- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.39 release. There are 165 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 16:35:06 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.39-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.39-rc2 Michael Jeanson <mjeanson(a)efficios.com> rseq: Fix segfault on registration when rseq_cs is non-zero Lukas Wunner <lukas(a)wunner.de> crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Mark Brown <broonie(a)kernel.org> arm64: Filter out SME hwcaps when FEAT_SME isn't implemented Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: revert the adjustment of the IRQ vector sequence Gao Xiang <xiang(a)kernel.org> erofs: fix rare pcluster memory leak after unmounting Willem de Bruijn <willemb(a)google.com> selftests/bpf: adapt one more case in test_lru_map to the new target_free Daniel J. Ogorchock <djogorchock(a)gmail.com> HID: nintendo: avoid bluetooth suspend/resume stalls Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Fangrui Song <i(a)maskray.me> riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment Willem de Bruijn <willemb(a)google.com> bpf: Adjust free target to avoid global starvation of LRU map Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Long Li <longli(a)microsoft.com> net: mana: Record doorbell physical address in PF mode Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Shuai Zhang <quic_shuaz(a)quicinc.com> driver: bluetooth: hci_qca:fix unable to load the BT driver Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Fengnan Chang <changfengnan(a)bytedance.com> io_uring: make fallocate be hashed work Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 Tamura Dai <kirinode0(a)gmail.com> ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Ronnie Sahlberg <rsahlberg(a)whamcloud.com> ublk: sanity check add_dev input for underflow Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add new prio for promiscuous mode Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix race between DIM disable and net_dim() Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() Hangbin Liu <liuhangbin(a)gmail.com> selftests: net: lib: fix shift count out of range Petr Machata <petrm(a)nvidia.com> selftests: net: lib: Move logging from forwarding/lib.sh here Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_readahead() Gao Xiang <xiang(a)kernel.org> erofs: refine readahead tracepoint Gao Xiang <xiang(a)kernel.org> erofs: tidy up zdata.c Gao Xiang <xiang(a)kernel.org> erofs: get rid of `z_erofs_next_pcluster_t` Chunhai Guo <guochunhai(a)vivo.com> erofs: free pclusters if no cached folio is attached Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Clear all LMTT pages on alloc Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau/gsp: fix potential leak of memory used during acpi init Felix Fietkau <nbd(a)nbd.name> wifi: rt2x00: fix remove callback type mismatch Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix non-transmitted BSSID profile search Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: correctly identify S1G short beacon Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: cfg80211: fix S1G beacon head validation in nl80211 David Howells <dhowells(a)redhat.com> netfs: Fix ref leak on inserted extra subreq in write retry Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count Gao Xiang <xiang(a)kernel.org> erofs: address D-cache aliasing Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Sascha Hauer <s.hauer(a)pengutronix.de> clk: scmi: Handle case where child clocks are initialized before their parents Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Mikhail Paulyshka <me(a)mixaill.net> x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Xiaolei Wang <xiaolei.wang(a)windriver.com> clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data Miguel Ojeda <ojeda(a)kernel.org> rust: init: allow `dead_code` warnings for Rust >= 1.89.0 Harry Yoo <harry.yoo(a)oracle.com> lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Alexander Gordeev <agordeev(a)linux.ibm.com> mm/vmalloc: leave lazy MMU mode on PTE mapping error Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts.py after maple tree conversion Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: de-reference per-CPU MCE interrupts Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts display after MCP on x86 Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: fix the inaccurate memory statistics issue for users Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Zhe Qiao <qiaozhe(a)iscas.ac.cn> Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Matthew Brost <matthew.brost(a)intel.com> drm/xe: Allocate PF queue size on pow2 boundary Thomas Zimmermann <tzimmermann(a)suse.de> drm/framebuffer: Acquire internal references on GEM handles Kuen-Han Tsai <khtsai(a)google.com> Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Matthew Brost <matthew.brost(a)intel.com> Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" Matthew Auld <matthew.auld(a)intel.com> drm/xe/bmg: fix compressed VRAM handling Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Acquire references on GEM handles for framebuffers Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Don't call mmput from MMU notifier callback Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Fix kernel crash when hard resetting the GPU Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong config for tx interrupt Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7921: prevent decap offload config before STA initialization Vitor Soares <vitor.soares(a)toradex.com> wifi: mwifiex: discard erroneous disassoc frames on STA interface Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Fix invalid state detection Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Haoxiang Li <haoxiang_li2024(a)163.com> net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Arun Raghavan <arun(a)asymptotic.io> ASoC: fsl_sai: Force a software reset when starting in consumer mode Thorsten Blum <thorsten.blum(a)linux.dev> ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Liam Merwick <liam.merwick(a)oracle.com> KVM: Allow CPU to reschedule while setting per-page memory attributes Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Nikunj A Dadhania <nikunj(a)amd.com> KVM: SVM: Add missing member in SNP_LAUNCH_START command structure David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Ensure user polling settings are honored when restarting timer Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct David Howells <dhowells(a)redhat.com> rxrpc: Fix bug due to prealloc collision Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Chintan Vankar <c-vankar(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Force predictable MDI-X state on LAN87xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap EricChan <chenchuangyu(a)xiaomi.com> net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Jiayuan Chen <jiayuan.chen(a)linux.dev> tcp: Correct signedness in skb remaining space calculation Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix `vsock_proto` declaration Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: move the WoL function to shared library Kevin Brodsky <kevin.brodsky(a)arm.com> arm64: poe: Handle spurious Overlay faults Jason Xing <kernelxing(a)tencent.com> bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL kuyo chang <kuyo.chang(a)mediatek.com> sched/deadline: Fix dl_server runtime calculation formula Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Clear GPIO debounce for suspend Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: probe() should fail if the device ID is not recognized Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Peter Zijlstra <peterz(a)infradead.org> sched/core: Fix migrate_swap() vs. hotplug Nam Cao <namcao(a)linutronix.de> irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix the WARN_ON_ONCE is out of lock protected region Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: add sof_sdw_get_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: soc-acpi: add get_function_tplg_files ops Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV Eric Biggers <ebiggers(a)kernel.org> crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 Flora Cui <flora.cui(a)amd.com> drm/amdgpu/ip_discovery: add missing ip_discovery fw Flora Cui <flora.cui(a)amd.com> drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Linus Torvalds <torvalds(a)linux-foundation.org> eventpoll: don't decrement ep refcount while still holding the ep mutex ------------- Diffstat: Documentation/bpf/map_hash.rst | 8 +- Documentation/bpf/map_lru_hash_update.dot | 6 +- Makefile | 4 +- arch/arm64/kernel/cpufeature.c | 45 ++-- arch/arm64/kernel/process.c | 5 + arch/arm64/mm/fault.c | 30 ++- arch/riscv/kernel/vdso/vdso.lds.S | 2 +- arch/s390/crypto/sha1_s390.c | 2 + arch/s390/crypto/sha256_s390.c | 3 + arch/s390/crypto/sha512_s390.c | 3 + arch/um/drivers/vector_kern.c | 42 ++-- arch/x86/Kconfig | 2 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 7 + arch/x86/kernel/cpu/mce/amd.c | 28 ++- arch/x86/kernel/cpu/mce/core.c | 24 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- crypto/ecc.c | 2 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/block/ublk_drv.c | 3 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/clk/clk-scmi.c | 20 +- drivers/clk/imx/clk-imx95-blk-ctl.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 30 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 ++-- drivers/gpu/drm/drm_framebuffer.c | 31 ++- drivers/gpu/drm/drm_gem.c | 74 +++++- drivers/gpu/drm/drm_internal.h | 2 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/imagination/pvr_power.c | 4 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 +- drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 + drivers/gpu/drm/xe/xe_lmtt.c | 11 + drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/gpu/drm/xe/xe_pci.c | 1 - drivers/gpu/drm/xe/xe_pm.c | 8 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-nintendo.c | 38 +++- drivers/hid/hid-quirks.c | 3 + drivers/irqchip/Kconfig | 1 + drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 1 + drivers/md/raid10.c | 10 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 +- drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 + drivers/net/ethernet/renesas/rtsn.c | 5 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 +- drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 3 +- drivers/net/phy/qcom/at803x.c | 27 --- drivers/net/phy/qcom/qca808x.c | 2 +- drivers/net/phy/qcom/qcom-phy-lib.c | 25 ++ drivers/net/phy/qcom/qcom.h | 5 + drivers/net/phy/smsc.c | 57 ++++- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/marvell/mwifiex/util.c | 4 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 +- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pci/pci-acpi.c | 23 +- drivers/pinctrl/pinctrl-amd.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/pwm/core.c | 2 +- drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/gadget/function/u_serial.c | 12 +- fs/btrfs/free-space-tree.c | 16 +- fs/erofs/data.c | 21 +- fs/erofs/decompressor.c | 12 +- fs/erofs/fileio.c | 6 +- fs/erofs/internal.h | 2 +- fs/erofs/zdata.c | 251 +++++++++----------- fs/erofs/zutil.c | 7 +- fs/eventpoll.c | 12 +- fs/netfs/write_collect.c | 2 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/proc/task_mmu.c | 14 +- fs/smb/server/smb2pdu.c | 29 +-- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/drm_framebuffer.h | 7 + include/drm/spsc_queue.h | 4 +- include/linux/ieee80211.h | 45 +++- include/linux/math.h | 12 + include/linux/mm.h | 5 + include/linux/psp-sev.h | 2 + include/net/af_vsock.h | 2 +- include/net/netfilter/nf_flow_table.h | 2 +- include/sound/soc-acpi.h | 13 ++ include/trace/events/erofs.h | 2 +- io_uring/opdef.c | 1 + kernel/bpf/bpf_lru_list.c | 9 +- kernel/bpf/bpf_lru_list.h | 1 + kernel/events/core.c | 6 +- kernel/rseq.c | 60 ++++- kernel/sched/core.c | 5 + kernel/sched/deadline.c | 10 +- kernel/stop_machine.c | 20 +- lib/alloc_tag.c | 3 + lib/maple_tree.c | 1 + mm/kasan/report.c | 13 +- mm/vmalloc.c | 22 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 ++++-- net/bluetooth/hci_event.c | 3 + net/bluetooth/hci_sync.c | 2 +- net/ipv4/tcp.c | 2 +- net/ipv6/addrconf.c | 9 +- net/mac80211/mlme.c | 7 +- net/mac80211/parse.c | 6 +- net/netlink/af_netlink.c | 90 +++++--- net/rxrpc/call_accept.c | 4 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 ++++- net/wireless/nl80211.c | 7 +- net/wireless/util.c | 52 ++++- rust/kernel/init/macros.rs | 2 + scripts/gdb/linux/constants.py.in | 7 + scripts/gdb/linux/interrupts.py | 16 +- scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++++ scripts/gdb/linux/xarray.py | 28 +++ sound/isa/ad1816a/ad1816a.c | 2 +- sound/pci/hda/patch_realtek.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/fsl/fsl_asrc.c | 3 +- sound/soc/fsl/fsl_sai.c | 14 +- sound/soc/intel/boards/Kconfig | 1 + sound/soc/intel/common/Makefile | 2 +- sound/soc/intel/common/soc-acpi-intel-arl-match.c | 66 +++++- sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++++++++ sound/soc/intel/common/sof-function-topology-lib.h | 15 ++ sound/soc/sof/intel/hda.c | 6 +- tools/arch/x86/include/asm/msr-index.h | 1 + tools/include/linux/kallsyms.h | 4 + tools/testing/selftests/bpf/test_lru_map.c | 105 ++++----- tools/testing/selftests/net/forwarding/lib.sh | 113 --------- tools/testing/selftests/net/lib.sh | 115 ++++++++++ virt/kvm/kvm_main.c | 3 + 175 files changed, 2014 insertions(+), 880 deletions(-)

3 months, 1 week

10
9
0 0

[PATCH 6.15 000/192] 6.15.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.7 release. There are 192 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 17 Jul 2025 13:07:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.7-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.7-rc1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potential use-after-free in oplock/lease break ack Nikunj A Dadhania <nikunj(a)amd.com> x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: revert the adjustment of the IRQ vector sequence Willem de Bruijn <willemb(a)google.com> selftests/bpf: adapt one more case in test_lru_map to the new target_free Daniel J. Ogorchock <djogorchock(a)gmail.com> HID: nintendo: avoid bluetooth suspend/resume stalls Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras Zhang Heng <zhangheng(a)kylinos.cn> HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY Fangrui Song <i(a)maskray.me> riscv: vdso: Exclude .rodata from the PT_DYNAMIC segment Willem de Bruijn <willemb(a)google.com> bpf: Adjust free target to avoid global starvation of LRU map Nicolas Pitre <npitre(a)baylibre.com> vt: add missing notification when switching back to text mode Filipe Manana <fdmanana(a)suse.com> btrfs: fix assertion when building free space tree Long Li <longli(a)microsoft.com> net: mana: Record doorbell physical address in PF mode Akira Inoue <niyarium(a)gmail.com> HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 Shuai Zhang <quic_shuaz(a)quicinc.com> driver: bluetooth: hci_qca:fix unable to load the BT driver Xiaowei Li <xiaowei.li(a)simcom.com> net: usb: qmi_wwan: add SIMCom 8230C composition Tim Crawford <tcrawford(a)system76.com> ALSA: hda/realtek: Add quirks for some Clevo laptops Yasmin Fitzgerald <sunoflife1.git(a)gmail.com> ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 Yuzuru10 <yuzuru_10(a)proton.me> ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic Fengnan Chang <changfengnan(a)bytedance.com> io_uring: make fallocate be hashed work Chris Chiu <chris.chiu(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 6 G1a Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 Jack Yu <jack.yu(a)realtek.com> ASoC: rt721-sdca: fix boost gain calculation error Tamura Dai <kirinode0(a)gmail.com> ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Reduce stack usage in vector_eth_configure() Thomas Fourier <fourier.thomas(a)gmail.com> atm: idt77252: Add missing `dma_map_error()` Ronnie Sahlberg <rsahlberg(a)whamcloud.com> ublk: sanity check add_dev input for underflow Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT Shruti Parab <shruti.parab(a)broadcom.com> bnxt_en: Flush FW trace before copying to the coredump Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix DCB ETS validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Add new prio for promiscuous mode Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Fix race between DIM disable and net_dim() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Reset bw_share field when changing a node's parent Sean Nyekjaer <sean(a)geanix.com> can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/pm: Restore display pm if there is error after display suspend Hangbin Liu <liuhangbin(a)gmail.com> selftests: net: lib: fix shift count out of range Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: limit 100M workaround to link-down events on LAN88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits Mingming Cao <mmc(a)linux.ibm.com> ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof Kito Xu <veritas501(a)foxmail.com> net: appletalk: Fix device refcount leak in atrtr_create() Eric Dumazet <edumazet(a)google.com> netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: mac80211: add the virtual monitor after reconfig complete Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_readahead() Gao Xiang <xiang(a)kernel.org> erofs: refine readahead tracepoint Michal Wajdeczko <michal.wajdeczko(a)intel.com> drm/xe/pf: Clear all LMTT pages on alloc Pankaj Raghav <p.raghav(a)samsung.com> block: reject bs > ps block devices when THP is disabled Zheng Qixing <zhengqixing(a)huawei.com> nbd: fix uaf in nbd_genl_connect() error path Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Remove RCU section in mt7996_mac_sta_rc_work() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Move RCU section in mt7996_mcu_add_rate_ctrl() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Move RCU section in mt7996_mcu_add_rate_ctrl_fixed() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Move RCU section in mt7996_mcu_set_fixed_field() Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: Assume __mt76_connac_mcu_alloc_sta_req runs in atomic context Ben Skeggs <bskeggs(a)nvidia.com> drm/nouveau/gsp: fix potential leak of memory used during acpi init Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: fix pp destruction warnings Felix Fietkau <nbd(a)nbd.name> wifi: rt2x00: fix remove callback type mismatch Moon Hee Lee <moonhee.lee.ca(a)gmail.com> wifi: mac80211: reject VHT opmode for unsupported channel widths Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix non-transmitted BSSID profile search Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: correctly identify S1G short beacon Zheng Qixing <zhengqixing(a)huawei.com> md/raid1,raid10: strip REQ_NOWAIT from member bios Nigel Croxon <ncroxon(a)redhat.com> raid10: cleanup memleak at raid10_make_request Wang Jinchao <wangjinchao600(a)gmail.com> md/raid1: Fix stack memory use after return in raid1_reshape Mikko Perttunen <mperttunen(a)nvidia.com> drm/tegra: nvdec: Fix dma_alloc_coherent error check Daniil Dulov <d.dulov(a)aladdin.ru> wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: cfg80211: fix S1G beacon head validation in nl80211 Jakub Kicinski <kuba(a)kernel.org> netlink: make sure we allow at least one dump skb Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix rmem check in netlink_broadcast_deliver(). Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count Gao Xiang <xiang(a)kernel.org> erofs: fix large fragment handling Gao Xiang <xiang(a)kernel.org> erofs: address D-cache aliasing Chao Yu <chao(a)kernel.org> erofs: fix to add missing tracepoint in erofs_read_folio() Al Viro <viro(a)zeniv.linux.org.uk> ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() Stefan Metzmacher <metze(a)samba.org> smb: server: make use of rdma_destroy_qp() Sascha Hauer <s.hauer(a)pengutronix.de> clk: scmi: Handle case where child clocks are initialized before their parents Julien Massot <julien.massot(a)collabora.com> dt-bindings: clock: mediatek: Add #reset-cells property for MT8188 Mikhail Paulyshka <me(a)mixaill.net> x86/CPU/AMD: Disable INVLPGB on Zen2 Jann Horn <jannh(a)google.com> x86/mm: Disable hugetlb page table sharing on 32-bit Mikhail Paulyshka <me(a)mixaill.net> x86/rdrand: Disable RDSEED on AMD Cyan Skillfish Xiaolei Wang <xiaolei.wang(a)windriver.com> clk: imx: Fix an out-of-bounds access in dispmix_csr_clk_dev_data Harry Yoo <harry.yoo(a)oracle.com> lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() Honggyu Kim <honggyu.kim(a)sk.com> samples/damon: fix damon sample wsse for start failure Honggyu Kim <honggyu.kim(a)sk.com> samples/damon: fix damon sample prcl for start failure Honggyu Kim <honggyu.kim(a)sk.com> mm/damon: fix divide by zero in damon_get_intervals_score() SeongJae Park <sj(a)kernel.org> mm/damon/core: handle damon_call_control as normal under kdmond deactivation Lance Yang <lance.yang(a)linux.dev> mm/rmap: fix potential out-of-bounds page table access during batched unmap Alexander Gordeev <agordeev(a)linux.ibm.com> mm/vmalloc: leave lazy MMU mode on PTE mapping error Illia Ostapyshyn <illia(a)yshyn.com> scripts: gdb: vfs: support external dentry names Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts.py after maple tree conversion Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: de-reference per-CPU MCE interrupts Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix interrupts display after MCP on x86 Baolin Wang <baolin.wang(a)linux.alibaba.com> mm: fix the inaccurate memory statistics issue for users Wei Yang <richard.weiyang(a)gmail.com> maple_tree: fix mt_destroy_walk() on root leaf node Yeoreum Yun <yeoreum.yun(a)arm.com> kasan: remove kasan_find_vm_area() to prevent possible deadlock Achill Gilgenast <fossdd(a)pwned.life> kallsyms: fix build without execinfo Zhe Qiao <qiaozhe(a)iscas.ac.cn> Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "ACPI: battery: negate current when discharging" Matthew Brost <matthew.brost(a)intel.com> drm/xe: Allocate PF queue size on pow2 boundary Thomas Zimmermann <tzimmermann(a)suse.de> drm/framebuffer: Acquire internal references on GEM handles Kuen-Han Tsai <khtsai(a)google.com> Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: u_serial: Fix race condition in TTY wakeup Aaron Thompson <dev(a)aaront.org> drm/nouveau: Do not fail module init on debugfs errors Matthew Brost <matthew.brost(a)intel.com> Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" Matthew Auld <matthew.auld(a)intel.com> drm/xe/bmg: fix compressed VRAM handling Simona Vetter <simona.vetter(a)ffwll.ch> drm/gem: Fix race in drm_gem_handle_create_tail() Christian König <christian.koenig(a)amd.com> drm/ttm: fix error handling in ttm_buffer_object_transfer Matthew Brost <matthew.brost(a)intel.com> drm/sched: Increment job count before swapping tail spsc queue Thomas Zimmermann <tzimmermann(a)suse.de> drm/gem: Acquire references on GEM handles for framebuffers Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: add hqd_sdma_get_doorbell callbacks for gfx7/8 Kent Russell <kent.russell(a)amd.com> drm/amdgpu: Include sdma_4_4_4.bin Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Don't call mmput from MMU notifier callback Alessio Belle <alessio.belle(a)imgtec.com> drm/imagination: Fix kernel crash when hard resetting the GPU Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix the wrong config for tx interrupt Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() Deren Wu <deren.wu(a)mediatek.com> wifi: mt76: mt7921: prevent decap offload config before STA initialization Vitor Soares <vitor.soares(a)toradex.com> wifi: mwifiex: discard erroneous disassoc frames on STA interface Mathy Vanhoef <Mathy.Vanhoef(a)kuleuven.be> wifi: prevent A-MSDU attacks in mesh networks Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Ensure to disable clocks in error path Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Fix invalid state detection Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: qcom: msm: mark certain pins as invalid for interrupts Miquel Raynal <miquel.raynal(a)bootlin.com> pinctrl: nuvoton: Fix boot on ma35dx platforms Håkon Bugge <haakon.bugge(a)oracle.com> md/md-bitmap: fix GPF in bitmap_get_stats() Hugo Villeneuve <hvilleneuve(a)dimonoff.com> gpiolib: fix performance regression when using gpio_chip_get_multiple() Haoxiang Li <haoxiang_li2024(a)163.com> net: ethernet: rtsn: Fix a null pointer dereference in rtsn_probe() Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 multicast route creation. Jens Axboe <axboe(a)kernel.dk> io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU Arun Raghavan <arun(a)asymptotic.io> ASoC: fsl_sai: Force a software reset when starting in consumer mode Mark Brown <broonie(a)kernel.org> arm64: Filter out SME hwcaps when FEAT_SME isn't implemented Edip Hazuri <edip(a)medip.dev> ALSA: hda/realtek - Add mute LED support for HP Victus 15-fb2xxx Thorsten Blum <thorsten.blum(a)linux.dev> ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> sched: Fix preemption string of preempt_dynamic_none Liam Merwick <liam.merwick(a)oracle.com> KVM: Allow CPU to reschedule while setting per-page memory attributes Sean Christopherson <seanjc(a)google.com> KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Nikunj A Dadhania <nikunj(a)amd.com> KVM: SVM: Add missing member in SNP_LAUNCH_START command structure Manuel Andreas <manuel.andreas(a)tum.de> KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. JP Kobryn <inwardvessel(a)gmail.com> x86/mce: Make sure CMCI banks are cleared during shutdown on Intel Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Ensure user polling settings are honored when restarting timer Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce: Don't remove sysfs if thresholding sysfs init fails Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Fix threshold limit reset Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Dan Carpenter <dan.carpenter(a)linaro.org> ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() David Howells <dhowells(a)redhat.com> rxrpc: Fix oops due to non-existence of prealloc backlog struct Eric Biggers <ebiggers(a)kernel.org> crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 David Howells <dhowells(a)redhat.com> rxrpc: Fix bug due to prealloc collision Victor Nogueira <victor(a)mojatatu.com> net/sched: Abort __tc_modify_qdisc if parent class does not exist Chintan Vankar <c-vankar(a)ti.com> net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info Yue Haibing <yuehaibing(a)huawei.com> atm: clip: Fix NULL pointer dereference in vcc_sendmsg() Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix infinite recursive call of clip_push(). Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix memory leak of struct clip_vcc. Kuniyuki Iwashima <kuniyu(a)google.com> atm: clip: Fix potential null-ptr-deref in to_atmarpd(). Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix link failure in forced mode with Auto-MDIX Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Force predictable MDI-X state on LAN87xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap EricChan <chenchuangyu(a)xiaomi.com> net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 Petr Pavlu <petr.pavlu(a)suse.com> module: Fix memory deallocation on error path in move_module() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: airoha: Fix an error handling path in airoha_probe() Michal Luczaj <mhal(a)rbox.co> vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_* TOCTOU Michal Luczaj <mhal(a)rbox.co> vsock: Fix transport_{g2h,h2g} TOCTOU Jiayuan Chen <jiayuan.chen(a)linux.dev> tcp: Correct signedness in skb remaining space calculation Kuniyuki Iwashima <kuniyu(a)google.com> tipc: Fix use-after-free in tipc_conn_close(). Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix `vsock_proto` declaration Kuniyuki Iwashima <kuniyu(a)google.com> netlink: Fix wraparounds of sk->sk_rmem_alloc. Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() Luo Jie <quic_luoj(a)quicinc.com> net: phy: qcom: move the WoL function to shared library Anshuman Khandual <anshuman.khandual(a)arm.com> arm64/mm: Drop wrong writes into TCR2_EL1 Kevin Brodsky <kevin.brodsky(a)arm.com> arm64: poe: Handle spurious Overlay faults Jason Xing <kernelxing(a)tencent.com> bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL kuyo chang <kuyo.chang(a)mediatek.com> sched/deadline: Fix dl_server runtime calculation formula Al Viro <viro(a)zeniv.linux.org.uk> fix proc_sys_compare() handling of in-lookup dentries Mario Limonciello <mario.limonciello(a)amd.com> pinctrl: amd: Clear GPIO debounce for suspend Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix attempting to send HCI_Disconnect to BIS handle Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Remove check of BDADDR_ANY in hci_conn_hash_lookup_big_state Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not disabling advertising instance Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: probe() should fail if the device ID is not recognized Peter Zijlstra <peterz(a)infradead.org> perf: Revert to requiring CAP_SYS_ADMIN for uprobes Heiko Carstens <hca(a)linux.ibm.com> objtool: Add missing endian conversion to read_annotate() Peter Zijlstra <peterz(a)infradead.org> sched/core: Fix migrate_swap() vs. hotplug Nam Cao <namcao(a)linutronix.de> irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ Shiju Jose <shiju.jose(a)huawei.com> EDAC: Initialize EDAC features sysfs attributes Luo Gengkun <luogengkun(a)huaweicloud.com> perf/core: Fix the WARN_ON_ONCE is out of lock protected region Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: add sof_sdw_get_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: soc-acpi: add get_function_tplg_files ops Bard Liao <yung-chuan.liao(a)linux.intel.com> ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling Linus Torvalds <torvalds(a)linux-foundation.org> eventpoll: don't decrement ep refcount while still holding the ep mutex ------------- Diffstat: Documentation/bpf/map_hash.rst | 8 +- Documentation/bpf/map_lru_hash_update.dot | 6 +- .../bindings/clock/mediatek,mt8188-clock.yaml | 3 + Makefile | 4 +- arch/arm64/kernel/cpufeature.c | 57 +++-- arch/arm64/kernel/process.c | 5 + arch/arm64/mm/fault.c | 30 ++- arch/arm64/mm/proc.S | 1 - arch/riscv/kernel/vdso/vdso.lds.S | 2 +- arch/s390/crypto/sha1_s390.c | 2 + arch/s390/crypto/sha256_s390.c | 3 + arch/s390/crypto/sha512_s390.c | 3 + arch/um/drivers/vector_kern.c | 42 ++-- arch/x86/Kconfig | 2 +- arch/x86/coco/sev/core.c | 22 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/sev.h | 17 +- arch/x86/kernel/cpu/amd.c | 10 + arch/x86/kernel/cpu/mce/amd.c | 28 ++- arch/x86/kernel/cpu/mce/core.c | 24 +- arch/x86/kernel/cpu/mce/intel.c | 1 + arch/x86/kvm/hyperv.c | 3 + arch/x86/kvm/svm/sev.c | 4 + arch/x86/kvm/xen.c | 15 +- drivers/acpi/battery.c | 19 +- drivers/atm/idt77252.c | 5 + drivers/block/nbd.c | 6 +- drivers/block/ublk_drv.c | 3 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/char/ipmi/ipmi_msghandler.c | 3 +- drivers/clk/clk-scmi.c | 20 +- drivers/clk/imx/clk-imx95-blk-ctl.c | 12 +- drivers/edac/ecs.c | 4 +- drivers/edac/mem_repair.c | 1 + drivers/edac/scrub.c | 1 + drivers/gpio/gpiolib.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v8.c | 8 + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 43 ++-- drivers/gpu/drm/drm_framebuffer.c | 31 ++- drivers/gpu/drm/drm_gem.c | 74 +++++- drivers/gpu/drm/drm_internal.h | 2 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 4 + drivers/gpu/drm/imagination/pvr_power.c | 4 +- drivers/gpu/drm/nouveau/nouveau_debugfs.c | 6 +- drivers/gpu/drm/nouveau/nouveau_debugfs.h | 5 +- drivers/gpu/drm/nouveau/nouveau_drm.c | 4 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 20 +- drivers/gpu/drm/tegra/nvdec.c | 6 +- drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +- drivers/gpu/drm/xe/xe_gt_pagefault.c | 1 + drivers/gpu/drm/xe/xe_lmtt.c | 11 + drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/gpu/drm/xe/xe_pci.c | 1 - drivers/gpu/drm/xe/xe_pm.c | 11 +- drivers/hid/hid-ids.h | 6 + drivers/hid/hid-lenovo.c | 8 + drivers/hid/hid-multitouch.c | 8 +- drivers/hid/hid-nintendo.c | 38 +++- drivers/hid/hid-quirks.c | 3 + drivers/irqchip/Kconfig | 1 + drivers/md/md-bitmap.c | 3 +- drivers/md/raid1.c | 4 +- drivers/md/raid10.c | 12 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/ethernet/airoha/airoha_eth.c | 1 + drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c | 18 +- drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 2 + drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.h | 8 +- drivers/net/ethernet/mellanox/mlx5/core/en/fs.h | 9 +- drivers/net/ethernet/mellanox/mlx5/core/en_dim.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 13 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 3 + drivers/net/ethernet/renesas/rtsn.c | 5 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 24 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 4 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 16 +- drivers/net/ethernet/wangxun/libwx/wx_type.h | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 2 +- drivers/net/ethernet/wangxun/ngbe/ngbe_type.h | 2 +- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 4 +- drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 4 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/phy/microchip.c | 3 +- drivers/net/phy/qcom/at803x.c | 27 --- drivers/net/phy/qcom/qca808x.c | 2 +- drivers/net/phy/qcom/qcom-phy-lib.c | 25 ++ drivers/net/phy/qcom/qcom.h | 5 + drivers/net/phy/smsc.c | 57 ++++- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/marvell/mwifiex/util.c | 4 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7921/main.c | 3 + drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7925/main.c | 6 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7925/regs.h | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 40 +--- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 188 ++++++++++----- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 16 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt2x00soc.h | 2 +- drivers/net/wireless/zydas/zd1211rw/zd_mac.c | 6 +- drivers/pci/pci-acpi.c | 23 +- drivers/pinctrl/nuvoton/pinctrl-ma35.c | 10 +- drivers/pinctrl/pinctrl-amd.c | 11 + drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++ drivers/pwm/core.c | 2 +- drivers/pwm/pwm-mediatek.c | 13 +- drivers/tty/vt/vt.c | 1 + drivers/usb/gadget/function/u_serial.c | 12 +- fs/btrfs/free-space-tree.c | 16 +- fs/erofs/data.c | 21 +- fs/erofs/decompressor.c | 12 +- fs/erofs/fileio.c | 6 +- fs/erofs/internal.h | 6 +- fs/erofs/zdata.c | 13 +- fs/erofs/zmap.c | 9 +- fs/eventpoll.c | 12 +- fs/proc/inode.c | 2 +- fs/proc/proc_sysctl.c | 18 +- fs/proc/task_mmu.c | 14 +- fs/smb/server/smb2pdu.c | 29 +-- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/vfs.c | 1 + include/drm/drm_file.h | 3 + include/drm/drm_framebuffer.h | 7 + include/drm/spsc_queue.h | 4 +- include/linux/blkdev.h | 5 + include/linux/ieee80211.h | 45 +++- include/linux/io_uring_types.h | 2 + include/linux/mm.h | 5 + include/linux/psp-sev.h | 2 + include/net/af_vsock.h | 2 +- include/net/bluetooth/hci_core.h | 3 +- include/net/netfilter/nf_flow_table.h | 2 +- include/sound/soc-acpi.h | 13 ++ include/trace/events/erofs.h | 2 +- io_uring/msg_ring.c | 4 +- io_uring/opdef.c | 1 + io_uring/zcrx.c | 3 - kernel/bpf/bpf_lru_list.c | 9 +- kernel/bpf/bpf_lru_list.h | 1 + kernel/events/core.c | 6 +- kernel/module/main.c | 4 +- kernel/sched/core.c | 7 +- kernel/sched/deadline.c | 10 +- kernel/stop_machine.c | 20 +- lib/alloc_tag.c | 3 + lib/maple_tree.c | 1 + mm/damon/core.c | 8 +- mm/kasan/report.c | 45 +--- mm/rmap.c | 46 ++-- mm/vmalloc.c | 22 +- net/appletalk/ddp.c | 1 + net/atm/clip.c | 64 ++++-- net/bluetooth/hci_event.c | 3 + net/bluetooth/hci_sync.c | 4 +- net/ipv4/tcp.c | 2 +- net/ipv6/addrconf.c | 9 +- net/mac80211/cfg.c | 14 ++ net/mac80211/mlme.c | 7 +- net/mac80211/parse.c | 6 +- net/mac80211/util.c | 9 +- net/netlink/af_netlink.c | 90 +++++--- net/rxrpc/call_accept.c | 4 + net/sched/sch_api.c | 23 +- net/tipc/topsrv.c | 2 + net/vmw_vsock/af_vsock.c | 57 ++++- net/wireless/nl80211.c | 7 +- net/wireless/util.c | 52 ++++- samples/damon/prcl.c | 8 +- samples/damon/wsse.c | 8 +- scripts/gdb/linux/constants.py.in | 7 + scripts/gdb/linux/interrupts.py | 16 +- scripts/gdb/linux/mapletree.py | 252 +++++++++++++++++++++ scripts/gdb/linux/vfs.py | 2 +- scripts/gdb/linux/xarray.py | 28 +++ sound/isa/ad1816a/ad1816a.c | 2 +- sound/pci/hda/patch_realtek.c | 10 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 2 +- sound/soc/codecs/rt721-sdca.c | 23 +- sound/soc/fsl/fsl_asrc.c | 3 +- sound/soc/fsl/fsl_sai.c | 14 +- sound/soc/intel/boards/Kconfig | 1 + sound/soc/intel/common/Makefile | 2 +- sound/soc/intel/common/soc-acpi-intel-arl-match.c | 21 +- sound/soc/intel/common/sof-function-topology-lib.c | 136 +++++++++++ sound/soc/intel/common/sof-function-topology-lib.h | 15 ++ sound/soc/sof/intel/hda.c | 6 +- tools/arch/x86/include/asm/msr-index.h | 1 + tools/include/linux/kallsyms.h | 4 + tools/objtool/check.c | 1 + tools/testing/selftests/bpf/test_lru_map.c | 105 ++++----- tools/testing/selftests/net/lib.sh | 2 +- virt/kvm/kvm_main.c | 3 + 203 files changed, 2012 insertions(+), 833 deletions(-)

3 months, 1 week

20
212
0 0

[PATCH net v2 5/5] rxrpc: Fix to use conn aborts for conn-wide failures

by David Howells

Fix rxrpc to use connection-level aborts for things that affect the whole connection, such as the service ID not matching a local service. Fixes: 57af281e5389 ("rxrpc: Tidy up abort generation infrastructure") Reported-by: Jeffrey Altman <jaltman(a)auristor.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- Notes: Changes ======= ver #2) - Moved trace note declaration out to earlier patch that uses it net/rxrpc/ar-internal.h | 3 +++ net/rxrpc/call_accept.c | 12 ++++++------ net/rxrpc/io_thread.c | 14 ++++++++++++++ net/rxrpc/output.c | 19 ++++++++++--------- net/rxrpc/security.c | 8 ++++---- 5 files changed, 37 insertions(+), 19 deletions(-) diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index df1a618dbf7d..5b7342d43486 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -44,6 +44,7 @@ enum rxrpc_skb_mark { RXRPC_SKB_MARK_SERVICE_CONN_SECURED, /* Service connection response has been verified */ RXRPC_SKB_MARK_REJECT_BUSY, /* Reject with BUSY */ RXRPC_SKB_MARK_REJECT_ABORT, /* Reject with ABORT (code in skb->priority) */ + RXRPC_SKB_MARK_REJECT_CONN_ABORT, /* Reject with connection ABORT (code in skb->priority) */ }; /* @@ -1253,6 +1254,8 @@ int rxrpc_encap_rcv(struct sock *, struct sk_buff *); void rxrpc_error_report(struct sock *); bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, s32 abort_code, int err); +bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, + s32 abort_code, int err); int rxrpc_io_thread(void *data); void rxrpc_post_response(struct rxrpc_connection *conn, struct sk_buff *skb); static inline void rxrpc_wake_up_io_thread(struct rxrpc_local *local) diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index a4d76f2da684..00982a030744 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -374,8 +374,8 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, spin_lock(&rx->incoming_lock); if (rx->sk.sk_state == RXRPC_SERVER_LISTEN_DISABLED || rx->sk.sk_state == RXRPC_CLOSE) { - rxrpc_direct_abort(skb, rxrpc_abort_shut_down, - RX_INVALID_OPERATION, -ESHUTDOWN); + rxrpc_direct_conn_abort(skb, rxrpc_abort_shut_down, + RX_INVALID_OPERATION, -ESHUTDOWN); goto no_call; } @@ -422,12 +422,12 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, unsupported_service: read_unlock_irq(&local->services_lock); - return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered, - RX_INVALID_OPERATION, -EOPNOTSUPP); + return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered, + RX_INVALID_OPERATION, -EOPNOTSUPP); unsupported_security: read_unlock_irq(&local->services_lock); - return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered, - RX_INVALID_OPERATION, -EKEYREJECTED); + return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered, + RX_INVALID_OPERATION, -EKEYREJECTED); no_call: spin_unlock(&rx->incoming_lock); read_unlock_irq(&local->services_lock); diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c index 27b650d30f4d..e939ecf417c4 100644 --- a/net/rxrpc/io_thread.c +++ b/net/rxrpc/io_thread.c @@ -97,6 +97,20 @@ bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, return false; } +/* + * Directly produce a connection abort from a packet. + */ +bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, + s32 abort_code, int err) +{ + struct rxrpc_skb_priv *sp = rxrpc_skb(skb); + + trace_rxrpc_abort(0, why, sp->hdr.cid, 0, sp->hdr.seq, abort_code, err); + skb->mark = RXRPC_SKB_MARK_REJECT_CONN_ABORT; + skb->priority = abort_code; + return false; +} + static bool rxrpc_bad_message(struct sk_buff *skb, enum rxrpc_abort_reason why) { return rxrpc_direct_abort(skb, why, RX_PROTOCOL_ERROR, -EBADMSG); diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index 17c33b5cf7dd..8b5903b6e481 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -829,7 +829,13 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) msg.msg_controllen = 0; msg.msg_flags = 0; - memset(&whdr, 0, sizeof(whdr)); + whdr = (struct rxrpc_wire_header) { + .epoch = htonl(sp->hdr.epoch), + .cid = htonl(sp->hdr.cid), + .callNumber = htonl(sp->hdr.callNumber), + .serviceId = htons(sp->hdr.serviceId), + .flags = ~sp->hdr.flags & RXRPC_CLIENT_INITIATED, + }; switch (skb->mark) { case RXRPC_SKB_MARK_REJECT_BUSY: @@ -837,6 +843,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) size = sizeof(whdr); ioc = 1; break; + case RXRPC_SKB_MARK_REJECT_CONN_ABORT: + whdr.callNumber = 0; + fallthrough; case RXRPC_SKB_MARK_REJECT_ABORT: whdr.type = RXRPC_PACKET_TYPE_ABORT; code = htonl(skb->priority); @@ -850,14 +859,6 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) if (rxrpc_extract_addr_from_skb(&srx, skb) == 0) { msg.msg_namelen = srx.transport_len; - whdr.epoch = htonl(sp->hdr.epoch); - whdr.cid = htonl(sp->hdr.cid); - whdr.callNumber = htonl(sp->hdr.callNumber); - whdr.serviceId = htons(sp->hdr.serviceId); - whdr.flags = sp->hdr.flags; - whdr.flags ^= RXRPC_CLIENT_INITIATED; - whdr.flags &= RXRPC_CLIENT_INITIATED; - iov_iter_kvec(&msg.msg_iter, WRITE, iov, ioc, size); ret = do_udp_sendmsg(local->socket, &msg, size); if (ret < 0) diff --git a/net/rxrpc/security.c b/net/rxrpc/security.c index 078d91a6b77f..2bfbf2b2bb37 100644 --- a/net/rxrpc/security.c +++ b/net/rxrpc/security.c @@ -140,15 +140,15 @@ const struct rxrpc_security *rxrpc_get_incoming_security(struct rxrpc_sock *rx, sec = rxrpc_security_lookup(sp->hdr.securityIndex); if (!sec) { - rxrpc_direct_abort(skb, rxrpc_abort_unsupported_security, - RX_INVALID_OPERATION, -EKEYREJECTED); + rxrpc_direct_conn_abort(skb, rxrpc_abort_unsupported_security, + RX_INVALID_OPERATION, -EKEYREJECTED); return NULL; } if (sp->hdr.securityIndex != RXRPC_SECURITY_NONE && !rx->securities) { - rxrpc_direct_abort(skb, rxrpc_abort_no_service_key, - sec->no_key_abort, -EKEYREJECTED); + rxrpc_direct_conn_abort(skb, rxrpc_abort_no_service_key, + sec->no_key_abort, -EKEYREJECTED); return NULL; }

3 months, 1 week

1
0
0 0

[PATCH net v2 4/5] rxrpc: Fix transmission of an abort in response to an abort

by David Howells

Under some circumstances, such as when a server socket is closing, ABORT packets will be generated in response to incoming packets. Unfortunately, this also may include generating aborts in response to incoming aborts - which may cause a cycle. It appears this may be made possible by giving the client a multicast address. Fix this such that rxrpc_reject_packet() will refuse to generate aborts in response to aborts. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Linus Torvalds <torvalds(a)linux-foundation.org> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- net/rxrpc/output.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index ef7b3096c95e..17c33b5cf7dd 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -814,6 +814,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) __be32 code; int ret, ioc; + if (sp->hdr.type == RXRPC_PACKET_TYPE_ABORT) + return; /* Never abort an abort. */ + rxrpc_see_skb(skb, rxrpc_skb_see_reject); iov[0].iov_base = &whdr;

3 months, 1 week

1
0
0 0

[PATCH net v2 3/5] rxrpc: Fix notification vs call-release vs recvmsg

by David Howells

When a call is released, rxrpc takes the spinlock and removes it from ->recvmsg_q in an effort to prevent racing recvmsg() invocations from seeing the same call. Now, rxrpc_recvmsg() only takes the spinlock when actually removing a call from the queue; it doesn't, however, take it in the lead up to that when it checks to see if the queue is empty. It *does* hold the socket lock, which prevents a recvmsg/recvmsg race - but this doesn't prevent sendmsg from ending the call because sendmsg() drops the socket lock and relies on the call->user_mutex. Fix this by firstly removing the bit in rxrpc_release_call() that dequeues the released call and, instead, rely on recvmsg() to simply discard released calls (done in a preceding fix). Secondly, rxrpc_notify_socket() is abandoned if the call is already marked as released rather than trying to be clever by setting both pointers in call->recvmsg_link to NULL to trick list_empty(). This isn't perfect and can still race, resulting in a released call on the queue, but recvmsg() will now clean that up. Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- Notes: Changes ======= ver #2) - Moved in missing trace note declaration from later patch include/trace/events/rxrpc.h | 3 ++- net/rxrpc/call_object.c | 28 ++++++++++++---------------- net/rxrpc/recvmsg.c | 4 ++++ 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index e7dcfb1369b6..de6f6d25767c 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -322,10 +322,10 @@ EM(rxrpc_call_put_kernel, "PUT kernel ") \ EM(rxrpc_call_put_poke, "PUT poke ") \ EM(rxrpc_call_put_recvmsg, "PUT recvmsg ") \ + EM(rxrpc_call_put_release_recvmsg_q, "PUT rls-rcmq") \ EM(rxrpc_call_put_release_sock, "PUT rls-sock") \ EM(rxrpc_call_put_release_sock_tba, "PUT rls-sk-a") \ EM(rxrpc_call_put_sendmsg, "PUT sendmsg ") \ - EM(rxrpc_call_put_unnotify, "PUT unnotify") \ EM(rxrpc_call_put_userid_exists, "PUT u-exists") \ EM(rxrpc_call_put_userid, "PUT user-id ") \ EM(rxrpc_call_see_accept, "SEE accept ") \ @@ -338,6 +338,7 @@ EM(rxrpc_call_see_disconnected, "SEE disconn ") \ EM(rxrpc_call_see_distribute_error, "SEE dist-err") \ EM(rxrpc_call_see_input, "SEE input ") \ + EM(rxrpc_call_see_notify_released, "SEE nfy-rlsd") \ EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \ EM(rxrpc_call_see_release, "SEE release ") \ EM(rxrpc_call_see_userid_exists, "SEE u-exists") \ diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c index 15067ff7b1f2..918f41d97a2f 100644 --- a/net/rxrpc/call_object.c +++ b/net/rxrpc/call_object.c @@ -561,7 +561,7 @@ static void rxrpc_cleanup_rx_buffers(struct rxrpc_call *call) void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) { struct rxrpc_connection *conn = call->conn; - bool put = false, putu = false; + bool putu = false; _enter("{%d,%d}", call->debug_id, refcount_read(&call->ref)); @@ -573,23 +573,13 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) rxrpc_put_call_slot(call); - /* Make sure we don't get any more notifications */ + /* Note that at this point, the call may still be on or may have been + * added back on to the socket receive queue. recvmsg() must discard + * released calls. The CALL_RELEASED flag should prevent further + * notifications. + */ spin_lock_irq(&rx->recvmsg_lock); - - if (!list_empty(&call->recvmsg_link)) { - _debug("unlinking once-pending call %p { e=%lx f=%lx }", - call, call->events, call->flags); - list_del(&call->recvmsg_link); - put = true; - } - - /* list_empty() must return false in rxrpc_notify_socket() */ - call->recvmsg_link.next = NULL; - call->recvmsg_link.prev = NULL; - spin_unlock_irq(&rx->recvmsg_lock); - if (put) - rxrpc_put_call(call, rxrpc_call_put_unnotify); write_lock(&rx->call_lock); @@ -638,6 +628,12 @@ void rxrpc_release_calls_on_socket(struct rxrpc_sock *rx) rxrpc_put_call(call, rxrpc_call_put_release_sock); } + while ((call = list_first_entry_or_null(&rx->recvmsg_q, + struct rxrpc_call, recvmsg_link))) { + list_del_init(&call->recvmsg_link); + rxrpc_put_call(call, rxrpc_call_put_release_recvmsg_q); + } + _leave(""); } diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index 6990e37697de..7fa7e77f6bb9 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -29,6 +29,10 @@ void rxrpc_notify_socket(struct rxrpc_call *call) if (!list_empty(&call->recvmsg_link)) return; + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_notify_released); + return; + } rcu_read_lock();

3 months, 1 week

1
0
0 0

[PATCH net v2 2/5] rxrpc: Fix recv-recv race of completed call

by David Howells

If a call receives an event (such as incoming data), the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up the call off of the queue, further events will cause it to be requeued, and once the socket lock is dropped (recvmsg uses call->user_mutex to allow the socket to be used in parallel), a second thread can come in and its recvmsg can pop the call off the socket queue again. In such a case, the first thread will be receiving stuff from the call and the second thread will be blocked on call->user_mutex. The first thread can, at this point, process both the event that it picked call for and the event that the second thread picked the call for and may see the call terminate - in which case the call will be "released", decoupling the call from the user call ID assigned to it (RXRPC_USER_CALL_ID in the control message). The first thread will return okay, but then the second thread will wake up holding the user_mutex and, if it sees that the call has been released by the first thread, it will BUG thusly: kernel BUG at net/rxrpc/recvmsg.c:474! Fix this by just dequeuing the call and ignoring it if it is seen to be already released. We can't tell userspace about it anyway as the user call ID has become stale. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Reported-by: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- include/trace/events/rxrpc.h | 3 +++ net/rxrpc/call_accept.c | 1 + net/rxrpc/recvmsg.c | 19 +++++++++++++++++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index 378d2dfc7392..e7dcfb1369b6 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -330,12 +330,15 @@ EM(rxrpc_call_put_userid, "PUT user-id ") \ EM(rxrpc_call_see_accept, "SEE accept ") \ EM(rxrpc_call_see_activate_client, "SEE act-clnt") \ + EM(rxrpc_call_see_already_released, "SEE alrdy-rl") \ EM(rxrpc_call_see_connect_failed, "SEE con-fail") \ EM(rxrpc_call_see_connected, "SEE connect ") \ EM(rxrpc_call_see_conn_abort, "SEE conn-abt") \ + EM(rxrpc_call_see_discard, "SEE discard ") \ EM(rxrpc_call_see_disconnected, "SEE disconn ") \ EM(rxrpc_call_see_distribute_error, "SEE dist-err") \ EM(rxrpc_call_see_input, "SEE input ") \ + EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \ EM(rxrpc_call_see_release, "SEE release ") \ EM(rxrpc_call_see_userid_exists, "SEE u-exists") \ EM(rxrpc_call_see_waiting_call, "SEE q-conn ") \ diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index 226b4bf82747..a4d76f2da684 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -219,6 +219,7 @@ void rxrpc_discard_prealloc(struct rxrpc_sock *rx) tail = b->call_backlog_tail; while (CIRC_CNT(head, tail, size) > 0) { struct rxrpc_call *call = b->call_backlog[tail]; + rxrpc_see_call(call, rxrpc_call_see_discard); rcu_assign_pointer(call->socket, rx); if (rx->app_ops && rx->app_ops->discard_new_call) { diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index 86a27fb55a1c..6990e37697de 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -447,6 +447,16 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, goto try_again; } + rxrpc_see_call(call, rxrpc_call_see_recvmsg); + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_already_released); + list_del_init(&call->recvmsg_link); + spin_unlock_irq(&rx->recvmsg_lock); + release_sock(&rx->sk); + trace_rxrpc_recvmsg(call->debug_id, rxrpc_recvmsg_unqueue, 0); + rxrpc_put_call(call, rxrpc_call_put_recvmsg); + goto try_again; + } if (!(flags & MSG_PEEK)) list_del_init(&call->recvmsg_link); else @@ -470,8 +480,13 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, release_sock(&rx->sk); - if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) - BUG(); + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_already_released); + mutex_unlock(&call->user_mutex); + if (!(flags & MSG_PEEK)) + rxrpc_put_call(call, rxrpc_call_put_recvmsg); + goto try_again; + } ret = rxrpc_recvmsg_user_id(call, msg, flags); if (ret < 0)

3 months, 1 week

1
0
0 0

[PATCH net v2 1/5] rxrpc: Fix irq-disabled in local_bh_enable()

by David Howells

The rxrpc_assess_MTU_size() function calls down into the IP layer to find out the MTU size for a route. When accepting an incoming call, this is called from rxrpc_new_incoming_call() which holds interrupts disabled across the code that calls down to it. Unfortunately, the IP layer uses local_bh_enable() which, config dependent, throws a warning if IRQs are enabled: WARNING: CPU: 1 PID: 5544 at kernel/softirq.c:387 __local_bh_enable_ip+0x43/0xd0 ... RIP: 0010:__local_bh_enable_ip+0x43/0xd0 ... Call Trace: <TASK> rt_cache_route+0x7e/0xa0 rt_set_nexthop.isra.0+0x3b3/0x3f0 __mkroute_output+0x43a/0x460 ip_route_output_key_hash+0xf7/0x140 ip_route_output_flow+0x1b/0x90 rxrpc_assess_MTU_size.isra.0+0x2a0/0x590 rxrpc_new_incoming_peer+0x46/0x120 rxrpc_alloc_incoming_call+0x1b1/0x400 rxrpc_new_incoming_call+0x1da/0x5e0 rxrpc_input_packet+0x827/0x900 rxrpc_io_thread+0x403/0xb60 kthread+0x2f7/0x310 ret_from_fork+0x2a/0x230 ret_from_fork_asm+0x1a/0x30 ... hardirqs last enabled at (23): _raw_spin_unlock_irq+0x24/0x50 hardirqs last disabled at (24): _raw_read_lock_irq+0x17/0x70 softirqs last enabled at (0): copy_process+0xc61/0x2730 softirqs last disabled at (25): rt_add_uncached_list+0x3c/0x90 Fix this by moving the call to rxrpc_assess_MTU_size() out of rxrpc_init_peer() and further up the stack where it can be done without interrupts disabled. It shouldn't be a problem for rxrpc_new_incoming_call() to do it after the locks are dropped as pmtud is going to be performed by the I/O thread - and we're in the I/O thread at this point. Fixes: a2ea9a907260 ("rxrpc: Use irq-disabling spinlocks between app and I/O thread") Signed-off-by: David Howells <dhowells(a)redhat.com> Reviewed-by: Jeffrey Altman <jaltman(a)auristor.com> cc: Marc Dionne <marc.dionne(a)auristor.com> cc: Junvyyang, Tencent Zhuque Lab <zhuque(a)tencent.com> cc: LePremierHomme <kwqcheii(a)proton.me> cc: Jakub Kicinski <kuba(a)kernel.org> cc: Paolo Abeni <pabeni(a)redhat.com> cc: "David S. Miller" <davem(a)davemloft.net> cc: Eric Dumazet <edumazet(a)google.com> cc: Simon Horman <horms(a)kernel.org> cc: linux-afs(a)lists.infradead.org cc: netdev(a)vger.kernel.org cc: stable(a)vger.kernel.org --- net/rxrpc/ar-internal.h | 1 + net/rxrpc/call_accept.c | 1 + net/rxrpc/peer_object.c | 6 ++---- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index 376e33dce8c1..df1a618dbf7d 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -1383,6 +1383,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *, const struct sockaddr_rxrpc *); struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_local *local, struct sockaddr_rxrpc *srx, gfp_t gfp); +void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *peer); struct rxrpc_peer *rxrpc_alloc_peer(struct rxrpc_local *, gfp_t, enum rxrpc_peer_trace); void rxrpc_new_incoming_peer(struct rxrpc_local *local, struct rxrpc_peer *peer); diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index 49fccee1a726..226b4bf82747 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -406,6 +406,7 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, spin_unlock(&rx->incoming_lock); read_unlock_irq(&local->services_lock); + rxrpc_assess_MTU_size(local, call->peer); if (hlist_unhashed(&call->error_link)) { spin_lock_irq(&call->peer->lock); diff --git a/net/rxrpc/peer_object.c b/net/rxrpc/peer_object.c index e2f35e6c04d6..366431b0736c 100644 --- a/net/rxrpc/peer_object.c +++ b/net/rxrpc/peer_object.c @@ -149,8 +149,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_local *local, * assess the MTU size for the network interface through which this peer is * reached */ -static void rxrpc_assess_MTU_size(struct rxrpc_local *local, - struct rxrpc_peer *peer) +void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *peer) { struct net *net = local->net; struct dst_entry *dst; @@ -277,8 +276,6 @@ static void rxrpc_init_peer(struct rxrpc_local *local, struct rxrpc_peer *peer, peer->hdrsize += sizeof(struct rxrpc_wire_header); peer->max_data = peer->if_mtu - peer->hdrsize; - - rxrpc_assess_MTU_size(local, peer); } /* @@ -297,6 +294,7 @@ static struct rxrpc_peer *rxrpc_create_peer(struct rxrpc_local *local, if (peer) { memcpy(&peer->srx, srx, sizeof(*srx)); rxrpc_init_peer(local, peer, hash_key); + rxrpc_assess_MTU_size(local, peer); } _leave(" = %p", peer);

3 months, 1 week

1
0
0 0

[PATCH v2] arm64: dts: qcom: qcs615: add missing dt property in QUP SEs

by Viken Dadhaniya

Add the missing required-opps and operating-points-v2 properties to several I2C, SPI, and UART nodes in the QUP SEs. Fixes: f6746dc9e379 ("arm64: dts: qcom: qcs615: Add QUPv3 configuration") Cc: stable(a)vger.kernel.org Signed-off-by: Viken Dadhaniya <viken.dadhaniya(a)oss.qualcomm.com> --- v1 -> v2: - Added Fixes and Cc tag. v1 Link: https://lore.kernel.org/all/20250626102826.3422984-1-viken.dadhaniya@oss.qu… --- --- arch/arm64/boot/dts/qcom/qcs615.dtsi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/qcs615.dtsi b/arch/arm64/boot/dts/qcom/qcs615.dtsi index bfbb21035492..e033b53f0f0f 100644 --- a/arch/arm64/boot/dts/qcom/qcs615.dtsi +++ b/arch/arm64/boot/dts/qcom/qcs615.dtsi @@ -631,6 +631,7 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, interconnect-names = "qup-core", "qup-config"; power-domains = <&rpmhpd RPMHPD_CX>; + operating-points-v2 = <&qup_opp_table>; status = "disabled"; }; @@ -654,6 +655,7 @@ &config_noc SLAVE_QUP_0 QCOM_ICC_TAG_ALWAYS>, "qup-config", "qup-memory"; power-domains = <&rpmhpd RPMHPD_CX>; + required-opps = <&rpmhpd_opp_low_svs>; dmas = <&gpi_dma0 0 1 QCOM_GPI_I2C>, <&gpi_dma0 1 1 QCOM_GPI_I2C>; dma-names = "tx", @@ -681,6 +683,7 @@ &config_noc SLAVE_QUP_0 QCOM_ICC_TAG_ALWAYS>, "qup-config", "qup-memory"; power-domains = <&rpmhpd RPMHPD_CX>; + required-opps = <&rpmhpd_opp_low_svs>; dmas = <&gpi_dma0 0 2 QCOM_GPI_I2C>, <&gpi_dma0 1 2 QCOM_GPI_I2C>; dma-names = "tx", @@ -703,6 +706,7 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, interconnect-names = "qup-core", "qup-config"; power-domains = <&rpmhpd RPMHPD_CX>; + operating-points-v2 = <&qup_opp_table>; dmas = <&gpi_dma0 0 2 QCOM_GPI_SPI>, <&gpi_dma0 1 2 QCOM_GPI_SPI>; dma-names = "tx", @@ -728,6 +732,7 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, interconnect-names = "qup-core", "qup-config"; power-domains = <&rpmhpd RPMHPD_CX>; + operating-points-v2 = <&qup_opp_table>; status = "disabled"; }; @@ -751,6 +756,7 @@ &config_noc SLAVE_QUP_0 QCOM_ICC_TAG_ALWAYS>, "qup-config", "qup-memory"; power-domains = <&rpmhpd RPMHPD_CX>; + required-opps = <&rpmhpd_opp_low_svs>; dmas = <&gpi_dma0 0 3 QCOM_GPI_I2C>, <&gpi_dma0 1 3 QCOM_GPI_I2C>; dma-names = "tx", -- 2.34.1

3 months, 1 week

3
2
0 0

[PATCH] i2c: qup: jump out of the loop in case of timeout

by Yang Xiwen via B4 Relay

From: Yang Xiwen <forbidden405(a)outlook.com> Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c client can hang the kernel in this case and should be avoided. This is observed during a long time test with a PCA953x GPIO extender. Fix it by changing the logic to not only sets the return value, but also jumps out of the loop and return to the caller with -ETIMEDOUT. Cc: stable(a)vger.kernel.org Signed-off-by: Yang Xiwen <forbidden405(a)outlook.com> --- drivers/i2c/busses/i2c-qup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-qup.c b/drivers/i2c/busses/i2c-qup.c index 3a36d682ed57..5b053e51f4c9 100644 --- a/drivers/i2c/busses/i2c-qup.c +++ b/drivers/i2c/busses/i2c-qup.c @@ -452,8 +452,10 @@ static int qup_i2c_bus_active(struct qup_i2c_dev *qup, int len) if (!(status & I2C_STATUS_BUS_ACTIVE)) break; - if (time_after(jiffies, timeout)) + if (time_after(jiffies, timeout)) { ret = -ETIMEDOUT; + break; + } usleep_range(len, len * 2); } --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250615-qca-i2c-d41bb61aa59e Best regards, -- Yang Xiwen <forbidden405(a)outlook.com>

3 months, 1 week

4
3
0 0

Access Target Contacts from the GSX 2025 Audience

by Lena Schwekendiek

Hi , Planning to get the GSX 2025 attendee list? Expo Name: Global Security Exchange (GSX) 2025 Total Number of records: 17,000 records List includes: Company Name, Contact Name, Job Title, Mailing Address, Phone, Emails, etc. Interested in moving forward with these leads? Let me know, and I'll share the price. Can't wait for your reply Regards Lena Marketing Manager Pro Tech Insights., Please reply with REMOVE if you don't wish to receive further emails

3 months, 1 week

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror