- Linux-stable-mirror - lists.linaro.org

[PATCH AUTOSEL 6.6 01/15] soc: qcom: Add check devm_kasprintf() returned value

by Sasha Levin

From: Charles Han <hanchunchao(a)inspur.com> [ Upstream commit e694d2b5c58ba2d1e995d068707c8d966e7f5f2a ] devm_kasprintf() can return a NULL pointer on failure but this returned value in qcom_socinfo_probe() is not checked. Signed-off-by: Charles Han <hanchunchao(a)inspur.com> Link: https://lore.kernel.org/r/20240929072349.202520-1-hanchunchao@inspur.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/qcom/socinfo.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/socinfo.c b/drivers/soc/qcom/socinfo.c index 880b41a57da01..f979ef420354f 100644 --- a/drivers/soc/qcom/socinfo.c +++ b/drivers/soc/qcom/socinfo.c @@ -757,10 +757,16 @@ static int qcom_socinfo_probe(struct platform_device *pdev) qs->attr.revision = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%u.%u", SOCINFO_MAJOR(le32_to_cpu(info->ver)), SOCINFO_MINOR(le32_to_cpu(info->ver))); - if (offsetof(struct socinfo, serial_num) <= item_size) + if (!qs->attr.soc_id || qs->attr.revision) + return -ENOMEM; + + if (offsetof(struct socinfo, serial_num) <= item_size) { qs->attr.serial_number = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%u", le32_to_cpu(info->serial_num)); + if (!qs->attr.serial_number) + return -ENOMEM; + } qs->soc_dev = soc_device_register(&qs->attr); if (IS_ERR(qs->soc_dev)) -- 2.43.0

3 months, 1 week

1
14
0 0

[PATCH AUTOSEL 6.11 01/16] soc: qcom: Add check devm_kasprintf() returned value

by Sasha Levin

From: Charles Han <hanchunchao(a)inspur.com> [ Upstream commit e694d2b5c58ba2d1e995d068707c8d966e7f5f2a ] devm_kasprintf() can return a NULL pointer on failure but this returned value in qcom_socinfo_probe() is not checked. Signed-off-by: Charles Han <hanchunchao(a)inspur.com> Link: https://lore.kernel.org/r/20240929072349.202520-1-hanchunchao@inspur.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/soc/qcom/socinfo.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/socinfo.c b/drivers/soc/qcom/socinfo.c index d7359a235e3cf..1d5a69eda26e5 100644 --- a/drivers/soc/qcom/socinfo.c +++ b/drivers/soc/qcom/socinfo.c @@ -782,10 +782,16 @@ static int qcom_socinfo_probe(struct platform_device *pdev) qs->attr.revision = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%u.%u", SOCINFO_MAJOR(le32_to_cpu(info->ver)), SOCINFO_MINOR(le32_to_cpu(info->ver))); - if (offsetof(struct socinfo, serial_num) <= item_size) + if (!qs->attr.soc_id || qs->attr.revision) + return -ENOMEM; + + if (offsetof(struct socinfo, serial_num) <= item_size) { qs->attr.serial_number = devm_kasprintf(&pdev->dev, GFP_KERNEL, "%u", le32_to_cpu(info->serial_num)); + if (!qs->attr.serial_number) + return -ENOMEM; + } qs->soc_dev = soc_device_register(&qs->attr); if (IS_ERR(qs->soc_dev)) -- 2.43.0

3 months, 1 week

1
15
0 0

[PATCH 5.10] io_uring: fix possible deadlock in io_register_iowq_max_workers()

by Hagar Hemdan

commit 73254a297c2dd094abec7c9efee32455ae875bdf upstream. The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation. To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call. This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock. Suggested-by: Maximilian Heyne <mheyne(a)amazon.de> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Link: https://lore.kernel.org/r/20240604130527.3597-1-hagarhem@amazon.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> [Hagar: Modified to apply on v5.10] --- io_uring/io_uring.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index f1ab0cd98727..3dbc704c7001 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -10818,8 +10818,10 @@ static int io_register_iowq_max_workers(struct io_ring_ctx *ctx, } if (sqd) { + mutex_unlock(&ctx->uring_lock); mutex_unlock(&sqd->lock); io_put_sq_data(sqd); + mutex_lock(&ctx->uring_lock); } if (copy_to_user(arg, new_count, sizeof(new_count))) @@ -10844,8 +10846,11 @@ static int io_register_iowq_max_workers(struct io_ring_ctx *ctx, return 0; err: if (sqd) { + mutex_unlock(&ctx->uring_lock); mutex_unlock(&sqd->lock); io_put_sq_data(sqd); + mutex_lock(&ctx->uring_lock); + } return ret; } -- 2.40.1

3 months, 1 week

1
0
0 0

[PATCH 5.15] io_uring: fix possible deadlock in io_register_iowq_max_workers()

by Hagar Hemdan

commit 73254a297c2dd094abec7c9efee32455ae875bdf upstream. The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation. To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call. This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock. Suggested-by: Maximilian Heyne <mheyne(a)amazon.de> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Link: https://lore.kernel.org/r/20240604130527.3597-1-hagarhem@amazon.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> [Hagar: Modified to apply on v5.15] Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- io_uring/io_uring.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index f1ab0cd98727..3dbc704c7001 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -10818,8 +10818,10 @@ static int io_register_iowq_max_workers(struct io_ring_ctx *ctx, } if (sqd) { + mutex_unlock(&ctx->uring_lock); mutex_unlock(&sqd->lock); io_put_sq_data(sqd); + mutex_lock(&ctx->uring_lock); } if (copy_to_user(arg, new_count, sizeof(new_count))) @@ -10844,8 +10846,11 @@ static int io_register_iowq_max_workers(struct io_ring_ctx *ctx, return 0; err: if (sqd) { + mutex_unlock(&ctx->uring_lock); mutex_unlock(&sqd->lock); io_put_sq_data(sqd); + mutex_lock(&ctx->uring_lock); + } return ret; } -- 2.40.1

3 months, 1 week

1
0
0 0

[PATCH 6.1] io_uring: fix possible deadlock in io_register_iowq_max_workers()

by Hagar Hemdan

commit 73254a297c2dd094abec7c9efee32455ae875bdf upstream. The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation. To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call. This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock. Suggested-by: Maximilian Heyne <mheyne(a)amazon.de> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Link: https://lore.kernel.org/r/20240604130527.3597-1-hagarhem@amazon.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> [Hagar: Modified to apply on v6.1] Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- io_uring/io_uring.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 92c1aa8f3501..4f0ae938b146 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -3921,8 +3921,10 @@ static __cold int io_register_iowq_max_workers(struct io_ring_ctx *ctx, } if (sqd) { + mutex_unlock(&ctx->uring_lock); mutex_unlock(&sqd->lock); io_put_sq_data(sqd); + mutex_lock(&ctx->uring_lock); } if (copy_to_user(arg, new_count, sizeof(new_count))) @@ -3947,8 +3949,11 @@ static __cold int io_register_iowq_max_workers(struct io_ring_ctx *ctx, return 0; err: if (sqd) { + mutex_unlock(&ctx->uring_lock); mutex_unlock(&sqd->lock); io_put_sq_data(sqd); + mutex_lock(&ctx->uring_lock); + } return ret; } -- 2.40.1

3 months, 1 week

1
0
0 0

[PATCH 6.6] io_uring: fix possible deadlock in io_register_iowq_max_workers()

by Hagar Hemdan

commit 73254a297c2dd094abec7c9efee32455ae875bdf upstream. The io_register_iowq_max_workers() function calls io_put_sq_data(), which acquires the sqd->lock without releasing the uring_lock. Similar to the commit 009ad9f0c6ee ("io_uring: drop ctx->uring_lock before acquiring sqd->lock"), this can lead to a potential deadlock situation. To resolve this issue, the uring_lock is released before calling io_put_sq_data(), and then it is re-acquired after the function call. This change ensures that the locks are acquired in the correct order, preventing the possibility of a deadlock. Suggested-by: Maximilian Heyne <mheyne(a)amazon.de> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Link: https://lore.kernel.org/r/20240604130527.3597-1-hagarhem@amazon.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> [Hagar: Modified to apply on v6.6] Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> --- io_uring/io_uring.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 484c9bcbee77..70dd6a5b9647 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -4358,8 +4358,10 @@ static __cold int io_register_iowq_max_workers(struct io_ring_ctx *ctx, } if (sqd) { + mutex_unlock(&ctx->uring_lock); mutex_unlock(&sqd->lock); io_put_sq_data(sqd); + mutex_lock(&ctx->uring_lock); } if (copy_to_user(arg, new_count, sizeof(new_count))) @@ -4384,8 +4386,11 @@ static __cold int io_register_iowq_max_workers(struct io_ring_ctx *ctx, return 0; err: if (sqd) { + mutex_unlock(&ctx->uring_lock); mutex_unlock(&sqd->lock); io_put_sq_data(sqd); + mutex_lock(&ctx->uring_lock); + } return ret; } -- 2.40.1

3 months, 1 week

1
0
0 0

[PATCH] x86/efi: Apply EFI Memory Attributes after kexec

by Nicolas Saenz Julienne

Kexec bypasses EFI's switch to virtual mode. In exchange, it has its own routine, kexec_enter_virtual_mode(), that replays the mappings made by the original kernel. Unfortunately, the function fails to reinstate EFI's memory attributes and runtime memory protections, which would've otherwise been set after entering virtual mode. Remediate this by calling efi_runtime_update_mappings() from it. Cc: stable(a)vger.kernel.org Fixes: 18141e89a76c ("x86/efi: Add support for EFI_MEMORY_ATTRIBUTES_TABLE") Signed-off-by: Nicolas Saenz Julienne <nsaenz(a)amazon.com> --- Notes: - I tested the Memory Attributes path using QEMU/OVMF. - Although care is taken to make sure the memory backing the EFI Memory Attributes table is preserved during runtime and reachable after kexec (see efi_memattr_init()). I don't see the same happening for the EFI properties table. Maybe it's just unnecessary as there's an assumption that the table will fall in memory preserved during runtime? Or for another reason? Otherwise, we'd need to make sure it isn't possible to set EFI_NX_PE_DATA on kexec. arch/x86/platform/efi/efi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index 88a96816de9a..b9b17892c495 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -784,6 +784,7 @@ static void __init kexec_enter_virtual_mode(void) efi_sync_low_kernel_mappings(); efi_native_runtime_setup(); + efi_runtime_update_mappings(); #endif } -- 2.40.1

3 months, 1 week

2
2
0 0

[PATCH 6.11 000/249] 6.11.7-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.7 release. There are 249 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 09 Nov 2024 06:45:18 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.7-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.7-rc2 Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu/kvfree: Refactor kvfree_rcu_queue_batch() Florian Westphal <fw(a)strlen.de> lib: alloc_tag_module_unload must wait for pending kfree_rcu calls Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu/kvfree: Add kvfree_rcu_barrier() API Conor Dooley <conor.dooley(a)microchip.com> RISC-V: disallow gcc + rust builds David Sterba <dsterba(a)suse.com> MIPS: export __cmpxchg_small() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: handle default profile on on devices without fullscreen 3D Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Sequential field availability check in mi_enum_attr() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swsmu: default to fullscreen 3D profile for dGPUs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swsmu: fix ordering for setting workload_mask Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe: Write all slices if its mcr register Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe: Define STATELESS_COMPRESSION_CTRL as mcr register Shekhar Chauhan <shekhar.chauhan(a)intel.com> drm/xe/xe2: Add performance turning changes Akshata Jahagirdar <akshata.jahagirdar(a)intel.com> drm/xe/xe2: Introduce performance changes Sai Teja Pottumuttu <sai.teja.pottumuttu(a)intel.com> drm/xe/xe2hpg: Introduce performance tuning changes for Xe2_HPG Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe: Move enable host l2 VRAM post MCR init Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/xe2hpg: Add Wa_15016589081 Thomas Zimmermann <tzimmermann(a)suse.de> drm/xe: Support 'nomodeset' kernel command-line option Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Don't enable decompression on Xe2 with Tile4 Jouni Högander <jouni.hogander(a)intel.com> drm/i915/psr: Prevent Panel Replay if CRC calculation is enabled Jani Nikula <jani.nikula(a)intel.com> drm/xe/display: drop unused rawclk_freq and RUNTIME_INFO() Jani Nikula <jani.nikula(a)intel.com> drm/i915: move rawclk from runtime to display runtime info Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/pps: Disable DPLS_GATING around pps sequence Mitul Golani <mitulkumar.ajitkumar.golani(a)intel.com> drm/i915/display/dp: Compute AS SDP when vrr is also enabled Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/dp: Clear VSC SDP during post ddi disable routine Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/hdcp: Add encoder check in hdcp2_get_capability Suraj Kandpal <suraj.kandpal(a)intel.com> drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability Mitul Golani <mitulkumar.ajitkumar.golani(a)intel.com> drm/i915/display: WA for Re-initialize dispcnlunitt1 xosc clock Mitul Golani <mitulkumar.ajitkumar.golani(a)intel.com> drm/i915/display: Cache adpative sync caps to use it later Matthew Auld <matthew.auld(a)intel.com> drm/i915: disable fbc due to Wa_16023588340 Gustavo Sousa <gustavo.sousa(a)intel.com> drm/i915: Skip programming FIA link enable bits for MTL+ Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100: fix PCIe4 and PCIe6a PHY clocks Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Add Broadcast_AND region in LLCC block Haibo Chen <haibo.chen(a)nxp.com> arm64: dts: imx8ulp: correct the flexspi compatible string Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-crd: fix nvme regulator boot glitch Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-qcp: fix nvme regulator boot glitch Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100: fix PCIe4 interconnect Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-vivobook-s15: fix nvme regulator boot glitch Konrad Dybcio <konradybcio(a)kernel.org> arm64: dts: qcom: x1e80100: Fix up BAR spaces Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: x1e80100-yoga-slim7x: fix nvme regulator boot glitch Fabien Parent <fabien.parent(a)linaro.org> arm64: dts: qcom: msm8939: revert use of APCS mbox for RPM Conor Dooley <conor.dooley(a)microchip.com> riscv: dts: starfive: disable unused csi/camss nodes E Shattow <e(a)freeshell.de> riscv: dts: starfive: Update ethernet phy0 delay parameter values for Star64 Yu Zhao <yuzhao(a)google.com> mm: multi-gen LRU: use {ptep,pmdp}_clear_young_notify() Zhiguo Jiang <justinjiang(a)vivo.com> mm: shrink skip folio mapped by an exiting process Yu Zhao <yuzhao(a)google.com> mm: multi-gen LRU: remove MM_LEAF_OLD and MM_NONLEAF_TOTAL stats Yuanchu Xie <yuanchu(a)google.com> mm: multi-gen LRU: ignore non-leaf pmd_young for force_scan=true Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: fix regression when re-registering input handlers Vlastimil Babka <vbabka(a)suse.cz> mm, mmap: limit THP alignment of anonymous mappings to PMD-aligned sizes Gregory Price <gourry(a)gourry.net> vmscan,migrate: fix page count imbalance on node stats when demoting pages Johan Hovold <johan+linaro(a)kernel.org> gpiolib: fix debugfs dangling chip separator Johan Hovold <johan+linaro(a)kernel.org> gpiolib: fix debugfs newline separators Filipe Manana <fdmanana(a)suse.com> btrfs: fix defrag not merging contiguous extents due to merged extent maps Filipe Manana <fdmanana(a)suse.com> btrfs: fix extent map merging not happening for adjacent extents Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix missing NOWAIT check for O_DIRECT start write Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't short circuit TDR on jobs not started Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add mmio read before GGTT invalidate Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Kill regs/xe_sriov_regs.h Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe: Fix register definition order in xe_regs.h Jinjie Ruan <ruanjinjie(a)huawei.com> drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() Andrey Konovalov <andreyknvl(a)gmail.com> kasan: remove vmalloc_percpu test Keith Busch <kbusch(a)kernel.org> nvme: re-fix error-handling for io_uring nvme-passthrough Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> nvmet-auth: assign dh_key to NULL after kfree_sensitive Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 Christoph Hellwig <hch(a)lst.de> xfs: fix finding a last resort AG in xfs_filestream_pick_ag Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Fix NOC firewall interrupt handling Zhihao Cheng <chengzhihao1(a)huawei.com> btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Matt Johnston <matt(a)codeconstruct.com.au> mctp i2c: handle NULL header address Gregory Price <gourry(a)gourry.net> resource,kexec: walk_system_ram_res_rev must retain resource flags Edward Adam Davis <eadavis(a)qq.com> ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Sabyrzhan Tasbolatov <snovitoll(a)gmail.com> x86/traps: move kmsan check after instrumentation_begin Gatlin Newhouse <gatlin.newhouse(a)gmail.com> x86/traps: Enable UBSAN traps on x86 Matt Fleming <mfleming(a)cloudflare.com> mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> fork: only invoke khugepaged, ksm hooks if no error Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> fork: do not invoke uffd on fork if error occurs Alexander Usyskin <alexander.usyskin(a)intel.com> mei: use kvmalloc for read buffer Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: init: protect sched with rcu_read_lock Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Lazily flush the auth session Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/smu13: fix profile reporting Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/amd/pm: Vangogh: Fix kernel memory out of bounds write Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Rollback tpm2_load_null() Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Return tpm2_sessions_init() when null key creation fails Hugh Dickins <hughd(a)google.com> iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP Benjamin Segall <bsegall(a)google.com> posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone Shawn Wang <shawnwang(a)linux.alibaba.com> sched/numa: Fix the potential null pointer dereference in task_numa_work() Dan Williams <dan.j.williams(a)intel.com> cxl/acpi: Ensure ports ready at cxl_acpi_probe() return Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix cxl_bus_rescan() vs bus_rescan_devices() Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix another deadlock during RTC update Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove duplicated GET_RM Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove unused GENERATING_ASM_OFFSETS WangYuli <wangyuli(a)uniontech.com> riscv: Use '%u' to format the output of 'cpu' Miquel Sabaté Solà <mikisabate(a)gmail.com> riscv: Prevent a bad reference count on CPU nodes Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: efi: Set NX compat flag in PE/COFF header Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Limit internal Mic boost on Dell platform Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: edt-ft5x06 - fix regmap leak when probe fails Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: vdso: Prevent the compiler from inserting calls to memset() Frank Li <Frank.Li(a)nxp.com> spi: spi-fsl-dspi: Fix crash when not using GPIO chip select Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: fix error propagation of split bios Qu Wenruo <wqu(a)suse.com> btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction Xinyu Zhang <xizhang(a)purestorage.com> block: fix sanity checks in blk_rq_map_user_bvec Ben Chuang <ben.chuang(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9767: Fix low power mode in the SD Express process Ben Chuang <ben.chuang(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9767: Fix low power mode on the set clock function Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix CXL port initialization order when the subsystem is built-in Dan Williams <dan.j.williams(a)intel.com> cxl/port: Fix use-after-free, permit out-of-order decoder shutdown Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: pmic_glink: Handle GLINK intent allocation rejections Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Honor TMU requirements in the domain when setting TMU mode Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan() Conor Dooley <conor.dooley(a)microchip.com> firmware: microchip: auto-update: fix poll_complete() to not report spurious timeout errors Chen Ridong <chenridong(a)huawei.com> mm: shrinker: avoid memleak in alloc_shrinker_info Wladislav Wiebe <wladislav.kw(a)gmail.com> tools/mm: -Werror fixes in page-types/slabinfo Jeongjun Park <aha310510(a)gmail.com> mm: shmem: fix data-race in shmem_getattr() Yunhui Cui <cuiyunhui(a)bytedance.com> RISC-V: ACPI: fix early_ioremap to early_memremap Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential deadlock with newly created symlinks Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of checked flag Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix microlux value calculation Jinjie Ruan <ruanjinjie(a)huawei.com> iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() Jinjie Ruan <ruanjinjie(a)huawei.com> iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() Zicheng Qu <quzicheng(a)huawei.com> iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Julien Stephan <jstephan(a)baylibre.com> dt-bindings: iio: adc: ad7380: fix ad7380-4 reference supply Zicheng Qu <quzicheng(a)huawei.com> staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix 6 GHz scan construction Ville Syrjälä <ville.syrjala(a)linux.intel.com> wifi: iwlegacy: Clear stale interrupts before resuming device Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: clear wdev->cqm_config pointer on free Manikanta Pubbisetty <quic_mpubbise(a)quicinc.com> wifi: ath10k: Fix memory leak in management tx Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Edward Liaw <edliaw(a)google.com> Revert "selftests/mm: replace atomic_bool with pthread_barrier_t" Edward Liaw <edliaw(a)google.com> Revert "selftests/mm: fix deadlock for fork after pthread_create on ARM" Ovidiu Bunea <Ovidiu.Bunea(a)amd.com> Revert "drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "driver core: Fix uevent_show() vs driver detach race" Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Use pm_runtime_get to prevent RPM on unsupported systems Faisal Hassan <quic_faisalh(a)quicinc.com> xhci: Fix Link TRB DMA in command ring stopped completion event Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-usb: fix NULL-deref on runtime suspend Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: qcom-pmic-typec: fix missing fwnode removal in error path Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: qcom-pmic-typec: use fwnode_handle_put() to release fwnodes Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: restrict SNK_WAIT_CAPABILITIES_TIMEOUT transitions to non self-powered devices Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() Zijun Hu <quic_zijuhu(a)quicinc.com> usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou <zhouzongmin(a)kylinos.cn> usbip: tools: Fix detach_port() invalid port error path Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192du: Don't claim USB ID 0bda:8171 Jan Schär <jan(a)jschaer.ch> ALSA: usb-audio: Add quirks for Dell WD19 dock Chuck Lever <chuck.lever(a)oracle.com> rpcrdma: Always release the rpcrdma_device's xa_array Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never decrement pending_async_copies on error Chuck Lever <chuck.lever(a)oracle.com> NFSD: Initialize struct nfsd4_copy earlier Dimitri Sivanich <sivanich(a)hpe.com> misc: sgi-gru: Don't disable preemption in GRU driver Dai Ngo <dai.ngo(a)oracle.com> NFS: remove revoked delegation from server's delegation list Daniel Palmer <daniel(a)0x0f.com> net: amd: mvme147: Fix probe banner message Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Add MMIO RAPL PL4 support Zhang Rui <rui.zhang(a)intel.com> thermal: intel: int340x: processor: Remove MMIO RAPL CPU hotplug support Sumeet Pawnikar <sumeet.r.pawnikar(a)intel.com> powercap: intel_rapl_msr: Add PL4 support for Arrowlake-U Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Fold Asus Vivobook Pro N6506M* DMI quirks together Pali Rohár <pali(a)kernel.org> cifs: Fix creating native symlinks pointing to current or parent directory Pali Rohár <pali(a)kernel.org> cifs: Improve creating native symlinks pointing to directory Benjamin Marzinski <bmarzins(a)redhat.com> scsi: scsi_transport_fc: Allow setting rport state to current state Guilherme Giacomo Simoes <trintaeoitogc(a)gmail.com> rust: device: change the from_raw() function Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ntfs_file_release Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix general protection fault in run_is_mapped_full Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ni_clear() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix possible deadlock in mi_read Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add rough attr alloc_size check Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Stale inode instead of bad Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix warning possible deadlock in ntfs_set_state Andrew Ballance <andrewjballance(a)gmail.com> fs/ntfs3: Check if more than chunk-size bytes are written lei lu <llfamsec(a)gmail.com> ntfs3: Add bounds checking to mi_enum_attr() Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Report group as timedout when we fail to properly suspend Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fail job creation when the group is dead Boris Brezillon <boris.brezillon(a)collabora.com> drm/panthor: Fix firmware initialization on systems with a page size > 4k Keith Busch <kbusch(a)kernel.org> nvme: module parameter to disable pi with offsets Jason Gunthorpe <jgg(a)ziepe.ca> PCI: Fix pci_enable_acs() support for the ACS quirks Shiju Jose <shiju.jose(a)huawei.com> cxl/events: Fix Trace DRAM Event Record Dan Carpenter <dan.carpenter(a)linaro.org> drm/tegra: Fix NULL vs IS_ERR() check in probe() Dan Carpenter <dan.carpenter(a)linaro.org> drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() Chun-Kuang Hu <chunkuang.hu(a)kernel.org> drm/mediatek: Use cmdq_pkt_create() and cmdq_pkt_destroy() Liankun Yang <liankun.yang(a)mediatek.com> drm/mediatek: Fix get efuse issue for MT8188 DPTX Hsin-Te Yuan <yuanhsinte(a)chromium.org> drm/mediatek: Fix color format MACROs in OVL Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: ovl: Remove the color format comment for ovl_fmt_convert() Paulo Alcantara <pc(a)manguebit.com> smb: client: set correct device number on nfs reparse points Paulo Alcantara <pc(a)manguebit.com> smb: client: fix parsing of device numbers Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: sloppy-logic-analyzer: Check for error code from devm_mutex_init() call Pierre Gondois <pierre.gondois(a)arm.com> ACPI: CPPC: Make rmw_lock a raw_spin_lock David Howells <dhowells(a)redhat.com> afs: Fix missing subdir edit when renamed between parent dirs Xiongfeng Wang <wangxiongfeng2(a)huawei.com> firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Marco Elver <elver(a)google.com> kasan: Fix Software Tag-Based KASAN with GCC Christoph Hellwig <hch(a)lst.de> iomap: turn iomap_want_unshare_iter into an inline function Darrick J. Wong <djwong(a)kernel.org> fsdax: dax_unshare_iter needs to copy entire blocks Darrick J. Wong <djwong(a)kernel.org> fsdax: remove zeroing code from dax_unshare_iter Darrick J. Wong <djwong(a)kernel.org> iomap: share iomap_unshare_iter predicate code with fsdax Darrick J. Wong <djwong(a)kernel.org> iomap: don't bother unsharing delalloc extents Christoph Hellwig <hch(a)lst.de> iomap: improve shared block detection in iomap_unshare_iter Toke Høiland-Jørgensen <toke(a)redhat.com> bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mtk_wed: fix path of MT7988 WO firmware Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address Amit Cohen <amcohen(a)nvidia.com> mlxsw: pci: Sync Rx buffers for device Amit Cohen <amcohen(a)nvidia.com> mlxsw: pci: Sync Rx buffers for CPU Amit Cohen <amcohen(a)nvidia.com> mlxsw: spectrum_ptp: Add missing verification before pushing Tx header Benoît Monin <benoit.monin(a)gmx.fr> net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Hou Tao <houtao1(a)huawei.com> bpf: Check the validity of nr_words in bpf_iter_bits_new() Hou Tao <houtao1(a)huawei.com> bpf: Add bpf_mem_alloc_check_size() helper Hou Tao <houtao1(a)huawei.com> bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() Dong Chenchen <dongchenchen2(a)huawei.com> netfilter: Fix use-after-free in get_info() Wang Liang <wangliang74(a)huawei.com> net: fix crash when config small gso_max_size/gso_ipv4_max_size Byeonguk Jeong <jungbu2855(a)gmail.com> bpf: Fix out-of-bounds write in trie_get_next_key() Vladimir Oltean <vladimir.oltean(a)nxp.com> net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() Zichen Xie <zichenxie0106(a)gmail.com> netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Eduard Zingerman <eddyz87(a)gmail.com> bpf: Force checkpoint when jmp history is too long Pedro Tammela <pctammela(a)mojatatu.com> net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: allow -1 to be specified as file description from userspace Ido Schimmel <idosch(a)nvidia.com> ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() Ido Schimmel <idosch(a)nvidia.com> ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix crash on probe for DPLL enabled E810 LOM Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: add callbacks for Embedded SYNC enablement on dpll pins Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> dpll: add Embedded SYNC feature for a pin Wander Lairson Costa <wander(a)redhat.com> igb: Disable threaded IRQ for igb_msix_other Furong Xu <0x1207(a)gmail.com> net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Ley Foon Tan <leyfoon.tan(a)starfivetech.com> net: stmmac: dwmac4: Fix high address display by updating reg_space[] from register values Cong Wang <cong.wang(a)bytedance.com> sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() Aleksei Vetrov <vvvvvv(a)google.com> ASoC: dapm: fix bounds checker error in dapm_widget_list_create Jianbo Liu <jianbol(a)nvidia.com> macsec: Fix use-after-free while sending the offloading packet Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> Revert "wifi: iwlwifi: remove retry loops in start" Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't add default link in fw restart flow Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: really send iwl_txpower_constraints_cmd Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't leak a link on AP removal Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: synchronize the qp-handle table array Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the usage of control path spin locks Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Leon Romanovsky <leon(a)kernel.org> RDMA/cxgb4: Dump vendor specific QP details Geert Uytterhoeven <geert(a)linux-m68k.org> wifi: brcm80211: BRCM_TRACING should depend on TRACING Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: early chips only enable 36-bit DMA on specific PCI hosts Remi Pommarel <repk(a)triplefau.lt> wifi: ath11k: Fix invalid ring usage in full monitor mode Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys Geert Uytterhoeven <geert(a)linux-m68k.org> mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING Ben Hutchings <ben(a)decadent.org.uk> wifi: iwlegacy: Fix "field-spanning write" warning in il_enqueue_hcmd() John Garry <john.g.garry(a)oracle.com> scsi: scsi_debug: Fix do_device_access() handling of unexpected SG copy length Arnaldo Carvalho de Melo <acme(a)redhat.com> perf python: Fix up the build on architectures without HAVE_KVM_STAT_SUPPORT Jiri Slaby <jirislaby(a)kernel.org> perf trace: Fix non-listed archs in the syscalltbl routines Pei Xiao <xiaopei01(a)kylinos.cn> slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof Georgi Djakov <djakov(a)kernel.org> spi: geni-qcom: Fix boot warning related to pm_runtime and devres Xiu Jianfeng <xiujianfeng(a)huawei.com> cgroup: Fix potential overflow issue when checking max_depth Frank Min <Frank.Min(a)amd.com> drm/amdgpu: fix random data corruption for sdma 7 ------------- Diffstat: .../devicetree/bindings/iio/adc/adi,ad7380.yaml | 21 ++ Documentation/driver-api/dpll.rst | 21 ++ Documentation/netlink/specs/dpll.yaml | 24 ++ Documentation/rust/arch-support.rst | 2 +- Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8ulp.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 2 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 + .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 2 + arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 2 + arch/arm64/boot/dts/qcom/x1e80100.dtsi | 34 ++- arch/mips/kernel/cmpxchg.c | 1 + arch/riscv/Kconfig | 2 +- arch/riscv/boot/dts/starfive/jh7110-common.dtsi | 2 - .../boot/dts/starfive/jh7110-pine64-star64.dts | 3 +- arch/riscv/kernel/acpi.c | 4 +- arch/riscv/kernel/asm-offsets.c | 2 - arch/riscv/kernel/cacheinfo.c | 7 +- arch/riscv/kernel/cpu-hotplug.c | 2 +- arch/riscv/kernel/efi-header.S | 2 +- arch/riscv/kernel/traps_misaligned.c | 2 - arch/riscv/kernel/vdso/Makefile | 1 + arch/x86/include/asm/bug.h | 12 + arch/x86/kernel/traps.c | 71 ++++- block/blk-map.c | 4 +- drivers/accel/ivpu/ivpu_debugfs.c | 9 + drivers/accel/ivpu/ivpu_hw.c | 1 + drivers/accel/ivpu/ivpu_hw.h | 1 + drivers/accel/ivpu/ivpu_hw_ip.c | 5 +- drivers/acpi/cppc_acpi.c | 9 +- drivers/acpi/resource.c | 18 +- drivers/base/core.c | 48 +++- drivers/base/module.c | 4 - drivers/char/tpm/tpm-chip.c | 10 + drivers/char/tpm/tpm-dev-common.c | 3 + drivers/char/tpm/tpm-interface.c | 6 +- drivers/char/tpm/tpm2-sessions.c | 100 ++++--- drivers/cxl/Kconfig | 1 + drivers/cxl/Makefile | 20 +- drivers/cxl/acpi.c | 7 + drivers/cxl/core/hdm.c | 50 +++- drivers/cxl/core/port.c | 13 +- drivers/cxl/core/region.c | 48 +--- drivers/cxl/core/trace.h | 17 +- drivers/cxl/cxl.h | 3 +- drivers/cxl/port.c | 17 +- drivers/dpll/dpll_netlink.c | 130 +++++++++ drivers/dpll/dpll_nl.c | 5 +- drivers/firmware/arm_sdei.c | 2 +- drivers/firmware/microchip/mpfs-auto-update.c | 42 +-- drivers/gpio/gpio-sloppy-logic-analyzer.c | 4 +- drivers/gpio/gpiolib.c | 4 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 9 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_policy.c | 1 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 15 +- drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 4 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 6 +- drivers/gpu/drm/i915/display/intel_alpm.c | 2 +- drivers/gpu/drm/i915/display/intel_backlight.c | 10 +- .../gpu/drm/i915/display/intel_display_device.c | 5 + .../gpu/drm/i915/display/intel_display_device.h | 2 + drivers/gpu/drm/i915/display/intel_display_power.c | 8 + .../drm/i915/display/intel_display_power_well.c | 4 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_display_wa.h | 8 + drivers/gpu/drm/i915/display/intel_dp.c | 29 +- drivers/gpu/drm/i915/display/intel_dp.h | 1 - drivers/gpu/drm/i915/display/intel_dp_aux.c | 4 +- drivers/gpu/drm/i915/display/intel_dp_hdcp.c | 11 +- drivers/gpu/drm/i915/display/intel_fbc.c | 6 + drivers/gpu/drm/i915/display/intel_hdcp.c | 7 +- drivers/gpu/drm/i915/display/intel_pps.c | 14 +- drivers/gpu/drm/i915/display/intel_psr.c | 6 + drivers/gpu/drm/i915/display/intel_tc.c | 3 + drivers/gpu/drm/i915/display/intel_vrr.c | 3 +- drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 - drivers/gpu/drm/i915/intel_device_info.c | 5 - drivers/gpu/drm/i915/intel_device_info.h | 2 - drivers/gpu/drm/mediatek/mtk_crtc.c | 47 +--- drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 9 +- drivers/gpu/drm/mediatek/mtk_dp.c | 85 +++++- drivers/gpu/drm/panthor/panthor_fw.c | 4 +- drivers/gpu/drm/panthor/panthor_gem.c | 11 +- drivers/gpu/drm/panthor/panthor_mmu.c | 16 +- drivers/gpu/drm/panthor/panthor_mmu.h | 1 + drivers/gpu/drm/panthor/panthor_sched.c | 20 +- drivers/gpu/drm/tegra/drm.c | 4 +- drivers/gpu/drm/tests/drm_connector_test.c | 24 +- drivers/gpu/drm/tests/drm_hdmi_state_helper_test.c | 8 +- drivers/gpu/drm/tests/drm_kunit_helpers.c | 42 +++ drivers/gpu/drm/xe/Makefile | 1 + drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 1 - drivers/gpu/drm/xe/display/xe_display_wa.c | 16 ++ drivers/gpu/drm/xe/regs/xe_gt_regs.h | 17 +- drivers/gpu/drm/xe/regs/xe_regs.h | 10 +- drivers/gpu/drm/xe/regs/xe_sriov_regs.h | 23 -- drivers/gpu/drm/xe/xe_device_types.h | 6 - drivers/gpu/drm/xe/xe_ggtt.c | 10 + drivers/gpu/drm/xe/xe_gt.c | 10 +- drivers/gpu/drm/xe/xe_gt_sriov_pf.c | 2 +- drivers/gpu/drm/xe/xe_guc_submit.c | 18 +- drivers/gpu/drm/xe/xe_lmtt.c | 2 +- drivers/gpu/drm/xe/xe_module.c | 39 ++- drivers/gpu/drm/xe/xe_sriov.c | 2 +- drivers/gpu/drm/xe/xe_tuning.c | 21 +- drivers/gpu/drm/xe/xe_wa.c | 4 + drivers/iio/adc/ad7124.c | 2 +- drivers/iio/industrialio-gts-helper.c | 4 +- drivers/iio/light/veml6030.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 + drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 38 +-- drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 + drivers/infiniband/hw/cxgb4/provider.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/input/input.c | 134 +++++----- drivers/input/touchscreen/edt-ft5x06.c | 19 +- drivers/misc/mei/client.c | 4 +- drivers/misc/sgi-gru/grukservices.c | 2 - drivers/misc/sgi-gru/grumain.c | 4 - drivers/misc/sgi-gru/grutlbpurge.c | 2 - drivers/mmc/host/sdhci-pci-gli.c | 38 ++- drivers/net/ethernet/amd/mvme147.c | 7 +- drivers/net/ethernet/intel/ice/ice_dpll.c | 293 ++++++++++++++++++++- drivers/net/ethernet/intel/ice/ice_dpll.h | 1 + drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 21 +- drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 1 + drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/mediatek/mtk_wed_wo.h | 4 +- drivers/net/ethernet/mellanox/mlxsw/pci.c | 25 +- .../net/ethernet/mellanox/mlxsw/spectrum_ipip.c | 26 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_ptp.c | 7 + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 8 + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 +- drivers/net/gtp.c | 22 +- drivers/net/macsec.c | 3 +- drivers/net/mctp/mctp-i2c.c | 3 + drivers/net/netdevsim/fib.c | 4 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 + drivers/net/wireless/ath/ath11k/dp_rx.c | 7 +- drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 + drivers/net/wireless/intel/iwlegacy/common.c | 15 +- drivers/net/wireless/intel/iwlegacy/common.h | 12 + drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 34 ++- drivers/net/wireless/intel/iwlwifi/iwl-drv.h | 3 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 10 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 12 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 34 ++- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 6 +- .../net/wireless/realtek/rtlwifi/rtl8192du/sw.c | 1 - drivers/net/wireless/realtek/rtw89/pci.c | 48 +++- drivers/nvme/host/core.c | 19 +- drivers/nvme/host/ioctl.c | 7 +- drivers/nvme/target/auth.c | 1 + drivers/pci/pci.c | 14 +- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 10 +- drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 1 + drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 1 + drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 1 + drivers/powercap/intel_rapl_msr.c | 1 + drivers/scsi/scsi_debug.c | 10 +- drivers/scsi/scsi_transport_fc.c | 4 +- drivers/soc/qcom/pmic_glink.c | 25 +- drivers/spi/spi-fsl-dspi.c | 6 +- drivers/spi/spi-geni-qcom.c | 8 +- drivers/staging/iio/frequency/ad9832.c | 7 +- .../intel/int340x_thermal/processor_thermal_rapl.c | 70 ++--- drivers/thunderbolt/retimer.c | 5 +- drivers/thunderbolt/tb.c | 48 +++- drivers/ufs/core/ufshcd.c | 2 +- drivers/usb/host/xhci-pci.c | 6 +- drivers/usb/host/xhci-ring.c | 16 +- drivers/usb/phy/phy.c | 2 +- drivers/usb/typec/class.c | 1 + drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c | 10 +- drivers/usb/typec/tcpm/tcpm.c | 10 +- fs/afs/dir.c | 25 ++ fs/afs/dir_edit.c | 91 ++++++- fs/afs/internal.h | 2 + fs/btrfs/bio.c | 62 ++--- fs/btrfs/bio.h | 3 + fs/btrfs/defrag.c | 10 +- fs/btrfs/extent_map.c | 7 +- fs/btrfs/volumes.c | 1 + fs/dax.c | 49 ++-- fs/iomap/buffered-io.c | 7 +- fs/nfs/delegation.c | 5 + fs/nfsd/nfs4proc.c | 10 +- fs/nilfs2/namei.c | 3 + fs/nilfs2/page.c | 1 + fs/ntfs3/file.c | 9 +- fs/ntfs3/frecord.c | 4 +- fs/ntfs3/inode.c | 15 +- fs/ntfs3/lznt.c | 3 + fs/ntfs3/namei.c | 2 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/ntfs3/record.c | 31 ++- fs/ocfs2/file.c | 8 + fs/smb/client/cifs_unicode.c | 17 +- fs/smb/client/reparse.c | 174 +++++++++++- fs/smb/client/reparse.h | 9 +- fs/smb/client/smb2inode.c | 3 +- fs/smb/client/smb2proto.h | 1 + fs/userfaultfd.c | 28 ++ fs/xfs/xfs_filestream.c | 23 +- fs/xfs/xfs_trace.h | 15 +- include/acpi/cppc_acpi.h | 2 +- include/drm/drm_kunit_helpers.h | 4 + include/linux/bpf_mem_alloc.h | 3 + include/linux/compiler-gcc.h | 4 + include/linux/device.h | 3 + include/linux/dpll.h | 15 ++ include/linux/input.h | 10 +- include/linux/iomap.h | 19 ++ include/linux/ksm.h | 10 +- include/linux/mmzone.h | 7 +- include/linux/rcutiny.h | 5 + include/linux/rcutree.h | 1 + include/linux/tick.h | 8 + include/linux/ubsan.h | 5 + include/linux/userfaultfd_k.h | 5 + include/net/ip_tunnels.h | 2 +- include/trace/events/afs.h | 7 +- include/uapi/linux/dpll.h | 3 + io_uring/rw.c | 23 +- kernel/bpf/cgroup.c | 19 +- kernel/bpf/helpers.c | 21 +- kernel/bpf/lpm_trie.c | 2 +- kernel/bpf/memalloc.c | 14 +- kernel/bpf/verifier.c | 9 +- kernel/cgroup/cgroup.c | 4 +- kernel/fork.c | 14 +- kernel/rcu/tree.c | 118 ++++++++- kernel/resource.c | 4 +- kernel/sched/fair.c | 4 +- lib/Kconfig.ubsan | 4 +- lib/codetag.c | 3 + lib/iov_iter.c | 6 +- lib/slub_kunit.c | 2 +- mm/kasan/kasan_test.c | 27 -- mm/migrate.c | 2 +- mm/mmap.c | 3 +- mm/page_alloc.c | 10 +- mm/rmap.c | 24 +- mm/shmem.c | 2 + mm/shrinker.c | 8 +- mm/vmscan.c | 109 ++++---- net/bluetooth/hci_sync.c | 18 +- net/bpf/test_run.c | 1 + net/core/dev.c | 4 + net/core/rtnetlink.c | 4 +- net/core/sock_map.c | 4 + net/ipv4/ip_tunnel.c | 2 +- net/ipv6/netfilter/nf_reject_ipv6.c | 15 +- net/mac80211/Kconfig | 2 +- net/mac80211/cfg.c | 3 +- net/mac80211/key.c | 42 +-- net/mptcp/protocol.c | 2 + net/netfilter/nft_payload.c | 3 + net/netfilter/x_tables.c | 2 +- net/sched/cls_api.c | 1 + net/sched/sch_api.c | 2 +- net/sunrpc/xprtrdma/ib_client.c | 1 + net/wireless/core.c | 1 + rust/kernel/device.rs | 15 +- rust/kernel/firmware.rs | 2 +- sound/pci/hda/patch_realtek.c | 23 +- sound/soc/codecs/cs42l51.c | 7 +- sound/soc/soc-dapm.c | 2 + sound/usb/mixer_quirks.c | 3 + tools/mm/page-types.c | 9 +- tools/mm/slabinfo.c | 4 +- tools/perf/util/python.c | 3 + tools/perf/util/syscalltbl.c | 10 + tools/testing/cxl/test/cxl.c | 14 +- tools/testing/selftests/mm/uffd-common.c | 5 +- tools/testing/selftests/mm/uffd-common.h | 3 +- tools/testing/selftests/mm/uffd-unit-tests.c | 21 +- tools/usb/usbip/src/usbip_detach.c | 1 + 281 files changed, 2933 insertions(+), 1083 deletions(-)

3 months, 1 week

14
16
0 0

[PATCH v6.1 1/1] net: sched: use RCU read-side critical section in taprio_dump()

by Lee Jones

From: Dmitry Antipov <dmantipov(a)yandex.ru> [ Upstream commit b22db8b8befe90b61c98626ca1a2fbb0505e9fe3 ] Fix possible use-after-free in 'taprio_dump()' by adding RCU read-side critical section there. Never seen on x86 but found on a KASAN-enabled arm64 system when investigating https://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa: [T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0 [T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862 [T15862] [T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2 [T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024 [T15862] Call trace: [T15862] dump_backtrace+0x20c/0x220 [T15862] show_stack+0x2c/0x40 [T15862] dump_stack_lvl+0xf8/0x174 [T15862] print_report+0x170/0x4d8 [T15862] kasan_report+0xb8/0x1d4 [T15862] __asan_report_load4_noabort+0x20/0x2c [T15862] taprio_dump+0xa0c/0xbb0 [T15862] tc_fill_qdisc+0x540/0x1020 [T15862] qdisc_notify.isra.0+0x330/0x3a0 [T15862] tc_modify_qdisc+0x7b8/0x1838 [T15862] rtnetlink_rcv_msg+0x3c8/0xc20 [T15862] netlink_rcv_skb+0x1f8/0x3d4 [T15862] rtnetlink_rcv+0x28/0x40 [T15862] netlink_unicast+0x51c/0x790 [T15862] netlink_sendmsg+0x79c/0xc20 [T15862] __sock_sendmsg+0xe0/0x1a0 [T15862] ____sys_sendmsg+0x6c0/0x840 [T15862] ___sys_sendmsg+0x1ac/0x1f0 [T15862] __sys_sendmsg+0x110/0x1d0 [T15862] __arm64_sys_sendmsg+0x74/0xb0 [T15862] invoke_syscall+0x88/0x2e0 [T15862] el0_svc_common.constprop.0+0xe4/0x2a0 [T15862] do_el0_svc+0x44/0x60 [T15862] el0_svc+0x50/0x184 [T15862] el0t_64_sync_handler+0x120/0x12c [T15862] el0t_64_sync+0x190/0x194 [T15862] [T15862] Allocated by task 15857: [T15862] kasan_save_stack+0x3c/0x70 [T15862] kasan_save_track+0x20/0x3c [T15862] kasan_save_alloc_info+0x40/0x60 [T15862] __kasan_kmalloc+0xd4/0xe0 [T15862] __kmalloc_cache_noprof+0x194/0x334 [T15862] taprio_change+0x45c/0x2fe0 [T15862] tc_modify_qdisc+0x6a8/0x1838 [T15862] rtnetlink_rcv_msg+0x3c8/0xc20 [T15862] netlink_rcv_skb+0x1f8/0x3d4 [T15862] rtnetlink_rcv+0x28/0x40 [T15862] netlink_unicast+0x51c/0x790 [T15862] netlink_sendmsg+0x79c/0xc20 [T15862] __sock_sendmsg+0xe0/0x1a0 [T15862] ____sys_sendmsg+0x6c0/0x840 [T15862] ___sys_sendmsg+0x1ac/0x1f0 [T15862] __sys_sendmsg+0x110/0x1d0 [T15862] __arm64_sys_sendmsg+0x74/0xb0 [T15862] invoke_syscall+0x88/0x2e0 [T15862] el0_svc_common.constprop.0+0xe4/0x2a0 [T15862] do_el0_svc+0x44/0x60 [T15862] el0_svc+0x50/0x184 [T15862] el0t_64_sync_handler+0x120/0x12c [T15862] el0t_64_sync+0x190/0x194 [T15862] [T15862] Freed by task 6192: [T15862] kasan_save_stack+0x3c/0x70 [T15862] kasan_save_track+0x20/0x3c [T15862] kasan_save_free_info+0x4c/0x80 [T15862] poison_slab_object+0x110/0x160 [T15862] __kasan_slab_free+0x3c/0x74 [T15862] kfree+0x134/0x3c0 [T15862] taprio_free_sched_cb+0x18c/0x220 [T15862] rcu_core+0x920/0x1b7c [T15862] rcu_core_si+0x10/0x1c [T15862] handle_softirqs+0x2e8/0xd64 [T15862] __do_softirq+0x14/0x20 Fixes: 18cdd2f0998a ("net/sched: taprio: taprio_dump and taprio_change are protected by rtnl_mutex") Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://patch.msgid.link/20241018051339.418890-2-dmantipov@yandex.ru Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> (cherry picked from commit 5d282467245f267c0b9ada3f7f309ff838521536) [Lee: Backported from linux-6.6.y to linux-6.1.y and fixed conflicts] Signed-off-by: Lee Jones <lee(a)kernel.org> --- net/sched/sch_taprio.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c index 212fef2b72f5..1d5cdc987abd 100644 --- a/net/sched/sch_taprio.c +++ b/net/sched/sch_taprio.c @@ -1995,9 +1995,6 @@ static int taprio_dump(struct Qdisc *sch, struct sk_buff *skb) struct nlattr *nest, *sched_nest; unsigned int i; - oper = rtnl_dereference(q->oper_sched); - admin = rtnl_dereference(q->admin_sched); - opt.num_tc = netdev_get_num_tc(dev); memcpy(opt.prio_tc_map, dev->prio_tc_map, sizeof(opt.prio_tc_map)); @@ -2024,18 +2021,23 @@ static int taprio_dump(struct Qdisc *sch, struct sk_buff *skb) nla_put_u32(skb, TCA_TAPRIO_ATTR_TXTIME_DELAY, q->txtime_delay)) goto options_error; + rcu_read_lock(); + + oper = rtnl_dereference(q->oper_sched); + admin = rtnl_dereference(q->admin_sched); + if (taprio_dump_tc_entries(q, skb)) - goto options_error; + goto options_error_rcu; if (oper && dump_schedule(skb, oper)) - goto options_error; + goto options_error_rcu; if (!admin) goto done; sched_nest = nla_nest_start_noflag(skb, TCA_TAPRIO_ATTR_ADMIN_SCHED); if (!sched_nest) - goto options_error; + goto options_error_rcu; if (dump_schedule(skb, admin)) goto admin_error; @@ -2043,11 +2045,15 @@ static int taprio_dump(struct Qdisc *sch, struct sk_buff *skb) nla_nest_end(skb, sched_nest); done: + rcu_read_unlock(); return nla_nest_end(skb, nest); admin_error: nla_nest_cancel(skb, sched_nest); +options_error_rcu: + rcu_read_unlock(); + options_error: nla_nest_cancel(skb, nest); -- 2.47.0.277.g8800431eea-goog

3 months, 1 week

3
3
0 0

[PATCH 5.15 00/73] 5.15.171-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.171 release. There are 73 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 08 Nov 2024 12:02:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.171-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.171-rc1 Johannes Berg <johannes.berg(a)intel.com> mac80211: always have ieee80211_sta_restart() Jeongjun Park <aha310510(a)gmail.com> vt: prevent kernel-infoleak in con_font_get() Rob Clark <robdclark(a)chromium.org> drm/i915: Fix potential context UAFs Jason-JH.Lin <jason-jh.lin(a)mediatek.com> Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device" Jeongjun Park <aha310510(a)gmail.com> mm: shmem: fix data-race in shmem_getattr() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix 6 GHz scan construction Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug due to missing clearing of checked flag Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use code segment selector for VERW operand Edward Adam Davis <eadavis(a)qq.com> ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Matt Fleming <mfleming(a)cloudflare.com> mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: explicitly define what alloc flags deplete min reserves Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: explicitly record high-order atomic allocations in alloc_flags Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: treat RT tasks similar to __GFP_HIGH Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE Mel Gorman <mgorman(a)techsingularity.net> mm/page_alloc: split out buddy removal code from rmqueue into separate helper Wonhyuk Yang <vvghjk1234(a)gmail.com> mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked() Eric Dumazet <edumazet(a)google.com> mm/page_alloc: call check_new_pages() while zone spinlock is not held Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove duplicated GET_RM Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> riscv: Remove unused GENERATING_ASM_OFFSETS WangYuli <wangyuli(a)uniontech.com> riscv: Use '%u' to format the output of 'cpu' Heinrich Schuchardt <heinrich.schuchardt(a)canonical.com> riscv: efi: Set NX compat flag in PE/COFF header Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: vdso: Prevent the compiler from inserting calls to memset() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential deadlock with newly created symlinks Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: veml6030: fix microlux value calculation Zicheng Qu <quzicheng(a)huawei.com> iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() Zicheng Qu <quzicheng(a)huawei.com> staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() Ville Syrjälä <ville.syrjala(a)linux.intel.com> wifi: iwlegacy: Clear stale interrupts before resuming device Manikanta Pubbisetty <quic_mpubbise(a)quicinc.com> wifi: ath10k: Fix memory leak in management tx Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "driver core: Fix uevent_show() vs driver detach race" Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> xhci: Use pm_runtime_get to prevent RPM on unsupported systems Faisal Hassan <quic_faisalh(a)quicinc.com> xhci: Fix Link TRB DMA in command ring stopped completion event Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() Zijun Hu <quic_zijuhu(a)quicinc.com> usb: phy: Fix API devm_usb_put_phy() can not release the phy Zongmin Zhou <zhouzongmin(a)kylinos.cn> usbip: tools: Fix detach_port() invalid port error path Dimitri Sivanich <sivanich(a)hpe.com> misc: sgi-gru: Don't disable preemption in GRU driver Dai Ngo <dai.ngo(a)oracle.com> NFS: remove revoked delegation from server's delegation list Daniel Palmer <daniel(a)0x0f.com> net: amd: mvme147: Fix probe banner message Benjamin Marzinski <bmarzins(a)redhat.com> scsi: scsi_transport_fc: Allow setting rport state to current state Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Additional check in ni_clear() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix possible deadlock in mi_read Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix warning possible deadlock in ntfs_set_state Andrew Ballance <andrewjballance(a)gmail.com> fs/ntfs3: Check if more than chunk-size bytes are written Pierre Gondois <pierre.gondois(a)arm.com> ACPI: CPPC: Make rmw_lock a raw_spin_lock Xiongfeng Wang <wangxiongfeng2(a)huawei.com> firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: sanitize offset and length before calling skb_checksum() Benoît Monin <benoit.monin(a)gmx.fr> net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension Dong Chenchen <dongchenchen2(a)huawei.com> netfilter: Fix use-after-free in get_info() Byeonguk Jeong <jungbu2855(a)gmail.com> bpf: Fix out-of-bounds write in trie_get_next_key() Zichen Xie <zichenxie0106(a)gmail.com> netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() Pedro Tammela <pctammela(a)mojatatu.com> net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: allow -1 to be specified as file description from userspace Ido Schimmel <idosch(a)nvidia.com> ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() Wander Lairson Costa <wander(a)redhat.com> igb: Disable threaded IRQ for igb_msix_other Furong Xu <0x1207(a)gmail.com> net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: disconnect station vifs if recovery failed Youghandhar Chintala <youghand(a)codeaurora.org> mac80211: Add support to trigger sta disconnect on hardware restart Johannes Berg <johannes.berg(a)intel.com> mac80211: do drv_reconfig_complete() before restarting all Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: synchronize the qp-handle table array Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down Leon Romanovsky <leon(a)kernel.org> RDMA/cxgb4: Dump vendor specific QP details Geert Uytterhoeven <geert(a)linux-m68k.org> wifi: brcm80211: BRCM_TRACING should depend on TRACING Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys Geert Uytterhoeven <geert(a)linux-m68k.org> mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING Xiu Jianfeng <xiujianfeng(a)huawei.com> cgroup: Fix potential overflow issue when checking max_depth Koba Ko <kobak(a)nvidia.com> ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context Sudeep Holla <sudeep.holla(a)arm.com> ACPI: PRM: Change handler_addr type to void pointer Aubrey Li <aubrey.li(a)intel.com> ACPI: PRM: Remove unnecessary blank lines Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix user-after-free from session log off Donet Tom <donettom(a)linux.ibm.com> selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test ------------- Diffstat: Makefile | 4 +- arch/riscv/kernel/asm-offsets.c | 2 - arch/riscv/kernel/cpu-hotplug.c | 2 +- arch/riscv/kernel/efi-header.S | 2 +- arch/riscv/kernel/traps_misaligned.c | 2 - arch/riscv/kernel/vdso/Makefile | 1 + arch/x86/include/asm/nospec-branch.h | 11 +- drivers/acpi/cppc_acpi.c | 9 +- drivers/acpi/prmt.c | 33 ++-- drivers/base/core.c | 13 +- drivers/base/module.c | 4 - drivers/firmware/arm_sdei.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 2 +- drivers/gpu/drm/i915/gem/i915_gem_context.c | 24 ++- drivers/iio/adc/ad7124.c | 2 +- drivers/iio/light/veml6030.c | 2 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 4 + drivers/infiniband/hw/bnxt_re/qplib_rcfw.c | 13 +- drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 2 + drivers/infiniband/hw/cxgb4/provider.c | 1 + drivers/infiniband/hw/mlx5/qp.c | 4 +- drivers/misc/sgi-gru/grukservices.c | 2 - drivers/misc/sgi-gru/grumain.c | 4 - drivers/misc/sgi-gru/grutlbpurge.c | 2 - drivers/net/ethernet/amd/mvme147.c | 7 +- drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 ++- drivers/net/gtp.c | 22 +-- drivers/net/netdevsim/fib.c | 4 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 7 +- drivers/net/wireless/ath/ath10k/wmi.c | 2 + drivers/net/wireless/broadcom/brcm80211/Kconfig | 1 + drivers/net/wireless/intel/iwlegacy/common.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 22 ++- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 +- drivers/scsi/scsi_transport_fc.c | 4 +- drivers/staging/iio/frequency/ad9832.c | 7 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/host/xhci-pci.c | 6 +- drivers/usb/host/xhci-ring.c | 16 +- drivers/usb/phy/phy.c | 2 +- drivers/usb/typec/class.c | 1 + fs/ksmbd/mgmt/user_session.c | 26 ++- fs/ksmbd/mgmt/user_session.h | 4 + fs/ksmbd/server.c | 2 + fs/ksmbd/smb2pdu.c | 8 +- fs/nfs/delegation.c | 5 + fs/nilfs2/namei.c | 3 + fs/nilfs2/page.c | 1 + fs/ntfs3/frecord.c | 4 +- fs/ntfs3/lznt.c | 3 + fs/ntfs3/namei.c | 2 +- fs/ntfs3/ntfs_fs.h | 2 +- fs/ocfs2/file.c | 8 + include/acpi/cppc_acpi.h | 2 +- include/net/ip_tunnels.h | 2 +- include/net/mac80211.h | 10 ++ include/trace/events/kmem.h | 14 +- kernel/bpf/lpm_trie.c | 2 +- kernel/cgroup/cgroup.c | 4 +- mm/internal.h | 13 +- mm/page_alloc.c | 185 +++++++++++++--------- mm/shmem.c | 2 + net/core/dev.c | 4 + net/mac80211/Kconfig | 2 +- net/mac80211/cfg.c | 3 +- net/mac80211/ieee80211_i.h | 3 + net/mac80211/key.c | 42 +++-- net/mac80211/mlme.c | 14 +- net/mac80211/util.c | 45 ++++-- net/netfilter/nft_payload.c | 3 + net/netfilter/x_tables.c | 2 +- net/sched/sch_api.c | 2 +- sound/soc/codecs/cs42l51.c | 7 +- tools/testing/selftests/vm/hmm-tests.c | 2 +- tools/usb/usbip/src/usbip_detach.c | 1 + 76 files changed, 481 insertions(+), 230 deletions(-)

3 months, 1 week

12
85
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror