
Josef Bacik <josef(a)toxicpanda.com>
btrfs: adjust subpage bit start based on sectorsize
Shakeel Butt <shakeel.butt(a)linux.dev>
memcg: drain obj stock on cpu hotplug teardown
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq/sched: Explicitly synchronize limits_changed flag handling
Jonathan Currier <dullfire(a)yahoo.com>
PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
Li Qiong <liqiong(a)nfschina.com>
mm/slub: avoid accessing metadata when pointer is invalid in object_err()
Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com>
net: pcs: rzn1-miic: Correct MODCTRL register offset
Vitaly Lifshits <vitaly.lifshits(a)intel.com>
e1000e: fix heap overflow in e1000_set_eeprom
Makar Semyonov <m.semenov(a)tssltd.ru>
cifs: prevent NULL pointer dereference in UTF16 conversion
Stanislav Fort <stanislav.fort(a)aisle.com>
batman-adv: fix OOB read/write in network-coding decode
John Evans <evans1210144(a)gmail.com>
scsi: lpfc: Fix buffer free/clear order in deferred receive path
Alex Deucher <alexander.deucher(a)amd.com>
drm/amdgpu: drop hw access in non-DC audio fini
Qianfeng Rong <rongqianfeng(a)vivo.com>
wifi: mwifiex: Initialize the chan_stats array to zero
wangzijie <wangzijie1(a)honor.com>
proc: fix missing pde_set_flags() for net proc files
Edward Adam Davis <eadavis(a)qq.com>
ocfs2: prevent release journal inode after journal shutdown
Harry Yoo <harry.yoo(a)oracle.com>
mm: move page table sync declarations to linux/pgtable.h
Harry Yoo <harry.yoo(a)oracle.com>
x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
Ma Ke <make24(a)iscas.ac.cn>
pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
Miaoqian Lin <linmq006(a)gmail.com>
ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()
Cryolitia PukNgae <cryolitia(a)uniontech.com>
ALSA: usb-audio: Add mute TLV for playback volumes on some devices
Horatiu Vultur <horatiu.vultur(a)microchip.com>
phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
Kuniyuki Iwashima <kuniyu(a)google.com>
selftest: net: Fix weird setsockopt() in bind_bhash.c.
Qingfang Deng <dqfext(a)gmail.com>
ppp: fix memory leak in pad_compress_skb
Wang Liang <wangliang74(a)huawei.com>
net: atm: fix memory leak in atm_register_sysfs when device_register fail
Eric Dumazet <edumazet(a)google.com>
ax25: properly unshare skbs in ax25_kiss_rcv()
Alok Tiwari <alok.a.tiwari(a)oracle.com>
mctp: return -ENOPROTOOPT for unknown getsockopt options
Mahanta Jambigi <mjambigi(a)linux.ibm.com>
net/smc: Remove validation of reserved bits in CLC Decline message
Dan Carpenter <dan.carpenter(a)linaro.org>
ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
Rosen Penev <rosenp(a)gmail.com>
net: thunder_bgx: decrement cleanup index before use
Rosen Penev <rosenp(a)gmail.com>
net: thunder_bgx: add a missing of_node_put
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: libertas: cap SSID len in lbs_associate()
Dan Carpenter <dan.carpenter(a)linaro.org>
wifi: cw1200: cap SSID length in cw1200_do_join()
Felix Fietkau <nbd(a)nbd.name>
net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
Zhen Ni <zhen.ni(a)easystack.cn>
i40e: Fix potential invalid access when MAC list is empty
Liu Jian <liujian56(a)huawei.com>
net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()
Sean Anderson <sean.anderson(a)linux.dev>
net: macb: Fix tx_ptr_lock locking
Fabian Bläse <fabian(a)blaese.de>
icmp: fix icmp_ndo_send address translation for reply direction
Miaoqian Lin <linmq006(a)gmail.com>
mISDN: Fix memory leak in dsp_hwec_enable()
Alok Tiwari <alok.a.tiwari(a)oracle.com>
xirc2ps_cs: fix register access when enabling FullDuplex
Kuniyuki Iwashima <kuniyu(a)google.com>
Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
Phil Sutter <phil(a)nwl.cc>
netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
Wang Liang <wangliang74(a)huawei.com>
netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm
Dmitry Antipov <dmantipov(a)yandex.ru>
wifi: cfg80211: fix use-after-free in cmp_bss()
Marek Vasut <marek.vasut(a)mailbox.org>
arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM
Sungbae Yoo <sungbaey(a)nvidia.com>
tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible"
Peter Robinson <pbrobinson(a)gmail.com>
arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
Pei Xiao <xiaopei01(a)kylinos.cn>
tee: fix NULL pointer dereference in tee_shm_put
Jiufei Xue <jiufei.xue(a)samsung.com>
fs: writeback: fix use-after-free in __mark_inode_dirty()
Yang Li <yang.li(a)amlogic.com>
Bluetooth: hci_sync: Avoid adding default advertising on startup
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Don't warn when missing DCE encoder caps
Lubomir Rintel <lkundrak(a)v3.sk>
cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN
Filipe Manana <fdmanana(a)suse.com>
btrfs: avoid load/store tearing races when checking if an inode was logged
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix race between setting last_dir_index_offset and inode logging
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix race between logging inode and checking if it was logged before
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Fix oob access in cgroup local storage
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Move bpf map owner out of common struct
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Move cgroup iterator helpers to bpf.h
Daniel Borkmann <daniel(a)iogearbox.net>
bpf: Add cookie object to bpf maps
-------------
Diffstat:
Makefile | 4 +-
.../arm64/boot/dts/freescale/imx8mp-dhcom-som.dtsi | 1 +
.../boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 +
arch/x86/include/asm/pgtable_64_types.h | 3 +
arch/x86/mm/init_64.c | 18 ++
drivers/acpi/arm64/iort.c | 4 +-
drivers/cpufreq/intel_pstate.c | 126 ++++-------
drivers/dma/mediatek/mtk-cqdma.c | 10 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 235 +++++++++++----------
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 +-
drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 5 -
drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 5 -
drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 5 -
drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 5 -
.../gpu/drm/amd/display/dc/dce/dce_link_encoder.c | 8 +-
.../gpu/drm/amd/display/dc/link/link_hwss_hpo_dp.c | 7 +
drivers/gpu/drm/bridge/ti-sn65dsi86.c | 11 +
drivers/hwmon/mlxreg-fan.c | 5 +-
drivers/i2c/busses/i2c-designware-pcidrv.c | 4 +-
drivers/iio/chemical/pms7003.c | 5 +-
drivers/iio/light/opt3001.c | 5 +-
drivers/isdn/mISDN/dsp_hwec.c | 6 +-
drivers/net/ethernet/cadence/macb_main.c | 28 +--
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 20 +-
drivers/net/ethernet/intel/e1000e/ethtool.c | 10 +-
drivers/net/ethernet/intel/i40e/i40e_client.c | 4 +-
drivers/net/ethernet/mediatek/mtk_eth_soc.c | 10 +-
drivers/net/ethernet/xircom/xirc2ps_cs.c | 2 +-
drivers/net/pcs/pcs-rzn1-miic.c | 2 +-
drivers/net/phy/mscc/mscc_ptp.c | 18 +-
drivers/net/ppp/ppp_generic.c | 6 +-
drivers/net/usb/cdc_ncm.c | 7 +
drivers/net/vmxnet3/vmxnet3_drv.c | 5 +-
drivers/net/wireless/marvell/libertas/cfg.c | 9 +-
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 5 +-
drivers/net/wireless/marvell/mwifiex/main.c | 4 +-
drivers/net/wireless/st/cw1200/sta.c | 2 +-
drivers/pci/msi/msi.c | 3 +
drivers/pcmcia/omap_cf.c | 2 +
drivers/pcmcia/rsrc_iodyn.c | 3 +
drivers/pcmcia/rsrc_nonstatic.c | 4 +-
drivers/scsi/lpfc/lpfc_nvmet.c | 10 +-
drivers/spi/spi-fsl-lpspi.c | 15 +-
drivers/spi/spi-tegra114.c | 18 +-
drivers/tee/optee/ffa_abi.c | 4 +-
drivers/tee/tee_shm.c | 6 +-
fs/btrfs/btrfs_inode.h | 2 +-
fs/btrfs/extent_io.c | 2 +-
fs/btrfs/inode.c | 1 +
fs/btrfs/tree-log.c | 78 ++++---
fs/fs-writeback.c | 9 +-
fs/notify/fdinfo.c | 4 +-
fs/ocfs2/inode.c | 3 +
fs/overlayfs/copy_up.c | 5 +-
fs/proc/generic.c | 38 ++--
fs/smb/client/cifs_unicode.c | 3 +
include/linux/bpf-cgroup.h | 5 -
include/linux/bpf.h | 60 ++++--
include/linux/pci.h | 2 +
include/linux/pgtable.h | 16 ++
include/linux/vmalloc.h | 16 --
kernel/bpf/core.c | 50 +++--
kernel/bpf/syscall.c | 19 +-
kernel/sched/cpufreq_schedutil.c | 28 ++-
mm/memcontrol.c | 9 +
mm/slub.c | 216 ++++++++++---------
net/atm/resources.c | 6 +-
net/ax25/ax25_in.c | 4 +
net/batman-adv/network-coding.c | 7 +-
net/bluetooth/hci_sync.c | 2 +-
net/bluetooth/l2cap_sock.c | 3 +
net/bridge/br_netfilter_hooks.c | 3 -
net/dsa/tag_ksz.c | 22 +-
net/ipv4/devinet.c | 7 +-
net/ipv4/icmp.c | 6 +-
net/ipv6/ip6_icmp.c | 6 +-
net/mctp/af_mctp.c | 2 +-
net/netfilter/nf_conntrack_helper.c | 4 +-
net/smc/smc_clc.c | 2 -
net/smc/smc_ib.c | 3 +
net/wireless/scan.c | 3 +-
net/wireless/sme.c | 5 +-
sound/pci/hda/patch_hdmi.c | 1 +
sound/pci/hda/patch_realtek.c | 5 +
sound/usb/mixer_quirks.c | 2 +
tools/gpio/Makefile | 4 +-
tools/perf/util/bpf-utils.c | 61 ++++--
tools/testing/selftests/net/bind_bhash.c | 4 +-
88 files changed, 822 insertions(+), 582 deletions(-)