- Linux-stable-mirror - lists.linaro.org

[PATCH v4 8/8] iommu/sva: Invalidate stale IOTLB entries for kernel address space

by Lu Baolu

In the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware shares and walks the CPU's page tables. The x86 architecture maps the kernel's virtual address space into the upper portion of every process's page table. Consequently, in an SVA context, the IOMMU hardware can walk and cache kernel page table entries. The Linux kernel currently lacks a notification mechanism for kernel page table changes, specifically when page table pages are freed and reused. The IOMMU driver is only notified of changes to user virtual address mappings. This can cause the IOMMU's internal caches to retain stale entries for kernel VA. A Use-After-Free (UAF) and Write-After-Free (WAF) condition arises when kernel page table pages are freed and later reallocated. The IOMMU could misinterpret the new data as valid page table entries. The IOMMU might then walk into attacker-controlled memory, leading to arbitrary physical memory DMA access or privilege escalation. This is also a Write-After-Free issue, as the IOMMU will potentially continue to write Accessed and Dirty bits to the freed memory while attempting to walk the stale page tables. Currently, SVA contexts are unprivileged and cannot access kernel mappings. However, the IOMMU will still walk kernel-only page tables all the way down to the leaf entries, where it realizes the mapping is for the kernel and errors out. This means the IOMMU still caches these intermediate page table entries, making the described vulnerability a real concern. To mitigate this, a new IOMMU interface is introduced to flush IOTLB entries for the kernel address space. This interface is invoked from the x86 architecture code that manages combined user and kernel page tables, specifically when a kernel page table update requires a CPU TLB flush. Fixes: 26b25a2b98e4 ("iommu: Bind process address spaces to devices") Cc: stable(a)vger.kernel.org Suggested-by: Jann Horn <jannh(a)google.com> Co-developed-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Vasant Hegde <vasant.hegde(a)amd.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> --- drivers/iommu/iommu-sva.c | 29 ++++++++++++++++++++++++++++- include/linux/iommu.h | 4 ++++ mm/pgtable-generic.c | 2 ++ 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/iommu-sva.c b/drivers/iommu/iommu-sva.c index 1a51cfd82808..d236aef80a8d 100644 --- a/drivers/iommu/iommu-sva.c +++ b/drivers/iommu/iommu-sva.c @@ -10,6 +10,8 @@ #include "iommu-priv.h" static DEFINE_MUTEX(iommu_sva_lock); +static bool iommu_sva_present; +static LIST_HEAD(iommu_sva_mms); static struct iommu_domain *iommu_sva_domain_alloc(struct device *dev, struct mm_struct *mm); @@ -42,6 +44,7 @@ static struct iommu_mm_data *iommu_alloc_mm_data(struct mm_struct *mm, struct de return ERR_PTR(-ENOSPC); } iommu_mm->pasid = pasid; + iommu_mm->mm = mm; INIT_LIST_HEAD(&iommu_mm->sva_domains); /* * Make sure the write to mm->iommu_mm is not reordered in front of @@ -132,8 +135,13 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm if (ret) goto out_free_domain; domain->users = 1; - list_add(&domain->next, &mm->iommu_mm->sva_domains); + if (list_empty(&iommu_mm->sva_domains)) { + if (list_empty(&iommu_sva_mms)) + iommu_sva_present = true; + list_add(&iommu_mm->mm_list_elm, &iommu_sva_mms); + } + list_add(&domain->next, &iommu_mm->sva_domains); out: refcount_set(&handle->users, 1); mutex_unlock(&iommu_sva_lock); @@ -175,6 +183,13 @@ void iommu_sva_unbind_device(struct iommu_sva *handle) list_del(&domain->next); iommu_domain_free(domain); } + + if (list_empty(&iommu_mm->sva_domains)) { + list_del(&iommu_mm->mm_list_elm); + if (list_empty(&iommu_sva_mms)) + iommu_sva_present = false; + } + mutex_unlock(&iommu_sva_lock); kfree(handle); } @@ -312,3 +327,15 @@ static struct iommu_domain *iommu_sva_domain_alloc(struct device *dev, return domain; } + +void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end) +{ + struct iommu_mm_data *iommu_mm; + + guard(mutex)(&iommu_sva_lock); + if (!iommu_sva_present) + return; + + list_for_each_entry(iommu_mm, &iommu_sva_mms, mm_list_elm) + mmu_notifier_arch_invalidate_secondary_tlbs(iommu_mm->mm, start, end); +} diff --git a/include/linux/iommu.h b/include/linux/iommu.h index c30d12e16473..66e4abb2df0d 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h @@ -1134,7 +1134,9 @@ struct iommu_sva { struct iommu_mm_data { u32 pasid; + struct mm_struct *mm; struct list_head sva_domains; + struct list_head mm_list_elm; }; int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode); @@ -1615,6 +1617,7 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm); void iommu_sva_unbind_device(struct iommu_sva *handle); u32 iommu_sva_get_pasid(struct iommu_sva *handle); +void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end); #else static inline struct iommu_sva * iommu_sva_bind_device(struct device *dev, struct mm_struct *mm) @@ -1639,6 +1642,7 @@ static inline u32 mm_get_enqcmd_pasid(struct mm_struct *mm) } static inline void mm_pasid_drop(struct mm_struct *mm) {} +static inline void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end) {} #endif /* CONFIG_IOMMU_SVA */ #ifdef CONFIG_IOMMU_IOPF diff --git a/mm/pgtable-generic.c b/mm/pgtable-generic.c index cf884e8300ca..4c81ca8b196f 100644 --- a/mm/pgtable-generic.c +++ b/mm/pgtable-generic.c @@ -13,6 +13,7 @@ #include <linux/swap.h> #include <linux/swapops.h> #include <linux/mm_inline.h> +#include <linux/iommu.h> #include <asm/pgalloc.h> #include <asm/tlb.h> @@ -430,6 +431,7 @@ static void kernel_pgtable_work_func(struct work_struct *work) list_splice_tail_init(&kernel_pgtable_work.list, &page_list); spin_unlock(&kernel_pgtable_work.lock); + iommu_sva_invalidate_kva_range(PAGE_OFFSET, TLB_FLUSH_ALL); list_for_each_entry_safe(pt, next, &page_list, pt_list) { list_del(&pt->pt_list); __pagetable_free(pt); -- 2.43.0

2 months, 3 weeks

1
0
0 0

+ proc-fix-type-confusion-in-pde_set_flags.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: proc: fix type confusion in pde_set_flags() has been added to the -mm mm-hotfixes-unstable branch. Its filename is proc-fix-type-confusion-in-pde_set_flags.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: wangzijie <wangzijie1(a)honor.com> Subject: proc: fix type confusion in pde_set_flags() Date: Thu, 4 Sep 2025 21:57:15 +0800 Commit 2ce3d282bd50 ("proc: fix missing pde_set_flags() for net proc files") missed a key part in the definition of proc_dir_entry: union { const struct proc_ops *proc_ops; const struct file_operations *proc_dir_ops; }; So dereference of ->proc_ops assumes it is a proc_ops structure results in type confusion and make NULL check for 'proc_ops' not work for proc dir. Add !S_ISDIR(dp->mode) test before calling pde_set_flags() to fix it. Link: https://lkml.kernel.org/r/20250904135715.3972782-1-wangzijie1@honor.com Fixes: 2ce3d282bd50 ("proc: fix missing pde_set_flags() for net proc files") Signed-off-by: wangzijie <wangzijie1(a)honor.com> Reported-by: Brad Spengler <spender(a)grsecurity.net> Cc: Alexey Dobriyan <adobriyan(a)gmail.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Jiri Slaby <jirislaby(a)kernel.org> Cc: Stefano Brivio <sbrivio(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/generic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/proc/generic.c~proc-fix-type-confusion-in-pde_set_flags +++ a/fs/proc/generic.c @@ -393,7 +393,8 @@ struct proc_dir_entry *proc_register(str if (proc_alloc_inum(&dp->low_ino)) goto out_free_entry; - pde_set_flags(dp); + if (!S_ISDIR(dp->mode)) + pde_set_flags(dp); write_lock(&proc_subdir_lock); dp->parent = dir; _ Patches currently in -mm which might be from wangzijie1(a)honor.com are proc-fix-type-confusion-in-pde_set_flags.patch

2 months, 3 weeks

1
0
0 0

[PATCH net v2] net: libwx: fix to enable RSS

by Jiawen Wu

Now when SRIOV is enabled, PF with multiple queues can only receive all packets on queue 0. This is caused by an incorrect flag judgement, which prevents RSS from being enabled. In fact, RSS is supported for the functions when SRIOV is enabled. Remove the flag judgement to fix it. Fixes: c52d4b898901 ("net: libwx: Redesign flow when sriov is enabled") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> Reviewed-by: Simon Horman <horms(a)kernel.org> --- v2: detail the commit log --- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_hw.c b/drivers/net/ethernet/wangxun/libwx/wx_hw.c index bcd07a715752..5cb353a97d6d 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_hw.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_hw.c @@ -2078,10 +2078,6 @@ static void wx_setup_mrqc(struct wx *wx) { u32 rss_field = 0; - /* VT, and RSS do not coexist at the same time */ - if (test_bit(WX_FLAG_VMDQ_ENABLED, wx->flags)) - return; - /* Disable indicating checksum in descriptor, enables RSS hash */ wr32m(wx, WX_PSR_CTL, WX_PSR_CTL_PCSD, WX_PSR_CTL_PCSD); -- 2.48.1

2 months, 3 weeks

2
1
0 0

[PATCH] drm/amd/display: Disable DPCD Probe Quirk

by Fangzhi Zuo

Disable dpcd probe quirk to native aux. Cc: <stable(a)vger.kernel.org> # 6.16.y: 5281cbe0b55a Cc: <stable(a)vger.kernel.org> # 6.16.y: 0b4aa85e8981 Cc: <stable(a)vger.kernel.org> # 6.16.y: b87ed522b364 Cc: <stable(a)vger.kernel.org> # 6.16.y Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Reviewed-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 25e8befbcc47..99fd064324ba 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -809,6 +809,7 @@ void amdgpu_dm_initialize_dp_connector(struct amdgpu_display_manager *dm, drm_dp_aux_init(&aconnector->dm_dp_aux.aux); drm_dp_cec_register_connector(&aconnector->dm_dp_aux.aux, &aconnector->base); + drm_dp_dpcd_set_probe(&aconnector->dm_dp_aux.aux, false); if (aconnector->base.connector_type == DRM_MODE_CONNECTOR_eDP) return; -- 2.43.0

2 months, 3 weeks

2
1
0 0

[PATCH v2 RESEND] media: vidtv: initialize local pointers upon transfer of memory ownership

by Jeongjun Park

vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/SDT/EIT tables through vidtv_psi_pat_program_assign(), vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign(). The problem here is that the local pointer where the memory ownership transfer was completed is not initialized to NULL. This causes the vidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and in the flow that jumps to free_eit, the memory that was freed by vidtv_psi_*_table_destroy() can be accessed again by vidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it is freed once again. Therefore, to prevent use-after-free and double-free vuln, local pointers must be initialized to NULL when transferring memory ownership. Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+1d9c0edea5907af239e0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=1d9c0edea5907af239e0 Fixes: 3be8037960bc ("media: vidtv: add error checks") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- v2: Improved patch description wording and CC stable mailing list - Link to v1: https://lore.kernel.org/all/20250822065849.1145572-1-aha310510@gmail.com/ --- drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/media/test-drivers/vidtv/vidtv_channel.c b/drivers/media/test-drivers/vidtv/vidtv_channel.c index f3023e91b3eb..3541155c6fc6 100644 --- a/drivers/media/test-drivers/vidtv/vidtv_channel.c +++ b/drivers/media/test-drivers/vidtv/vidtv_channel.c @@ -461,12 +461,15 @@ int vidtv_channel_si_init(struct vidtv_mux *m) /* assemble all programs and assign to PAT */ vidtv_psi_pat_program_assign(m->si.pat, programs); + programs = NULL; /* assemble all services and assign to SDT */ vidtv_psi_sdt_service_assign(m->si.sdt, services); + services = NULL; /* assemble all events and assign to EIT */ vidtv_psi_eit_event_assign(m->si.eit, events); + events = NULL; m->si.pmt_secs = vidtv_psi_pmt_create_sec_for_each_pat_entry(m->si.pat, m->pcr_pid); --

2 months, 3 weeks

2
1
0 0

[PATCH net v2] rds: ib: Remove unused extern definition

by Håkon Bugge

In the old days, RDS used FMR (Fast Memory Registration) to register IB MRs to be used by RDMA. A newer and better verbs based registration/de-registration method called FRWR (Fast Registration Work Request) was added to RDS by commit 1659185fb4d0 ("RDS: IB: Support Fastreg MR (FRMR) memory registration mode") in 2016. Detection and enablement of FRWR was done in commit 2cb2912d6563 ("RDS: IB: add Fastreg MR (FRMR) detection support"). But said commit added an extern bool prefer_frmr, which was not used by said commit - nor used by later commits. Hence, remove it. Fixes: 2cb2912d6563 ("RDS: IB: add Fastreg MR (FRMR) detection support") Cc: stable(a)vger.kernel.org Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com> --- v1 -> v2: * Added commit message * Added Cc: stable(a)vger.kernel.org --- net/rds/ib_mr.h | 1 - 1 file changed, 1 deletion(-) diff --git a/net/rds/ib_mr.h b/net/rds/ib_mr.h index ea5e9aee4959e..5884de8c6f45b 100644 --- a/net/rds/ib_mr.h +++ b/net/rds/ib_mr.h @@ -108,7 +108,6 @@ struct rds_ib_mr_pool { }; extern struct workqueue_struct *rds_ib_mr_wq; -extern bool prefer_frmr; struct rds_ib_mr_pool *rds_ib_create_mr_pool(struct rds_ib_device *rds_dev, int npages); -- 2.43.5

2 months, 3 weeks

4
4
0 0

[PATCH v2] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed

by Krzysztof Kozlowski

If earlier opening of source graph fails (e.g. ADSP rejects due to incorrect audioreach topology), the graph is closed and "dai_data->graph[dai->id]" is assigned NULL. Preparing the DAI for sink graph continues though and next call to q6apm_lpass_dai_prepare() receives dai_data->graph[dai->id]=NULL leading to NULL pointer exception: qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22 Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8 ... Call trace: q6apm_graph_media_format_pcm+0x48/0x120 (P) q6apm_lpass_dai_prepare+0x110/0x1b4 snd_soc_pcm_dai_prepare+0x74/0x108 __soc_pcm_prepare+0x44/0x160 dpcm_be_dai_prepare+0x124/0x1c0 Fixes: 30ad723b93ad ("ASoC: qdsp6: audioreach: add q6apm lpass dai support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v2: 1. Use approach suggested by Srini (you gave me some code, so shall I add Co-developed-by?) --- sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c b/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c index a0d90462fd6a..20974f10406b 100644 --- a/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c +++ b/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c @@ -213,8 +213,10 @@ static int q6apm_lpass_dai_prepare(struct snd_pcm_substream *substream, struct s return 0; err: - q6apm_graph_close(dai_data->graph[dai->id]); - dai_data->graph[dai->id] = NULL; + if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) { + q6apm_graph_close(dai_data->graph[dai->id]); + dai_data->graph[dai->id] = NULL; + } return rc; } -- 2.48.1

2 months, 3 weeks

3
2
0 0

[PATCH] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed

by Krzysztof Kozlowski

If earlier opening of source graph fails (e.g. ADSP rejects due to incorrect audioreach topology), the graph is closed and "dai_data->graph[dai->id]" is assigned NULL. Preparing the DAI for sink graph continues though and next call to q6apm_lpass_dai_prepare() receives dai_data->graph[dai->id]=NULL leading to NULL pointer exception: qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22 Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8 ... Call trace: q6apm_graph_media_format_pcm+0x48/0x120 (P) q6apm_lpass_dai_prepare+0x110/0x1b4 snd_soc_pcm_dai_prepare+0x74/0x108 __soc_pcm_prepare+0x44/0x160 dpcm_be_dai_prepare+0x124/0x1c0 Fixes: 30ad723b93ad ("ASoC: qdsp6: audioreach: add q6apm lpass dai support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c b/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c index f90628d9b90e..7520e6f024c3 100644 --- a/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c +++ b/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c @@ -191,6 +191,12 @@ static int q6apm_lpass_dai_prepare(struct snd_pcm_substream *substream, struct s return rc; } dai_data->graph[graph_id] = graph; + } else if (!dai_data->graph[dai->id]) { + /* + * Loading source graph failed before, so abort loading the sink + * as well. + */ + return -EINVAL; } cfg->direction = substream->stream; -- 2.48.1

2 months, 3 weeks

3
3
0 0

[PATCH 6.12 00/95] 6.12.45-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.45 release. There are 95 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.45-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.45-rc1 Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Niklas Cassel <cassel(a)kernel.org> PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up Niklas Cassel <cassel(a)kernel.org> PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS Eric Dumazet <edumazet(a)google.com> net: rose: fix a typo in rose_clear_routes() Yang Wang <kevinyang.wang(a)amd.com> drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode Ma Ke <make24(a)iscas.ac.cn> drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 James Jones <jajones(a)nvidia.com> drm/nouveau/disp: Always accept linear modifier Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Clear the scratch_pt pointer on error Eric Sandeen <sandeen(a)redhat.com> xfs: do not propagate ENODATA disk errors into xattr code Steve French <stfrench(a)microsoft.com> smb3 client: fix return code mapping of remap_file_range Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Shuhao Fu <sfual(a)cse.ust.hk> fs/smb: Fix inconsistent refcnt update Shanker Donthineni <sdonthineni(a)nvidia.com> dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted Bart Van Assche <bvanassche(a)acm.org> blk-zoned: Fix a lockdep complaint about recursive locking Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Matt Coffin <mcoffin13(a)gmail.com> HID: logitech: Add ids for G PRO 2 LIGHTSPEED Antheas Kapenekakis <lkml(a)antheas.dev> HID: quirks: add support for Legion Go dual dinput modes Qasim Ijaz <qasdev00(a)gmail.com> HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation K Prateek Nayak <kprateek.nayak(a)amd.com> x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Handle the case of no BIOS microcode Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: fix stack overrun when loading vlenb Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Neil Mandir <neil.mandir(a)seco.com> net: macb: Disable clocks once Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Move phylink resume out of service_task and into open/close Eric Dumazet <edumazet(a)google.com> l2tp: do not use sock_hold() in pppol2tp_session_get_sock() Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: include node references in rose_neigh refcount Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: convert 'use' field to refcount_t Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: split remove and free operations in rose_remove_neigh() Dipayaan Roy <dipayanroy(a)linux.microsoft.com> net: hv_netvsc: fix loss of early receive events from host during channel open. Joe Damato <jdamato(a)fastly.com> hv_netvsc: Link queues to NAPIs Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: Set CIC bit only for TX queues with COE Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Correct supported speed modes Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Nack sync reset when SFs are present Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix lockdep assertion on sync reset unload event Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Reload auxiliary drivers on fw_activate Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix stats context reservation logic Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Adjust TX rings if reservation is less than requested Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> bnxt_en: Fix memory corruption when FW resources change during ifdown Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix when PTP clock is register and unregister Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't trigger rebind on initial dma-buf validation Zbigniew Kempczyński <zbigniew.kempczynski(a)intel.com> drm/xe/xe_sync: avoid race during ufence signaling Jan Kiszka <jan.kiszka(a)siemens.com> efi: stmm: Fix incorrect buffer allocation method Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> dt-bindings: display/msm: qcom,mdp5: drop lut clock Michal Kubiak <michal.kubiak(a)intel.com> ice: fix incorrect counter for buffer allocation failures Jacob Keller <jacob.e.keller(a)intel.com> ice: use fixed adapter index for E825C embedded devices Jacob Keller <jacob.e.keller(a)intel.com> ice: don't leave device non-functional if Tx scheduler config fails Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: remove unused memory target test Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Pavel Shpakovskiy <pashpakovskii(a)salutedevices.com> Bluetooth: hci_sync: fix set_local_name race condition Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Mark connection as closed during suspend disconnect Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success luoguangfei <15388634752(a)163.com> net: macb: fix unregister_netdev call order in macb_remove() José Expósito <jose.exposito89(a)gmail.com> HID: input: report battery status changes immediately José Expósito <jose.exposito89(a)gmail.com> HID: input: rename hidinput_set_battery_charge_status() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Jason-JH Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add error handling for old state CRTC in atomic_disable Ayushi Makhija <quic_amakhija(a)quicinc.com> drm/msm: update the high bitfield of certain DSI registers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/kms: move snapshot init earlier in KMS init Oreoluwa Babatunde <oreoluwa.babatunde(a)oss.qualcomm.com> of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Defer fd_install in SUBMIT ioctl Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Werner Sembach <wse(a)tuxedocomputers.com> ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list Junli Liu <liujunli(a)lixiang.com> erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: tx-macro: correct tx_macro_component_drv name Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in rename(2) Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in unlink(2) Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Namhyung Kim <namhyung(a)kernel.org> vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER Ian Rogers <irogers(a)google.com> perf symbol-minimal: Fix ehdr reading in filename__read_build_id Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Dan Carpenter <dan.carpenter(a)linaro.org> of: dynamic: Fix use after free in of_changeset_add_prop_helper() Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename the etop node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: dts: lantiq: danube: add missing burst length property Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency Lizhi Hou <lizhi.hou(a)amd.com> of: dynamic: Fix memleak when of_pci_add_properties() failed Ye Weihua <yeweihua4(a)huawei.com> trace/fgraph: Fix the warning caused by missing unregister notifier Tao Chen <chen.dylane(a)linux.dev> rtla: Check pkg-config install Tao Chen <chen.dylane(a)linux.dev> tools/latency-collector: Check pkg-config install ------------- Diffstat: .../devicetree/bindings/display/msm/qcom,mdp5.yaml | 1 - Makefile | 4 +- arch/mips/boot/dts/lantiq/danube_easy50712.dts | 5 +- arch/mips/lantiq/xway/sysctrl.c | 10 +- arch/powerpc/kernel/kvm.c | 8 +- arch/riscv/kvm/vcpu_vector.c | 2 + arch/x86/kernel/cpu/microcode/amd.c | 22 +++- arch/x86/kernel/cpu/topology_amd.c | 27 +++-- arch/x86/kvm/lapic.c | 2 + arch/x86/kvm/x86.c | 7 +- block/blk-zoned.c | 11 +- drivers/acpi/ec.c | 6 ++ drivers/atm/atmtcp.c | 17 ++- drivers/firmware/efi/stmm/tee_stmm_efi.c | 21 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 18 ++-- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 21 ++-- drivers/gpu/drm/mediatek/mtk_plane.c | 3 +- drivers/gpu/drm/msm/msm_gem_submit.c | 14 +-- drivers/gpu/drm/msm/msm_kms.c | 10 +- drivers/gpu/drm/msm/registers/display/dsi.xml | 28 ++--- drivers/gpu/drm/nouveau/dispnv50/wndw.c | 4 + drivers/gpu/drm/nouveau/nvkm/falcon/gm200.c | 15 +-- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 5 +- drivers/gpu/drm/xe/xe_bo.c | 3 +- drivers/gpu/drm/xe/xe_sync.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/hid/hid-asus.c | 8 +- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-input-test.c | 10 +- drivers/hid/hid-input.c | 51 +++++---- drivers/hid/hid-logitech-dj.c | 4 + drivers/hid/hid-logitech-hidpp.c | 2 + drivers/hid/hid-multitouch.c | 8 ++ drivers/hid/hid-ntrig.c | 3 + drivers/hid/hid-quirks.c | 2 + drivers/hid/wacom_wac.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 36 +++++-- drivers/net/ethernet/cadence/macb_main.c | 9 +- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/intel/ice/ice_adapter.c | 49 +++++++-- drivers/net/ethernet/intel/ice/ice_adapter.h | 4 +- drivers/net/ethernet/intel/ice/ice_ddp.c | 44 +++++--- drivers/net/ethernet/intel/ice/ice_main.c | 16 ++- drivers/net/ethernet/intel/ice/ice_txrx.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 +++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 +++- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 114 ++++++++++++--------- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h | 1 + .../net/ethernet/mellanox/mlx5/core/sf/devlink.c | 10 ++ drivers/net/ethernet/mellanox/mlx5/core/sf/sf.h | 6 ++ drivers/net/ethernet/meta/fbnic/fbnic_netdev.c | 4 + drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 - .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 13 ++- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 9 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +- drivers/net/hyperv/netvsc.c | 18 +++- drivers/net/hyperv/rndis_filter.c | 20 +++- drivers/net/phy/mscc/mscc.h | 4 + drivers/net/phy/mscc/mscc_main.c | 4 +- drivers/net/phy/mscc/mscc_ptp.c | 34 +++--- drivers/net/usb/qmi_wwan.c | 3 + drivers/of/dynamic.c | 9 +- drivers/of/of_reserved_mem.c | 16 ++- drivers/pci/controller/dwc/pcie-designware.c | 8 ++ drivers/pci/controller/plda/pcie-starfive.c | 2 +- drivers/pci/pci.h | 2 +- drivers/pinctrl/Kconfig | 1 + drivers/scsi/scsi_sysfs.c | 4 +- drivers/thermal/mediatek/lvts_thermal.c | 74 ++++++++++--- drivers/vhost/net.c | 9 +- fs/efivarfs/super.c | 4 + fs/erofs/zdata.c | 13 ++- fs/smb/client/cifsfs.c | 14 +++ fs/smb/client/inode.c | 34 +++++- fs/smb/client/smb2inode.c | 7 +- fs/xfs/libxfs/xfs_attr_remote.c | 7 ++ fs/xfs/libxfs/xfs_da_btree.c | 6 ++ include/linux/atmdev.h | 1 + include/linux/dma-map-ops.h | 3 + include/net/bluetooth/hci_sync.h | 2 +- include/net/rose.h | 18 +++- include/uapi/linux/vhost.h | 4 +- kernel/dma/contiguous.c | 2 - kernel/dma/pool.c | 4 +- kernel/trace/fgraph.c | 1 + kernel/trace/trace.c | 4 +- net/atm/common.c | 15 ++- net/bluetooth/hci_event.c | 20 +++- net/bluetooth/hci_sync.c | 6 +- net/bluetooth/mgmt.c | 5 +- net/ipv4/route.c | 10 +- net/l2tp/l2tp_ppp.c | 25 ++--- net/rose/af_rose.c | 13 +-- net/rose/rose_in.c | 12 +-- net/rose/rose_route.c | 62 ++++++----- net/rose/rose_timer.c | 2 +- net/sctp/ipv6.c | 2 + sound/soc/codecs/lpass-tx-macro.c | 2 +- tools/perf/util/symbol-minimal.c | 55 +++++----- tools/tracing/latency/Makefile.config | 8 ++ tools/tracing/rtla/Makefile.config | 8 ++ 105 files changed, 910 insertions(+), 402 deletions(-)

2 months, 3 weeks

12
109
0 0

Billing Statement

by Billing Dept via lists.linaro.org

.

2 months, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror