- Linux-stable-mirror - lists.linaro.org

+ ocfs2-fix-recursive-semaphore-deadlock-in-fiemap-call.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix recursive semaphore deadlock in fiemap call has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-recursive-semaphore-deadlock-in-fiemap-call.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mark Tinguely <mark.tinguely(a)oracle.com> Subject: ocfs2: fix recursive semaphore deadlock in fiemap call Date: Fri, 29 Aug 2025 10:18:15 -0500 syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP of the extent list on a specially crafted mmap file. context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0x165/0x360 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591 ocfs2_page_mkwrite+0x2ff/0xc40 fs/ocfs2/mmap.c:142 do_page_mkwrite+0x14d/0x310 mm/memory.c:3361 wp_page_shared mm/memory.c:3762 [inline] do_wp_page+0x268d/0x5800 mm/memory.c:3981 handle_pte_fault mm/memory.c:6068 [inline] __handle_mm_fault+0x1033/0x5440 mm/memory.c:6195 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364 do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline] RIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline] RIP: 0010:_inline_copy_to_user include/linux/uaccess.h:197 [inline] RIP: 0010:_copy_to_user+0x85/0xb0 lib/usercopy.c:26 Code: e8 00 bc f7 fc 4d 39 fc 72 3d 4d 39 ec 77 38 e8 91 b9 f7 fc 4c 89 f7 89 de e8 47 25 5b fd 0f 01 cb 4c 89 ff 48 89 d9 4c 89 f6 <f3> a4 0f 1f 00 48 89 cb 0f 01 ca 48 89 d8 5b 41 5c 41 5d 41 5e 41 RSP: 0018:ffffc9000403f950 EFLAGS: 00050256 RAX: ffffffff84c7f101 RBX: 0000000000000038 RCX: 0000000000000038 RDX: 0000000000000000 RSI: ffffc9000403f9e0 RDI: 0000200000000060 RBP: ffffc9000403fa90 R08: ffffc9000403fa17 R09: 1ffff92000807f42 R10: dffffc0000000000 R11: fffff52000807f43 R12: 0000200000000098 R13: 00007ffffffff000 R14: ffffc9000403f9e0 R15: 0000200000000060 copy_to_user include/linux/uaccess.h:225 [inline] fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:145 ocfs2_fiemap+0x888/0xc90 fs/ocfs2/extent_map.c:806 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1173/0x1430 fs/ioctl.c:532 __do_sys_ioctl fs/ioctl.c:596 [inline] __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f13850fd9 RSP: 002b:00007ffe3b3518b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f5f13850fd9 RDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004 RBP: 6165627472616568 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3b3518f0 R13: 00007ffe3b351b18 R14: 431bde82d7b634db R15: 00007f5f1389a03b ocfs2_fiemap() takes a read lock of the ip_alloc_sem semaphore (since v2.6.22-527-g7307de80510a) and calls fiemap_fill_next_extent() to read the extent list of this running mmap executable. The user supplied buffer to hold the fiemap information page faults calling ocfs2_page_mkwrite() which will take a write lock (since v2.6.27-38-g00dc417fa3e7) of the same semaphore. This recursive semaphore will hold filesystem locks and causes a hang of the fileystem. The ip_alloc_sem protects the inode extent list and size. Release the read semphore before calling fiemap_fill_next_extent() in ocfs2_fiemap() and ocfs2_fiemap_inline(). This does an unnecessary semaphore lock/unlock on the last extent but simplifies the error path. Link: https://lkml.kernel.org/r/61d1a62b-2631-4f12-81e2-cd689914360b@oracle.com Fixes: 00dc417fa3e7 ("ocfs2: fiemap support") Signed-off-by: Mark Tinguely <mark.tinguely(a)oracle.com> Reported-by: syzbot+541dcc6ee768f77103e7(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=541dcc6ee768f77103e7 Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/extent_map.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/fs/ocfs2/extent_map.c~ocfs2-fix-recursive-semaphore-deadlock-in-fiemap-call +++ a/fs/ocfs2/extent_map.c @@ -706,6 +706,8 @@ out: * it not only handles the fiemap for inlined files, but also deals * with the fast symlink, cause they have no difference for extent * mapping per se. + * + * Must be called with ip_alloc_sem semaphore held. */ static int ocfs2_fiemap_inline(struct inode *inode, struct buffer_head *di_bh, struct fiemap_extent_info *fieinfo, @@ -717,6 +719,7 @@ static int ocfs2_fiemap_inline(struct in u64 phys; u32 flags = FIEMAP_EXTENT_DATA_INLINE|FIEMAP_EXTENT_LAST; struct ocfs2_inode_info *oi = OCFS2_I(inode); + lockdep_assert_held_read(&oi->ip_alloc_sem); di = (struct ocfs2_dinode *)di_bh->b_data; if (ocfs2_inode_is_fast_symlink(inode)) @@ -732,8 +735,11 @@ static int ocfs2_fiemap_inline(struct in phys += offsetof(struct ocfs2_dinode, id2.i_data.id_data); + /* Release the ip_alloc_sem to prevent deadlock on page fault */ + up_read(&OCFS2_I(inode)->ip_alloc_sem); ret = fiemap_fill_next_extent(fieinfo, 0, phys, id_count, flags); + down_read(&OCFS2_I(inode)->ip_alloc_sem); if (ret < 0) return ret; } @@ -802,9 +808,11 @@ int ocfs2_fiemap(struct inode *inode, st len_bytes = (u64)le16_to_cpu(rec.e_leaf_clusters) << osb->s_clustersize_bits; phys_bytes = le64_to_cpu(rec.e_blkno) << osb->sb->s_blocksize_bits; virt_bytes = (u64)le32_to_cpu(rec.e_cpos) << osb->s_clustersize_bits; - + /* Release the ip_alloc_sem to prevent deadlock on page fault */ + up_read(&OCFS2_I(inode)->ip_alloc_sem); ret = fiemap_fill_next_extent(fieinfo, virt_bytes, phys_bytes, len_bytes, fe_flags); + down_read(&OCFS2_I(inode)->ip_alloc_sem); if (ret) break; _ Patches currently in -mm which might be from mark.tinguely(a)oracle.com are ocfs2-fix-recursive-semaphore-deadlock-in-fiemap-call.patch

2 months, 2 weeks

1
0
0 0

[PATCH v2] uio_hv_generic: Let userspace take care of interrupt mask

by Naman Jain

Remove the logic to set interrupt mask by default in uio_hv_generic driver as the interrupt mask value is supposed to be controlled completely by the user space. If the mask bit gets changed by the driver, concurrently with user mode operating on the ring, the mask bit may be set when it is supposed to be clear, and the user-mode driver will miss an interrupt which will cause a hang. For eg- when the driver sets inbound ring buffer interrupt mask to 1, the host does not interrupt the guest on the UIO VMBus channel. However, setting the mask does not prevent the host from putting a message in the inbound ring buffer. So let’s assume that happens, the host puts a message into the ring buffer but does not interrupt. Subsequently, the user space code in the guest sets the inbound ring buffer interrupt mask to 0, saying “Hey, I’m ready for interrupts”. User space code then calls pread() to wait for an interrupt. Then one of two things happens: * The host never sends another message. So the pread() waits forever. * The host does send another message. But because there’s already a message in the ring buffer, it doesn’t generate an interrupt. This is the correct behavior, because the host should only send an interrupt when the inbound ring buffer transitions from empty to not-empty. Adding an additional message to a ring buffer that is not empty is not supposed to generate an interrupt on the guest. Since the guest is waiting in pread() and not removing messages from the ring buffer, the pread() waits forever. This could be easily reproduced in hv_fcopy_uio_daemon if we delay setting interrupt mask to 0. Similarly if hv_uio_channel_cb() sets the interrupt_mask to 1, there’s a race condition. Once user space empties the inbound ring buffer, but before user space sets interrupt_mask to 0, the host could put another message in the ring buffer but it wouldn’t interrupt. Then the next pread() would hang. Fix these by removing all instances where interrupt_mask is changed, while keeping the one in set_event() unchanged to enable userspace control the interrupt mask by writing 0/1 to /dev/uioX. Fixes: 95096f2fbd10 ("uio-hv-generic: new userspace i/o driver for VMBus") Suggested-by: John Starks <jostarks(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Cc: <stable(a)vger.kernel.org> --- Changes since v1: https://lore.kernel.org/all/20250818064846.271294-1-namjain@linux.microsoft… * Added Fixes and Cc stable tags. --- drivers/uio/uio_hv_generic.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index f19efad4d6f8..3f8e2e27697f 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -111,7 +111,6 @@ static void hv_uio_channel_cb(void *context) struct hv_device *hv_dev; struct hv_uio_private_data *pdata; - chan->inbound.ring_buffer->interrupt_mask = 1; virt_mb(); /* @@ -183,8 +182,6 @@ hv_uio_new_channel(struct vmbus_channel *new_sc) return; } - /* Disable interrupts on sub channel */ - new_sc->inbound.ring_buffer->interrupt_mask = 1; set_channel_read_mode(new_sc, HV_CALL_ISR); ret = hv_create_ring_sysfs(new_sc, hv_uio_ring_mmap); if (ret) { @@ -227,9 +224,7 @@ hv_uio_open(struct uio_info *info, struct inode *inode) ret = vmbus_connect_ring(dev->channel, hv_uio_channel_cb, dev->channel); - if (ret == 0) - dev->channel->inbound.ring_buffer->interrupt_mask = 1; - else + if (ret) atomic_dec(&pdata->refcnt); return ret; -- 2.34.1

2 months, 2 weeks

5
5
0 0

[PATCH 6.16 000/457] 6.16.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.16.4 release. There are 457 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Aug 2025 11:08:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.16.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.16.4-rc1 Christoph Manszewski <christoph.manszewski(a)intel.com> drm/xe: Fix vm_bind_ioctl double free bug Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Move ASID allocation and user PT BO tracking into xe_vm_create Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't leak dst refcount for loopback packets Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Armen Ratner <armeng(a)nvidia.com> net/mlx5e: Preserve shared buffer capacity during headroom updates Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Query FW for buffer ownership Oren Sidi <osidi(a)nvidia.com> net/mlx5: Add IFC bits and enums for buf_ownership Daniel Jurgens <danielj(a)nvidia.com> net/mlx5: Base ECVF devlink port attrs from 0 Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: Skip overlap check for SPI field Nilay Shroff <nilay(a)linux.ibm.com> block: avoid cpu_hotplug_lock depedency on freeze_lock Nilay Shroff <nilay(a)linux.ibm.com> block: skip q->rq_qos check in rq_qos_done_bio() Nilay Shroff <nilay(a)linux.ibm.com> block: decrement block_rq_qos static key in rq_qos_del() Ming Lei <ming.lei(a)redhat.com> blk-mq: fix lockdep warning in __blk_mq_update_nr_hw_queues Nilay Shroff <nilay(a)linux.ibm.com> block: fix potential deadlock while running nr_hw_queue update Nilay Shroff <nilay(a)linux.ibm.com> block: fix lockdep warning caused by lock dependency in elv_iosched_store Nilay Shroff <nilay(a)linux.ibm.com> block: move elevator queue allocation logic into blk_mq_init_sched Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: ppe: Do not invalid PPE entries in case of SW hash collision Hangbin Liu <liuhangbin(a)gmail.com> bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Hangbin Liu <liuhangbin(a)gmail.com> bonding: update LACP activity flag after setting lacp_active Dewei Meng <mengdewei(a)cqsoftware.com.cn> ALSA: timer: fix ida_free call while not allocated William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix KSZ9477 HSR port setup issue ValdikSS <iam(a)valdikss.org.ru> igc: fix disabling L1.2 PCI-E link substate on I226 on init Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Song Gao <gaosong(a)loongson.cn> LoongArch: KVM: Use kvm_get_vcpu_by_id() instead of kvm_get_vcpu() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Use standard bitops API with eiointc Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Do not map lowcore with identity mapping Stefan Binding <sbinding(a)opensource.cirrus.com> ASoC: cs35l56: Remove SoundWire Clock Divider workaround for CS35L63 Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Handle new algorithms IDs for CS35L63 Stefan Binding <sbinding(a)opensource.cirrus.com> ASoC: cs35l56: Update Firmware Addresses for CS35L63 for production silicon Kanglong Wang <wangkanglong(a)loongson.cn> LoongArch: Optimize module load time by optimizing PLT/GOT counting Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Pass annotate-tablejump option if LTO is enabled Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool/LoongArch: Get table size correctly if LTO is enabled Parthiban Veerasooran <parthiban.veerasooran(a)microchip.com> microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 Parthiban Veerasooran <parthiban.veerasooran(a)microchip.com> microchip: lan865x: fix missing netif_start_queue() call on device open Vlad Dogaru <vdogaru(a)nvidia.com> net/mlx5: CT: Use the correct counter offset Alex Vesker <valex(a)nvidia.com> net/mlx5: HWS, Fix table creation UID Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix complex rules rehash error flow Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix bad parameter in CQ creation D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix UAF on smcsk after smc_listen_out() Yao Zi <ziyao(a)disroot.org> net: stmmac: thead: Enable TX clock before MAC initialization Jordan Rhee <jordanrhee(a)google.com> gve: prevent ethtool ops after shutdown Yuichiro Tsuji <yuichtsu(a)amazon.com> net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix timestamping for vsc8584 David Howells <dhowells(a)redhat.com> cifs: Fix oops due to uninitialised variable Dan Carpenter <dan.carpenter(a)linaro.org> regulator: tps65219: regulator: tps65219: Fix error codes in probe() Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Assign ioctl xe file handler to vm in xe_vm_create MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. Qingfang Deng <dqfext(a)gmail.com> ppp: fix race conditions in ppp_fill_forward_path Qingfang Deng <dqfext(a)gmail.com> net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: ufs-qcom: Fix ESI null pointer dereference Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: ufs-qcom: Update esi_vec_mask for HW major version >= 6 Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix IRQ lock inversion for the SCSI host lock Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix lockdep warning during rmmod Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Jakub Ramaseuski <jramaseu(a)redhat.com> net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't print errors for nonexistent connectors Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Adjust DCE 8-10 clock, don't overclock by 15% Chenyuan Yang <chenyuan0y(a)gmail.com> drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Peng Fan <peng.fan(a)nxp.com> regulator: pca9450: Use devm_register_sys_off_handler Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix dp and vga cannot show together Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix rare monitors cannot display problem Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the hibmc loaded failed bug Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed Miguel Ojeda <ojeda(a)kernel.org> rust: alloc: fix `rusttest` by providing `Cmalloc::aligned_layout` too Zheng Qixing <zhengqixing(a)huawei.com> md: fix sync_action incorrect display during resync Zheng Qixing <zhengqixing(a)huawei.com> md: add helper rdev_needs_recovery() Li Nan <linan122(a)huawei.com> md: rename recovery_cp to resync_offset Miguel Ojeda <ojeda(a)kernel.org> drm: nova-drm: fix 32-bit arm build Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not accounting for BIS/CIS/PA links separately Yang Li <yang.li(a)amlogic.com> Bluetooth: Add PA_LINK to distinguish BIG sync and PA sync connections Sergey Shtylyov <s.shtylyov(a)omp.ru> Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix using ll_privacy_capable for current settings Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix scan state after PA Sync has been established Kees Cook <kees(a)kernel.org> iommu/amd: Avoid stack buffer overflow from kernel cmdline Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Justin Lai <justinlai0215(a)realtek.com> rtase: Fix Rx descriptor CRC error bit definition William Liu <will(a)willsroot.io> net/sched: Fix backlog accounting in qdisc_dequeue_internal Wang Liang <wangliang74(a)huawei.com> net: bridge: fix soft lockup in br_multicast_query_expired() Suraj Gupta <suraj.gupta2(a)amd.com> net: xilinx: axienet: Fix RX skb ring management in DMAengine mode Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix dip entries leak on devices newer than hip09 Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> RDMA/core: Free pfn_list with appropriate kvfree call Anantha Prabhu <anantha.prabhu(a)broadcom.com> RDMA/bnxt_re: Fix to initialize the PBL array Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix a possible memory leak in the driver Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to remove workload check in SRQ limit path Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to do SRQ armena by default wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix querying wrong SCC context for DIP algorithm Boshi Yu <boshiyu(a)linux.alibaba.com> RDMA/erdma: Fix unset QPN of GSI QP Boshi Yu <boshiyu(a)linux.alibaba.com> RDMA/erdma: Fix ignored return value of init_kernel_qp Suma Hegde <suma.hegde(a)amd.com> platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Add a u64 divide by 10 for arm32 Danilo Krummrich <dakr(a)kernel.org> rust: drm: don't pass the address of drm::Device to drm_dev_put() Danilo Krummrich <dakr(a)kernel.org> rust: drm: remove pin annotations from drm::Device Danilo Krummrich <dakr(a)kernel.org> rust: drm: ensure kmalloc() compatible Layout Danilo Krummrich <dakr(a)kernel.org> rust: alloc: replace aligned_size() with Kmalloc::aligned_layout() Nitin Gote <nitin.r.gote(a)intel.com> iosys-map: Fix undefined behavior in iosys_map_clear() José Expósito <jose.exposito89(a)gmail.com> drm/tests: Fix drm_test_fb_xrgb8888_to_xrgb2101010() on big-endian Thomas Zimmermann <tzimmermann(a)suse.de> drm/tests: Do not use drm_fb_blit() in format-helper tests José Expósito <jose.exposito89(a)gmail.com> drm/tests: Fix endian warning Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix a partition error with CPU hotplug Waiman Long <longman(a)redhat.com> cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Fanhua Li <lifanhua5(a)huawei.com> drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: fix calculating of ECC OOB regions' properties Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Clamp too high speed_hz Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: use correct CW_PER_PAGE value for OOB write Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: change invalid data error to -EBUSY Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: imu: inv_icm42600: Convert to uXX and sXX integer types David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: prevent from unwanted interface name changes Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> devlink: let driver opt out of automatic phys_port_name generation Sven Eckelmann <sven(a)narfation.org> i2c: rtl9300: Add missing count byte for SMBus Block Ops Sven Eckelmann <sven(a)narfation.org> i2c: rtl9300: Increase timeout for transfer polling Harshal Gohel <hg(a)simonwunderlich.de> i2c: rtl9300: Fix multi-byte I2C write Alex Guo <alexguo1023(a)gmail.com> i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer Tianxiang Peng <txpeng(a)tencent.com> x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Yazen Ghannam <yazen.ghannam(a)amd.com> x86/CPU/AMD: Ignore invalid reset reason value Jakub Kicinski <kuba(a)kernel.org> tls: fix handling of zero-length records on the rx_list Niklas Cassel <cassel(a)kernel.org> PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up NeilBrown <neil(a)brown.name> ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() Pu Lehui <pulehui(a)huawei.com> tracing: Limit access to parser->buffer when trace_get_user failed Steven Rostedt <rostedt(a)goodmis.org> tracing: Remove unneeded goto out logic Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Wildcat Lake Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Remove WARN_ON for device endpoint command timeouts Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: fix host not responding after suspend and resume Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> usb: xhci: Fix slot_id resource race conflict Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: disable low power mode when reading comparator values Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Vasut <marek.vasut+renesas(a)mailbox.org> usb: renesas-xhci: Fix External ROM access timeouts Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Edward Adam Davis <eadavis(a)qq.com> comedi: pcl726: Prevent invalid irq number Ian Abbott <abbotti(a)mev.co.uk> comedi: Make insn_rw_emulate_bits() do insn->n samples Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Thorsten Blum <thorsten.blum(a)linux.dev> cdx: Fix off-by-one error in cdx_rpmsg_probe() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() Miaoqian Lin <linmq006(a)gmail.com> most: core: Drop device reference after usage in get_channel() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> iio: adc: rzg2l: Cleanup suspend/resume path David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: prevent scan if too many setups requested Matti Vaittinen <mazziesaccount(a)gmail.com> iio: adc: bd79124: Add GPIOLIB dependency Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> iio: adc: rzg2l_adc: Set driver data before enabling runtime PM Salah Triki <salah.triki(a)gmail.com> iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: as73211: Ensure buffer holes are zeroed David Lechner <dlechner(a)baylibre.com> iio: adc: ad7124: fix channel lookup in syscalib functions David Lechner <dlechner(a)baylibre.com> iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files David Lechner <dlechner(a)baylibre.com> iio: accel: sca3300: fix uninitialized iio scan data David Lechner <dlechner(a)baylibre.com> iio: adc: ad7380: fix missing max_conversion_rate_hz on adaq4381-4 Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached manual clock settings during resume Robin Murphy <robin.murphy(a)arm.com> iommu/virtio: Make instance lookup robust Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Remove ops.pgsize_bitmap from drivers that don't use it Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Adrian Huang (Lenovo) <adrianhuang0701(a)gmail.com> signal: Fix memory leak for PIDFD_SELF* sentinels Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Stefan Metzmacher <metze(a)samba.org> smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Christian Brauner <brauner(a)kernel.org> libfs: massage path_from_stashed() to allow custom stashing behavior Thomas Bertschinger <tahbertschinger(a)gmail.com> fhandle: do_handle_open() should get FD with user flags Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix data relocation block group reservation Yuntao Wang <yuntao.wang(a)linux.dev> fs: fix incorrect lflags value in the move_mount syscall Charalampos Mitrodimas <charmitro(a)posteo.net> debugfs: fix mount options not being applied Miguel Ojeda <ojeda(a)kernel.org> rust: faux: fix C header link Christoph Hellwig <hch(a)lst.de> xfs: fix frozen file system assert in xfs_trans_alloc Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() Liu01 Tong <Tong.Liu01(a)amd.com> drm/amdgpu: fix task hang from failed job submission during process kill Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Use standard PCIe definitions Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix Xorg desktop unresponsive on Replay panel Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overclock DCE 6 by 15% Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid a NULL pointer dereference Imre Deak <imre.deak(a)intel.com> drm/i915/icl+/tc: Convert AUX powered WARN to a debug message Imre Deak <imre.deak(a)intel.com> drm/i915/lnl+/tc: Use the cached max lane count value Imre Deak <imre.deak(a)intel.com> drm/i915/lnl+/tc: Fix max lane count HW readout Imre Deak <imre.deak(a)intel.com> drm/i915/icl+/tc: Cache the max lane count value Imre Deak <imre.deak(a)intel.com> drm/i915/lnl+/tc: Fix handling of an enabled/disconnected dp-alt sink Sebastian Brzezinka <sebastian.brzezinka(a)intel.com> drm/i915/gt: Relocate compression repacking WA for JSL/EHL Qianfeng Rong <rongqianfeng(a)vivo.com> drm/nouveau/gsp: fix mismatched alloc/free for kvmalloc() Jani Nikula <jani.nikula(a)intel.com> drm/i915: silence rpm wakeref asserts on GEN11_GU_MISC_IIR access Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swm14: Update power limit logic Thorsten Blum <thorsten.blum(a)linux.dev> accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() Jan Beulich <jbeulich(a)suse.com> compiler: remove __ADDRESSABLE_ASM{_STR,}() again Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel-uncore-freq: Check write blocked for ELC Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Fix SCCB present check Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Flush delayed SKBs while releasing RXE resources Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com> ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Takashi Iwai <tiwai(a)suse.de> ALSA: hda: tas2781: Fix wrong reference of tasdevice_priv David Hildenbrand <david(a)redhat.com> mm/mremap: fix WARN with uffd that has remap events disabled Jinjiang Tu <tujinjiang(a)huawei.com> mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Herton R. Krzesinski <herton(a)redhat.com> mm/debug_vm_pgtable: clear page table entries at destroy_args() Sang-Heon Jeon <ekffu200098(a)gmail.com> mm/damon/core: fix damos_commit_filter not changing allow Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a race when updating an existing write Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Pasha Tatashin <pasha.tatashin(a)soleen.com> kho: warn if KHO is disabled due to an error Pasha Tatashin <pasha.tatashin(a)soleen.com> kho: mm: don't allow deferred struct page with KHO Pasha Tatashin <pasha.tatashin(a)soleen.com> kho: init new_physxa->phys_bits to fix lockdep Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: Add a new function to simplify the code Sai Krishna Potthuri <sai.krishna.potthuri(a)amd.com> mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up Sang-Heon Jeon <ekffu200098(a)gmail.com> mm/damon/core: fix commit_ops_filters by using correct nth function Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement Dominique Martinet <asmadeus(a)codewreck.org> iov_iter: iterate_folioq: fix handling of offset >= folio size Jens Axboe <axboe(a)kernel.dk> io_uring/futex: ensure io_futex_wait() cleans up properly on failure XianLiang Huang <huangxianliang(a)lanxincomputing.com> iommu/riscv: prevent NULL deref in iova_to_phys Eric Biggers <ebiggers(a)kernel.org> crypto: acomp - Fix CFI failure due to type punning Geert Uytterhoeven <geert+renesas(a)glider.be> erofs: Do not select tristate symbols from bool symbols Bo Liu (OpenAnolis) <liubo03(a)inspur.com> erofs: fix build error with CONFIG_EROFS_FS_ZIP_ACCEL=y Alan Huang <mmpgouride(a)gmail.com> xfs: Remove unused label in xfs_dax_notify_dev_failure Christoph Hellwig <hch(a)lst.de> xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Christoph Hellwig <hch(a)lst.de> xfs: improve the comments in xfs_select_zone_nowait Christoph Hellwig <hch(a)lst.de> xfs: return the allocated transaction from xfs_trans_alloc_empty Christoph Hellwig <hch(a)lst.de> xfs: decouple xfs_trans_alloc_empty from xfs_trans_alloc Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: subpage: keep TOWRITE tag until folio is cleaned Qu Wenruo <wqu(a)suse.com> btrfs: rename btrfs_subpage structure Qu Wenruo <wqu(a)suse.com> btrfs: add comments on the extra btrfs specific subpage bitmaps Leo Martins <loemra.dev(a)gmail.com> btrfs: fix subpage deadlock in try_release_subpage_extent_buffer() Filipe Manana <fdmanana(a)suse.com> btrfs: use refcount_t type for the extent buffer reference counter Filipe Manana <fdmanana(a)suse.com> btrfs: add comment for optimization in free_extent_buffer() Filipe Manana <fdmanana(a)suse.com> btrfs: reorganize logic at free_extent_buffer() for better readability Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() Filipe Manana <fdmanana(a)suse.com> btrfs: always abort transaction on failure to add block group to free space tree David Sterba <dsterba(a)suse.com> btrfs: move transaction aborts to the error site in add_block_group_free_space() SeongJae Park <sj(a)kernel.org> mm/damon/ops-common: ignore migration request to invalid nodes Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: sockopt: fix C23 extension warning Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix C23 extension warning Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm: check flush doesn't reset limits Geliang Tang <geliang(a)kernel.org> mptcp: disable add_addr retransmission when timeout is 0 Geliang Tang <geliang(a)kernel.org> mptcp: remove duplicate sk_reset_timer call Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: kernel: flush: do not reset ADD_ADDR limit Christoph Paasch <cpaasch(a)openai.com> mptcp: drop skb if MPTCP skb extension allocation fails Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> ACPI: APEI: EINJ: Fix resource leak by remove callback in .exit.text Chen Yu <yu.c.chen(a)intel.com> ACPI: pfr_update: Fix the driver update version check Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid selecting states with too much latency JP Kobryn <inwardvessel(a)gmail.com> cgroup: avoid null de-ref in css_rstat_exit() Eric Biggers <ebiggers(a)kernel.org> ipv6: sr: Fix MAC comparison to be constant-time Andrea Righi <arighi(a)nvidia.com> sched/ext: Fix invalid task state transitions on class switch Jakub Acs <acsjakub(a)amazon.de> net, hsr: reject HSR frame if skb can't hold tag Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add address alignment check in pch_pic register access Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix stack protector issue in send_ipi_data() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Make function kvm_own_lbt() robust Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overwrite dce60_clk_mgr Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Revert "drm/amd/display: Fix AMDGPU_MAX_BL_LEVEL value" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Pass up errors for reset GPU that fails to init HW Lauri Tirkkonen <lauri(a)hacktheplanet.fi> drm/amd/display: fix initial backlight brightness calculation Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DCE 6.0 and 6.4 PLL programming. Siyang Liu <Security(a)tencent.com> drm/amd/display: fix a Null pointer dereference vulnerability Michel Dänzer <mdaenzer(a)redhat.com> drm/amd/display: Add primary plane to commits for correct VRR handling David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: Fix checkpoint-restore on multi-xcc Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Update supported modes for GC v9.5.0 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 4.1.0 client id mappings Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 3.3 client id mappings Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 3.0.1 client id mappings Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Update external revid for GC v9.5.0 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: track whether a queue is a kernel queue in amdgpu_mqd_prop YuanShang <YuanShang.Mao(a)amd.com> drm/amdgpu: Retain job->vm in amdgpu_job_prepare_job Nathan Chancellor <nathan(a)kernel.org> drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() Peter Shkenev <mustela(a)erminea.space> drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities Gang Ba <Gang.Ba(a)amd.com> drm/amdgpu: Avoid extra evict-restore process. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add missing vram lost check for LEGACY RESET Frank Min <Frank.Min(a)amd.com> drm/amdgpu: add kicker fws loading for gfx12/smu14/psp14 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached power limit during resume Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/discovery: fix fw based ip discovery Yang Wang <kevinyang.wang(a)amd.com> drm/amd/amdgpu: fix missing lock for cper.ring->rptr/wptr access Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Defer buffer object shrinker write-backs and GPU waits Vodapalli, Ravi Kumar <ravi.kumar.vodapalli(a)intel.com> drm/xe/bmg: Add one additional PCI ID Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Remove unnecessary re-initialization of flush completion Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Verify internal buffer release on close Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Update CAPTURE format info based on OUTPUT format Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Track flush responses to prevent premature completion Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Skip flush on first sequence change Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Skip destroying internal buffer if not dequeued Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Send V4L2_BUF_FLAG_ERROR for capture buffers with 0 filled length Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Remove error check for non-zero v4l2 controls Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Remove deprecated property setting to firmware Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Prevent HFI queue writes when core is in deinit state Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix typo in depth variable Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix NULL pointer dereference Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix missing function pointer initialization Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix buffer preparation failure during resolution change Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Drop port check for session property response Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Avoid updating frame size to firmware during reconfig Ricardo Ribalda <ribalda(a)chromium.org> media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> media: venus: Fix MSM8998 frequency table Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Remove extraneous -supply postfix on supply names Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: csiphy-3ph: Fix inadvertent dropping of SDM660/SDM670 phy init Hans de Goede <hansg(a)kernel.org> media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Mathis Foerst <mathis.foerst(a)mt.com> media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: pisp_be: Fix pm_runtime underrun in probe Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix AV1 decoder clock frequency Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix wrong pixel_array control size Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu6: isys: Use correct pads for xlate_streams() Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Bingbu Cao <bingbu.cao(a)intel.com> media: hi556: correct the test pattern configuration Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser John David Anglin <dave.anglin(a)bell.net> parisc: Update comments in make_insert_tlb John David Anglin <dave.anglin(a)bell.net> parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() John David Anglin <dave.anglin(a)bell.net> parisc: Revise gateway LWS calls to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Revise __get_user() to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers John David Anglin <dave.anglin(a)bell.net> parisc: Drop WARN_ON_ONCE() from flush_cache_vmap John David Anglin <dave.anglin(a)bell.net> parisc: Define and use set_pte_at() John David Anglin <dave.anglin(a)bell.net> parisc: Check region is readable by user in raw_copy_from_user() Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Jialin Wang <wjl.linux(a)gmail.com> proc: proc_maps_open allow proc_mem_open to return NULL Aleksa Sarai <cyphar(a)cyphar.com> open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE Simon Richter <Simon.Richter(a)hogyros.de> Mark xe driver as BROKEN if kernel page size is not 4kB Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct linker when mixing clang and GNU ld Jann Horn <jannh(a)google.com> kasan/test: fix protection against compiler elision Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Jan Kara <jack(a)suse.cz> iomap: Fix broken data integrity guarantees for O_SYNC writes Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> i2c: qcom-geni: fix I2C frequency table to achieve accurate bus rates Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Julian Sun <sunjunchao2870(a)gmail.com> block: restore default wbt enablement Muhammad Usama Anjum <usama.anjum(a)collabora.com> ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context Xaver Hugl <xaver.hugl(a)kde.org> amdgpu/amdgpu_discovery: increase timeout limit for IFWI init Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence Will Deacon <will(a)kernel.org> vhost/vsock: Avoid allocating arbitrarily-sized SKBs Will Deacon <will(a)kernel.org> vsock/virtio: Validate length in packet header before skb_put() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Delay link start until configfs 'start' written Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Jiwei Sun <sunjw10(a)lenovo.com> PCI: Fix link speed calculation on retrain failure Lukas Wunner <lukas(a)wunner.de> PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge Chi Zhiling <chizhiling(a)kylinos.cn> readahead: fix return value of page_cache_next_miss() when no hole is found Dmitry Torokhov <dmitry.torokhov(a)gmail.com> mfd: mt6397: Do not use generic name for keypad sub-devices Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: renesas: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Gabor Juhos <j4g8y7(a)gmail.com> mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: Fix spi_nor_try_unlock_all() Tim Harvey <tharvey(a)gateworks.com> hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix setting ODR in probe David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix calibration channel David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix channels index for syscalib_mode David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: change to buffer predisable David Lechner <dlechner(a)baylibre.com> iio: imu: bno055: fix OOB access of hw_xlate array Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Fix CDL control Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix default runtime and system PM levels Archana Patni <archana.patni(a)intel.com> scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Return aborted command when missing sense and result TF Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix race between config read submit and interrupt completion André Draszik <andre.draszik(a)linaro.org> scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Macpaul Lin <macpaul.lin(a)mediatek.com> scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> dt-bindings: display: vop2: Add optional PLL clock property for rk3576 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints Helge Deller <deller(a)gmx.de> apparmor: Fix 8-byte alignment for initial dfa blob streams Sam Edwards <cfsworks(a)gmail.com> arm64: dts: rockchip: Remove workaround that prevented Turing RK1 GPU power regulator control Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses Kaustabh Chakraborty <kauschluss(a)disroot.org> arm64: dts: exynos7870-on7xelte: reduce memory ranges to base amount Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file Hong Guan <hguan(a)ti.com> arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1 Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: ufs: add dma-coherent property Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Enable HDMI PHY clk provider on rk3576 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Add HDMI PHY PLL clock source to VOP2 on rk3576 Kaustabh Chakraborty <kauschluss(a)disroot.org> arm64: dts: exynos7870: add quirk to disable USB2 LPM in gadget mode Alexander Sverdlin <alexander.sverdlin(a)gmail.com> arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default Kaustabh Chakraborty <kauschluss(a)disroot.org> arm64: dts: exynos7870-j6lte: reduce memory ranges to base amount Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support Nick Chan <towinchenmi(a)gmail.com> arm64: dts: apple: t8012-j132: Include touchbar framebuffer node Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: fix printing of mount info messages for NODATACOW/NODATASUM Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: restore mount option info messages during mount Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: fix incorrect log message for nobarrier mount option Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix write time activation failure for metadata block group Zhang Yi <yi.zhang(a)huawei.com> ext4: fix hole length calculation overflow in non-extent inodes Liao Yuanhong <liaoyuanhong(a)vivo.com> ext4: use kmalloc_array() for array space allocation Theodore Ts'o <tytso(a)mit.edu> ext4: don't try to clear the orphan_present feature block device is r/o Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Baokun Li <libaokun1(a)huawei.com> ext4: preserve SB_I_VERSION on remount Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe-event: Sanitize wildcard for fprobe event name Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: extend the connection limiting mechanism to support IPv6 Ziyan Xu <ziyan(a)securitygossip.com> ksmbd: fix refcount leak causing resource not released Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Herbert Xu <herbert(a)gondor.apana.org.au> crypto: hash - Increase HASH_MAX_DESCSIZE for hmac(sha3-224-s390) Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment issue on ucode loading Eric Biggers <ebiggers(a)kernel.org> crypto: x86/aegis - Add missing error checks Eric Biggers <ebiggers(a)kernel.org> crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - flush misc workqueue during device shutdown John Ernberg <john.ernberg(a)actia.se> crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Ashish Kalra <ashish.kalra(a)amd.com> crypto: ccp - Fix SNP panic notifier unregistration Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - lower priority for skcipher and aead algorithms Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts Eric Biggers <ebiggers(a)kernel.org> lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap David Howells <dhowells(a)redhat.com> netfs: Fix unbuffered write error handling Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Youssef Samir <quic_yabdulra(a)quicinc.com> bus: mhi: host: Detect events pointing to unexpected TREs Alexander Wilhelm <alexander.wilhelm(a)westermo.com> bus: mhi: host: Fix endianness of BHI vector table Johan Hovold <johan(a)kernel.org> usb: dwc3: imx8mp: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix num_slots Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Damien Le Moal <dlemoal(a)kernel.org> dm: Check for forbidden splitting of zone write operations Damien Le Moal <dlemoal(a)kernel.org> dm: dm-crypt: Do not partially accept write BIOs with zoned targets Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Take active children into account in pm_runtime_get_if_in_use() Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR ------------- Diffstat: .../bindings/display/rockchip/rockchip-vop2.yaml | 56 ++++- .../bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 +- .../display/sprd/sprd,sharkl3-dsi-host.yaml | 2 +- .../devicetree/bindings/ufs/mediatek,ufs.yaml | 4 + Documentation/networking/mptcp-sysctl.rst | 2 + Makefile | 6 +- arch/arm/lib/crypto/poly1305-glue.c | 3 +- arch/arm64/boot/dts/apple/t8012-j132.dts | 1 + arch/arm64/boot/dts/exynos/exynos7870-j6lte.dts | 2 +- arch/arm64/boot/dts/exynos/exynos7870-on7xelte.dts | 2 +- arch/arm64/boot/dts/exynos/exynos7870.dtsi | 1 + arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3576.dtsi | 7 +- .../arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 11 - arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts | 24 ++ arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12 +- arch/arm64/boot/dts/ti/k3-am625-sk.dts | 24 ++ arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4 +- arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 24 -- arch/arm64/boot/dts/ti/k3-pinctrl.h | 15 +- arch/arm64/lib/crypto/poly1305-glue.c | 3 +- arch/loongarch/Makefile | 6 + arch/loongarch/kernel/module-sections.c | 38 +-- arch/loongarch/kvm/intc/eiointc.c | 32 +-- arch/loongarch/kvm/intc/ipi.c | 8 +- arch/loongarch/kvm/intc/pch_pic.c | 10 + arch/loongarch/kvm/vcpu.c | 8 +- arch/m68k/kernel/head.S | 31 ++- arch/mips/lib/crypto/chacha-core.S | 20 +- arch/parisc/Makefile | 4 +- arch/parisc/include/asm/pgtable.h | 7 +- arch/parisc/include/asm/special_insns.h | 28 +++ arch/parisc/include/asm/uaccess.h | 21 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/entry.S | 17 +- arch/parisc/kernel/syscall.S | 30 ++- arch/parisc/lib/memcpy.c | 19 +- arch/parisc/mm/fault.c | 4 + arch/s390/boot/vmem.c | 3 + arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/x86/crypto/aegis128-aesni-glue.c | 40 +++- arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/cpu/amd.c | 8 +- arch/x86/kernel/cpu/hygon.c | 3 + block/bfq-iosched.c | 13 +- block/blk-mq-debugfs.c | 1 + block/blk-mq-sched.c | 223 ++++++++++++------ block/blk-mq-sched.h | 12 +- block/blk-mq.c | 29 ++- block/blk-rq-qos.c | 8 +- block/blk-rq-qos.h | 48 ++-- block/blk-sysfs.c | 2 +- block/blk.h | 4 +- block/elevator.c | 38 ++- block/elevator.h | 16 +- block/kyber-iosched.c | 11 +- block/mq-deadline.c | 14 +- crypto/deflate.c | 7 +- drivers/accel/habanalabs/gaudi2/gaudi2.c | 2 +- drivers/acpi/apei/einj-core.c | 12 +- drivers/acpi/pfr_update.c | 2 +- drivers/ata/Kconfig | 32 ++- drivers/ata/libata-scsi.c | 49 ++-- drivers/base/power/runtime.c | 27 ++- drivers/bluetooth/btmtk.c | 7 +- drivers/bus/mhi/host/boot.c | 8 +- drivers/bus/mhi/host/internal.h | 4 +- drivers/bus/mhi/host/main.c | 12 +- drivers/cdx/controller/cdx_rpmsg.c | 3 +- drivers/comedi/comedi_fops.c | 5 + drivers/comedi/drivers.c | 27 +-- drivers/comedi/drivers/pcl726.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpuidle/governors/menu.c | 29 +-- drivers/crypto/caam/ctrl.c | 5 +- drivers/crypto/caam/intern.h | 1 + drivers/crypto/ccp/sev-dev.c | 10 +- .../crypto/intel/qat/qat_common/adf_common_drv.h | 1 + drivers/crypto/intel/qat/qat_common/adf_init.c | 1 + drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 + drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 +- drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h | 125 +++++++--- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 35 +-- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 76 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 - drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 21 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 5 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 14 +- drivers/gpu/drm/amd/amdgpu/imu_v12_0.c | 13 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 +++-- drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 121 +++++++++- drivers/gpu/drm/amd/amdgpu/mmhub_v4_1_0.c | 34 ++- drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2 + drivers/gpu/drm/amd/amdgpu/soc15.c | 2 + .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 61 ++++- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 20 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 28 +++ .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 5 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 - .../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 19 +- .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 ++-- .../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +-- drivers/gpu/drm/amd/display/dc/core/dc.c | 34 ++- .../amd/display/dc/resource/dce60/dce60_resource.c | 34 +-- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 16 ++ drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 11 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 30 ++- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/drm_format_helper.c | 108 ++++++++- drivers/gpu/drm/drm_format_internal.h | 8 + drivers/gpu/drm/drm_panic_qr.rs | 22 +- drivers/gpu/drm/hisilicon/hibmc/dp/dp_link.c | 14 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 22 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 1 + drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 5 + drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 11 +- drivers/gpu/drm/i915/display/intel_display_irq.c | 4 + drivers/gpu/drm/i915/display/intel_tc.c | 93 ++++++-- drivers/gpu/drm/i915/gt/intel_workarounds.c | 20 +- drivers/gpu/drm/nouveau/nvif/vmm.c | 3 +- .../gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c | 4 +- drivers/gpu/drm/nova/file.rs | 3 +- drivers/gpu/drm/tests/drm_format_helper_test.c | 111 ++------- drivers/gpu/drm/xe/Kconfig | 1 + drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/gpu/drm/xe/xe_pxp_submit.c | 2 +- drivers/gpu/drm/xe/xe_shrinker.c | 51 +++- drivers/gpu/drm/xe/xe_vm.c | 48 ++-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/hwmon/gsc-hwmon.c | 4 +- drivers/i2c/busses/i2c-qcom-geni.c | 6 +- drivers/i2c/busses/i2c-rtl9300.c | 20 +- drivers/iio/accel/sca3300.c | 2 +- drivers/iio/adc/Kconfig | 2 +- drivers/iio/adc/ad7124.c | 14 +- drivers/iio/adc/ad7173.c | 137 ++++++++--- drivers/iio/adc/ad7380.c | 1 + drivers/iio/adc/ad_sigma_delta.c | 4 +- drivers/iio/adc/rzg2l_adc.c | 33 +-- drivers/iio/imu/bno055/bno055.c | 11 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 31 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6 +- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 41 ++-- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12 +- drivers/iio/light/as73211.c | 2 +- drivers/iio/pressure/bmp280-core.c | 9 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/iio/temperature/maxim_thermocouple.c | 26 ++- drivers/infiniband/core/umem_odp.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/main.c | 23 ++ drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 +-- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 - drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 + drivers/infiniband/hw/erdma/erdma_verbs.c | 6 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6 +- drivers/infiniband/hw/hns/hns_roce_restrack.c | 9 +- drivers/infiniband/sw/rxe/rxe_net.c | 29 +-- drivers/infiniband/sw/rxe/rxe_qp.c | 2 +- drivers/iommu/amd/init.c | 4 +- drivers/iommu/apple-dart.c | 1 - drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/iommu/intel/iommu.c | 1 - drivers/iommu/iommufd/selftest.c | 1 - drivers/iommu/riscv/iommu.c | 3 +- drivers/iommu/virtio-iommu.c | 19 +- drivers/md/dm-crypt.c | 47 +++- drivers/md/dm-raid.c | 42 ++-- drivers/md/dm.c | 17 +- drivers/md/md-bitmap.c | 8 +- drivers/md/md-cluster.c | 16 +- drivers/md/md.c | 110 ++++++--- drivers/md/md.h | 2 +- drivers/md/raid0.c | 6 +- drivers/md/raid1-10.c | 2 +- drivers/md/raid1.c | 10 +- drivers/md/raid10.c | 16 +- drivers/md/raid5-ppl.c | 6 +- drivers/md/raid5.c | 30 +-- drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +- drivers/media/i2c/hi556.c | 26 ++- drivers/media/i2c/mt9m114.c | 8 - drivers/media/i2c/ov2659.c | 3 +- drivers/media/pci/intel/ipu6/ipu6-isys-csi2.c | 12 +- drivers/media/pci/intel/ivsc/mei_ace.c | 2 + drivers/media/pci/intel/ivsc/mei_csi.c | 2 + .../platform/qcom/camss/camss-csiphy-3ph-1-0.c | 3 +- drivers/media/platform/qcom/camss/camss.c | 20 +- drivers/media/platform/qcom/iris/iris_buffer.c | 20 +- drivers/media/platform/qcom/iris/iris_buffer.h | 3 +- drivers/media/platform/qcom/iris/iris_ctrls.c | 7 +- .../platform/qcom/iris/iris_hfi_gen1_command.c | 27 +-- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 1 - .../platform/qcom/iris/iris_hfi_gen1_response.c | 20 +- .../platform/qcom/iris/iris_hfi_gen2_command.c | 4 +- .../platform/qcom/iris/iris_hfi_gen2_response.c | 11 +- drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +- drivers/media/platform/qcom/iris/iris_instance.h | 2 + .../platform/qcom/iris/iris_platform_common.h | 2 +- .../platform/qcom/iris/iris_platform_sm8250.c | 9 - drivers/media/platform/qcom/iris/iris_state.c | 2 +- drivers/media/platform/qcom/iris/iris_state.h | 1 + drivers/media/platform/qcom/iris/iris_vb2.c | 15 +- drivers/media/platform/qcom/iris/iris_vdec.c | 9 +- drivers/media/platform/qcom/iris/iris_vidc.c | 33 ++- drivers/media/platform/qcom/venus/core.c | 18 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/hfi_venus.c | 5 + drivers/media/platform/qcom/venus/vdec.c | 5 +- drivers/media/platform/qcom/venus/venc.c | 5 +- drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/raspberrypi/pisp_be/pisp_be.c | 5 +- .../media/platform/verisilicon/rockchip_vpu_hw.c | 9 - drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 - drivers/memstick/core/memstick.c | 1 - drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mfd/mt6397-core.c | 12 +- drivers/mmc/host/sdhci-of-arasan.c | 33 ++- drivers/mmc/host/sdhci-pci-gli.c | 37 +-- drivers/mmc/host/sdhci_am654.c | 18 ++ drivers/most/core.c | 2 +- drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/mtd/nand/raw/renesas-nand-controller.c | 6 + drivers/mtd/nand/spi/core.c | 5 +- drivers/mtd/spi-nor/swp.c | 19 +- drivers/net/bonding/bond_3ad.c | 67 ++++-- drivers/net/bonding/bond_options.c | 1 + drivers/net/dsa/microchip/ksz_common.c | 6 + drivers/net/ethernet/airoha/airoha_ppe.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- drivers/net/ethernet/google/gve/gve_main.c | 2 + drivers/net/ethernet/intel/igc/igc_main.c | 14 +- drivers/net/ethernet/intel/ixgbe/devlink/devlink.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en/dcbnl.h | 1 - .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 18 +- .../ethernet/mellanox/mlx5/core/en/tc/ct_fs_hmfs.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 12 +- .../ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/port.c | 20 ++ .../mellanox/mlx5/core/steering/hws/bwc_complex.c | 41 ++-- .../ethernet/mellanox/mlx5/core/steering/hws/cmd.c | 1 + .../ethernet/mellanox/mlx5/core/steering/hws/cmd.h | 1 + .../mellanox/mlx5/core/steering/hws/fs_hws.c | 1 + .../mellanox/mlx5/core/steering/hws/matcher.c | 5 +- .../mellanox/mlx5/core/steering/hws/mlx5hws.h | 1 + .../mellanox/mlx5/core/steering/hws/send.c | 1 - .../mellanox/mlx5/core/steering/hws/table.c | 13 +- .../mellanox/mlx5/core/steering/hws/table.h | 3 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 + drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 + drivers/net/ethernet/microchip/lan865x/lan865x.c | 21 ++ drivers/net/ethernet/realtek/rtase/rtase.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 9 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 72 +++--- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 +- drivers/net/phy/mscc/mscc.h | 12 + drivers/net/phy/mscc/mscc_main.c | 12 + drivers/net/phy/mscc/mscc_ptp.c | 49 +++- drivers/net/ppp/ppp_generic.c | 17 +- drivers/net/usb/asix_devices.c | 2 +- drivers/net/wireless/ath/ath11k/ce.c | 3 - drivers/net/wireless/ath/ath11k/dp_rx.c | 3 - drivers/net/wireless/ath/ath11k/hal.c | 33 ++- drivers/net/wireless/ath/ath12k/ce.c | 3 - drivers/net/wireless/ath/ath12k/hal.c | 38 ++- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/pci/controller/dwc/pci-imx6.c | 12 +- drivers/pci/controller/dwc/pcie-designware.c | 8 + drivers/pci/controller/pcie-rockchip-ep.c | 4 +- drivers/pci/controller/pcie-rockchip-host.c | 49 ++-- drivers/pci/controller/pcie-rockchip.h | 12 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/pci.h | 32 +-- drivers/pci/pcie/portdrv.c | 2 +- drivers/phy/qualcomm/phy-qcom-m31.c | 14 +- drivers/platform/chrome/cros_ec.c | 3 + drivers/platform/x86/amd/hsmp/hsmp.c | 5 + .../intel/uncore-frequency/uncore-frequency-tpmi.c | 5 + drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 71 +++--- drivers/regulator/pca9450-regulator.c | 13 +- drivers/regulator/tps65219-regulator.c | 12 +- drivers/s390/char/sclp.c | 11 +- drivers/scsi/mpi3mr/mpi3mr.h | 6 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 2 + drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/soc/qcom/mdt_loader.c | 43 ++++ drivers/soc/tegra/pmc.c | 51 ++-- drivers/spi/spi-fsl-lpspi.c | 8 +- drivers/spi/spi-qpic-snand.c | 22 +- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/vt/defkeymap.c_shipped | 112 +++++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/ufs/core/ufshcd.c | 10 +- drivers/ufs/host/ufs-exynos.c | 4 +- drivers/ufs/host/ufs-qcom.c | 42 ++-- drivers/ufs/host/ufshcd-pci.c | 42 +++- drivers/usb/atm/cxacru.c | 172 +++++++------- drivers/usb/core/hcd.c | 20 +- drivers/usb/core/quirks.c | 1 + drivers/usb/dwc3/dwc3-imx8mp.c | 7 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/dwc3/ep0.c | 20 +- drivers/usb/dwc3/gadget.c | 19 +- drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-mem.c | 22 +- drivers/usb/host/xhci-pci-renesas.c | 7 +- drivers/usb/host/xhci-ring.c | 9 +- drivers/usb/host/xhci.c | 23 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/musb/omap2430.c | 14 +- drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 +++ drivers/usb/typec/tcpm/maxim_contaminant.c | 58 +++++ drivers/usb/typec/tcpm/tcpci_maxim.h | 1 + drivers/vhost/vsock.c | 6 +- drivers/video/console/vgacon.c | 2 +- fs/btrfs/ctree.c | 23 +- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/extent_io.c | 94 ++++---- fs/btrfs/extent_io.h | 2 +- fs/btrfs/fiemap.c | 2 +- fs/btrfs/free-space-tree.c | 17 +- fs/btrfs/inode.c | 8 +- fs/btrfs/print-tree.c | 2 +- fs/btrfs/qgroup.c | 6 +- fs/btrfs/relocation.c | 4 +- fs/btrfs/subpage.c | 258 +++++++++++---------- fs/btrfs/subpage.h | 45 +++- fs/btrfs/super.c | 13 +- fs/btrfs/tree-log.c | 4 +- fs/btrfs/zoned.c | 70 ++++-- fs/buffer.c | 2 +- fs/debugfs/inode.c | 11 +- fs/erofs/Kconfig | 18 +- fs/ext4/fsmap.c | 23 +- fs/ext4/indirect.c | 4 +- fs/ext4/inode.c | 2 +- fs/ext4/orphan.c | 5 +- fs/ext4/super.c | 8 +- fs/f2fs/node.c | 10 + fs/fhandle.c | 2 +- fs/internal.h | 3 + fs/iomap/direct-io.c | 14 +- fs/jbd2/checkpoint.c | 1 + fs/libfs.c | 27 ++- fs/namespace.c | 69 +++--- fs/netfs/read_collect.c | 4 +- fs/netfs/write_collect.c | 10 +- fs/netfs/write_issue.c | 4 +- fs/nfs/pagelist.c | 9 +- fs/nfs/write.c | 29 +-- fs/overlayfs/copy_up.c | 2 +- fs/proc/task_mmu.c | 4 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/server/connection.c | 3 +- fs/smb/server/connection.h | 7 +- fs/smb/server/oplock.c | 13 +- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/transport_rdma.h | 4 +- fs/smb/server/transport_tcp.c | 26 ++- fs/splice.c | 3 + fs/squashfs/super.c | 14 +- fs/xfs/libxfs/xfs_refcount.c | 4 +- fs/xfs/scrub/common.c | 3 +- fs/xfs/scrub/repair.c | 12 +- fs/xfs/scrub/scrub.c | 5 +- fs/xfs/xfs_attr_item.c | 5 +- fs/xfs/xfs_discard.c | 12 +- fs/xfs/xfs_fsmap.c | 4 +- fs/xfs/xfs_icache.c | 5 +- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_itable.c | 24 +- fs/xfs/xfs_iwalk.c | 11 +- fs/xfs/xfs_notify_failure.c | 6 +- fs/xfs/xfs_qm.c | 10 +- fs/xfs/xfs_rtalloc.c | 13 +- fs/xfs/xfs_trans.c | 56 ++--- fs/xfs/xfs_trans.h | 3 +- fs/xfs/xfs_zone_alloc.c | 10 +- fs/xfs/xfs_zone_gc.c | 5 +- include/crypto/hash.h | 2 +- include/crypto/internal/acompress.h | 5 +- include/drm/drm_format_helper.h | 9 + include/drm/intel/pciids.h | 1 + include/linux/blkdev.h | 1 + include/linux/compiler.h | 8 - include/linux/iosys-map.h | 7 +- include/linux/iov_iter.h | 20 +- include/linux/kcov.h | 47 +--- include/linux/mlx5/mlx5_ifc.h | 14 +- include/linux/netfs.h | 1 + include/linux/nfs_page.h | 1 + include/net/bluetooth/bluetooth.h | 4 +- include/net/bluetooth/hci.h | 1 + include/net/bluetooth/hci_core.h | 54 ++++- include/net/bond_3ad.h | 1 + include/net/devlink.h | 6 +- include/net/sch_generic.h | 11 +- include/sound/cs35l56.h | 5 +- include/trace/events/btrfs.h | 2 +- include/uapi/linux/pfrut.h | 1 + include/uapi/linux/raid/md_p.h | 2 +- io_uring/futex.c | 3 + kernel/Kconfig.kexec | 1 + kernel/cgroup/cpuset.c | 9 +- kernel/cgroup/rstat.c | 3 + kernel/kexec_handover.c | 29 ++- kernel/sched/ext.c | 4 + kernel/signal.c | 6 +- kernel/trace/ftrace.c | 19 +- kernel/trace/trace.c | 34 ++- kernel/trace/trace.h | 10 +- mm/damon/core.c | 15 +- mm/damon/paddr.c | 4 + mm/debug_vm_pgtable.c | 9 +- mm/filemap.c | 3 +- mm/kasan/kasan_test_c.c | 2 +- mm/memory-failure.c | 8 + mm/mremap.c | 41 ++-- net/bluetooth/hci_conn.c | 17 +- net/bluetooth/hci_core.c | 27 ++- net/bluetooth/hci_event.c | 15 +- net/bluetooth/hci_sync.c | 33 +-- net/bluetooth/iso.c | 20 +- net/bluetooth/mgmt.c | 13 +- net/bridge/br_multicast.c | 16 ++ net/bridge/br_private.h | 2 + net/core/dev.c | 12 + net/devlink/port.c | 2 +- net/hsr/hsr_slave.c | 8 +- net/ipv4/netfilter/nf_reject_ipv4.c | 6 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/seg6_hmac.c | 6 +- net/mptcp/options.c | 6 +- net/mptcp/pm.c | 18 +- net/mptcp/pm_kernel.c | 1 - net/sched/sch_cake.c | 14 +- net/sched/sch_codel.c | 12 +- net/sched/sch_fq.c | 12 +- net/sched/sch_fq_codel.c | 12 +- net/sched/sch_fq_pie.c | 12 +- net/sched/sch_hhf.c | 12 +- net/sched/sch_htb.c | 2 +- net/sched/sch_pie.c | 12 +- net/smc/af_smc.c | 3 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 12 +- rust/kernel/alloc/allocator.rs | 30 ++- rust/kernel/alloc/allocator_test.rs | 11 + rust/kernel/drm/device.rs | 32 ++- rust/kernel/faux.rs | 2 +- security/apparmor/lsm.c | 4 +- sound/core/timer.c | 4 +- sound/pci/hda/patch_realtek.c | 2 + sound/pci/hda/tas2781_hda_i2c.c | 2 +- sound/soc/codecs/cs35l56-sdw.c | 69 ------ sound/soc/codecs/cs35l56-shared.c | 29 ++- sound/soc/codecs/cs35l56.c | 2 +- sound/soc/codecs/cs35l56.h | 3 - sound/soc/sof/amd/acp-loader.c | 6 +- sound/usb/stream.c | 2 +- sound/usb/validate.c | 2 +- tools/objtool/arch/loongarch/special.c | 23 ++ tools/testing/selftests/net/mptcp/mptcp_connect.c | 5 +- tools/testing/selftests/net/mptcp/mptcp_inq.c | 5 +- tools/testing/selftests/net/mptcp/mptcp_sockopt.c | 5 +- tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 + 498 files changed, 4907 insertions(+), 2746 deletions(-)

2 months, 2 weeks

20
477
0 0

[PATCH net v2] batman-adv: fix OOB read/write in network-coding decode

by Stanislav Fort

batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing. Fixes: 2df5278b0267 ("batman-adv: network coding - receive coded packets and decode them") Cc: stable(a)vger.kernel.org Reported-by: Stanislav Fort <disclosure(a)aisle.com> Signed-off-by: Stanislav Fort <disclosure(a)aisle.com> --- net/batman-adv/network-coding.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c index 9f56308779cc..af97d077369f 100644 --- a/net/batman-adv/network-coding.c +++ b/net/batman-adv/network-coding.c @@ -1687,7 +1687,12 @@ batadv_nc_skb_decode_packet(struct batadv_priv *bat_priv, struct sk_buff *skb, coding_len = ntohs(coded_packet_tmp.coded_len); - if (coding_len > skb->len) + /* ensure dst buffer is large enough (payload only) */ + if (coding_len + h_size > skb->len) + return NULL; + + /* ensure src buffer is large enough (payload only) */ + if (coding_len + h_size > nc_packet->skb->len) return NULL; /* Here the magic is reversed: -- 2.39.3 (Apple Git-146)

2 months, 2 weeks

2
1
0 0

[PATCH 0/3] clk: samsung: exynos990: Fix USB clock support

by Denzeel Oliva

Hi, Small fixes for Exynos990 HSI0 USB clocks: Add missing LHS_ACEL clock ID and implementation, plus two missing USB clock registers. Without these, USB connections fail with errors like device descriptor read timeouts and address response issues. These changes ensure proper USB operation by adding critical missing clock definitions. Denzeel Oliva Signed-off-by: Denzeel Oliva <wachiturroxd150(a)gmail.com> Signed-off-by: Denzeel Oliva <wachiturroxd150(a)gmail.com> --- Denzeel Oliva (3): dt-bindings: clock: exynos990: Add LHS_ACEL clock ID for HSI0 block clk: samsung: exynos990: Add LHS_ACEL gate clock for HSI0 and update CLK_NR_TOP clk: samsung: exynos990: Add missing USB clock registers to HSI0 drivers/clk/samsung/clk-exynos990.c | 8 +++++++- include/dt-bindings/clock/samsung,exynos990.h | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) --- base-commit: e0edfc39b62e35dfb6d669b1189fa268147345ef change-id: 20250830-usb-c8d352f5de9f Best regards, -- Denzeel Oliva <wachiturroxd150(a)gmail.com>

2 months, 2 weeks

2
4
0 0

[PATCH v7 02/12] i2c: rtl9300: ensure data length is within supported range

by Jonas Jelonek

Add an explicit check for the xfer length to 'rtl9300_i2c_config_xfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not supported by the hardware and causes unintended or destructive behaviour. This limitation becomes obvious when looking at the register documentation [1]. 4 bits are reserved for DATA_WIDTH and the value of these 4 bits is used as N + 1, allowing a data length range of 1 <= len <= 16. Affected by this is the SMBus Quick Operation which works with a data length of 0. Passing 0 as the length causes an underflow of the value due to: (len - 1) & 0xf and effectively specifying a transfer length of 16 via the registers. This causes a 16-byte write operation instead of a Quick Write. For example, on SFP modules without write-protected EEPROM this soft-bricks them by overwriting some initial bytes. For completeness, also add a quirk for the zero length. [1] https://svanheule.net/realtek/longan/register/i2c_mst1_ctrl2 Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller") Cc: <stable(a)vger.kernel.org> # v6.13+ Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com> Tested-by: Sven Eckelmann <sven(a)narfation.org> Reviewed-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Tested-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> # On RTL9302C based board Tested-by: Markus Stockhausen <markus.stockhausen(a)gmx.de> --- drivers/i2c/busses/i2c-rtl9300.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c index 19c367703eaf..ebd4a85e1bde 100644 --- a/drivers/i2c/busses/i2c-rtl9300.c +++ b/drivers/i2c/busses/i2c-rtl9300.c @@ -99,6 +99,9 @@ static int rtl9300_i2c_config_xfer(struct rtl9300_i2c *i2c, struct rtl9300_i2c_c { u32 val, mask; + if (len < 1 || len > 16) + return -EINVAL; + val = chan->bus_freq << RTL9300_I2C_MST_CTRL2_SCL_FREQ_OFS; mask = RTL9300_I2C_MST_CTRL2_SCL_FREQ_MASK; @@ -352,7 +355,7 @@ static const struct i2c_algorithm rtl9300_i2c_algo = { }; static struct i2c_adapter_quirks rtl9300_i2c_quirks = { - .flags = I2C_AQ_NO_CLK_STRETCH, + .flags = I2C_AQ_NO_CLK_STRETCH | I2C_AQ_NO_ZERO_LEN, .max_read_len = 16, .max_write_len = 16, }; -- 2.48.1

2 months, 2 weeks

1
0
0 0

[PATCH v7 01/12] i2c: rtl9300: fix channel number bound check

by Jonas Jelonek

Fix the current check for number of channels (child nodes in the device tree). Before, this was: if (device_get_child_node_count(dev) >= RTL9300_I2C_MUX_NCHAN) RTL9300_I2C_MUX_NCHAN gives the maximum number of channels so checking with '>=' isn't correct because it doesn't allow the last channel number. Thus, fix it to: if (device_get_child_node_count(dev) > RTL9300_I2C_MUX_NCHAN) Issue occured on a TP-Link TL-ST1008F v2.0 device (8 SFP+ ports) and fix is tested there. Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller") Cc: <stable(a)vger.kernel.org> # v6.13+ Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com> Tested-by: Sven Eckelmann <sven(a)narfation.org> Reviewed-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Tested-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> # On RTL9302C based board Tested-by: Markus Stockhausen <markus.stockhausen(a)gmx.de> --- drivers/i2c/busses/i2c-rtl9300.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c index 4b215f9a24e6..19c367703eaf 100644 --- a/drivers/i2c/busses/i2c-rtl9300.c +++ b/drivers/i2c/busses/i2c-rtl9300.c @@ -382,7 +382,7 @@ static int rtl9300_i2c_probe(struct platform_device *pdev) platform_set_drvdata(pdev, i2c); - if (device_get_child_node_count(dev) >= RTL9300_I2C_MUX_NCHAN) + if (device_get_child_node_count(dev) > RTL9300_I2C_MUX_NCHAN) return dev_err_probe(dev, -EINVAL, "Too many channels\n"); device_for_each_child_node(dev, child) { -- 2.48.1

2 months, 2 weeks

1
0
0 0

New September Order. 15508 Sunday, August 31, 2025 at 11:07:52 AM

by Info - Albinayah 957

Hi Stable, Please provide a quote for your products: Include: 1.Pricing (per unit) 2.Delivery cost & timeline 3.Quote expiry date Deadline: September Thanks! Kamal Prasad Albinayah Trading

2 months, 2 weeks

1
0
0 0

[PATCH 6.6 0/8] Backport sched/schedutil fixes and depend patch series

by Wentao Guan

Our user report a bug that his cpu keep the min cpu freq, bisect to commit ada8d7fa0ad49a2a078f97f7f6e02d24d3c357a3 ("sched/cpufreq: Rework schedutil governor performance estimation") and test the fix e37617c8e53a1f7fcba6d5e1041f4fd8a2425c27 ("sched/fair: Fix frequency selection for non-invariant case") works. And backport the "stable-deps-of" series: "consolidate and cleanup CPU capacity" Link: https://lore.kernel.org/all/20231211104855.558096-1-vincent.guittot@linaro.… PS: commit 50b813b147e9eb6546a1fc49d4e703e6d23691f2 in series ("cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()") merged in v6.6.59 as 33e89c16cea0882bb05c585fa13236b730dd0efa Vincent Guittot (8): sched/topology: Add a new arch_scale_freq_ref() method cpufreq: Use the fixed and coherent frequency for scaling capacity cpufreq/schedutil: Use a fixed reference frequency energy_model: Use a fixed reference frequency cpufreq/cppc: Set the frequency used for computing the capacity arm64/amu: Use capacity_ref_freq() to set AMU ratio topology: Set capacity_freq_ref in all cases sched/fair: Fix frequency selection for non-invariant case arch/arm/include/asm/topology.h | 1 + arch/arm64/include/asm/topology.h | 1 + arch/arm64/kernel/topology.c | 26 ++++++------ arch/riscv/include/asm/topology.h | 1 + drivers/base/arch_topology.c | 69 ++++++++++++++++++++----------- drivers/cpufreq/cpufreq.c | 4 +- include/linux/arch_topology.h | 8 ++++ include/linux/cpufreq.h | 1 + include/linux/energy_model.h | 6 +-- include/linux/sched/topology.h | 8 ++++ kernel/sched/cpufreq_schedutil.c | 30 +++++++++++++- 11 files changed, 111 insertions(+), 44 deletions(-) -- 2.20.1

2 months, 2 weeks

3
12
0 0

[PATCH v2] scsi: lpfc: Fix buffer free/clear order in deferred receive path

by John Evans

Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double-free/UAF. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same. Fixes: 472e146d1cf3 ("scsi: lpfc: Correct upcalling nvmet_fc transport during io done downcall") Cc: stable(a)vger.kernel.org Signed-off-by: John Evans <evans1210144(a)gmail.com> --- v2: * Rework locking to read and clear the buffer pointer atomically, as suggested by Justin Tee. --- drivers/scsi/lpfc/lpfc_nvmet.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c index fba2e62027b7..4cfc928bcf2d 100644 --- a/drivers/scsi/lpfc/lpfc_nvmet.c +++ b/drivers/scsi/lpfc/lpfc_nvmet.c @@ -1243,7 +1243,7 @@ lpfc_nvmet_defer_rcv(struct nvmet_fc_target_port *tgtport, struct lpfc_nvmet_tgtport *tgtp; struct lpfc_async_xchg_ctx *ctxp = container_of(rsp, struct lpfc_async_xchg_ctx, hdlrctx.fcp_req); - struct rqb_dmabuf *nvmebuf = ctxp->rqb_buffer; + struct rqb_dmabuf *nvmebuf; struct lpfc_hba *phba = ctxp->phba; unsigned long iflag; @@ -1251,13 +1251,18 @@ lpfc_nvmet_defer_rcv(struct nvmet_fc_target_port *tgtport, lpfc_nvmeio_data(phba, "NVMET DEFERRCV: xri x%x sz %d CPU %02x\n", ctxp->oxid, ctxp->size, raw_smp_processor_id()); + spin_lock_irqsave(&ctxp->ctxlock, iflag); + nvmebuf = ctxp->rqb_buffer; if (!nvmebuf) { + spin_unlock_irqrestore(&ctxp->ctxlock, iflag); lpfc_printf_log(phba, KERN_INFO, LOG_NVME_IOERR, "6425 Defer rcv: no buffer oxid x%x: " "flg %x ste %x\n", ctxp->oxid, ctxp->flag, ctxp->state); return; } + ctxp->rqb_buffer = NULL; + spin_unlock_irqrestore(&ctxp->ctxlock, iflag); tgtp = phba->targetport->private; if (tgtp) @@ -1265,9 +1270,6 @@ lpfc_nvmet_defer_rcv(struct nvmet_fc_target_port *tgtport, /* Free the nvmebuf since a new buffer already replaced it */ nvmebuf->hrq->rqbp->rqb_free_buffer(phba, nvmebuf); - spin_lock_irqsave(&ctxp->ctxlock, iflag); - ctxp->rqb_buffer = NULL; - spin_unlock_irqrestore(&ctxp->ctxlock, iflag); } /** -- 2.43.0

2 months, 2 weeks

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror