- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.50 release. There are 89 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 Oct 2025 14:37:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.50-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.50-rc1 Niklas Neronin <niklas.neronin(a)linux.intel.com> Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Fix race during abort for file descriptors Thomas Zimmermann <tzimmermann(a)suse.de> fbcon: Fix OOB access in font allocation Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> fbcon: fix integer overflow in fbcon_do_set_font Jinjiang Tu <tujinjiang(a)huawei.com> mm/hugetlb: fix folio is still mapped when deleted Eric Biggers <ebiggers(a)kernel.org> kmsan: fix out-of-bounds access to shadow memory Hans de Goede <hansg(a)kernel.org> gpiolib: Extend software-node support to support secondary software-nodes Jakub Acs <acsjakub(a)amazon.de> fs/proc/task_mmu: check p->vec_buf for NULL Zhen Ni <zhen.ni(a)easystack.cn> afs: Fix potential null pointer dereference in afs_put_server Nirmoy Das <nirmoyd(a)nvidia.com> drm/ast: Use msleep instead of mdelay for edid read Josua Mayer <josua(a)solid-run.com> arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports Josua Mayer <josua(a)solid-run.com> arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: dynevent: Add a missing lockdown check on dynevent Eric Biggers <ebiggers(a)kernel.org> crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Lukasz Czapnik <lukasz.czapnik(a)intel.com> i40e: improve VF MAC filters accounting Lukasz Czapnik <lukasz.czapnik(a)intel.com> i40e: add mask to apply valid bits for itr_idx Lukasz Czapnik <lukasz.czapnik(a)intel.com> i40e: add max boundary check for VF filters Lukasz Czapnik <lukasz.czapnik(a)intel.com> i40e: fix validation of VF state in get resources Lukasz Czapnik <lukasz.czapnik(a)intel.com> i40e: fix input validation logic for action_meta Lukasz Czapnik <lukasz.czapnik(a)intel.com> i40e: fix idx validation in config queues msg Lukasz Czapnik <lukasz.czapnik(a)intel.com> i40e: fix idx validation in i40e_validate_queue_map Lukasz Czapnik <lukasz.czapnik(a)intel.com> i40e: add validation for ring_len param Amit Chaudhari <amitchaudhari(a)mac.com> HID: asus: add support for missing PX series fn keys Sang-Heon Jeon <ekffu200098(a)gmail.com> smb: client: fix wrong index reference in smb2_compound_op() Daniel Lee <dany97(a)live.ca> platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Defer scheduler entitiy destruction to queue release Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> futex: Prevent use-after-free during requeue-PI Zabelin Nikita <n.zabelin(a)mt-integration.ru> drm/gma500: Fix null dereference in hdmi teardown Hugh Dickins <hughd(a)google.com> mm: folio_may_be_lru_cached() unless folio_test_large() Hugh Dickins <hughd(a)google.com> mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" Hugh Dickins <hughd(a)google.com> mm/gup: local lru_add_drain() to avoid lru_add_drain_all() Dan Carpenter <dan.carpenter(a)linaro.org> octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup() Ido Schimmel <idosch(a)nvidia.com> selftests: fib_nexthops: Fix creation of non-FDB nexthops Ido Schimmel <idosch(a)nvidia.com> nexthop: Forbid FDB status change while nexthop is in a group Jason Baron <jbaron(a)akamai.com> net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS Alok Tiwari <alok.a.tiwari(a)oracle.com> bnxt_en: correct offset handling for IPv6 destination address Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> vhost: Take a reference on the task in struct vhost_task. Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix hci_resume_advertising_sync Petr Malat <oss(a)malat.biz> ethernet: rvu-af: Remove slash from the driver name Sidraya Jayagond <sidraya(a)linux.ibm.com> net/smc: fix warning in smc_rx_splice() when calling get_page() Wang Liang <wangliang74(a)huawei.com> net: tun: Update napi->skb after XDP process Stéphane Grosjean <stephane.grosjean(a)hms-networks.com> can: peak_usb: fix shift-out-of-bounds issue Vincent Mailhol <mailhol(a)kernel.org> can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Vincent Mailhol <mailhol(a)kernel.org> can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Vincent Mailhol <mailhol(a)kernel.org> can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Vincent Mailhol <mailhol(a)kernel.org> can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow Sabrina Dubroca <sd(a)queasysnail.net> xfrm: xfrm_alloc_spi shouldn't use 0 as SPI Leon Hwang <leon.hwang(a)linux.dev> bpf: Reject bpf_timer for PREEMPT_RT Geert Uytterhoeven <geert+renesas(a)glider.be> can: rcar_can: rcar_can_resume(): fix s2ram with PSCI James Guan <guan_yufei(a)163.com> wifi: virt_wifi: Fix page fault on connect Mark Harmstone <mark(a)harmstone.com> btrfs: don't allow adding block device of less than 1 MB Jiri Olsa <olsajiri(a)gmail.com> bpf: Check the helper function is valid in get_helper_proto Stefan Metzmacher <metze(a)samba.org> smb: server: use disable_work_sync in transport_rdma.c Stefan Metzmacher <metze(a)samba.org> smb: server: don't use delayed_work for post_recv_credits_work Christian Loehle <christian.loehle(a)arm.com> cpufreq: Initialize cpufreq-based invariance before subsys Jihed Chaibi <jihed.chaibi.dev(a)gmail.com> ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients Peng Fan <peng.fan(a)nxp.com> arm64: dts: imx8mp: Correct thermal sensor index Peng Fan <peng.fan(a)nxp.com> firmware: imx: Add stub functions for SCMI MISC API Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Add sync across amd sfh work functions Or Har-Toov <ohartoov(a)nvidia.com> IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions Aleksander Jan Bajkowski <olek2(a)wp.pl> net: sfp: add quirk for FLYPRO copper SFP+ module qaqland <anguoli(a)uniontech.com> ALSA: usb-audio: Add mute TLV for playback volumes on more devices Cryolitia PukNgae <cryolitia(a)uniontech.com> ALSA: usb-audio: move mixer_quirks' min_mute into common quirk noble.yang <noble.yang(a)comtrue-inc.com> ALSA: usb-audio: Add DSD support for Comtrue USB Audio device Heikki Krogerus <heikki.krogerus(a)linux.intel.com> i2c: designware: Add quirk for Intel Xe Benoît Monin <benoit.monin(a)bootlin.com> mmc: sdhci-cadence: add Mobileye eyeQ support Chris Morgan <macromorgan(a)hotmail.com> net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick Marc Kleine-Budde <mkl(a)pengutronix.de> net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info Jiayi Li <lijiayi(a)kylinos.cn> usb: core: Add 0x prefix to quirks debug output Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix build with CONFIG_INPUT=n Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA Chen Ni <nichen(a)iscas.ac.cn> ALSA: usb-audio: Convert comma to semicolon Kerem Karabay <kekrby(a)gmail.com> HID: multitouch: specify that Apple Touch Bar is direct Kerem Karabay <kekrby(a)gmail.com> HID: multitouch: take cls->maxcontacts into account for Apple Touch Bar even without a HID_DG_CONTACTMAX field Kerem Karabay <kekrby(a)gmail.com> HID: multitouch: support getting the tip state from HID_DG_TOUCH fields in Apple Touch Bar Kerem Karabay <kekrby(a)gmail.com> HID: multitouch: Get the contact ID from HID_DG_TRANSDUCER_INDEX fields in case of Apple Touch Bar Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Simplify NULL comparison in mixer_quirks Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid multiple assignments in mixer_quirks Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Fix block comments in mixer_quirks Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Fix code alignment in mixer_quirks Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: fix overlooked update of subsystem ABI version Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE ------------- Diffstat: Documentation/admin-guide/laptops/lg-laptop.rst | 4 +- Makefile | 4 +- .../dts/intel/socfpga/socfpga_cyclone5_sodia.dts | 6 +- .../boot/dts/marvell/kirkwood-openrd-client.dts | 2 +- arch/arm64/boot/dts/freescale/imx8mp.dtsi | 4 +- arch/arm64/boot/dts/marvell/cn9132-clearfog.dts | 16 +- arch/arm64/boot/dts/marvell/cn9132-sr-cex7.dtsi | 8 + drivers/cpufreq/cpufreq.c | 20 +- drivers/firewire/core-cdev.c | 2 +- drivers/gpio/gpiolib.c | 21 +- drivers/gpu/drm/ast/ast_dp.c | 2 +- drivers/gpu/drm/gma500/oaktrail_hdmi.c | 2 +- drivers/gpu/drm/panthor/panthor_sched.c | 8 +- drivers/hid/amd-sfh-hid/amd_sfh_client.c | 12 +- drivers/hid/amd-sfh-hid/amd_sfh_common.h | 3 + drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 4 + drivers/hid/hid-asus.c | 3 + drivers/hid/hid-multitouch.c | 45 +- drivers/i2c/busses/i2c-designware-platdrv.c | 7 +- drivers/infiniband/hw/mlx5/devx.c | 1 + drivers/iommu/iommufd/fault.c | 4 +- drivers/iommu/iommufd/main.c | 34 +- drivers/mmc/host/sdhci-cadence.c | 11 + drivers/net/can/rcar/rcar_can.c | 8 +- drivers/net/can/spi/hi311x.c | 1 + drivers/net/can/sun4i_can.c | 1 + drivers/net/can/usb/etas_es58x/es58x_core.c | 3 +- drivers/net/can/usb/mcba_usb.c | 1 + drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 +- drivers/net/dsa/lantiq_gswip.c | 21 +- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 4 +- drivers/net/ethernet/intel/i40e/i40e.h | 3 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 26 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 110 +++-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 3 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 3 +- .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 2 +- drivers/net/phy/sfp.c | 24 +- drivers/net/tun.c | 3 + drivers/net/wireless/virtual/virt_wifi.c | 4 +- drivers/platform/x86/lg-laptop.c | 34 +- drivers/ufs/core/ufs-mcq.c | 4 +- drivers/usb/core/quirks.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 2 +- drivers/usb/host/xhci-mem.c | 50 +- drivers/usb/host/xhci.c | 2 +- drivers/usb/host/xhci.h | 6 +- drivers/video/fbdev/core/fbcon.c | 13 +- fs/afs/server.c | 3 +- fs/btrfs/volumes.c | 5 + fs/hugetlbfs/inode.c | 10 +- fs/proc/task_mmu.c | 3 + fs/smb/client/smb2inode.c | 2 +- fs/smb/server/transport_rdma.c | 22 +- include/crypto/if_alg.h | 2 +- include/linux/firmware/imx/sm.h | 12 + include/linux/swap.h | 10 + include/net/bluetooth/hci_core.h | 21 + kernel/bpf/core.c | 5 +- kernel/bpf/verifier.c | 6 +- kernel/futex/requeue.c | 6 +- kernel/trace/trace_dynevent.c | 4 + kernel/vhost_task.c | 3 +- mm/gup.c | 15 +- mm/kmsan/core.c | 10 +- mm/kmsan/kmsan_test.c | 16 + mm/mlock.c | 6 +- mm/swap.c | 51 +- net/bluetooth/hci_event.c | 26 +- net/bluetooth/hci_sync.c | 7 + net/core/skbuff.c | 2 +- net/ipv4/nexthop.c | 7 + net/smc/smc_loopback.c | 14 +- net/xfrm/xfrm_state.c | 3 + sound/pci/hda/patch_realtek.c | 11 + sound/usb/mixer_quirks.c | 545 +++++++++++++++------ sound/usb/quirks.c | 24 +- sound/usb/usbaudio.h | 4 + tools/testing/selftests/net/fib_nexthops.sh | 12 +- 80 files changed, 1037 insertions(+), 387 deletions(-)

2 months, 1 week

15
104
0 0

Re: [PATCH v1] ALSA: hda/tas2781: Fix a potential race condition that causes a NULL pointer in case no efi.get_variable exsits

by Gergo Koteles

Cc: <stable(a)vger.kernel.org> On Thu, 2025-09-11 at 15:11 +0800, Shenghao Ding wrote: > A a potential race condition reported by one of my customers that leads to > a NULL pointer dereference, where the call to efi.get_variable should be > guarded with efi_rt_services_supported() to ensure that function exists. > > Fixes: 4fe238513407 ("ALSA: hda/tas2781: Move and unified the calibrated-data getting function for SPI and I2C into the tas2781_hda lib") > Signed-off-by: Shenghao Ding <shenghao-ding(a)ti.com> > --- > sound/hda/codecs/side-codecs/tas2781_hda.c | 5 +++++ > sound/hda/codecs/side-codecs/tas2781_hda_i2c.c | 5 +++++ > 2 files changed, 10 insertions(+) > > diff --git a/sound/hda/codecs/side-codecs/tas2781_hda.c b/sound/hda/codecs/side-codecs/tas2781_hda.c > index 536940c78f00..96e6d82dc69e 100644 > --- a/sound/hda/codecs/side-codecs/tas2781_hda.c > +++ b/sound/hda/codecs/side-codecs/tas2781_hda.c > @@ -193,6 +193,11 @@ int tas2781_save_calibration(struct tas2781_hda *hda) > efi_status_t status; > int i; > > + if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) { > + dev_err(p->dev, "%s: NO EFI FOUND!\n", __func__); > + return -EINVAL; > + } > + > if (hda->catlog_id < LENOVO) > efi_guid = tasdev_fct_efi_guid[hda->catlog_id]; > > diff --git a/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c b/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c > index 008dbe1490a7..4dea442d8c30 100644 > --- a/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c > +++ b/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c > @@ -317,6 +317,11 @@ static int tas2563_save_calibration(struct tas2781_hda *h) > unsigned int attr; > int ret, i, j, k; > > + if (!efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) { > + dev_err(p->dev, "%s: NO EFI FOUND!\n", __func__); > + return -EINVAL; > + } > + > cd->cali_dat_sz_per_dev = TAS2563_CAL_DATA_SIZE * TASDEV_CALIB_N; > > /* extra byte for each device is the device number */

2 months, 1 week

2
1
0 0

Re: [PATCH v4] ALSA: hda/tas2781: Fix the order of TAS2781 calibrated-data

by Gergo Koteles

Cc: <stable(a)vger.kernel.org> On Mon, 2025-09-08 at 06:27 +0800, Shenghao Ding wrote: > A bug reported by one of my customers that the order of TAS2781 > calibrated-data is incorrect, the correct way is to move R0_Low > and insert it between R0 and InvR0. > > Fixes: 4fe238513407 ("ALSA: hda/tas2781: Move and unified the calibrated-data getting function for SPI and I2C into the tas2781_hda lib") > Signed-off-by: Shenghao Ding <shenghao-ding(a)ti.com> > > --- > v4: > - Add missing base into cali_cnv(). > v3: > - Take Tiwai's advice on cali_cnv() to make it more simpler. > v2: > - Submit to the sound branch maintained by Tiwai instead of linux-next > branch > - Drop other fix > --- > sound/hda/codecs/side-codecs/tas2781_hda.c | 25 +++++++++++++++++----- > 1 file changed, 20 insertions(+), 5 deletions(-) > > diff --git a/sound/hda/codecs/side-codecs/tas2781_hda.c b/sound/hda/codecs/side-codecs/tas2781_hda.c > index f46d2e06c64f..536940c78f00 100644 > --- a/sound/hda/codecs/side-codecs/tas2781_hda.c > +++ b/sound/hda/codecs/side-codecs/tas2781_hda.c > @@ -33,6 +33,23 @@ const efi_guid_t tasdev_fct_efi_guid[] = { > }; > EXPORT_SYMBOL_NS_GPL(tasdev_fct_efi_guid, "SND_HDA_SCODEC_TAS2781"); > > +/* > + * The order of calibrated-data writing function is a bit different from the > + * order in UEFI. Here is the conversion to match the order of calibrated-data > + * writing function. > + */ > +static void cali_cnv(unsigned char *data, unsigned int base, int offset) > +{ > + struct cali_reg reg_data; > + > + memcpy(&reg_data, &data[base], sizeof(reg_data)); > + /* the data order has to be swapped between r0_low_reg and inv0_reg */ > + swap(reg_data.r0_low_reg, reg_data.invr0_reg); > + > + cpu_to_be32_array((__force __be32 *)(data + offset + 1), > + (u32 *)&reg_data, TASDEV_CALIB_N); > +} > + > static void tas2781_apply_calib(struct tasdevice_priv *p) > { > struct calidata *cali_data = &p->cali_data; > @@ -103,8 +120,7 @@ static void tas2781_apply_calib(struct tasdevice_priv *p) > > data[l] = k; > oft++; > - for (i = 0; i < TASDEV_CALIB_N * 4; i++) > - data[l + i + 1] = data[4 * oft + i]; > + cali_cnv(data, 4 * oft, l); > k++; > } > } > @@ -130,9 +146,8 @@ static void tas2781_apply_calib(struct tasdevice_priv *p) > > for (j = p->ndev - 1; j >= 0; j--) { > l = j * (cali_data->cali_dat_sz_per_dev + 1); > - for (i = TASDEV_CALIB_N * 4; i > 0 ; i--) > - data[l + i] = data[p->index * 5 + i]; > - data[l+i] = j; > + cali_cnv(data, cali_data->cali_dat_sz_per_dev * j, l); > + data[l] = j; > } > } >

2 months, 1 week

2
1
0 0

ATTENTION :Password key expired !!!

by lists.linaro.org

Hello, I want a quote and I would like to know your availability so that i can send you the necessary documents as well as drawings and specification. Best regards Tony

2 months, 1 week

1
0
0 0

[PATCH v2] loop: fix backing file reference leak on validation error

by Li Chen

loop_change_fd() and loop_configure() call loop_check_backing_file() to validate the new backing file. If validation fails, the reference acquired by fget() was not dropped, leaking a file reference. Fix this by calling fput(file) before returning the error. Cc: stable(a)vger.kernel.org Cc: "Markus Elfring"<Markus.Elfring(a)web.de> CC: "Yang Erkun" <yangerkun(a)huawei.com> Cc: "Ming Lei"<ming.lei(a)redhat.com> Cc: "Yu Kuai"<yukuai1(a)huaweicloud.com> Fixes: f5c84eff634b ("loop: Add sanity check for read/write_iter") Signed-off-by: Li Chen <chenl311(a)chinatelecom.cn> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Reviewed-by: Yang Erkun <yangerkun(a)huawei.com> --- changelog: v2: add review by, Fixes and cc stable tags. drivers/block/loop.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 053a086d547e..94ec7f747f36 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -551,8 +551,10 @@ static int loop_change_fd(struct loop_device *lo, struct block_device *bdev, return -EBADF; error = loop_check_backing_file(file); - if (error) + if (error) { + fput(file); return error; + } /* suppress uevents while reconfiguring the device */ dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 1); @@ -993,8 +995,10 @@ static int loop_configure(struct loop_device *lo, blk_mode_t mode, return -EBADF; error = loop_check_backing_file(file); - if (error) + if (error) { + fput(file); return error; + } is_loop = is_loop_device(file); -- 2.51.0

2 months, 1 week

2
1
0 0

ATTENTION :Password key expired !!!

by lists.linaro.org

Hello, I want a quote and I would like to know your availability so that i can send you the necessary documents as well as drawings and specification. Best regards Tony

2 months, 1 week

1
0
0 0

[PATCH] commit 6b080c4e815ceba3c08ffa980c858595c07e786a upstream

by Zhichuang Sun

iommu/amd: fix amd iotlb flush range in unmap This was fixed in mainline in 6b080c4e815ceba3c08ffa980c858595c07e786a, but do not backport the full refactor. Targeting branch lts linux-5.15.y. AMD IOMMU driver supports power of 2 KB page size, it can be 4K, 8K, 16K, etc. So when VFIO driver ask AMD IOMMU driver to unmap a IOVA with a page_size 4K, it actually can unmap a page_size of 8K, depending on the page used during mapping. However, the iotlb gather function use the page_size as the range of unmap range, instead of the real unmapped page size r. This miscalculation of iotlb flush range will make the unflushed IOTLB entry stale. It triggered hard-to-debug silent data corruption issue as DMA engine who used the stale IOTLB entry will DMA into unmapped memory region. The upstream commit aims at changing API from map/unmap_page() to map/unmap_pages() and changed the gather range calculation along with it. It accidentally fixed this bug in the mainline since 6.1. For this backport, we don't backport the API change, only port the gather range calculation to fix the bug. Cc: Nadav Amit <namit(a)vmware.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Will Deacon <will(a)kernel.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Lu Baolu <baolu.lu(a)linux.intel.com> Cc: iommu(a)lists.linux-foundation.org Fixes: fc65d0acaf23179b94de399c204328fa259acb90 Signed-off-by: Zhichuang Sun <zhichuang(a)google.com> --- drivers/iommu/amd/iommu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index 714c78bf69db..d3a11be8d1dd 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -2121,7 +2121,8 @@ static size_t amd_iommu_unmap(struct iommu_domain *dom, unsigned long iova, r = (ops->unmap) ? ops->unmap(ops, iova, page_size, gather) : 0; - amd_iommu_iotlb_gather_add_page(dom, gather, iova, page_size); + if (r) + amd_iommu_iotlb_gather_add_page(dom, gather, iova, r); return r; } -- 2.51.0.618.g983fd99d29-goog

2 months, 1 week

2
2
0 0

[PATCH 00/19 5.15.y] Backport minmax.h updates from v6.17-rc7

by Eliav Farber

This series backports 19 patches to update minmax.h in the 5.15.y branch, aligning it with v6.17-rc7. The ultimate goal is to synchronize all longterm branches so that they include the full set of minmax.h changes (6.12.y and 6.6.y were already backported by me and are now aligned, 6.1.y is in progress). The key motivation is to bring in commit d03eba99f5bf ("minmax: allow min()/max()/clamp() if the arguments have the same signedness"), which is missing in kernel 5.10.y. In mainline, this change enables min()/max()/clamp() to accept mixed argument types, provided both have the same signedness. Without it, backported patches that use these forms may trigger compiler warnings, which escalate to build failures when -Werror is enabled. Andy Shevchenko (1): minmax: deduplicate __unconst_integer_typeof() David Laight (8): minmax: fix indentation of __cmp_once() and __clamp_once() minmax.h: add whitespace around operators and after commas minmax.h: update some comments minmax.h: reduce the #define expansion of min(), max() and clamp() minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() minmax.h: move all the clamp() definitions after the min/max() ones minmax.h: simplify the variants of clamp() minmax.h: remove some #defines that are only expanded once Herve Codina (1): minmax: Introduce {min,max}_array() Linus Torvalds (8): minmax: avoid overly complicated constant expressions in VM code minmax: make generic MIN() and MAX() macros available everywhere minmax: add a few more MIN_T/MAX_T users minmax: simplify and clarify min_t()/max_t() implementation minmax: simplify min()/max()/clamp() implementation minmax: don't use max() in situations that want a C constant expression minmax: improve macro expansion and type checking minmax: fix up min3() and max3() too Matthew Wilcox (Oracle) (1): minmax: add in_range() macro arch/arm/mm/pageattr.c | 6 +- arch/um/drivers/mconsole_user.c | 2 + arch/x86/mm/pgtable.c | 2 +- drivers/edac/sb_edac.c | 4 +- drivers/edac/skx_common.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + .../drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 + .../drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 +- .../amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 2 + .../drm/arm/display/include/malidp_utils.h | 2 +- .../display/komeda/komeda_pipeline_state.c | 24 +- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 - drivers/gpu/drm/radeon/evergreen_cs.c | 2 + drivers/hwmon/adt7475.c | 24 +- drivers/input/touchscreen/cyttsp4_core.c | 2 +- drivers/irqchip/irq-sun6i-r.c | 2 +- drivers/md/dm-integrity.c | 4 +- drivers/media/dvb-frontends/stv0367_priv.h | 3 + .../net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 +- .../net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/fjes/fjes_main.c | 4 +- drivers/nfc/pn544/i2c.c | 2 - drivers/platform/x86/sony-laptop.c | 1 - drivers/scsi/isci/init.c | 6 +- .../pci/hive_isp_css_include/math_support.h | 5 - drivers/virt/acrn/ioreq.c | 4 +- fs/btrfs/misc.h | 2 - fs/btrfs/tree-checker.c | 2 +- fs/ext2/balloc.c | 2 - fs/ext4/ext4.h | 2 - fs/ufs/util.h | 6 - include/linux/compiler.h | 9 + include/linux/minmax.h | 264 +++++++++++++----- kernel/trace/preemptirq_delay_test.c | 2 - lib/btree.c | 1 - lib/decompress_unlzma.c | 2 + lib/logic_pio.c | 3 - lib/vsprintf.c | 2 +- lib/zstd/zstd_internal.h | 2 - mm/zsmalloc.c | 1 - net/ipv4/proc.c | 2 +- net/ipv6/proc.c | 2 +- net/netfilter/nf_nat_core.c | 6 +- net/tipc/core.h | 2 +- net/tipc/link.c | 10 +- tools/testing/selftests/vm/mremap_test.c | 2 + 47 files changed, 289 insertions(+), 183 deletions(-) -- 2.47.3

2 months, 1 week

1
19
0 0

[PATCH 6.1.y] selftests: mptcp: connect: fix build regression caused by backport

by Kenta Akagi

Since v6.1.154, mptcp selftests have failed to build with the following errors: mptcp_connect.c: In function ‘main_loop_s’: mptcp_connect.c:1040:59: error: ‘winfo’ undeclared (first use in this function) 1040 | err = copyfd_io(fd, remotesock, 1, true, &winfo); | ^~~~~ mptcp_connect.c:1040:59: note: each undeclared identifier is reported only once for each function it appears in mptcp_connect.c:1040:23: error: too many arguments to function ‘copyfd_io’; expected 4, have 5 1040 | err = copyfd_io(fd, remotesock, 1, true, &winfo); | ^~~~~~~~~ ~~~~~~ mptcp_connect.c:845:12: note: declared here 845 | static int copyfd_io(int infd, int peerfd, int outfd, bool close_peerfd) | ^~~~~~~~~ This is caused by commit ff160500c499 ("selftests: mptcp: connect: catch IO errors on listen side"), a backport of upstream 14e22b43df25, which attempts to use the undeclared variable 'winfo' and passes too many arguments to copyfd_io(). Both the winfo variable and the updated copyfd_io() function were introduced in upstream commit ca7ae8916043 ("selftests: mptcp: mptfo Initiator/Listener"), which is not present in v6.1.y. The goal of the backport is to stop on errors from copyfd_io. Therefore, the backport does not depend on the changes in upstream commit ca7ae8916043 ("selftests: mptcp: mptfo Initiator/Listener"). This commit simply removes ', &winfo' to fix a build failure. Fixes: ff160500c499 ("selftests: mptcp: connect: catch IO errors on listen side") Signed-off-by: Kenta Akagi <k(a)mgml.me> --- commit 14e22b43df25 ("selftests: mptcp: connect: catch IO errors on listen side") has only been backported to >=v6.1.y, and commit ca7ae8916043 ("selftests: mptcp: mptfo Initiator/Listener") exists from v6.2. so, only v6.1.y requires this fix. --- tools/testing/selftests/net/mptcp/mptcp_connect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/testing/selftests/net/mptcp/mptcp_connect.c index 0d49b6753011..0b253c133f06 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -1037,7 +1037,7 @@ int main_loop_s(int listensock) SOCK_TEST_TCPULP(remotesock, 0); - err = copyfd_io(fd, remotesock, 1, true, &winfo); + err = copyfd_io(fd, remotesock, 1, true); } else { perror("accept"); return 1; -- 2.50.1

2 months, 1 week

2
1
0 0

[PATCH RESEND] PCI/AER: Check for NULL aer_info before ratelimiting in pci_print_aer()

by Breno Leitao

Similarly to pci_dev_aer_stats_incr(), pci_print_aer() may be called when dev->aer_info is NULL. Add a NULL check before proceeding to avoid calling aer_ratelimit() with a NULL aer_info pointer, returning 1, which does not rate limit, given this is fatal. This prevents a kernel crash triggered by dereferencing a NULL pointer in aer_ratelimit(), ensuring safer handling of PCI devices that lack AER info. This change aligns pci_print_aer() with pci_dev_aer_stats_incr() which already performs this NULL check. Cc: stable(a)vger.kernel.org Fixes: a57f2bfb4a5863 ("PCI/AER: Ratelimit correctable and non-fatal error logging") Signed-off-by: Breno Leitao <leitao(a)debian.org> --- - This problem is still happening in upstream, and unfortunately no action was done in the previous discussion. - Link to previous post: https://lore.kernel.org/r/20250804-aer_crash_2-v1-1-fd06562c18a4@debian.org --- drivers/pci/pcie/aer.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/pcie/aer.c b/drivers/pci/pcie/aer.c index e286c197d7167..55abc5e17b8b1 100644 --- a/drivers/pci/pcie/aer.c +++ b/drivers/pci/pcie/aer.c @@ -786,6 +786,9 @@ static void pci_rootport_aer_stats_incr(struct pci_dev *pdev, static int aer_ratelimit(struct pci_dev *dev, unsigned int severity) { + if (!dev->aer_info) + return 1; + switch (severity) { case AER_NONFATAL: return __ratelimit(&dev->aer_info->nonfatal_ratelimit); --- base-commit: e5f0a698b34ed76002dc5cff3804a61c80233a7a change-id: 20250801-aer_crash_2-b21cc2ef0d00 Best regards, -- Breno Leitao <leitao(a)debian.org>

2 months, 1 week

5
7
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror